diff --git a/enum.sh b/enum.sh index 7c6da84..479f221 100755 --- a/enum.sh +++ b/enum.sh @@ -74,8 +74,8 @@ ver(){ plugins(){ flagz=() - releases_plugins=("1003-mortgage-application 1.87" "2j-slideshow 1.3.54" "5-sterrenspecialist 1.3" "12-step-meeting-list 3.16.18" "360deg-javascript-viewer 1.7.31" "ahmeti-wp-guzel-sozler 4.0" "acl-floating-cart-for-woocommerce 0.9" "all-bootstrap-blocks 1.3.27" "aweber-wp 2.6.0" "advanced-post-slider 3.0.0" "better-comments 1.6.2" "buttons-x 0.8.6" "blizzard-quotes 1.3" "bulk-datetime-change 1.18" "crafthemes-demo-import 3.3" "cities-shipping-zones-for-woocommerce 1.3" "dhtmlxspreadsheet 2.0" "drozd-addons-for-elementor 1.1.1" "doko-box-builder 1.8" "encrypted-blog 0.0.6.6" "extra-product-options-for-woocommerce 4.3" "ellipsis-human-presence-technology 3.4.51" "featured-image-generator 1.3.3" "full-screen-menu-for-elementor 1.0.7" "guten-post-layout 1.2.6" "great-quotes 1.0.0" "html5-mp3-player-with-mp3-folder-feedburner-playlist 2.8.0" "ht-mega-for-elementor 2.8.7" "imdb-info-box 2.0" "key4ce-osticket-bridge 1.4.0" "kaya-qr-code-generator 1.6.0" "libsyn-podcasting 1.4.4" "linkedin-login 1.1.2" "marmoset-viewer 1.9.3" "multi-rating 5.0.6" "maz-loader 1.5.0" "nokia-mapsplaces 1.7.0" "one-click-plugin-updater 2.4.14" "open-rdw-kenteken-voertuiginformatie 5.3.0" "progress-bar 2.2.4" "passwords-manager 1.5.2" "pay-with-tweet 1.2.1" "picu 2.5.4" "qi-addons-for-elementor 1.8.9" "redux-framework 4.5.7" "run-time-image-resizing 1.1" "resize-at-upload-plus 1.3" "suevafree-essential-kit 1.1.4" "sg-security 1.5.7" "simple-goods 0.13" "sitemap-by-click5 1.0.42" "tags-to-meta-keywords 1.0.2" "toolbar-extras 1.4.9" "user-meta-shortcodes 0.5" "vrview 1.1.3" "video-embed-optimizer 1.0.0" "wp-better-emails 0.4" "woo-smart-quick-view 4.1.7" "widget-settings-importexport 1.5.3" "wp-easy-menu 0.41" "wordlive-livecall-addon-for-woocommerce 1.2.1" "xpert-tab 1.3" "yikes-inc-easy-mailchimp-extender 6.9.0" "zingiri-tickets 3.0.3" "zstore-manager-basic 3.311") - vulns_plugins=("2j-slideshow No.known.fix Reflected.Cross-Site.Scripting.via.'post' MEDIUM" "2j-slideshow No.known.fix Contributor+.Stored.XSS MEDIUM" "2j-slideshow No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "404-redirection-manager No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "404-redirection-manager No.known.fix CSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "1003-mortgage-application No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "1003-mortgage-application No.known.fix Missing.Authorization MEDIUM" "1003-mortgage-application No.known.fix Missing.Authorization MEDIUM" "3xsocializer No.known.fix Subscriber+.SQLi MEDIUM" "5-sterrenspecialist No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "404-to-301 3.0.6 Reflected.Cross-Site.Scripting MEDIUM" "404-to-301 3.1.2 Reflected.Cross-Site.Scripting MEDIUM" "404-to-301 3.0.9 Logs.Deletion.via.CSRF MEDIUM" "404-to-301 3.0.8 Broken.Access.Control MEDIUM" "404-to-301 3.0.2 Subscriber+.Arbitrary.Option.Update CRITICAL" "404-to-301 2.3.1 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "123-chat-videochat No.known.fix Video.Chat.<=.1.3.1.-.Unauthenticated.Stored.Cross-Site.Scripting HIGH" "123-chat-videochat 1.3.1 Admin+.Stored.XSS LOW" "12-step-meeting-list 3.16.6 Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.Content.Deletion MEDIUM" "12-step-meeting-list 3.16.6 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "12-step-meeting-list 3.14.34 Reflected.Cross-Site.Scripting MEDIUM" "12-step-meeting-list 3.14.29 Subscriber+.CSV.Download MEDIUM" "12-step-meeting-list 3.14.25 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "0mk-shortener No.known.fix Stored.XSS.via.CSRF HIGH" "0mk-shortener No.known.fix Admin+.Stored.XSS LOW" "4ecps-webforms No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "4ecps-webforms No.known.fix Admin+.Stored.XSS LOW" "123contactform-for-wordpress No.known.fix Unauthenticated.Arbitrary.Post.Creation HIGH" "123contactform-for-wordpress No.known.fix Validation.Bypass.via.Plugin.Verification MEDIUM" "123contactform-for-wordpress No.known.fix Unauthenticated.Arbitrary.File.Upload HIGH" "1-click-migration No.known.fix Unauthenticated.Information.Disclsoure MEDIUM" "1-click-migration No.known.fix Cross-Site.Request.Forgery.to.Backup.Process.Cancellation MEDIUM" "1-click-migration No.known.fix Unauthenticated.Sensitive.Information.Exposure.via.Database.Backup.in.class-ocm-backup.php MEDIUM" "5-stars-rating-funnel No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "5-stars-rating-funnel 1.3.02 Missing.Authorization MEDIUM" "5-stars-rating-funnel 1.3.02 Missing.Authorization MEDIUM" "5-stars-rating-funnel 1.2.63 Reflected.Cross-Site.Scripting MEDIUM" "5-stars-rating-funnel 1.2.53 Unauthenticated.SQLi HIGH" "5-stars-rating-funnel 1.2.54 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "1app-business-forms No.known.fix Author+.Stored.XSS MEDIUM" "3com-asesor-de-cookies No.known.fix Admin+.Stored.XSS LOW" "360deg-javascript-viewer 1.7.30 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "360deg-javascript-viewer 1.7.13 Missing.Authorization.to.Plugin.Settings.Update MEDIUM" "360deg-javascript-viewer 1.7.12 Unauthenticated.Settings.Update MEDIUM" "360deg-javascript-viewer 1.5.3 Reflected.Cross-Site.Scripting MEDIUM" "2mb-autocode 1.2.5 Reflected.Cross-Site.Scripting MEDIUM" "4-author-cheer-up-donate No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "4k-icon-fonts-for-visual-composer No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "5centscdn No.known.fix Reflected.Cross-Site.Scripting HIGH" "3d-viewer 1.3.4 Reflected.Cross-Site.Scripting MEDIUM" "3d-viewer 1.2.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "17track No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "404-error-monitor No.known.fix Cross-Site.Request.Forgery.to.Plugin.Settings.Update.via.updatePluginSettings.Function MEDIUM" "3d-photo-gallery No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "1-jquery-photo-gallery-slideshow-flash No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "8-degree-notification-bar No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "3dprint 3.5.6.9 Arbitrary.File.and.Directory.Deletion.via.CSRF HIGH" "3dprint 3.5.6.9 CSRF.to.arbitrary.file.downlad HIGH" "404s 3.5.1 Admin+.Stored.Cross-Site.Scripting LOW" "2kb-amazon-affiliates-store No.known.fix Reflected.XSS MEDIUM" "2kb-amazon-affiliates-store 2.1.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "1-decembrie-1918 No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "59sec-lite-contact-form-7-push-notifications-on-ios-and-android No.known.fix Unauthenticated.Settings.Update MEDIUM" "404-to-start No.known.fix Admin+.Stored.XSS LOW" "3dprint-lite 2.1.3.7 Authenticated.(Admin+).SQL.Injection.via.'material_text' MEDIUM" "3dprint-lite 2.1.3.7 Authenticated.(Admin+).SQL.Injection.via.'coating_text' MEDIUM" "3dprint-lite 2.1.3.7 Authenticated.(Admin+).SQL.Injection.via.'infill_text' MEDIUM" "3dprint-lite 2.1.3.7 Authenticated.(Admin+).SQL.Injection.via.'printer_text' MEDIUM" "3dprint-lite 2.1.3.6 Cross-Site.Request.Forgery MEDIUM" "3dprint-lite 2.1 Settings.Update.via.CSRF MEDIUM" "3dprint-lite 1.9.1.6 Reflected.Cross-Site.Scripting HIGH" "3dprint-lite 1.9.1.5 Unauthenticated.Arbitrary.File.Upload CRITICAL" "1-click-backup-restore-database-by-sunbytes No.known.fix Missing.Authorization MEDIUM" "5280-bootstrap-modal-contact-form No.known.fix Cross-Site.Request.Forgery.to.Bulk.Delete.Messages MEDIUM" "6storage-rentals No.known.fix Missing.Authorization MEDIUM" "1-click-close-store No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "10centmail-subscription-management-and-analytics No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "3dady-real-time-web-stats No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "99robots-header-footer-code-manager-pro 1.0.17 Reflected.Cross-Site.Scripting.via.message MEDIUM" "360-product-rotation No.known.fix Reflected.XSS MEDIUM" "360-product-rotation 1.4.8 Reflected.XSS MEDIUM" "3d-presentation No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "404page 11.4.8 Reflected.Cross-Site.Scripting MEDIUM" "3d-cover-carousel No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "360-view No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "3dvieweronline-wp 2.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "3d-avatar-user-profile No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "3d-flipbook-dflip-lite 2.3.53 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "3d-flipbook-dflip-lite 2.3.42 Reflected.Cross-Site.Scripting MEDIUM" "3d-flipbook-dflip-lite 2.2.27 Contributor+.Stored.XSS MEDIUM" "3d-flipbook-dflip-lite 2.2.27 Contributor+.Stored.XSS MEDIUM" "3d-flipbook-dflip-lite 1.7.10 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "3-word-address-validation-field 4.0.16 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "3-word-address-validation-field 4.0.0 Admin+.Sensitive.Information.Disclosure LOW" "99fy-core 1.2.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "99fy-core 1.2.8 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "2d-tag-cloud-widget-by-sujin No.known.fix Reflected.Cross-Site.Scripting.via.add_query_arg.Parameter MEDIUM" "012-ps-multi-languages No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "5-anker-connect 1.2.7 Reflected.Cross-Site.Scripting MEDIUM" "404-solution 2.35.20 Reflected.Cross-Site.Scripting MEDIUM" "404-solution 2.35.18 Missing.Authentication.to.Sensitive.Information.Exposure MEDIUM" "404-solution 2.35.8 Admin+.SQL.Injection MEDIUM" "404-solution 2.33.1 Sensitive.Information.Exposure.via.Log.File MEDIUM" "404-solution 2.35.0 Admin+.SQLi MEDIUM" "404-solution 2.33.1 Sensitive.Information.Exposure MEDIUM" "10to8-online-booking 1.1.0 Contributor+.Stored.XSS MEDIUM" "ahmeti-wp-guzel-sozler No.known.fix Cross-Site.Request.Forgery MEDIUM" "aweber-wp 2.5.8 Reflected.Cross-Site.Scripting MEDIUM" "academist-membership 1.2 Authentication.Bypass CRITICAL" "anyguide No.known.fix Cross-Site.Request.Forgery MEDIUM" "acl-floating-cart-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "add-linked-images-to-gallery-v01 No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "autolisticle-automatically-update-numbered-list-articles 1.2.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "are-you-robot-recaptcha No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "another-events-calendar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "advanced-flamingo No.known.fix Cross-Site.Request.Forgery MEDIUM" "aprils-call-posts No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "aphorismus No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ajax-bootmodal-login No.known.fix Captcha.Reuse MEDIUM" "archive-page 1.0.3 Contributor+.Stored.XSS MEDIUM" "autoptimize 3.1.7 Admin+.Stored.Cross-Site.Scripting.via.Settings.Import LOW" "autoptimize 3.1.0 Sensitive.Data.Disclosure MEDIUM" "autoptimize 3.1.1 Admin+.Stored.Cross.Site.Scripting LOW" "autoptimize 2.8.4 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "autoptimize 2.7.8 Authenticated.Stored.XSS.via.File.Upload MEDIUM" "autoptimize 2.7.8 Race.Condition.leading.to.RCE CRITICAL" "autoptimize 2.7.8 Arbitrary.File.Upload.via."Import.Settings" CRITICAL" "autoptimize 2.7.7 Authenticated.Arbitrary.File.Upload MEDIUM" "all-in-one-video-gallery 3.8.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Video.Shortcode MEDIUM" "all-in-one-video-gallery 3.7.0 Authenticated.(Contributor+).Local.File.Inclusion.via.aiovg_search_form.Shortcode HIGH" "all-in-one-video-gallery 3.6.5 Contributor+.Arbitrary.File.Upload.via.featured.image HIGH" "all-in-one-video-gallery 3.6.0 Missing.Authorization MEDIUM" "all-in-one-video-gallery 3.4.3 Reflected.Cross-Site.Scripting MEDIUM" "all-in-one-video-gallery 2.6.1 2.6.0.-.Unauthenticated.Arbitrary.File.Download.&.SSRF HIGH" "all-in-one-video-gallery 2.5.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "all-in-one-video-gallery 2.5.0 Admin+.Local.File.Inclusion LOW" "autoship-cloud 2.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "autoship-cloud 2.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "arscode-ninja-popups No.known.fix Unauthenticated.Open.Redirect MEDIUM" "all-bootstrap-blocks 1.3.27 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "all-bootstrap-blocks 1.3.20 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "all-bootstrap-blocks 1.3.20 Contributor+.Stored.XSS MEDIUM" "all-bootstrap-blocks 1.3.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "all-bootstrap-blocks 1.3.7 Cross-Site.Request.Forgery MEDIUM" "admin-notices-manager 1.5.0 Missing.Authorization.to.Authenticated.(Subscriber+).User.Email.Retrieval MEDIUM" "aec-kiosque 1.9.4 Reflected.Cross-Site.Scripting MEDIUM" "advanced-uploader No.known.fix Subscriber+.Arbitrary.File.Upload CRITICAL" "amazing-service-box-visual-composer-addons No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "auto-location-for-wp-job-manager 1.1 Admin+.Cross.Site.Scripting LOW" "albumreviewer No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "alley-elementor-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "add-tiktok-advertising-pixel 1.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "accept-sagepay-payments-using-contact-form-7 2.1 Unauthenticated.Information.Exposure MEDIUM" "apimo No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "api-bearer-auth 20190908 Unauthenticated.Reflected.XSS MEDIUM" "advanced-sermons 3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-sermons 3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-sermons 3.2 Reflected.Cross-Site.Scripting.via.s MEDIUM" "advanced-sermons 3.3 Reflected.Cross-Site.Scripting MEDIUM" "asgaros-forum No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "asgaros-forum 3.1.0 Subscriber+.Authorization.Bypass MEDIUM" "asgaros-forum 2.9.0 Cross-Site.Request.Forgery MEDIUM" "asgaros-forum 2.8.0 Unauthenticated.PHP.Object.Injection.in.prepare_unread_status CRITICAL" "asgaros-forum 2.7.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "asgaros-forum 2.2.0 Cross-Site.Request.Forgery MEDIUM" "asgaros-forum 2.0.0 Subscriber+.Blind.SQL.Injection HIGH" "asgaros-forum 1.15.15 Admin+.SQL.Injection.via.forum_id MEDIUM" "asgaros-forum 1.15.14 Admin+.Stored.Cross-Site.Scripting LOW" "asgaros-forum 1.15.13 Unauthenticated.SQL.Injection HIGH" "akismet-htaccess-writer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "acf-on-the-go No.known.fix .Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Content.Update MEDIUM" "auto-delete-posts No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "am-hili-affiliate-manager-for-publishers No.known.fix Admin+.Stored.XSS LOW" "ablocks 1.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "anywhere-elementor 1.2.12 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "anywhere-elementor 1.2.8 Reflected.Cross-Site.Scripting MEDIUM" "anywhere-elementor 1.2.8 Freemius.API.Key.Disclosure MEDIUM" "anywhere-elementor 1.2.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "about-author-box 1.0.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "advance-post-prefix No.known.fix Reflected.XSS HIGH" "advance-post-prefix No.known.fix Reflected.XSS HIGH" "advance-post-prefix No.known.fix Admin+.SQL.Injection MEDIUM" "affiliate-pro No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "amin-chat-button 1.4.2 Stored.XSS.via.CSRF HIGH" "auto-install-free-ssl 3.6.0 Reflected.Cross-Site.Scripting MEDIUM" "advanced-cron-manager-pro 2.5.3 Subscriber+.Arbitrary.Events/Schedules.Creation/Deletion MEDIUM" "awsa-shipping No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "adblock-notify-by-bweb No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "adblock-notify-by-bweb No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "adblock-notify-by-bweb No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "addon-elements-for-elementor-page-builder 1.14 Contributor+.Sensitive.Information.Disclosure LOW" "addon-elements-for-elementor-page-builder 1.13.9 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.table_saved_sections MEDIUM" "addon-elements-for-elementor-page-builder 1.13.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addon-elements-for-elementor-page-builder 1.13.7 Missing.Authorization MEDIUM" "addon-elements-for-elementor-page-builder 1.13.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "addon-elements-for-elementor-page-builder 1.13.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.and.eae_slider_animation.Parameters MEDIUM" "addon-elements-for-elementor-page-builder 1.13.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addon-elements-for-elementor-page-builder 1.13.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addon-elements-for-elementor-page-builder 1.13.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Twitter.Widget MEDIUM" "addon-elements-for-elementor-page-builder 1.13.4 Contributor+.Stored.XSS MEDIUM" "addon-elements-for-elementor-page-builder 1.13.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addon-elements-for-elementor-page-builder 1.13.3 Contributor+.DOM-Based.Stored.XSS MEDIUM" "addon-elements-for-elementor-page-builder 1.13.2 Contributor+.Stored.XSS MEDIUM" "addon-elements-for-elementor-page-builder 1.12.11 Contributor+.Stored.XSS MEDIUM" "addon-elements-for-elementor-page-builder 1.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Content.Switcher.Widget MEDIUM" "addon-elements-for-elementor-page-builder 1.13 Contributor+.to.LFI HIGH" "addon-elements-for-elementor-page-builder 1.13 Contributor+.Stored.XSS MEDIUM" "addon-elements-for-elementor-page-builder 1.13 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Modal.Popup.effet MEDIUM" "addon-elements-for-elementor-page-builder 1.13 Contributor+.Stored.XSS MEDIUM" "addon-elements-for-elementor-page-builder 1.12.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addon-elements-for-elementor-page-builder 1.12.8 Elementor.Addon.Element.Enabling/Disabling.via.CSRF MEDIUM" "addon-elements-for-elementor-page-builder 1.12.8 Admin+.Stored.XSS LOW" "addon-elements-for-elementor-page-builder 1.12.8 Settings.Update.via.CSRF MEDIUM" "addon-elements-for-elementor-page-builder 1.12.8 Unauthenticated.Post.ID/Tile.Disclosure MEDIUM" "addon-elements-for-elementor-page-builder 1.12 Reflected.Cross-Site.Scripting MEDIUM" "addon-elements-for-elementor-page-builder 1.11.14 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "addon-elements-for-elementor-page-builder 1.11.8 CSRF.Bypass LOW" "addon-elements-for-elementor-page-builder 1.11.2 Contributor+.Stored.XSS MEDIUM" "addon-elements-for-elementor-page-builder 1.6.4 CSRF.&.XSS LOW" "awesome-event-booking 2.8.5 Reflected.Cross-Site.Scripting MEDIUM" "awesome-event-booking 2.7.5 Missing.Authorization MEDIUM" "awesome-event-booking 2.8.0 Cross-Site.Request.Forgery MEDIUM" "awesome-event-booking 2.7.2 Reflected.Cross-Site.Scripting MEDIUM" "alphaomega-captcha-anti-spam No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ai-preloader No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "automizy-gravity-forms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "automizy-gravity-forms No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "add-hierarchy-parent-to-post 3.13 Reflected.Cross-Site.Scripting MEDIUM" "animated-counters No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "animated-counters 1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "amministrazione-trasparente 8.0.5 Admin+.Stored.XSS LOW" "amministrazione-trasparente 7.1.1 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "amministrazione-trasparente 7.1.1 Cross-Site.Request.Forgery HIGH" "ajax-add-to-cart-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ajax-add-to-cart-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "alma-gateway-for-woocommerce 5.2.1 Contributor+.Stored.XSS MEDIUM" "auphonic-importer No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "acf-frontend-form-element 3.25.18 Reflected.Cross-Site.Scripting MEDIUM" "acf-frontend-form-element 3.25.2 Unauthenticated.SQL.Injection MEDIUM" "acf-frontend-form-element 3.25.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "acf-frontend-form-element 3.25.1 Unauthenticated.Privilege.Escalation HIGH" "acf-frontend-form-element 3.19.5 Improper.Missing.Encryption.Exception.Handling.to.Form.Manipulation CRITICAL" "acf-frontend-form-element 3.18.4 Unauthenticated.Arbitrary.File.Upload CRITICAL" "acf-frontend-form-element 3.8.0 Reflected.Cross-Site.Scripting MEDIUM" "acf-frontend-form-element 3.3.33 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "abwp-simple-counter No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "accessibility-widget 2.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "azw-woocommerce-file-uploads No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "azw-woocommerce-file-uploads No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "audio-album 1.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "authentication-via-otp-using-firebase No.known.fix Missing.Authorization.to.Privilege.Escalation CRITICAL" "aicomments 1.4.2 Cross-Site.Request.Forgery MEDIUM" "admin-quick-panel No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "admin-quick-panel 1.2.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "activitytime 1.1.2 Reflected.Cross-Site.Scripting MEDIUM" "activitytime 1.1.0 Unauthenticated.SQL.Injection HIGH" "activitytime 1.0.9 Unauthenticated.SQL.injection HIGH" "activitytime 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ays-chatgpt-assistant 2.1.0 Unauthenticated.AJAX.Calls MEDIUM" "ays-chatgpt-assistant 2.1.0 Unauthenticated.OpenAI.Key.Disclosure HIGH" "alley-business-toolkit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "alley-business-toolkit 2.0.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advanced-video-player-with-analytics No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "accordion-shortcodes No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "azurecurve-floating-featured-image No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "additional-product-fields-for-woocommerce 1.2.134 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "additional-product-fields-for-woocommerce 1.2.105 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "apollo13-framework-extensions 1.9.4 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "apollo13-framework-extensions 1.9.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "apollo13-framework-extensions 1.9.2 Cross-Site.Request.Forgery MEDIUM" "apollo13-framework-extensions 1.9.1 Contributor+.Stored.XSS MEDIUM" "apollo13-framework-extensions 1.9.0 Missing.Authorization MEDIUM" "add-expires-headers 2.8.0 Reflected.Cross-Site.Scripting MEDIUM" "add-expires-headers 2.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ahathat No.known.fix Cross-Site.Request.Forgery.to.AHA.Page.Deletion MEDIUM" "ahathat No.known.fix Authenticated.(Administrator+).SQL.Injection.via.id.Parameter MEDIUM" "ahathat No.known.fix Reflected.XSS.via.REQUEST_URI MEDIUM" "ahathat No.known.fix Admin+.SQL.Injection MEDIUM" "admission-appmanager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ajax-filter-posts 3.4.13 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "ajax-filter-posts No.known.fix Missing.Authorization.to.Unauthenticated.Local.PHP.File.Inclusion CRITICAL" "ajax-filter-posts 3.4.11 Reflected.Cross-Site.Scripting MEDIUM" "ajax-filter-posts 3.4.12 Contributor+.Stored.XSS MEDIUM" "ajax-filter-posts 3.4.8 Missing.Authorization MEDIUM" "accesspress-facebook-auto-post 2.1.4 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "apptivo-business-site No.known.fix Missing.Authorization.to.Arbitrary.Content.Deletion MEDIUM" "apptivo-business-site No.known.fix Cross-Site.Request.Forgery.to.IP.Address.Block MEDIUM" "apptivo-business-site 3.0.14 Admin+.Stored.XSS LOW" "anycomment 0.0.99 Reflected.Cross-Site.Scripting MEDIUM" "anycomment 0.2.18 Comment.Rating.Increase/Decrease.via.Race.Condition LOW" "anycomment 0.2.18 Arbitrary.HyperComments.Import/Revert.via.CSRF MEDIUM" "anycomment 0.3.5 Open.Redirect MEDIUM" "anycomment 0.0.33 XSS MEDIUM" "aawp 3.12.3 Unsafe.URL.Handling MEDIUM" "aawp 3.17.1 Reflected.Cross-Site.Scripting MEDIUM" "ad-blocking-detector No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ai-contact-us No.known.fix Admin+.Stored.XSS LOW" "ad-swapper No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "acf-google-font-selector-field No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "awesome-gallery-singsys No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "advanced-testimonial-carousel-for-elementor 3.0.1 Missing.Authorization MEDIUM" "apppresser 4.4.11 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "apppresser 4.4.7 Unauthenticated.Privilege.Escalation.via.Password.Reset CRITICAL" "apppresser 4.4.5 Privilege.Escalation.and.Account.Takeover.via.Weak.OTP HIGH" "apppresser 4.4.0 Improper.Missing.Encryption.Exception.Handling.to.Authentication.Bypass HIGH" "apppresser 4.3.1 Missing.Authorization MEDIUM" "apppresser 4.3.1 Cross-Site.Request.Forgery.via.force_logging_off() MEDIUM" "apppresser 4.3.1 Cross-Site.Request.Forgery.via.toggle_logging_callback() MEDIUM" "apppresser 4.3.0 Insecure.Password.Reset.Mechanism HIGH" "amazonify No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "amazonify No.known.fix Cross-Site.Request.Forgery.to.Amazon.Tracking.ID.Update MEDIUM" "admin-menu No.known.fix Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "advanced-post-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "admin-site-enhancements 7.6.10 Password.Protection.Bypass MEDIUM" "admin-site-enhancements 7.6.10 Limit.Login.Attempt.Bypass.via.IP.Spoofing MEDIUM" "admin-site-enhancements 7.6.3 Subscriber+.Privilege.Escalation HIGH" "admin-site-enhancements 7.6.3 Missing.Authorization LOW" "admin-site-enhancements 7.5.2 Authenticated.Stored.Cross-Site.Scripting.via.SVG MEDIUM" "admin-site-enhancements 5.8.0 Password.Protection.Mode.Security.Feature.Bypass HIGH" "automatic-pages-for-privacy-policy-terms-about-and-contact 1.42 Reflected.Cross-Site.Scripting MEDIUM" "arconix-faq No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "arconix-faq 1.9.5 Missing.Authorization MEDIUM" "arconix-faq 1.9.4 Missing.Authorization.to.Notice.Dismissal MEDIUM" "ab-google-map-travel No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "absolute-links No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "admin-trim-interface No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "akismet 3.1.5 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "all-images-ai 1.0.5 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "all-in-one-seo-pack-pro 4.2.6 Admin+.SSRF LOW" "accesspress-anonymous-post-pro 3.2.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "ajax-random-post No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "attachment-file-icons No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "advance-wc-analytics 3.4.0 Reflected.Cross-Site.Scripting MEDIUM" "advance-wc-analytics 3.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "artplacer-widget 2.21.2 Subscriber+.Arbitrary.Widget.Deletion MEDIUM" "artplacer-widget 2.21.2 Stored.XSS.via.CSRF HIGH" "artplacer-widget 2.20.7 Editor+.SQLi MEDIUM" "alter No.known.fix Cross-Site.Request.Forgery MEDIUM" "autopilot 1.0.21 Reflected.Cross-Site.Scripting MEDIUM" "accessibe 2.6 Reflected.Cross-Site.Scripting MEDIUM" "advanced-coupons-for-woocommerce-free 4.5.0.1 Notice.Dismiss.via.CSRF MEDIUM" "autocomplete-location-field-contact-form-7-pro 2.0 Admin+.Store.Cross-Site.Scripting LOW" "alloggio-membership 1.2 Authentication.Bypass CRITICAL" "arkhe-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "arkhe-blocks 2.27.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.block.attributes MEDIUM" "arkhe-blocks 2.27.0 Contributor+.Stored.XSS MEDIUM" "arkhe-blocks 2.23.0 Contributor+.Stored.XSS MEDIUM" "automated-editor No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "admin-log No.known.fix CSRF MEDIUM" "admin-and-client-message-after-order-for-woocommerce 13.3 Authenticated.(Subscriber+).Limited.File.Upload.to.Cross-Site.Scripting MEDIUM" "admin-and-client-message-after-order-for-woocommerce 12.5 Missing.Authorization.to.Arbitrary.File.Upload CRITICAL" "all-in-one-video-downloader No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "all-in-one-video-downloader No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "accordion-image-menu No.known.fix Stored.XSS.via.CSRF HIGH" "albo-pretorio-on-line No.known.fix Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "albo-pretorio-on-line No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "albo-pretorio-on-line 4.6.4 Reflected.XSS HIGH" "albo-pretorio-on-line 4.6.2 Reflected.XSS HIGH" "albo-pretorio-on-line 4.6.1 Reflected.XSS HIGH" "armember 6.7.1 Cross-Site.Request.Forgery.via.multiple.functions MEDIUM" "armember 5.6 Unauthenticated.Privilege.Escalation CRITICAL" "audio-video-download-buttons-for-youtube 1.04 Reflected.Cross-Site.Scripting MEDIUM" "accesspress-social-login-lite 3.4.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "advanced-css3-related-posts-widget No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "awesome-tool-tip No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "admin-site-enhancements-pro 7.6.3 Subscriber+.Privilege.Escalation HIGH" "admin-site-enhancements-pro 7.6.3 Missing.Authorization MEDIUM" "ai-responsive-gallery-album No.known.fix Missing.Authorization MEDIUM" "ai-responsive-gallery-album No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "advanced-accordion-block 5.0.3 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "apus-framework No.known.fix Authenticated.(Subscriber+).Arbitrary.Options.Update.in.import_page_options HIGH" "af-companion 1.2.0 1.1.2.-.Arbitrary.Plugin.Installation.&.Activation.via.CSRF HIGH" "addon-library No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "asgard No.known.fix Reflected.XSS HIGH" "add-comments No.known.fix Admin+.Stored.XSS LOW" "acf-city-selector No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "acf-city-selector 1.15.0 Authenticated.(Admin+).Arbitrary.File.Upload HIGH" "add-social-share-buttons 1.1 CSRF.to.Settings.Change MEDIUM" "advanced-classifieds-and-directory-pro 3.2.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "advanced-classifieds-and-directory-pro 3.1.2 Missing.Authorization.to.Arbitrary.Attachment.Deletion MEDIUM" "advanced-classifieds-and-directory-pro 2.1.2 Reflected.Cross-Site.Scripting MEDIUM" "advanced-classifieds-and-directory-pro 1.8.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advanced-classifieds-and-directory-pro 1.6.3 Subscriber+.Arbitrary.Option.Update CRITICAL" "advanced-admin-search 1.1.6 Reflected.Cross-Site.Scripting MEDIUM" "advanced-page-visit-counter No.known.fix Authenticated.(Administrator+).SQL.Injection CRITICAL" "advanced-page-visit-counter No.known.fix Admin+.Stored.XSS LOW" "advanced-page-visit-counter No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-page-visit-counter 8.0.1 Contributor+.SQLi MEDIUM" "advanced-page-visit-counter 7.1.1 Reflected.Cross-Site.Scripting MEDIUM" "advanced-page-visit-counter 6.1.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "advanced-page-visit-counter 6.1.6 Subscriber+.Blind.SQL.injection HIGH" "advanced-page-visit-counter 6.0.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "animated-fullscreen-menu 2.2.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "amp-plus No.known.fix Reflected.Cross.Site.Scripting HIGH" "antispam-bee 2.11.4 IP.Address.Spoofing.via.get_client_ip MEDIUM" "ajax-comment-form-cst No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "advanced-data-table-for-elementor 1.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-form-integration 1.100.0 Admin+.Stored.XSS LOW" "advanced-form-integration 1.100.0 Admin+.Stored.XSS LOW" "advanced-form-integration 1.97.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "advanced-form-integration 1.92.1 Reflected.Cross-Site.Scripting MEDIUM" "advanced-form-integration 1.89.6 Cross-Site.Request.Forgery MEDIUM" "advanced-form-integration 1.82.6 SQL.Injection.to.Reflected.Cross-Site.Scripting.via.integration_id MEDIUM" "advanced-form-integration 1.76.0 Authenticated(Administrator+).SQL.Injection MEDIUM" "advanced-form-integration 1.69.1 Reflected.Cross-Site.Scripting MEDIUM" "advanced-form-integration 1.63.0 Admin+.Stored.XSS LOW" "advanced-form-integration 1.49.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "adaptive-images 0.6.69 Reflected.Cross-Site.Scripting MEDIUM" "adaptive-images 0.6.67 Local.File.Inclusion.&.Deletion HIGH" "audio-player-with-playlist-ultimate 1.3 Contributor+.Stored.XSS MEDIUM" "advanced-forms 1.9.3.3 Missing.Authorization.to.Unauthenticated.Form.Settings.Export MEDIUM" "advanced-forms 1.6.9 Subscriber+.Arbitrary.User.Email.Address.Update.via.IDOR HIGH" "ai-content-generation 1.2.6 Missing.Authorization MEDIUM" "adverts-click-tracker No.known.fix Missing.Authorization MEDIUM" "aggregator-advanced-settings No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "ameliabooking 1.2.20 Unauthenticated.Full.Path.Disclosure MEDIUM" "ameliabooking 1.2.17 Unauthenticated.Insecure.Direct.Object.Reference MEDIUM" "ameliabooking 1.2.5 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "ameliabooking No.known.fix Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "ameliabooking 1.2.1 Unauthenticated.Full.Path.Disclosure MEDIUM" "ameliabooking 1.1.6 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "ameliabooking 1.0.96 Cross-Site.Request.Forgery MEDIUM" "ameliabooking 1.0.99 Reflected.Cross-Site.Scripting MEDIUM" "ameliabooking 1.0.94 Contributor+.Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "ameliabooking 1.0.99 Missing.Authorization MEDIUM" "ameliabooking 1.0.86 Contributor+.Stored.XSS MEDIUM" "ameliabooking 1.0.76 Reflected.XSS HIGH" "ameliabooking 1.0.49 Customer+.Arbitrary.Appointments.Status.Update MEDIUM" "ameliabooking 1.0.48 Customer+.SMS.Service.Abuse.and.Sensitive.Data.Disclosure MEDIUM" "ameliabooking 1.0.47 Unauthenticated.Stored.XSS.via.lastName HIGH" "ameliabooking 1.0.47 Customer+.Arbitrary.Appointments.Update.and.Sensitive.Data.Disclosure HIGH" "ameliabooking 1.0.46 Manager+.RCE MEDIUM" "ameliabooking 1.0.46 Reflected.Cross-Site.Scripting MEDIUM" "ameliabooking 1.0.46 Arbitrary.Customer.Deletion.via.CSRF MEDIUM" "axeptio-sdk-integration 2.5.5 Unauthenticated.Local.File.Inclusion CRITICAL" "addify-custom-registration-forms-builder 1.0.2 Multiple.CSRF MEDIUM" "advanced-cron-manager 2.5.10 Missing.Authorization MEDIUM" "advanced-cron-manager 2.5.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "advanced-cron-manager 2.5.7 Admin+.Stored.XSS LOW" "advanced-cron-manager 2.4.2 Subscriber+.Arbitrary.Events/Schedules.Creation/Deletion MEDIUM" "animate No.known.fix Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "age-gate 3.6.0 Missing.Authorization MEDIUM" "age-gate 3.5.4 Unauthenticated.Local.PHP.File.Inclusion.via.'lang' CRITICAL" "age-gate 2.17.1 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "age-gate 2.20.4 Reflected.Cross-Site.Scripting MEDIUM" "age-gate 2.17.1 Unauthenticated.Import.Settings CRITICAL" "age-gate 2.16.4 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "age-gate 2.13.5 Unauthenticated.Open.Redirect LOW" "acf-to-rest-api 3.3.0 Unauthenticated.Arbitrary.wp_options.Disclosure MEDIUM" "algori-pdf-viewer 1.0.8 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "add-actions-and-filters No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "add-actions-and-filters 2.10 Reflected.XSS HIGH" "add-actions-and-filters 2.10 Settings.Update.via.CSRF MEDIUM" "add-actions-and-filters No.known.fix Admin+.Stored.XSS MEDIUM" "advanced-advertising-system No.known.fix Open.Redirect MEDIUM" "advanced-advertising-system No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "admin-sms-alert No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross.Site.Scripting MEDIUM" "athemes-starter-sites 1.0.54 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "aiify 0.1.0 Reflected.Cross-Site.Scripting MEDIUM" "accessibility-checker 1.2.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "admin-speedo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "awesome-wp-image-gallery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "adfoxly No.known.fix Missing.Authorization.to.Unauthenticated.Ad.Status.Update MEDIUM" "adfoxly No.known.fix Missing.Authorization.to.Unauthenticated.Ad.Status.Update MEDIUM" "adfoxly No.known.fix Cross-Site.Request.Forgery MEDIUM" "adfoxly No.known.fix Reflected.XSS HIGH" "adfoxly 1.7.91 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "admin-post-navigation No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "amz-configurator-core No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "activity-reactions-for-buddypress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "addon-sweetalert-contact-form-7 1.0.8 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "ai-image-alt-text-generator-for-wp No.known.fix Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "ai-image-alt-text-generator-for-wp No.known.fix Missing.Authorization MEDIUM" "ai-image-alt-text-generator-for-wp 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "authorizenet-payment-gateway-for-woocommerce No.known.fix Insufficient.Verification.of.Data.Authenticity.to.Unauthenticated.Payment.Bypass MEDIUM" "atomchat No.known.fix Missing.Authorization MEDIUM" "atomchat No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "atomchat 1.1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.atomchat.Shortcode MEDIUM" "atomchat 1.1.5 Unauthenticated.Credits.Update MEDIUM" "arprice No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "arprice 4.2 Unauthenticated.PHP.Object.Injection HIGH" "arprice 4.2 Subscriber+.PHP.Object.Injection HIGH" "arprice 4.2 Unauthenticated.SQL.Injection HIGH" "arprice 4.2 Subscriber+.SQLi HIGH" "arprice 4.2 Reflected.Cross-Site.Scripting HIGH" "awsm-team 1.3.2 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "ask-me-anything-anonymously No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-category-template No.known.fix Cross-Site.Request.Forgery MEDIUM" "advanced-category-template No.known.fix Reflected.XSS HIGH" "affiliate-coupons 1.7.4 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "ai-mojo 0.2.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "atarim-visual-collaboration 4.1.1 Reflected.Cross-Site.Scripting MEDIUM" "atarim-visual-collaboration 4.0.9 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "atarim-visual-collaboration 4.1.0 Missing.Authorization.to.Authenticated.(Subscriber+).Project.Page/File.Deletion MEDIUM" "atarim-visual-collaboration 4.0.2 Missing.Authorization.via.remove_feedbacktool_notice() MEDIUM" "atarim-visual-collaboration 4.0.3 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "atarim-visual-collaboration 4.0.1 Missing.Authorization MEDIUM" "atarim-visual-collaboration 3.32 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "atarim-visual-collaboration 3.31 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "atarim-visual-collaboration 3.30 Unauthenticated.Settings.Update,.Post.Deletion.etc HIGH" "atarim-visual-collaboration 3.13 Unauthenticated.Stored.XSS HIGH" "atarim-visual-collaboration 3.9.4 Admin+.Stored.XSS LOW" "advance-search No.known.fix Admin+.SQL.Injection MEDIUM" "advance-search No.known.fix Shortcode.Deletion.via.CSRF MEDIUM" "advance-search 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "admin-dashboard-rss-feed 3.4 Administrator+.Stored.XSS LOW" "anfrageformular No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "auto-post-woocommerce-products No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "agendapress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "agendapress 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "agendapress 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advanced-import 1.3.8 Arbitrary.Plugin.Installation.&.Activation.via.CSRF HIGH" "all-users-messenger No.known.fix Subscriber+.Message.Deletion.via.IDOR MEDIUM" "attribute-stock-for-woocommerce 1.3.0 Reflected.Cross-Site.Scripting MEDIUM" "ari-fancy-lightbox 1.3.18 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "ari-fancy-lightbox 1.3.9 Reflected.Cross-Site.Scripting MEDIUM" "admin-page-framework 3.9.0 Folders.Disclosure.via.Outdated.jQueryFileTree.Library MEDIUM" "all-in-one-wp-migration-gdrive-extension 2.80 Unauthenticated.Access.Token.Update MEDIUM" "a3-portfolio 3.1.1 Author+.Stored.XSS MEDIUM" "adsense-privacy-policy No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "add-whatsapp-button 2.1.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "affiliatex 1.2.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "as-english-admin No.known.fix Open.Redirection MEDIUM" "author-slug No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "affiliate-power 2.3.0 Reflected.Cross-Site.Scripting HIGH" "ai-image-generator 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "accordions-wp 2.7 Authenticated.(Editor+).Stored.Cross-Site.Scripting.via.accordion.settings MEDIUM" "accordions-wp 2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "any-hostname No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "appointy-appointment-scheduler No.known.fix Cross-Site.Request.Forgery.to.Settings.Change MEDIUM" "anonymize-links No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "admin-side-data-storage-for-contact-form-7 No.known.fix Missing.Authorization.to.Unauthenticated.Read.Status.Update MEDIUM" "admin-side-data-storage-for-contact-form-7 No.known.fix Cross-Site.Request.Forgery MEDIUM" "admin-side-data-storage-for-contact-form-7 No.known.fix Authenticated.(Admin+).SQL.Injection HIGH" "admin-side-data-storage-for-contact-form-7 No.known.fix Missing.Authorization.to.Unauthenticated.Bookmark.Status.Alteration MEDIUM" "admin-side-data-storage-for-contact-form-7 No.known.fix Unauthenticated.Reflected.XSS HIGH" "all-in-one-facebook-like-widget 2.2.8 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "amazing-hover-effects No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "archives-calendar-widget No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "auto-tag-links No.known.fix Cross-Site.Request.Forgery MEDIUM" "auto-rename-media-on-upload 1.1.0 Admin+.Stored.XSS LOW" "animate-everything No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "animate-everything No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "animate-everything No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "artificial-intelligence-auto-content-generator 3.0.0 Reflected.Cross-Site.Scripting MEDIUM" "automatic-post-categories No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "automatic-post-categories No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "allow-svg 1.2.0 Author+.Stored.XSS.via.SVG MEDIUM" "all-404-pages-redirect-to-homepage 2.0 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "ad-inserter 2.8.1 Ad.Manager.and.AdSense.Ads..<.2.8.1.-.Reflected.Cross-Site.Scripting MEDIUM" "ad-inserter 2.7.38 Reflected.Cross-Site.Scripting MEDIUM" "ad-inserter 2.7.31 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "ad-inserter 2.7.31 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "ad-inserter 2.7.27 Admin+.PHP.Object.Injection LOW" "ad-inserter 2.7.12 Reflected.Cross-Site.Scripting LOW" "ad-inserter 2.7.11 Admin+.RCE./.Stored.XSS MEDIUM" "ad-inserter 2.7.10 Reflected.Cross-Site.Scripting MEDIUM" "ad-inserter 2.4.22 Authenticated.Remote.Code.Execution HIGH" "ad-inserter 2.4.20 Authenticated.Path.Traversal HIGH" "ad-inserter 1.5.6 Authenticated.Cross-Site.Scripting.(XSS) HIGH" "add-custom-page-template No.known.fix Authenticated.(Administrator+).PHP.Code.Injection.to.Remote.Code.Execution HIGH" "amtythumb No.known.fix Subscriber+.SQLi HIGH" "addify-product-labels-and-stickers 1.1.0 Multiple.CSRF MEDIUM" "ajax-pagination No.known.fix wp-admin/admin-ajax.php.loop.Parameter.Local.File.Inclusion HIGH" "automatic-youtube-video-posts No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "alfred-click-collect No.known.fix Admin+.Stored.XSS LOW" "avectra-netforum-single-sign-on No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "avectra-netforum-single-sign-on 1.3.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "accordions-or-faqs No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "accordions-or-faqs 2.3.1 Admin+.Stored.XSS LOW" "accordions-or-faqs 2.1.0 Authenticated.Arbitrary.Options.Update MEDIUM" "accordions-or-faqs 2.1.0 Admin+.Stored.XSS LOW" "accordions-or-faqs 2.0.3 Unauthenticated.Arbitrary.Options.Update CRITICAL" "achilles-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "amty-thumb-recent-post No.known.fix Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "adthrive-ads 3.7.4 Reflected.Cross-Site.Scripting HIGH" "adthrive-ads 3.7.1 Reflected.Cross-Site.Scripting MEDIUM" "adthrive-ads 3.7.1 Missing.Authorization.to.Unauthenticated.Data/Settings.Reset MEDIUM" "annie No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "annie No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-custom-fields 6.3.6.3 Admin+.Remote.Code.Execution MEDIUM" "advanced-custom-fields 6.3.9 Admin+.Remote.Code.Execution MEDIUM" "advanced-custom-fields 6.3.6.3 Admin+.Stored.XSS LOW" "advanced-custom-fields 6.3.9 Admin+.Stored.XSS LOW" "advanced-custom-fields 6.3 Contributor+.Custom.Field.Access LOW" "advanced-custom-fields 6.2.5 Contributor+.Stored.Cross-Site.Scripting.via.Custom.Field MEDIUM" "advanced-custom-fields 6.1.6 Reflected.XSS HIGH" "advanced-custom-fields 6.1.0 Contributor+.PHP.Object.Injection MEDIUM" "advanced-custom-fields 5.12.5 Contributor+.PHP.Object.Injection MEDIUM" "advanced-custom-fields 5.12.3 Unauthenticated.File.Upload MEDIUM" "advanced-custom-fields 5.12.1 Contributor+.Database.Information.Access MEDIUM" "advanced-custom-fields 5.11 Subscriber+.Arbitrary.ACF.Data/Field.Groups.View.and.Fields.Move MEDIUM" "advanced-custom-fields 5.8.12 Cross-Site.Scripting.in.Select2.dropdowns MEDIUM" "advanced-custom-fields 5.7.12 Unserialize.of.user.input MEDIUM" "adl-team No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "addify-custom-fields-for-woocommerce 1.0.4 Multiple.CSRF MEDIUM" "aa-audio-player No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "add-to-header No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "accordion-slider 1.9.13 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "accordion-slider 1.9.12 Authenticted.(Contributor+).Stored.Cross-Site.Scripting.via.HTML.Attribute MEDIUM" "abcsubmit No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "aba-payway-woocommerce-payment-gateway No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "arca-payment-gateway 1.3.4 Stored.XSS.via.CSRF HIGH" "artibot No.known.fix Authenticated.(Admin+).Cross-Site.Scripting MEDIUM" "artibot No.known.fix Missing.Authorization.to.Settings.Update MEDIUM" "a-gateway-for-pasargad-bank-on-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "arrow-twitter-feed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "anytrack-affiliate-link-manager No.known.fix Missing.Authorization MEDIUM" "awesome-filterable-portfolio No.known.fix Unauthenticated.Settings.Update MEDIUM" "awesome-filterable-portfolio No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "awesome-filterable-portfolio 1.9 Authenticated.Blind.SQL.Injection HIGH" "auto-terms-of-service-and-privacy-policy 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "agenteasy-properties No.known.fix Admin+.Stored.XSS LOW" "all-in-one-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "avirato-calendar No.known.fix Subscriber+.SQLi HIGH" "awesome-social-icons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "awesome-social-icons No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "aiomatic-automatic-ai-content-writer 2.3.9 AI.Content.Writer,.Editor,.ChatBot.&.AI.Toolkit.<.2.3.9.-.Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "aiomatic-automatic-ai-content-writer 2.3.7 AI.Content.Writer,.Editor,.ChatBot.&.AI.Toolkit.<.2.3.7.-.Missing.Authorization.to.Authenticated.(Subscriber+).Multiple.Administrator.Actions MEDIUM" "aiomatic-automatic-ai-content-writer 2.0.6 Automatic.AI.Content.Writer.<.2.0.6.-.Unauthenticated.Arbitrary.Email.Sending MEDIUM" "aiomatic-automatic-ai-content-writer 1.9.4 Missing.Authorization MEDIUM" "advanced-quiz 1.0.3 Admin+.Stored.XSS LOW" "advanced-quiz No.known.fix Admin+.Stored.XSS.in.Quiz.Overview LOW" "alt-report No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "allow-rel-and-html-in-author-bios No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "automate-hub-free-by-sperse-io No.known.fix Cross-Site.Request.Forgery.to.Activation.Status.Update MEDIUM" "automate-hub-free-by-sperse-io No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "appointify No.known.fix Authenticated.(Admin+).Arbitrary.File.Upload HIGH" "advanced-online-ordering-and-delivery-platform No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "apartment-management No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "apartment-management No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "apartment-management No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "apartment-management No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "apartment-management No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "apartment-management No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "apartment-management No.known.fix Unauthenticated.SQL.Injection HIGH" "angwp 1.5.6 Unauthenticated.Arbitrary.File.Upload/Deletion CRITICAL" "arprice-responsive-pricing-table 3.6.1 Unauthenticated.SQLi HIGH" "arprice-responsive-pricing-table 2.3 Cross-Site.Request.Forgery MEDIUM" "ajax-login-and-registration-modal-popup 2.25 Reflected.XSS MEDIUM" "ajax-login-and-registration-modal-popup 2.24 Author+.Stored.XSS MEDIUM" "appointment-buddy-online-appointment-booking-by-accrete No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "admin-cleanup No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "affiliate-tools-viet-nam No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "af-tell-a-friend No.known.fix .Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "addendio No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "addendio No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "analytics-tracker 1.1.1 XSS MEDIUM" "amr-users 4.59.4 Admin+.Stored.Cross-Site.Scripting LOW" "accesspress-custom-post-type 1.0.9 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "auto-seo 2.6.6 Stored.XSS.via.CSRF HIGH" "ali2woo-lite 3.5.4 Open.Redirect HIGH" "ali2woo-lite 3.4.4 PHP.Object.Injection.via.CSRF HIGH" "ali2woo-lite 3.3.7 Reflected.Cross-Site.Scripting MEDIUM" "ali2woo-lite 3.4.7 Stored.XSS.via.CSRF HIGH" "ali2woo-lite 3.3.7 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "ali2woo-lite 3.3.6 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "ali2woo-lite 3.3.7 Missing.Authorization.via.Several.Functions MEDIUM" "abc-notation No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "abc-notation No.known.fix Authenticated.(Contributor+).Arbitrary.File.Read MEDIUM" "abc-notation No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ays-slider 2.5.0 Reflected.Cross-Site.Scripting.(XSS) HIGH" "ays-slider 2.5.0 Responsive.Slider.and.Carousel.<.2.5.0.-.Authenticated.Blind.SQL.Injection HIGH" "arabic-webfonts No.known.fix Missing.Authorization MEDIUM" "accesspress-social-counter 1.9.2 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "azan No.known.fix Stored.XSS.via.CSRF HIGH" "add-tabs-xforwc 1.5.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "ak-menu-icons-lite 1.0.9 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "analytics-for-wp No.known.fix Admin+.Stored.XSS LOW" "add-custom-google-tag-manager No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ap-mega-menu 3.0.8 Reflected.Cross-Site.Scripting MEDIUM" "ap-mega-menu 3.0.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "adsplacer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "auto-featured-image-auto-generated 1.6.0 Reflected.Cross-Site.Scripting MEDIUM" "ap-pricing-tables-lite No.known.fix Admin+.SQLi MEDIUM" "ap-pricing-tables-lite 1.1.5 Reflected.Cross-Site.Scripting MEDIUM" "ap-pricing-tables-lite 1.1.3 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "affiliatebooster-blocks 3.0.6 Blocks.Enabling/Disabling.via.CSRF MEDIUM" "affiliate-links-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "add-multiple-marker No.known.fix Settings.Update.via.CSRF MEDIUM" "add-multiple-marker No.known.fix Unauthenticated.Settings.Update MEDIUM" "ampedsense-adsense-split-tester 4.69 Reflected.XSS HIGH" "aqua-svg-sprite No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "all-in-one-wp-migration-box-extension 1.54 Unauthenticated.Access.Token.Update MEDIUM" "amen No.known.fix Admin+.Stored.XSS LOW" "astra-import-export 1.0.4 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "astra-import-export 1.0.4 Cross-Site.Request.Forgery MEDIUM" "absolute-privacy No.known.fix User.Email/Password.Change.via.Cross-Site.Request.Forgery HIGH" "admin-renamer-extended No.known.fix CSRF MEDIUM" "acurax-social-media-widget 3.2.6 Stored.XSS.&.CSRF HIGH" "amberlink No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ajax-extend No.known.fix Unauthenticated.Remote.Code.Execution CRITICAL" "addons-for-elementor-builder 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "auxin-portfolio 2.3.5 Contributor+.Stored.XSS MEDIUM" "auxin-portfolio 2.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'.Grid.Portfolios' MEDIUM" "auxin-portfolio 2.3.2 Unauthenticated.Local.File.Inclusion CRITICAL" "alemha-watermark No.known.fix Author+.Stored.XSS MEDIUM" "animation-addons-for-elementor 1.1.7 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Content.Slider.and.Tabs.Widget.Elementor.Template MEDIUM" "apa-banner-slider No.known.fix Cross-Site.Request.Forgery.to.SLQ.Injection HIGH" "acf-frontend-display No.known.fix Arbitrary.File.Upload CRITICAL" "advanced-post-block 1.13.5 Unauthenticated.Arbitrary.Post.Access MEDIUM" "advanced-floating-content 3.8.3 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "admin-font-editor No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "az-content-finder No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "as-create-pinterest-pinboard-pages No.known.fix Subscriber+.Settings.Update.to.Stored.XSS MEDIUM" "adstxt No.known.fix Settings.Update.via.CSRF MEDIUM" "ajax-rating-with-custom-login No.known.fix Unauthenticated.SQL.Injection HIGH" "author-bio-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "auxin-shop No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "automatically-hierarchic-categories-in-menu 2.0.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "automatically-hierarchic-categories-in-menu 2.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "auto-listings 2.6.6 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "astra-bulk-edit 1.2.8 Missing.Authorization MEDIUM" "ahmeti-wp-timeline No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "admin-page-spider 3.32 Admin+.Stored.XSS LOW" "ashe-extra 1.3 Missing.Authorization MEDIUM" "ashe-extra 1.2.92 Subscriber+.Companion.Plugin.Activation.&.Content.Import MEDIUM" "adminpad 2.2 Note.Update.via.CSRF MEDIUM" "advanced-nocaptcha-recaptcha 7.0.6 Reflected.Cross-Site.Scripting MEDIUM" "advanced-nocaptcha-recaptcha 7.1.0 .Local.File.Inclusion.via.CSRF HIGH" "advanced-nocaptcha-recaptcha 7.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ajax-wp-query-search-filter No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advertising-management No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "accesspress-pinterest 3.3.4 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "advanced-woo-labels 2.16 Contributor+.Stored.XSS MEDIUM" "advanced-woo-labels 2.02 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-woo-labels 1.94 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "append-content No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "am-lottieplayer 3.5.4 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Uploaded.Lottie.File MEDIUM" "affieasy 1.1.7 Cross-Site.Request.Forgery.to.Various.Actions MEDIUM" "affieasy 1.1.6 Cross-Site.Request.Forgery MEDIUM" "affieasy 1.1.4 Reflected.Cross-Site.Scripting MEDIUM" "affieasy 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "accordion-title-for-elementor 1.2.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "any-popup No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "any-popup No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "api-info-themes-plugins-wp-org 1.05 Reflected.Cross-Site.Scripting MEDIUM" "auto-featured-image No.known.fix Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "accesspress-twitter-auto-post 1.4.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "all-in-one-login No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ab-categories-search-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "automatic-grid-image-listing No.known.fix Admin+.Arbitrary.File.Upload MEDIUM" "all-in-one-b2b-for-woocommerce No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "all-in-one-b2b-for-woocommerce No.known.fix Multiple.CSRF MEDIUM" "alert-box-block No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Alert.Box.Block MEDIUM" "alert-box-block 1.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "all-in-one-favicon 4.7 Multiple.Stored.Authenticated.XSS MEDIUM" "applicantpro No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "appsplate No.known.fix Unauthenticated.SQL.Injection HIGH" "atlas-knowledge-base No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "atlas-knowledge-base No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ad-widget No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "awesome-twitter-feeds No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "apply-online 2.6.7.2 Missing.Authorization MEDIUM" "apply-online 2.6.3 Unauthenticated.Application.File.Access MEDIUM" "apply-online 2.6.3 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "apply-online 2.5.4 Missing.Authorization LOW" "apply-online 2.5.3 Reflected.XSS HIGH" "apply-online 2.5.6 Admin+.Stored.XSS LOW" "aviary-image-editor-add-on-for-gravity-forms No.known.fix Unauthenticated.File.Upload CRITICAL" "adventure-bucket-list No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "avchat-3 No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "awesome-logo-carousel-block 2.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sliderId.Parameter MEDIUM" "awesome-progess-bar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "adicons No.known.fix Admin+.SQL.Injection MEDIUM" "appexperts 1.4.5 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "appexperts No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "appexperts 1.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ai-content-generator No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "ad-invalid-click-protector 1.2.11 Injected.Backdoor CRITICAL" "ad-invalid-click-protector 1.2.7 Arbitrary.Ban.Deletion.via.CSRF MEDIUM" "ad-invalid-click-protector 1.2.7 Reflected.Cross-Site.Scripting MEDIUM" "ad-invalid-click-protector 1.2.6 Authenticated.SQL.Injection MEDIUM" "amazon-product-in-a-post-plugin 3.5.3 Unauthenticated.SQL.Injection CRITICAL" "advanced-speed-increaser No.known.fix Cross-Site.Request.Forgery MEDIUM" "appizy-app-embed 2.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "appmaps No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "acf-front-end-editor No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Content.Update MEDIUM" "appten-image-rotator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "awesome-shortcodes 1.7.3 Reflected.XSS HIGH" "add-image-to-post No.known.fix Cross-Site.Request.Forgery MEDIUM" "all-in-one-performance-accelerator No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "all-in-one-performance-accelerator No.known.fix Missing.Authorization MEDIUM" "amocrm-webform No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "amr-shortcode-any-widget No.known.fix Contributor+.Stored.XSS MEDIUM" "acf-images-search-and-insert No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "amo-team-showcase No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.amoteam_skills.Shortcode MEDIUM" "acf-engine No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advanced-recent-posts No.known.fix Contributor+.Stored.XSS MEDIUM" "ahime-image-printer No.known.fix Unauthenticated.Arbitrary.File.Download CRITICAL" "animated-al-list No.known.fix Reflected.XSS HIGH" "a1post-bg-shipping-for-woocommerce 1.5.1 Privilege.Escalation.via.CSRF HIGH" "awesome-hooks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "agile-store-locator 1.4.15 Admin+.Arbitrary.File.Deletion MEDIUM" "agile-store-locator 1.4.13 Reflected.XSS HIGH" "agile-store-locator 1.4.10 Editor+.Stored.XSS LOW" "agile-store-locator 1.4.9 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "agile-store-locator 1.4.6 Stored.XSS.via.CSRF MEDIUM" "automatic-ban-ip No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "astra-addon 4.3.2 Authenticated(Contributor+).Remote.Code.Execution.via.Metabox HIGH" "astra-addon 3.5.2 Unauthenticated.SQL.Injection HIGH" "analogwp-templates 1.8.1 Cross-Site.Request.Forgery HIGH" "analogwp-templates 1.8.1 CSRF.Nonce.Bypasses MEDIUM" "anual-archive No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "anual-archive No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "anual-archive 1.6.0 Contributor+.Stored.XSS MEDIUM" "availability-calendar No.known.fix Cross-Site.Request.Forgery.via.add_availability_calendar_create_admin_page() MEDIUM" "availability-calendar 1.2.1 Authenticated.SQL.Injection HIGH" "availability-calendar 1.2.2 Authenticated.Stored.Cross-Site.Scripting LOW" "armember-membership 4.0.52 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "armember-membership 4.0.38 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "armember-membership 4.0.31 Open.Redirect MEDIUM" "armember-membership 4.0.29 Missing.Authorization MEDIUM" "armember-membership 4.0.28 Directory.Traversal.via.X-FILENAME MEDIUM" "armember-membership 4.0.27 Authenticated.(Contributor+).PHP.Object.Injection CRITICAL" "armember-membership 4.0.27 Unauthenticated.PHP.Object.Injection CRITICAL" "armember-membership 4.0.24 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "armember-membership 4.0.25 Improper.Access.Control.to.Sensitive.Information.Exposure.via.REST.API MEDIUM" "armember-membership 4.0.23 Cross-Site.Request.Forgery MEDIUM" "armember-membership 4.0.11 Subscriber+.Privilege.Escalation HIGH" "armember-membership 4.0.5 Admin+.Stored.Cross-Site.Scripting LOW" "armember-membership 4.0.17 Membership.<.4.0.17.-.Admin+.Stored.XSS MEDIUM" "armember-membership 4.0.6 ARMember.Cross-Site.Request.Forgery MEDIUM" "armember-membership 4.0.3 Admin+.Stored.XSS LOW" "armember-membership 4.0.2 Reflected.XSS HIGH" "armember-membership 4.0 Unauthenticated.SQLi HIGH" "armember-membership 3.4.8 Unauthenticated.Admin.Account.Takeover CRITICAL" "acf-vc-integrator 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "anant-addons-for-elementor No.known.fix Arbitrary.Plugin.Installation.via.CSRF MEDIUM" "anant-addons-for-elementor 1.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "awesome-shortcodes-for-genesis No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "anthologize No.known.fix Cross-Site.Request.Forgery MEDIUM" "anthologize 0.8.3 Cross-Site.Request.Forgery MEDIUM" "anthologize 0.8.1 Admin+.Stored.XSS LOW" "art-decoration-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "amilia-store No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-database-cleaner 3.1.4 Administrator+.PHP.Object.Injection MEDIUM" "advanced-database-cleaner 3.1.3 Authenticated.(Administrator+).SQL.Injection MEDIUM" "advanced-database-cleaner 3.1.2 Settings.Update.via.CSRF MEDIUM" "advanced-database-cleaner 3.1.1 Reflected.Cross-Site.Scripting MEDIUM" "advanced-database-cleaner 3.0.4 Reflected.Cross-Site.Scripting MEDIUM" "advanced-database-cleaner 3.0.2 Authenticated.SQL.injection MEDIUM" "amministrazione-aperta 3.8 Admin+.LFI LOW" "ai-post-generator No.known.fix Missing.Authorization.to.Authenticated.(Contributor+).Post/Page.Deletion MEDIUM" "ai-post-generator 3.4 Subscriber+.Posts.Read/Creation/Deletion MEDIUM" "ai-text-to-speech 3.0.4 Missing.Authorization MEDIUM" "admin-management-xtended 2.4.7 Contributor+.Stored.XSS MEDIUM" "admin-management-xtended 2.4.5 Post.Visibility/Date/Comment.Status.Update.via.CSRF MEDIUM" "admin-management-xtended 2.4.5 Multiple.CSRF MEDIUM" "admin-management-xtended 2.4.0.1 Privilege.Escalation MEDIUM" "amr-shortcodes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "asmember No.known.fix Admin+.Stored.XSS LOW" "accordion-slider-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "arena-liveblog-and-chat-tool No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "arena-liveblog-and-chat-tool No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.arena_embed_amp.Shortcode MEDIUM" "arena-liveblog-and-chat-tool 0.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "automatic-domain-changer 2.0.3 Reflected.Cross-Site.Scripting MEDIUM" "advance-wp-query-search-filter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "analyse-uploads No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "aco-product-labels-for-woocommerce 1.5.11 Admin+.SQLi MEDIUM" "aco-product-labels-for-woocommerce 1.5.9 Admin+.SQLi MEDIUM" "aco-product-labels-for-woocommerce 1.5.9 Authenticated.(Administrator+).SQL.Injection MEDIUM" "aco-product-labels-for-woocommerce 1.5.4 Authenticated.(Shop.manager+).Stored.Cross-Site.Scripting MEDIUM" "authenticator 1.3.1 Subscriber+.Denial.of.Service.via.Feed.Token.Disclosure MEDIUM" "abcapp-creator No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "altra-side-menu No.known.fix Abitrary.Menu.Deletion.via.CSRF MEDIUM" "altra-side-menu No.known.fix Admin+.SQL.Injection MEDIUM" "ach-for-stripe-plaid No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "all-in-one-schemaorg-rich-snippets 1.6.6 All.In.One.Schema.Rich.Snippets.<.1.6.6.-.Multiple.CSRF MEDIUM" "all-in-one-schemaorg-rich-snippets 1.5.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "attire-blocks 1.9.7 Cross-Site.Request.Forgery MEDIUM" "attire-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "attire-blocks 1.9.3 Missing.Authorization MEDIUM" "acf-options-importexport No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "azurecurve-shortcodes-in-comments No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "ach-invoice-app No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "autocomplete-address-and-location-picker-for-woocommerce 1.1.7 Reflected.Cross-Site.Scripting MEDIUM" "autocomplete-address-and-location-picker-for-woocommerce 1.0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "appointment-hour-booking 1.4.57 Captcha.Bypass MEDIUM" "appointment-hour-booking 1.3.73 CAPTCHA.Bypass MEDIUM" "appointment-hour-booking 1.3.73 Unauthenticated.iFrame.Injection HIGH" "appointment-hour-booking 1.3.73 CSV.Injection MEDIUM" "appointment-hour-booking 1.3.72 Feedback.Submission.via.CSRF MEDIUM" "appointment-hour-booking 1.3.56 Admin+.Stored.Cross-Site.Scripting LOW" "appointment-hour-booking 1.3.17 Authenticated.Stored.XSS LOW" "appointment-hour-booking 1.3.16 Admin+.Stored.Cross-Site.Scripting LOW" "appointment-hour-booking 1.1.46 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "admin-options-pages 0.9.8 Reflected.Cross-Site.Scripting HIGH" "ai-site-builder No.known.fix Missing.Authorization.to.Arbitrary.Plugin.Installation CRITICAL" "advanced-local-pickup-for-woocommerce 1.6.2 Missing.Authorization.to.Notice.Dismissal MEDIUM" "advanced-local-pickup-for-woocommerce 1.6.3 Missing.Authorization MEDIUM" "advanced-local-pickup-for-woocommerce 1.6.0 Authenticated.(Administrator+).SQL.Injection HIGH" "apperr 0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "acf-quickedit-fields 3.2.3 Contributor+.User.Metadata.Leak.via.IDOR LOW" "allpost-contactform No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "ajax-load-more 7.1.3 Ajax.Load.More.<.7.1.3.-.Contributor+.Stored.XSS MEDIUM" "ajax-load-more 7.1.2 Authenticated.(Contributor+).Cross-Site.Scripting MEDIUM" "ajax-load-more 7.0.2 Administrator+.Stored.Cross-Site.Scripting MEDIUM" "ajax-load-more 7.1.0 Authenticated.(Admin+).Directory.Traversal.to.Arbitrary.File.Read MEDIUM" "ajax-load-more 6.2 Ajax.Load.More.<.6.2.-.Contributor+.Stored.XSS MEDIUM" "ajax-load-more 5.6.0.3 Ajax.Load.More.<.5.6.0.3.-.Contributor+.Stored.XSS MEDIUM" "ajax-load-more 5.5.4.1 Admin+.Arbitrary.File.Read MEDIUM" "ajax-load-more 5.5.4 Admin+.Arbitrary.File.Read MEDIUM" "ajax-load-more 5.5.4 PHAR.Deserialization.via.CSRF HIGH" "ajax-load-more 5.3.2 Authenticated.SQL.Injection CRITICAL" "automatewoo 5.7.6 Cross-Site.Request.Forgery MEDIUM" "automatewoo 5.7.6 Missing.Authorization MEDIUM" "automatewoo 5.7.2 ShopManager+.SQLi MEDIUM" "automatewoo 5.7.2 Cross-Site.Request.Forgery MEDIUM" "amadiscount No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "advanced-pdf-generator No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "accesspress-social-icons 1.8.3 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "accesspress-social-icons 1.8.1 Authenticated.SQL.Injection HIGH" "accesspress-social-icons 1.6.8 Authenticated.SQL.Injections MEDIUM" "author-work-in-progress-bar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "auto-post-after-image-upload No.known.fix Missing.Authorization MEDIUM" "adapta-rgpd 1.3.3 Unauthorised.Consent.via.CSRF MEDIUM" "aoi-tori No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "ajax-search-for-woocommerce 1.25.0b3 Reflected.Cross-Site.Scripting MEDIUM" "ajax-search-for-woocommerce 1.24.0 AJAX.Search.for.WooCommerce.<.1.24.0.-.Admin+.Stored.Cross-Site.Scripting MEDIUM" "ajax-search-for-woocommerce 1.18.0 Admin+.Stored.Cross-Site.Scripting LOW" "ajax-search-for-woocommerce 1.17.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "about-me No.known.fix Subscriber+.Arbitrary.Network.Creation/Deletion MEDIUM" "api2cart-bridge-connector 1.2.0 Unauthenticated.RCE CRITICAL" "api2cart-bridge-connector 1.2.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "amazon-auto-links 5.4.3 Reflected.Cross-Site.Scripting MEDIUM" "amazon-auto-links 5.1.2 Contributor+.Stored.XSS MEDIUM" "amazon-auto-links 5.3.2 Contributor+.Stored.XSS MEDIUM" "amazon-auto-links 4.6.20 Reflected.Cross-Site.Scripting HIGH" "automation-web-platform 3.0.18 Unauthenticated.Privilege.Escalation CRITICAL" "aparat-responsive No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "auto-poster No.known.fix Authenticated.(Administrator+).Arbitrary.File.Upload CRITICAL" "accesspress-custom-css 2.0.2 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "awesome-support 6.3.2 Unauthenticated.Sensitive.Information.Exposure.Through.Unprotected.Directory HIGH" "awesome-support 6.3.2 Missing.Authorization MEDIUM" "awesome-support 6.1.8 Missing.Authorization MEDIUM" "awesome-support 6.1.7 Insufficient.Authorization.via.wpas_can_delete_attachments() MEDIUM" "awesome-support 6.1.8 Missing.Authorization.via.wpas_get_users() MEDIUM" "awesome-support 6.1.8 Authenticated.(Subscriber+).SQL.Injection HIGH" "awesome-support 6.1.8 Missing.Authorization.via.editor_html() MEDIUM" "awesome-support 6.1.6 Missing.Authorization.via.wpas_load_reply_history MEDIUM" "awesome-support 6.1.6 Cross-Site.Request.Forgery MEDIUM" "awesome-support 6.1.8 Missing.Authorization MEDIUM" "awesome-support 6.1.11 Missing.Authorization MEDIUM" "awesome-support 6.1.5 Missing.Authorization.via.wpas_edit_reply_ajax() MEDIUM" "awesome-support 6.1.5 Cross-Site.Request.Forgery.via.wpas_edit_reply_ajax() MEDIUM" "awesome-support 6.1.5 Insufficient.permission.check.in.wpas_edit_reply MEDIUM" "awesome-support 6.1.5 Submitter+.Arbitrary.File.Deletion CRITICAL" "awesome-support 6.1.5 Reflected.Cross-Site.Scripting HIGH" "awesome-support 6.1.2 Subscriber+.Arbitrary.Exported.Tickets.Download MEDIUM" "awesome-support 6.0.8 Authenticated.Stored.XSS MEDIUM" "awesome-support 6.0.7 Reflected.Cross-Site.Scripting HIGH" "awesome-support 6.0.11 Reflected.Cross-Site.Scripting.(XSS) HIGH" "awesome-support 6.0.0 Stored.XSS.via.Ticket.Title MEDIUM" "awesome-support 3.1.7 XSS.&.Shortcodes.Allowed.in.Replies HIGH" "auto-tag-creator No.known.fix Missing.Authorization.via.tag_save_settings_callback MEDIUM" "auto-refresh-single-page No.known.fix .Authenticated.(Contributor+).PHP.Object.Injection HIGH" "active-user No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ai-engine 2.6.5 Admin+.SQLi MEDIUM" "ai-engine 2.4.8 Admin+.SQLi MEDIUM" "ai-engine 2.5.1 Admin+.RCE MEDIUM" "ai-engine 2.4.8 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "ai-engine 2.2.70 Authenticated.(Editor+).Arbitrary.File.Upload CRITICAL" "ai-engine 2.1.5 Authenticated.(Editor+).Server-Side.Request.Forgery MEDIUM" "ai-engine 2.2.1 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "ai-engine 2.1.5 Editor+.Arbitrary.File.Upload.via.add_image_from_url MEDIUM" "ai-engine 1.9.99 Unauthenticated.Arbitrary.File.Upload CRITICAL" "ai-engine 1.6.83 Admin+.Stored.XSS LOW" "aio-time-clock-lite 1.3.326 Cross-Site.Request.Forgery MEDIUM" "aio-time-clock-lite 1.3.321 Admin+.Stored.XSS LOW" "apk-downloader No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross.Site.Scripting MEDIUM" "advanced-database-replacer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "advanced-database-replacer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "awesome-contact-form7-for-elementor 3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "awesome-contact-form7-for-elementor 3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.AEP.Contact.Form.7.Widget MEDIUM" "activitypub 1.0.6 Unauthenticated.REST.API.Access MEDIUM" "activitypub 1.0.0 Subscriber+.Arbitrary.Post.Title.Disclosure MEDIUM" "activitypub 1.0.0 Contributor+.Stored.XSS MEDIUM" "activitypub 1.0.0 Subscriber+.Arbitrary.Post.Content.Disclosure MEDIUM" "activitypub 1.0.1 Contributor+.Stored.XSS MEDIUM" "autosave-net No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "autosave-net No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "azz-anonim-posting No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "altos-connect No.known.fix Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "advanced-booking-calendar No.known.fix Unauthenticated.SQLi HIGH" "advanced-booking-calendar No.known.fix CSRF MEDIUM" "advanced-booking-calendar 1.7.1 Admin+.SQLi MEDIUM" "advanced-booking-calendar 1.7.1 Reflected.Cross-Site.Scripting MEDIUM" "advanced-booking-calendar 1.7.0 Unauthenticated.SQL.Injection HIGH" "advanced-booking-calendar 1.6.8 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "advanced-booking-calendar 1.6.7 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "advanced-booking-calendar 1.6.2 Unauthenticated.SQL.Injection CRITICAL" "acf-for-woocommerce-product No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "acf-for-woocommerce-product No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "appmysite 3.11.1 Unauthenticated.Information.Disclsoure MEDIUM" "all-in-one-seo-pack 4.6.1.1 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "all-in-one-seo-pack 4.6.1.1 Contributor+.Stored.XSS MEDIUM" "all-in-one-seo-pack 4.3.0 Contributor+.Stored.XSS MEDIUM" "all-in-one-seo-pack 4.3.0 Admin+.Stored.XSS LOW" "all-in-one-seo-pack 4.2.4 Multiple.CSRF MEDIUM" "all-in-one-seo-pack 4.1.5.3 Authenticated.Privilege.Escalation CRITICAL" "all-in-one-seo-pack 4.1.5.3 Authenticated.SQL.Injection HIGH" "all-in-one-seo-pack 4.1.0.2 Admin.RCE.via.unserialize MEDIUM" "all-in-one-seo-pack 3.6.2 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "all-in-one-seo-pack 3.2.7 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "all-in-one-seo-pack 2.10 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "avif-support 1.1.1 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "avif-support 1.1.1 Author+.Stored.XSS.via.SVG.Uplaod MEDIUM" "auto-hide-admin-bar 1.6.2 Admin+.Stored.XSS LOW" "ad-inserter-pro 2.8.0 Reflected.Cross-Site.Scripting MEDIUM" "ad-inserter-pro 2.7.12 Reflected.Cross-Site.Scripting LOW" "ad-inserter-pro 2.7.10 Reflected.Cross-Site.Scripting MEDIUM" "arcadeready No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "adrotate 5.13.3 Admin+.Double.Extension.Arbitrary.File.Upload MEDIUM" "adrotate 5.9.1 Password.Change.via.CSRF MEDIUM" "adrotate 5.8.23 Admin+.XSS.via.Advert.Name LOW" "adrotate 5.8.23 Admin+.XSS.via.Group.Name LOW" "adrotate 5.8.22 Admin+.SQL.Injection MEDIUM" "adrotate 5.8.4 Authenticated.SQL.Injection MEDIUM" "adrotate 5.3 Authenticated.SQL.Injection HIGH" "adsensei-b30 No.known.fix Reflected.Cross-Site.Scripting HIGH" "adsensei-b30 3.1.3 Reflected.Cross-Site.Scripting HIGH" "astra-pro-sites 3.2.6 Incorrect.Authorization MEDIUM" "astra-pro-sites 3.2.5 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "add-to-calendar-button 1.5.1 Contributor+.Stored.XSS MEDIUM" "antihacker 4.53 Missing.Authorization.to.Authenticated.(Subscriber+).Table.Truncation MEDIUM" "antihacker 4.52 Missing.Authorization.to.Unauthenticated.IP.Address.Whitelist MEDIUM" "antihacker 4.35 Cross-Site.Request.Forgery.via.antihacker_ajax_scan MEDIUM" "antihacker 4.20 Subscriber+.Arbitrary.Plugin.Installation HIGH" "app-builder 5.3.8 Privilege.Escalation.and.Account.Takeover.via.Weak.OTP HIGH" "app-builder 4.3.4 Unauthenticated.Limited.SQL.Injection.via.app-builder-search MEDIUM" "app-builder 3.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode HIGH" "app-builder 3.8.8 Open.Redirection MEDIUM" "alpine-photo-tile-for-instagram No.known.fix Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "aoa-downloadable No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "aoa-downloadable No.known.fix Unauthenticated.SSRF HIGH" "arforms-form-builder 1.7.2 HTML.Injection MEDIUM" "arforms-form-builder 1.7.1 Unauthenticated.Stored.XSS MEDIUM" "arforms-form-builder 1.6.8 Reflected.Cross-Site.Scripting MEDIUM" "arforms-form-builder 1.6.5 Missing.Authorization.to.Authenticated(Subscriber+).Arbitrary.Option.Deletion HIGH" "arforms-form-builder 1.6.2 Missing.Authorization MEDIUM" "arforms-form-builder 1.6.2 Cross-Site.Request.Forgery MEDIUM" "arforms-form-builder 1.5.9 Unauthenticated.Stored.XSS HIGH" "arforms-form-builder 1.5.7 Unauthenticated.Stored.XSS HIGH" "arforms-form-builder 1.5 Admin+.Stored.Cross.Site.Scripting LOW" "an-gradebook No.known.fix Subscriber+.SQLi HIGH" "an-gradebook No.known.fix Admin+.XSS LOW" "announce-from-the-dashboard 1.5.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "announce-from-the-dashboard 1.5.2 Admin+.Stored.XSS LOW" "affiliate-links No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "affiliate-links 3.1.0 Missing.Authorization.to.Unauthenticated.Import/Export.and.PHP.Object.Injection HIGH" "affiliate-links 2.7 Contributor+.Stored.XSS MEDIUM" "alojapro-widget 1.1.16 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "adsmiddle No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "advanced-youtube-channel-pagination No.known.fix Reflected.XSS HIGH" "azindex No.known.fix Index.Deletion.via.CSRF MEDIUM" "azindex No.known.fix Stored.XSS.via.CSRF HIGH" "acnoo-flutter-api No.known.fix Authentication.Bypass CRITICAL" "ars-affiliate-page 2.0.4 Reflected.Cross-Site.Scripting MEDIUM" "accessibility-help-button 1.1 Admin+.Stored.Cross.Site.Scripting LOW" "accessibility-help-button 1.1 Admin+.Stored.XSS LOW" "accessibility-help-button 1.2 Admin+.Stored.XSS LOW" "authors-list 2.0.6.1 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "authors-list 2.0.5 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "authors-list 2.0.3 Reflected.Cross-Site.Scripting HIGH" "armember-membership-premium No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "article-directory No.known.fix Admin+.Stored.XSS LOW" "accept-stripe-payments-using-contact-form-7 2.6 Unauthenticated.Information.Exposure MEDIUM" "add-google-plus-one-social-share-button No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "activedemand No.known.fix Missing.Authorization MEDIUM" "activedemand 0.2.44 Cross-Site.Request.Forgery MEDIUM" "activedemand 0.2.42 Unauthenticated.Arbitrary.File.Upload CRITICAL" "activedemand 0.2.28 Unauthenticated.Post.Creation/Update/Deletion HIGH" "amp-wp No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "annasta-woocommerce-product-filters 1.6.5 Reflected.Cross-Site.Scripting MEDIUM" "annasta-woocommerce-product-filters 1.5.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ai-twitter-feeds No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "aio-shortcodes 1.3.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "aawp-obfuscator No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "aesop-story-engine No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "add-admin-javascript No.known.fix Unauthenticated.Full.Path.Dislcosure MEDIUM" "ald-login-page 1.3 .Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "awesome-logos No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "awesome-logos No.known.fix Cross-Site.Request.Forgery.to.SQL.Injection MEDIUM" "amcharts-charts-and-maps 1.4.5 Reflected.Cross-Site.Scripting.via.Cross-Site.Request.Forgery MEDIUM" "amcharts-charts-and-maps 1.4.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "add-facebook No.known.fix Author+.Stored.XSS MEDIUM" "add-facebook No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting] MEDIUM" "apex-notification-bar-lite 2.0.5 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "advanced-fancybox No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "addify-product-stock-manager 1.0.5 Subscriber+.Unauthorised.AJAX.Calls HIGH" "analyticswp 2.1.5 Unauthenticated.SQL.Injection HIGH" "analyticswp No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "analyticswp No.known.fix Missing.Authorization MEDIUM" "analyticswp 2.1.0 Unauthenticated.SQL.Injection HIGH" "add-search-to-menu 5.5.7 Information.Exposure.via.AJAX.Search.Form MEDIUM" "add-search-to-menu 5.5.6 Subscriber+.Index.Creation MEDIUM" "add-search-to-menu 5.5.2 Reflected.Cross-Site.Scripting MEDIUM" "add-search-to-menu 5.4.7 Reflected.Cross-Site.Scripting MEDIUM" "add-search-to-menu 5.4.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "add-search-to-menu 5.4.1 Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "add-search-to-menu 4.8 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "add-search-to-menu 4.7 Reflected.Cross-Site.Scripting HIGH" "add-search-to-menu 4.6.1 Reflected.Cross.Site.Scripting.(XSS) MEDIUM" "add-search-to-menu 4.5.11 .Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "add-subtitle No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "acf-link-picker-field No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "aklamator-infeed No.known.fix Reflected.XSS HIGH" "aklamator-infeed No.known.fix Admin+.Stored.XSS LOW" "agile-video-player No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ai-wp-writer 3.8.4.5 Cross-Site.Request.Forgery MEDIUM" "ai-wp-writer 3.6.5.6 Missing.Authorization MEDIUM" "audio-merchant No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "audio-merchant No.known.fix Cross-Site.Request.Forgery.to.Settings.Modifcation.and.Stored.Cross-Site.Scripting MEDIUM" "alkubot 3.0.0 Unauthorised.AJAX.call.via.CSRF MEDIUM" "attach-gallery-posts No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "agecheckernet No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "author-bio-box 3.4.0 Admin+.Stored.Cross-Site.Scripting LOW" "adsanity 1.8.2 Contributor.Arbitrary.File.Upload CRITICAL" "ajax-awesome-css No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "advanced-usps-shipping-method 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "ai-content-creator No.known.fix Cross-Site.Request.Forgery MEDIUM" "advanced-wp-reset 1.6 Reflected.Cross-Site.Scripting MEDIUM" "add-to-cart-direct-checkout-for-woocommerce 2.1.49 Admin+.Stored.XSS LOW" "awin-data-feed 1.8 Reflected.Cross-Site.Scripting MEDIUM" "awin-data-feed 1.8 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "aio-contact No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "aio-contact No.known.fix Missing.Authorization MEDIUM" "access-demo-importer 1.0.8 Data.Reset.via.CSRF HIGH" "access-demo-importer 1.0.8 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "access-demo-importer 1.0.7 Subscriber+.Arbitrary.File.Upload HIGH" "all-embed-addons-for-elementor 1.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "affiliate-advantage No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "admin-custom-login 3.2.8 CSRF.to.Stored.XSS HIGH" "ajax-domain-checker No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "adminquickbar 1.9.2 Reflected.Cross-Site.Scripting MEDIUM" "aruba-hispeed-cache 2.0.13 Missing.Authorization MEDIUM" "aruba-hispeed-cache 2.0.7 Unauthenticated.Log.File.Access MEDIUM" "activity-log-mainwp 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "activity-log-mainwp 1.7.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "async-javascript 2.21.06.29 Authenticated.(admin+).Stored.XSS MEDIUM" "all-contact-form-integration-for-elementor No.known.fix Cross-Site.Request.Forgery MEDIUM" "all-contact-form-integration-for-elementor No.known.fix Missing.Authorization MEDIUM" "all-contact-form-integration-for-elementor No.known.fix Missing.Authorization MEDIUM" "all-contact-form-integration-for-elementor 2.9.9.8 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "all-contact-form-integration-for-elementor 2.9.9.8 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "azurecurve-toggle-showhide No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ai-postpix 1.1.8.1 Subscriber+.Arbitrary.File.Upload HIGH" "ai-auto-tool No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "ai-auto-tool 2.1.3 Missing.Authorization MEDIUM" "augmented-reality No.known.fix Unauthenticated.PHP.File.Upload.leading.to.RCE CRITICAL" "animated-text-block 1.0.8 Missing.Authorization MEDIUM" "acf-extended 0.8.9.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "acf-extended 0.8.8.7 Admin+.SQL.Injection MEDIUM" "anchor-episodes-index 2.1.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.anchor_episodes.Shortcode MEDIUM" "anchor-episodes-index 2.1.8 Admin+.Stored.XSS LOW" "aryo-activity-log 2.11.2 Unauthenticated.Stored.XSS.via.Event.Context HIGH" "aryo-activity-log 2.8.8 IP.Spoofing MEDIUM" "aryo-activity-log 2.8.4 CSV.Injection LOW" "aryo-activity-log 2.7.0 Authenticated.SQL.Injection MEDIUM" "aryo-activity-log 2.4.1 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "aryo-activity-log 2.3.3 Cross-Site.Scripting.(XSS) MEDIUM" "aryo-activity-log 2.3.3 Cross-Site.Scripting.(XSS).in.'page' MEDIUM" "ag-custom-admin 7.2.4 Admin+.SSRF MEDIUM" "ag-custom-admin 7.2.2 Admin+.Stored.XSS.via.Image.URL LOW" "ag-custom-admin 7.0 Admin+.Stored.Cross-Site.Scripting MEDIUM" "ag-custom-admin 6.9.2 AGCA.<.6.9.2.-.Admin+.Stored.Cross-Site.Scripting LOW" "ag-custom-admin 6.5.5 CSRF.&.XSS LOW" "automatorwp 5.1.0 Reflected.Cross-Site.Scripting.via.a-0-o-search_field_value CRITICAL" "automatorwp 2.5.1 Object.Deletion.via.CSRF MEDIUM" "automatorwp 1.7.6 Missing.Authorization.and.Privilege.Escalation MEDIUM" "ad-injection No.known.fix Admin+.Stored.Cross-Site.Scripting.&.RCE HIGH" "apply-with-linkedin-buttons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "apply-with-linkedin-buttons No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ajar-productions-in5-embed 3.1.4 Unauthenticated.Arbitrary.File.Upload CRITICAL" "admin-menu-organizer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ajax-search-pro 4.26.2 Multiple.Reflected.Cross-Site.Scripting HIGH" "ajax-search-pro 4.26.2 Reflected.Cross-Site.Scripting HIGH" "ajax-search-pro 4.19 Stored.XSS.via.CSRF HIGH" "ajax-search-pro 4.19 Subscriber+.SQL.Injection HIGH" "aeropage-sync-for-airtable 3.3.0 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Deletion MEDIUM" "aeropage-sync-for-airtable 3.3.0 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "arconix-shortcodes 2.1.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "arconix-shortcodes 2.1.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.box.Shortcode MEDIUM" "arconix-shortcodes 2.1.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "arconix-shortcodes 2.1.12 Missing.Authorization MEDIUM" "arconix-shortcodes 2.1.11 Missing.Authorization.to.Notice.Dismissal MEDIUM" "arconix-shortcodes 2.1.8 Contributor+.Stored.XSS MEDIUM" "autowp-ai-content-writer-rewriter 2.0.9 Cross-Site.Request.Forgery MEDIUM" "advanced-ajax-page-loader No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "advanced-ajax-page-loader 2.7.7 Unauthenticated.Uploaded.File.Disclosure MEDIUM" "all-in-one-wp-migration-onedrive-extension 1.67 Unauthenticated.Access.Token.Update MEDIUM" "advanced-popups 1.1.2 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "advanced-angular-contact-form No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ap-companion 1.0.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "admin-menu-restriction No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "awesome-responsive-photo-gallery 1.2 Missing.Authorization MEDIUM" "awesome-responsive-photo-gallery 2.1 Reflected.Cross-Site.Scripting MEDIUM" "anymind-widget No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "affiliate-ads-builder-for-clickbank-products 1.7 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "accessibility 1.0.7 Cross-Site.Request.Forgery MEDIUM" "accessibility 1.0.4 Admin+.Stored.XSS LOW" "addify-free-gifts-woocommerce 1.0.2 Multiple.CSRF MEDIUM" "author-box-with-different-description No.known.fix Cross-Site.Request.Forgery MEDIUM" "admin-bookmarks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "animated-svg 2.1.0 Reflected.Cross-Site.Scripting MEDIUM" "ai-moderator-for-buddypress-and-buddyboss No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "asf-allow-svg-files No.known.fix Author+.Stored.Cross.Site.Scripting.via.SVG MEDIUM" "asf-allow-svg-files 1.1 Admin+.Arbitrary.File.Upload MEDIUM" "awesome-timeline No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "add-widgets-to-page No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "archivist-custom-archive-templates 1.7.6 Reflected.Cross-Site.Scripting MEDIUM" "archivist-custom-archive-templates No.known.fix Reflected.XSS HIGH" "archivist-custom-archive-templates 1.7.5 Custom.Archive.Templates.<.1.7.5.-.Stored.XSS.via.CSRF HIGH" "archivist-custom-archive-templates 1.7.5 Custom.Archive.Templates.<.1.7.5.-.Admin+.Stored.XSS LOW" "advanced-notifications 1.2.8 Missing.Authorization MEDIUM" "agency-toolkit No.known.fix Missing.Authorization MEDIUM" "agency-toolkit 1.0.24 Unauthenticated.Arbitrary.Options.Update CRITICAL" "ays-popup-box 4.9.8 Missing.Authorization.to.Unauthenticated.Limited.Options.Update MEDIUM" "ays-popup-box 4.7.8 Admin+.Stored.XSS LOW" "ays-popup-box 4.5.2 Missing.Authorization MEDIUM" "ays-popup-box 4.1.3 Cross-Site.Request.Forgery MEDIUM" "ays-popup-box 4.3.7 Missing.Authorization.to.Information.Exposure MEDIUM" "ays-popup-box 20.9.0 Admin+.Stored.XSS LOW" "ays-popup-box 7.9.0 Admin+.Stored.XSS LOW" "ays-popup-box 3.8.6 Admin+.Stored.XSS.in.Popup.Settings LOW" "ays-popup-box 3.8.6 Admin+.Stored.XSS.in.Categories LOW" "ays-popup-box 3.7.9 Admin+.Stored.XSS LOW" "ays-popup-box 3.7.2 Admin+.Stored.Cross-Site.Scripting LOW" "ays-popup-box 3.4.5 Reflected.XSS HIGH" "ays-popup-box 2.3.4 Reflected.Cross-Site.Scripting.(XSS) HIGH" "ays-popup-box 2.3.4 Authenticated.Blind.SQL.Injections HIGH" "auto-thickbox-plus No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "auyautochat-for-wp No.known.fix Unauthenticated.Stored.XSS HIGH" "add-categories-post-footer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "addify-custom-order-number 1.2.0 Multiple.CSRF MEDIUM" "accommodation-system No.known.fix Subscriber+.Unauthorised.Actions MEDIUM" "art-picture-gallery No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "admin-bar 1.0.23 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "article-analytics No.known.fix Unauthenticated.SQL.injection HIGH" "aajoda-testimonials No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "aajoda-testimonials 2.2.2 Admin+.Stored.XSS LOW" "affiliator-lite No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "accessally 3.5.7 $_SERVER.Superglobal.Leakage HIGH" "accessally 3.3.2 Unauthenticated.Arbitrary.PHP.Code.Execution CRITICAL" "authldap 2.6.2 Admin+.Stored.XSS LOW" "authldap 2.5.9 Settings.Update.via.CSRF MEDIUM" "ajax-content-filter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "assist24it No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "anywhere-flash-embed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "authors-autocomplete-meta-box No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "add-to-feedly No.known.fix Admin+.Stored.XSS LOW" "adif-log-search-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "awesome-surveys No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "alex-reservations 2.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "advanced-search-by-my-solr-server No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ai-scribe-the-chatgpt-powered-seo-content-creation-wizard No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "ai-scribe-the-chatgpt-powered-seo-content-creation-wizard No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "ai-scribe-the-chatgpt-powered-seo-content-creation-wizard No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "alipay No.known.fix Authenticated.SQL.Injection MEDIUM" "automatic-translation No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "ap-plugin-scripteo 4.89 Multi-Purpose.WordPress.Advertising.Manager.<.4.89.-.Unauthenticated.SQL.Injection HIGH" "acme-divi-modules No.known.fix Missing.Authorization MEDIUM" "appreview No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "aws-cdn-by-wpadmin 3.0.0 Cross-Site.Request.Forgery MEDIUM" "audio-and-video-player 1.2.0 Player.Deletion.and.Duplication.via.CSRF MEDIUM" "aweber-web-form-widget 7.3.21 Admin+.Stored.XSS LOW" "aweber-web-form-widget 7.3.15 Authenticated.(Admin+).SQL.Injection HIGH" "aweber-web-form-widget 7.3.10 Missing.Authorization.via.AJAX.actions MEDIUM" "ad-buttons 2.3.2 CSRF.&.XSS MEDIUM" "avaibook No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "auto-youtube-importer 1.0.4 Settings.Update.via.CSRF MEDIUM" "affiliateimportereb No.known.fix Reflected.XSS HIGH" "affiliateimportereb No.known.fix Reflected.XSS.via.Search HIGH" "ayecode-connect 1.3.9 Missing.Authorization MEDIUM" "aforms-form-builder-for-price-calculator-cost-estimation 2.2.7 Unauthenticated.Full.Path.Disclosure MEDIUM" "announcer 6.0.1 Missing.Authorization MEDIUM" "avenirsoft-directdownload No.known.fix Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "ajax-archive-calendar 2.6.8 Contributor+.Stored.XSS MEDIUM" "advanced-iframe 2025.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Host.Header MEDIUM" "advanced-iframe 2025.0 Unauthenticated.Settings.Update MEDIUM" "advanced-iframe 2025.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-iframe 2024.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-iframe 2024.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "advanced-iframe 2024.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-iframe 2024.0 Contributor+.Stored.XSS MEDIUM" "advanced-iframe 2023.9 Contributor+.Stored.XSS MEDIUM" "advanced-iframe 2022 Reflected.Cross-Site.Scripting MEDIUM" "adsense-plugin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "adsense-plugin 1.44 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "aria-font No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "amazonjs No.known.fix Contributor+.Stored.XSS MEDIUM" "attesa-extra 1.4.3 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "attesa-extra 1.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "adminify 4.0.1.7 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "adminify 3.1.7 Authenticated(Administrator+).SQL.Injection MEDIUM" "adminify 3.1.6 Admin+.Stored.XSS LOW" "adminify 3.1.6 Admin+.Stored.XSS LOW" "adminify 3.1.4 Reflected.Cross-Site.Scripting MEDIUM" "adminify 2.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ai-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ai-addons-for-elementor No.known.fix Authenticated.(Contributor+).Private.Templates.Content.Disclosure MEDIUM" "avatar No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "avatar No.known.fix Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "affiliates-manager 2.9.35 Cross-Site.Request.Forgery MEDIUM" "affiliates-manager 2.9.32 Cross-Site.Request.Forgery.via.multiple.AJAX.actions MEDIUM" "affiliates-manager 2.9.31 Sensitive.Information.Exposure.via.Log.File MEDIUM" "affiliates-manager 2.9.21 Cross-Site.Request.Forgery MEDIUM" "affiliates-manager 2.9.14 Arbitrary.Affiliates.&.Creatives.Deletion.via.CSRF MEDIUM" "affiliates-manager 2.9.14 Affiliate.CSV.Injection MEDIUM" "affiliates-manager 2.9.14 Reflected.Cross-Site.Scripting MEDIUM" "affiliates-manager 2.9.14 Admin+.Stored.Cross-Site.Scripting LOW" "affiliates-manager 2.9.0 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "affiliates-manager 2.8.7 Admin+.SQL.injection MEDIUM" "affiliates-manager 2.7.8 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "affiliates-manager 2.6.6 CRSF.Issues MEDIUM" "addify-order-tracking-for-woocommerce 1.0.2 Multiple.CSRF MEDIUM" "akismet-privacy-policies No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "alert-me No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "adsense-click-fraud-monitoring No.known.fix XSS MEDIUM" "addons-for-elementor 8.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.piechart_settings.Parameter MEDIUM" "addons-for-elementor 8.4.1 Authenticated.(Contributor+).Limited.Local.File.Inclusion.via.Widgets HIGH" "addons-for-elementor 8.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Marquee.Text.Widget,.Testimonials.Widget,.and.Testimonial.Slider.Widgets MEDIUM" "addons-for-elementor 8.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Various.Widgets MEDIUM" "addons-for-elementor 8.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Posts.Grid MEDIUM" "addons-for-elementor 8.3.7 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.widget._id.attribute MEDIUM" "addons-for-elementor 8.3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Display.Name MEDIUM" "addons-for-elementor 8.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Posts.Slider.Widget MEDIUM" "addons-for-elementor 8.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Team.Members.Widget MEDIUM" "addons-for-elementor 8.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Posts.Multislider.Widget MEDIUM" "addons-for-elementor 8.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Posts.Carousel.Widget MEDIUM" "addons-for-elementor 8.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Animated.Text.Widget MEDIUM" "addons-for-elementor 8.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.animated_text_class MEDIUM" "addons-for-elementor 8.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addons-for-elementor 8.3.2 Contributor+.Stored.XSS MEDIUM" "addons-for-elementor 7.9 Reflected.Cross-Site.Scripting MEDIUM" "addons-for-elementor 7.2.4 Admin+.Stored.XSS LOW" "addons-for-elementor 7.1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "addons-for-elementor 6.8 Contributor+.Stored.XSS MEDIUM" "addons-for-elementor 2.6 Subscriber+.Arbitrary.Option.Update CRITICAL" "addons-for-divi 4.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "addons-for-divi 4.0.0 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.Upload MEDIUM" "addons-for-divi 3.6.0 Reflected.Cross-Site.Scripting MEDIUM" "addons-for-divi 3.5.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "audiocase No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addify-price-calculator-for-woocommerce No.known.fix Multiple.CSRF MEDIUM" "autocompleter No.known.fix Cross-Site.Request.Forgery MEDIUM" "ap-contact-form 1.0.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "amazon-showcase-wordpress-widget No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "anac-xml-render No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "alphabetical-list No.known.fix Settings.Update.via.CSRF MEDIUM" "audio-comparison-lite 3.5 Contributor+.Stored.XSS MEDIUM" "ajax-load-more-anything 3.3.4 Subscriber+.Settings.Update MEDIUM" "affiliate-toolkit-starter 3.7.4 Cross-Site.Request.Forgery MEDIUM" "affiliate-toolkit-starter 3.7.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "affiliate-toolkit-starter 3.6.8 Reflected.Cross-Site.Scripting MEDIUM" "affiliate-toolkit-starter 3.6.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.atkp_product.Shortcode MEDIUM" "affiliate-toolkit-starter 3.6 Unauthenticated.Full.Path.Dislcosure MEDIUM" "affiliate-toolkit-starter 3.4.5 Unauthenticated.Sensitive.Information.Exposure.via.Logs MEDIUM" "affiliate-toolkit-starter 3.4.6 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.ratings MEDIUM" "affiliate-toolkit-starter 3.5.5 Missing.Authorization.via.atkp_import_product MEDIUM" "affiliate-toolkit-starter 3.5.5 Missing.Authorization.via.atkp_create_list MEDIUM" "affiliate-toolkit-starter 3.4.3 Unauthenticated.SSRF HIGH" "affiliate-toolkit-starter 3.4.4 Reflected.Cross-Site.Scripting.via.keyword MEDIUM" "affiliate-toolkit-starter 3.4.0 Open.Redirect.via.atkpout.php LOW" "affiliate-toolkit-starter 3.3.4 Editor+.Stored.XSS LOW" "advanced-facebook-twitter-widget No.known.fix Admin+.Stored.XSS LOW" "auto-upload-images 3.3.1 CSRF MEDIUM" "auto-upload-images 3.3.1 Admin+.Stored.Cross-Site.Scripting LOW" "advanced-easy-shipping-for-wc-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "auto-prune-posts 3.0.0 Admin+.Stored.XSS LOW" "auto-prune-posts 2.0.0 Post.Deletion.Settings.Update.via.CSRF MEDIUM" "addonify-quick-view 1.2.17 Unauthenticated.Full.Path.Dislcosure MEDIUM" "admin-menu-post-list No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "anti-plagiarism No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "animategl No.known.fix Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "animategl 1.4.18 Reflected.Cross-Site.Scripting MEDIUM" "about-author 1.6.3 Reflected.Cross-Site.Scripting MEDIUM" "admin-word-count-column No.known.fix Unauthenticated.Arbitrary.File.Read MEDIUM" "advanced-image-sitemap No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "amr-ical-events-list No.known.fix Admin+.Stored.XSS LOW" "agp-font-awesome-collection No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "agp-font-awesome-collection No.known.fix Reflected.XSS HIGH" "all-in-one-wp-migration 7.90 Unauthenticated.PHP.Object.Injection HIGH" "all-in-one-wp-migration 7.87 Authenticated.(Administrator+).Arbitrary.PHP.Code.Injection HIGH" "all-in-one-wp-migration 7.87 Unauthenticated.Information.Disclosure.via.Error.Logs MEDIUM" "all-in-one-wp-migration 7.63 Unauthenticated.Reflected.XSS MEDIUM" "all-in-one-wp-migration 7.59 Admin+.File.Deletion.on.Windows.Hosts.via.Path.Traversal MEDIUM" "all-in-one-wp-migration 7.41 Admin+.Arbitrary.File.Upload.to.RCE MEDIUM" "all-in-one-wp-migration 7.15 Arbitrary.Backup.Download HIGH" "all-in-one-wp-migration 7.0 Authenticated.Cross-Site.Scripting.(XSS) CRITICAL" "all-in-one-wp-migration 6.46 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "all-in-one-wp-migration 2.0.5 Unauthenticated.Database.Export HIGH" "absolute-addons No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "api-bing-map-2018 5.0 CSRF MEDIUM" "anac-xml-viewer No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ads-txt-admin No.known.fix Cross-Site.Request.Forgery MEDIUM" "accesspress-twitter-feed No.known.fix Delete.cache.via.CSRF MEDIUM" "accesspress-twitter-feed 1.6.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "ai-for-seo 1.2.10 Missing.Authorization MEDIUM" "avcp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "avcp No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "avcp No.known.fix Cross-Site.Request.Forgery.via.settings.php MEDIUM" "awesome-fitness-testimonials No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "all-in-one-cufon No.known.fix Cross-Site.Request.Forgery MEDIUM" "advanced-options-editor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ableplayer 1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ableplayer 1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.preload.Parameter MEDIUM" "another-wordpress-classifieds-plugin 4.3.2 Cross-Site.Request.Forgery MEDIUM" "another-wordpress-classifieds-plugin 4.3.2 Missing.Authorization MEDIUM" "another-wordpress-classifieds-plugin 4.3.1 Categories.Mgt.via.CSRF MEDIUM" "another-wordpress-classifieds-plugin 4.3 Unauthenticated.SQLi MEDIUM" "all-in-one-wp-migration-dropbox-extension 3.76 Unauthenticated.Access.Token.Update MEDIUM" "acf-blocks 2.6.10 Reflected.Cross-Site.Scripting MEDIUM" "acf-blocks 2.6.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ar-for-wordpress 7.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ar-for-wordpress 7.4 Missing.Authorization.to.Unauthenticated.Limited.File.Upload LOW" "ar-for-wordpress 7.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "auto-login-new-user-after-registration No.known.fix Stored.XSS.via.CSRF HIGH" "auto-login-new-user-after-registration No.known.fix CSRF MEDIUM" "admin-form No.known.fix Authenticated.(Admin+).PHP.Object.Injection HIGH" "admin-form No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "admin-form 1.9.1 Cross-Site.Request.Forgery MEDIUM" "admin-form 1.9.1 Reflected.Cross-Site.Scripting MEDIUM" "all-in-one-wp-security-and-firewall 5.2.7 Cross-Site.Request.Forgery.to.IP.Blocking MEDIUM" "all-in-one-wp-security-and-firewall 5.2.6 Reflected.Cross-Site.Scripting MEDIUM" "all-in-one-wp-security-and-firewall 5.2.5 Protection.Bypass.of.Renamed.Login.Page.via.URL.Encoding MEDIUM" "all-in-one-wp-security-and-firewall 5.2.0 Insecure.Storage.of.Password MEDIUM" "all-in-one-wp-security-and-firewall 5.1.5 Admin+.Stored.XSS LOW" "all-in-one-wp-security-and-firewall 5.1.5 Admin+.Arbitrary.File/Folder.Access.via.Traversal MEDIUM" "all-in-one-wp-security-and-firewall 5.1.3 Configuration.Leak MEDIUM" "all-in-one-wp-security-and-firewall 5.1.1 Bulk.Actions.via.CSRF MEDIUM" "all-in-one-wp-security-and-firewall 5.0.8 IP.Spoofing MEDIUM" "all-in-one-wp-security-and-firewall 4.4.11 Authenticated.Arbitrary.Redirect./.Reflected.XSS LOW" "all-in-one-wp-security-and-firewall 4.4.6 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "all-in-one-wp-security-and-firewall 4.4.4 CSRF.&.XSS LOW" "all-in-one-wp-security-and-firewall 4.4.2 Open.Redirect.&.Hidden.Login.Page.Exposure MEDIUM" "all-in-one-wp-security-and-firewall 4.2.2 Cross-Site.Scripting.(XSS) CRITICAL" "all-in-one-wp-security-and-firewall 4.2.0 Authenticated.Cross-Site.Scripting.(XSS) CRITICAL" "all-in-one-wp-security-and-firewall 4.1.3 Multiple.vulnerabilities.in.login.CAPTCHA MEDIUM" "all-in-one-wp-security-and-firewall 4.0.9 Multiple.SQL.Injections MEDIUM" "all-in-one-wp-security-and-firewall 4.0.7 Multiple.SQL.Injections MEDIUM" "all-in-one-wp-security-and-firewall 4.0.6 XSS MEDIUM" "all-in-one-wp-security-and-firewall 4.0.5 XSS CRITICAL" "auto-translate No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Custom.Font MEDIUM" "auto-load-next-post No.known.fix Cross-Site.Request.Forgery MEDIUM" "amazon-einzeltitellinks No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "add-to-any 1.7.48 Admin+.Stored.Cross-Site.Scripting LOW" "add-to-any 1.7.46 Admin+.Stored.XSS MEDIUM" "allow-php-execute No.known.fix Authenticated.(Editor+).PHP.Code.Injection HIGH" "accredible-certificates No.known.fix Authenticated.(Administrator+).SQL.Injection.via.orderby.Parameter MEDIUM" "accredible-certificates 1.4.9 Admin+.Stored.XSS LOW" "affiliate-solution No.known.fix Admin+.Stored.XSS LOW" "auto-advance-for-gravity-forms 4.5.4 Reflected.Cross-Site.Scripting MEDIUM" "auto-advance-for-gravity-forms 4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "amazonsimpleadmin 1.5.4 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "addify-checkout-fields-manager 1.0.2 Multiple.CSRF MEDIUM" "addons-for-beaver-builder 3.7 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "addons-for-beaver-builder 3.3 Reflected.Cross-Site.Scripting MEDIUM" "addons-for-beaver-builder 2.8.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "auto-featured-image-from-title 2.4 Reflected.Cross-Site.Scripting MEDIUM" "advanced-lazy-load No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "abbs-bing-search No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "amazon-product-price No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "ajax-press No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "allaccessible 1.3.5 Subscriber+.Privilege.Escalation HIGH" "allaccessible 1.3.5 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Option.Update HIGH" "a4-barcode-generator 3.4.11 Missing.Authorization MEDIUM" "a4-barcode-generator 3.4.10 Missing.Authorization MEDIUM" "a4-barcode-generator 3.4.7 Subscriber+.Settings/Profiles.Update,.Templates/Barcodes.Access/Creation/Edition/Deletion MEDIUM" "a4-barcode-generator 3.4.7 Subscriber+.Stored.XSS HIGH" "ar-contactus 1.8.8 Authenticated.Stored.Cross-Site.Scripting CRITICAL" "analytics-cat 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "analytics-cat 1.1.0 Admin+.Stored.Cross-Site.Scripting MEDIUM" "analytics-cat 1.1.0 Settings.Update.via.CSRF MEDIUM" "add-posts-to-pages No.known.fix Contributor+.Stored.XSS MEDIUM" "awesomepress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "anyvar No.known.fix Stored.Cross-Site.Scripting.(XSS) MEDIUM" "advanced-product-labels-for-woocommerce 1.2.3.7 Reflected.Cross-Site.Scripting MEDIUM" "arielbrailovsky-viralad No.known.fix Unauthenticated.SQL.Injection HIGH" "arielbrailovsky-viralad No.known.fix Unauthenticated.SQL.Injection HIGH" "appsero-helper No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "appsero-helper 1.3.3 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "absolute-reviews 1.1.4 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.Criteria.Name MEDIUM" "absolute-reviews 1.0.9 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "access-code-feeder No.known.fix CSRF MEDIUM" "app-ads-txt 1.1.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "app-ads-txt 1.1.7.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advanced-event-manager No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "admin-block-country No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "advanced-dynamic-pricing-for-woocommerce 4.9.5 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "advanced-dynamic-pricing-for-woocommerce 4.9.1 Reflected.Cross-Site.Scripting MEDIUM" "advanced-dynamic-pricing-for-woocommerce 4.1.6 Settings.Import.via.CSRF MEDIUM" "advanced-dynamic-pricing-for-woocommerce 4.1.6 Rule.Type.Migration.via.CSRF MEDIUM" "advanced-dynamic-pricing-for-woocommerce 4.1.4 Settings.Update.via.CSRF MEDIUM" "airpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "airpress No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "animation-addons-for-elementor-pro 1.7 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Plugin.Installation/Activation HIGH" "auto-login-when-resister No.known.fix Settings.Update.via.CSRF MEDIUM" "accurate-form-data-real-time-form-validation No.known.fix Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "admin-columns-pro 5.5.2 Authenticated.Stored.Cross-Site.Scripting.(XSS).in.Custom.Field MEDIUM" "admin-columns-pro 5.5.1 Admin+.Stored.XSS.in.Label LOW" "advanced-most-recent-posts-mod No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "a2-optimized-wp 3.0.5 Data.Collection.Toggle.via.CSRF MEDIUM" "add-to-all No.known.fix Contributor+.Stored.XSS MEDIUM" "ai-assistant-by-10web 1.0.19 Missing.Authorization.to.Arbitrary.Plugin.Installation MEDIUM" "advance-menu-manager 3.1.2 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Change MEDIUM" "advance-menu-manager 3.0.6 Reflected.Cross-Site.Scripting MEDIUM" "advance-menu-manager 3.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advance-menu-manager 3.0.7 Unauthorised.Menu.Creation/Deletion MEDIUM" "advance-menu-manager 3.0 Unauthorised.Menu.Edition.via.CSRF MEDIUM" "all-push-notification No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "all-push-notification No.known.fix Cross-Site.Request.Forgery.to.SQL.Injection MEDIUM" "all-push-notification No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "animated-typed-js-shortcode 2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "auto-scroll-for-reading No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "add-svg-support-for-media-uploader-inventivo No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "admin-bar-dashboard-control 1.2.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "amazon-link No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "article2pdf No.known.fix Multiple.Vulnerabilities CRITICAL" "advanced-dewplayer No.known.fix Missing.Authorization MEDIUM" "abcbiz-addons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "alttext-ai 1.9.94 Missing.Authorization MEDIUM" "alttext-ai 1.5.0 Authenticated.(Subscriber+).SQL.Injection HIGH" "alttext-ai 1.3.5 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "add-link-to-facebook No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "aikit-wordpress-ai-writing-assistant-using-gpt3 No.known.fix Authenticated.(Contributor+).SQL.Injection CRITICAL" "actionwear-products-sync No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "actionwear-products-sync 2.3.3 Unauthenticated.Full.Patch.Disclosure MEDIUM" "addthis 5.0.13 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "ai-content-writing-assistant 1.1.7 CSRF MEDIUM" "ajax-live-search No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ajax-live-search No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "appointmind 4.1.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ads-invalid-click-protection No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "accesspress-instagram-feed 4.0.4 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "add-admin-css No.known.fix Unauthenticated.Full.Path.Dislcosure MEDIUM" "addressbook No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "advanced-forms-pro 1.6.9 Subscriber+.Arbitrary.User.Email.Address.Update.via.IDOR HIGH" "about-me-3000 No.known.fix Administrator.Stored.Cross-Site.Scripting MEDIUM" "about-me-3000 No.known.fix CSRF MEDIUM" "awesome-weather No.known.fix Contributor+.Stored.XSS MEDIUM" "awesome-weather No.known.fix Reflected.Cross-site.Scripting.(XSS) HIGH" "ap-custom-testimonial 1.4.8 Admin+.SQL.Injection MEDIUM" "ap-custom-testimonial 1.4.8 Reflected.Cross-Site.Scripting MEDIUM" "ap-custom-testimonial 1.4.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "afterpay-gateway-for-woocommerce 3.5.1 Reflected.Cross-Site.Scripting MEDIUM" "afterpay-gateway-for-woocommerce 3.5.1 Reflected.Cross-Site.Scripting MEDIUM" "afterpay-gateway-for-woocommerce 3.2.1 Reflected.Cross-Site.Scripting HIGH" "advanced-visual-elements 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "about-rentals No.known.fix Unauthenticated.Actions HIGH" "automatic-internal-links-for-seo 1.2.2 Authenticated.(Administrator+).SQL.Injection.via.post_id.Parameter MEDIUM" "automatic-internal-links-for-seo 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ads-by-datafeedrcom No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ads-by-datafeedrcom 1.2.0 Unauthenticated.Remote.Code.Execution CRITICAL" "admail No.known.fix Missing.Authorization MEDIUM" "academy 2.0.5 Missing.Authorization LOW" "academy 2.0.11 Open.Redirect MEDIUM" "academy 1.9.26 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "academy 1.9.17 Missing.Authorization MEDIUM" "academy 1.9.17 Missing.Authorization MEDIUM" "academy 1.9.20 .Authenticated.(Subscriber+).Privilege.Escalation HIGH" "add-rss No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "add-twitter-pixel 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "affiliate-disclosure-statement No.known.fix Cross-Site.Request.Forgery MEDIUM" "appmaker-woocommerce-mobile-app-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "automatic-featured-images-from-videos 1.2.5 Missing.Authorization MEDIUM" "aparat No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-cf7-db 2.0.3 Missing.Authorization.to.Unauthenticated.Information.Disclosure MEDIUM" "advanced-cf7-db 2.0.3 Sensitive.Information.Exposure MEDIUM" "advanced-cf7-db 1.8.8 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "advanced-cf7-db 1.8.7 Subscriber+.Arbitrary.File.Deletion HIGH" "advanced-cf7-db 1.7.1 SQL.Injection CRITICAL" "alpine-photo-tile-for-pinterest No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "alo-easymail 2.9.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "awsom-news-announcement No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "addify-gift-registry-for-woocommerce 1.1.0 Multiple.CSRF MEDIUM" "animate-it 2.4.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "animate-it 2.3.6 XSS HIGH" "auto-iframe 2.0 Contributor+.XSS.via.Shortcode MEDIUM" "auto-iframe 1.8 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.tag.Parameter MEDIUM" "astra-widgets 1.2.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "astra-widgets 1.2.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-custom-fields-pro 6.3.9 Admin+.Remote.Code.Execution MEDIUM" "advanced-custom-fields-pro 6.3.9 Admin+.Stored.XSS LOW" "advanced-custom-fields-pro 6.3.6 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "advanced-custom-fields-pro 6.3 Contributor+.Custom.Field.Access LOW" "advanced-custom-fields-pro 6.2.10 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "advanced-custom-fields-pro 6.2.10 Authenticated.(Contributor+).Code.Injection CRITICAL" "advanced-custom-fields-pro 6.2.5 Contributor+.Stored.Cross-Site.Scripting.via.Custom.Field MEDIUM" "advanced-custom-fields-pro 6.1.6 Reflected.XSS HIGH" "advanced-custom-fields-pro 5.12.5 Contributor+.PHP.Object.Injection MEDIUM" "advanced-custom-fields-pro 6.1.0 Contributor+.PHP.Object.Injection MEDIUM" "advanced-custom-fields-pro 5.12.3 Unauthenticated.File.Upload MEDIUM" "advanced-custom-fields-pro 5.12.1 Contributor+.Database.Information.Access MEDIUM" "advanced-custom-fields-pro 5.11 Subscriber+.Arbitrary.ACF.Data/Field.Groups.View.and.Fields.Move MEDIUM" "advanced-custom-fields-pro 5.9.1 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "animated-typing-effect 1.3.7 Contributor+.Stored.XSS MEDIUM" "accept-authorize-net-payments-using-contact-form-7 2.3 Unauthenticated.Information.Exposure MEDIUM" "ayyash-studio No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "add-any-extension-to-pages 1.5 Cross-Site.Request.Forgery.via.aaetp_options_page MEDIUM" "acme-fix-images 2.0.0 Subscriber+.Image.Resizing MEDIUM" "add-instagram No.known.fix Admin+.Stored.XSS LOW" "advanced-cf7-database No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "add-custom-body-class No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "allow-php-in-posts-and-pages No.known.fix Authenticated.Remote.Code.Execution.(RCE) CRITICAL" "amp-img-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "appointment-booking-calendar 1.3.93 Cross-Site.Request.Forgery.to.SQL.Injection MEDIUM" "appointment-booking-calendar 1.3.93 Missing.Authorization MEDIUM" "appointment-booking-calendar 1.3.83 CSRF.appointment.scheduling MEDIUM" "appointment-booking-calendar 1.3.70 Feedback.Submission.via.CSRF MEDIUM" "appointment-booking-calendar 1.3.35 CSV.Injection MEDIUM" "appointment-booking-calendar 1.3.35 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "appointment-booking-calendar 1.3.19 Unauthenticated.Stored.XSS MEDIUM" "appointment-booking-calendar 1.1.25 Unauthenticated.SQL.Injection CRITICAL" "appointment-booking-calendar 1.1.24 Unauthenticated.SQL.Injection CRITICAL" "appointment-booking-calendar 1.1.8 Multiple.Reflected.Cross-Site.Scripting.(XSS).and.SQL.Injection HIGH" "ar-for-woocommerce 7.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "advanced-backgrounds No.known.fix Contributor+.Content.Injection LOW" "advanced-backgrounds 1.12.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.imageTag.Parameter MEDIUM" "advanced-schedule-posts No.known.fix Reflected.XSS HIGH" "advanced-blocks-pro No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "ajax-search-lite 4.12.5 Admin+.Stored.XSS LOW" "ajax-search-lite 4.12.4 Admin+.Stored.XSS LOW" "ajax-search-lite 4.12.3 Admin+.Stored.XSS LOW" "ajax-search-lite 4.12.1 Admin+.Stored.XSS LOW" "ajax-search-lite 4.11.5 Reflected.Cross-Site.Scripting HIGH" "ajax-search-lite 4.11.1 Reflected.Cross-Site.Scripting HIGH" "ajax-search-lite 4.11.1 Subscriber+.Sensitive.Data.Disclosure MEDIUM" "aramex-shipping-woocommerce No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "auto-hyperlink-urls No.known.fix Tab.Nabbing MEDIUM" "audio-text No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "attendance-manager No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "attendance-manager 0.5.7 CSRF.&.XSS HIGH" "allada-tshirt-designer-for-woocommerce No.known.fix Missing.Authorization MEDIUM" "ancient-world-linked-data-for-wordpress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "amp-extensions No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "animated-number-counters 2.2 Editor+.Local.File.Inclusion HIGH" "animated-number-counters 1.7 Editor+.Stored.XSS MEDIUM" "auto-robot 3.3.39 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "auxin-elements 2.17.5 Missing.Authorization MEDIUM" "auxin-elements 2.17.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Staff.Widget MEDIUM" "auxin-elements 2.17.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.aux_contact_box.and.aux_gmaps.Shortcodes MEDIUM" "auxin-elements 2.16.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Modern.Heading.and.Icon.Picker.Widgets MEDIUM" "auxin-elements 2.15.8 Contributor+.Stored.XSS.via.Custom.JS MEDIUM" "auxin-elements 2.15.8 Contributor+.Stored.XSS.via.title_tag MEDIUM" "auxin-elements 2.15.6 Contributor+.Stored.XSS.via.Accordion.Widget MEDIUM" "auxin-elements 2.15.8 Contributor+.Stored.XSS.via.aux_timeline.Shortcode MEDIUM" "auxin-elements 2.15.8 Contributor+.Stored.XSS.via.aux_gmaps.Shortcode MEDIUM" "auxin-elements 2.15.8 Contributor+.XSS.via.HTML.Element MEDIUM" "auxin-elements No.known.fix Subscriber+.PHP.Object.Injection HIGH" "auxin-elements 2.15.8 Subscriber+.Template.Import MEDIUM" "auxin-elements 2.15.5 Contributor+.Stored.XSS MEDIUM" "auxin-elements 2.15.0 Unauthenticated.Local.File.Inclusion CRITICAL" "auxin-elements 2.10.7 PHP.Objection.Injection MEDIUM" "auxin-elements 2.9.8 Reflected.Cross-Site-Scripting MEDIUM" "accelerated-mobile-pages 1.1.2 Reflected.Cross-Site.Scripting MEDIUM" "accelerated-mobile-pages 1.0.99.2 Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "accelerated-mobile-pages 1.0.97 Missing.Authorization MEDIUM" "accelerated-mobile-pages 1.0.97 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "accelerated-mobile-pages 1.0.93.2 Authenticated(Contributor+).Arbitrary.Post.Deletion.via.amppb_remove_saved_layout_data MEDIUM" "accelerated-mobile-pages 1.0.93 Unautenticated.Reflected.Cross-Site.Scripting MEDIUM" "accelerated-mobile-pages 1.0.92.1 Authenticated.(Contributor+).Cross-Site.Scripting.via.Shortcode MEDIUM" "accelerated-mobile-pages 1.0.89 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "accelerated-mobile-pages 1.0.77.33 Admin+.Stored.Cross-Site.Scripting LOW" "accelerated-mobile-pages 1.0.77.32 Admin+.Stored.Cross-Site.Scripting LOW" "accelerated-mobile-pages 0.9.97.21 Stored.XSS MEDIUM" "advanced-blog-post-block No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addify-abandoned-cart-recovery 1.2.5 Multiple.CSRF MEDIUM" "accessibility-task-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "add-custom-css-and-js No.known.fix Stored.XSS.via.CSRF HIGH" "addfreestats No.known.fix Admin+.Stored.XSS LOW" "advanced-ads 1.52.2 Authenticated.(Admin+).PHP.Object.Injection HIGH" "advanced-ads 1.52.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Ad.Widget MEDIUM" "advanced-ads 1.32.0 Admin+.Stored.XSS MEDIUM" "advanced-ads 1.17.4 Reflected.XSS.via.Admin.Dashboard MEDIUM" "advanced-control-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "advanced-control-manager No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "auto-limit-posts-reloaded No.known.fix Cross-Site.Request.Forgery MEDIUM" "amr-personalise No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "accordions No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "accordions 2.2.100 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "accordions 2.2.97 Missing.Authorization.to.Authenticated(Contributor+).Post.Duplication MEDIUM" "accordions 2.2.30 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "accordions 2.2.9 Unprotected.AJAX.Action.to.Stored/Reflected.XSS MEDIUM" "address-email-and-phone-validation No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "ari-stream-quiz 1.3.1 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "ari-stream-quiz 1.3.0 Cross-Site.Request.Forgery MEDIUM" "ari-stream-quiz 1.3.0 Cross-Site.Request.Forgery MEDIUM" "ari-stream-quiz 1.3.0 Contributor+.Stored.XSS MEDIUM" "ari-stream-quiz 1.3.3 Contributor+.Content.Injection LOW" "awesome-ssl No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "awesome-ssl No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advanced-access-manager 6.9.21 Reflected.XSS HIGH" "advanced-access-manager 6.9.21 Admin+.Stored.Cross-Site.Scripting MEDIUM" "advanced-access-manager 6.9.19 Open.Redirect MEDIUM" "advanced-access-manager 6.9.19 Contributor+.Stored.XSS MEDIUM" "advanced-access-manager 6.9.16 Contributor+.Stored.XSS MEDIUM" "advanced-access-manager 6.8.0 Admin+.Stored.Cross-Site.Scripting LOW" "advanced-access-manager 6.6.2 Authenticated.Information.Disclosure MEDIUM" "advanced-access-manager 6.6.2 Authenticated.Authorization.Bypass.and.Privilege.Escalation HIGH" "advanced-access-manager 5.9.9 Unauthenticated.Local.File.Inclusion CRITICAL" "advanced-access-manager 3.2.2 Privilege.Escalation HIGH" "art-direction No.known.fix Contributor+.Stored.XSS MEDIUM" "abitgone-commentsafe No.known.fix Settings.Update.to.Stored.XSS.via.CSRF HIGH" "add-customer-for-woocommerce 1.7.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ai-content 1.0.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "autotitle-for-wordpress No.known.fix Settings.Update.to.Stored.XSS.via.CSRF HIGH" "animated-headline No.known.fix Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "advanced-exchange-rates No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "advanced-exchange-rates No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advanced-free-flat-shipping-woocommerce 1.6.4.6 Cross-Site.Request.Forgery MEDIUM" "ark-wysiwyg-comment-editor No.known.fix Iframe.Injection.via.Comment LOW" "auto-excerpt-everywhere No.known.fix Cross-Site.Request.Forgery MEDIUM" "all-in-one-invite-codes 1.0.13 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "add-from-server No.known.fix Authenticated.Path.Traversal.to.Arbitrary.File.Access HIGH" "add-from-server 3.3.2 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "advanced-wp-table No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "advanced-wp-table 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "adwork-media-ez-content-locker No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "alphabetic-pagination 3.2.2 Reflected.Cross-Site.Scripting MEDIUM" "alphabetic-pagination 3.0.8 Unauthenticated.Arbitrary.Option.Update CRITICAL" "article-directory-redux No.known.fix Admin+.Stored.XSS LOW" "advanced-tag-list No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "azonbox No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ait-csv-import-export No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "a-staff No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "a-staff No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "a-staff No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "add-infos-to-the-events-calendar 1.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "add-user-role No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "alpha-price-table-for-elementor No.known.fix Contributor+.Stored.XSS MEDIUM" "automail No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "automail 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "access-category-password No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "april-framework No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Updates MEDIUM" "april-framework No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "april-framework No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "ark-core No.known.fix Unauthenticated.Remote.Code.Execution CRITICAL" "album-and-image-gallery-plus-lightbox 2.1 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "all-custom-fields-groups 1.05 Reflected.Cross-Site.Scripting MEDIUM" "availability No.known.fix Cross-Site.Request.Forgery MEDIUM" "add2fav No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "advanced-typekit No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "automatic-youtube-gallery 2.3.5 Missing.Authorization.via.AJAX.actions MEDIUM" "automatic-youtube-gallery 2.3.3 Reflected.Cross-Site.Scripting MEDIUM" "automatic-youtube-gallery 1.6.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "aforms-eats 1.3.2 Unauthenticated.Full.Path.Disclosure MEDIUM" "advanced-category-and-custom-taxonomy-image 1.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.ad_tax_image.Shortcode MEDIUM" "anonymous-restricted-content 1.6.6 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "anonymous-restricted-content 1.6.3 .Protection.Mechanism.Bypass MEDIUM" "ab-rankings-testing-tool No.known.fix Settings.Update.via.CSRF MEDIUM" "auction-nudge 7.2.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "author-discussion No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "admin-notices-for-team No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "admin-notices-for-team No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "admin-notices-for-team No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "advanced-wp-columns No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "ai-content-pipelines No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "add-local-avatar No.known.fix Cross-Site.Request.Forgery.via.manage_avatar_cache MEDIUM" "addfunc-mobile-detect No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "arforms No.known.fix Directory.Traversal.to.Authenticated.(Subscriber+).Arbitrary.File.Read HIGH" "arforms No.known.fix Missing.Authorization.to.Plugin.Settings.Change MEDIUM" "arforms 6.4.1 Reflected.XSS HIGH" "arforms 6.6 Admin+.Stored.XSS LOW" "arforms 6.6 Unauthenticated.RCE CRITICAL" "arforms 6.4.1 Authenticated.(Subscriber+).SQL.Injection HIGH" "arforms 6.4.1 Missing.Authorization.to.Arbitrary.Plugin.Activation/Deactivation MEDIUM" "arforms 6.4.1 Missing.Authorization.to.Arbitrary.Option.Deletion MEDIUM" "arforms 6.4.1 Reflected.Cross-Site.Scripting MEDIUM" "arforms 6.4.1 Missing.Authorization.to.Arbitrary.File.Deletion HIGH" "arforms 4.0 Unauthenticated.Arbitrary.File.Deletion.via.Traversal HIGH" "arforms 3.5.2 Unauthenticated.Arbitrary.File.Deletion HIGH" "administrator-z 2025.03.30 Authenticated.(Admin+).Directory.Traversal LOW" "administrator-z No.known.fix Contributor+.Stored.XSS MEDIUM" "administrator-z No.known.fix Cross-Site.Request.Forgery MEDIUM" "administrator-z 2025.03.27 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "administrator-z 2024.10.21 Subscriber+.SQL.Injection HIGH" "affiliate-for-woocommerce 4.8.0 Subscriber+.Paypal.Email.Update.via.IDOR MEDIUM" "affiliate-for-woocommerce 4.8.0 Subscriber+.Unauthorised.Actions MEDIUM" "athemes-addons-for-elementor-lite No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "athemes-addons-for-elementor-lite 1.0.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "athemes-addons-for-elementor-lite 1.0.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "athemes-addons-for-elementor-lite 1.0.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "adbuddy-adblocker-detection No.known.fix Admin+.Stored.XSS LOW" "addons-for-visual-composer 3.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addons-for-visual-composer 3.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "addons-for-visual-composer 3.8.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "addons-for-visual-composer 3.6 Contributor+.Stored.XSS MEDIUM" "addons-for-visual-composer 3.3 Reflected.Cross-Site.Scripting MEDIUM" "addons-for-visual-composer 2.9.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "abeta-punchout 1.0.0 Reflected.Cross-Site.Scripting MEDIUM" "abeta-punchout 1.0.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "addify-image-watermark-for-woocommerce 1.0.1 Multiple.CSRF MEDIUM" "age-verification-screen-for-woocommerce 1.1.0 Reflected.Cross-Site.Scripting MEDIUM" "age-verification-screen-for-woocommerce 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "auto-post-thumbnail 4.1.3 Missing.Authorization MEDIUM" "auto-post-thumbnail No.known.fix Authenticated.(Author+).Server-Side.Request.Forgery MEDIUM" "auto-post-thumbnail 4.1.4 Author+.SSRF MEDIUM" "auto-post-thumbnail 3.9.16 Author+.Arbitrary.File.Upload CRITICAL" "auto-post-thumbnail 3.9.3 Reflected.Cross-Site.Scripting HIGH" "auto-keyword-backlink No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "addonskit-for-elementor 1.1.7 Contributor+.Stored.XSS MEDIUM" "adifier-system 3.1.8 Unauthenticated.Arbitrary.Password.Reset CRITICAL" "activecampaign-subscription-forms 8.1.17 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "activecampaign-subscription-forms 8.1.15 Authenticated.(Administrator+).Server-Side.Request.Forgery MEDIUM" "activecampaign-subscription-forms 8.1.12 Contributor+.Stored.XSS MEDIUM" "activecampaign-subscription-forms 8.0.2 Cross-Site.Request.Forgery.in.Settings HIGH" "advanced-woo-search 3.29 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.aws_search_terms.Shortcode MEDIUM" "advanced-woo-search 2.97 Reflected.Cross-Site.Scripting MEDIUM" "advanced-woo-search 2.78 Admin+.Stored.Cross-Site.Scripting MEDIUM" "advanced-woo-search 2.00 SQL.query.leak.in.ajax.search NONE" "attributes-for-blocks 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.attributesForBlocks.Parameter MEDIUM" "all-404-redirect-to-homepage 2.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "all-404-redirect-to-homepage 1.21 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "accounting-for-woocommerce 1.6.9 Unauthenticated.Local.File.Inclusion CRITICAL" "accounting-for-woocommerce 1.6.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "accounting-for-woocommerce 1.6.7 Reflected.Cross-Site.Scripting MEDIUM" "advanced-what-should-we-write-about-next No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "advanced-what-should-we-write-about-next No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "automatic-user-roles-switcher 1.1.2 Subscriber+.Privilege.Escalation HIGH" "additional-order-filters-for-woocommerce 1.22 Reflected.Cross-Site.Scripting MEDIUM" "additional-order-filters-for-woocommerce 1.12 Reflected.XSS HIGH" "amazon-associate-filter No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "assistant 1.5.1.1 Authenticated.(Editor+).PHP.Object.Injection HIGH" "assistant 1.4.9.2 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "assistant 1.4.4 Editor+.SSRF MEDIUM" "anspress-question-answer 4.3.2 Editor+.Stored.XSS MEDIUM" "add-widget-after-content 2.5 Admin+.Stored.XSS LOW" "ai-image 1.5.3 Unauthenticated.Arbitrary.File.Upload CRITICAL" "alt-manager 1.6.2 Missing.Authorization MEDIUM" "alt-manager 1.5.7 Reflected.Cross-Site.Scripting MEDIUM" "alt-manager 1.5.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "atarapay-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "auto-ftp No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "aw-woocommerce-kode-pembayaran No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "admire-extra 1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "analytics-insights 6.3 Open.Redirect MEDIUM" "aumenu No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "appointment-calendar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "appointment-calendar No.known.fix CSRF MEDIUM" "avalex 3.0.9 Missing.Authorization MEDIUM" "avalex 3.0.4 Admin+.Stored.XSS LOW" "advanced-post-list No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "add-fields-to-checkout-page-woocommerce 1.3.2 Missing.Authorization MEDIUM" "add-fields-to-checkout-page-woocommerce 1.3.1 Cross-Site.Request.Forgery MEDIUM" "add-fields-to-checkout-page-woocommerce 1.3.2 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "add-fields-to-checkout-page-woocommerce 1.3.0 Reflected.Cross-Site.Scripting MEDIUM" "add-fields-to-checkout-page-woocommerce 1.2.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "add-custom-content-after-post No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ai-quiz No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "ai-quiz No.known.fix Missing.Authorization MEDIUM" "autolinks No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "add-edit-delete-listing-for-member-module No.known.fix SQL.Injection HIGH" "acymailing 9.11.1 Reflected.Cross-Site.Scripting MEDIUM" "acymailing 9.8.0 Authenticated.(Subscriber+).Arbitrary.File.Upload.via.acym_extractArchive.Function HIGH" "acymailing 8.6.3 Reflected.XSS HIGH" "acymailing 7.5.0 Open.Redirect MEDIUM" "apexchat 1.3.2 Admin+.Stored.XSS LOW" "aa-calculator No.known.fix Reflected.Cross-Site.Scripting.via.invoice MEDIUM" "add-pinterest-conversion-tags 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "add-pinterest-conversion-tags 1.0.2 Subscriber+.Arbitrary.Option.Update CRITICAL" "advanced-floating-content-lite 1.2.6 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-floating-content-lite 1.2.2 Contributor+.XSS MEDIUM" "ajax-random-posts No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "activecampaign-for-woocommerce 1.9.8 Subscriber+.Error.Log.Cleanup MEDIUM" "at-internet No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "advanced-menu-widget No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "acf-better-search 3.3.1 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "add-ribbon No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "avartan-slider-lite No.known.fix Reflected.XSS HIGH" "auto-date-year-month 2.0.2 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "auto-date-year-month 1.1.5 Reflected.Cross-Site.Scripting MEDIUM" "author-avatars 2.1.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "author-avatars 2.1.22 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "author-avatars 2.1.19 Contributor+.Stored.XSS MEDIUM" "all-in-menu No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "altima-lookbook-free-for-woocommerce No.known.fix Refletced.Cross-Site.Scripting MEDIUM" "ays-facebook-popup-likebox 3.7.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ays-facebook-popup-likebox 3.6.1 Reflected.Cross-Site.Scripting MEDIUM" "ays-facebook-popup-likebox 3.5.3 Page.Plugin.<.3.5.3.-.Authenticated.Blind.SQL.Injections HIGH" "ays-facebook-popup-likebox 3.5.3 Reflected.Cross-Site.Scripting.(XSS) HIGH" "add-product-frontend-for-woocommerce No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Content.Deletion MEDIUM" "announcekit No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "ab-press-optimizer-lite No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "api-key-for-google-maps 1.2.2 Arbitrary.API.Key.Update.via.CSRF MEDIUM" "admin-user-search No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "accesspress-anonymous-post No.known.fix Contributor+.Arbitrary.Redirect LOW" "accesspress-anonymous-post 2.8.1 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "awesome-studio No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ads-for-wp 1.9.29 Cross-Site.Request.Forgery MEDIUM" "advanced-post-search No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "all-in-one-redirection No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "all-in-one-redirection No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "all-in-one-redirection 2.2.0 Admin+.SQLi MEDIUM" "advanced-text-widget No.known.fix Admin+.Stored.XSS LOW" "addify-product-dynamic-pricing-and-discounts No.known.fix Multiple.CSRF MEDIUM" "accesspress-social-share 4.5.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "admin-menu-manager No.known.fix Cross-Site.Request.Forgery MEDIUM" "ari-cf7-connector 1.2.3 Cross-Site.Request.Forgery MEDIUM" "ari-cf7-connector 1.2.3 Reflected.XSS HIGH" "ap-google-maps No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "addify-order-approval-woocommerce 1.1.0 Multiple.CSRF MEDIUM" "aceide No.known.fix Authenticated.(admin+).Arbitrary.File.Access MEDIUM" "autocomplete-location-field-contact-form-7 3.0 Admin+.Store.Cross-Site.Scripting LOW" "apa-register-newsletter-form No.known.fix Cross-Site.Request.Forgery.to.SQL.Injection HIGH" "astra-sites 4.4.10 Cross-Site.Request.Forgery MEDIUM" "astra-sites 4.4.1 Author+.Stored.XSS MEDIUM" "astra-sites 4.2.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "astra-sites 4.1.7 Contributor+.Server-Side.Request.Forgery MEDIUM" "astra-sites 3.2.6 Incorrect.Authorization MEDIUM" "astra-sites 3.2.5 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "astra-sites 3.1.21 Settings.Update.via.CSRF MEDIUM" "astra-sites 2.7.1 Contributor+.Block.Import.to.Stored.XSS HIGH" "anything-popup No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "anti-spam 7.3.8 Missing.Authorization MEDIUM" "anti-spam 7.3.1 Protection.Bypass.due.to.IP.Spoofing MEDIUM" "adamrob-parallax-scroll 2.1 Cross-Site.Scripting.(XSS) MEDIUM" "auth0 4.6.1 Reflected.Cross-Site.Scripting.via.wle MEDIUM" "auth0 4.0.0 Multiple.Vulnerabilities CRITICAL" "auth0 3.11.3 Unauthenticated.Reflected.XSS.via.wle.Parameter MEDIUM" "advanced-google-recaptcha 1.30 Authenticated.(Subscriber+).Limited.SQL.Injection.via.'sSearch'.Parameter MEDIUM" "advanced-google-recaptcha 1.28 Built-in.Math.CAPTCHA.Bypass MEDIUM" "advanced-google-recaptcha 1.26 Brute.Force.Protection.IP.Unblock LOW" "ai-seo-translator 1.6.3 Cross-Site.Request.Forgery.via.update_integration_option MEDIUM" "amazing-neo-icon-font-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "adirectory 2.3.5 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Deletion MEDIUM" "adirectory 1.9 Unauthenticated.PHP.Object.Injection HIGH" "adirectory 1.3.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "auto-more-tag No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "aspose-doc-exporter No.known.fix Missing.Authorization MEDIUM" "aspose-doc-exporter 2.0 Unauthenticated.Arbitrary.File.Download HIGH" "author-box-after-posts No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blur-text 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "browser-and-operating-system-finder No.known.fix Unauthenticated.Settings.Reset MEDIUM" "browser-and-operating-system-finder No.known.fix Unauthenticated.Arbitrary.Settings.Update.to.Stored.XSS HIGH" "bng-gateway-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bng-gateway-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bng-gateway-for-woocommerce No.known.fix CSRF.Bypass MEDIUM" "bbpress 2.6.12 Cross-Site.Request.Forgery.to.Limited.Privilege.Escalation MEDIUM" "bbpress 2.6.5 Unauthenticated.Privilege.Escalation.when.New.User.Registration.enabled CRITICAL" "bbpress 2.6.5 Authenticated.Stored.Cross-Site.Scripting.via.the.forums.list.table MEDIUM" "bbpress 2.6.5 Authenticated.Privilege.Escalation.via.the.Super.Moderator.feature HIGH" "bbpress 2.6.0 Subscriber+.Stored.Cross-Site.Scripting.via.Post.Slug MEDIUM" "brand-my-footer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blrt-wp-embed No.known.fix Reflected.Cross-Site.Scripting HIGH" "blrt-wp-embed No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "bandsintown 1.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "backupbuddy 8.8.3 Multiple.Reflected.Cross-Site.Scripting HIGH" "backupbuddy 8.7.5 Unauthenticated.Arbitrary.File.Access HIGH" "broken-link-checker 2.4.2 Admin+.SSRF MEDIUM" "broken-link-checker 2.4.1 Reflected.XSS HIGH" "broken-link-checker 2.2.4 Admin+.Stored.Cross-Site.Scripting LOW" "broken-link-checker 1.11.20 Admin+.Cross-Site.Scripting LOW" "broken-link-checker 1.11.17 Admin+.PHAR.Deserialization MEDIUM" "broken-link-checker 1.11.9 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "broken-link-checker 1.10.9 Unauthenticated.Stored.XSS MEDIUM" "bp-wc-vendors No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bp-wc-vendors No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bbp-core 1.2.6 Reflected.Cross-Site.Scripting.via.add_query_arg.Parameter MEDIUM" "booking-system-trafft 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bnfw 1.7 Reflected.Cross-Site.Scripting MEDIUM" "bnfw 1.9.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "bnfw 1.8.7 Email.Address.Disclosure MEDIUM" "buttons-x No.known.fix Buttons.X.<=.0.8.6.-.Contributor+.Stored.XSS MEDIUM" "booking-weir No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "booking-weir 1.0.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "broken-links-remover No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "bulk-edit-events 1.1.21 Reflected.Cross-Site.Scripting MEDIUM" "bulk-edit-events 1.1.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "beerxml-shortcode 0.8 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "booking-sms 1.1.0 Cross-Site.Scripting.(XSS) MEDIUM" "beds24-online-booking 2.0.29 Contributor+.Local.File.Inclusion HIGH" "beds24-online-booking 2.0.28 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "beds24-online-booking 2.0.28 Contributor+.Stored.XSS.via.beds24-link.Shortcode MEDIUM" "beds24-online-booking 2.0.26 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "beds24-online-booking 2.0.24 Authenticated(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "beds24-online-booking 2.0.25 Contributor+.Stored.XSS MEDIUM" "bverse-convert No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "buddyforms-anonymous-author 1.1 Reflected.Cross-Site.Scripting MEDIUM" "bigbluebutton No.known.fix Reflected.XSS HIGH" "bigbluebutton 2.2.4 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "bulk-role-change No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Privilege.Escalation HIGH" "bigmart-elements No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blog2social 8.4.0 Contributor+.Stored.XSS MEDIUM" "blog2social 7.5.5 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.File.Upload MEDIUM" "blog2social 7.4.2 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "blog2social 7.5.0 Information.Exposure MEDIUM" "blog2social 7.2.1 Reflected.XSS HIGH" "blog2social 6.9.12 Subscriber+.Settings.Update MEDIUM" "blog2social 6.9.10 Subscriber+.SSRF MEDIUM" "blog2social 6.9.10 Subscriber+.SQLi HIGH" "blog2social 6.8.7 Reflected.Cross-Site.Scripting HIGH" "blog2social 6.3.1 Authenticated.SQL.Injection CRITICAL" "blog2social 5.9.0 Cross-Site.Scripting.Issue MEDIUM" "blog2social 5.6.0 SQL.Injection CRITICAL" "blog2social 5.0.3 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "booking-calendar-and-notification No.known.fix Authentication.Bypass CRITICAL" "booking-calendar-and-notification No.known.fix Unauthenticated.SQL.Injection HIGH" "booking-calendar-and-notification No.known.fix Missing.Authorization.via.wpcb_all_bookings,.wpcb_update_booking_post,.and.wpcb_delete_posts.Functions MEDIUM" "bbspoiler 2.02 Contributor+.Stored.XSS MEDIUM" "button 1.1.28 Contributor+.PHP.Object.Injection.in.button_shortcode MEDIUM" "button 1.1.24 Admin+.Stored.XSS LOW" "bus-ticket-booking-with-seat-reservation 5.4.4 Cross-Site.Request.Forgery MEDIUM" "bus-ticket-booking-with-seat-reservation 5.3.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "bus-ticket-booking-with-seat-reservation 5.2.6 Unauthenticated.Cross-Site.Scripting HIGH" "bus-ticket-booking-with-seat-reservation 5.2.4 Reflected.XSS HIGH" "bitformpro No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "bitformpro No.known.fix Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "bitformpro No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update HIGH" "bitformpro No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "blog-filter 1.5.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "bestbooks No.known.fix Unauthenticated.SQLi HIGH" "back-to-the-top-button 2.1.7 Admin+.Stored.XSS LOW" "bb-ultimate-addon 1.35.15 Contributor+.Privilege.Escalation HIGH" "bb-ultimate-addon 1.35.14 Contributor+.Arbitrary.File.Download MEDIUM" "booster-elite-for-woocommerce 7.1.8 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "booster-elite-for-woocommerce 7.1.2 .Missing.Authorization.to.Order.Information.Disclosure MEDIUM" "booster-elite-for-woocommerce 7.1.3 Subscriber+.Content.Injection MEDIUM" "booster-elite-for-woocommerce 6.0.1 Multiple.CSRF MEDIUM" "booster-elite-for-woocommerce 6.0.0 Reflected.Cross-Site.Scripting HIGH" "booster-elite-for-woocommerce 1.1.8 Custom.Role.Creation/Deletion.via.CSRF MEDIUM" "booster-elite-for-woocommerce 1.1.7 ShopManager+.Arbitrary.File.Download MEDIUM" "booster-elite-for-woocommerce 1.1.7 Checkout.Files.Deletion.via.CSRF LOW" "booster-elite-for-woocommerce 1.1.3 Subscriber+.Order.Status.Update MEDIUM" "buy-one-click-woocommerce No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Export MEDIUM" "buy-one-click-woocommerce No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Order.Deletion MEDIUM" "buy-one-click-woocommerce No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Import MEDIUM" "better-comments 1.5.6 Subscriber+.Stored.XSS HIGH" "better-comments 1.5.6 Admin+.Stored.XSS LOW" "better-comments 1.5.4 Reflected.Cross-Site.Scripting MEDIUM" "better-comments 1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buddyforms-hook-fields 1.3.2 Reflected.Cross-Site.Scripting MEDIUM" "breadcrumbs-shortcode 1.45 Reflected.Cross-Site.Scripting MEDIUM" "bvd-easy-gallery-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bricksbuilder 1.9.9 Insecure.Direct.Object.Reference MEDIUM" "bauernregeln No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "blockonomics-bitcoin-payments 3.5.8 Reflected.Cross-Site.Scripting HIGH" "blockonomics-bitcoin-payments 3.3 Blockonomics.<.3.3.-.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "browser-caching-with-htaccess No.known.fix Cross-Site.Request.Forgery MEDIUM" "bp-user-profile-reviews 2.7.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "boo-recipes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bwp-google-xml-sitemaps No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "borderless 1.6.3 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.Upload MEDIUM" "borderless 1.6.1 Authenticated.(Administrator+).Remote.Code.Execution HIGH" "borderless 1.6.0 Missing.Authorization.to.Icon.Font.Deletion MEDIUM" "borderless 1.5.9 Editor+.Stored.XSS MEDIUM" "borderless 1.5.4 Widgets,.Elements,.Templates.and.Toolkit.for.Elementor.&.Gutenberg.<.1.5.4.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "borderless 1.5.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "borderless 1.4.9 Admin+.Stored.XSS LOW" "bws-google-maps 1.3.6 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "bebetter-social-icons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "buooy-sticky-header No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "brute-force-login-protection No.known.fix Arbitrary.IP.Removal/Add.via.CSRF MEDIUM" "before-after-image-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "billingo 3.4.0 ShopManager+.Stored.XSS MEDIUM" "buddy-press-force-password-change No.known.fix Subscriber+.Account.Takeover.via.Password.Update MEDIUM" "buddypress-check-ins-pro 1.4.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "bwd-elementor-addons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bwd-elementor-addons 4.3.19 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Elementor.Templates MEDIUM" "brutebank 1.9 WP.Security.&.Firewall.<.1.9.-.Settings.Update.via.CSRF MEDIUM" "blockington No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "buddypress-giphy 1.5.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "booking-system No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "booking-system No.known.fix Missing.Authorization MEDIUM" "booking-system 2.9.9.5.2 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "booking-system No.known.fix Stored.XSS.via.CSRF HIGH" "booking-system 2.9.9.5.1 Authenticated.(Subscriber+).SQL.Injection HIGH" "booking-system 2.9.9.4.8 Admin+.Stored.XSS LOW" "booking-system 2.9.9.4.1 Arbitrary.Settings.Update.via.CSRF MEDIUM" "booking-system 2.9.9.2.9 Admin+.Stored.XSS LOW" "booking-system 2.9.9.2.9 Subscriber+.SQLi HIGH" "booking-system 2.1 Authenticated.Blind.SQL.Injection HIGH" "buddyforms-attach-posts-to-groups-extension 1.2.4 Reflected.Cross-Site.Scripting MEDIUM" "bee-layer-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "browser-address-bar-color No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "bp-messages-tool 2.5 Reflected.Cross-Site.Scripting MEDIUM" "bread-butter 7.5.880 Contributor+.Stored.XSS MEDIUM" "better-user-shortcodes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "boom-fest 2.2.2 Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Settings.Update MEDIUM" "book-press No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "book-press No.known.fix Missing.Authorization MEDIUM" "book-press 1.2.4 Reflected.Cross-Site.Scripting MEDIUM" "book-press 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "business No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bp-activity-plus-reloaded 1.1.2 Authenticated.(Subscriber+).Blind.Server-Side.Request.Forgery MEDIUM" "bne-gallery-extended 1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.gallery.Shortcode MEDIUM" "bulk-noindex-nofollow-toolkit-by-mad-fish 2.20 Reflected.Cross-Site.Scripting MEDIUM" "bulk-noindex-nofollow-toolkit-by-mad-fish 2.16 Reflected.Cross-Site.Scripting MEDIUM" "bulk-noindex-nofollow-toolkit-by-mad-fish 2.10 Reflected.Cross-Site.Scripting.via.tab,.order,.and.orderby MEDIUM" "bulk-noindex-nofollow-toolkit-by-mad-fish 1.5 Reflected.XSS HIGH" "bulk-noindex-nofollow-toolkit-by-mad-fish 1.51 Missing.Authorization MEDIUM" "biteship 2.2.25 Reflected.Cross-Site.Scripting.via.biteship_error.and.biteship_message MEDIUM" "biteship 2.2.28 Shop.manager+.Stored.XSS MEDIUM" "biteship 2.2.25 Reflected.Cross-Site.Scripting HIGH" "badr-naver-syndication No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "bulletin-announcements 3.12 Reflected.Cross-Site.Scripting HIGH" "bulletin-announcements 3.9.0 Authenticated.(Administrator+).SQL.Injection HIGH" "bulletin-announcements 3.8.0 Reflected.Cross-Site.Scripting MEDIUM" "bulletin-announcements 3.7.1 Cross-Site.Request.Forgery MEDIUM" "bulletin-announcements 3.7.0 Subscriber+.Unauthorized.Access.and.Modification MEDIUM" "bulletin-announcements 3.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "booking-package 1.6.73 Reflected.Cross-Site.Scripting.via.Locale.Parameter MEDIUM" "booking-package 1.6.29 Unauthenticated.Price.Manipulation MEDIUM" "booking-package 1.6.02 Reflected.XSS HIGH" "booking-package 1.5.29 Unauthenticated.Sensitive.Data.Disclosure HIGH" "booking-package 1.5.11 Reflected.Cross-Site.Scripting MEDIUM" "backup 2.0.9.9 Directory.Listing.Exposing.Backups HIGH" "backup 1.6.9.1 Admin+.Stored.XSS LOW" "backup 1.6.0 Authenticated.Arbitrary.File.Upload CRITICAL" "backup 1.4.1 Subscriber+.Sensitive.Information.Disclosure MEDIUM" "backup 1.4.1 Subscriber+.Arbitrary.Backup.Location.Update MEDIUM" "backup 1.4.0 Arbitrary.File.Upload.via.CSRF HIGH" "backup 1.1.47 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "backup 1.0.3 Authenticated.Arbitrary.File.Upload CRITICAL" "browser-theme-color No.known.fix Cross-Site.Request.Forgery.via.btc_settings_page MEDIUM" "bmlt-meeting-map No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bmlt-meeting-map 2.6.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "bamboo-columns No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bws-linkedin 1.0.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "bg-patriarchia-bu No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "business-card-block 1.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bybrick-accordion No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bulgarisation-for-woocommerce 3.0.15 Cross-Site.Request.Forgery HIGH" "bulgarisation-for-woocommerce 3.0.15 Missing.Authorization HIGH" "bulk-page-creator 1.1.4 Arbitrary.Page.Creation.via.CSRF MEDIUM" "beautiful-link-preview No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "bukza 2.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "book-buyback-prices No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "book-buyback-prices No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buddyforms-posts-to-posts-integration 1.1.4 Reflected.Cross-Site.Scripting MEDIUM" "bknewsticker No.known.fix Cross-Site.Request.Forgery MEDIUM" "bulk-block-converter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bp-check-in 1.9.4 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "blobinator 2.3 Unauthorised.AJAX.call.via.CSRF MEDIUM" "better-robots-txt 1.4.6 Cross-Site.Request.Forgery MEDIUM" "better-robots-txt 1.4.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "better-robots-txt 1.2.6 Subscriber+.Arbitrary.Option.Update CRITICAL" "b-banner-slider No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "bizcalendar-web 1.1.0.35 Authenticated.(Administrator+).SQL.Injection MEDIUM" "bizcalendar-web 1.1.0.26 Reflected.XSS HIGH" "bcorp-shortcodes No.known.fix .Unauthenticated.PHP.Object.Injection CRITICAL" "basepress 2.16.3.4 Missing.Authorization.to.Authenticated.(Subscriber+).Database.Update MEDIUM" "basepress 2.16.2.1 Missing.Authorization MEDIUM" "basepress 2.16.2.1 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "basepress 2.15.14 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bit-assist 1.5.5 Unauthenticated.Path.Traversal MEDIUM" "bit-assist 1.5.3 Subscriber+.Arbitrary.File.Read.via.fileID.Parameter MEDIUM" "bit-assist 1.5.3 Authenticated.(Subscriber+).SQL.Injection.via.id.Parameter MEDIUM" "bit-assist 1.5.3 Admin+.Arbitrary.File.Read MEDIUM" "bit-assist 1.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "bit-assist 1.1.9 Admin+.Stored.Cross-Site.Scripting LOW" "backup-database No.known.fix Admin+.Stored.XSS LOW" "bold-pagos-en-linea 3.1.5 Reflected.Cross-Site.Scripting HIGH" "business-profile-reviews No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "buddypress-members-only No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "buddypress-members-only 3.4.9 Improper.Access.Control.to.Sensitive.Information.Exposure.via.REST.API MEDIUM" "badgeos No.known.fix Missing.Authorization MEDIUM" "badgeos No.known.fix Subscriber+.IDOR MEDIUM" "badgeos No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "badgeos No.known.fix Missing.Authorization.in.delete_badgeos_log_entries MEDIUM" "badgeos No.known.fix CSRF MEDIUM" "badgeos 3.7.1.3 Subscriber+.SQLi HIGH" "badgeos 3.7.1 Unauthenticated.SQLi HIGH" "bulk-content-creator No.known.fix Cross-Site.Request.Forgery MEDIUM" "button-generation 3.1.2 Cross-Site.Request.Forgery MEDIUM" "button-generation 3.0 Button.Deletion.via.CSRF MEDIUM" "button-generation 2.3.9 Button.Counter.Reset.via.CSRF MEDIUM" "button-generation 2.3.9 Unauthenticated.Button.Counter.Reset MEDIUM" "button-generation 2.3.6 Cross-Site.Request.Forgery MEDIUM" "button-generation 2.3.5 Reflected.XSS MEDIUM" "button-generation 2.3.4 easily.Button.Builder.<.2.3.4.-.Admin+.Stored.XSS LOW" "button-generation 2.3.3 RFI.leading.to.RCE.via.CSRF HIGH" "best-bootstrap-widgets-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bp-member-type-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "buddypress-profile-pro 2.0.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "buddyforms-review 1.4.8 Reflected.Cross-Site.Scripting MEDIUM" "blog-stats-by-w3counter No.known.fix Cross-Site.Request.Forgery MEDIUM" "bitspecter-suite 1.1.0 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "bannerman No.known.fix Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "bannerlid No.known.fix Reflected.XSS HIGH" "blue-wrench-videos-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "booqable-rental-reservations 2.4.16 Admin+.Stored.XSS LOW" "ban-users No.known.fix Subscriber+.Settings.Update.&.Privilege.Escalation.via.Missing.Authorization HIGH" "better-wp-login-page No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "blocks No.known.fix Admin+.Stored.XSS LOW" "blossomthemes-email-newsletter 2.2.7 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "blossomthemes-email-newsletter 2.2.5 Missing.Authorization MEDIUM" "bulletproof-security 6.1 Admin+.Stored.Cross-Site.Scripting LOW" "bulletproof-security 5.8 Admin+.Stored.Cross-Site.Scripting.(XSS) LOW" "bulletproof-security 5.2 Sensitive.Information.Disclosure MEDIUM" "bulletproof-security .53.4 Multiple.XSS.Vulnerabilities MEDIUM" "benchmark-email-lite 4.2 Cross-Site.Request.Forgery.via.page_settings() MEDIUM" "bstone-demo-importer No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Privilege.Escalation HIGH" "blogpost-widgets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "buddypress-hashtags 2.7.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "buymeacoffee 3.7 Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "buymeacoffee 3.8 Cross-Site.Request.Forgery HIGH" "buymeacoffee 3.8 Subscriber+.Unauthorized.Data.Modification HIGH" "buymeacoffee 3.7 Admin+.Stored.XSS LOW" "bootstrap-shortcodes No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "buddyforms-members 1.4.12 Reflected.Cross-Site.Scripting MEDIUM" "book-a-place No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "better-wlm-api 1.1.5 Reflected.Cross-Site.Scripting MEDIUM" "better-wlm-api 1.1.4 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "blog-designer-pack 4.0.1 Unauthenticated.Local.File.Inclusion CRITICAL" "blog-designer-pack 3.4.2 Unauthenticated.Remote.Code.Execution.via.Local.File.Inclusion HIGH" "blog-designer-pack 3.4.1 Reflected.Cross-Site.Scripting MEDIUM" "blog-designer-pack 3.3 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "blog-designer-pack 2.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bwl-advanced-faq-manager 2.1.5 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Arbitrary.Options.Update HIGH" "bwl-advanced-faq-manager 2.0.4 Authenticated.(Administrator+).SQL.Injection CRITICAL" "beepress No.known.fix Cross-Site.Request.Forgery.via.beepress-pro.php MEDIUM" "bp-email-assign-templates No.known.fix Missing.Authorization.to.Authorization.Bypass MEDIUM" "bp-email-assign-templates 1.7 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "bp-email-assign-templates 1.6 Reflected.XSS HIGH" "block-referer-spam 1.1.9.5 Admin+.Stored.XSS LOW" "booking-calendar 3.2.20 Reflected.Cross-Site.Scripting.via.'calendar_id' MEDIUM" "booking-calendar 3.2.20 Authenticated.(Contributor+).SQL.Injection MEDIUM" "booking-calendar 3.2.16 Unauthenticated.Stored.Cross-Site.Scripting.via.SVG.File.Upload HIGH" "booking-calendar 3.2.12 Admin+.SQLi MEDIUM" "booking-calendar 3.2.9 Multiple.Authenticated(Editor+).SQL.Injection HIGH" "booking-calendar 3.2.8 Admin+.SQLi MEDIUM" "booking-calendar 3.2.4 Editor+.Stored.XSS LOW" "booking-calendar 3.2.4 Form.Creation/Update/Deletion/Duplication.via.CSRF MEDIUM" "booking-calendar 3.2.2 Unauthenticated.Arbitrary.File.Upload CRITICAL" "booking-calendar 2.2.3 Parameters.Tampering.Allowing.Arbitrary.Prices.Change HIGH" "booking-calendar 2.1.8 Authenticated.Stored.XSS.&.CSRF HIGH" "betterlinks 2.1.8 Authenticated.(Administrator+).SQL.Injection MEDIUM" "betterlinks 1.6.1 Improper.Authorization.to.Data.Import.and.Export MEDIUM" "betterlinks 1.2.6 Admin+.Stored.Cross-Site.Scripting LOW" "boot-modal 1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "banner-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "booking-manager 2.1.6 Authenticated(Contributor+).SQL.Injection.via.Shortcode HIGH" "booking-manager 2.0.29 Subscriber+.SSRF MEDIUM" "booking-calendar-pro-payment 21.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "builder-style-manager 0.7.7 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "banner-garden No.known.fix Reflected.XSS HIGH" "better-search-tmc No.known.fix Folders.Disclosure.via.Outdated.jQueryFileTree.Library MEDIUM" "badgearoo No.known.fix Reflected.XSS HIGH" "badgearoo No.known.fix Admin+.Stored.XSS LOW" "build-app-online No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "build-app-online No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "build-app-online No.known.fix Cross-Site.Request.Forgery MEDIUM" "build-app-online 1.0.21 Subscriber+.Privilege.Escalation HIGH" "build-app-online 1.0.22 Unauthenticated.Account.Takeover.via.Weak.Password.Reset.Mechanism CRITICAL" "build-app-online 1.0.19 Unauthenticated.SQL.Injection HIGH" "buddymeet 2.3.0 Contributor+.Stored.XSS MEDIUM" "bookalet No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bootstrap-collapse No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "bdthemes-element-pack 7.9.1 Addon.for.Elementor.Page.Builder.WordPress.Plugin.<.7.9.1.-.Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Wrapper.Link.URL MEDIUM" "bdthemes-element-pack 7.19.3 Contributor+.Arbitrary.File.Read.and.PHAR.Deserialization CRITICAL" "backupwordpress 3.14 Admin+.Directory.Traversal LOW" "backupwordpress 3.13 Subscriber+.Backup.Disclosure MEDIUM" "bookly-responsive-appointment-booking-tool 23.3 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.Color.Profile.Parameter MEDIUM" "bookly-responsive-appointment-booking-tool 22.5 Admin+.Stored.XSS LOW" "bookly-responsive-appointment-booking-tool 22.4 Admin+.SQLi MEDIUM" "bookly-responsive-appointment-booking-tool 21.8 Admin+.Stored.Cross-Site.Scripting.via.service.titles MEDIUM" "bookly-responsive-appointment-booking-tool 21.6 Unauthenticated.Stored.XSS HIGH" "bookly-responsive-appointment-booking-tool 20.3.1 Staff.Member.Stored.Cross-Site.Scripting MEDIUM" "bookly-responsive-appointment-booking-tool 14.5 Bookly.#1.WordPress.Booking.Plugin.(Lite).<.14,5.–.Unauthenticated.Blind.Stored.XSS MEDIUM" "better-sharing 2.0.7 Reflected.Cross-Site.Scripting MEDIUM" "better-sharing 1.7.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "booknetic 4.1.5 Staff.Creation.via.CSRF HIGH" "booknetic No.known.fix Cross-Site.Request.Forgery MEDIUM" "blocks-product-editor-for-woocommerce 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "bulk-woocommerce-category-creator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bulk-woocommerce-category-creator No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bp-activity-filter 2.8.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "bm-builder 3.16.3 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "backtotop No.known.fix Cross-Site.Request.Forgery MEDIUM" "boxers-and-swipers No.known.fix Author+.Stored.XSS MEDIUM" "bp-cover No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "blog-in-blog No.known.fix Editor+.Local.File.Inclusion.via.Shortcode HIGH" "blog-in-blog No.known.fix Editor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "boldgrid-easy-seo 1.6.15 Information.Exposure MEDIUM" "boldgrid-easy-seo 1.6.14 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Meta.Description MEDIUM" "blog-posts-and-category-for-elementor 2.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blog-posts-and-category-for-elementor 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.and.Category.Filter.Widget MEDIUM" "baw-login-logout-menu No.known.fix Contributor+.Stored.XSS.in.Shortcode MEDIUM" "backlink-monitoring-manager No.known.fix Reflected.XSS HIGH" "bdthemes-element-pack-lite 5.10.30 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bdthemes-element-pack-lite 5.10.29 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "bdthemes-element-pack-lite 5.10.15 Addons.for.Elementor.<.5.10.15.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bdthemes-element-pack-lite 5.10.13 Missing.Authorization MEDIUM" "bdthemes-element-pack-lite 5.10.6 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.Lightbox.Widget MEDIUM" "bdthemes-element-pack-lite 5.10.3 Contributor+.Stored.XSS MEDIUM" "bdthemes-element-pack-lite 5.10.3 Contributor+.Stored.XSS MEDIUM" "bdthemes-element-pack-lite 5.10.3 Authenticated.(Contributor+.Stored.Cross-Site.Scripting.via.Open.Map.Widget MEDIUM" "bdthemes-element-pack-lite 5.10.3 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "bdthemes-element-pack-lite 5.10.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Age.Gate MEDIUM" "bdthemes-element-pack-lite 5.10.2 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.Custom.Gallery.Widget MEDIUM" "bdthemes-element-pack-lite 5.7.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bdthemes-element-pack-lite 5.7.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Custom.Gallery.and.Countdown.Widgets MEDIUM" "bdthemes-element-pack-lite 5.7.3 Authenticated.(Contributor+).Arbitrary.File.Read MEDIUM" "bdthemes-element-pack-lite 5.7.7 Contributor+.Stored.XSS.via.title_tag MEDIUM" "bdthemes-element-pack-lite 5.6.12 Contributor+.Stored.XSS MEDIUM" "bdthemes-element-pack-lite 5.6.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bdthemes-element-pack-lite 5.6.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bdthemes-element-pack-lite 5.6.12 Contributor+.Stored.XSS.via.onclick.events MEDIUM" "bdthemes-element-pack-lite 5.6.2 Contributor+.Stored.XSS MEDIUM" "bdthemes-element-pack-lite 5.6.4 Form.Submission.Admin.Email.Bypass MEDIUM" "bdthemes-element-pack-lite 5.6.1 Contributor+.Stored.XSS.via.Panel.Slider.Widget MEDIUM" "bdthemes-element-pack-lite 5.6.1 Contributor+.Stored.XSS.via.Price.List.Widget MEDIUM" "bdthemes-element-pack-lite 5.6.0 Sensitive.Information.Exposure.via..element_pack_ajax_search MEDIUM" "bdthemes-element-pack-lite 5.5.4 Contributor+.Stored.XSS.via.Trailer.Box.Widget MEDIUM" "bdthemes-element-pack-lite 5.3.3 Contributor+.Stored.XSS.via.Custom.Gallery.Widget MEDIUM" "bdthemes-element-pack-lite 5.5.4 Authenticated.(Contributor+).SQL.Injection MEDIUM" "bdthemes-element-pack-lite 5.5.4 Contributor+.Stored.XSS MEDIUM" "bdthemes-element-pack-lite 5.4.12 Missing.Authorization.via.bdt_duplicate_as_draft MEDIUM" "bdthemes-element-pack-lite 5.2.1 Reflected.Cross-Site.Scripting MEDIUM" "barclaycart No.known.fix Unauthenticated.Shell.Upload CRITICAL" "blockons 1.0.8 Reflected.Cross-Site.Scripting MEDIUM" "bulk-categories-assign No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bulk-page-stub-creator 1.2 Reflected.Cross-Site.Scripting HIGH" "bigcommerce No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "bws-testimonials 0.1.9 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "bbp-voting 2.1.11.1 Admin+.Stored.XSS LOW" "bitcoin-faucet No.known.fix Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "big-boom-directory 2.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "buddyforms-woocommerce-form-elements 1.4.4 Reflected.Cross-Site.Scripting MEDIUM" "bp-activity-social-share 3.2.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "better-click-to-tweet 5.10.4 Settings.Update.via.CSRF MEDIUM" "bulk-image-alt-text-with-yoast 1.4.5.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "button-block 1.1.6 Missing.Authorization MEDIUM" "button-block 1.2.0 Contributor+.Stored.XSS MEDIUM" "button-block 1.1.6 Authenticated.(Contributor+).Post.Disclosure.via.Post.Duplication MEDIUM" "button-block 1.1.5 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "brodos-net-onlineshop No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bulk-comment-remove No.known.fix Cross-Site.Request.Forgery.via.brc_admin() MEDIUM" "bulk-me-now No.known.fix Reflected.XSS HIGH" "bulk-me-now No.known.fix Message.Deletion.via.CSRF MEDIUM" "bulk-me-now No.known.fix Stored.XSS.via.Shortcode HIGH" "builder-shortcode-extras No.known.fix Authenticated.(Contributor+).Post.Disclosure MEDIUM" "bookingor No.known.fix Missing.Authorization MEDIUM" "bamazoo-button-generator No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.dgs.Shortcode MEDIUM" "bu-slideshow No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "b-blocks 2.0.1 The.ultimate.block.collection.<.2.0.1.-.Contributor+.Stored.XSS MEDIUM" "business-contact-widget No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "bbs-e-popup No.known.fix Reflected.XSS HIGH" "brozzme-scroll-top No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "bne-testimonials 2.0.8 Contributor+.Stored.XSS MEDIUM" "bunnycdn 2.0.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "baidu-tongji-generator No.known.fix Admin+.Stored.XSS LOW" "business-manager 1.4.6 Admin+.Stored.Cross-Site.Scripting LOW" "bigcontact No.known.fix Cross-Site.Request.Forgery MEDIUM" "beacon-for-helpscout No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bonus-for-woo 5.8.3 Reflected.Cross-Site.Scripting HIGH" "bp-profile-search 5.8 Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "bp-profile-search 5.6 Reflected.Cross-Site.Scripting.via.BPS_FORM MEDIUM" "best-posts-summary No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "better-font-awesome 2.0.4 Contributor+.Stored.XSS MEDIUM" "better-font-awesome 2.0.2 Settings.Update.via.CSRF MEDIUM" "bring-fraktguiden-for-woocommerce 1.11.5 Missing.Authorization MEDIUM" "blogger-image-import No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "bonway-static-block-editor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blaze-online-eparcel-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "binlayerpress No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "bloom 1.1.1 Privilege.Escalation HIGH" "blu-logistics No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "brave-popup-builder 0.7.1 Cross-Site.Request.Forgery MEDIUM" "brave-popup-builder 0.7.0 Admin+.Stored.XSS LOW" "brave-popup-builder 0.6.6 Unauthenticated.Server-Side.Request.Forgery HIGH" "brave-popup-builder 0.6.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "broken-link-finder 2.5.1 Authenticated.(Author+).Blind.Server-Side.Request.Forgery MEDIUM" "broken-link-finder 2.5.0 Missing.Authorization.via.moblc_auth_save_settings MEDIUM" "booking-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "booking-for-woocommerce 4.2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "breaking-news-wp No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "breaking-news-wp No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "bbp-toolkit No.known.fix Cross-Site.Request.Forgery MEDIUM" "bbp-toolkit No.known.fix Reflected.XSS HIGH" "booking-activities 1.15.20 Reflected.Cross-Site.Scripting MEDIUM" "baw-post-views-count No.known.fix Contributor+.Stored.XSS.in.Shortcode MEDIUM" "bot-for-telegram-on-woocommerce No.known.fix Authenticated.(Subscriber+).Telegram.Bot.Token.Disclosure.to.Authentication.Bypass HIGH" "best-css-compiler No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "backup-bolt 1.4.0 Sensitive.Data.Exposure MEDIUM" "backup-bolt 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "blossom-recipe-maker 1.0.8 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "bpmnio No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bulk-add-to-cart-xforwc 1.3.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "buddyboss-media No.known.fix Stored.XSS MEDIUM" "bloglentor-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bo-wc-customer-review-watson No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "beaver-builder-lite-version 2.8.5.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "beaver-builder-lite-version 2.8.4.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "beaver-builder-lite-version 2.8.4.3 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.Button.Widget MEDIUM" "beaver-builder-lite-version 2.8.3.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "beaver-builder-lite-version 2.8.3.7 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.Button.Group.Module MEDIUM" "beaver-builder-lite-version 2.8.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.type.Parameter MEDIUM" "beaver-builder-lite-version 2.8.3.4 Reflected.Cross-Site.Scripting MEDIUM" "beaver-builder-lite-version 2.8.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "beaver-builder-lite-version 2.8.1.3 Contributor+.Stored.Cross-Site.Scripting.via.photo.widget.crop.attribute MEDIUM" "beaver-builder-lite-version 2.8.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "beaver-builder-lite-version 2.8.0.7 Contributor+.Stored.XSS MEDIUM" "beaver-builder-lite-version 2.7.4.5 Contributor+.Stored.Cross-Site.Scripting.via.heading.tag MEDIUM" "beaver-builder-lite-version 2.7.4.3 Contributor+.Stored.XSS MEDIUM" "beaver-builder-lite-version 2.7.4.3 Contributor+.Stored.XSS.via.Icon.Widget MEDIUM" "beaver-builder-lite-version 2.7.4.3 Contributor+.Stored.XSS MEDIUM" "beaver-builder-lite-version 2.7.4.3 Reflected.XSS HIGH" "beaver-builder-lite-version 2.7.4.3 Contributor+.Stored.XSS MEDIUM" "beaver-builder-lite-version 2.7.2.1 Contributor+.Stored.XSS MEDIUM" "beaver-builder-lite-version 2.5.5.3 .Authenticated.Stored.XSS.via.Caption.On.Hover MEDIUM" "beaver-builder-lite-version 2.5.5.3 .Authenticated.Stored.XSS.via.Caption MEDIUM" "beaver-builder-lite-version 2.5.5.3 Authenticated.Stored.XSS.via.Text.Editor MEDIUM" "beaver-builder-lite-version 2.5.5.3 Authenticated.Stored.XSS.via.Image.URL MEDIUM" "beaver-builder-lite-version 2.5.4.4 Subscriber+.Arbitrary.Post.Builder.Layout.Disabling MEDIUM" "bsk-pdf-manager 3.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bsk-pdf-manager 3.4.2 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "bsk-pdf-manager 3.1.2 Admin+.SQL.Injection MEDIUM" "bsk-pdf-manager 2.9.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "bsk-pdf-manager 1.5 Multiple.Authenticated.SQL.Injections CRITICAL" "booking-and-rental-manager-for-woocommerce No.known.fix Missing.Authorization MEDIUM" "booking-and-rental-manager-for-woocommerce 2.2.9 Missing.Authorization MEDIUM" "booking-and-rental-manager-for-woocommerce 2.2.9 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "booking-and-rental-manager-for-woocommerce 2.2.7 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "booking-and-rental-manager-for-woocommerce 2.2.2 Missing.Authorization MEDIUM" "booking-and-rental-manager-for-woocommerce 2.2.2 Reflected.Cross-Site.Scripting MEDIUM" "booking-and-rental-manager-for-woocommerce 1.2.2 Admin+.Stored.XSS LOW" "breakdance 2.0.0 Missing.Authorization MEDIUM" "breakdance 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "breakdance 1.7.2 Authenticated.(Contributor+).Remote.Code.Execution HIGH" "breakdance 1.7.1 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.custom.postmeta MEDIUM" "bmo-expo No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "better-search 3.3.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "better-search 2.5.3 Cross-Site.Request.Forgery MEDIUM" "better-search 2.5.3 CSRF.Nonce.Bypass.in.Import/Export MEDIUM" "better-search 2.2.3 Unauthenticated.SQL.Injection CRITICAL" "better-search 1.3.5 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "better-search 1.3 admin.inc.php.Setting.Manipulation.CSRF MEDIUM" "buybox-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "background-takeover 4.1.5 Directory.Traversal HIGH" "bizlibrary No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bizlibrary No.known.fix Admin+.Stored.XSS LOW" "better-messages-wc-vendors-integration 1.0.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "backup-backup 1.4.6.1 Unauthenticated.PHP.Object.Injection.via.'recursive_unserialize_replace' HIGH" "backup-backup 1.4.4 Information.Exposure.via.Log.Files MEDIUM" "backup-backup 1.4.0 Unauthenticated.Path.Traversal.to.Arbitrary.File.Deletion HIGH" "backup-backup 1.4.0 Authenticated.(Admin+).OS.Command.Injection.via.url MEDIUM" "backup-backup 1.4.0 1.3.9.-.Remote.File.Inclusion.via.content-dir HIGH" "backup-backup 1.3.8 Unauthenticated.RCE CRITICAL" "backup-backup 1.3.6 Sensitive.Data.Exposure HIGH" "backup-backup 1.3.7 Unauthenticated.Arbitrary.File.Download.to.Sensitive.Information.Exposure HIGH" "backup-backup 1.3.0 Cross-Site.Request.Forgery MEDIUM" "backup-backup 1.2.8 Plugin.Installation.via.CSRF MEDIUM" "backup-backup 1.2.8 Subscriber+.Plugin.Installation MEDIUM" "backup-backup 1.1.6 Admin+.Stored.Cross-Site.Scripting MEDIUM" "bit-integrations 2.5.0 Open.Redirect HIGH" "basepress-migration-tools No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "byconsole-woo-order-delivery-time 2.5.2 Unauthenticated.Full.Path.Dsiclosure MEDIUM" "byconsole-woo-order-delivery-time 2.4.7 Missing.Authorization.to.Arbitrary.Options.Update HIGH" "byconsole-woo-order-delivery-time 2.4.8 Reflected.XSS HIGH" "bookster 1.2.0 Unauthenticated.Appointment.Status.Update MEDIUM" "bbpress-notify-nospam 2.18.4 Reflected.Cross-Site.Scripting MEDIUM" "blackhole-bad-bots 3.3.2 Arbitrary.IP.Address.Blocking.via.IP.Spoofing HIGH" "bulk-resize-media No.known.fix CSRF MEDIUM" "browser-shots 1.7.6 Contributor+.Stored.XSS MEDIUM" "best-restaurant-menu-by-pricelisto 1.4.3 Missing.Authorization MEDIUM" "best-restaurant-menu-by-pricelisto 1.4.2 Authenticated.(Contributor+).SQL.Injection HIGH" "best-restaurant-menu-by-pricelisto 1.4.0 Settings.Update.via.CSRF MEDIUM" "business-hours-indicator 2.3.5 Admin+.Stored.Cross-Site.Scripting LOW" "b-slider 1.1.24 Gutenberg.Slider.Block.for.WP.<.1.1.24.-.Authenticated.(Contributor+).Private.Post.Disclosure.via.bsb-slider.Shortcode MEDIUM" "b-slider 1.1.13 Slider.for.your.block.editor.<.1.1.13.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bluetrait-event-viewer No.known.fix Settings.Update.via.CSRF MEDIUM" "bp-toolkit 3.6.1 Reflected.Cross-Site.Scripting MEDIUM" "bp-toolkit 3.3.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "blue-triad-ezanalytics No.known.fix Reflected.Cross-Site.Scripting.via.'bt_webid' MEDIUM" "backup-by-supsystic No.known.fix Authenticated.Arbitrary.File.Download.and.Deletion CRITICAL" "botnet-attack-blocker No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "botnet-attack-blocker No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "better-wp-security 9.3.2 IP.Address.Spoofing.to.Denial.of.Service MEDIUM" "better-wp-security 9.0.1 Unauthenticated.Login.Page.Disclosure MEDIUM" "better-wp-security 7.9.1 Hide.Backend.Bypass MEDIUM" "better-wp-security 7.0.3 Authenticated.SQL.Injection HIGH" "better-wp-security 6.9.1 Cross-Site.Scripting.(XSS) HIGH" "blogsafe-scanner No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "blogsafe-scanner 1.1.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bmlt-tabbed-map 1.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bard-extra 1.2.8 Missing.Authorization.to.Authenticated.(Subscriber+).Demo.Import MEDIUM" "bp-create-group-type No.known.fix Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "bilingual-linker 2.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bck-tu-dong-xac-nhan-thanh-toan-chuyen-khoan-ngan-hang No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "bulk-term-editor No.known.fix Cross-Site.Request.Forgery MEDIUM" "boombox-theme-extensions 1.8.1 Subscriber+.Privilege.Escalation.via.Password.Reset/Account.Takeover.in.boombox_ajax_reset_password HIGH" "boombox-theme-extensions 1.8.1 Authenticated.(Contributor+).Local.File.Inclusion.via.Shortcode HIGH" "becustom 1.0.5.3 Settings.Update.via.CSRF MEDIUM" "blockypage No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "blockypage No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "better-protected-pages No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "bookingcom-banner-creator No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bookingcom-banner-creator 1.4.3 Admin+.Stored.Cross-Site.Scripting LOW" "bellows-accordion-menu 1.4.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "buddyforms-acf 1.3.5 Reflected.Cross-Site.Scripting MEDIUM" "bg-biblie-references No.known.fix Reflected.XSS HIGH" "buttons-shortcode-and-widget No.known.fix Stored.XSS.via.shortcode MEDIUM" "buttons-shortcode-and-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "blog-sidebar-widget 1.0.6 Reflected.Cross-Site.Scripting MEDIUM" "blog-sidebar-widget No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "business-card-by-esterox-100 No.known.fix Admin+.File.Upload MEDIUM" "business-card-by-esterox-100 No.known.fix Arbitrary.Card.Deletion.via.CSRF MEDIUM" "business-card-by-esterox-100 No.known.fix Category.Edit.via.CSRF MEDIUM" "business-card-by-esterox-100 No.known.fix Card.Edit.via.CSRF MEDIUM" "business-card-by-esterox-100 No.known.fix Category.Deletion.via.CSRF MEDIUM" "bbcode-deluxe No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bigbuy-wc-dropshipping-connector 2.0.1 Unauthenticated.Full.Path.Disclosute MEDIUM" "block-logic No.known.fix Authenticated.(Contributor+).Remote.Code.Execution HIGH" "bulk-edit-posts-on-frontend 2.4.27 Reflected.Cross-Site.Scripting MEDIUM" "bulk-edit-posts-on-frontend 2.4.15 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "business-profile 2.1.7 Subscriber+.Page.Creation.&.Settings.Update.to.Stored.XSS MEDIUM" "bulk-edit-post-titles No.known.fix Missing.Authorization.via.bulkUpdatePostTitles MEDIUM" "bulk-edit-post-titles No.known.fix Missing.Authorization MEDIUM" "block-specific-plugin-updates 3.3.2 Arbitrary.Plugin.Update.Blocking.via.CSRF MEDIUM" "benaa-framework No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "benaa-framework No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "benaa-framework No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Updates MEDIUM" "business-directory-plugin 6.4.15 Easy.Listing.Directories.for.WordPress.<.6.4.15.-.Insecure.Direct.Object.Reference.to.Listing.Arbitrary.Image.Addition MEDIUM" "business-directory-plugin 6.4.4 Authenticated.(Author+).CSV.Injection HIGH" "business-directory-plugin 6.4.3 Unauthenticated.SQL.Injection.via.listingfields.Parameter CRITICAL" "business-directory-plugin 6.3.10 Contributor+.Arbitrary.Listing.Deletion LOW" "business-directory-plugin 6.3.11 Cross-Site.Request.Forgery MEDIUM" "business-directory-plugin 5.11.2 Arbitrary.Listing.Export HIGH" "business-directory-plugin 5.11.2 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "business-directory-plugin 5.11.2 Arbitrary.Payment.History.Update MEDIUM" "business-directory-plugin 5.11 Arbitrary.File.Upload.to.RCE HIGH" "business-directory-plugin 5.11.1 Authenticated.PHP4.Upload.to.RCE MEDIUM" "business-directory-plugin 5.11.1 Arbitrary.Add/Edit/Delete.Form.Field.to.Stored.XSS HIGH" "boldgrid-backup 1.17.0 Authenticated.(Admin+).Command.Injection HIGH" "boldgrid-backup 1.16.9 Authenticated.(Administrator+).Server-Side.Request.Forgery MEDIUM" "boldgrid-backup 1.16.7 Authenticated.(Administrator+).Remote.Code.Execution.via.Backup.Settings HIGH" "boldgrid-backup 1.15.9 Improper.Authorization.to.Unauthenticated.Arbitrary.File.Download HIGH" "boldgrid-backup 1.14.14 Subscriber+.Backup.Disclosure MEDIUM" "boldgrid-backup 1.14.10 Sensitive.Data.Disclosure.(Server.IP.Address,.UID.etc) MEDIUM" "boldgrid-backup 1.14.10 Unauthenticated.Backup.Download HIGH" "burst-pro 1.5.1 Unauthenticated.SQL.Injection HIGH" "bbp-move-topics 1.1.6 Code.Injection.&.CSRF CRITICAL" "browsing-history No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bmi-adultkid-calculator 1.2.2 Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "booking-ultra-pro 1.1.20 Reflected.Cross-Site.Scripting MEDIUM" "booking-ultra-pro 1.1.14 Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Settings.Updates MEDIUM" "booking-ultra-pro 1.1.14 Unauthenticated.Local.File.Inclusion CRITICAL" "booking-ultra-pro 1.1.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "booking-ultra-pro 1.1.13 Authenticated.(Contributor+).Privilege.Escalation HIGH" "booking-ultra-pro 1.1.7 Cross-Site.Request.Forgery MEDIUM" "booking-ultra-pro 1.1.7 Subscriber+.Settings.Update MEDIUM" "booking-ultra-pro 1.1.9 Reflected.XSS HIGH" "booking-ultra-pro 1.1.9 Reflected.XSS HIGH" "booking-ultra-pro 1.1.7 Multiple.CSRF MEDIUM" "booking-ultra-pro 1.1.7 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "bws-latest-posts 0.3 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "bakkbone-florist-companion 7.3.0 Reflected.Cross-Site.Scripting MEDIUM" "bakkbone-florist-companion 7.4.0 Missing.Authorization.to.Arbitrary.Content.Deletion MEDIUM" "bakkbone-florist-companion 7.4.0 Missing.Authorization.to.Sensitive.Data.Exposure MEDIUM" "buffer-my-post No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "buffer-my-post No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "blockspare 3.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blockspare 3.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blockspare 3.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blockspare 2.6.5 Reflected.Cross-Site.Scripting MEDIUM" "blockspare 2.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bp-job-manager 2.6.1 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "booking-calendar-pro 11.2.20 Reflected.Cross-Site.Scripting.via.'calendar_id' MEDIUM" "banner-cycler No.known.fix Stored.Cross-Site.Scripting.via.CSRF HIGH" "b2bking 4.6.20 Subscriber+.Arbitrary.Products.Price.Update MEDIUM" "branding No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "bitly-linker No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bulk-edit-categories-tags 1.7.5 Reflected.Cross-Site.Scripting MEDIUM" "bulk-edit-categories-tags 1.5.23 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "before-and-after-product-images-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "before-and-after-product-images-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "before-and-after-product-images-for-woocommerce No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "breadcrumb 1.5.33 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "blog-manager-light No.known.fix Settings.Update.via.CSRF MEDIUM" "blog-manager-wp No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "back-in-stock-notifier-for-woocommerce 5.3.2 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "block-editor-bootstrap-blocks 6.6.2 Reflected.Cross-Site.Scripting.via.tab MEDIUM" "better-rss-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "booking 10.10.1 Unauthenticated.Post-Confirmation.Booking.Manipulation MEDIUM" "booking 10.9.3 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.'booking'.Shortcode MEDIUM" "booking 10.6.5 Admin+.Stored.XSS LOW" "booking 10.6.3 Admin+.Stored.XSS LOW" "booking 10.6.1 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "booking 10.5.1 Reflected.Cross-Site.Scripting MEDIUM" "booking 10.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.bookingform.Shortcode MEDIUM" "booking 9.9.1 Unauthenticated.SQL.Injection CRITICAL" "booking 9.7.4 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "booking 9.7.3.1 Unauthenticated.Stored.XSS HIGH" "booking 9.2.2 Arbitrary.Translation.Update.via.CSRF MEDIUM" "booking 9.1.1 PHP.Object.Injection HIGH" "booking 8.9.2 Reflected.Cross-Site.Scripting HIGH" "booking 8.4.5.15 SQL.Injection HIGH" "bold-timeline-lite 1.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bold-timeline-lite 1.2.0 Missing.Authorization.to.Admin.Notice.Dismissal MEDIUM" "bold-timeline-lite 1.1.5 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "banner-system No.known.fix Missing.Authorization MEDIUM" "banner-system No.known.fix Privilege.Escalation HIGH" "banner-system No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "back-button-widget 1.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "bosa-elementor-for-woocommerce 1.0.13 Missing.Authorization MEDIUM" "beyot-framework No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Updates MEDIUM" "beyot-framework No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "beyot-framework No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "bws-featured-posts 1.0.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "burst-statistics 1.5.7 Contributor+.Stored.Cross-Site.Scripting.via.burst_total_pageviews_count MEDIUM" "burst-statistics 1.5.4 Editor+.SQL.Injection HIGH" "burst-statistics 1.5.0 Unauthenticated.SQL.Injection HIGH" "blue-captcha 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "bet-wc-2018-russia No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "background-control No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Deletion HIGH" "block-options 1.40.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "block-options 1.40.4 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "block-options 1.17 Reflected.Cross-Site.Scripting MEDIUM" "block-options 1.31.6 Contributor+.Arbitrary.PHP.Code.Execution CRITICAL" "bbpowerpack 2.37.4 Reflected.Cross-Site.Scripting MEDIUM" "bbpowerpack 2.33.1 Contributor+.Privilege.Escalation HIGH" "batch-cat No.known.fix Subscriber+.Arbitrary.Categories.Add/Set/Delete.to.Posts MEDIUM" "bamboo-enquiries No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "beaver-themer 1.4.9.1 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "beaver-themer 1.4.9.1 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.shortcode MEDIUM" "bulk-attachment-download 1.3.7 Reflected.Cross-Site.Scripting MEDIUM" "bulk-attachment-download 1.3.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "banner-management-for-woocommerce 2.4.3 Shop.Banner.Settings.Update.via.CSRF MEDIUM" "banner-management-for-woocommerce 2.4.1 Reflected.Cross-Site.Scripting MEDIUM" "banner-management-for-woocommerce 2.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "banner-management-for-woocommerce 1.1.1 Unauthenticated.Settings.Change MEDIUM" "bookingcom-product-helper 1.0.2 Admin+.Stored.Cross-Site.Scripting LOW" "blighty-explorer No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "bft-autoresponder 2.7.2.5 Reflected.Cross-Site.Scripting MEDIUM" "bft-autoresponder 2.7.2.4 Cross-Site.Request.Forgery MEDIUM" "bft-autoresponder 2.7.2.3 CSRF MEDIUM" "bft-autoresponder 2.7.1.1 Admin+.Stored.XSS LOW" "bft-autoresponder 2.7.1.1 Unauthenticated.Stored.XSS HIGH" "bft-autoresponder 2.1.7.2 Contributor+.Stored.XSS MEDIUM" "bft-autoresponder 2.1.7.2 Admin+.Stored.XSS LOW" "bft-autoresponder 2.5.2 Authenticated.Blind.SQL.Injection.&.Multiple.XSS HIGH" "bws-google-analytics 1.7.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "bdthemes-prime-slider-lite 3.16.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bdthemes-prime-slider-lite 3.15.19 Addons.For.Elementor.(Revolution.of.a.slider,.Hero.Slider,.Ecommerce.Slider.<.3.15.19.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Blog.Widget MEDIUM" "bdthemes-prime-slider-lite 3.14.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Pacific.Widget MEDIUM" "bdthemes-prime-slider-lite 3.14.2 Contributor+.Stored.XSS.via.Pagepiling.Widget MEDIUM" "bdthemes-prime-slider-lite 3.14.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bdthemes-prime-slider-lite 3.14.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "bdthemes-prime-slider-lite 3.13.3 Contributor+.Stored.Cross-Site.Scripting.via.Mercury.Widget MEDIUM" "bdthemes-prime-slider-lite 3.13.3 Contributor+.Stored.Cross-Site.Scripting.via.Rubix.Widget MEDIUM" "bdthemes-prime-slider-lite 3.13.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Fiestar.Widget MEDIUM" "bdthemes-prime-slider-lite 3.11.11 Incorrect.Authorization.via.bdt_duplicate_as_draft MEDIUM" "bdthemes-prime-slider-lite 3.8.3 Reflected.Cross-Site.Scripting MEDIUM" "bdthemes-prime-slider-lite 2.7.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buddypress-humanity No.known.fix Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "broken-link-manager No.known.fix Authenticated.(admin+).SQL.Injection MEDIUM" "broken-link-manager 0.6.0 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "broken-link-manager 0.5.0 Unauthenticated.SQL.Injection.&.XSS CRITICAL" "buddyforms-hierarchical-posts 1.1.4 Reflected.Cross-Site.Scripting MEDIUM" "bulkpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "blocksy-companion 2.0.43 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "blocksy-companion 2.0.46 Contributor+.Stored.Cross-Site.Scripting.via.SVG.Uploads MEDIUM" "blocksy-companion 2.0.29 Cross-Site.Request.Forgery MEDIUM" "blocksy-companion 2.0.32 Contributor+.Stored.XSS MEDIUM" "blocksy-companion 1.8.47 Reflected.Cross-Site.Scripting MEDIUM" "blocksy-companion 1.8.82 Subscriber+.Draft.Post.Access MEDIUM" "blocksy-companion 1.8.68 Contributor+.Stored.XSS MEDIUM" "blocksy-companion 1.8.20 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bug-library 2.1.5 Authenticated.(Contributor+).SQL.Injection MEDIUM" "bug-library 2.1.2 Admin+.Stored.XSS LOW" "bug-library 2.1.1 Unauthenticated.RCE CRITICAL" "bug-library 2.0.4 Reflected.Cross-Site.Scripting MEDIUM" "bc-woo-custom-thank-you-pages 1.4.14 Missing.Authorization MEDIUM" "bsk-contact-form-7-blacklist No.known.fix Reflected.Cross-Site.Scripting HIGH" "backuply 1.3.5 Authenticated.(Admin+).SQL.Injection CRITICAL" "backuply 1.2.8 Admin+.Directory.Traversal MEDIUM" "backuply 1.2.6 Backup,.Restore,.Migrate.and.Clone.<.1.2.6.-..Unauthenticated.Denial.of.Service HIGH" "backuply 1.2.4 Admin+.Directory.Traversal MEDIUM" "bws-popular-posts 1.0.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "backup-scheduler No.known.fix Cross-Site.Request.Forgery MEDIUM" "bp-better-messages 2.7.0 Unauthenticated.Sensitive.Information.Exposure.Through.Unprotected.Directory HIGH" "bp-better-messages 2.7.5 Unauthenticated.Limited.Server-Side.Request.Forgery.in.nice_links MEDIUM" "bp-better-messages 2.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "bp-better-messages 2.4.33 Missing.Authorization MEDIUM" "bp-better-messages 2.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "bp-better-messages 2.1.18 Reflected.Cross-Site.Scripting MEDIUM" "bp-better-messages 1.9.10.71 Subscriber+.Messaging.Block.Bypass MEDIUM" "bp-better-messages 1.9.10.69 Subscriber+.SSRF MEDIUM" "bp-better-messages 1.9.10.58 Subscriber+.Denial.Of.Service MEDIUM" "bp-better-messages 1.9.9.170 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bp-better-messages 1.9.9.149 Cross-Site.Request.Forgery MEDIUM" "bp-better-messages 1.9.9.149 File.Upload.via.CSRF LOW" "bp-better-messages 1.9.9.41 Reflected.Cross-Site.Scripting HIGH" "bp-better-messages 1.9.9.41 Multiple.CSRF MEDIUM" "backup-wd No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "breadcrumbs-by-menu 1.0.3 Multiple.Issues HIGH" "blizzard-quotes No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "backup-and-restore-for-wp No.known.fix Admin+.Arbitrary.File.Deletion MEDIUM" "bws-pinterest 1.0.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "bertha-ai-free 1.12.11 Authenticated.(Subscriber+).Arbitrary.Content.Deletion MEDIUM" "bertha-ai-free 1.11.10.8 Unauthenticated.Arbitrary.File.Upload CRITICAL" "bookshelf No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "bulk-edit-user-profiles-in-spreadsheet 1.5.25 Reflected.Cross-Site.Scripting MEDIUM" "bulk-edit-user-profiles-in-spreadsheet 1.5.14 Admin+.Stored.Cross-Site.Scripting LOW" "bulk-edit-user-profiles-in-spreadsheet 1.5.13 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "booster-plus-for-woocommerce 7.2.5 Reflected.Cross-Site.Scripting MEDIUM" "booster-plus-for-woocommerce 7.1.2 Missing.Authorization.to.Arbitrary.Page/Post.Deletion MEDIUM" "booster-plus-for-woocommerce 7.1.3 Missing.Authorization.to.Arbitrary.Options.Disclosure MEDIUM" "booster-plus-for-woocommerce 7.1.2 Missing.Authorization.to.Order.Information.Disclosure MEDIUM" "booster-plus-for-woocommerce 6.0.1 Multiple.CSRF MEDIUM" "booster-plus-for-woocommerce 6.0.0 Reflected.Cross-Site.Scripting HIGH" "booster-plus-for-woocommerce 5.6.6 Custom.Role.Creation/Deletion.via.CSRF MEDIUM" "booster-plus-for-woocommerce 5.6.5 ShopManager+.Arbitrary.File.Download MEDIUM" "booster-plus-for-woocommerce 5.6.5 Checkout.Files.Deletion.via.CSRF LOW" "booster-plus-for-woocommerce 5.6.1 Subscriber+.Order.Status.Update MEDIUM" "blog-designer-for-post-and-widget 2.4.1 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "blockart-blocks 2.1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "broken-images-redirection No.known.fix Cross-Site.Request.Forgery MEDIUM" "bookingpress-appointment-booking No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "bookingpress-appointment-booking 1.1.26 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bookingpress-appointment-booking 1.1.23 Unauthenticated.Export.File.Download MEDIUM" "bookingpress-appointment-booking 1.1.22 Authenticated.(Contributor+).SQL.Injection MEDIUM" "bookingpress-appointment-booking 1.1.17 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "bookingpress-appointment-booking 1.1.8 1.1.7.-.Authentication.Bypass.to.Account.Takeover CRITICAL" "bookingpress-appointment-booking 1.1.6 Authenticated.(Subscriber+).Arbitrary.File.Read.to.Arbitrary.File.Creation HIGH" "bookingpress-appointment-booking 1.1.6 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update.and.Arbitrary.File.Upload HIGH" "bookingpress-appointment-booking 1.0.83 Missing.Authorization.to.Appointment.Time.Alteration MEDIUM" "bookingpress-appointment-booking 1.0.82 Authenticated.(Customer+).Insecure.Direct.Object.Reference MEDIUM" "bookingpress-appointment-booking 1.0.88 Authenticated.(Admin+).Arbitrary.File.Upload HIGH" "bookingpress-appointment-booking 1.0.75 Unauthenticated.Booking.Price.Manipulation HIGH" "bookingpress-appointment-booking 1.0.73 Authenticated.(Contributor+).SQL.Injection HIGH" "bookingpress-appointment-booking 1.0.77 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "bookingpress-appointment-booking 1.0.31 Unauthenticated.IDOR.in.appointment_id HIGH" "bookingpress-appointment-booking 1.0.11 Unauthenticated.SQL.Injection HIGH" "bulk-menu-edit 1.3.1 Missing.Authorization MEDIUM" "bizapp-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bin-stripe-donation No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bin-stripe-donation No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "buddydrive 2.1.2 Reflected.Cross-Site.Scripting MEDIUM" "better-author-bio No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "better-elementor-addons 1.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "better-elementor-addons 1.4.2 Authenticated(Contributor+).Local.File.Inclusion HIGH" "better-elementor-addons 1.3.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "better-elementor-addons 1.4.2 Contributor+.Stored.XSS MEDIUM" "better-elementor-addons 1.3.9 Subscriber+.Settings.Update./.Reset MEDIUM" "better-elementor-addons 1.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bulk-creator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "buddyforms-remote 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "bsuite No.known.fix Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "be-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blue-admin No.known.fix CSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "bulk-editor 1.0.8.6 Authenticated.(Editor+).Path.Traversal LOW" "bulk-editor 1.0.8.4 Authenticated.(Editor+).CSV.Path.Traversal LOW" "bulk-editor 1.0.8.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "bulk-editor 1.0.8.2 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "bulk-editor 1.0.8.2 Missing.Authorization MEDIUM" "bulk-editor 1.0.8.2 Cross-Site.Request.Forgery MEDIUM" "bulk-editor 1.0.8.1 Unauthenticated.Stored.Cross-Site.Scripting.via.profile_title MEDIUM" "bulk-editor 1.0.7.2 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "bulk-editor 1.0.7.2 Admin+.Stored.XSS LOW" "bulk-editor 1.0.7.1 Profile.Creation.via.CSRF MEDIUM" "bulk-editor 1.0.7.1 Profile.Creation.via.CSRF MEDIUM" "bulk-editor 1.0.7 Subscriber+.Stored.XSS HIGH" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.7.0 Authenticated.(Admin+).Arbitrary.File.Upload HIGH" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.6.7 Reflected.Cross-Site.Scripting MEDIUM" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.6.2 Authenticated.(Subscriber+).SQL.Injection HIGH" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.5 Cross-Site.Request.Forgery MEDIUM" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.5 Unauthenticated.Information.Exposure MEDIUM" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.5 Authenticated.(Subscriber+).SQL.Injection HIGH" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.4 Unauthenticated.Privilege.Escalation CRITICAL" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.4 Missing.Authorization MEDIUM" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.4 Missing.Authorization MEDIUM" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.4 Reflected.Cross-Site.Scripting MEDIUM" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.2 Unauthenticated.SQL.Injection.via.userToken CRITICAL" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.2 Unauthenticated.Arbitrary.File.Upload.via.uploadFile CRITICAL" "brizy-pro No.known.fix Cross-Site.Request.Forgery MEDIUM" "brizy-pro No.known.fix Missing.Authorization MEDIUM" "brizy-pro No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "buddybadges No.known.fix Admin+.SQLi MEDIUM" "breadcrumb-simple No.known.fix Admin+.Stored.XSS LOW" "broken-link-checker-for-youtube No.known.fix Cross-Site.Request.Forgery.via.plugin_settings_page() MEDIUM" "bootstrap-buttons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bws-smtp 1.2.0 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "bws-smtp 1.1.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "blogintroduction-wordpress-plugin No.known.fix Settings.Update.via.CSRF MEDIUM" "bridge-core 3.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bridge-core 3.3.1 Missing.Authorization MEDIUM" "bridge-core 3.3.1 Missing.Authorization.to.Authenticated.(Subscriber+).Demo.Import MEDIUM" "bridge-core 3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "bridge-core 3.1.0 Reflected.XSS HIGH" "bitcoin-lightning-publisher 1.4.2 Reflected.Cross-Site.Scripting MEDIUM" "better-captcha-gravity-forms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "better-captcha-gravity-forms 0.5.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bxslider-wp No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "buddypress-sticky-post 1.9.9 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "bitpay-checkout-for-woocommerce 5.0.0 Missing.Authorization MEDIUM" "bu-section-editing No.known.fix Reflected.XSS HIGH" "bu-section-editing No.known.fix Reflected.Cross-Site.Scripting.via.[placeholder] MEDIUM" "buddypress-docs 2.2.4 Reflected.Cross-Site.Scripting HIGH" "buddypress-docs 1.9.3 Authenticated.Lack.of.Authorisation MEDIUM" "blox-page-builder No.known.fix Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "build-private-store-for-woocommerce 1.1 Missing.Authorization MEDIUM" "build-private-store-for-woocommerce 1.1 Cross-Site.Request.Forgery MEDIUM" "breezing-forms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bounce-handler-mailpoet No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "basticom-framework 1.5.1 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "bbpress2-shortcode-whitelist No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "bonjour-bar No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "bravo-search-and-replace No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "banner-manager No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "bacola-core No.known.fix Reflected.Cross-Site.Scripting HIGH" "boostify-header-footer-builder 1.3.7 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "boostify-header-footer-builder 1.3.6 Missing.Authorization.to.Page/Post.Creation MEDIUM" "boostify-header-footer-builder 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.size.Parameter MEDIUM" "bodi0s-easy-cache 0.9 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "button-contact-vr 4.7.10 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "button-contact-vr 4.7.8 Admin+.Stored.XSS LOW" "button-contact-vr 4.7.7 Admin+.Stored.XSS LOW" "blockwheels No.known.fix Contributor+.Stored.XSS MEDIUM" "brickscore No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "buzzsprout-podcasting 1.8.5 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "book-appointment-online 1.39 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "book-a-room No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "bp-greeting-message No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bmi-calculator-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "breeze 2.1.15 Missing.Authorization MEDIUM" "breeze 2.1.15 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "breeze 2.1.4 Admin+.Stored.XSS LOW" "breeze 2.0.3 Subscriber+.Arbitrary.Settings.Update.to.Stored.XSS HIGH" "builderall-cheetah-for-wp 2.0.2 Unauthenticated.Server-Side.Request.Forgery HIGH" "browser-update-notify No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "biometric-login-for-woocommerce 1.0.4 Unauthenticated.Privilege.Escalation CRITICAL" "bbp-style-pack 5.6.8 Contributor+.Stored.XSS MEDIUM" "bbp-style-pack 5.5.6 Reflected.XSS HIGH" "bible-embed No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "bulk-change No.known.fix Authenticated.Reflected.Cross-Site.Scripting CRITICAL" "booking-calendar-contact-form 1.2.56 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "booking-calendar-contact-form 1.2.41 Unauthenticated.Reflected.Cross-Site.Scripting HIGH" "booking-calendar-contact-form 1.0.24 XSS.&.SQL.Injection CRITICAL" "booking-calendar-contact-form 1.0.3 Multiple.Authenticated.Vulnerabilities MEDIUM" "best-woocommerce-feed 7.3.16 Authenticated.(Admin+).Directory.Traversal LOW" "best-woocommerce-feed 3.0 Reflected.Cross-Site.Scripting MEDIUM" "best-woocommerce-feed 2.2.3.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "bet-sport-free No.known.fix Cross-Site.Request.Forgery MEDIUM" "backend-designer 1.4 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "bulk-image-resizer No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Options.Update MEDIUM" "books-papers No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "booster-extension No.known.fix Basic.Information.Exposure.via.booster_extension_authorbox_shortcode_display MEDIUM" "black-widgets No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "black-widgets 1.3.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "black-widgets 1.3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "black-widgets 1.3.8 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "black-widgets 1.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "black-widgets 1.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bit-form 2.18.4 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "bit-form 2.18.1 Open.Redirect HIGH" "bit-form 2.17.5 Authenticated.(Administrator+).Server-Side.Request.Forgery LOW" "bit-form 2.17.4 Missing.Authorization.to.Authenticated.(Subscriber+).Form.Submission.Disclosure MEDIUM" "bit-form 2.15.3 Admin+.Arbitrary.File.Read LOW" "bit-form 2.13.12 Authenticated.(Administrator+).SQL.Injection MEDIUM" "bit-form 2.13.11 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "bit-form 2.13.11 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "bit-form 2.13.10 2.13.9.-.Authenticated.(Administrator+).SQL.Injection.via.getLogHistory.Function HIGH" "bit-form 2.13.10 2.13.9.-.Authenticated.(Administrator+).Arbitrary.JavaScript.File.Uploads MEDIUM" "bit-form 2.13.10 2.13.9.-.Authenticated.(Administrator+).Arbitrary.File.Read.And.Deletion CRITICAL" "bit-form 2.13.10 2.13.9.-.Authenticated.(Administrator+).SQL.Injection HIGH" "bit-form 2.13.5 2.13.4.-.Authenticater.(Administrator+).Arbitrary.File.Deletion HIGH" "bit-form 2.13.4 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "bit-form 2.10.2 Unauthenticated.Insecure.Direct.Object.Reference.to.Form.Submission.Alteration MEDIUM" "bit-form 2.2.0 Admin+.Stored.XSS LOW" "bit-form 1.9 RCE.via.Unauthenticated.Arbitrary.File.Upload CRITICAL" "breaking-news-ticker No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bcs-bertline-book-importer 1.5.8 Unauthenticated.Product.Import HIGH" "bc-menu-cart-woo No.known.fix Cross-Site.Request.Forgery MEDIUM" "bemax-elementor No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "britetechs-companion 2.2.8 Injected.Backdoor CRITICAL" "block-slider 2.1.7 Reflected.Cross-Site.Scripting MEDIUM" "block-slider 2.0.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buddyvendor 1.2.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "buddypress 14.2.1 Authenticated.(Subscriber+).Directory.Traversal HIGH" "buddypress 12.5.1 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "buddypress 12.4.1 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "buddypress 11.3.2 Contributor+.Stored.XSS MEDIUM" "buddypress 9.1.1 SQL.Injections HIGH" "buddypress 9.1.1 Activation.Key.Disclosure MEDIUM" "buddypress 7.3.0 Multiple.Authenticated.REST.API.Vulnerabilities MEDIUM" "buddypress 7.2.1 REST.API.Privilege.Escalation HIGH" "buddypress 7.2.1 Read.Private.Messages MEDIUM" "buddypress 7.2.1 Invite.Member.to.Join.Group MEDIUM" "buddypress 7.2.1 .Force.a.Friendship MEDIUM" "buddypress 7.2.1 Manage.BuddyPress.Member.Types MEDIUM" "buddypress 6.4.0 Lack.of.Capability.Check.on.Profile.Page MEDIUM" "buddypress 5.1.2 Private.Data.Exposure.via.REST.API HIGH" "buddypress 5.1.1 Denial.of.Service MEDIUM" "bs-shortcode-ultimate No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bp-profile-shortcodes-extra No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bp-profile-shortcodes-extra No.known.fix Authenticated.(Contributor+).SQL.Injection.via.tab.Parameter MEDIUM" "bp-profile-shortcodes-extra 2.5.3 Contributor+.Stored.XSS MEDIUM" "bsk-gravityforms-blacklist 4.0 SQLi.via.CSRF MEDIUM" "bsk-gravityforms-blacklist 3.9 Reflected.Cross-Site.Scripting MEDIUM" "bsk-gravityforms-blacklist 3.8.1 Reflected.Cross-Site.Scripting MEDIUM" "bsk-gravityforms-blacklist 3.7 Admin+.Stored.Cross-Site.Scripting LOW" "bubble-menu 4.0.3 Cross-Site.Request.Forgery MEDIUM" "bubble-menu 3.0.5 Admin+.Stored.XSS LOW" "bubble-menu 3.0.4 Reflected.XSS MEDIUM" "bubble-menu 3.0.2 Circle.Floating.Menu.<.3.0.2.-.Form.Deletion.via.CSRF MEDIUM" "branda-white-labeling 3.4.22 Reflected.Cross-Site.Scripting MEDIUM" "branda-white-labeling 3.4.19 Unauthenticated.Full.Path.Disclosure MEDIUM" "branda-white-labeling 3.4.18 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "branda-white-labeling 3.4.18 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.Upload MEDIUM" "branda-white-labeling 3.4.15 IP.Spoofing MEDIUM" "background-animation-blocks No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "be-popia-compliant 1.1.6 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "bitcoin-payments No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "before-and-after No.known.fix Cross-Site.Request.Forgery MEDIUM" "buddyforms-ultimate-member 1.3.8 Reflected.Cross-Site.Scripting MEDIUM" "board-election No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "blogbuzztime-for-wp No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "buddyforms No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "buddyforms 2.8.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'buddyforms_nav'.Shortcode MEDIUM" "buddyforms 2.8.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "buddyforms 2.8.13 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "buddyforms 2.8.12 Authenticated.(Contributor+).Privilege.Escalation HIGH" "buddyforms 2.8.10 Email.Verification.Bypass.due.to.Insufficient.Randomness MEDIUM" "buddyforms 2.8.9 Unauthenticated.Arbitrary.File.Read.and.Server-Side.Request.Forgery CRITICAL" "buddyforms 2.8.6 Reflected.Cross-Site.Scripting.via.page MEDIUM" "buddyforms 2.8.8 Missing.Authorization.to.Unauthenticated.Media.Upload HIGH" "buddyforms 2.8.8 Missing.Authorization.to.Unauthenticated.Media.Deletion HIGH" "buddyforms 2.8.8 Missing.Authorization MEDIUM" "buddyforms 2.8.3 Reflected.Cross-Site.Scripting MEDIUM" "buddyforms 2.8.2 Contributor+.Stored.XSS MEDIUM" "buddyforms 2.7.8 Unauthenticated.PHAR.Deserialization HIGH" "buddyforms 2.7.6 Contributor+.Stored.XSS MEDIUM" "buddyforms 2.6.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buddyforms 2.3.2 Subscriber+.Arbitrary.Option.Update CRITICAL" "buddyforms 2.2.8 SQL.Injection CRITICAL" "blocks-bakery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "blocks-bakery No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "biltorvet-dealer-tools No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "betterdocs 3.5.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "betterdocs 3.5.9 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "betterdocs 3.3.4 Unauthenticated.PHP.Object.Injection CRITICAL" "betterdocs 3.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "betterdocs 2.5.3 Missing.Authorization.via.AJAX.actions MEDIUM" "betterdocs 1.9.2 Reflected.Cross-Site.Scripting HIGH" "betterdocs 1.9.0 Reflected.Cross-Site.Scripting HIGH" "bricksforge 2.1.1 Missing.Authorization.to.Unauthenticated.WordPress.Settings.Update MEDIUM" "bricksforge 2.1.1 Missing.Authorization.to.Unauthenticated.Arbitrary.Email.Sending MEDIUM" "bricksforge 2.1.1 Missing.Authorization.to.Unauthenticated.WordPress.Settings.Deletion MEDIUM" "buddypress-media 4.6.19 Subscriber+.SQL.Injection HIGH" "buddypress-media 4.6.19 Authenticated.(Contributor+).SQL.Injection.via.rtmedia_gallery.Shortcode HIGH" "buddypress-media 4.6.16 Admin+.RCE MEDIUM" "buddypress-media 4.6.16 Subscriber+.RCE CRITICAL" "buddypress-media 4.6.15 Missing.Authorization.via.export_settings MEDIUM" "buddypress-media 4.6.15 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "buddypress-media 4.6.15 Missing.Authorization.to.Settings.Update MEDIUM" "bank-mellat 2.0.1 Reflected.Cross-Site.Scripting HIGH" "beam-me-up-scotty No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "beam-me-up-scotty 1.0.22 Reflected.Cross-Site.Scripting MEDIUM" "base64-encoderdecoder No.known.fix Reflected.XSS HIGH" "base64-encoderdecoder No.known.fix Settings.Reset.via.CSRF MEDIUM" "base64-encoderdecoder No.known.fix Stored.XSS.via.CSRF HIGH" "bzscore-live-score 1.6.0 Contributor+.Stored.XSS MEDIUM" "beaf-before-and-after-gallery 4.5.5 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "bp-social-connect No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "bp-social-connect 1.6.2 Authentication.Bypass CRITICAL" "blogger-301-redirect No.known.fix Unauthenticated.SQL.Injection.via.br HIGH" "buddypress-global-search No.known.fix Admin+.Stored.XSS LOW" "better-bp-registration No.known.fix Authentication.Bypass.to.Administrator CRITICAL" "bb-bootstrap-cards 1.1.5 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "bb-bootstrap-cards 1.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Cards.Widget MEDIUM" "bb-bootstrap-cards 1.1.3 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.bootstrapcard.link MEDIUM" "bulk-user-editor No.known.fix Missing.Authorization MEDIUM" "better-search-replace 1.4.5 Unauthenticated.PHP.Object.Injection CRITICAL" "better-search-replace 1.4.1 Admin+.SQLi MEDIUM" "bookit 2.4.1 Price.Bypass MEDIUM" "bookit 2.4.4 Authenticated(Administrator+).SQL.Injection MEDIUM" "bookit 2.3.9 Reflected.Cross-Site.Scripting MEDIUM" "bookit 2.3.8 Authentication.Bypass CRITICAL" "bookit 2.2.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bookit 2.1.6 Authorised.AJAX.Calls MEDIUM" "board-document-manager-from-chuhpl No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "block-for-font-awesome 1.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "block-for-font-awesome 1.4.1 Block.for.Font.Awesome.<.1,4,1.-Settings.Update.via.CSRF MEDIUM" "boombox-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bible-text No.known.fix Contributor+.Stored.XSS MEDIUM" "better-section-navigation No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bradmax-player 1.1.28 Contributor+.Stored.XSS MEDIUM" "babelz No.known.fix CSRF.to.Stored.XSS HIGH" "biagiotti-membership 1.1 Authentication.Bypass.via.biagiotti_membership_check_facebook_user CRITICAL" "bp-user-to-do-list 3.0.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "block-spam-by-math-reloaded No.known.fix Missing.Authorization MEDIUM" "block-spam-by-math-reloaded No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "better-messages-wcfm-integration 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "back-link-tracker No.known.fix Cross-Site.Request.Forgery.to.SQL.Injection HIGH" "beek-widget-extention No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "beautiful-taxonomy-filters No.known.fix Unauthenticated.SQL.Injection HIGH" "bruteguard No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "best-addons-for-elementor No.known.fix Contributor+.Stored.XSS MEDIUM" "buddypress-activity-plus 1.6.2 Cross-Site.Request.Forgery.(CSRF) HIGH" "bookmarkify No.known.fix Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "basic-interactive-world-map No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "basic-interactive-world-map 2.7 Admin+.Stored.XSS LOW" "buddyforms-easypin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "buddyforms-easypin No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buddyforms-easypin No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "betteroptin No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "buttonizer-multifunctional-button 3.3.10 Reflected.Cross-Site.Scripting MEDIUM" "buttonizer-multifunctional-button 2.6.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buttonizer-multifunctional-button 2.5.5 Smart.Floating.Action.Button.<.2.5.5.-.Admin+.Stored.Cross-Site.Scripting LOW" "block-styler-for-gravity-forms 6.3.0 Reflected.Cross-Site.Scripting MEDIUM" "block-styler-for-gravity-forms 6.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "brizy No.known.fix Contributor+.Stored.XSS MEDIUM" "brizy 2.6.9 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "brizy 2.6.5 Authenticated.(Contributor+).Arbitrary.File.Upload.via.storeUploads CRITICAL" "brizy 2.5.2 Cross-Site.Request.Forgery MEDIUM" "brizy 2.4.45 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "brizy 2.4.45 Missing.Authorization.to.Authenticated.(Contributor+).Post.Modification HIGH" "brizy 2.4.44 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Form.Functionality MEDIUM" "brizy 2.4.44 Unauthenticated.Stored.Cross-Site.Scripting.via.Form HIGH" "brizy 2.4.44 Authenticated.(Contributor+).Store.Cross-Site.Scripting.via.Widget.Link.To.URL HIGH" "brizy 2.4.44 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Custom.Attributes MEDIUM" "brizy 2.4.44 Missing.Authorization MEDIUM" "brizy 2.4.42 Authenticated(Contributor+).Stored.Cross-Site.Scripting HIGH" "brizy 2.4.41 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "brizy 2.4.41 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "brizy 2.4.41 Authenticated.(Contributor+).Directory.Traversal MEDIUM" "brizy 2.4.41 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "brizy 2.4.41 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "brizy 2.4.30 Contributor+.Stored.XSS MEDIUM" "brizy 2.4.2 Contributor+.Stored.Cross-Site.Scripting.via.Element.Content MEDIUM" "brizy 2.4.2 Contributor+.Stored.Cross-Site.Scripting.via.Element.URL MEDIUM" "brizy 2.3.12 Authenticated.File.Upload.and.Path.Traversal HIGH" "brizy 2.3.12 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "brizy 2.3.12 2.3.11.-.Incorrect.Authorization.to.Post.Modification HIGH" "brizy 1.0.126 Page.Builder.<.1.0.126.-.Improper.Access.Controls.on.AJAX.Calls HIGH" "ba-plus-before-after-image-slider-free No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bold-page-builder 5.1.6 Authenticated.(Editor+).Path.Traversal LOW" "bold-page-builder 5.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bold-page-builder 5.1.4 Missing.Authorization MEDIUM" "bold-page-builder 5.1.1 -.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bold-page-builder 5.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bold-page-builder 5.0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.bt_bb_button.Shortcode MEDIUM" "bold-page-builder 4.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.AI.Features MEDIUM" "bold-page-builder 4.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.HTML.Tags MEDIUM" "bold-page-builder 4.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Separator.Element MEDIUM" "bold-page-builder 4.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via."Price.List".Element MEDIUM" "bold-page-builder 4.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.bt_bb_price_list.Shortcode MEDIUM" "bold-page-builder 4.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Widget.URL.Attribute MEDIUM" "bold-page-builder 4.7.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.class MEDIUM" "bold-page-builder 4.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Icon.Link MEDIUM" "bold-page-builder 4.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Raw.Content MEDIUM" "bold-page-builder 4.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.URL MEDIUM" "bold-page-builder 4.7.0 Contributor+.Stored.XSS MEDIUM" "bold-page-builder 4.3.3 Admin+.Stored.Cross-Site.Scripting MEDIUM" "bold-page-builder 3.1.6 PHP.Object.Injection MEDIUM" "bold-page-builder 2.3.2 Missing.Access.Controls HIGH" "backwpup 4.0.2 Admin+.Directory.Traversal MEDIUM" "backwpup 4.0.4 Unauthenticated.Backup.Download HIGH" "backwpup 4.0.2 Authenticated.(Administrator+).Directory.Traversal HIGH" "backwpup 3.4.2 Backup.File.Download HIGH" "bsd-woo-stripe-connect-split-pay 3.2.10 Reflected.Cross-Site.Scripting MEDIUM" "bsd-woo-stripe-connect-split-pay 3.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "baslider No.known.fix Multiple.CSRF MEDIUM" "baslider No.known.fix Arbitrary.Slide.Deletion.via.CSRF MEDIUM" "baslider No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "bsi-hotel-pro No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "blockmeister 3.1.11 Reflected.Cross-Site.Scripting MEDIUM" "blockmeister 3.1.10 Reflected.Cross-Site.Scripting MEDIUM" "blockmeister 3.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "border-loading-bar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "border-loading-bar No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "better-follow-button-for-jetpack No.known.fix Admin+.Stored.XSS LOW" "beautiful-and-responsive-cookie-consent 2.10.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "beautiful-and-responsive-cookie-consent 2.10.2 Unauthenticated.Stored.XSS HIGH" "beautiful-and-responsive-cookie-consent 2.9.1 Admin+.Stored.XSS LOW" "bbresolutions No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bbresolutions No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bmi-bmr-calculator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "blog-summary No.known.fix Contributor+.Stored.XSS MEDIUM" "birthdays-widget No.known.fix Admin+.Stored.Cross.Site.Scripting LOW" "brid-video-easy-publish No.known.fix Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "brid-video-easy-publish 3.8.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.brid_override_yt.Shortcode MEDIUM" "brid-video-easy-publish 3.8.4 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "block-controller No.known.fix Reflected.Cross-Site.Scripting HIGH" "ba-book-everything 1.6.21 Reflected.Cross-Site.Scripting MEDIUM" "ba-book-everything 1.6.21 Cross-Site.Request.Forgery.to.Email.Address.Update/Account.Takeover HIGH" "ba-book-everything 1.6.21 Unauthenticated.Arbitrary.User.Password.Reset MEDIUM" "ba-book-everything 1.6.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ba-book-everything 1.6.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "ba-book-everything 1.6.5 Authenticated.(Contributor+).SQL.Injection CRITICAL" "ba-book-everything 1.3.25 Unauthenticated.Reflected.XSS.&.XFS MEDIUM" "better-anchor-links No.known.fix Cross-Site.Request.Forgery.via.admin/options.php MEDIUM" "bma-lite-appointment-booking-and-scheduling No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "bj-lazy-load 1.0 Remote.File.Inclusion.(Timthumb) HIGH" "bpcustomerio No.known.fix Arbitrary.Plugin.Settings.Update.via.CSRF MEDIUM" "bricksable 1.6.60 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "bus-booking-manager 4.2.3 Administrator+.Stored.XSS LOW" "bravo-translate No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "buddyboss-platform No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.'bbp_topic_title' MEDIUM" "buddyboss-platform No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.'invitee_name' MEDIUM" "buddyboss-platform No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.'bp_nouveau_ajax_media_save'.function MEDIUM" "buddyboss-platform 2.8.00 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.'link_title' MEDIUM" "buddyboss-platform 2.6.0 Insecure.Direct.Object.Reference.on.Like.Comment MEDIUM" "buddyboss-platform 2.7.60 Private.Comment.Exposure.via.IDOR MEDIUM" "buddyboss-platform 1.7.9 Subscriber+.SQL.Injection MEDIUM" "blogmentor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.pagination_style.Parameter MEDIUM" "broadstreet No.known.fix Subscriber+.Stored.XSS HIGH" "broadstreet No.known.fix Cross-Site.Request.Forgery MEDIUM" "broadstreet 1.51.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.zone.Parameter MEDIUM" "buk-appointments No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blaze-widget 2.5.4 Injected.Backdoor CRITICAL" "boat-rental-system No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "blocks-post-grid No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "b-testimonial 1.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bing-site-verification-using-meta-tag No.known.fix Admin+.Stored.XSS LOW" "bulk-datetime-change 1.12 Missing.Authorisation MEDIUM" "bulk-delete-users-by-email No.known.fix User.Deletion.via.CSRF HIGH" "bulk-delete-users-by-email No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bulk-image-title-attribute 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buying-buddy-idx-crm 2.0.0 PHP.Object.Injection.via.CSRF HIGH" "broken-link-checker-seo 1.2.4 Authenticated.(Contributor+).SQL.Injection MEDIUM" "brands-for-woocommerce 3.8.2.3 Missing.Authorization.to.Unauthenticated.Order.Manipulation.and.Information.Retrieval MEDIUM" "brands-for-woocommerce 3.8.2.3 Cross-Site.Request.Forgery MEDIUM" "brands-for-woocommerce 3.8.2 Contributor+.Stored.XSS MEDIUM" "blocked-in-china 1.0.6 Reflected.Cross-Site.Scripting MEDIUM" "blocked-in-china 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "calendi No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "contact-us-by-lord-linus No.known.fix Admin+.Stored.XSS.via.CSRF HIGH" "contact-us-by-lord-linus No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cc-bcc-for-woocommerce-order-emails No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "classima-core 1.10 Reflected.Cross-Site.Scripting MEDIUM" "cartpops 1.4.28 Reflected.Cross-Site.Scripting MEDIUM" "cartpops 1.4.17 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cc-circle-progress-bar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "carousels-slider-for-divi No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cc-child-pages 1.43 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "c9-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "c9-blocks No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "custom-database-applications-by-caspio No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "coupons 1.4.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "crafthemes-demo-import No.known.fix Authenticated.(Admin+).Arbitrary.File.Upload.in.process_uploaded_files HIGH" "crafthemes-demo-import No.known.fix Missing.Authorization.to.Arbitrary.Plugin.Installation HIGH" "calendar No.known.fix Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "calendar 1.3.11 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "country-blocker No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "country-blocker No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "custom-admin-login-styler-wpzest No.known.fix Admin+.Stored.XSS LOW" "carrrot No.known.fix Admin+.Stored.XSS LOW" "compact-wp-audio-player 1.9.15 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "compact-wp-audio-player 1.9.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sc_embed_player.Shortcode MEDIUM" "compact-wp-audio-player 1.9.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.fileurl MEDIUM" "compact-wp-audio-player 1.9.8 Contributor+.Stored.XSS MEDIUM" "compact-wp-audio-player 1.9.7 Setting.Change.via.CSRF MEDIUM" "compact-wp-audio-player 1.9.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "cosmosfarm-share-buttons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "camoo-sms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "coolclock 4.3.5 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "convert-classic-editor-to-blocks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "convert-classic-editor-to-blocks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "codecolorer 0.10.1 CodeColorer.<.0,10,1.–.Admin+.Stored.Cross-Site.Scripting LOW" "cf7-google-sheets-connector 5.0.18 Missing.Authorization MEDIUM" "cf7-google-sheets-connector 5.0.10 Missing.Authorization.to.Limited.Site.Configuration.Update MEDIUM" "cf7-google-sheets-connector 5.0.6 Unauthenticated.Sensitive.Information.Exposure.via.Debug.Log HIGH" "cf7-google-sheets-connector 5.0.2 Reflected.XSS HIGH" "custom-product-stickers-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "callbook-mobile-bar No.known.fix Admin+.Stored.Cross.Site.Scripting LOW" "calculatorpro-calculators No.known.fix Reflected.Cross-Site.Scripting.via.CP_preview_calc MEDIUM" "custom-post-limits No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "convertful 2.6 Missing.Authorization.via.add_woo_coupon MEDIUM" "cf7-message-filter 1.6.33 Authenticated.(Administrator+).SQL.Injection MEDIUM" "cf7-message-filter 1.6.3.1 Subscriber+.Filter.Creation MEDIUM" "cf7-message-filter 1.6.3.1 Subscriber+.Filter.Updates/Deletions MEDIUM" "cf7-message-filter 1.6.2 Reflected.Cross-Site.Scripting MEDIUM" "cf7-message-filter 1.4.3 Reflected.Cross-Site.Scripting MEDIUM" "custom-field-for-wp-job-manager 1.5 Cross-Site.Request.Forgery MEDIUM" "custom-field-for-wp-job-manager 1.4 Reflected.Cross-Site.Scripting MEDIUM" "custom-field-for-wp-job-manager 1.3 .Insecure.Direct.Object.Reference.to.Sensitive.Information.Exposure.via.Shortcode MEDIUM" "custom-field-for-wp-job-manager 1.2 Admin+.Stored.XSS LOW" "custom-field-for-wp-job-manager 1.2 Admin+.Stored.XSS LOW" "catch-breadcrumb 1.7 Unauthorised.Plugin's.Setting.Change MEDIUM" "catch-breadcrumb 1.5.7 Unauthenticated.Reflected.XSS MEDIUM" "charity-addon-for-elementor No.known.fix Authenticated.(Contributor+).Post.Disclosure MEDIUM" "charity-addon-for-elementor 1.3.3 Contributor+.Stored.XSS MEDIUM" "charity-addon-for-elementor 1.3.2 .Contributor+.Stored.XSS MEDIUM" "cmyee-momentopress 1.0.2 Contributor+.Stored.XSS MEDIUM" "contact-form-maker No.known.fix Admin+.SQLi MEDIUM" "contact-form-maker 1.13.5 Cross-Site.Request.Forgery.to.LFI HIGH" "capturly-optimize-your-website No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "capability-manager-enhanced 2.5.2 Admin+.PHP.Objection.Injection MEDIUM" "capability-manager-enhanced 2.3.3 Reflected.Cross-Site.Scripting MEDIUM" "capability-manager-enhanced 2.3.1 Unauthenticated.Arbitrary.Options.Update.to.Blog.Compromise CRITICAL" "cryokey No.known.fix Reflected.Cross-Site.Scripting.via.'ckemail'.Parameter MEDIUM" "contact-form-entries 1.3.9 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "contact-form-entries 1.3.4 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "contact-form-entries 1.3.3 Admin+.Arbitrary.File.Upload MEDIUM" "contact-form-entries 1.3.1 SQL.Injection MEDIUM" "contact-form-entries 1.3.1 Contributor+.Stored.XSS MEDIUM" "contact-form-entries 1.3.0 CSV.Injection MEDIUM" "contact-form-entries 1.2.4 Reflected.Cross-Site.Scripting HIGH" "contact-form-entries 1.2.2 Reflected.Cross-Site.Scripting HIGH" "contact-form-entries 1.2.1 Reflected.Cross-Site.Scripting HIGH" "contact-form-entries 1.1.7 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "cube-slider No.known.fix Admin+.SQLi MEDIUM" "comment-press 2.7.2 Unauthenticated.Cross-Frame.Scripting HIGH" "cornerstone 0.8.1 Reflected.Cross-Site.Scripting MEDIUM" "cornerstone 0.8.1 Reflected.Cross-Site.Scripting.via.PHP_SELF MEDIUM" "change-wp-admin-login 1.1.4 Secret.Login.Page.Disclosure MEDIUM" "change-wp-admin-login 1.1.0 Unauthenticated.Arbitrary.Settings.Update MEDIUM" "clearfy 2.3.2 Cross-Site.Request.Forgery.to.Clear.Cache MEDIUM" "clearfy 2.3.3 Cross-Site.Request.Forgery.to.Plugin.Settings.Update.via.'setup-wbcr_clearfy' MEDIUM" "clearfy 2.2.5 Missing.Authorization MEDIUM" "clearfy 2.3.3 Cross-Site.Request.Forgery MEDIUM" "clearfy 2.0.5 Reflected.Cross-Site.Scripting MEDIUM" "code-snippets 3.6.0 Arbitrary.settings.change.via.CSRF MEDIUM" "code-snippets 2.14.4 Reflected.Cross-Site.Scripting MEDIUM" "code-snippets 2.14.3 Reflected.Cross-Site.Scripting HIGH" "code-snippets 2.14.0 CSRF.to.RCE HIGH" "call-now-button 1.4.14 Cross-Site.Request.Forgery MEDIUM" "call-now-button 1.4.7 Admin+.Stored.XSS LOW" "call-now-button 1.1.2 Reflected.Cross-Site.Scripting LOW" "causes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "comment-license 1.4.0 Arbitrary.Settings.Update.via.CSRF MEDIUM" "configurable-tag-cloud-widget 5.3 Cross-Site.Request.Forgery MEDIUM" "coming-soon-maintenance-mode 1.0.6 Information.Exposure MEDIUM" "cashtomer No.known.fix Authenticated.SQL.Injection MEDIUM" "comment-engine-pro No.known.fix Editor+.Stored.Cross-Site.Scripting LOW" "contact-forms 1.9.5 Missing.Authorization.to.Unauthenticated.Form.Submission.Download MEDIUM" "contact-forms 1.9.3 Cross-Site.Request.Forgery.via.process_bulk_action.Function MEDIUM" "contact-forms 1.9.1 Admin+.Stored.XSS LOW" "contact-forms 1.8.0 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "contact-forms 1.6.1 CSRF MEDIUM" "contact-forms 1.5.8 Cross-Site.Request.Forgery MEDIUM" "contact-forms 1.5.5 Reflected.XSS HIGH" "contact-forms 1.5.5 Unauthenticated.Stored.XSS HIGH" "contact-forms 1.4.12 Admin+.Stored.Cross-Site.Scripting LOW" "cackle No.known.fix Cross-Site.Request.Forgery MEDIUM" "calendapp No.known.fix Reflected.XSS HIGH" "canva No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "clover-online-orders 1.5.8 Reflected.Cross-Site.Scripting MEDIUM" "clover-online-orders 1.5.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.moo_receipt_link.Shortcode MEDIUM" "clover-online-orders 1.5.7 Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Data.Update MEDIUM" "clover-online-orders 1.5.7 Missing.Authorization.to.Plugin.Deactivation.and.Data.Deletion MEDIUM" "clover-online-orders 1.5.7 Missing.Authorization MEDIUM" "clover-online-orders 1.5.7 Missing.Authorization MEDIUM" "clover-online-orders 1.5.5 Cross-Site.Request.Forgery MEDIUM" "clover-online-orders 1.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "clover-online-orders 1.5.5 Reflected.XSS HIGH" "cost-calculator-builder-pro 3.2.16 Unauthenticated.SQL.Injection.via.data HIGH" "cost-calculator-builder-pro No.known.fix .Unauthenticated.Price.Manipulation MEDIUM" "cost-calculator-builder-pro 3.1.76 Unauthenticated.Arbitrary.Email.Sending MEDIUM" "cost-calculator-builder-pro 3.1.73 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "cost-calculator-builder-pro 3.1.68 Unauthenticated.Cross-Site.Scripting.via.SVG.Upload HIGH" "contact-form-7-skins 2.1.1 Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7-skins 2.5.1 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "content-mirror No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "categories-gallery No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "custom-add-user No.known.fix Reflected.Cross-Site.Scripting HIGH" "cookie-notice-consent 1.6.1 Admin+.Stored.XSS LOW" "c9-admin-dashboard No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "cleantalk-spam-protect 6.44 Unauthenticated.Arbitrary.Plugin.Installation HIGH" "cleantalk-spam-protect 6.45 Unauthenticated.Arbitrary.Plugin.Installation HIGH" "cleantalk-spam-protect 6.21 Email.Update.via.CSRF MEDIUM" "cleantalk-spam-protect 6.21 Counters.Reset/Creation.via.CSRF MEDIUM" "cleantalk-spam-protect 5.185.1 Admin+.SQLi MEDIUM" "cleantalk-spam-protect 5.174.1 Reflected.Cross-Site.Scripting MEDIUM" "cleantalk-spam-protect 5.153.4 Unauthenticated.Blind.SQL.Injection HIGH" "cleantalk-spam-protect 5.149 Multiple.Authenticated.SQL.Injections MEDIUM" "cleantalk-spam-protect 5.127.4 Cross-Site.Scripting.Issue MEDIUM" "cleantalk-spam-protect 5.22 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "clockify-lite No.known.fix Missing.Authorization MEDIUM" "compare-affiliated-products No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "compare-affiliated-products No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cazamba No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "chative-live-chat-and-chatbot 1.2 Channel/Org.ID.Update.via.CSRF MEDIUM" "cloak-front-end-email 1.9.6 Missing.Authorization MEDIUM" "cloak-front-end-email 1.9.2 Contributor+.Stored.XSS MEDIUM" "collapsing-categories 3.0.9 Unauthenticated.SQL.Injection HIGH" "contact-form-to-db 1.7.3 Authenticated.(Author+).SQL.Injection CRITICAL" "contact-form-to-db 1.7.2 Improper.Neutralization.of.Special.Elements.used.in.an.SQL.Command.('SQL.Injection') MEDIUM" "caching-compatible-cookie-optin-and-javascript 0.0.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "chatpressai 1.0.1 Reflected.Cross-Site.Scripting MEDIUM" "coupon-zen 1.0.6 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "cp-blocks 1.0.21 CSRF MEDIUM" "cp-blocks 1.0.15 Admin+.Stored.Cross-Site.Scripting LOW" "child-support-calculator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "child-support-calculator 1.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "custom-post-type-templates-for-elementor 1.1.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "conditional-payments 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "cart-lift 3.1.6 Reflected.XSS HIGH" "css-live No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "clipr No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "cosmic-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-css-pro 1.0.4 CSRF.&.XSS HIGH" "clyp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "catch-instagram-feed-gallery-widget 2.3 Unauthorised.Plugin's.Setting.Change MEDIUM" "cp-multi-view-calendar 1.4.07 Unauthenticated.Arbitrary.Event.Deletion MEDIUM" "cp-multi-view-calendar 1.4.07 Unauthenticated.Arbitrary.Event.Creation.to.Stored.XSS HIGH" "cp-multi-view-calendar 1.4.01 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "cookies-by-jm No.known.fix Admin+.Stored.XSS LOW" "custom-post-type-generator No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "catch-dark-mode No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "checkout-fees-for-woocommerce 2.12.2 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "cm-ad-changer 2.0.6 Cross-Site.Request.Forgery MEDIUM" "coming-soon-wp 2.1.3 Maintenance.Mode.Bypass MEDIUM" "coming-soon-wp 1.6.7 Admin+.Stored.Cross-Site.Scripting MEDIUM" "conveythis-translate 235 Missing.Authorization.to.Limited.Option.Update MEDIUM" "conveythis-translate 224 Unauthenticated.Stored.Cross-Site.Scripting.via.api_key HIGH" "copify No.known.fix Stored.Cross-Site.Scripting.via.CSRF HIGH" "category-post-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "csv-to-html 3.15 Reflected.Cross-Site.Scripting HIGH" "csv-to-html 3.27 Subscriber+.Arbitrary.File.Upload CRITICAL" "coupon-x-discount-pop-up 1.3.6 Missing.Authorization.to.Authenticated.(Contributor+).PHP.Object.Injection HIGH" "coupon-x-discount-pop-up 1.3.6 Missing.Authorization MEDIUM" "creative-mail-by-constant-contact 1.6.0 Multiple.CSRF MEDIUM" "creative-mail-by-constant-contact 1.6.0 CSRF MEDIUM" "creative-mail-by-constant-contact 1.6.0 Settings.Reset.via.CSRF MEDIUM" "cloud-manager No.known.fix Reflected.XSS CRITICAL" "custom-my-account-for-woocommerce No.known.fix Stored.XSS.via.CSRF HIGH" "cj-custom-content No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "contact-form-7-sms-addon 2.4.0 Cross-Site.Scripting.(XSS) MEDIUM" "category-ajax-filter 2.8.3 Unauthenticated.Local.File.Inclusion CRITICAL" "cta 2.5.1 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "clevernode-related-content 1.1.6 Reflected.Cross-Site.Scripting MEDIUM" "cartoon-url No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "contact-form-7-star-rating-with-font-awersome No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "carousel-of-post-images No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-text-selection-colors No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "clicksend-lead-capture-form No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Message.Deletion MEDIUM" "custom-post-type-gui No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "cost-calculator-builder 3.2.68 Unauthenticated.SQL.Injection HIGH" "cost-calculator-builder 3.2.68 Authenticated.(Subscriber+).SQL.Injection.via.order_ids.Parameter MEDIUM" "cost-calculator-builder 3.2.66 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cost-calculator-builder 3.2.43 Settings.update.via.CSRF MEDIUM" "cost-calculator-builder 3.2.29 Admin+.SQL.Injection MEDIUM" "cost-calculator-builder 3.2.16 Unauthenticated.SQL.Injection CRITICAL" "cost-calculator-builder 3.2.13 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Content.Creation MEDIUM" "cost-calculator-builder 3.2.13 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "cost-calculator-builder 2.3.3 Reflected.Cross-Site.Scripting MEDIUM" "configure-smtp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "caxton No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "caxton 1.30.1 Reflected.Cross-Site.Scripting MEDIUM" "caxton 1.30.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "commenttweets No.known.fix Settings.Update.via.CSRF MEDIUM" "custom-functions No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "contexto No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "checkout-freemius-rewamped 2.0.1 Reflected.Cross-Site.Scripting MEDIUM" "clipart No.known.fix Reflected.XSS HIGH" "contact-page-with-google-map No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "cf7-calendly-integration No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "chamber-dashboard-business-directory No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "chamber-dashboard-business-directory 3.3.11 Missing.Authorization MEDIUM" "chamber-dashboard-business-directory 3.3.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "chamber-dashboard-business-directory 3.3.2 Reflected.Cross-Site.Scripting MEDIUM" "chamber-dashboard-business-directory 3.3.1 Authenticated.Stored.Cross-Site.Scripting HIGH" "cpo-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "cpo-shortcodes No.known.fix Admin+.Stored.XSS LOW" "cf7-hubspot 1.3.2 Cross-Site.Request.Forgery MEDIUM" "cf7-hubspot 1.2.0 Reflected.Cross-Site.Scripting HIGH" "custom-404-pro 3.11.2 Reflected.Cross-Site.Scripting MEDIUM" "custom-404-pro 3.10.1 Unauthenticated.Stored.Cross-Site.Scripting.via.logging HIGH" "custom-404-pro 3.8.1 Multiple.SQL.Injection HIGH" "custom-404-pro 3.8.2 Reflected.XSS HIGH" "custom-404-pro 3.7.3 Reflected.Cross-Site.Scripting HIGH" "custom-404-pro 3.7.2 Logs.Deletion.via.CSRF MEDIUM" "custom-404-pro 3.7.1 Admin+.SQLi MEDIUM" "custom-404-pro 3.2.8 XSS MEDIUM" "custom-404-pro 3.2.9 Authenticated.Reflected.XSS MEDIUM" "contact-form-7-multi-step-module 4.3.1 Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7-multi-step-module 4.1.91 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "contact-form-7-multi-step-module 3.0.9 Subscriber+.Arbitrary.Option.Update CRITICAL" "cb-logo-slider 4.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cb-logo-slider 4.5.0 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "custom-post-popup No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "connections No.known.fix Authenticated.(Admin+).Arbitrary.Directory.Deletion MEDIUM" "connections 10.4.37 Contributor+.Stored.XSS MEDIUM" "connections 10.4.3 Admin+.Stored.Cross-Site.Scripting LOW" "connections 9.7 Admin+.CSV.Injection MEDIUM" "connections 8.5.9 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "copy-delete-posts 1.4.0 Subscriber+.Plugin.Installation MEDIUM" "copy-delete-posts 1.4.0 Plugin.Installation.via.CSRF MEDIUM" "copy-delete-posts 1.2.0 Authenticated.SQL.Injection MEDIUM" "crelly-slider 1.4.7 Admin+.Stored.XSS LOW" "crelly-slider 1.4.6 Subscriber+.Insecure.Direct.Object.Reference MEDIUM" "crelly-slider No.known.fix Admin+.Stored.XSS LOW" "crelly-slider 1.3.5 Arbitrary.File.Upload HIGH" "creative-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "caldera-forms-pro 1.8.2 Unauthenticated.Arbitrary.File.Read HIGH" "css-js-files 1.5.1 Authenticated.(Admin+).Arbitrary.File.Read MEDIUM" "crm2go No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cf7-utm-tracking No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "canto 3.0.9 Unauthenticated.Remote.File.Inclusion CRITICAL" "canto 3.0.7 Unauthenticated.RCE CRITICAL" "canto 3.0.5 Unauthenticated.Remote.File.Inclusion CRITICAL" "canto 3.0.9 Unauthenticated.Blind.SSRF MEDIUM" "cart66-cloud No.known.fix Unauthenticated.Information.Exposure MEDIUM" "cart66-cloud No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "capitalize-my-title No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "classified-listing-pro 2.0.20 Reflected.Cross-Site.Scripting MEDIUM" "classified-listing-pro 2.0.20 Reflected.Cross-Site.Scripting MEDIUM" "customer-reviews-collector-for-woocommerce 4.0 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "cheetaho-image-optimizer 1.4.3.2 Reflected.Cross-Site.Scripting MEDIUM" "crm-memberships No.known.fix Admin+.Stored.XSS LOW" "contest-code-checker No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "contest-code-checker 2.0.4 Reflected.Cross-Site.Scripting MEDIUM" "contest-code-checker 1.9.8 Reflected.Cross-Site.Scripting MEDIUM" "contest-code-checker 1.9.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "csv-import-export No.known.fix Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "clicface-trombi No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.nom.Parameter MEDIUM" "cbxpoll No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "cryptocurrency-donation-box 1.8 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "custom-map No.known.fix Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "cf7-redirect-thank-you-page 1.0.8 Reflected.Cross-Site.Scripting MEDIUM" "cf7-redirect-thank-you-page 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "cf7-redirect-thank-you-page 1.0.4 Cross-Site.Request.Forgery MEDIUM" "conditional-menus 1.2.1 Reflected.XSS HIGH" "contractor-contact-form-website-to-workflow-tool 4.1.0 Reflected.XSS HIGH" "cf7-email-add-on No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "clearout-email-validator 3.2.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "continuous-image-carousel-with-lightbox 1.0.16 Reflected.XSS HIGH" "cmsmasters-elementor-addon 1.15.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "catch-infinite-scroll 1.9 Unauthorised.Plugin's.Setting.Change MEDIUM" "cryout-serious-slider 1.2.7 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "cryout-serious-slider 1.2.5 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "cryout-serious-slider 1.2.5 Cross-Site.Request.Forgery MEDIUM" "country-flags-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-field-suite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.cfs[post_title] MEDIUM" "custom-field-suite No.known.fix Authenticated.(Contributor+).SQL.Injection.via.Term.Custom.Field HIGH" "custom-field-suite No.known.fix Contributor+.PHP.Code.Injection.via.Loop.Custom.Field HIGH" "custom-field-suite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.cfs[post_content] MEDIUM" "custom-field-suite 2.6.6 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "custom-field-suite 2.6.5 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "custom-field-suite 2.6.3 Admin+.Stored.XSS LOW" "custom-field-suite 2.5.15 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "change-wc-price-title 2.4 Reflected.Cross-Site.Scripting MEDIUM" "change-wc-price-title 2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "clp-custom-login-page No.known.fix Cross-Site.Request.Forgery MEDIUM" "cf7-insightly 1.0.9 Reflected.Cross-Site.Scripting HIGH" "copyrightpro No.known.fix Settings.Update.via.CSRF MEDIUM" "ct-real-estate-core 3.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "comparepress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "conditional-extra-fees-for-woocommerce 1.0.97 Admin+.Stored.XSS MEDIUM" "control-block-patterns No.known.fix Missing.Authorization MEDIUM" "custom-field-manager No.known.fix Reflected.XSS.Vulnerability HIGH" "customizely No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "customizely 1.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cubewp-framework 1.1.16 Missing.Authorization MEDIUM" "cubewp-framework 1.1.13 Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "companion-auto-update 3.3.6 Authenticated.SQL.Injection CRITICAL" "contact-form-lite 1.1.27 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "contact-form-lite 1.1.25 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "chatbot-support-ai No.known.fix Admin+.Stored.XSS LOW" "contact-form-cfdb7 1.2.7 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "contact-form-cfdb7 1.2.6.5 CSV.Injection LOW" "contact-form-cfdb7 1.2.6.1 Arbitrary.Form.Deletion..via.CSRF MEDIUM" "contact-form-cfdb7 1.2.6.2 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "contact-form-cfdb7 1.2.5.6 CSV.Injection MEDIUM" "contact-form-cfdb7 1.2.5.4 Authenticated.SQL.Injections CRITICAL" "custom-login-redirect No.known.fix CSRF.to.Stored.XSS HIGH" "content-snippet-manager 1.1.6 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "classyfrieds No.known.fix Authenticated.Arbitrary.File.Upload.to.RCE CRITICAL" "conditional-marketing-mailer 1.6 Arbitrary.Plugin.Installation/Activation.via.CSRF CRITICAL" "conditional-marketing-mailer 1.5.2 Arbitrary.Plugin.Installation/Activation.via.Low.Privilege.User CRITICAL" "coins-marketcap 5.5.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "coming-soon 6.18.4 Editor+.Stored.XSS MEDIUM" "coming-soon 6.15.22 Unauthenticated.Plugin.Page.Content.Update MEDIUM" "coming-soon 6.15.15.3 Arbitrary.Settings.Update.via.CSRF MEDIUM" "coming-soon 5.1.2 Authenticated.Stored.Cross.Site.Scripting.(XSS) LOW" "css-hero 4.07 Authenticated.Reflected.XSS MEDIUM" "contact-form-manager 1.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cardinity-free-payment-gateway-for-woocommerce 3.0.7 Reflected.Cross-Site.Scripting HIGH" "co2ok-for-woocommerce 2.0.4 Reflected.Cross-Site.Scripting MEDIUM" "co2ok-for-woocommerce 1.0.9.22 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "co2ok-for-woocommerce 1.0.9.22 Subscriber+.Arbitrary.Option.Update CRITICAL" "cww-companion 1.2.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "caret-country-access-limit 1.0.3 Arbitrary.Settings.Update.via.CSRF MEDIUM" "card-elements-for-elementor 1.2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Profile.Card.Widget MEDIUM" "card-elements-for-elementor 1.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "comparison-slider No.known.fix Cross-Site.Request.Forgery MEDIUM" "comparison-slider No.known.fix Missing.Authorization MEDIUM" "comparison-slider No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "cleverreach-wc No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "commerce-coinbase-for-woocommerce 1.5.0 Reflected.Cross-Site.Scripting MEDIUM" "commerce-coinbase-for-woocommerce 1.4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "crisp 0.45 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "crisp 0.32 CSRF.to.Stored.Cross-Site.Scripting HIGH" "custom-user-guide 1.1.1 Reflected.Cross-Site.Scripting MEDIUM" "custom-user-guide 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "chat-bee No.known.fix Admin+.Stored.XSS LOW" "coming-soon-countdown No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "content-manager-light No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "categorify 1.0.7.5 Cross-Site.Request.Forgery.via.categorifyAjaxRenameCategory MEDIUM" "categorify 1.0.7.5 Cross-Site.Request.Forgery.via.categorifyAjaxAddCategory MEDIUM" "categorify 1.0.7.5 Cross-Site.Request.Forgery.via.categorifyAjaxClearCategory MEDIUM" "categorify 1.0.7.5 Cross-Site.Request.Forgery.via.categorifyAjaxDeleteCategory MEDIUM" "categorify 1.0.7.5 Missing.Authorization.in.categorifyAjaxRenameCategory MEDIUM" "categorify 1.0.7.5 Missing.Authorization.in.categorifyAjaxUpdateFolderPosition MEDIUM" "categorify 1.0.7.5 Cross-Site.Request.Forgery.via.categorifyAjaxUpdateFolderPosition MEDIUM" "categorify 1.0.7.5 Missing.Authorization.in.categorifyAjaxClearCategory MEDIUM" "categorify 1.0.7.5 Missing.Authorization.in.categorifyAjaxDeleteCategory MEDIUM" "categorify 1.0.7.5 Missing.Authorization.in.categorifyAjaxAddCategory MEDIUM" "categorify 1.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "catalyst-connect-client-portal 2.1.0 Admin+.Stored.XSS LOW" "catalyst-connect-client-portal 2.1.0 Reflected.XSS HIGH" "copyright-safeguard-footer-notice No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "content-planner No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "custom-smilies-se No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cardealer 4.48 Missing.Authorization MEDIUM" "cardealer 4.16 Admin+.Content.Injection LOW" "cardealer 3.05 Subscriber+.Arbitrary.Plugin.Installation HIGH" "comment-guestbook No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "cartboss 4.1.3 Missing.Authorization MEDIUM" "currency-switcher-for-woocommerce 0.0.8 Cross-Site.Request.Forgery MEDIUM" "choice-payment-gateway-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "choice-payment-gateway-for-woocommerce 2.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "contact-manager 8.6.5 Unauthenticated.Arbitrary.Double.File.Extension.Upload HIGH" "counters-block 1.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cobwebo-url No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "chartjs No.known.fix Editor+.Stored.Cross-Site.Scripting.in.New.Chart LOW" "chartjs No.known.fix Editor+.Stored.Cross-Site.Scripting LOW" "coupon-lite 1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "coupon-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "captain-slider No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "custom-dashboard-page No.known.fix Cross-Site.Request.Forgery MEDIUM" "content-audit-exporter No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "client-portal-suitedash-login 1.8.0 Admin+.Stored.XSS LOW" "colibri-page-builder 1.0.332 Contributor+.Stored.XSS MEDIUM" "colibri-page-builder 1.0.288 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "colibri-page-builder 1.0.277 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.colibri_video_player.Shortcode MEDIUM" "colibri-page-builder 1.0.277 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "colibri-page-builder 1.0.274 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "colibri-page-builder 1.0.274 Contributor+.Stored.Cross-Site.Scripting.via.the.plugin's.'colibri_breadcrumb_element'.shortcode MEDIUM" "colibri-page-builder 1.0.264 Author+.Stored.Cross-Site.Scripting MEDIUM" "colibri-page-builder 1.0.270 Contributor+.Stored.XSS MEDIUM" "colibri-page-builder 1.0.249 Missing.Authorization MEDIUM" "colibri-page-builder 1.0.260 Arbitrary.Shortcode.Call.via.CSRF MEDIUM" "colibri-page-builder 1.0.260 Import.Images,.Delete.Post,.Save.Theme.Data.via.CSRF MEDIUM" "colibri-page-builder 1.0.240 Contributor+.Stored.XSS MEDIUM" "colibri-page-builder 1.0.248 Contributor+.Stored.XSS MEDIUM" "colibri-page-builder 1.0.229 Admin+.SQL.Injection MEDIUM" "credit-tracker No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "controlled-admin-access 1.5.6 Improper.Access.Control.to.Privilege.Escalation HIGH" "controlled-admin-access 1.5.2 Improper.Access.Control.&.Privilege.Escalation HIGH" "csv2wpec-coupon No.known.fix Unauthenticated.Remote.File.Upload HIGH" "currency-converter-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "cryptocurrency-price-ticker-widget 2.8.1 Reflected.Cross-Site.Scripting MEDIUM" "cryptocurrency-price-ticker-widget 2.6.9 Missing.Authorization MEDIUM" "cryptocurrency-price-ticker-widget 2.6.6 2.6.5.-.Unauthenticated.SQL.Injection CRITICAL" "cryptocurrency-price-ticker-widget 2.5 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "chilexpress-oficial No.known.fix Reflected.XSS HIGH" "content-hubs No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "content-hubs 1.0.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "campaign-monitor-wp 2.5.8 Reflected.Cross-Site.Scripting MEDIUM" "campaign-monitor-wp 2.5.6 Subscriber+.Arbitrary.Options.Update MEDIUM" "contact-form-7-mailchimp-extension No.known.fix Cross-Site.Request.Forgery MEDIUM" "contact-form-7-mailchimp-extension No.known.fix Subscriber+.Server-Side.Request.Forgery MEDIUM" "changyan No.known.fix Missing.Authorization MEDIUM" "custom-store-locator 1.4.8 Reflected.Cross-Site.SCripting MEDIUM" "control-horas No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-taxonomy-category-and-term-fields No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "copy-the-code 4.0.4 Contributor+.Stored.XSS MEDIUM" "copy-the-code 2.6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "copy-the-code 2.6.4 Reflected.Cross-Site.Scripting MEDIUM" "cm-video-lesson-manager-pro 3.5.9 Admin+.Stored.Cross-Site.Scripting LOW" "copyscape-premium 1.4.0 Stored.XSS.via.CSRF HIGH" "contact-list 2.9.88 Missing.Authorization.to.Notice.Dismissal MEDIUM" "contact-list 2.9.72 Reflected.Cross-Site.Scripting MEDIUM" "contact-list 2.9.50 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "contact-list 2.9.42 Reflected.Cross-Site.Scripting HIGH" "client-dash No.known.fix Missing.Authorization MEDIUM" "client-dash No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "common-ninja No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "chaty-pro 3.3.4 Unauthenticated.Arbitrary.File.Upload CRITICAL" "chaty-pro 2.8.2 Reflected.Cross-Site.Scripting HIGH" "cities-shipping-zones-for-woocommerce 1.2.8 Authenticated.(Shop.Manager+).Local.File.Inclusion HIGH" "cf7-builder No.known.fix Cross-Site.Request.Forgery MEDIUM" "custom-login-page No.known.fix Reflected.XSS HIGH" "checkout-field-visibility-for-woocommerce No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "client-power-tools 1.9.1 Reflected.Cross-Site.Scripting MEDIUM" "contact-form-with-shortcode 4.2.6 Reflected.Cross-Site.Scripting MEDIUM" "cf7-zendesk 1.1.4 Cross-Site.Request.Forgery MEDIUM" "cf7-zendesk 1.0.8 Reflected.Cross-Site.Scripting HIGH" "custom-css-js-php No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "custom-css-js-php No.known.fix CSRF.Bypass.in.Multiple.Plugins MEDIUM" "custom-field-list-widget No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "cf7-mollie No.known.fix Authenticated.(Administrator+).SQL.Injection HIGH" "cf7-mollie No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "contentstudio 1.2.6 Nonce.Disclosure HIGH" "contentstudio 1.2.6 Authorisation.Bypass HIGH" "contentstudio 1.2.6 Unauthorised.Function.Calls HIGH" "comic-easel No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "coneblog-widgets 1.4.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "coneblog-widgets 1.4.8 Reflected.Cross-Site.Scripting MEDIUM" "coneblog-widgets 1.4.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "custom-tabs-for-products-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Admin+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Admin+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5.1 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Admin+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5.1 Unauthenticated.SQL.Injection HIGH" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Admin+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Unauthenticated.SQL.Injection HIGH" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5.1 Author+.SQL.Injection MEDIUM" "custom-codes 2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "copy-menu No.known.fix Missing.Authorization MEDIUM" "cp-image-store 1.0.68 Unauthenticated.SQLi HIGH" "content-grabber No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "content-blocks-builder 2.7.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "content-blocks-builder 2.3.17 Reflected.Cross-Site.Scripting MEDIUM" "comment-highlighter No.known.fix Authenticated.SQL.Injection MEDIUM" "crazy-bone No.known.fix Unauthenticated.Stored.XSS HIGH" "crazy-bone 0.6.0 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "coming-soon-page 3.7.4 IP.Address.Spoofing.via.get_real_ip MEDIUM" "coming-soon-page 3.6.7 Subscriber+.Arbitrary.Email.Sending.to.Subscribed.Users MEDIUM" "coming-soon-page 3.6.8 Arbitrary.Email.Sending.to.Subscribed.Users.via.CSRF LOW" "coming-soon-page 3.5.3 Authenticated.Stored.XSS LOW" "checkbox 0.8.4 Reflected.Cross-Site.Scripting MEDIUM" "checkbox 0.8.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "custom-banners No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "custom-banners 3.3 CSRF.Nonce.Bypass.in.saveCustomFields MEDIUM" "custom-banners 2.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "charitable 1.8.4.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "charitable 1.8.3.1 Reflected.Cross-Site.Scripting MEDIUM" "charitable 1.8.1.15 Insecure.Direct.Object.Reference.to.Account.Takeover.and.Privilege.Escalation CRITICAL" "charitable 1.8.1.8 Missing.Authorization.to.Unauthorized.Donation MEDIUM" "charitable 1.8.1.8 Missing.Authorization.via.ajax_license_check() MEDIUM" "charitable 1.7.0.14 Authenticated(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "charitable 1.7.0.13 Unauthenticated.Privilege.Escalation CRITICAL" "charitable 1.7.0.11 Reflected.XSS HIGH" "charitable 1.6.51 Donation.Plugin.<.1.6.51.-.Unauthenticated.Stored.Cross-Site.Scripting HIGH" "charitable 1.6.51 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "charitable 1.5.14 Unauthorised.Access HIGH" "coschool No.known.fix Missing.Authorization.to.Privilege.Escalation CRITICAL" "car-rental No.known.fix Admin+.Stored.XSS LOW" "car-rental 1.0.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "contact-form-7-campaign-monitor-extension No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.File.Deletion CRITICAL" "circles-gallery No.known.fix Admin+.Stored.XSS LOW" "css-javascript-toolbox 11.9 Contributor+.Stored.XSS MEDIUM" "chat-viber 1.7.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "colour-smooth-maps No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "content-views-query-and-display-post-page 3.7.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.pagingType.Parameter MEDIUM" "content-views-query-and-display-post-page 3.7.1 Contributor+.Stored.Cross-Site.Scripting.via.Widget.Post.Overlay MEDIUM" "content-views-query-and-display-post-page 3.6.3 Admin+.Stored.XSS MEDIUM" "commenting-feature 3.2 Reflected.Cross-Site.Scripting MEDIUM" "commenting-feature 2.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "clasify-classified-listing No.known.fix Reflected.XSS HIGH" "cleanup-action-scheduler 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "cf7save-extension No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "categorycustomfields No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "custom-settings No.known.fix Admin+.Stored XSS LOW" "connect-contact-form-7-to-constant-contact-v3 1.5 Reflected.Cross-Site.Scripting MEDIUM" "canalplan-ac No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "custom-related-posts 1.7.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-related-posts 1.7.4 Missing.Authorization.to.Authenticated.(Subscriber+).Private.Post.Search.and.Relation.Updates MEDIUM" "cm-registration-pro 3.2.1 PHP.Object.Injection MEDIUM" "click-pledge-connect 2.24120000-WP6.7.1 Unauthenticated.SQL.Injection HIGH" "car No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "current-book No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "cm-email-blacklist 1.5.6 Reflected.Cross-Site.Scripting MEDIUM" "cm-email-blacklist 1.5.4 Reflected.XSS HIGH" "cm-email-blacklist 1.4.9 Add/Delete.Emails.via.CSRF.Add.and.delete.any.item.from.blacklist/whitelist MEDIUM" "catch-ids 2.4 Unauthorised.Plugin's.Setting.Change MEDIUM" "custom-tinymce-shortcode-button No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "code-generator-pro No.known.fix Unauthenticated.SQL.Injection CRITICAL" "contact-form-integrated-with-google-maps 2.5 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "cf7-antispam 0.6.1 Reflected.Cross-Site.Scripting MEDIUM" "cloudnet-sync No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "custom-post-type-relations No.known.fix Reflected.Cross-Site.Scripting HIGH" "custom-global-variables 1.1.1 Stored.Cross-Site.Scripting.(XSS) HIGH" "cartflows-pro 1.11.13 CSRF MEDIUM" "cartflows-pro 1.11.12 Reflected.Cross-Site.Scripting HIGH" "colorway No.known.fix Cross-Site.Request.Forgery MEDIUM" "catch-under-construction 1.4 Unauthorised.Plugin's.Setting.Change MEDIUM" "cf7-grid-and-styler-for-divi 1.5.2 Reflected.Cross-Site.Scripting MEDIUM" "cf7-grid-and-styler-for-divi 1.4.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "countdown-timer-block No.known.fix Contributor+.Stored.XSS MEDIUM" "clictracker No.known.fix Admin+.Stored.XSS LOW" "custom-base-terms 1.0.3 Admin+.Stored.XSS LOW" "captainform No.known.fix Reflected.Cross-Site.Scripting.via.REQUEST_URI MEDIUM" "captainform No.known.fix CSRF MEDIUM" "content-audit 1.9.2 Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "custom-share-buttons-with-floating-sidebar 4.2 Admin+.Stored.XSS LOW" "clean-login 1.14.6 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "clean-login 1.13.7 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "clean-login 1.12.6.4 Reflected.Cross-Site.Scripting MEDIUM" "clean-login 1.8 Change.Redirect.URL.CSRF MEDIUM" "clean-login 1.5.1 Reflected.XSS MEDIUM" "conditional-payment-methods-for-woocommerce No.known.fix Admin+.SQLi MEDIUM" "click-to-top 1.2.8 Authenticated.Stored.Cross-Site.Scripting LOW" "company-updates-for-linkedin No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "complianz-gdpr 7.0.0 Cross-Site.Request.Forgery.to.Data.Request.Deletion MEDIUM" "complianz-gdpr 6.5.6 Admin+.Stored.XSS LOW" "complianz-gdpr 6.4.2 GDPR/CCPA.Cookie.Consent.<.6.4.2.-.Contributor+.Stored.XSS MEDIUM" "complianz-gdpr 6.3.4 Translator.SQLi MEDIUM" "complianz-gdpr 6.0.0 GDPR/CCPA.Cookie.Consent.<.6.0.0.-.Reflected.Cross-Site.Scripting MEDIUM" "customizable-captcha-and-contact-us-form No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cf7-infusionsoft 1.1.4 Reflected.Cross-Site.Scripting HIGH" "cookiebot 4.4.2 Missing.Authorization.to.Authenticated.(Subscriber+).Survey.Submission MEDIUM" "cookiebot 3.6.1 CSRF.&.XSS LOW" "cardoza-facebook-like-box 4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "codoc 0.9.52 Reflected.Cross-Site.Scripting MEDIUM" "chauffeur-booking-system 7.0 Authentication.Bypass CRITICAL" "chauffeur-booking-system 7.3 Unauthenticated.Arbitrary.File.Upload CRITICAL" "css3-rotating-words 5.7 Cross-Site.Request.Forgery MEDIUM" "css3-rotating-words 5.5 Cross-Site.Request.Forgery.via.save_admin_options MEDIUM" "create-with-code 1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "chopslider No.known.fix Unauthenticated.Blind.SQL.Injection CRITICAL" "captchelfie-captcha-by-selfie No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "codestyling-localization No.known.fix Multiple.CSRF HIGH" "cm-download-manager 3.0.0 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "cm-download-manager 2.9.0 Download.Unpublish.via.CSRF MEDIUM" "cm-download-manager 2.9.0 Download.Deletion.via.CSRF MEDIUM" "cm-download-manager 2.9.1 Download.Edit.via.CSRF MEDIUM" "cm-download-manager 2.8.6 Admin+.Arbitrary.File.Upload MEDIUM" "cm-download-manager 2.8.0 Authenticated.Arbitrary.File.Deletion MEDIUM" "cm-download-manager 2.8.0 Unauthenticated.Reflected.Cross.Site.Scripting.(XSS) MEDIUM" "cm-download-manager 2.8.0 Authenticated.Cross-Site.Scripting MEDIUM" "cm-download-manager 2.0.7 CSRF.to.Cross-Site.Scripting HIGH" "cm-download-manager 2.0.4 Unauthenticated.Code.Injection CRITICAL" "catch-web-tools 2.7.1 Subscriber+.Arbitrary.Catch.IDs.Activation/Deactivation MEDIUM" "catch-web-tools 2.7 Unauthorised.Plugin's.Setting.Change MEDIUM" "crm-perks-forms 1.1.4 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "crm-perks-forms 1.1.6 Missing.Authorization.to.Unauthenticated.Form.Submission MEDIUM" "crm-perks-forms 1.1.5 Authenticated.(Contributor+).SQL.Injection CRITICAL" "crm-perks-forms 1.1.5 Unauthenticated.SQL.Injection CRITICAL" "crm-perks-forms 1.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "crm-perks-forms 1.1.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "crm-perks-forms 1.1.2 Admin+.Stored.Cross-Site.Scripting MEDIUM" "crm-perks-forms 1.1.1 Reflected.XSS HIGH" "click-to-call-or-chat-buttons 1.5.0 Admin+.Stored.XSS LOW" "client-showcase No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "candifly No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "content-control 2.6.0 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "content-control 2.2.0 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "content-control 1.1.10 Contributor+.Stored.XSS MEDIUM" "cpt-speakers No.known.fix Speakers.<=.1.1.-.Admin+.Stored.XSS LOW" "community-yard-sale No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "countdown-time 1.2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "countdown-time 1.2.5 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "custom-comment-notifications No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "copy-link No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "canvasio3d-light No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "canvasio3d-light No.known.fix Subscriber+.Entries.Update/Deletion MEDIUM" "canvasio3d-light No.known.fix Reflected.XSS HIGH" "classic-editor-addon 2.6.4 Subscriber+.Arbitrary.Plugin.Activation MEDIUM" "classic-editor-addon 2.6.4 Arbitrary.Plugin.Installation.from.Dependency.via.CSRF LOW" "cookiehub 1.1.1 Missing.Authorization MEDIUM" "calendarista 15.5.9 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "czater No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "custom-sidebars 3.1.0 CSRF HIGH" "custom-sidebars 3.0.8.1 CSRF HIGH" "content-text-slider-on-post 6.9 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "classified-listing-store 1.4.20 Reflected.Cross-Site.Scripting MEDIUM" "custom-fields-account-registration-for-woocommerce 1.2 Cross-Site.Request.Forgery MEDIUM" "copy-or-move-comments No.known.fix Reflected.XSS HIGH" "copy-or-move-comments No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "customize-my-account-for-woocommerce 2.9.0 Reflected.Cross-Site.Scripting MEDIUM" "customize-my-account-for-woocommerce 2.7.30 Reflected.Cross-Site.Scripting.via.tab.Parameter MEDIUM" "customize-my-account-for-woocommerce 1.8.4 Cross-Site.Request.Forgery.via.restore_my_account_tabs MEDIUM" "cf7-store-to-db-lite 1.1.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "cf7-store-to-db-lite 1.1.0 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "cm-faq 1.2.6 Reflected.Cross-Site.Scripting MEDIUM" "cookiebar No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "custom-widget-classes No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "count-per-day 3.5.5 Stored.Cross-Site.Scripting.(XSS) HIGH" "count-per-day 3.5.5 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "count-per-day 3.4.1 SQL.Injection MEDIUM" "contact-form-db-divi 1.2 Reflected.Cross-Site.Scripting MEDIUM" "convertcalculator 1.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "convertcalculator 1.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.and.type.Parameter MEDIUM" "ct-ultimate-gdpr 2.5 Unauthenticated.Plugin.Settings.Export.and.Import CRITICAL" "coupon-creator 3.1.1 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "coupon-creator 3.1.1 Arbitrary.Settings.Update.via.CSRF MEDIUM" "clickbank-ads-clickbank-widget 1.35 CSRF.to.Stored.Cross-Site.Scripting HIGH" "clickbank-ads-clickbank-widget 1.35 Admin+.Stored.Cross-Site.Scripting LOW" "conference-scheduler 2.4.3 Reflected.Cross-Site.Scripting MEDIUM" "custom-field-template 2.6.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-field-template 2.6.2 Authenticated(Constibutor+).Stored.Cross-Site.Scripting.via.Custom.Field.Name MEDIUM" "custom-field-template 2.6.2 Authenticated.(Admin+).Stored.Cross-Site.Scritping MEDIUM" "custom-field-template 2.6.2 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "custom-field-template 2.6.2 Authenticated(Contributor+).Information.Exposure MEDIUM" "custom-field-template 2.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.$search_label MEDIUM" "custom-field-template 2.6 Reflected.Cross-Site.Scripting HIGH" "custom-field-template 2.5.9 Cross-Site.Request.Forgery MEDIUM" "custom-field-template 2.5.8 Admin+.PHP.Object.Injection LOW" "custom-field-template 2.5.2 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "custom-field-template 2.5.2 Cross-Site.Request.Forgery MEDIUM" "captivatesync-trade 2.0.26 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "cp-simple-newsletter No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cp-simple-newsletter No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "chessgame-shizzle 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "clear-sucuri-cache No.known.fix Missing.Authorization MEDIUM" "clockwork-two-factor-authentication 1.1.0 Cross-Site.Scripting.(XSS) MEDIUM" "chatbot-chatgpt 2.1.8 Missing.Authorization.to.Authenticated.(Subscriber+).Assistant.Addition MEDIUM" "chatbot-chatgpt 2.1.8 Reflected.Cross-Site.Scripting MEDIUM" "chatbot-chatgpt 2.1.8 Missing.Authorization.to.Authenticated.(Subscriber+).Assistant.Deletion MEDIUM" "chatbot-chatgpt 2.1.8 Missing.Authorization.to.Authenticated.(Subscriber+).Assistant.Update MEDIUM" "chatbot-chatgpt 2.1.9 Cross-Site.Request.Forgery.to.Authenticated.(Subscriber+).Assistant.Modification MEDIUM" "chatbot-chatgpt 1.9.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "chatbot-chatgpt 2.0.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "chatbot-chatgpt 2.0.0 Unauthenticated.Arbitrary.File.Upload.via.chatbot_chatgpt_upload_file_to_assistant.Function CRITICAL" "calendar-booking No.known.fix Missing.Authorization.to.Unauthenticated.Service.Disconnection MEDIUM" "calendar-booking No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "comment-reply-email 1.5 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "comment-reply-email 1.0.4 Admin+.Stored.XSS LOW" "cms-commander-client 2.288 Unauthenticated.Authorisation.Bypass HIGH" "create-custom-dashboard-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "create-custom-dashboard-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "contact-form-7-round-robin-lead-distribution No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "contact-form-7-round-robin-lead-distribution No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "contact-widgets-for-elementor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "contact-widgets-for-elementor 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "crayon-syntax-highlighter No.known.fix Contributor+.Server.Side.Request.Forgery MEDIUM" "crayon-syntax-highlighter No.known.fix Cross-Site.Request.Forgery MEDIUM" "crayon-syntax-highlighter 2.8.4 Multiple.XSS MEDIUM" "cf7-widget-elementor 2.4.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "cf7-widget-elementor 2.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.cf7_redirect_page.Attribute MEDIUM" "cf7-widget-elementor 2.4 Missing.Authorization MEDIUM" "codepress-admin-columns 4.3 Admin+.Stored.XSS.in.Label LOW" "codepress-admin-columns 4.3.2 Authenticated.Stored.Cross-Site.Scripting.(XSS).in.Custom.Field MEDIUM" "cas-maestro No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "college-publisher-import No.known.fix Arbitrary.File.Upload.to.RCE CRITICAL" "csprite No.known.fix Cross-Site.Request.Forgery MEDIUM" "colorlib-coming-soon-maintenance No.known.fix Information.Exposure MEDIUM" "colorlib-coming-soon-maintenance 1.0.99 Admin+.Stored.Cross.Site.Scripting LOW" "checkbot No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "custom-wp-rest-api No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "custom-registration-form-builder-with-submission-manager 6.0.4.4 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "custom-registration-form-builder-with-submission-manager 6.0.3.4 Reflected.Cross-Site.Scripting MEDIUM" "custom-registration-form-builder-with-submission-manager 6.0.2.7 Unauthenticated.Privilege.Escalation.via.Password.Recovery CRITICAL" "custom-registration-form-builder-with-submission-manager 6.0.2.1 Stored.XSS LOW" "custom-registration-form-builder-with-submission-manager 6.0.1.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "custom-registration-form-builder-with-submission-manager 6.0.0.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "custom-registration-form-builder-with-submission-manager 5.3.2.1 Reflected.Cross-Site.Scripting MEDIUM" "custom-registration-form-builder-with-submission-manager 5.3.2.0 Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "custom-registration-form-builder-with-submission-manager 5.3.1.0 Cross-Site.Request.Forgery MEDIUM" "custom-registration-form-builder-with-submission-manager 5.2.6.0 Reflected.Cross-Site.Scripting MEDIUM" "custom-registration-form-builder-with-submission-manager 5.3.1.0 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "custom-registration-form-builder-with-submission-manager 5.2.6.0 Cross-Site.Request.Forgery MEDIUM" "custom-registration-form-builder-with-submission-manager 5.2.5.1 IP.Spoofing MEDIUM" "custom-registration-form-builder-with-submission-manager 5.2.5.1 Form.Submission.Limit.Bypass MEDIUM" "custom-registration-form-builder-with-submission-manager 5.2.4.6 Authenticated(Administrator+).SQL.Injection MEDIUM" "custom-registration-form-builder-with-submission-manager 5.2.3.1 Missing.Authorization MEDIUM" "custom-registration-form-builder-with-submission-manager 5.2.3.0 Cross-Site.Request.Forgery MEDIUM" "custom-registration-form-builder-with-submission-manager 5.2.4.2 Reflected.Cross-Site.Scripting.via.section_id MEDIUM" "custom-registration-form-builder-with-submission-manager 5.2.1.1 Unauthenticated.Authentication.Bypass CRITICAL" "custom-registration-form-builder-with-submission-manager 5.2.1.0 Admin+.Arbitrary.Password.Update.via.IDOR MEDIUM" "custom-registration-form-builder-with-submission-manager 5.1.9.3 Form.Deletion.via.CSRF MEDIUM" "custom-registration-form-builder-with-submission-manager 5.0.2.2 Admin+.SQL.Injection MEDIUM" "custom-registration-form-builder-with-submission-manager 5.0.1.9 Reflected.Cross-Site.Scripting HIGH" "custom-registration-form-builder-with-submission-manager 5.0.1.9 Reflected.Cross-Site.Scripting HIGH" "custom-registration-form-builder-with-submission-manager 5.0.1.6 Admin+.SQL.Injection MEDIUM" "custom-registration-form-builder-with-submission-manager 5.0.1.8 Authentication.Bypass CRITICAL" "custom-registration-form-builder-with-submission-manager 4.6.0.4 Multiple.Critical.Issues HIGH" "custom-registration-form-builder-with-submission-manager 4.6.0.3 Authenticated.SQL.Injection.via.Form_id MEDIUM" "custom-registration-form-builder-with-submission-manager 4.6.0.3 Multiple.Cross-Site.Scripting.(XSS) HIGH" "cforms2 15.0.7 Unauthenticated.Stored.XSS HIGH" "cforms2 15.0.7 Admin+.Stored.XSS LOW" "cforms2 15.0.5 Settings.Update.via.CSRF MEDIUM" "cforms2 15.0.2 Unauthenticated.HTML.Injection.&.CSRF HIGH" "cforms2 14.13.3 Multiple.XSS MEDIUM" "cforms2 14.13 SQL.Injection CRITICAL" "cforms2 14.6.10 SQL.Injection CRITICAL" "cmc-migrate No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cgm-event-calendar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7-paypal-add-on 2.3.2 PayPal.&.Stripe.Add-on.<.2.3.2.-.Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7-paypal-add-on 2.3.1 Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7-paypal-add-on 2.1 Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7-paypal-add-on 2.2 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "contact-form-7-paypal-add-on 1.9.4 Cross-Site.Request.Forgery MEDIUM" "cool-tag-cloud 2.26 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "cab-fare-calculator 1.1.7 Admin+.Stored.XSS LOW" "cab-fare-calculator 1.0.4 Unauthenticated.LFI MEDIUM" "crowdfunding-for-woocommerce 3.1.13 Reflected.Cross-Site.Scripting MEDIUM" "current-template-name 1.1.10 Reflected.Cross-Site.Scripting MEDIUM" "cimy-header-image-rotator No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "cwicly 1.4.0.3 Authenticated.(Contributor+).Remote.Code.Execution HIGH" "cs-framework No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Read HIGH" "cs-framework 7.1 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "custom-search-plugin 1.36 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "collapsing-archives 3.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cyber-new-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cf7-recaptcha-mine 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "catch-import-export 1.9 Unauthorised.Plugin's.Setting.Change MEDIUM" "custom-font-uploader 2.4.0 Custom.Font.Uploader.<.2.4.0.-.Missing.Authorization.to.Font.Deletion MEDIUM" "custom-font-uploader 2.2.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "cf7-calendar No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "cats-job-listings No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-pc-builder-lite-for-woocommerce No.known.fix Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "custom-page-extensions No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cyr3lat 3.7 Editor+.SQL.Injection MEDIUM" "coming-soon-blocks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "coming-soon-blocks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "conditional-logic-for-woo-product-add-ons 1.2.1 Reflected.Cross-Site.Scripting MEDIUM" "christmasify 1.5.6 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "clickcease-click-fraud-protection 3.2.5 Improper.Authorization.to.sensitive.information.exposure.via.get_settings MEDIUM" "clickcease-click-fraud-protection 3.2.8 Cross-Site.Request.Forgery MEDIUM" "customize-wpadmin No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "cf7-easy-math-captcha No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cyberus-key 1.1 Admin+.Stored.XSS LOW" "counter-box 2.0.7 Authenticated.(Administrator+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "counter-box 2.0.6 Cross-Site.Request.Forgery MEDIUM" "counter-box 1.2.4 Counter.Deletion.via.CSRF MEDIUM" "counter-box 1.2.2 Reflected.XSS MEDIUM" "counter-box 1.2.1 Arbitrary.Counter.Activation/Deactivation.via.CSRF MEDIUM" "counter-box 1.2 Admin+.LFI MEDIUM" "customer-chat-facebook No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "customer-chat-facebook No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "customer-chat-facebook No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "camptix 1.5.1 CSV.Injection.Bypasses.and.XSS HIGH" "custom-admin-page 0.1.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "comments-not-replied-to 1.5.8 Reflected.Cross-Site.Scripting MEDIUM" "comments-not-replied-to 1.5.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "clickervolt No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cf7-customizer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cf7-customizer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cf7-customizer No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "cbxpetition 2.0.0 Unauthenticated.SQLi HIGH" "cue 2.4.5 Missing.Authorization MEDIUM" "civicrm 5.24.3 Authenticated.Phar.Deserialization MEDIUM" "civicrm 5.28.1 CSRF.to.Stored.XSS MEDIUM" "clickdesigns 2.0.0 Missing.Authorization.to.API.Key.Modification.or.Removal MEDIUM" "current-menu-item-for-custom-post-types 1.6 Cross-Site.Request.Forgery MEDIUM" "countdown-wpdevart-extended 1.8.3 Admin+.Stored.XSS LOW" "countdown-wpdevart-extended 1.5.8 CSRF.to.Stored.Cross-Site.Scripting HIGH" "codeflavors-vimeo-video-post-lite 2.3.4.3 Authenticated.(Contributor+).SQL.Injection MEDIUM" "codeflavors-vimeo-video-post-lite 2.2.2 Reflected.XSS HIGH" "coming-soon-master 1.1 Reflected.Cross-Site.Scripting MEDIUM" "crudlab-scroll-to-top No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cms-tree-page-view 1.6.8 Reflected.XSS HIGH" "comments-ratings No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "comments-ratings No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "comments-ratings 1.1.7 Cross-Site.Request.Forgery MEDIUM" "cf7-telegram 0.8.6 Missing.Authorization.to.Authenticated.(Subscriber+).Subscription.Approve/Pause/Refuse MEDIUM" "cysteme-finder 1.4 Unauthenticated.LFI.and.Unauthenticated.File.Upload CRITICAL" "cm-business-directory 1.4.2 Reflected.XSS HIGH" "cross-linker No.known.fix Arbitrary.Cross-Link.Creation.via.CSRF MEDIUM" "coru-lfmember No.known.fix Arbitrary.Game.Deletion/Activation.via.CSRF MEDIUM" "coru-lfmember No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "cxc-sawa No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "custom-post-type-date-archives No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "cf7-paystack-add-on No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cforms No.known.fix Unauthenticated.HTML.Injection.&.CSRF HIGH" "cforms No.known.fix Multiple.XSS MEDIUM" "cforms No.known.fix SQL.Injection CRITICAL" "cforms No.known.fix SQL.Injection CRITICAL" "cforms No.known.fix Remote.Code.Execution.via.Unauthorised.File.Upload MEDIUM" "cforms 13.2 XSS MEDIUM" "cforms 10.5 XSS MEDIUM" "comfino-payment-gateway 4.1.2 Reflected.Cross-Site.Scripting HIGH" "conversational-forms 1.4.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "conversational-forms 1.3.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "conversational-forms 1.2.0 Unauthenticated.Arbitrary.File.Download HIGH" "conversational-forms 1.17 Admin+.Stored.XSS LOW" "code-snippets-extended No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "code-snippets-extended No.known.fix Arbitrary.Snippet.Deletion/Disabling.via.CSRF MEDIUM" "code-snippets-extended No.known.fix RCE.via.CSRF HIGH" "cf7-file-download No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "calendarista-basic-edition 3.0.3 Cross-Site.Request.Forgery MEDIUM" "calendarista-basic-edition 3.0.6 Missing.Authorization MEDIUM" "calendarista-basic-edition 3.0.3 Unauthenticated.Cross-Site.Scripting MEDIUM" "continuous-announcement-scroller No.known.fix Admin+.Stored.XSS LOW" "customify-sites No.known.fix Unauthenticated.Remote.Code.Execution CRITICAL" "corona-virus-covid-19-banner No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "corona-virus-covid-19-banner 1.8.0 CSRF MEDIUM" "clever-fox 25.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "clever-fox 25.2.1 Missing.Authorization.to.arbitrary.theme.activation.via.clever-fox-activate-theme MEDIUM" "chameleon 1.4.4 Admin+.Stored.XSS LOW" "category-seo-meta-tags No.known.fix Cross-Site.Request.Forgery.via.csmt_admin_options MEDIUM" "category-seo-meta-tags No.known.fix Admin+.Stored.XSS LOW" "ce21-suite 2.2.1 Unauthenticated.Privilege.Escalation CRITICAL" "ce21-suite No.known.fix Missing.Authorization.to.Unauthenticated.Plugin.Settings.Change MEDIUM" "ce21-suite No.known.fix JWT.Token.Disclosure CRITICAL" "ce21-suite 2.2.1 Authentication.Bypass CRITICAL" "cg-scroll-to-top No.known.fix .Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "cresta-addons-for-elementor 1.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "coub No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "chatwee No.known.fix Missing.Authorization MEDIUM" "cslider No.known.fix Cross-Site.Request.Forgery MEDIUM" "ct-commerce No.known.fix Admin+.Stored.XSS LOW" "cardoza-wordpress-poll No.known.fix Authenticated.SQL.Injection HIGH" "cardoza-wordpress-poll 34.06 Multiple.External.Function.Remote.Poll.Manipulation CRITICAL" "cardoza-wordpress-poll 33.6 Multiple.SQL.Injection.Vulnerabilities CRITICAL" "contact-form-vcard-generator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "contact-form-vcard-generator No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "cf7-spreadsheets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cf7-spreadsheets No.known.fix Missing.Authorization.to.Settings.Update MEDIUM" "captcha-bws 5.2.1 Captcha.Bypass MEDIUM" "cookie-notice 2.4.18 Admin+.Stored.XSS LOW" "cookie-notice 2.4.7 Contributor+.Stored.XSS MEDIUM" "cookie-notice 2.4.7 Contributor+.XSS MEDIUM" "cookie-notice 2.1.2 Admin+.Stored.Cross-Site.Scripting LOW" "cm-video-lesson-manager 1.8.3 Reflected.XSS HIGH" "cm-video-lesson-manager 1.7.2 Admin+.Stored.Cross-Site.Scripting LOW" "custom-admin-menu No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "carousel-anything No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "contact-form-ready 2.0.12 Form.Styling.Update.via.CSRF MEDIUM" "custom-css-js 3.4 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "coditor No.known.fix Arbitrary.File.Edition,.Deletion.and.Internal.Directory.Listing.in.wp-content CRITICAL" "cp-polls 1.0.75 Reflected.Cross-Site.Scripting MEDIUM" "cp-polls 1.0.77 Admin+.Stored.Cross-Site.Scripting LOW" "cp-polls 1.0.77 Admin+.Stored.XSS.via.Custom.Styles LOW" "cp-polls 1.0.72 Unauthenticated.Poll.Limit.Bypass MEDIUM" "cp-polls 1.0.72 Unauthenticated.Content.Injection MEDIUM" "cp-polls 1.0.9 Multiple.CSRF.Vulnerabilities MEDIUM" "cp-polls 1.0.9 Multiple.XSS.Vulnerabilities MEDIUM" "clink No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "customized-login No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Custom.URL MEDIUM" "content-staging No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "culqi-checkout 3.0.15 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "correos-express No.known.fix Sensitive.Information.Disclosure HIGH" "conditional-shipping-for-woocommerce 3.4.1 Cross-Site.Request.Forgery MEDIUM" "conditional-shipping-for-woocommerce 2.3.2 Ruleset.Toggle.via.CSRF MEDIUM" "calais-auto-tagger No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "connect-daily-web-calendar No.known.fix Stored.XSS.via.CSRF HIGH" "connect-daily-web-calendar 1.4.5 Multiple.Reflected.XSS HIGH" "cssjockey-add-ons No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "catch-themes-demo-import 2.1.1 Admin+.Remote.Code.Execution MEDIUM" "catch-themes-demo-import 1.8 Admin+.Arbitrary.File.Upload CRITICAL" "catch-themes-demo-import 1.6 Unauthorised.Plugin's.Setting.Change MEDIUM" "complete-open-graph No.known.fix Admin+.Stored.XSS LOW" "contextual-related-posts 3.3.1 Contributor+.Stored.XSS MEDIUM" "contextual-related-posts 2.9.4 CSRF.Nonce.Validation.Bypass MEDIUM" "contextual-related-posts 1.8.10.2 Multiple.Parameter.SQL.Injection HIGH" "contextual-related-posts 1.8.7 Cross-Site.Request.Forgery MEDIUM" "cf7-cc-avenue-add-on No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "custom-skins-contact-form-7 No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Update.and.Skin.Creation MEDIUM" "cf7-dynamics-crm 1.1.7 Reflected.Cross-Site.Scripting MEDIUM" "coinbase-commerce-for-contact-form-7 1.1.2 Reflected.Cross-Site.Scripting MEDIUM" "cleverwise-daily-quotes No.known.fix Stored.XSS.via.CSRF HIGH" "camera-slideshow No.known.fix Reflected.Cross-Site.Scripting HIGH" "card-games No.known.fix CSRF.Bypass NONE" "contact-form-add No.known.fix CSRF HIGH" "contact-form-add 1.9.8.5 Reflected.Cross-Site.Scripting.(XSS) HIGH" "contact-form-add 1.9.8.4 Authenticated.Stored.Cross-Site.Scripting LOW" "crazy-call-to-action-box No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "customily-v2 No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "custom-fields-shortcode No.known.fix Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "child-theme-generator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "classic-editor-and-classic-widgets 1.4.2 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "classic-editor-and-classic-widgets 1.2.6 Settings.Update.via.CSRF MEDIUM" "common-tools-for-site No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "cc-img-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "check-email 1.0.10 Unauthenticated.Hook.Injection HIGH" "check-email 1.0.6 Reflected.Cross-Site.Scripting MEDIUM" "check-email 1.0.4 Reflected.Cross-Site.Scripting HIGH" "check-email 1.0.3 Admin+.SQL.Injections MEDIUM" "check-email 0.5.2 Cross-Site.Scripting.(XSS) MEDIUM" "content-syndication-toolkit-reader No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cost-of-goods-for-woocommerce 3.2.9 Reflected.Cross-Site.Scripting MEDIUM" "cars-seller-auto-classifieds-script No.known.fix Auto.Classifieds.Script.<=.2.1.0.-.Unauthenticated.SQL.Injection CRITICAL" "chatroll-live-chat 2.6.0 Contributor+.Stored.XSS MEDIUM" "campaign-url-builder 1.8.2 Contributor+.Stored.XSS MEDIUM" "cricket-score 2.0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "currency-per-product-for-woocommerce 1.7.0 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "custom-widget-creator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "captcha 4.4.5 Backdoored MEDIUM" "copy-me No.known.fix Copy.Posts.Cross-Site.Request.Forgery.(CSRF) MEDIUM" "check-zipcode No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "check-zipcode No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "catch-sticky-menu 1.7 Unauthorised.Plugin's.Setting.Change MEDIUM" "custom-url-shorter No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "countdown-timer-for-elementor 1.3.7 Contributor+.Stored.XSS MEDIUM" "countdown-timer-for-elementor 1.3.7 Contributor+.Stored.XSS MEDIUM" "cliptakes 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "curated-search No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "cds-simple-seo 2.0.26 Arbitrary.Settings.Update.via.CSRF MEDIUM" "cds-simple-seo 1.8.13 Sitemap.Creation/Deletion.via.CSRF MEDIUM" "cds-simple-seo 1.8.13 Subscriber+.Sitemap.Creation/Deletion MEDIUM" "cds-simple-seo 1.7.92 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "cmb2 2.11.0 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "contact-form-7-datepicker No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "css-for-elementor No.known.fix Unauthenticated.Server-Side.Request.Forgery HIGH" "css-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "convoworks-wp 0.22.15 Reflected.Cross-Site.Scripting MEDIUM" "convoworks-wp 0.22.14 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "custom-author-base No.known.fix Settings.Update.via.CSRF MEDIUM" "curtain No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "curtain 1.0.2 Unauthenticated.Maintenance.Mode.Switch HIGH" "country-state-city-auto-dropdown 2.7.3 Unauthenticated.SQL.Injection CRITICAL" "country-state-city-auto-dropdown 2.7.2 Missing.Authorization MEDIUM" "codepile No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "codepile 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "consulting-elementor-widgets 1.3.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "consulting-elementor-widgets 1.3.1 Authenticated.(Contributor+).Remote.Code.Execution HIGH" "consulting-elementor-widgets 1.3.1 Authenticated.(Contributor+).SQL.Injection CRITICAL" "consulting-elementor-widgets 1.3.1 Unauthenticated.Local.File.Inclusion CRITICAL" "canecto No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "category-post-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cryptocurrency No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cryptocurrency No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cryptocurrency No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "cf7-multi-step 2.7.8 Unauthenticated.SQL.Injection HIGH" "custom-searchable-data-entry-system No.known.fix Unauthenticated.Data.Modification.and.Deletion CRITICAL" "contact-forms-anti-spam 2.2.8 Cross-Site.Request.Forgery.to.Plugin.Settings.Change MEDIUM" "contact-forms-anti-spam 2.1.3 Advanced.Spam.protection.<.2.1.3.-.Admin+.Stored.XSS LOW" "contact-forms-anti-spam 0.10.7 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "contact-forms-anti-spam 0.10.4 IP.Validation.Bypass MEDIUM" "contact-forms-anti-spam 0.9.3 Unauthenticated.Stored.Cross-Site.Scripting.via.efas_add_to_log MEDIUM" "contact-forms-anti-spam 0.7.9 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "conversador No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "copy-move-posts No.known.fix Missing.Authorization MEDIUM" "content-restrictor-for-divi 1.4.3 Reflected.Cross-Site.Scripting MEDIUM" "content-restrictor-for-divi 1.4.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "creative-addons-for-elementor 1.6.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cc-coming-soon No.known.fix Reflected.XSS HIGH" "cgc-maintenance-mode No.known.fix Sensitive.Information.Exposure MEDIUM" "cgc-maintenance-mode No.known.fix IP.Spoofing MEDIUM" "content-mask 1.8.4.1 Subscriber+.Arbitrary.Options.Update HIGH" "cab-grid 1.6 Admin+.Stored.XSS LOW" "coupon-reveal-button 1.2.6 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "consensu-io 1.0.4 Unauthenticated.Settings.Update MEDIUM" "cherry-plugin 1.2.7 Unauthenticated.Arbitrary.File.Upload.and.Download CRITICAL" "combo-wp-rewrite-slugs No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Change MEDIUM" "crypto-converter-widget 1.9.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "crypto-converter-widget 1.8.4 Contributor+.Stored.XSS MEDIUM" "change-login-logo 1.1.5 Authenticated.Stored.Cross-Site.Scripting LOW" "calendar-plugin No.known.fix Reflected.Cross-Site.Scripting HIGH" "cooked-pro 1.8.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "cooked-pro 1.8.0 Cross-Site.Request.Forgery MEDIUM" "cooked-pro 1.8.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cooked-pro 1.8.0 Cross-Site.Request.Forgery.to.Template.Reset MEDIUM" "cooked-pro 1.8.0 Authenticated.(Contributor+).HTML.Injection MEDIUM" "cooked-pro 1.8.0 Cross-Site.Request.Forgery.via.cooked_get_recipe_ids MEDIUM" "cooked-pro 1.8.0 Cross-Site.Request.Forgery.to.Template.Apply MEDIUM" "cooked-pro 1.8.0 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "cooked-pro 1.7.5.7 Unauthenticated.PHP.Object.Injection HIGH" "cooked-pro 1.7.5.6 Unauthenticated.Reflected.Cross.Site.Scripting.(XSS) MEDIUM" "coaching-staffs No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "creative-image-slider 2.5.0 Reflected.Cross-Site.Scripting MEDIUM" "chameleon-jobs 2.5.5 Reflected.Cross-Site.Scripting HIGH" "category-specific-rss-feed-menu 2.3 Admin+.Stored.XSS LOW" "category-specific-rss-feed-menu 2.2 Settings.Update.via.CSRF MEDIUM" "campus-explorer-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "category-icon No.known.fix Authenticated.(Author+).Arbitrary.File.Download MEDIUM" "category-icon 1.0.1 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "cleanup-light 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "catalog No.known.fix Admin+.SQL.Injection MEDIUM" "clickbank-storefront No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "crudlab-google-plus No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "cloud-sso-single-sign-on 1.0.14 Reflected.Cross-Site.Scripting MEDIUM" "coronavirus-covid-19-notice-message No.known.fix Admin+.Stored.XSS LOW" "car-demon No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "confetti-fall-animation No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "confetti-fall-animation No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.confetti-fall-animation.Shortcode MEDIUM" "custom-more-link-complete No.known.fix Admin+.Stored.XSS LOW" "calculator-builder 1.6.3 Unauthenticated.Local.File.Inclusion HIGH" "calculator-builder 1.5.1 Reflected.XSS MEDIUM" "chained-quiz 1.3.3 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "chained-quiz 1.3.2.9 Missing.Authorization MEDIUM" "chained-quiz 1.3.2.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "chained-quiz 1.3.2.6 Admin+.Stored.XSS LOW" "chained-quiz 1.3.2.4 Multiple.Reflected.Cross-Site.Scripting MEDIUM" "chained-quiz 1.3.2.3 Admin+.Stored.XSS LOW" "chained-quiz 1.3.2.5 Arbitrary.Quiz.Deletion.&.Copying.via.CSRF MEDIUM" "chained-quiz 1.3.2.5 Arbitrary.Question.Deletion.via.CSRF MEDIUM" "chained-quiz 1.3.2.3 Reflected.Cross-Site.Scripting MEDIUM" "chained-quiz 1.3.2.1 Multiple.Reflected.Cross-Site.Scripting MEDIUM" "chained-quiz 1.3.2.5 Submitted.Quiz.Response.Deletion.via.CSRF MEDIUM" "chained-quiz 1.2.7.2 Authenticated.Stored.Cross.Site.Scripting LOW" "chained-quiz 1.1.9.1 Authenticated.Stored.XSS MEDIUM" "chained-quiz 1.1.8.2 Unauthenticated.Reflected.XSS CRITICAL" "chained-quiz 1.0.9 Unauthenticated.SQL.Injection MEDIUM" "canvasflow No.known.fix Reflected.XSS HIGH" "custom-content-scrollbar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cp-easy-form-builder 1.2.42 Authenticated.(Contributor+).SQL.Injection MEDIUM" "cp-easy-form-builder 1.2.42 Authenticated.(Contributor+).SQL.Injection MEDIUM" "cp-easy-form-builder 1.2.32 Admin+.Stored.Cross-Site.Scripting LOW" "custom-header-images No.known.fix Cross-Site.Request.Forgery MEDIUM" "contact-form-with-captcha No.known.fix Cross-Site.Request.Forgery MEDIUM" "contact-form-with-captcha 1.6.8 CSRF.to.Stored.Cross-Site.Scripting HIGH" "cf7-constant-contact-fields-mapping No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cf7-constant-contact-fields-mapping No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "captcha-code-authentication 3.0 Captcha.Bypass MEDIUM" "captcha-code-authentication 2.8 Settings.Update.via.CSRF MEDIUM" "comment-form 1.2.1 Admin+.Authenticated.Stored.XSS LOW" "clio-grow-form 1.0.3 Reflected.Cross-Site.Scripting HIGH" "clio-grow-form 1.0.3 Reflected.Cross-Site.Scripting HIGH" "clio-grow-form 1.0.1 Admin+.Stored.XSS LOW" "captcha-for-contact-form-7 1.11.4 Captcha.Bypass MEDIUM" "cowidgets-elementor-addons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cowidgets-elementor-addons No.known.fix Authenticated.(Contributor+).Post.Disclosure MEDIUM" "cowidgets-elementor-addons No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "cowidgets-elementor-addons 1.2.0 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "cowidgets-elementor-addons 1.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.heading_tag.Parameter MEDIUM" "contest-gallery 26.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "contest-gallery 26.0.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "contest-gallery 25.1.2 Authenticated.(Author+).SQL.Injection MEDIUM" "contest-gallery 24.0.4 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "contest-gallery 24.0.8 Unauthenticated.Arbitrary.Password.Reset CRITICAL" "contest-gallery 24.0.4 Unauthenticated.SQL.Injection CRITICAL" "contest-gallery 23.1.3 Unauthenticated.Information.Exposure MEDIUM" "contest-gallery 23.1.3 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "contest-gallery 21.3.5 Authenticated.(Author+).Arbitrary.File.Deletion MEDIUM" "contest-gallery 21.3.6 Reflected.Cross-Site.Scripting MEDIUM" "contest-gallery 21.3.5 Authenticated.(Contributor+).SQL.Injection CRITICAL" "contest-gallery 21.3.2.1 Authenticated.(Contributor+).SQL.Injection CRITICAL" "contest-gallery 21.3.1 Author+.Stored.Cross.Site.Scripting MEDIUM" "contest-gallery 21.2.9 Cross-Site.Request.Forgery MEDIUM" "contest-gallery 21.2.8.1 Unauthenticated.Stored.XSS.via.HTTP.Headers HIGH" "contest-gallery 21.1.2.1 Reflected.XSS HIGH" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Admin+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Admin+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5.1 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Unauthenticated.SQL.Injection HIGH" "contest-gallery 19.1.5 Admin+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5.1 Unauthenticated.SQL.Injection HIGH" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5.1 Author+.SQL.Injection MEDIUM" "contest-gallery 14.0.0 Unauthenticated.Stored.XSS MEDIUM" "contest-gallery 17.0.5 Author+.SQLi HIGH" "contest-gallery 14.0.0 Author+.Stored.Cross-Site.Scripting MEDIUM" "contest-gallery 13.1.0.6 Missing.Access.Controls.to.Unauthenticated.SQL.injection./.Email.Address.Disclosure HIGH" "contest-gallery 13.1.0.7 Subscriber+.Email.Address.Disclosure MEDIUM" "contest-gallery 10.4.5 Cross-Site.Request.Forgery.(CSRF) HIGH" "cf7-google-sheets-connector-pro 2.3.7 Reflected.XSS HIGH" "captcha-them-all 1.4 Admin+.Stored.XSS LOW" "christmas-panda 1.1.0 Cross-Site.Request.Forgery MEDIUM" "csv-importer 0.3.9 Cross-Site.Request.Forgery MEDIUM" "column-matic No.known.fix Contributor+.Stored.XSS MEDIUM" "clickwhale 2.4.4 Cross-Site.Request.Forgery MEDIUM" "clickwhale 2.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "clickwhale 2.4.2 Reflected.Cross-Site.Scripting MEDIUM" "clickwhale 2.4.2 Authenticated.(Contributor+).SQL.Injection MEDIUM" "contact-form-7-designer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "chronoforms No.known.fix CSRF MEDIUM" "csv-wc-product-import-export No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "custom-post-type-cpt-cusom-taxonomy-ct-manager No.known.fix Stored.XSS.via.CSRF HIGH" "constant-contact-forms-by-mailmunch 2.1.3 Reflected.Cross-Site.Scripting MEDIUM" "constant-contact-forms-by-mailmunch 2.1.0 Contributor+.Stored.XSS MEDIUM" "constant-contact-forms-by-mailmunch 2.0.11 Arbitrary.Settings.Update.via.CSRF MEDIUM" "check-pincode-for-woocommerce 1.2 Reflected.Cross-Site.Scripting MEDIUM" "category-post-list-widget No.known.fix Settings.Update.to.Stored.XSS.via.CSRF HIGH" "custom-facebook-feed 4.2.2 Facebook.Token.Reset/Update.via.CSRF MEDIUM" "custom-facebook-feed 4.1.6 Contributor+.Stored.XSS MEDIUM" "custom-facebook-feed 4.1.1 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "custom-facebook-feed 4.0.1 Subscriber+.Arbitrary.Plugin.Settings.Update.to.Stored.XSS HIGH" "custom-facebook-feed 2.19.2 Unauthenticated.Stored.XSS CRITICAL" "custom-facebook-feed 2.19.2 Reflected.Cross-Site.Scripting MEDIUM" "cm-table-of-content 1.2.4 Stored.XSS.via.CSRF HIGH" "cm-table-of-content 1.2.3 Settings.Reset.via.CSRF MEDIUM" "cwd-stealth-links No.known.fix Unauthenticated.SQL.Injection HIGH" "confirm-user-registration No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "cryptocurrency-widgets-pack No.known.fix Missing.Authorization MEDIUM" "cryptocurrency-widgets-pack 2.0 Unauthenticated.SQLi HIGH" "cardoza-3d-tag-cloud No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "cardoza-3d-tag-cloud No.known.fix Stored.XSS.via.CSRF MEDIUM" "cm-answers 3.3.4 Cross-Site.Request.Forgery MEDIUM" "cm-answers 3.2.7 Missing.Authorization MEDIUM" "cm-answers 3.2.0 Admin+.Stored.XSS LOW" "contact-form-with-a-meeting-scheduler-by-vcita No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "contact-form-with-a-meeting-scheduler-by-vcita 4.10.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.livesite-pay.Shortcode MEDIUM" "contact-form-with-a-meeting-scheduler-by-vcita No.known.fix Settings.Update.Via.CSRF MEDIUM" "contact-form-with-a-meeting-scheduler-by-vcita 4.10.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "change-default-login-logo-url-and-title No.known.fix Cross-Site.Request.Forgery MEDIUM" "comments-import-export-woocommerce 2.3.9 Authenticated.(Author+).Arbitrary.File.Read.via.Directory.Traversal MEDIUM" "comments-import-export-woocommerce 2.3.6 Cross-Site.Request.Forgery MEDIUM" "comments-import-export-woocommerce 2.1.11 Cross-Site.Request.Forgery.(CSRF).Issue HIGH" "classic-addons-wpbakery-page-builder-addons 3.1 Authenticated.(Editor+).Local.File.Inclusion HIGH" "classic-addons-wpbakery-page-builder-addons 3.1 Authenticated.(Contributor+).Limited.Local.PHP.File.Inclusion HIGH" "classic-addons-wpbakery-page-builder-addons No.known.fix Contributor+.Stored.XSS MEDIUM" "catch-duplicate-switcher No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "catch-duplicate-switcher 1.6 Unauthorised.Plugin's.Setting.Change MEDIUM" "client-documentation No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "colorful-categories 2.0.15 Arbitrary.Colors.Update.via.CSRF MEDIUM" "circle-image-slider-with-lightbox 1.0.5 Authenticated.(Admin+).SQL.Injection MEDIUM" "circle-image-slider-with-lightbox 1.0.1 Image.Data.Update.via.CSRF MEDIUM" "circle-image-slider-with-lightbox 1.0.18 Reflected.Cross-Site.Scripting MEDIUM" "circle-image-slider-with-lightbox 1.0.16 Reflected.Cross-Site.Scripting MEDIUM" "content-security-policy-pro No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "cart-rest-api-for-woocommerce 3.12.0 Missing.Authorization MEDIUM" "ctabs No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "change-uploaded-file-permissions No.known.fix File.Permission.Update.via.CSRF MEDIUM" "currency-converter-calculator 1.3.2 Contributor+.Stored.XSS MEDIUM" "categories-gallery-woocommerce No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "custom-tiktok-video-feed No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "contact-form-check-tester No.known.fix Broken.Access.Control.to.Cross-Site.Scripting.(XSS) HIGH" "content-aware-sidebars 3.19.1 Reflected.Cross-Site.Scripting MEDIUM" "content-aware-sidebars 3.17.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "content-aware-sidebars 3.8.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "crossword-compiler-puzzles No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "crossword-compiler-puzzles No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "cubepm No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "commonsbooking 2.6.8 Unauthenticated.SQL.Injection HIGH" "contact-form-7-newsletter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "custom-scroll-bar-designer No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "content-sidebars No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "content-sidebars 1.6.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cs-element-bucket No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-product-list-table No.known.fix Cross-Site.Request.Forgery MEDIUM" "custom-welcome-guide 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "custom-welcome-guide 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "checkout-mestres-wp No.known.fix 8.7.5.-.Unauthenticated.Arbitrary.Options.Update CRITICAL" "checkout-mestres-wp 8.6.1 Authenticated.(Admin+).Local.File.Inclusion HIGH" "checkout-mestres-wp 7.1.9.8 Missing.Authorization.to.Unauthenticated.Arbitrary.Options.Update CRITICAL" "checkout-mestres-wp 7.1.9.8 Authentication.Bypass.via.Password.Reset CRITICAL" "checkout-mestres-wp 7.1.9.8 Unauthenticated.SQL.Injection CRITICAL" "cookie-monster No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "clients No.known.fix Missing.Authorization MEDIUM" "clients No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "comment-link-remove 2.1.6 Arbitrary.Comment.Deletion.via.CSRF MEDIUM" "cf7-constant-contact No.known.fix Cross-Site.Request.Forgery MEDIUM" "cf7-constant-contact 1.1.5 Open.Redirect MEDIUM" "cf7-constant-contact 1.1.0 Reflected.Cross-Site.Scripting HIGH" "compute-links No.known.fix Unauthenticated.Remote.File.Inclusion CRITICAL" "custom-page-templates-by-vegacorp 1.1.14 Reflected.Cross-Site.Scripting MEDIUM" "custom-page-templates-by-vegacorp 1.1.13 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "countdown-block 1.1.2 Missing.Authorisation.in.AJAX.action MEDIUM" "ceceppa-multilingua No.known.fix Authenticated.Reflected.Cross-Site.Scripting CRITICAL" "cybersoldier 1.7.0 Admin+.Stored.Cross-Site.Scripting LOW" "cloud No.known.fix Unauthenticated.Arbitrary.File.Read HIGH" "custom-login 4.1.1 Subscriber+.Unauthorised.Action MEDIUM" "calderawp-license-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cryptocurrency-prices No.known.fix Contributor+.Stored.XSS MEDIUM" "cits-support-svg-webp-media-upload No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "cits-support-svg-webp-media-upload No.known.fix Cross-Site.Request.Forgery.to.Font.Assignment.Deletion MEDIUM" "cits-support-svg-webp-media-upload 3.0 Author+.Stored.XSS.via.SVG MEDIUM" "cliengo No.known.fix Cross-Site.Request.Forgery MEDIUM" "cliengo 3.0.3 Chatbot.<.3.0.3.-.Missing.Authorization.to.Unauthenticated.Chatbot.Settings.Update MEDIUM" "cliengo 3.0.3 Chatbot.<.3.0.3.-.Missing.Authorization.to.Authorized.(Subscriber+).Chatbot.Settings.Update MEDIUM" "cj-change-howdy No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "campation-postoffice No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "campation-postoffice 1.1.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cookie-notice-bar No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "course-migration-for-learndash No.known.fix Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "cf7-active-campaign 1.0.4 Reflected.Cross-Site.Scripting HIGH" "custom-field-finder 0.4 Authenticated.(Author+).PHP.Object.Injection HIGH" "css-js-manager 2.4.49.1 Multiple.CSRF MEDIUM" "cyan-backup 2.5.4 Authenticated.(Admin+).Arbitrary.File.Download MEDIUM" "cyan-backup 2.5.3 Admin+.Stored.XSS.via.Remote.Storage.Settings LOW" "cyan-backup 2.5.3 Admin+.Stored.XSS.via.General.Settings LOW" "currency-converter-widget-pro 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "currency-switcher-woocommerce 2.16.3 Reflected.Cross-Site.Scripting MEDIUM" "currency-switcher-woocommerce 2.11.2 Security.Restrictions.Bypass MEDIUM" "canonical-attachments No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "cryptocurrency-pricing-list No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "church-admin 5.0.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "church-admin 5.0.10 Unauthenticated.Information.Disclosure MEDIUM" "church-admin 5.0.19 Unauthenticated.SQL.Injection HIGH" "church-admin 5.0.9 Missing.Authorization MEDIUM" "church-admin 5.0.0 Reflected.Cross-Site.Scripting MEDIUM" "church-admin 4.4.7 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "church-admin 4.4.5 Missing.Authorization MEDIUM" "church-admin 4.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "church-admin 4.4.0 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "church-admin 4.2.0 Cross-Site.Request.Forgery MEDIUM" "church-admin 4.0.28 Cross-Site.Request.Forgery MEDIUM" "church-admin 4.1.7 Missing.Authorization MEDIUM" "church-admin 4.1.6 .Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "church-admin 4.1.8 Cross-Site.Request.Forgery MEDIUM" "church-admin 4.1.19 Missing.Authorization MEDIUM" "church-admin 4.0.28 Authenticated.(Contributor+).SQL.Injection HIGH" "church-admin 4.0.27 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "church-admin 4.1.18 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.meta-text MEDIUM" "church-admin 3.8.0 Server-Side.Request.Forgery.(SSRF) MEDIUM" "church-admin 3.7.6 Reflected.XSS HIGH" "church-admin 3.7.30 Reflected.XSS HIGH" "church-admin 3.4.135 Unauthenticated.Plugin's.Backup.Disclosure HIGH" "church-admin 1.2550 CSRF HIGH" "custom-order-statuses-woocommerce 2.4.0 Cross-Site.Request.Forgery MEDIUM" "commons-booking No.known.fix Code/Timeframe/Booking.Deletion.via.CSRF MEDIUM" "commons-booking No.known.fix Admin+.Stored.XSS LOW" "content-protector 4.2.11 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "content-protector 4.2.6.5 Contributor+.Stored.XSS.via.content_protector.Shortcode MEDIUM" "content-protector 4.2.6.3 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "content-protector 4.2.2 Reflected.Cross-Site.Scripting MEDIUM" "content-protector 3.5.5.8 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "content-protector 3.5.5.9 Protection.Bypass.&.Arbitrary.Post.Access HIGH" "content-protector 3.5.5.5.2 Insecure.Storage.of.Password MEDIUM" "content-protector 3.5.5.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "custom-registration-and-login-forms-with-new-recaptcha No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "custom-registration-and-login-forms-with-new-recaptcha No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "cp-contact-form-with-paypal 1.3.53 Cross-Site.Request.Forgery MEDIUM" "cp-contact-form-with-paypal 1.3.02 Multiple.XSS MEDIUM" "cp-contact-form-with-paypal 1.1.6 Multiple.Vulnerabilities HIGH" "custom-product-type-for-woocommerce 1.2.3 Reflected.Cross-Site.Scripting MEDIUM" "custom-product-type-for-woocommerce 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cool-facebook-page-feed-timeline No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "comments-like-dislike 1.2.0 Subscriber+.Settings.Reset MEDIUM" "comments-like-dislike 1.1.4 Add.Like/Dislike.Bypass MEDIUM" "content-glass-button No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cryptocurrency-product-for-woocommerce 3.16.10 Reflected.Cross-Site.Scripting MEDIUM" "cryptocurrency-product-for-woocommerce 3.14.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "click-datos-lopd No.known.fix Reflected.XSS HIGH" "cryptocurrency-widgets-for-elementor 1.6.5 Unauthenticated.Local.File.Inclusion HIGH" "cryptocurrency-widgets-for-elementor 1.3 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "change-memory-limit No.known.fix Missing.Authorization.via.admin_logic() MEDIUM" "candidate-application-form No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "chesstempoviewer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "call-to-action-popup No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "comment-blacklist-updater 1.2.0 Cross-Site.Request.Forgery.via.update_blacklist_manual MEDIUM" "custom-posts-order No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "change-prices-with-time-for-woocommerce 1.9.2 Reflected.Cross-Site.Scripting MEDIUM" "change-prices-with-time-for-woocommerce 1.8.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cookie-bar 2.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "cookie-bar 1.8.9 Admin+.Stored.Cross-Site.Scripting LOW" "custom-product-builder-for-woocommerce 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "codescar-radio-widget No.known.fix .Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "citadela-directory No.known.fix Cross-Site.Request.Forgery MEDIUM" "citadela-directory No.known.fix Unauthenticated.Sensitive.Information.Exposure HIGH" "connatix-video-embed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "checkfront-wp-booking 3.7 Settings.Update.via.CSRF MEDIUM" "cookie-notice-and-consent-banner 1.7.2 Admin+.Stored.XSS LOW" "contests-from-rewards-fuel 2.0.66 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "contests-from-rewards-fuel 2.0.63 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "contests-from-rewards-fuel 2.0.65 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.update_rewards_fuel_api_key MEDIUM" "co-authors-plus 3.5.2 Guest.Authors.Email.Address.Disclosure MEDIUM" "cm-map-locations 2.0.9 Reflected.Cross-Site.Scripting MEDIUM" "custom-post-view-generator No.known.fix Reflected.Cross-Site.Scripting HIGH" "cultbooking-booking-engine No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "custom-order-numbers-for-woocommerce 1.4.1 CSRF MEDIUM" "contact-us-page-contact-people 3.7.1 Contact.people.LITE.<.3.7.1.-.Contact.Update/Deletion/Creation.via.CSRF MEDIUM" "call-now-coccoc-pht-blog No.known.fix Cross-Site.Request.Forgery MEDIUM" "cm-header-footer-script-loader 1.2.5 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "cm-header-footer-script-loader 1.2.2 Reflected.XSS HIGH" "contact-form-7-multi-step-addon 1.0.7 Injected.Backdoor CRITICAL" "contact-form-generator No.known.fix Contributor+.SQLi MEDIUM" "contact-form-generator 2.6.0 Reflected.XSS HIGH" "contact-form-generator 2.5.5 Multiple.Cross-Site.Request.Forgery.(CSRF) HIGH" "croma-music 3.6.1 Authenticated.(Subscriber+).Arbitrary.Options.Update.in.ironMusic_ajax HIGH" "callback-request No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "create-flipbook-from-pdf No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "car-park-booking-system-for-wordpress No.known.fix Missing.Authorization MEDIUM" "convert-docx2post No.known.fix Authenticated.(Author+).Arbitrary.File.Upload HIGH" "cf7-invisible-recaptcha 1.3.4 CSRF MEDIUM" "cf7-invisible-recaptcha 1.3.2 XSS MEDIUM" "crudlab-facebook-like-box No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cancel-order-request-woocommerce 1.3.3 Admin+.Stored.XSS LOW" "contact-form-7-anti-spambot No.known.fix Missing.Authorization MEDIUM" "chatbot 6.3.6 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "chatbot 6.2.4 Admin+.Stored.XSS LOW" "chatbot 5.5.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "chatbot 5.3.6 Missing.Authorization.via.openai_file_list_callback MEDIUM" "chatbot 5.3.6 Missing.Authorization.via.openai_file_delete_callback MEDIUM" "chatbot 5.3.6 Missing.Authorization.via.openai_file_upload_callback MEDIUM" "chatbot 5.1.1 Unauthenticated.PHP.Object.Injection CRITICAL" "chatbot 4.7.9 Authenticated.(Administrator+).SQL.Injection HIGH" "chatbot 4.9.7 4.9.6.-.Authenticated.(Administrator+).Stored.Cross-Site.Scripting.in.FAQ.Builder MEDIUM" "chatbot 4.9.3 Subscriber+.Arbitrary.File.Deletion CRITICAL" "chatbot 4.9.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "chatbot 4.9.1 Authenticated.(Subscriber+).Directory.Traversal.to.Arbitrary.File.Write.via.qcld_openai_upload_pagetraining_file CRITICAL" "chatbot 4.9.1 Unauthenticated.Blind.SQL.Injection CRITICAL" "chatbot 4.9.3 Missing.authorization.in.AJAX.calls MEDIUM" "chatbot 4.9.1 Subscriber+.Arbitrary.File.Deletion CRITICAL" "chatbot 4.9.1 Missing.authorization.in.AJAX.calls MEDIUM" "chatbot 4.9.1 Unauthenticated.Sensitive.Data.Disclosure MEDIUM" "chatbot 4.9.1 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "chatbot 4.7.9 CSRF MEDIUM" "chatbot 4.7.8 Admin+.Stored.XSS.in.Language.Settings LOW" "chatbot 4.7.8 Admin+.Stored.XSS.in.FAQ.Builder LOW" "chatbot 4.6.1 Admin+.Stored.Cross-Site.Scripting LOW" "chatbot 4.5.6 Admin+.Stored.Cross-Site.Scripting LOW" "chatbot 4.5.5 Admin+.Stored.Cross-Site.Scripting LOW" "chatbot 4.4.9 Subscriber+.OpenAI.Settings.Update.to.Stored.XSS HIGH" "chatbot 4.4.7 Unauthenticated.PHP.Object.Injection HIGH" "chatbot 4.5.1 Admin+.Stored.XSS LOW" "chatbot 4.4.9 Unauthenticated.Stored.XSS HIGH" "chatbot 4.4.5 Stored.XSS.via.CSRF HIGH" "chatbot 4.3.0 Settings.Reset.via.CSRF MEDIUM" "chatbot 4.3.1 Admin+.Stored.XSS LOW" "chatbot 4.2.9 Unauthenticated.Settings.Reset MEDIUM" "contentoptin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "custom-post-widget 3.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.content.Parameter MEDIUM" "custom-post-widget 3.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-post-widget 3.3.1 Authenticated.(Contributor+).Local.File.Inclusion.via.Shortcode HIGH" "custom-post-widget 3.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.content_block.Shortcode MEDIUM" "custom-post-widget 3.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "catch-gallery 1.7 Unauthorised.Plugin's.Setting.Change MEDIUM" "custom-layouts 1.4.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "clicksold-wordpress-plugin No.known.fix Admin+.XSS LOW" "control-listings 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "crony No.known.fix Cross-Site.Request.Forgery MEDIUM" "crony 0.4.7 Cross-Site.Scripting.(XSS).&.CSRF HIGH" "category-d3-tree No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "chatter No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "chatter No.known.fix Missing.Authorization MEDIUM" "cookielay No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.cookielay.Shortcode MEDIUM" "crypto 2.20 Authentication.Bypass.via.register CRITICAL" "crypto 2.16 Cross-Site.Request.Forgery.to.Authentication.Bypass HIGH" "crypto 2.19 Authentication.Bypass.via.log_in CRITICAL" "cbxwpbookmark 1.7.22 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cbxwpbookmark 1.7.21 Admin+.SQLi MEDIUM" "cbxwpbookmark 1.7.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cbxwpbookmark 1.6.9 Reflected.Cross-Site.Scripting HIGH" "calendar-event 1.4.7 Unauthenticated.Arbitrary.Event.Deletion MEDIUM" "calendar-event 1.4.7 Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7-to-database-extension 2.10.36 CSV.Injection CRITICAL" "cpo-content-types 1.1.1 Admin+.Stored.XSS LOW" "conditional-payments-for-woocommerce 3.3.1 Cross-Site.Request.Forgery MEDIUM" "conditional-payments-for-woocommerce 2.3.2 Plugin.RuleSets.Activation/Deactivation.via.CSRF MEDIUM" "contact-form-7-simple-recaptcha 0.1.2 Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7-simple-recaptcha 0.0.9 CSRF.to.Stored.XSS HIGH" "convertplug 3.5.31 ConvertPlus.<.3.5.31.-.Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Options.Update HIGH" "convertplug 3.5.26.1 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "convertplug 3.5.26 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "convertplug 3.5.26 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Arbitrary.Options.Update MEDIUM" "convertplug 3.4.5 Multiple.Issues HIGH" "chillpay-payment-gateway No.known.fix .Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "contact-form-to-any-api 1.2.5 Unauthenticated.Stored.Cross-Site.Scripting.via.Contact.Form HIGH" "contact-form-to-any-api 1.1.9 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "contact-form-to-any-api 1.1.7 Subscriber+.API.Entry.Record.Deletion MEDIUM" "contact-form-to-any-api 1.1.3 Admin+.SQLi MEDIUM" "caldera-forms 1.7.5.1 Reflected.Cross-Site.Scripting MEDIUM" "caldera-forms 1.9.7 Reflected.Cross-Site.Scripting MEDIUM" "caldera-forms 1.9.5 Admin+.Stored.Cross-Site.Scripting LOW" "caldera-forms 1.6.0 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "cryptocurrency-price-widget 1.2.4 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "cognito-forms No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "classified-listing 4.0.5 Unauthenticated.Settings.Exposure MEDIUM" "classified-listing 3.1.16 Authenticated.(Subscriber+).Limited.Arbitrary.Option.Update HIGH" "classified-listing 3.1.17 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "classified-listing 3.1.8 Missing.Authorization MEDIUM" "classified-listing 3.0.11 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Attachment.Deletion MEDIUM" "classified-listing 3.0.5 Missing.Authorization MEDIUM" "classified-listing 3.0.5 Cross-Site.Request.Forgery.to.Account.Takeover.via.rtcl_update_user_account HIGH" "classified-listing 2.4.6 Cross-Site.Request.Forgery MEDIUM" "classified-listing 2.2.14 Reflected.Cross-Site.Scripting MEDIUM" "coreactivity 2.7.1 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "coreactivity 2.1 Unauthenticated.IP.Spoofing MEDIUM" "coreactivity 1.8.1 Unauthenticated.Stored.XSS HIGH" "catch-scroll-progress-bar 1.6 Unauthorised.Plugin's.Setting.Change MEDIUM" "captchinoo-captcha-for-login-form-protection 2.5 Arbitrary.Plugin.Installation/Activation.via.CSRF CRITICAL" "captchinoo-captcha-for-login-form-protection 2.4 Arbitrary.Plugin.Installation/Activation.via.Low.Privilege.User CRITICAL" "conversion-helper No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "clinicalwp-core No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "clinicalwp-core No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "clinicalwp-core No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "contact-form-x 2.4.1 Reflected.Cross-Site.Scripting MEDIUM" "contact-form-plugin 4.2.9 Reflected.Cross-Site.Scripting.via.cntctfrm_contact_address MEDIUM" "contact-form-plugin 4.2.9 Reflected.Cross-Site.Scripting.via.cntctfrm_contact_subject MEDIUM" "contact-form-plugin 4.0.6 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "contact-form-plugin 4.0.2 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "contact-form-plugin 3.96 XSS MEDIUM" "contact-form-plugin 3.82 Unauthorized.Language.Manipulation MEDIUM" "contact-form-plugin 3.82 contact_form.php.cntctfrm_contact_email.Parameter.XSS MEDIUM" "chaty 3.3.6 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "chaty 3.2.3 Admin+.Stored.XSS LOW" "chaty 3.1.9 Editor+.Stored.XSS LOW" "chaty 3.1.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "chaty 3.1.2 Admin+.Stored.Cross-Site.Scripting LOW" "chaty 3.1 Reflected.XSS HIGH" "chaty 3.1 Admin+.Stored.Cross-Site.Scripting LOW" "chaty 3.0.3 Admin+.SQLi MEDIUM" "chaty 2.8.4 Admin+.Stored.Cross-Site.Scripting MEDIUM" "chaty 2.8.3 Reflected.Cross-Site.Scripting HIGH" "culture-object 4.1.1 Admin+.Stored.Cross-Site.Scripting LOW" "cz-loan-management No.known.fix Unauthenticated.SQLi HIGH" "carts-guru 1.4.6 Unauthenticated.Object.Injection CRITICAL" "content-slider-block 3.1.6 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "coming-soons No.known.fix Under.Construction.<=.1.2.0.-.Admin+.Stored.Cross-Site.Scripting LOW" "cssable-countdown No.known.fix Admin+.Stored.XSS LOW" "checklist No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "checklist 1.1.9 Unauthenticated.Reflected.XSS MEDIUM" "coronavirus-data-widgets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "community-events 1.5.1 Admin+.Stored.XSS LOW" "community-events 1.5 Event.Deletion.via.CSRF MEDIUM" "community-events 1.4.9 Admin+.Stored.XSS LOW" "community-events 1.4.8 Reflected.Cross-Site.Scripting.(XSS) HIGH" "community-events 1.4 SQL.Injection CRITICAL" "collage-for-divi No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "collage-for-divi 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "custom-list-table-example No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "compare-ninja-comparison-tables No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "crafty-social-buttons 1.5.8 XSS MEDIUM" "comment-images-reloaded No.known.fix Authenticated.(Subscriber+).Arbitrary.Media.Deletion MEDIUM" "cookie-scanner No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "checkout-for-paypal 1.0.39 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "checkout-for-paypal 1.0.33 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "checkout-for-paypal 1.0.14 Contributor+.Stored.XSS MEDIUM" "contact-form-advanced-database No.known.fix Unauthorised.AJAX.Calls MEDIUM" "contact-form-to-email 1.3.53 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "contact-form-to-email 1.3.45 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "contact-form-to-email 1.3.42 Captcha.Bypass MEDIUM" "contact-form-to-email 1.3.44 Editor+.Stored.Cross-Site.Scripting LOW" "contact-form-to-email 1.3.38 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "contact-form-to-email 1.3.25 Admin+.Stored.Cross-Site.Scripting LOW" "contact-form-to-email 1.2.66 Multiple.Cross-Site.Scripting.(XSS).&.CSRF HIGH" "call-me-now No.known.fix Cross-Site.Request.Forgery MEDIUM" "configure-login-timeout No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "comments-disable-accesspress 1.0.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "contact-form-7-style No.known.fix Cross-Site.Request.Forgery MEDIUM" "contact-form-7-style No.known.fix CSRF.Bypass.in.Multiple.Plugins MEDIUM" "contact-form-7-style No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting HIGH" "charitydonation-thermometer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cookie-law-info 1.8.3 Improper.Access.Controls CRITICAL" "cubewp-forms No.known.fix Missing.Authorization MEDIUM" "cubewp-forms 1.1.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "cf-geoplugin 8.7.4 Missing.Authorization.to.Authenticated.(Subscriber+).Menu.Creation/Deletion MEDIUM" "cf-geoplugin 8.7.0 Missing.Authorization.to.Unauthenticated.Shortcode.Execution MEDIUM" "cf-geoplugin 8.6.5 PHP.Object.Injection CRITICAL" "cf-geoplugin 8.6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cf-geoplugin 8.5.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "cf-geoplugin 7.13.12 Reflected.Cross-Site.Scripting HIGH" "cool-timeline 2.4 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "cool-timeline 2.0.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "cool-timeline 2.0.3 Cross-Site.Request.Forgery MEDIUM" "contact-form-by-supsystic 1.7.30 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting.via.saveAsCopy.AJAX.Action MEDIUM" "contact-form-by-supsystic 1.7.29 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "contact-form-by-supsystic 1.7.29 Authenticated.(Admin+).Remote.Code.Execution HIGH" "contact-form-by-supsystic 1.7.28 CSRF MEDIUM" "contact-form-by-supsystic 1.7.25 CSRF MEDIUM" "contact-form-by-supsystic 1.7.20 Admin+.Stored.Cross-Site.Scripting LOW" "contact-form-by-supsystic 1.7.15 Reflected.Cross-Site.scripting.(XSS) HIGH" "contact-form-by-supsystic 1.7.7 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "contact-form-by-supsystic 1.7.11 Authenticated.SQL.Injections CRITICAL" "countdown-for-the-events-calendar 1.4 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "coming-soon-maintenance-mode-from-acurax No.known.fix Unauthenticated.IP.Spoofing MEDIUM" "coming-soon-maintenance-mode-from-acurax No.known.fix Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "coming-soon-maintenance-mode-from-acurax No.known.fix Information.Exposure MEDIUM" "coming-soon-maintenance-mode-from-acurax No.known.fix Unauthenticated.Stored.XSS HIGH" "clinked-client-portal No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "clinked-client-portal 1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "comment-emailer No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "cms-press No.known.fix Admin+.Stored.XSS LOW" "categorized-gallery No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "cart-tracking-for-woocommerce 1.0.17 Authenticated.(Administrator+).SQL.Injection MEDIUM" "cart-tracking-for-woocommerce 1.0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cpo-companion No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cpo-companion 1.1.0 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "cpo-companion 1.1.0 Admin+.Stored.XSS LOW" "cbxwpsimpleaccounting No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cookie-consent-autoblock No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "cf7-repeatable-fields 2.0.2 Repeatable.Fields.<.2.0.2.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.field_group.Shortcode MEDIUM" "comment-validation-reloaded No.known.fix .Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "content-no-cache 0.1.3 Unauthenticated.Private.Content.Disclosure MEDIUM" "code-manager 1.0.26 Reflected.Cross-Site.Scripting MEDIUM" "code-manager 1.0.14 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "code-clone No.known.fix Authenticated.(Administrator+).SQL.Injection.via.snippetId.Parameter MEDIUM" "chameleon-css No.known.fix Subscriber+.SQL.Injection CRITICAL" "cmp-coming-soon-maintenance 4.1.15 Admin+.Arbitrary.File.Upload MEDIUM" "cmp-coming-soon-maintenance 4.1.11 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "cmp-coming-soon-maintenance 4.1.8 Maintenance.Mode.Bypass MEDIUM" "cmp-coming-soon-maintenance 4.1.7 Unauthenticated.Post/Page.Access.in.Maintenance.Mode MEDIUM" "cmp-coming-soon-maintenance 4.0.19 Unauthenticated.Arbitrary.CSS.Update HIGH" "cmp-coming-soon-maintenance 3.8.2 Coming.Soon.&.Maintenance.<.3.8.2.-.Improper.Access.Controls.on.AJAX.Calls HIGH" "cpt-shortcode No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "cpt-shortcode No.known.fix Admin+.Stored.XSS LOW" "css-addons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cbxgooglemap 1.1.12 Contributor+.Stored.XSS MEDIUM" "cbxgooglemap 1.1.12 Contributor+.Stored.XSS.via.shortcode MEDIUM" "cafe-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cafe-lite No.known.fix Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Elementor.Templates MEDIUM" "cafe-lite 2.2.1 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "cafe-lite 2.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.CAFE.Widgets MEDIUM" "cafe-lite 2.1.0 Contributor+.Stored.XSS MEDIUM" "cpt-bootstrap-carousel No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cpt-bootstrap-carousel No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "cf7-field-validation No.known.fix Unauthenticated.SQLi HIGH" "cart-weight-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cart-weight-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cartflows 2.0.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cartflows 2.0.2 Editor+.Stored.XSS LOW" "cartflows 1.6.13 Authenticated.Stored.XSS.via.FB.Pixel.ID.and.Google.Analytics.ID MEDIUM" "cartflows 1.5.16 Cross-Site.Request.Forgery MEDIUM" "cartflows 1.5.16 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "cf7-live-preview No.known.fix Missing.Authorization.via.update_option MEDIUM" "connected-sermons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "connected-sermons No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "custom-post-type-ui 1.13.5 Debug.Info.Sending.via.CSRF LOW" "codelights-shortcodes-and-widgets No.known.fix Contributor+.Stored.XSS MEDIUM" "codelights-shortcodes-and-widgets No.known.fix Admin+.Stored.Cross.Site.Scripting MEDIUM" "cf7-manual-spam-blocker No.known.fix .Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "cf7-salesforce 1.4.0 Cross-Site.Request.Forgery MEDIUM" "cf7-salesforce 1.2.6 Reflected.Cross-Site.Scripting HIGH" "code-snippets-cpt No.known.fix Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "commentluv No.known.fix Unauthenticated.SSRF MEDIUM" "cart66-lite 1.5.5 XSS MEDIUM" "competition-form No.known.fix Reflected.XSS HIGH" "competition-form No.known.fix Competition.Deletion.via.CSRF MEDIUM" "clearbit No.known.fix Cross-Site.Request.Forgery MEDIUM" "counter-yandex-metrica No.known.fix Admin+.Stored.XSS LOW" "ctt-expresso-para-woocommerce 3.2.13 Information.Exposure.via.Unprotected.Directory MEDIUM" "ctt-expresso-para-woocommerce 3.2.13 Admin+.Stored.XSS LOW" "ctt-expresso-para-woocommerce 3.2.12 Admin+.Stored.XSS LOW" "codebard-help-desk No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "codebard-help-desk No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "codebard-help-desk 1.1.2 Cross-Site.Request.Forgery MEDIUM" "custom-css 2.4.2 Cross-Site.Request.Forgery.to.Remote.Code.Exectuiron HIGH" "custom-css 2.4.0 Reflected.Cross-Site.Scripting MEDIUM" "content-collector No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "content-collector No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "clean-social-icons No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "custom-dashboard-widgets No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting.via.cdw_DashboardWidgets HIGH" "clotya-core No.known.fix Reflected.Cross-Site.Scripting HIGH" "checkout-files-upload-woocommerce 2.2.1 Contributor+.Stored.XSS MEDIUM" "checkout-files-upload-woocommerce 2.1.3 Reflected.Cross-Site.Scripting MEDIUM" "collectchat 2.4.4 Admin+.XSS LOW" "collectchat 2.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "collectchat 2.4.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "core-control No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "create-block-theme 1.2.2 Unauthenticated.Arbitrary.File.Upload CRITICAL" "custom-landing-pages-leadmagic No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "click-to-tweet No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "click-to-tweet No.known.fix Reflected.XSS HIGH" "click-to-tweet No.known.fix Missing.Authorization MEDIUM" "credova-financial 2.4.9 Reflected.Cross-Site.Scripting MEDIUM" "credova-financial 1.4.9 Sensitive.Information.Disclosure MEDIUM" "checkout-plugins-stripe-woo 1.9.2 Unauthenticated.Insecure.Direct.Object.Reference MEDIUM" "checkout-plugins-stripe-woo 1.9.2 Cross-Site.Request.Forgery MEDIUM" "checkout-plugins-stripe-woo 1.4.11 Settings.Update.via.CSRF MEDIUM" "critical-site-intel-stats No.known.fix Unauthenticated.SQL.Injection CRITICAL" "custom-email-options No.known.fix Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "cardgate 3.2.2 Authenticated.(Administrator+).SQL.Injection MEDIUM" "cardgate 3.2.2 Reflected.Cross-Site.Scripting MEDIUM" "cardgate 3.1.16 Unauthorised.Payments.Hijacking.and.Order.Status.Spoofing HIGH" "cloudflare 4.12.3 Missing.Authorization.via.initProxy MEDIUM" "cloudflare 1.1.12 Unauthenticated.RCE.via.PHPUnit CRITICAL" "custom-fields-search 1.3.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "christmas-greetings No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "clean-contact No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "caddy 1.9.8 Cross-Site.Request.Forgery MEDIUM" "covid-19-alert No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "constant-contact-forms 2.4.3 Information.Disclosure.via.Log.Files MEDIUM" "constant-contact-forms 1.8.8 Multiple.Authenticated.Stored.XSS MEDIUM" "cm-invitation-codes No.known.fix Missing.Authorization MEDIUM" "custom-fonts 2.1.5 Author+.Stored.XSS MEDIUM" "connector-civicrm-mcrestface No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "connector-civicrm-mcrestface No.known.fix Missing.Authorization MEDIUM" "custom-add-to-cart-button-for-woocommerce No.known.fix Missing.Authorization MEDIUM" "club-management-software No.known.fix Authenticated.SQL.Injection MEDIUM" "cookies-pro No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "custom-twitter-feeds 2.3.0 Cross-Site.Request.Forgery.to.Cache.Reset.via.ctf_clear_cache_admin.Function MEDIUM" "custom-twitter-feeds 2.2.4 Cross-Site.Request.Forgery MEDIUM" "custom-twitter-feeds 2.2.3 Admin+.Stored.XSS LOW" "custom-twitter-feeds 2.2.2 Cross-Site.Request.Forgery.to.Plugin.Options.Update MEDIUM" "custom-twitter-feeds 2.2 Cross-Site.Request.Forgery MEDIUM" "custom-twitter-feeds 2.0 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "custom-twitter-feeds 1.8.2 Reflected.Cross-Site.Scripting MEDIUM" "course-booking-system No.known.fix Reflected.Cross-Site.Scripting HIGH" "course-booking-system 6.1.1 Missing.Authorization MEDIUM" "course-booking-system 6.0.7 Unauthenticated.SQL.Injection HIGH" "convertbox-auto-embed 1.0.20 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "computer-repair-shop No.known.fix Missing.Authorization MEDIUM" "computer-repair-shop 3.8120 Authenticated.(Customer+).Privilege.Esclation.via.Account.Takeover CRITICAL" "computer-repair-shop 3.8122 Missing.Authorization.to.Account.Takeover/Privilege.Escalation HIGH" "computer-repair-shop 3.8116 Unauthenticated.Arbitrary.File.Upload CRITICAL" "contexture-page-security No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "cpt-to-map-store No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "cooked 1.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "cooked 1.8.0 Cooked.–.Recipe.Management.<=.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cooked 1.7.15.1 Contributor+.Stored.XSS MEDIUM" "cooked 1.1.13 Reflected.Cross-Site.Scripting MEDIUM" "cooked 1.7.9.1 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "cooked 1.7.5.6 Unauthenticated.Reflected.Cross.Site.Scripting.(XSS) MEDIUM" "contentmx-content-publisher No.known.fix Missing.Authorization MEDIUM" "copymatic 2.0 Missing.Authorization MEDIUM" "copymatic 1.7 Unauthenticated.Arbitrary.File.Upload CRITICAL" "custom-icons-for-elementor 0.3.4 Authenticated.(Admin+).Arbitrary.File.Upload HIGH" "custom-user-css No.known.fix Settings.Update.via.CSRF MEDIUM" "content-excel-importer 4.3 Reflected.Cross-Site.Scripting MEDIUM" "companion-sitemap-generator 4.5.3 Reflected.XSS HIGH" "companion-sitemap-generator 4.5.3 Contributor+.Stored.XSS MEDIUM" "companion-sitemap-generator 3.7.0 CSRF HIGH" "chat2 No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "cnzz51la-for-wordpress No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "content-warning-v2 4.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "code-generator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "custom-permalinks 2.7.0 Authenticated(Editor+).Stored.Cross-Site.Scripting MEDIUM" "capabilities-pro 2.5.2 Admin+.PHP.Objection.Injection MEDIUM" "capabilities-pro 2.3.1 Unauthenticated.Arbitrary.Options.Update.to.Blog.Compromise CRITICAL" "ck-and-syntaxhighlighter No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "cookie-law-bar No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "card-oracle 1.1.6 Reflected.Cross-Site.Scripting MEDIUM" "card-oracle 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "christian-science-bible-lesson-subjects 2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "covermanager No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "customize-login No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "chatlive No.known.fix Unauthenticated.SQL.Injection HIGH" "customizer-export-import 0.9.7.1 Authenticated.(Admin+).Arbitrary.File.Upload.via.Customization.Settings.Import MEDIUM" "customizer-export-import 0.9.6 Admin+.PHP.Object.Injection LOW" "customizer-export-import 0.9.5 Admin+.PHP.Objection.Injection MEDIUM" "customizer-export-import 0.9.5 Admin+.PHP.Object.Injection MEDIUM" "custom-dash No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "custom-sub-menus No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "custom-post-type-list-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "church-theme-content 2.6.1 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "cmsmasters-content-composer 1.9.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "cal-com No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "clickfunnels No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "clickfunnels No.known.fix Settings.Update.via.CSRF MEDIUM" "cf7-reply-manager No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "currency-switcher 1.2.0.5 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "currency-switcher 1.2.0.4 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "currency-switcher 1.2.0.2 Cross-Site.Request.Forgery MEDIUM" "currency-switcher 1.2.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "currency-switcher 1.2.0 Subscriber+.Missing.Authorization.Checks MEDIUM" "currency-switcher 1.2.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "currency-switcher 1.1.7 Arbitrary.Plugin's.Settings.Change.via.CSRF MEDIUM" "customize-login-page No.known.fix Cross-Site.Request.Forgery MEDIUM" "call-now-icon-animate No.known.fix Admin+.Stored.XSS LOW" "contact-form-submissions 1.7.3 Unauthenticated.Stored.XSS HIGH" "contact-form-submissions 1.7.1 Authenticated.SQL.Injection MEDIUM" "contact-form-submissions 1.7.1 Authenticated.Double.Query.SQL.injection MEDIUM" "catablog No.known.fix Authenticated.(Editor+).Arbitrary.File.Upload HIGH" "catablog No.known.fix Authenticated.(Editor+).Arbitrary.File.Deletion MEDIUM" "callrail-phone-call-tracking 0.5.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "callrail-phone-call-tracking 0.4.10 Stored.XSS.via.CSRF MEDIUM" "cosmetsy-core No.known.fix Reflected.Cross-Site.Scripting HIGH" "custom-content-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "custom-content-shortcode No.known.fix Contributor+.LFI CRITICAL" "custom-content-shortcode 4.0.2 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "custom-content-shortcode 4.0.1 Unauthorised.Arbitrary.Post.Metadata.Access MEDIUM" "custom-content-shortcode 4.0.2 Authenticated.Arbitrary.File.Access./.LFI HIGH" "category-posts 4.9.20 Admin+.Stored.XSS LOW" "category-posts 4.9.18 Admin+.Stored.XSS LOW" "category-posts 4.9.17 Admin+.Stored.XSS LOW" "comments-from-facebook 2.5.0 Admin+.Stored.Cross-Site.Scripting LOW" "custom-shortcode-sidebars No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "custom-coming-soon No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "comment-approved-notifier-extended 5.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "custom-post-type-pdf-attachment 3.4.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.pdf_attachment.Shortcode MEDIUM" "ckeditor-for-wordpress 4.5.3.1 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "cookie-consent-box 1.1.7 Admin+.Stored.XSS LOW" "correosoficial No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "chp-ads-block-detector 3.9.8 Plugin.Settings.Update.via.CSRF MEDIUM" "chp-ads-block-detector 3.9.8 Subscriber+.Stored.Cross-Site.Scripting HIGH" "chp-ads-block-detector 3.9.8 Subscriber+.Plugin.Settings.Update MEDIUM" "cc-canadian-mortgage-calculator 2.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "crm-customer-relationship-management-by-vcita 2.7.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "crm-customer-relationship-management-by-vcita No.known.fix Missing.Authorization.to.Authenticated.(Susbcriber+).Widget.Toggle MEDIUM" "crm-customer-relationship-management-by-vcita 2.7.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "crm-customer-relationship-management-by-vcita No.known.fix Settings.Update.Via.CSRF MEDIUM" "comments-on-feed No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "codepen-embedded-pen-shortcode 1.0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "codepen-embedded-pen-shortcode 1.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-database-tables No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cpa-offerwall No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "corner-ad 1.0.57 Ads.Deletion.via.CSRF MEDIUM" "corner-ad 1.0.8 Admin+.Stored.XSS LOW" "cf7-styler No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution.and.Reflected.Cross-Site.Scripting MEDIUM" "cf7-styler 1.6.9 Reflected.XSS MEDIUM" "cf7-styler 1.6.9 Reflected.Cross-Site.Scripting MEDIUM" "cf7-styler 1.6.5 Missing.Authorization.via.Several.AJAX.Action MEDIUM" "cf7-styler 1.5.4 Reflected.Cross-Site.Scripting MEDIUM" "cf7-styler 1.4.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "contact-bank No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "cm-on-demand-search-and-replace 1.4.3 Reflected.XSS HIGH" "cm-on-demand-search-and-replace 1.3.9 Plugin.Reset.via.CSRF MEDIUM" "cm-on-demand-search-and-replace 1.3.1 Multiple.CSRF MEDIUM" "cm-on-demand-search-and-replace 1.3.1 Admin+.Stored.XSS LOW" "cyklodev-wp-notify 1.3.0 Admin+.Stored.XSS LOW" "custom-post-type-page-template No.known.fix Cross-Site.Request.Forgery MEDIUM" "companion-portfolio No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cpt-onomies No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "case-study No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "collect-and-deliver-interface-for-woocommerce 5.5.6 Authenticated.(Shop.Manager+).Arbitrary.File.Upload HIGH" "collect-and-deliver-interface-for-woocommerce 5.1.9 Reflected.Cross-Site-Scripting MEDIUM" "custom-post-type-lockdown No.known.fix Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "cf7-material-design No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "contact-form-builder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "contact-form-builder 1.0.69 CSRF.to.LFI HIGH" "cc-bmi-calculator 2.1.0 Contributor+.Stored.XSS MEDIUM" "csv-mass-importer No.known.fix Admin+.Arbitrary.File.Upload MEDIUM" "catchers-helpdesk No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "curatorio 1.9.2 Contributor+.Stored.XSS MEDIUM" "cozy-addons 2.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cozy-addons 2.0.19 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cozy-addons 2.0.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cozy-addons 2.0.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cozy-addons 1.2.4 Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7-star-rating No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "cardealerpress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.saleclass.Parameter MEDIUM" "cardealerpress 6.7.2411.00 Reflected.Cross-Site.Scripting MEDIUM" "comment-reply-notification No.known.fix Cross-Site.Request.Forgery MEDIUM" "customize-login-image 3.5.3 Admin+.Stored.Cross-Site.Scripting LOW" "court-reservation 1.9.1 Reflected.Cross-Site.Scripting MEDIUM" "court-reservation 1.6.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "coupon-referral-program No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "coupon-referral-program No.known.fix Sensitive.Information.Disclosure MEDIUM" "contact-forms-builder No.known.fix Authentication.Request.Bypass MEDIUM" "contact-forms-builder No.known.fix Reflected.XSS HIGH" "coschedule-by-todaymade 3.3.9 CSRF MEDIUM" "convert-post-types No.known.fix Cross-Site.Request.Forgery MEDIUM" "convert-post-types No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "coming-soon-by-supsystic 1.7.11 Cross-Site.Request.Forgery MEDIUM" "coming-soon-by-supsystic 1.7.6 Reflected.Cross-Site.Scripting MEDIUM" "cf7-conditional-fields 2.5 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "cf7-conditional-fields 2.4.14 Cross-Site.Request.Forgery.to.Plugin.Setting.Reset MEDIUM" "cf7-conditional-fields 2.4.2 Missing.Authorization MEDIUM" "cc-custom-taxonmy No.known.fix Admin+.Stored.XSS LOW" "content-cards No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "content-cards 0.9.7 Cross-Site.Scripting.(XSS) MEDIUM" "cluevo-lms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cluevo-lms No.known.fix Cross-Site.Request.Forgery.to.Module.Deletion MEDIUM" "cluevo-lms 1.11.0 Settings.Update.via.CSRF MEDIUM" "cluevo-lms 1.8.1 Admin+.Stored.Cross.Site.Scripting LOW" "cloudflare-cache-purge No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cf7-mailchimp 1.1.1 Reflected.Cross-Site.Scripting HIGH" "cache-images 3.2.1 Image.Upload./.Import.via.CSRF MEDIUM" "custom-contact-forms 5.1.0.4 Unauthenticated.Database.Import/Export CRITICAL" "custom-contact-forms 5.1.0.3 Authenticated.Cross.Site.Scripting CRITICAL" "classy-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "code-explorer No.known.fix Authenticated.(Admin+).External.File.Reading MEDIUM" "custom-post-types 5.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-post-types 5.0.0 Admin+.Stored.Cross-Site.Scripting MEDIUM" "custom-post-types 5.0.3 Admin+.Stored.XSS LOW" "convertkit 2.4.9.1 Missing.Authorization MEDIUM" "convertkit 2.4.6 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "convertkit 2.2.1 Reflected.XSS HIGH" "convertkit 2.0.5 Contributor+.Stored.XSS MEDIUM" "carousel-ck No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "customer-area 8.2.5 Bulk.Delete.via.CSRF MEDIUM" "customer-area 8.2.5 Event.Log.Deletion.via.CSRF MEDIUM" "customer-area 8.2.3 .Reflected.Cross-Site.Scripting MEDIUM" "customer-area 8.2.1 Subscriber+.Account.Address.Leak MEDIUM" "customer-area 8.2.1 Subscriber+.Account.Address.Update MEDIUM" "customer-area 8.1.4 Unauthorised.Actions.via.CSRF MEDIUM" "customer-area 7.4.3 XSS MEDIUM" "contact-form-master No.known.fix Reflected.XSS HIGH" "carousel-slider 2.0.0 Cross-Site.Request.Forgery MEDIUM" "carousel-slider 2.2.4 Cross-Site.Request.Forgery MEDIUM" "carousel-slider 2.2.4 Editor+.Stored.XSS LOW" "carousel-slider 2.2.11 Editor+.Stored.XSS LOW" "carousel-slider 2.2.10 Editor+.Stored.XSS MEDIUM" "carousel-slider 2.2.7 Editor+.Stored.XSS LOW" "carousel-slider 2.2.3 Missing.Authorization MEDIUM" "child-themes-helper No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Deletion HIGH" "comments-with-hypercommentscom No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "caldera-smtp-mailer No.known.fix Missing.Authorization MEDIUM" "click-to-chat-for-whatsapp 4.0 Contributor+.LFI HIGH" "click-to-chat-for-whatsapp 3.18.1 Contributor+.Stored.XSS MEDIUM" "clerkio 4.0.0 Authentication.Bypass.and.API.Keys.Disclosure LOW" "custom-simple-rss 2.0.7 CSRF MEDIUM" "cookiehint-wp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-order-statuses-for-woocommerce No.known.fix Missing.Authorization MEDIUM" "custom-order-statuses-for-woocommerce No.known.fix Cross-Site.Request.Forgery MEDIUM" "cookiemonster No.known.fix Admin+.Stored.XSS LOW" "contentlock 1.0.4 Settings.Update.via.CSRF MEDIUM" "contentlock 1.0.4 Email.Adding.via.CSRF MEDIUM" "contentlock 1.0.4 Groups/Emails.Deletion.via.CSRF MEDIUM" "comicbookmanagementsystemweeklypicks 2.2.0 Admin+.SQLi MEDIUM" "content-egg 5.5.0 Multiple.CSRF MEDIUM" "content-egg 5.3.1 Reflected.Cross-Site.Scripting MEDIUM" "content-egg 5.3.0 Reflected.Cross-Site.Scripting MEDIUM" "cache-control-by-cacholong No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "cache-control-by-cacholong No.known.fix Cross-Site.Request.Forgery MEDIUM" "cm-pop-up-banners 1.7.6 Reflected.XSS HIGH" "cm-pop-up-banners 1.7.3 Contributor+.Stored.XSS MEDIUM" "cm-pop-up-banners 1.6.6 Contributor+.Stored.XSS MEDIUM" "change-table-prefix No.known.fix Cross-Site.Request.Forgery.via.change_prefix_form HIGH" "category-page-icons No.known.fix Arbitrary.File.Upload/Deletion.via.Path.Traversal CRITICAL" "complianz-gdpr-premium 6.4.2 GDPR/CCPA.Cookie.Consent.<.6.4.2.-.Contributor+.Stored.XSS MEDIUM" "complianz-gdpr-premium 6.3.6 Translator.SQLi MEDIUM" "contact-form-7-select-box-editor-button No.known.fix Cross-Site.Request.Forgery MEDIUM" "calculated-fields-form 5.2.62 Admin+.Stored.XSS LOW" "calculated-fields-form 5.2.62 Admin+.Stored.XSS LOW" "calculated-fields-form 5.2.64 Denial.of.Service MEDIUM" "calculated-fields-form 5.2.64 Admin+.Stored.XSS LOW" "calculated-fields-form 5.2.46 HTML.Injection MEDIUM" "calculated-fields-form 1.2.55 Reflected.Cross-Site.Scripting MEDIUM" "calculated-fields-form 5.1.57 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "calculated-fields-form 1.2.53 Contributor+.Stored.XSS MEDIUM" "calculated-fields-form 1.2.29 Contributor+.Open.Redirect MEDIUM" "calculated-fields-form 1.2.41 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "calculated-fields-form 1.1.151 Admin+.Stored.Cross-Site.Scripting.via.Dropdown.Fields LOW" "calculated-fields-form 1.0.354 Authenticated.Stored.XSS MEDIUM" "cwd-3d-image-gallery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "content-repeater No.known.fix Admin+.Stored.XSS LOW" "codesnips No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "captcha-bank No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "countdown-builder 2.9.0 Unauthenticated.Limited.Local.File.Inclusion HIGH" "countdown-builder 2.8.9 Authenticated.(Contributor+).Remote.Code.Execution HIGH" "countdown-builder No.known.fix Admin+.Stored.XSS LOW" "countdown-builder 2.7.8.1 Missing.Authorization.to.Authenticated.(Subscriber+).PHP.Object.Injection MEDIUM" "countdown-builder 2.3.3 Reflected.Cross-Site.Scripting MEDIUM" "countdown-builder No.known.fix Pro.Features.Lock.Bypass LOW" "countdown-builder No.known.fix Admin+.Stored.XSS LOW" "countdown-builder 2.2.9 Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7-dynamic-text-extension 5.0.2 Cross-Site.Request.Forgery MEDIUM" "contact-form-7-dynamic-text-extension 4.5.1 Information.Disclosure.via.Shortcode MEDIUM" "contact-form-7-dynamic-text-extension 4.2.0 Insecure.Direct.Object.Reference MEDIUM" "configure-conference-room No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "continue-shopping-from-cart-page No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "custom-smilies No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "contact-form-7 6.0.6 Order.Replay.Vulnerability MEDIUM" "contact-form-7 5.9.5 Unauthenticated.Open.Redirect MEDIUM" "contact-form-7 5.9.2 Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7 5.8.4 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "contact-form-7 5.3.2 Unrestricted.File.Upload HIGH" "contact-form-7 5.0.4 register_post_type().Privilege.Escalation CRITICAL" "cf7-styler-for-divi 1.3.3 Reflected.Cross-Site.Scripting MEDIUM" "cf7-styler-for-divi 1.3.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "craw-data No.known.fix Server.Side.Request.Forgery MEDIUM" "conversation-watson 0.8.21 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "chalet-montagne-com-tools No.known.fix Reflected.XSS HIGH" "chat-bubble No.known.fix Admin+.Stored.XSS LOW" "chat-bubble No.known.fix Settings.Update.via.CSRF MEDIUM" "chat-bubble 2.3 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "cf7-summary-and-print 1.2.6 Settings.Update.via.CSRF MEDIUM" "custom-field-bulk-editor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "capa No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "cp-image-gallery No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cp-image-gallery No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "content-bot No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "clock-in-portal No.known.fix Designation.Deletion.via.CSRF MEDIUM" "clock-in-portal No.known.fix Holidays.Deletion.via.CSRF MEDIUM" "clock-in-portal No.known.fix Staff.Deletion.via.CSRF MEDIUM" "catch-popup No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "customer-reviews-woocommerce 5.62.0 Missing.Authorization.to.Authenticated.(Subscriber+).Import.Cancellation MEDIUM" "customer-reviews-woocommerce 5.48.0 Reflected.Cross-Site.Scripting.via.'s' MEDIUM" "customer-reviews-woocommerce 5.47.0 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Email.Sending MEDIUM" "customer-reviews-woocommerce 5.47.0 Missing.Authorization.to.Authenticated.(Subscriber+).Coupon.Search MEDIUM" "customer-reviews-woocommerce 5.39.0 Improper.Authorization.via.submit_review MEDIUM" "customer-reviews-woocommerce 5.38.10 Author+.Arbitrary.File.Upload HIGH" "customer-reviews-woocommerce 5.38.2 Missing.Authorization.via.manual.review.reminders MEDIUM" "customer-reviews-woocommerce 5.38.2 Cross-Site.Request.Forgery.via.manual.review.reminders MEDIUM" "customer-reviews-woocommerce 5.36.1 Missing.Authorization.in.Reviews.Exporter MEDIUM" "customer-reviews-woocommerce 5.36.1 Missing.Authorization MEDIUM" "customer-reviews-woocommerce 5.17.0 Contributor+.Stored.XSS MEDIUM" "customer-reviews-woocommerce 5.16.0 Contributor+.LFI CRITICAL" "customer-reviews-woocommerce 5.3.6 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "customer-reviews-woocommerce 5.3.6 Broken.Access.Control MEDIUM" "customer-reviews-woocommerce 5.3.6 Cross-Site.Request.Forgery MEDIUM" "callphoner No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "coblocks 3.1.14 Missing.Authorization MEDIUM" "coblocks 3.1.13 Editor+.Stored.XSS LOW" "coblocks 3.1.12 Contributor+.SSRF LOW" "coblocks 3.1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Social.Profiles MEDIUM" "coblocks 3.1.7 Contributor+.Stored.XSS MEDIUM" "coblocks 3.1.7 Contributor+.Stored.XSS MEDIUM" "conversion-de-moneda No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "contact-form-multi 1.2.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "cf7-database 3.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-top-bar No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "custom-script-integration No.known.fix Cross-Site.Request.Forgery MEDIUM" "co-marquage-service-public 0.5.77 Reflected.Cross-Site.Scripting.via.add_query_arg.Parameter MEDIUM" "co-marquage-service-public 0.5.72 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "co-marquage-service-public 0.5.73 Reflected.Cross-Site.Scripting.via.search_term MEDIUM" "cf7-zoho 1.2.4 Admin+.SQLi MEDIUM" "cf7-zoho 1.2.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "cf7-zoho 1.1.9 Reflected.Cross-Site.Scripting HIGH" "cf7-zoho 1.1.8 Reflected.Cross-Site.Scripting HIGH" "chatplusjp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "chart-builder 3.1.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "chart-builder 2.9.6 Unauthenticated.Local.File.Inclusion.via.source CRITICAL" "chart-builder 2.7.7 Reflected.Cross-Site.Scripting MEDIUM" "chart-builder 2.0.7 Authenticated(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "chart-builder 1.9.7 Admin+.Stored.XSS LOW" "dzs-zoomsounds No.known.fix WordPress.Wave.Audio.Player.with.Playlist.<=.6.91.-.Unauthenticated.Arbitrary.File.Download HIGH" "dzs-zoomsounds No.known.fix WordPress.Wave.Audio.Player.with.Playlist.<=.6.91.-.Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Options.Update.and.Settings.Manipulation HIGH" "dzs-zoomsounds No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "dzs-zoomsounds No.known.fix WordPress.Wave.Audio.Player.with.Playlist.<=.6.91.-.Unauthenticated.PHP.Object.Injection HIGH" "dzs-zoomsounds 6.50 Unauthenticated.Arbitrary.File.Download HIGH" "dzs-zoomsounds 6.05 Unauthenticated.Arbitrary.File.Upload CRITICAL" "dzs-zoomsounds 3.0 Remote.File.Upload CRITICAL" "dynamic-featured-image No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.dfiFeatured.Parameter MEDIUM" "drag-and-drop-form-builder-for-contact-form-7 1.2.6 Reflected.Cross-Site.Scripting MEDIUM" "drag-and-drop-form-builder-for-contact-form-7 1.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "duplicate-post-page-menu-custom-post-type 2.4.0 Subscriber+.Post.Duplication MEDIUM" "decon-wp-sms No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "delivery-woo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "delivery-woo No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "dyn-business-panel No.known.fix Reflected.XSS HIGH" "dyn-business-panel No.known.fix Reflected.XSS HIGH" "dyn-business-panel No.known.fix Stored.XSS.via.CSRF HIGH" "dollie 6.2.1 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "display-post-meta No.known.fix Display.Post.Meta.<=.2,4,4.-Reflected.Cross-Site.Scripting MEDIUM" "darkmysite No.known.fix Cross-Site.Request.Forgery MEDIUM" "document No.known.fix Missing.Authorization MEDIUM" "dynamic-post-grid-elementor-addon 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "delete-original-image No.known.fix Cross-Site.Request.Forgery MEDIUM" "database-toolset No.known.fix Unauthenticated.Sensitive.Information.Exposure.via.Backup.Files MEDIUM" "database-toolset No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "database-toolset No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "download-monitor 5.0.14 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "download-monitor 5.0.13 Missing.Authorization.to.API.Key.Manipulation MEDIUM" "download-monitor 5.0.10 Missing.Authorization.to.Authenticated.(Subscriber+).Shop.Enable MEDIUM" "download-monitor 4.9.14 Missing.Authorization MEDIUM" "download-monitor 4.9.5 Authenticated.(Admin+).SQL.Injection HIGH" "download-monitor 4.8.2 Admin+.SSRF MEDIUM" "download-monitor 4.5.98 Admin+.Arbitrary.File.Download MEDIUM" "download-monitor 4.5.91 Admin+.Arbitrary.File.Download MEDIUM" "download-monitor 4.4.7 Reflected.Cross-Site.Scripting MEDIUM" "download-monitor 4.4.7 Admin+.Arbitrary.File.Download MEDIUM" "download-monitor 4.4.7 Admin+.Stored.Cross-Site.Scripting LOW" "download-monitor 4.4.5 Admin+.SQL.Injection MEDIUM" "download-monitor 1.9.7 Unauthenticated.Downloading.of.Logs MEDIUM" "download-monitor 1.7.1 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "download-monitor 1.6.4 Authenticated.Directory.Listing MEDIUM" "download-monitor 3.3.6.2 Multiple.Reflected.Cross-Site.Scripting MEDIUM" "domain-check 1.0.17 Reflected.Cross-Site.Scripting MEDIUM" "dsgvo-all-in-one-for-wp 4.7 Cross-Site.Request.Forgery.to.Account.Deletion MEDIUM" "dsgvo-all-in-one-for-wp 4.6 Contributor+.Stored.XSS MEDIUM" "dsgvo-all-in-one-for-wp 4.4 Cross-Site.Request.Forgery MEDIUM" "dsgvo-all-in-one-for-wp 4.2 Admin+.Stored.Cross-Site.Scripting LOW" "dsgvo-all-in-one-for-wp 4.0 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "dashboard-widgets-suite 3.4.4 Reflected.Cross-Site.Scripting MEDIUM" "dashboard-widgets-suite 3.4.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "dashboard-widgets-suite 3.2.2 Admin+.Stored.XSS LOW" "drozd-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "digiproveblog No.known.fix Reflected.Cross-Site-Scripting MEDIUM" "drawit No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "datamentor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dn-footer-contacts No.known.fix Cross-Site.Request.Forgery MEDIUM" "dn-footer-contacts 1.6.3 Admin+.Stored.XSS LOW" "dashing-memberships No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "disable-auto-updates No.known.fix Cross-Site.Request.Forgery.to.Auto-update.Disable MEDIUM" "database-collation-fix 1.2.8 Cross-Site.Request.Forgery MEDIUM" "delete-post-revisions-on-single-click No.known.fix Cross-Site.Request.Forgery MEDIUM" "distancr 1.1.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "dropdown-content No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dynamicconditions No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "divi-builder 4.25.1 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "divi-builder 4.5.3 4.5.2,.Extra.2.0.-.4.5.2,.Divi.Builder.2.0.-.4.5.2).-.Authenticated.Arbitrary.File.Upload MEDIUM" "divi-builder 4.0.10 Authenticated.Code.Injection MEDIUM" "divi-builder 2.17.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "divi-builder 1.2.4 Privilege.Escalation HIGH" "display-a-meta-field-as-block 1.2.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "display-terms-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "display-product-variations-dropdown-on-shop-page No.known.fix Missing.Authorization MEDIUM" "doppler-form No.known.fix Missing.Authorization MEDIUM" "doppler-form No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "doppler-form No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "digirisk 6.1.0.0 Reflected.Cross-Site.Scripting MEDIUM" "donorbox-donation-form 7.1.7 Admin+.Stored.Cross-Site.Scripting LOW" "dr-flex 2.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "digital-license-manager 1.7.4 Reflected.Cross-Site.Scripting.via.remove_query_arg.Function MEDIUM" "donate-visa No.known.fix Missing.Authorization MEDIUM" "demo-my-wordpress 1.1.0 Unauthenticated.Privilege.Escalation CRITICAL" "downloader-tiktok 1.4 Server.Side.Request.Forgery.(SSRF).&.Local.File.Inclusion.(LFI) MEDIUM" "donate-button 2.1.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "debug-bar-extender No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "donate-with-qrcode No.known.fix Plugin's.Setting.Update.via.CSRF MEDIUM" "donate-with-qrcode 1.4.5 Stored.Cross-Site.Scripting MEDIUM" "db-tables-importexport No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "database-sync No.known.fix Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "device-theme-switcher No.known.fix Cross-Site.Request.Forgery MEDIUM" "dont-muck-my-markup No.known.fix Cross-Site.Request.Forgery MEDIUM" "designthemes-core-features No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "designthemes-core-features 4.8 Missing.Authorization.to.Unauthenticated.Arbitrary.File.Read.via.dt_process_imported_file HIGH" "debug-assistant 1.5 Administrator.Account.Creation.via.CSRF HIGH" "debug-assistant 1.5 Admin+.Stored.XSS LOW" "ddirections No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "doofinder No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "droit-elementor-addons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "droit-elementor-addons No.known.fix Cross-Site.Request.Forgery MEDIUM" "download-theme 1.1.0 Cross-Site.Request.Forgery MEDIUM" "dx-auto-publish No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "dp-addthis No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "download-magnet 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "debt-calculator No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "dragon-calendar-free-version No.known.fix Cross-Site.Request.Forgery MEDIUM" "demomentsomtres-wp-export No.known.fix Subscriber+.unauthorized.data.export MEDIUM" "demomentsomtres-wp-export 20200610 Reflected.Cross-Site.Scripting MEDIUM" "dforms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "display-custom-post No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dn-popup No.known.fix Settings.Update.via.CSRF MEDIUM" "dropdown-menu-widget No.known.fix Subscriber+.Arbitrary.Settings.Update.to.Stored.XSS MEDIUM" "duofaq-responsive-flat-simple-faq No.known.fix Reflected.Cross-Site.Scripting HIGH" "dirtysuds-embed-pdf No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "dzs-ajaxer-lite-dynamic-page-load No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "dicom-support 0.10.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dashylite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dashylite No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "dw-promobar No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "dl-leadback No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "debranding No.known.fix Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "debranding No.known.fix Privilege.Escalation HIGH" "dynamic-post No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "dap-to-autoresponders-daar No.known.fix Unauthenticated.Information.Exposure MEDIUM" "duplicate-title-validate 1.4 Subscriber+.SQL.Injection HIGH" "display-medium-posts No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.display_medium_posts.Shortcode MEDIUM" "drug-search No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "database-backup 2.36 Authenticated.(Administrator+).Sensitive.Information.Exposure HIGH" "database-backup 2.37 Authenticated.(Administrator+).Arbitrary.File.Deletion HIGH" "database-backup 2.33 Authenticated.(Admin+).Arbitrary.File.Read MEDIUM" "data-dash No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "database-peek No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "disable-image-right-click No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "dracula-dark-mode 1.0.9 The.Revolutionary.Dark.Mode.Plugin.For.WordPress.<.1.0.9.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "dracula-dark-mode 1.0.1 Reflected.Cross-Site.Scripting MEDIUM" "dologin 3.8 Missing.Authorization.via.REST.Endpoints MEDIUM" "dologin 3.7.1 Subscriber+.IP.Address.leak MEDIUM" "dologin 3.7 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "dologin 3.7 IP.Spoofing MEDIUM" "dd-rating No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "dtc-documents No.known.fix Cross-Site.Request.Forgery MEDIUM" "demon-image-annotation 4.8 Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "delete-usermetas 1.2.0 Cross-Site.Request.Forgery MEDIUM" "digital-lottery No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "dynamic-widgets 1.6.5 Cross-Site.Request.Forgery MEDIUM" "dynamic-widgets 1.6 Reflected.Cross-Site.Scripting MEDIUM" "dynamic-widgets 1.5.11 Authenticated.Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "downloadmanager 3.2.83 Unauthenticated.Password.Protected.File.Bypass MEDIUM" "doneren-met-mollie 2.10.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "doneren-met-mollie 2.10.3 Unauthenticated.Reflected.Cross-Site.Scripting.via.search MEDIUM" "doneren-met-mollie 2.8.5 Unauthorised.CSV.Export.leading.to.Sensitive.Data.Disclosure MEDIUM" "debug-log-manager 2.3.5 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "debug-log-manager 2.3.2 Missing.Authorization MEDIUM" "debug-log-manager 2.3.2 Missing.Authorization.via.toggle_debugging MEDIUM" "debug-log-manager 2.3.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "debug-log-manager 2.3.0 Sensitive.Logs.Exposure MEDIUM" "debug-log-manager 2.2.2 Debug.Log.Clearing.via.CSRF MEDIUM" "debug-log-manager 2.2.2 Subscriber+.Debug.Log.Clearing MEDIUM" "demomentsomtres-mailchimp-subscribe 3.201706150908 Reflected.Cross-Site.Scripting MEDIUM" "delhivery-logistics-courier No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "dn-cookie-notice No.known.fix Cross-Site.Request.Forgery MEDIUM" "duogeek-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "devnex-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "delete-all-comments-easily No.known.fix All.Comments.Deletion.via.CSRF MEDIUM" "default-thumbnail-plus No.known.fix Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "dynamic-url-seo 1.2 Reflected.Cross-Site.Scripting MEDIUM" "dynamic-url-seo 1.2 Cross-Site.Request.Forgery MEDIUM" "dynamic-url-seo 1.2 Reflected.XSS HIGH" "donations-block No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "donations-block No.known.fix Unauthenticated.Stored.XSS HIGH" "donations-block 2.1.0 Contributor+.Stored.XSS MEDIUM" "dynamic-content-for-elementor 2.12.5 Cross-Site.Request.Forgery MEDIUM" "dynamic-content-for-elementor 1.9.6 Authenticated.RCE CRITICAL" "dynamic-product-categories-design 1.1.4 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "d-bargain 4.0.0 Admin+.Stored.XSS LOW" "dovetail No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "disabler 4.0.0 CSRF MEDIUM" "debug-tool No.known.fix Missing.Authorization MEDIUM" "debug-tool No.known.fix Unauthenticated.Arbitrary.File.Creation CRITICAL" "debug-tool No.known.fix Missing.Authorization.to.Information.Exposure MEDIUM" "distance-based-shipping-calculator 2.0.23 Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "distance-based-shipping-calculator 2.0.23 Missing.Authorization MEDIUM" "distance-based-shipping-calculator 2.0.22 Reflected.Cross-Site.Scripting MEDIUM" "distance-based-shipping-calculator 2.0.24 Subscriber+.SQL.Injection HIGH" "demo-importer-plus 2.0.2 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "directories 1.3.46 Authenticated.Self-Reflected.Cross-Site.Scripting LOW" "directories 1.3.46 Authenticated.Reflected.Cross-Site.Scripting CRITICAL" "donate-extra No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "daggerhart-openid-connect-generic 3.8.2 Reflected.Cross.Site.Scripting.(XSS).via.Login.Error MEDIUM" "debounce-io-email-validator No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "debounce-io-email-validator 5.71 Unauthenticated.Local.File.Inclusion CRITICAL" "debounce-io-email-validator No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "debounce-io-email-validator 5.6.6 Reflected.Cross-Site.Scripting MEDIUM" "devbuddy-twitter-feed No.known.fix Admin+.Stored.XSS LOW" "dropdown-and-scrollable-text 2.1 Reflected.Cross-Site.Scripting MEDIUM" "daisycon No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "dashboard-notepads No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "domain-replace No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dukapress 2.5.9.1 Unauthenticated.Blind.SQL.Injection CRITICAL" "delete-old-posts-programmatically 3.4.3 Reflected.Cross-Site.Scripting MEDIUM" "delete-old-posts-programmatically 2.1.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "dyslexiefont No.known.fix CSRF MEDIUM" "dyslexiefont 1.0.0 Authenticated.Cross-Site.Scripting MEDIUM" "digiwidgets-image-editor No.known.fix Unauthenticated.Remote.Code.Execution CRITICAL" "dynamic-to-top No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "dokan-pro 3.11.0 Unauthenticated.SQL.Injection CRITICAL" "download-button-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dw-question-answer No.known.fix CSRF.Bypass.in.Multiple.Plugins MEDIUM" "dx-watermark No.known.fix Cross-Site.Request.Forgery MEDIUM" "duplicate-post 3.2.4 Authenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "dx-share-selection 1.5 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "devexhub-gallery No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "download-manager 3.3.13 Author+.Arbitrary.File.Deletion HIGH" "download-manager 3.3.13 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "download-manager 3.3.09 Authenticated.(Author+).Path.Traversal.to.Limited.File.Overwrite MEDIUM" "download-manager 3.3.07 Unauthenticated.Data.Exposure MEDIUM" "download-manager 3.3.04 Missing.Authorization MEDIUM" "download-manager 3.3.04 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "download-manager 3.3.04 Unauthenticated.Download.of.Password-Protected.Files MEDIUM" "download-manager 3.3.03 Admin+.Stored.XSS LOW" "download-manager 3.3.00 Contributor+.Stored.XSS LOW" "download-manager 3.2.98 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "download-manager 3.2.99 Admin+.Stored.XSS LOW" "download-manager 3.2.90 Improper.Authorization.via.protectMediaLibrary HIGH" "download-manager 3.2.94 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Multiple.Shortcodes MEDIUM" "download-manager 3.2.87 Authenticated.(Subscriber+).Stored.Self-Based.Cross-Site.Scripting MEDIUM" "download-manager 3.2.94 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpdm_modal_login_form.Shortcode MEDIUM" "download-manager 3.2.91 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpdm-all-packages.Shortcode MEDIUM" "download-manager 3.2.85 Contributor+.Stored.XSS MEDIUM" "download-manager 3.2.86 Contributor+.Stored.XSS MEDIUM" "download-manager 3.2.85 Unauthenticated.File.Download MEDIUM" "download-manager 3.2.83 Unauthenticated.Protected.File.Download.Password.Leak MEDIUM" "download-manager 3.2.71 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "download-manager 3.2.71 Broken.Access.Controls MEDIUM" "download-manager 6.3.0 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "download-manager 3.2.62 Contributor+.Stored.XSS MEDIUM" "download-manager 3.2.60 Reflected.XSS HIGH" "download-manager 3.2.55 Admin+.Arbitrary.File/Folder.Access.via.Path.Traversal MEDIUM" "download-manager 3.2.50 Contributor+.PHAR.Deserialization HIGH" "download-manager 3.2.53 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "download-manager 3.2.51 Contributor+.Arbitrary.File.Deletion HIGH" "download-manager 3.2.49 Clear.Stats.&.Cache.via.CSRF MEDIUM" "download-manager 3.2.50 Bypass.IP.Address.Blocking.Restriction MEDIUM" "download-manager 3.2.49 Multiple.CSRF MEDIUM" "download-manager 3.2.49 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "download-manager 3.2.44 Reflected.Cross-Site.Scripting MEDIUM" "download-manager 3.2.44 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "download-manager 3.2.48 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "download-manager 3.2.43 Reflected.Cross-Site.Scripting MEDIUM" "download-manager 3.2.39 Unauthenticated.brute.force.of.files.master.key MEDIUM" "download-manager 3.2.35 Sensitive.Information.Disclosure HIGH" "download-manager 3.2.34 Authenticated.SQL.Injection.to.Reflected.XSS MEDIUM" "download-manager 3.2.22 Subscriber+.Stored.Cross-Site.Scripting HIGH" "download-manager 3.2.16 Admin+.Stored.Cross-Site.Scripting LOW" "download-manager 3.2.13 Email.Template.Setting.Update.via.CSRF MEDIUM" "download-manager 3.1.25 .Authenticated.Directory.Traversal MEDIUM" "download-manager 3.1.25 Authenticated.File.Upload MEDIUM" "download-manager 3.1.22 Plugin.Settings.Change.via.CSRF MEDIUM" "download-manager 3.1.23 Unauthorised.Asset.Manager.Usage HIGH" "download-manager 3.1.19 Authenticated.(author+).PHP4.File.Upload.to.RCE CRITICAL" "download-manager 3.1.18 Unauthorised.Download.Duplication MEDIUM" "download-manager 2.9.97 Various.Sanitisation.Issues MEDIUM" "download-manager 2.9.94 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "download-manager 2.9.61 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "download-manager 2.9.50 Cross-Site.Scripting.(XSS) MEDIUM" "download-manager 2.9.51 Open.Redirect HIGH" "database-backups No.known.fix CSRF.to.Backup.Download HIGH" "duplicate-page 4.4.3 Admin+.Stored.Cross-Site.Scripting LOW" "duplicate-page 3.4 Authenticated.SQL.Injection HIGH" "delete-comments-by-status No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "disable-dashboard-for-woocommerce 3.2.9 Reflected.Cross-Site.Scripting MEDIUM" "displayproduct No.known.fix Unauthenticated.SQL.Injection HIGH" "dejureorg-vernetzungsfunktion 1.98.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "documentpress-display-any-document-on-your-site No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dynamic-qr-code-generator No.known.fix Reflected.XSS HIGH" "dragfy-addons-for-elementor No.known.fix Missing.Authorization.via.save_settings MEDIUM" "disable-comments-wpz No.known.fix Authenticated.(Administrator+).SQL.Injection CRITICAL" "ditty-news-ticker 3.1.52 Author+.Stored.XSS LOW" "ditty-news-ticker 3.1.47 Author+.Stored.XSS MEDIUM" "ditty-news-ticker 3.1.46 Author+.Stored.XSS MEDIUM" "ditty-news-ticker 3.1.45 Author+.Stored.XSS MEDIUM" "ditty-news-ticker 3.1.43 Author+.Stored.XSS MEDIUM" "ditty-news-ticker 3.1.39 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "ditty-news-ticker 3.1.36 Author+.Stored.XSS MEDIUM" "ditty-news-ticker 3.1.32 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "ditty-news-ticker 3.1.25 Missing.Authorization.via.save_ditty_permissions_check MEDIUM" "ditty-news-ticker 3.1.25 Reflected.XSS HIGH" "ditty-news-ticker 3.0.33 Contributor+.Stored.XSS MEDIUM" "ditty-news-ticker 3.0.15 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "disc-golf-manager No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "doctor-listing 1.3.6 Subscriber+.Privilege.Escalation CRITICAL" "dokme No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "dethemekit-for-elementor No.known.fix Missing.Authorization MEDIUM" "dethemekit-for-elementor 2.1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dethemekit-for-elementor 2.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dethemekit-for-elementor 2.1.9 Authenticated.(Contributor+).Protected.Post.Disclosure MEDIUM" "dethemekit-for-elementor 2.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.De.Gallery.Widget MEDIUM" "dethemekit-for-elementor 2.1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dethemekit-for-elementor 2.1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.URL.Parameter.of.the.De.Gallery.Widget MEDIUM" "dethemekit-for-elementor 2.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.slitems.Attribute MEDIUM" "dethemekit-for-elementor 2.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "dethemekit-for-elementor 2.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dethemekit-for-elementor 2.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dethemekit-for-elementor 1.5.5.5 Contributor+.Stored.XSS MEDIUM" "dr-widgets-blocks 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "developer-toolbar No.known.fix Unauthenticated.Information.Exposure MEDIUM" "dw-question-answer-pro 1.3.7 Arbitrary.Comment.Edition.via.IDOR MEDIUM" "dw-question-answer-pro 1.3.7 Multiple.CSRF MEDIUM" "disable-admin-notices No.known.fix Cross-Site.Request.Forgery MEDIUM" "display-admin-page-on-frontend 1.21.1 Reflected.Cross-Site.Scripting MEDIUM" "display-admin-page-on-frontend 1.17.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "demomentsomtres-categories No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "demomentsomtres-categories No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "demomentsomtres-categories No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "display-metadata No.known.fix Contributor+.Stored.XSS MEDIUM" "drop-shadow-boxes 1.7.15 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "drop-shadow-boxes 1.7.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "drop-shadow-boxes 1.7.12 Reflected.Cross-Site.Scripting MEDIUM" "drop-shadow-boxes 1.7.11 Contributor+.Cross-Site.Scripting MEDIUM" "drop-shadow-boxes 1.7.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "drop-shadow-boxes 1.7.2 Subscriber+.Arbitrary.Option.Update CRITICAL" "definitive-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "duplicator-pro 4.5.14.2 Unauthenticated.Sensitive.Data.Exposure HIGH" "duplicator-pro 4.5.11.1 Unauthenticated.Reflected.XSS HIGH" "duplicator-pro 3.8.7.1 Unauthenticated.Arbitrary.File.Download HIGH" "download-from-files No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "device-wrapper 1.1.1 Reflected.Cross-Site.Scripting MEDIUM" "debug 1.11 CSRF MEDIUM" "deeper-comments No.known.fix Subscriber+.Arbitrary.Options.Update HIGH" "dokan-lite 3.7.6 Unauthenticated.SQLi HIGH" "dokan-lite 3.6.4 Vendor.Stored.Cross-Site.Scripting MEDIUM" "dokan-lite 3.2.1 CSRF.Nonce.Bypasses MEDIUM" "dokan-lite 3.0.9 Cross-Site.Request.Forgery MEDIUM" "dokan-lite 3.0.9 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "dd-roles No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "decorator-woocommerce-email-customizer 1.2.8 WooCommerce.Email.Customizer.<.1.2.8.-.Cross-Site.Request.Forgery MEDIUM" "duracelltomi-google-tag-manager 1.15.2 Admin+.Stored.Cross-Site.Scripting LOW" "duracelltomi-google-tag-manager 1.15.1 Reflected.Cross-Site.Scripting MEDIUM" "download-zip-attachments No.known.fix Arbitrary.File.Download HIGH" "drag-and-drop-multiple-file-upload-for-woocommerce 1.1.5 Unauthenticated.Arbitrary.File.Move CRITICAL" "drag-and-drop-multiple-file-upload-for-woocommerce 1.1.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "dropdown-multisite-selector 0.9.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dropdown-multisite-selector 0.9.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "dont-break-the-code No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "donations-for-woocommerce 1.1.10 Cross-Site.Request.Forgery MEDIUM" "different-home-for-logged-in-logged-out 1.3.4 Reflected.Cross-Site.Scripting MEDIUM" "designer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "designer 1.5.0 Contributor+.Local.File.Inclusion HIGH" "dezdy-mcommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "digital-climate-strike-wp No.known.fix Redirect.to.Malicious.Website.due.to.Compromised.JS.Asset HIGH" "devrix-dark-site 1.1.1 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "drip-feed-content-extended-for-learndash No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "dwnldr 1.01 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "dsgnwrks-twitter-importer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dx-delete-attached-media 2.0.6 Settings.Update.via.CSRF MEDIUM" "domain-sharding No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "delete-old-orders No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "demomentsomtres-classify-on-publish No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "demomentsomtres-classify-on-publish No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "demomentsomtres-classify-on-publish No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "dl-robotstxt No.known.fix Admin+.Stored.XSS LOW" "dazzlersoft-teams No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "debrandify 1.1.3 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "dh-local-seo No.known.fix Unauthenticated.SQL.Injection HIGH" "demomentsomtres-gravity-forms-improvements 201704251008 Reflected.Cross-Site.Scripting MEDIUM" "download-html-tinymce-button No.known.fix Reflected.XSS HIGH" "droip No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Settings.Change MEDIUM" "droip No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "dev-land 3.0.5 Reflected.Cross-Site.Scripting MEDIUM" "demomentsomtres-address No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "demomentsomtres-address No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "docket-cache 24.07.03 Unauthenticated.Local.File.Inclusion CRITICAL" "docket-cache 21.08.02 Reflected.Cross-Site.Scripting HIGH" "digits 8.4.6.1 Auth.Bypass.via.OTP.Bruteforcing CRITICAL" "digits 8.4.2 Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "delivery-drivers-manager 1.1.9 Reflected.Cross-Site.Scripting MEDIUM" "delivery-drivers-manager 1.1.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "debug-functions-time 1.41 Reflected.Cross-Site.Scripting MEDIUM" "digital-river-global-commerce No.known.fix Use.of.Polyfill.io MEDIUM" "dashi 3.1.9 Missing.Authorization MEDIUM" "digipass No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "delicious-recipes 1.7.0 Improper.Path.Validation.to.Authenticated.(Subscriber+).Arbitrary.File.Move.and.Read HIGH" "delicious-recipes 1.6.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "delicious-recipes 1.5.3 Reflected.Cross-Site.Scripting MEDIUM" "delicious-recipes 1.3.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "demo-user-dzs-showcase-your-admin-safely No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "disqus-popular-posts No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dp-alterminator-missing-alt-manager No.known.fix Missing.ALT.manager.<=.1.0.2.-.Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "dse-divi-section-enhancer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "document-data-automation 1.6.2 Cross-Site.Request.Forgery MEDIUM" "double-opt-in-for-download 2.1.0 Authenticated.SQL.Injection CRITICAL" "delete-post-revision No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "database-cleaner 1.0.6 Authenticated.(Admin+).Arbitrary.File.Read MEDIUM" "database-cleaner 0.9.9 Sensitive.Information.Exposure.via.Log.File MEDIUM" "dbox-slider-lite No.known.fix Multiple.Authenticated.SQL.injection HIGH" "dearpdf-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "droit-dark-mode No.known.fix Cross-Site.Request.Forgery MEDIUM" "download-info-page No.known.fix Admin+.Stored.XSS LOW" "download-plugins-dashboard 1.9.2 Reflected.Cross-Site.Scripting MEDIUM" "download-plugins-dashboard 1.8.8 Cross-Site.Request.Forgery MEDIUM" "download-plugins-dashboard 1.8.6 Authenticated.(Admin+).Arbitrary.File.Download MEDIUM" "download-plugins-dashboard 1.6.0 Unauthenticated.Stored.XSS MEDIUM" "data-tables-generator-by-supsystic 1.10.37 Missing.Authorization MEDIUM" "data-tables-generator-by-supsystic 1.10.32 Missing.Authorization MEDIUM" "data-tables-generator-by-supsystic 1.10.20 Admin+.Stored.Cross-Site.Scripting LOW" "data-tables-generator-by-supsystic 1.10.0 Authenticated.SQL.Injection CRITICAL" "data-tables-generator-by-supsystic 1.10.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "data-tables-generator-by-supsystic 1.9.92 Insecure.Permissions.on.AJAX.Actions MEDIUM" "data-tables-generator-by-supsystic 1.9.92 CSRF.to.Stored.XSS,.Data.Table.Creations,.Settings.Modification CRITICAL" "data-tables-generator-by-supsystic 1.9.92 Authenticated.Stored.XSS MEDIUM" "dtabs No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "duplicator 1.5.10 Full.Path.Disclosure MEDIUM" "duplicator 1.5.7.1 Settings.Removal.via.CSRF MEDIUM" "duplicator 1.3.0 Unauthenticated.RCE CRITICAL" "duplicator 1.5.7.1 Unauthenticated.Sensitive.Data.Exposure HIGH" "duplicator 1.4.7 Unauthenticated.Backup.Download HIGH" "duplicator 1.4.7.1 Unauthenticated.System.Information.Disclosure MEDIUM" "duplicator 1.3.28 Unauthenticated.Arbitrary.File.Download HIGH" "duplicator 1.2.42 Unauthenticated.Arbitrary.Code.Execution MEDIUM" "duplicator 1.2.33 Cross-Site.Scripting.(XSS) MEDIUM" "duplicator 1.2.29 Duplicator.<=.1,2,28.–.Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "duitku-social-payment-gateway 2.11.7 Missing.Authorization.via.check_duitku_response MEDIUM" "depicter 3.6.2 Unauthenticated.SQLi.via.'s'.Parameter HIGH" "depicter 3.2.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "depicter 3.5.0 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "depicter 3.5.0 Missing.Authorization MEDIUM" "depicter 3.1.2 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "depicter 3.2.0 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "depicter 3.1.0 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "depicter 3.1.0 Authenticated.(Contributor+).Arbitrary.Nonce.Generation MEDIUM" "depicter 2.0.7 Settings.Update.via.CSRF MEDIUM" "democracy-poll No.known.fix Missing.Authorization MEDIUM" "democracy-poll 5.4 CSRF.&.XSS HIGH" "draw-attention 2.0.16 Improper.Access.Control.via.register_cpt MEDIUM" "draw-attention 2.0.12 Subscriber+.Unauthorized.Featured.Image.Modification MEDIUM" "don8 No.known.fix Admin+.Stored.XSS LOW" "dark-mode-for-wp-dashboard 1.2.4 Cross-Site.Request.Forgery MEDIUM" "denk-internet-solutions 6.0.0 Admin+.Stored.XSS LOW" "dynamically-register-sidebars No.known.fix Admin+.Stored.XSS LOW" "dts-simple-share No.known.fix Admin+.XSS LOW" "dnui-delete-not-used-image-wordpress No.known.fix Deletion.of.images.through.CSRF MEDIUM" "disable-elementor-editor-translation 1.0.3 Missing.Authorization MEDIUM" "debug-info No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "delightful-downloads No.known.fix Unauthenticated.Path.Traversal MEDIUM" "drag-and-drop-custom-sidebar No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "deny-all-firewall 1.1.7 CSRF HIGH" "digitimber-cpanel-integration 1.4.8 Cross-Site.Request.Forgery.to.Stored.Cross-site.Scripting MEDIUM" "duplicate-variations-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "duplicate-variations-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "dynamictags 1.4.1 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "df-draggable No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "devvn-image-hotspot 1.2.6 Authenticated.(Author+).PHP.Object.Injection HIGH" "document-emberdder 1.7.5 Unauthenticated.Arbitrary.Private/Draft.Post.Title.Disclosure MEDIUM" "document-emberdder 1.7.9 Subscriber+.Arbitrary.Private/Draft.Post.Title.Disclosure MEDIUM" "duplicate-page-or-post 1.5.1 Arbitrary.Settings.Update.to.Stored.XSS HIGH" "delivery-and-pickup-scheduling-for-woocommerce 1.0.12 Reflected.Cross-Site.Scripting MEDIUM" "delivery-drivers-for-vendors 1.1.1 Reflected.Cross-Site.Scripting MEDIUM" "delivery-drivers-for-vendors 1.0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "directory-pro 1.9.5 Subscriber+.Privilege.Escalation CRITICAL" "devices No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "devices No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "devices No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "ds-cf7-math-captcha 3.0.1 Reflected.XSS HIGH" "dk-pdf 1.9.7 Reflected.Cross-Site.Scripting MEDIUM" "dreamgrow-scroll-triggered-box No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "dupeoff No.known.fix Admin+.Stored.XSS LOW" "dhvc-form 2.4.8 Unauthenticated.Privilege.Escalation CRITICAL" "dvk-social-sharing 1.3.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "da-reactions 5.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "da-reactions 4.0.4 Reflected.Cross-Site.Scripting MEDIUM" "da-reactions 3.20.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "do-that-task No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "dpt-oauth-client No.known.fix CSRF MEDIUM" "dpt-oauth-client No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "duplicate-wp-page-post 2.8 Admin+.Stored.Cross-Site.Scripting LOW" "duplicate-wp-page-post 2.5.7 SQL.Injections.due.to.Duplicated.Snippets HIGH" "decalog 3.9.1 Authenticated.(Admin+).SQL.injection CRITICAL" "dzs-enable-debug No.known.fix Cross-Site.Request.Forgery MEDIUM" "documentor-lite No.known.fix Unauthenticated.SQLi HIGH" "demomentsomtres-media-tools-auto No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "demomentsomtres-media-tools-auto No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "daves-wordpress-live-search No.known.fix Admin+.Stored.XSS LOW" "dashboard-to-do-list 1.3.0 Missing.Authorization.via.ardtdw_widgetsetup() MEDIUM" "dashboard-to-do-list 1.3.2 Cross-Site.Request.Forgery.via.ardtdw_widgetupdate() MEDIUM" "devoluciones-packback No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "display-widgets 2.7 Backdoored MEDIUM" "dl-yandex-metrika No.known.fix Admin+.Stored.XSS LOW" "dsgvo-youtube 1.5.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dsgvo-youtube 1.4.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "download-media No.known.fix Missing.Authorization.via.generate_link_for_media MEDIUM" "directorist 8.3 Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Publishing MEDIUM" "directorist 8.2 Privilege.Escalation.and.Account.Takeover HIGH" "directorist 8.1 Unauthenticated.User.Information.Exposure MEDIUM" "directorist 7.9.0 Missing.Authorization MEDIUM" "directorist 7.8.5 Missing.Authorization.to.Unauthenticated.Settings.Change MEDIUM" "directorist 7.5.5 Subscriber+.Insecure.Direct.Object.Reference.to.Arbitrary.Post.Deletion MEDIUM" "directorist 7.5.5 Subscriber+.Arbitrary.User.Password.Reset.to.Privilege.Escalation HIGH" "directorist 7.5.4 Admin+.LFI MEDIUM" "directorist 7.4.4 Subscriber+.Sensitive.Information.Disclosure MEDIUM" "directorist 7.4.2.2 Subscriber+.Arbitrary.User.Password.Update.via.IDOR HIGH" "directorist 7.3.1 Unauthenticated.Email.Address.Disclosure MEDIUM" "directorist 7.3.0 Subscriber+.Arbitrary.E-mail.Sending MEDIUM" "directorist 7.2.3 Business.Directory.Plugin.<.7.2.3.-.Admin+.Arbitrary.File.Upload MEDIUM" "directorist 7.0.6.2 CSRF.to.Remote.File.Upload CRITICAL" "distance-rate-shipping-for-woocommerce No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "drag-n-drop-upload-cf7-pro 5.0.6.4 Contact.Form.7.with.Remote.Storage.Integrations.<.5.0.6.4.-.Reflected.Cross-Site.Scripting HIGH" "drag-n-drop-upload-cf7-pro 2.11.1 Contact.Form.7.Standard.<.2.11.1.-.Reflected.Cross-Site.Scripting HIGH" "drag-n-drop-upload-cf7-pro 2.11.0 Contact.Form.7.Standard.<.2.11.0.-.Path.Traversal MEDIUM" "drag-n-drop-upload-cf7-pro 5.0.6.3 Contact.Form.7.with.Remote.Storage.Integrations.<.5.0.6.3.-.Path.Traversal MEDIUM" "defend-wp-firewall 1.1.1 Missing.Authorization MEDIUM" "dreamstime-stock-photos 4.2 Reflected.Cross-Site.Scripting MEDIUM" "duplicate-title-checker No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "donate-me No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "donate-me No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "disqus-conditional-load 11.1.2 Admin+.Stored.Cross-Site.Scripting LOW" "dp-intro-tours 6.5.3 Reflected.Cross-Site.Scripting MEDIUM" "directorypress No.known.fix Cross-Site.Request.Forgery MEDIUM" "directorypress 3.6.20 Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "directorypress 3.6.17 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "directorypress 3.6.11 Contributor+.SQL.Injection HIGH" "directorypress 3.6.8 Reflected.Cross-Site.Scripting HIGH" "disable-user-login 1.3.9 User.Login.Toggle.via.CSRF MEDIUM" "demomentsomtres-mailchimp-immediate-send 3.201704281627 Reflected.Cross-Site.Scripting MEDIUM" "ds-site-message 1.14.5 Stored.XSS.via.CSRF HIGH" "disable-right-click-for-wp No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "download-plugin 2.2.1 Missing.Authorization.to.Authenticated.(Subscriber+).User.Metadata.and.Comment.Download MEDIUM" "download-plugin 2.0.5 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "download-plugin 2.0.0 Subscriber+.Website.Download HIGH" "download-plugin 1.6.1 Subscriber+.Arbitrary.Plugin.Activation MEDIUM" "dyapress No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "domain-theme No.known.fix Cross-Site.Request.Forgery MEDIUM" "dino-game 1.2.0 Contributor+.Stored.XSS MEDIUM" "digital-publications-by-supsystic 1.7.8 Missing.Authorization MEDIUM" "digital-publications-by-supsystic 1.7.8 Cross-Site.Request.Forgery MEDIUM" "digital-publications-by-supsystic 1.7.7 Cross-Site.Request.Forgery.via.AJAX.action MEDIUM" "digital-publications-by-supsystic 1.7.4 Admin+.Stored.Cross-Site.Scripting LOW" "digital-publications-by-supsystic 1.7.0 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "digital-publications-by-supsystic 1.6.12 Authenticated.Path.Traversal LOW" "deal-of-the-day No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "daily-prayer-time-for-mosques 2024.09.14 Authenticated.(Contributor+).SQL.Injection CRITICAL" "daily-prayer-time-for-mosques 2023.10.21 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "daily-prayer-time-for-mosques 2023.05.05 Contributor+.Stored.XSS MEDIUM" "daily-prayer-time-for-mosques 2023.03.18 Settings.Update.via.CSRF MEDIUM" "daily-prayer-time-for-mosques 2022.03.01 Unauthenticated.SQLi HIGH" "daily-prayer-time-for-mosques 2021.08.10 Admin+.Stored.XSS LOW" "debug-log-config-tool 1.5 Unauthenticated.Information.Exposure.via.Logs MEDIUM" "defender-security 4.7.3 Missing.Authorization MEDIUM" "defender-security 4.4.2 IP.Address.Spoofing MEDIUM" "defender-security 4.2.0 Sensitive.Information.Exposure.via.Log.File MEDIUM" "defender-security 4.2.1 Masked.Login.Area.Security.Feature.Bypass MEDIUM" "defender-security 4.1.0 Protection.Bypass.(Hidden.Login.Page) MEDIUM" "defender-security 2.4.6.1 CSRF.Nonce.Bypasses MEDIUM" "daily-image No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dancepress-trwa No.known.fix Cross-Site.Request.Forgery MEDIUM" "dancepress-trwa 3.1.1 Reflected.Cross-Site.Scripting MEDIUM" "dancepress-trwa 2.4.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "datasets-manager-by-arttia-creative No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "donation-button No.known.fix Subscriber+.Broken.Access.Control.leading.to.SMS.Spam MEDIUM" "donation-button No.known.fix Contributor+.Stored.XSS MEDIUM" "drop-in-image-slideshow-gallery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "defa-online-image-protector No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "duplicate-pp 3.5.6 Authenticated.(Contributor+).Post.Disclosure.via.Post.Duplication MEDIUM" "different-shipping-and-billing-address-for-woocommerce 1.6 Unauthenticated.PHP.Object.Injection CRITICAL" "different-shipping-and-billing-address-for-woocommerce 1.5 Unauthenticated.SQL.Injection HIGH" "different-shipping-and-billing-address-for-woocommerce 1.3 Unauthenticated.SQL.Injection HIGH" "dr-affiliate No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "duplica 0.7 Authenticated.(Subscriber+).Missing.Authorization.to.Users/Posts.Duplicates.Creation MEDIUM" "doofinder-for-woocommerce 2.1.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "doofinder-for-woocommerce 2.1.1 Missing.Authorization.via.multiple.AJAX.actions MEDIUM" "doofinder-for-woocommerce 2.1.8 Reflected.Cross-Site.Scripting HIGH" "donation-thermometer 2.1.3 Admin+.Stored.Cross-Site.Scripting LOW" "dark-mode 1.7 Stored.XSS MEDIUM" "dj-email-publish No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dans-gcal 1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "device-detector 4.2.1 Reflected.Cross-Site.Scripting.via.id MEDIUM" "diary-availability-calendar No.known.fix Authenticated.(subscriber+).SQL.Injection HIGH" "delucks-seo No.known.fix Subscriber+.Arbitrary.File.Read MEDIUM" "delucks-seo 2.5.5 Missing.Authorization MEDIUM" "docxpresso No.known.fix Authenticated.(Contributor+).Arbitrary.File.Download MEDIUM" "depay-payments-for-woocommerce 2.12.18 Missing.Authorization.to.Information.Exposure MEDIUM" "different-menus-in-different-pages 2.4.0 Subscriber+.Menu.Duplication MEDIUM" "dropbox-folder-share No.known.fix Unauthenticated.Server-Side.Request.Forgery.via.'link' HIGH" "dropbox-folder-share No.known.fix Unauthenticated.Remote.Code.Execution.via.LFI CRITICAL" "designo No.known.fix Cross-Site.Request.Forgery MEDIUM" "dima-take-action No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "database-audit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dx-sales-crm No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "date-time-picker-field 2.3 Reflected.Cross-Site.Scripting MEDIUM" "date-time-picker-field 2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "dsdownloadlist No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "docpro No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "download-attachments 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "download-attachments 1.3 Contributor+.Stored.XSS MEDIUM" "dimage-360 No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "delete-duplicate-posts 4.9 Missing.Authorization.via.AJAX.Actions MEDIUM" "delete-duplicate-posts 4.8.9 Reflected.Cross-Site.Scripting MEDIUM" "delete-duplicate-posts 4.7.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "delete-duplicate-posts 4.1.9.5 Subscriber+.Arbitrary.Option.Update CRITICAL" "directorypress-frontend 2.8.0 Cross-Site.Request.Forgery.to.Listing.Status.Update MEDIUM" "drivr-google-drive-file-picker No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.8.9 Unauthenticated.PHP.Object.Injection.via.PHAR.to.Arbitrary.File.Deletion HIGH" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.8.8 Unauthenticated.Arbitrary.File.Deletion HIGH" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.8.6 Limited.Arbitrary.File.Deletion MEDIUM" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.7.8 Sensitive.Information.Exposure MEDIUM" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.7.4 Contact.Form.7.<.1.3.7.4.-.Unauthenticated.Arbitrary.File.Upload HIGH" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.6.6 File.Upload.and.File.deletion.via.CSRF MEDIUM" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.6.5 File.Upload.Size.Limit.Bypass MEDIUM" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.6.3 Contact.Form.7.<.1.3.6.3.-.Unauthenticated.Stored.XSS MEDIUM" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.5.5 Unauthenticated.Remote.Code.Execution CRITICAL" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.3.3 Unauthenticated.File.Upload.Bypass CRITICAL" "drm-protected-video-streaming No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "drm-protected-video-streaming No.known.fix Reflected.XSS HIGH" "dextaz-ping No.known.fix Admin+.RCE MEDIUM" "demo-awesome No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Activation MEDIUM" "demo-awesome 1.0.3 Missing.Authorization MEDIUM" "demo-awesome 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "daext-autolinks-manager 1.10.05 CSRF MEDIUM" "database-for-cf7 1.2.5 Subscriber+.CF7.DB.Entries.Deletion MEDIUM" "delete-me 3.1 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "dk-pricr-responsive-pricing-table 5.1.11 Author+.Stored.XSS MEDIUM" "dk-pricr-responsive-pricing-table 5.1.8 Admin+.Stored.Cross-Site.Scriping LOW" "dk-pricr-responsive-pricing-table 5.1.7 Contributor+.Stored.XSS MEDIUM" "demomentsomtres-grid-archive No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "demomentsomtres-grid-archive No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "dn-sitemap-control No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "display-post-metadata 1.5.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "doko-box-builder 1.0.1 Reflected.Cross-Site.Scripting MEDIUM" "disable-update-notifications 2.4.2 Settings.Update.via.CSRF MEDIUM" "down-as-pdf No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dc-woocommerce-multi-vendor 4.2.20 Missing.Authorization.to.Unauthenticated.Table.Rates.Deletion MEDIUM" "dc-woocommerce-multi-vendor 4.2.15 Unauthenticated.Limited.Local.File.Inclusion CRITICAL" "dc-woocommerce-multi-vendor 4.2.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dc-woocommerce-multi-vendor 4.2.5 Cross-Site.Request.Forgery.to.Vendor.Updates MEDIUM" "dc-woocommerce-multi-vendor 4.2.5 Missing.Authorization.to.Forged.Vendor.Profile.Deletion.Email.Sending MEDIUM" "dc-woocommerce-multi-vendor 4.2.1 Missing.Authorization.to.Limited.Vendor.Privilege.Escalation/Account.Takeover CRITICAL" "dc-woocommerce-multi-vendor 4.2.0 Reflected.Cross-Site.Scripting HIGH" "dc-woocommerce-multi-vendor 4.1.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.hover_animation.Parameter MEDIUM" "dc-woocommerce-multi-vendor 4.1.4 Missing.Authorization MEDIUM" "dc-woocommerce-multi-vendor 4.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dc-woocommerce-multi-vendor 4.0.26 Missing.Authorization HIGH" "dc-woocommerce-multi-vendor 4.0.24 Missing.Authorization.via.mvx_save_dashpages HIGH" "dc-woocommerce-multi-vendor 4.0.26 Improper.Authorization.on.REST.Routes.via.'save_settings_permission' HIGH" "dc-woocommerce-multi-vendor 3.8.12 Multiple.Reflected.Cross-Site.Scripting MEDIUM" "dc-woocommerce-multi-vendor 3.8.12 Unauthorised.AJAX.Calls HIGH" "dc-woocommerce-multi-vendor 3.8.12 Unauthenticated.LFI MEDIUM" "dc-woocommerce-multi-vendor 3.8.4 Reflected.Cross-Site.Scripting HIGH" "dc-woocommerce-multi-vendor 3.7.4 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "dc-woocommerce-multi-vendor 3.7.4 Unauthenticated.Arbitrary.Product.Comment MEDIUM" "dc-woocommerce-multi-vendor 3.5.8 Cross-Site.Request.Forgery MEDIUM" "dc-woocommerce-multi-vendor 3.5.8 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "daily-proverb No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "drop-caps No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "display-template-name No.known.fix Cross-Site.Request.Forgery MEDIUM" "dop-shortcodes No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "dsgvo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "divebook No.known.fix Unauthenticated.Reflected.XSS LOW" "divebook No.known.fix Improper.Authorisation.Check MEDIUM" "divebook No.known.fix Unauthenticated.SQL.Injection CRITICAL" "duplicate-theme No.known.fix CSRF MEDIUM" "dms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "display-future-posts No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "domain-mapping-system 1.9.3 Reflected.Cross-Site.Scripting MEDIUM" "domain-mapping-system 1.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "doctor-appointment-booking No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "doctor-appointment-booking No.known.fix Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "dominion-domain-checker-wpbakery-addon No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ds-suit No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "dtracker No.known.fix Unauthorised.Contract.Creation HIGH" "dtracker No.known.fix Multiple.Unauthenticated.Blind.SQL.Injections HIGH" "dx-auto-save-images No.known.fix CSRF MEDIUM" "docollipics-faustball-de 2.1.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "dl-verification No.known.fix Admin+.Stored.XSS LOW" "disable-comments 1.0.4 disable_comments_settings.php.Comment.Status.Manipulation.CSRF HIGH" "dynamic-elementor-addons No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "dental-optimizer-patient-generator-app No.known.fix Reflected.XSS HIGH" "dd-post-carousel 1.4.7 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "dofollow-case-by-case 3.5.0 Email&URLs.Adding.to.Allowlist.via.CSRF MEDIUM" "duplicate-post-and-page No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "duplicate-post-and-page No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "delete-custom-fields No.known.fix Cross-Site.Request.Forgery.to.Post.Meta.Deletion MEDIUM" "drawblog No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "dn-shipping-by-weight 1.2.1 Reflected.Cross-Site.Scripting MEDIUM" "dn-shipping-by-weight 1.2 Settings.Update.via.CSRF MEDIUM" "dobsondev-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "delete-all-comments-of-website 4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "dh-anti-adblocker 37 Anti.AdBlocker.<.37.-.Settings.Update.via.CSRF MEDIUM" "download-now-for-woocommerce 3.5.8.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elastik-page-builder No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "easy-school-registration No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easyazon No.known.fix Reflected.Cross-Site.Scripting.via.easyazon-cloaking-locale MEDIUM" "easyazon 5.1.1 Missing.Authorization.on.AJAX.actions MEDIUM" "echo-knowledge-base 11.31.0 Unauthenticated.PHP.Object.Injection.in.is_article_recently_viewed CRITICAL" "exchange-addon-paypal-pro 1.1.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "ecpay-ecommerce-for-woocommerce 1.1.2502030 Missing.Authorization.to.Authenticated.(Subscriber+).Log.Deletion MEDIUM" "easy-modal 2.1.0 Authenticated.SQL.Injection HIGH" "email-tracker 5.3.9 Reflected.Cross-Site.Scripting MEDIUM" "email-tracker 5.3.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "email-tracker 5.2.6 Reflected.Cross-Site.Scripting HIGH" "email-tracker 5.2.7 Arbitrary.Email.Entry.Deletion.via.CSRF MEDIUM" "extra-product-options-for-woocommerce 3.0.7 Missing.Authorization MEDIUM" "extra-product-options-for-woocommerce 4.2 Shop.manager+.Stored.XSS MEDIUM" "event-tickets-with-ticket-scanner 2.5.4 Arbitrary.Tickets.Deletion.via.CSRF MEDIUM" "event-tickets-with-ticket-scanner 2.4.4 Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "event-tickets-with-ticket-scanner 2.3.12 Authenticated.(Author+).Remote.Code.Execution HIGH" "event-tickets-with-ticket-scanner 2.3.2 Reflected.Cross-Site.Scripting MEDIUM" "event-tickets-with-ticket-scanner 2.3.8 Admin+.Stored.XSS LOW" "ele-blog No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Deactivation.Submission MEDIUM" "ele-blog No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "enable-svg 1.4.0 Author+.Stored.Cross.Site.Scripting.via.SVG MEDIUM" "event-espresso-core-reg 4.10.7.p Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "eexamhall No.known.fix CSRF MEDIUM" "ect-product-carousel No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "exclusive-content-password-protect No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "easy-csv-importer No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "elementskit-lite 3.4.8 Contributor+.Stored.XSS MEDIUM" "elementskit-lite 3.4.1 Unauthenticated.Information.Exposure MEDIUM" "elementskit-lite 3.4.1 Contributor+.Stored.XSS MEDIUM" "elementskit-lite 3.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Comparison.Widget MEDIUM" "elementskit-lite 3.2.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Video.Widget MEDIUM" "elementskit-lite 3.2.1 Unauthenticated.Information.Exposure.via.ekit_widgetarea_content.Function MEDIUM" "elementskit-lite 3.2.0 Missing.Authorization MEDIUM" "elementskit-lite 3.1.3 3.1.2.-.Contributor+.Stored.XSS MEDIUM" "elementskit-lite 3.1.1 Contributor+.Local.File.Inclusion.via.Onepage.Scroll.Module HIGH" "elementskit-lite 3.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Widget MEDIUM" "elementskit-lite 3.0.7 Contributor+.Local.File.Inclusion HIGH" "elementskit-lite 3.0.7 Contributor+.Stored.XSS MEDIUM" "elementskit-lite 3.0.6 Contributor+.Stored.XSS MEDIUM" "elementskit-lite 3.0.5 Contributor+.Stored.XSS MEDIUM" "elementskit-lite 3.0.4 Contributor+.Stored.XSS MEDIUM" "elementskit-lite 3.0.4 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "elementskit-lite 2.9.2 Missing.Authorization MEDIUM" "elementskit-lite 2.2.0 Contributor+.Stored.XSS MEDIUM" "easy-eu-cookie-law No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "expresstechsoftwares-memberpress-discord-add-on 1.1.2 Reflected.Cross-Site.Scripting MEDIUM" "e-shops-cart2 No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "elements-for-lifterlms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "elements-for-lifterlms No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easyfonts 1.1.3 Cross-Site.Request.Forgery MEDIUM" "enteraddons 2.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "enteraddons 2.2.0 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "enteraddons 2.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "enteraddons 2.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Events.Card.Widget MEDIUM" "enteraddons 2.2.0 Contributor+.Stored.XSS MEDIUM" "enteraddons 2.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "enteraddons 2.1.6 Contributor+.Stored.XSS.via.Animation.Title.widget MEDIUM" "enteraddons 2.1.6 Contributor+.Stored.XSS.via.Heading.widget MEDIUM" "easy-svg 3.8 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "easy-svg 3.3.0 Author+.Stored.Cross.Site.Scripting.via.SVG MEDIUM" "epeken-all-kurir No.known.fix .Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "easy-bootstrap-shortcodes No.known.fix Contributor+.Stored.XSS MEDIUM" "easy-accordion-free 2.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-accordion-free 2.2.0 Contributor+.Stored.XSS MEDIUM" "easy-accordion-free 2.0.22 Admin+.Stored.Cross-Site.Scripting LOW" "ehive-objects-image-grid 2.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-form-builder 3.8.9 Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "easy-form-builder 3.7.5 Authenticated.(Contributor+).SQL.Injection CRITICAL" "easy-form-builder 3.4.0 Admin+.Stored.XSS LOW" "en-masse-wp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "etsy-shop 3.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "easy-faqs No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-order-view No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-load-more No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "everest-counter-lite 2.0.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "email-customizer-for-woocommerce-with-drag-drop-builder No.known.fix WooCommerce.Email.Customizer.<=.3.0.34.-.Authenticated.(Subscriber+).Missing.Authorization.to.SQL.Injection MEDIUM" "events-made-easy No.known.fix Subscriber+.SQLi HIGH" "events-made-easy 2.3.17 Subscriber+.Unauthorised.AJAX.Calls MEDIUM" "events-made-easy 2.2.81 Unauthenticated.SQLi HIGH" "events-made-easy 2.2.36 Subscriber+.SQL.Injection HIGH" "events-made-easy 2.2.24 Admin+.Stored.Cross-Site.Scripting LOW" "events-made-easy 1.6.21 CSRF.to.Cross-Site.Scripting.(XSS) HIGH" "events-made-easy 1.5.50 Multi.CSRF.to.Stored.Cross-Site.Scripting.&.Event.Deletion HIGH" "envo-elementor-for-woocommerce 1.4.20 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "envo-elementor-for-woocommerce 1.4.17 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "envo-elementor-for-woocommerce 1.4.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "envo-elementor-for-woocommerce 1.4.5 Arbitrary.Theme.Activation.via.CSRF MEDIUM" "envo-elementor-for-woocommerce 1.4.5 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "envo-elementor-for-woocommerce 1.4.5 Subscriber+.Template.Creation MEDIUM" "embedder No.known.fix 1.3.5.-.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "easy-form-builder-by-bitware No.known.fix Unauthorised.AJAX.calls HIGH" "easy-form-builder-by-bitware No.known.fix Authenticated.Arbitrary.File.Upload CRITICAL" "easy-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "enable-media-replace 4.1.6 Reflected.XSS HIGH" "enable-media-replace 4.1.5 Reflected.Cross-Site.Scripting MEDIUM" "enable-media-replace 4.1.3 Author+.PHP.Object.Injection MEDIUM" "enable-media-replace 4.0.2 Author+.Arbitrary.File.Upload CRITICAL" "enable-media-replace 4.0.0 Admin+.Path.Traversal LOW" "ethereum-wallet 4.10.6 Reflected.Cross-Site.Scripting MEDIUM" "ethereum-wallet 4.0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "exchange-addon-easy-ue-vat-taxes 1.2.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "easy-paypal-events-tickets 1.2.2 Cross-Site.Request.Forgery.to.Arbitrary.Post.Deletion MEDIUM" "easy-paypal-events-tickets 1.1.2 Reflected.Cross-Site.Scripting.via.page.Parameter HIGH" "electric-studio-client-login No.known.fix Admin+.Stored.XSS LOW" "easy-facebook-likebox-premium No.known.fix Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "easy-facebook-likebox-premium 6.2.7 Reflected.Cross-Site.Scripting HIGH" "endless-posts-navigation 2.2.8 Cross-Site.Request.Forgery MEDIUM" "event-geek No.known.fix Stored.Cross-site.Scripting.(XSS) MEDIUM" "enhanced-e-commerce-for-woocommerce-store 7.2.4 Missing.Authorization MEDIUM" "enhanced-e-commerce-for-woocommerce-store 7.1.1 All-in-one.Google.Analytics,.Pixels.and.Product.Feed.Manager.for.WooCommerce.<.7.1.1.-.Reflected.Cross-Site.Scripting MEDIUM" "enhanced-e-commerce-for-woocommerce-store 7.0.0 Reflected.Cross-Site.Scripting MEDIUM" "enhanced-e-commerce-for-woocommerce-store 7.0.8 Subscriber+.SQL.Injection.via.ee_syncProductCategory HIGH" "enhanced-e-commerce-for-woocommerce-store 7.0.8 Subscriber+.SQL.Injection HIGH" "enhanced-e-commerce-for-woocommerce-store 6.5.4 Reflected.XSS HIGH" "enhanced-e-commerce-for-woocommerce-store 5.2.4 Settings.Update.via.CSRF MEDIUM" "enhanced-e-commerce-for-woocommerce-store 4.6.2 Subscriber+.SQL.Injection HIGH" "easy-media-download 1.1.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "easy-media-download 1.1.5 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "events-calendar-pro 7.0.2.1 Authenticated.(Administrator+).PHP.Object.Injection.to.Remote.Code.Execution CRITICAL" "events-calendar-pro 6.4.0.1 Contributor+.Arbitrary.Events.Access LOW" "exportfeed-for-woocommerce-google-product-feed No.known.fix Admin+.SQLi MEDIUM" "embed-swagger-ui No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "eelv-newsletter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "eelv-newsletter No.known.fix Cross-Site.Request.Forgery MEDIUM" "eelv-newsletter 4.6.1 CSRF.&.XSS HIGH" "elemenda No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "enweby-variation-swatches-for-woocommerce 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "events-planner No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "e-unlocked-student-result No.known.fix Student.Result.<=.1.0.4.-.Arbitrary.File.Upload.via.CSRF HIGH" "embed-form 1.3.2 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "exportfeed-for-woocommerce-product-to-etsy 5.2.0 Reflected.Cross-Site.Scripting MEDIUM" "exportfeed-for-woocommerce-product-to-etsy 3.3.2 CSRF.Bypass MEDIUM" "exportfeed-for-woocommerce-product-to-etsy 3.3.2 Cross-Site.Request.Forgery MEDIUM" "emailshroud No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "export-customers-data 1.2.4 Reflected.Cross-Site.Scripting MEDIUM" "everse-starter-sites 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "everse-starter-sites 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ect-homepage-products No.known.fix Reflected.XSS HIGH" "easy-popups 1.5.1 Reflected.Cross-Site.Scripting MEDIUM" "edd-tab-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "edd-tab-manager 1.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "edd-tab-manager 1.3.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "easy-elementor-addons 2.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-elementor-addons 2.1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easily-generate-rest-api-url No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "edunext-openedx-integrator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "embed-extended No.known.fix Cross-Site.Request.Forgery MEDIUM" "easy-custom-admin-bar No.known.fix Reflected.Cross-Site.Scripting.via.msg.Parameter MEDIUM" "edit-comments-xt No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ebook-downloader No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ebook-downloader No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ebook-downloader No.known.fix Unauthenticated.SQL.Injection HIGH" "elex-helpdesk-customer-support-ticket-system 3.2.7 Missing.Authorization.to.Authenticated.(Subscriber+).Privilege.Escalation HIGH" "easy-pie-coming-soon 1.0.7.4 Admin+.Stored.XSS LOW" "email-template-customizer-for-woo 1.2.9.2 Shop.manager+.Stored.XSS LOW" "external-image-replace No.known.fix Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "external-image-replace No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "export-all-urls 4.6 Reflected.XSS HIGH" "export-all-urls 4.2 Editor+.Stored.XSS MEDIUM" "export-all-urls 4.4 Admin+.Arbitrary.System.File.Removal MEDIUM" "export-all-urls 4.2 Editor+.Stored.Cross-Site.Scripting LOW" "export-all-urls 4.2 Reflected.Cross-Site.Scripting MEDIUM" "export-all-urls 4.3 Private/Draft.Post/Page.Title.Disclosure.via.CSRF MEDIUM" "explara-events No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "envialosimple-email-marketing-y-newsletters-gratis 2.3 Reflected.Cross-Site.Scripting MEDIUM" "envialosimple-email-marketing-y-newsletters-gratis 2.4 Arbitrary.File.Upload.via.CSRF HIGH" "envialosimple-email-marketing-y-newsletters-gratis 2.2 EnvíaloSimple.<.2,2.Unauthenticated.PHP.Object.Injection MEDIUM" "envialosimple-email-marketing-y-newsletters-gratis 2.3 API.Key.Update.via.CSRF MEDIUM" "easy-slider-revolution 1.1.0 Author+.Stored.XSS MEDIUM" "external-media-upload 0.5 Reflected.Cross-Site.Scripting MEDIUM" "everest-forms 3.1.2 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "everest-forms 3.1.2 Unauthenticated.PHP.Object.Injection HIGH" "everest-forms 3.1.2 Reflected.Cross-Site.Scripting MEDIUM" "everest-forms 3.0.9.5 Unauthenticated.Arbitrary.File.Upload,.Read,.and.Deletion CRITICAL" "everest-forms 3.0.8.1 Admin+.Stored.XSS LOW" "everest-forms 3.0.4.2 Admin+.Stored.XSS LOW" "everest-forms 3.0.3.1 Admin+.Stored.XSS LOW" "everest-forms 2.0.8 Unauthenticated.Server-Side.Request.Forgery.via.font_url HIGH" "everest-forms 2.0.5 Admin+.Stored.XSS LOW" "everest-forms 1.8.0 Reflected.Cross-Site.Scripting MEDIUM" "everest-forms 1.5.0 SQL.Injection CRITICAL" "event-espresso-decaf 5.0.31.decaf Cross-Site.Request.Forgery MEDIUM" "event-espresso-decaf 5.0.22.decaf Authenticated.(Subscriber+).Missing.Authorization.to.Limited.Plugin.Settings.Modification MEDIUM" "event-espresso-decaf 4.10.12 Cross-Site.Request.Forgery MEDIUM" "event-espresso-decaf 4.10.14 CSRF.Bypass MEDIUM" "embed-docs 3.0.0 Reflected.Cross-Site.Scripting MEDIUM" "easy-table-of-contents 2.0.68 Editor+.Stored.XSS LOW" "easy-table-of-contents 2.0.67.1 Editor+.Stored.XSS LOW" "easy-table-of-contents 2.0.66 Admin+.Stored.XSS LOW" "easy-svg-image-allow No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "ean-for-woocommerce 5.4.0 Missing.Authorization MEDIUM" "ean-for-woocommerce 4.9.0 Authenticated.(Shop.Manager+).Arbitrary.Options.Update MEDIUM" "ean-for-woocommerce 4.9.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.alg_wc_ean_product_meta.Shortcode MEDIUM" "ean-for-woocommerce 4.9.3 Insecure.Direct.Object.Reference.to.Sensitve.Information.Exposure.via.Shortcode MEDIUM" "ean-for-woocommerce 4.4.3 Contributor+.Stored.XSS MEDIUM" "erp 1.14.0 Missing.Authorization MEDIUM" "erp 1.13.4 Custom+.Unauthorized.Access.to.Terminated.Employee.Information MEDIUM" "erp 1.13.4 Admin+.Stored.XSS LOW" "erp 1.13.3 Reflected.Cross-Site.Scripting MEDIUM" "erp 1.13.1 Authenticated.(Accounting.Manager+).SQL.Injection.via.vendor_id HIGH" "erp 1.13.2 Authenticated.(AccountingManager+).SQL.Injection HIGH" "erp No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "erp 1.30.0 Authenticated.(Accounting.Manager+).SQL.Injection.via.id HIGH" "erp No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "erp No.known.fix Authenticated.(AccountingManager+).SQL.Injection HIGH" "erp No.known.fix Authenticated.(Accounting.Manager+).SQL.Injection HIGH" "erp 1.12.9 Authenticated.(Accounting.manager+).SQL.Injection HIGH" "erp 1.12.7 Missing.Authorization.via.admin.notice.dismissal MEDIUM" "erp 1.12.4 Reflected.Cross-Site.Scripting HIGH" "erp 1.12.4 Admin+.SQL.Injection MEDIUM" "erp 1.7.5 CSRF.Nonce.Bypasses MEDIUM" "erp 1.6.4 Cross-Site.Request.Forgery MEDIUM" "erp 1.6.4 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "export-users-to-csv No.known.fix CSV.Injection HIGH" "elex-woocommerce-google-product-feed-plugin-basic 1.2.4 Reflected.Cross-Site.Scripting.(XSS) HIGH" "easy-slideshow No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-slideshow No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "email-subscribers 5.7.50 Admin+.Stored.XSS.in.Template LOW" "email-subscribers 5.7.52 Admin+.Stored.XSS LOW" "email-subscribers 5.7.45 Admin+.Stored.XSS LOW" "email-subscribers 5.7.45 Admin+.Stored.XSS LOW" "email-subscribers 5.7.45 Admin+.Stored.XSS LOW" "email-subscribers 5.7.45 Admin+.Stored.XSS LOW" "email-subscribers 5.7.44 Admin+.SQL.Injection MEDIUM" "email-subscribers 5.7.35 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "email-subscribers 5.7.35 Missing.Authorization.to.Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "email-subscribers 5.7.27 Email.Subscribers,.Newsletters.and.Marketing.Automation.Plugin.<.5.7.27.-.Missing.Authorization MEDIUM" "email-subscribers 5.7.26 Unauthenticated.SQL.Injection.via.unsubscribe CRITICAL" "email-subscribers 5.7.24 Email.Subscribers,.Newsletters.and.Marketing.Automation.Plugin.<.5.7.24.-.Unauthenticated.SQL.Injection.via.optin CRITICAL" "email-subscribers 5.7.23 Authenticated.(Subscriber+).SQL.Injection.Vulnerability.via.options[list_id] HIGH" "email-subscribers 5.7.21 Unauthenticated.SQL.Injection.via.hash CRITICAL" "email-subscribers 5.7.18 Missing.Authorization MEDIUM" "email-subscribers 5.7.20 Missing.Authorization.in.handle_ajax_request HIGH" "email-subscribers 5.7.15 Email.Subscribers,.Newsletters.and.Marketing.Automation.Plugin.<.5.7.15.-.Unauthenticated.SQL.Injection CRITICAL" "email-subscribers 5.7.16 Authenticated.(Administrator+).Cross-Site.Scripting.via.CSV.import MEDIUM" "email-subscribers 5.7.14 Missing.Authorization MEDIUM" "email-subscribers 5.7.12 Reflected.Cross-Site.Scripting.via.campaign_id MEDIUM" "email-subscribers 5.6.24 .Admin+.Directory.Traversal CRITICAL" "email-subscribers 5.5.3 Improper.Neutralization.of.Formula.Elements.in.a.CSV.File MEDIUM" "email-subscribers 5.5.1 Subscriber+.SQLi HIGH" "email-subscribers 5.3.2 Unauthenticated.arbitrary.option.update HIGH" "email-subscribers 5.3.2 Subscriber+.Blind.SQL.injection HIGH" "email-subscribers 4.5.6 Unauthenticated.email.forgery/spoofing HIGH" "email-subscribers 4.5.1 Authenticated.SQL.injection.in.es_newsletters_settings_callback() MEDIUM" "email-subscribers 4.5.1 Cross-site.Request.Forgery.in.send_test_email() LOW" "email-subscribers 4.3.1 Unauthenticated.Blind.SQL.Injection CRITICAL" "email-subscribers 4.2.3 Multiple.Issues HIGH" "email-subscribers 4.1.8 SQL.Injection HIGH" "email-subscribers 4.1.7 Cross-Site.Scripting.(XSS) CRITICAL" "email-subscribers 3.5.0 Cross-Site.Scripting.(XSS) MEDIUM" "email-subscribers 3.4.8 Unauthenticated.Subscriber.Download HIGH" "email-subscribers 2.9.1 Multiple.XSS.&.SQLi MEDIUM" "exclusive-divi No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "email-my-posts No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "expert-invoice No.known.fix Expert.Invoice.<=.1,0,2.-Admin+.Stored.XSS LOW" "elevio No.known.fix Cross-Site.Request.Forgery MEDIUM" "edd-google-sheet-connector-pro 1.4 Access.Code.Update.via.CSRF MEDIUM" "extra-options-favicons No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "essential-blocks-pro 1.1.1 Unauthenticated.Object.Injection HIGH" "essential-blocks-pro 1.1.1 Unauthenticated.PHP.Object.Injection.via.queries HIGH" "essential-blocks-pro 1.1.1 Unauthenticated.PHP.Object.Injection.via.products HIGH" "easy-panorama 1.1.5 Admin+.Stored.XSS LOW" "eventon-lite 2.4.1 Unauthenticated.Local.File.Inclusion CRITICAL" "eventon-lite No.known.fix Contributor+.Local.File.Inclusion HIGH" "eventon-lite 2.2.17 Admin+.Stored.XSS LOW" "eventon-lite 2.2.16 Missing.Authorization.to.Unauthenticated.Stored.Cross-Site.Scripting.and.Plugin.Settings.Updates HIGH" "eventon-lite 2.2.15 Admin+.Stored.Cross-Site.Scripting.via.event.subtitle LOW" "eventon-lite 2.2.15 Admin+.Stored.XSS LOW" "eventon-lite 2.2.8 Unauthenticated.Arbitrary.Post.Metadata.Update HIGH" "eventon-lite 2.2.8 Reflected.XSS HIGH" "eventon-lite 2.2.8 Unauthenticated.Virtual.Event.Password.Disclosure MEDIUM" "eventon-lite 2.2.9 Unauthenticated.Virtual.Event.Settings.Update MEDIUM" "eventon-lite 2.2.8 Unauthenticated.Email.Address.Disclosure MEDIUM" "eventon-lite 2.2.7 Admin+.Stored.Cross-Site.Scripting LOW" "eventon-lite 2.2 Admin.+.Stored.HTML.Injection LOW" "eventon-lite 2.2.3 Reflected.Cross.Site.Scripting HIGH" "eventon-lite 2.2 Admin+.Stored.XSS LOW" "eventon-lite 2.1.2 Unauthenticated.Post.Access.via.IDOR HIGH" "eventon-lite 2.1.2 Unauthenticated.Event.Access HIGH" "essential-widgets 1.9 Unauthorised.Plugin's.Setting.Change MEDIUM" "ethpress 2.1.1 Reflected.Cross-Site.Scripting MEDIUM" "ethpress 1.5.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "enable-accessibility No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "enable-accessibility 1.4.1 CSRF MEDIUM" "exclusive-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-call-now-button No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-call-now-button No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "eventon 4.7 WordPress.Virtual.Event.Calendar.Plugin.<.4.7.-.Cross-Site.Request.Forgery.via.admin_test_email MEDIUM" "essential-wp-real-estate No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "essential-wp-real-estate No.known.fix Reflected.XSS HIGH" "essential-wp-real-estate No.known.fix Unauthenticated.Arbitrary.Post/Page.Deletion HIGH" "et-core-plugin No.known.fix Unauthenticated.SQL.Injection CRITICAL" "et-core-plugin No.known.fix Missing.Authorization MEDIUM" "et-core-plugin No.known.fix Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "et-core-plugin No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "et-core-plugin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "et-core-plugin No.known.fix Authenticated.(Subscriber+).Limited.Arbitrary.File.Upload CRITICAL" "et-core-plugin No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "et-core-plugin No.known.fix Authenticated.(Subscriber+).Limited.Arbitrary.File.Download MEDIUM" "embed-power-bi No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "essential-breadcrumbs No.known.fix Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "essential-breadcrumbs No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "easy-social-icons 3.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "easy-social-icons 3.2.5 Missing.Authorization.via.cnss_save_ajax_order MEDIUM" "easy-social-icons 3.2.1 Admin+.Stored.Cross-Site.Scripting.in.add.icon LOW" "easy-social-icons 3.2.1 Unauthenticated.Arbitrary.Icon.Deletion MEDIUM" "easy-social-icons 3.2.0 Admin+.Stored.Cross-Site.Scripting LOW" "easy-social-icons 3.1.4 Admin+.SQL.Injection MEDIUM" "easy-social-icons 3.1.3 Reflected.Cross-Site.Scripting HIGH" "easy-social-icons 3.0.9 Reflected.Cross-Site.Scripting HIGH" "easy-demo-importer 1.1.3 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "easyjobs 2.4.15 Reflected.Cross-Site.Scripting MEDIUM" "easyjobs 2.4.7 Subscriber+.Arbitrary.Settings.Update MEDIUM" "easyjobs 1.4.8 Reflected.Cross-Site.Scripting MEDIUM" "event-post 5.10.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "event-post 5.9.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "event-post 5.9.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "event-post 5.9.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "event-post 5.9.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.events_cal.Shortcode MEDIUM" "event-post 5.9.11 Post.Metadata.Update.via.CSRF MEDIUM" "event-post 5.9.6 Unauthenticated.Local.File.Inclusion CRITICAL" "event-post 5.9.5 Missing.Authorization MEDIUM" "event-post 5.9.1 Contributor+.Stored.XSS MEDIUM" "everest-review-lite No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "envato-affiliater No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-sticky-sidebar 1.5.9 Unauthenticated.AJAX.Actions.Call MEDIUM" "email-obfuscate-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "estatik-mortgage-calculator No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "estatik-mortgage-calculator 2.0.12 Reflected.Cross-Site.Scripting MEDIUM" "estatik-mortgage-calculator No.known.fix Reflected.XSS HIGH" "estatik-mortgage-calculator No.known.fix Reflected.XSS HIGH" "erocket 1.2.5 Admin+.Stored.XSS LOW" "error-log-viewer 1.1.3 Directory.Listing.to.Sensitive.Data.Exposure LOW" "error-log-viewer 1.1.2 Arbitrary.Text.File.Deletion.via.CSRF LOW" "error-log-viewer 1.1.2 Admin+.Arbitrary.File.Clearing MEDIUM" "error-log-viewer 1.0.6 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "ecwid-shopping-cart 7.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ecwid-shopping-cart 6.12.28 Cross-Site.Request.Forgery.to.Send.Deactivation.Message MEDIUM" "ecwid-shopping-cart 6.12.11 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "ecwid-shopping-cart 6.12.5 Cross-Site.Request.Forgery MEDIUM" "ecwid-shopping-cart 6.12.5 Arbitrary.Plugin.Settings.Change.via.CSRF MEDIUM" "ecwid-shopping-cart 6.12.4 Missing.Authorization.on.multiple.functions MEDIUM" "ecwid-shopping-cart 6.11.5 Contributor+.Stored.Cross-Site.Scriping MEDIUM" "ecwid-shopping-cart 6.11.4 Import.via.CSRF MEDIUM" "ecwid-shopping-cart 6.10.24 Settings.Update.via.CSRF MEDIUM" "ecwid-shopping-cart 6.10.23 Insufficient.Access.Control MEDIUM" "extensions-for-cf7 3.2.1 Authenticated.(Admin+).Sever-Side.Request.Forgery LOW" "extensions-for-cf7 3.0.7 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "extensions-for-cf7 2.0.9 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "email-header-footer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "email-header-footer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-real-estate No.known.fix Privilege.Escalation CRITICAL" "easy-real-estate No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "ebook-store 5.8002 Reflected.Cross-Site.Scripting MEDIUM" "ebook-store 5.8002 Reflected.Cross-Site.Scripting.via.'step' MEDIUM" "ebook-store 5.8002 Unauthenticated.Full.Path.Disclosure MEDIUM" "ebook-store 5.8002 Admin+.Stored.XSS LOW" "ebook-store 5.785 Reflected.XSS HIGH" "ebook-store 5.78 Unauthenticated.Sensitive.Data.Disclose MEDIUM" "ebook-store 5.78 Admin+.Stored.XSS LOW" "eg-attachments No.known.fix Reflected.XSS HIGH" "easy-twitter-feeds No.known.fix Authenticated.(Contributor+).Post.Exposure MEDIUM" "easy-twitter-feeds 1.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "enhanced-catalog-images-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "enhanced-catalog-images-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "enhanced-catalog-images-for-woocommerce No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "easy-ad-manager No.known.fix Admin+.Stored.XSS LOW" "easy-tweet-embed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "e2pdf 1.25.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "e2pdf 1.23.00 Missing.Authorization MEDIUM" "e2pdf 1.23.00 Cross-Site.Request.Forgery MEDIUM" "e2pdf 1.20.24 Authenticated(Administrator+).SQL.Injection MEDIUM" "e2pdf 1.20.26 Admin+.Arbitrary.File.Upload HIGH" "e2pdf 1.20.19 Authenticated.(Administrator+).PHP.Object.Injection HIGH" "e2pdf 1.20.20 Admin+.Stored.Cross-Site.Scriping LOW" "e2pdf 1.16.45 Admin+.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "educare 1.4.7 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "educare 1.4.4 Students.&.Result.Management.System.<.1.4.4.-.Cross-Site.Request.Forgery.(CSRF) MEDIUM" "easy-youtube-gallery 1.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "error-log-monitor 1.7.7 Reflected.Cross-Site.Scripting MEDIUM" "error-log-monitor 1.7.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "error-log-monitor 1.6.5 Subscriber+.Arbitrary.Option.Update CRITICAL" "easy-student-results No.known.fix Sensitive.Information.Disclosure.via.REST.API LOW" "easy-student-results No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-bet No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-charts 1.2.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy2map-photos 1.1.0 SQL.Injection CRITICAL" "expand-maker No.known.fix Cross-Site.Request.Forgery.to.Local.File.Inclusion HIGH" "expand-maker 3.4.3 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.'Read.More'.Post.Deletion MEDIUM" "expand-maker 3.2.7 Admin+.PHP.Object.Injection LOW" "essential-blocks 5.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "essential-blocks 5.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "essential-blocks 4.8.4 Missing.Authorization MEDIUM" "essential-blocks 5.1.1 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "essential-blocks 4.9.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "essential-blocks 4.7.0 Contributor+.Stored.XSS MEDIUM" "essential-blocks 4.5.13 Contributor+.Stored.XSS MEDIUM" "essential-blocks 4.5.10 Contributor+.DOM-Based.XSS.via.Social.Icons.Block MEDIUM" "essential-blocks 4.5.4 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "essential-blocks 4.4.10 Missing.Authorization MEDIUM" "essential-blocks 4.5.4 Contributor+.Stored.XSS MEDIUM" "essential-blocks 4.5.2 Contributor+.Stored.XSS MEDIUM" "essential-blocks 4.4.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "essential-blocks 4.2.1 Subscriber+.Unauthorised.Actions MEDIUM" "essential-blocks 4.2.1 Contributor+.Unauthorised.Actions LOW" "essential-blocks 4.4.3 Unauthenticated.Local.File.Inclusion CRITICAL" "essential-blocks 4.2.1 Missing.Authorization.via.AJAX.actions MEDIUM" "essential-blocks 4.2.1 Unauthenticated.Object.Injection HIGH" "essential-blocks 4.2.1 Unauthenticated.PHP.Object.Injection.via.queries HIGH" "essential-blocks 4.2.1 Unauthenticated.PHP.Object.Injection.via.products HIGH" "essential-blocks 4.0.7 Multiple.Functions.Missing.Authorization.Checks MEDIUM" "events-addon-for-elementor 2.2.4 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "events-addon-for-elementor 2.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "events-addon-for-elementor 2.2.1 Contributor+.Stored.XSS MEDIUM" "events-addon-for-elementor 2.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "events-addon-for-elementor 2.1.3 Missing.Authorization MEDIUM" "events-addon-for-elementor 2.1.3 Cross-Site.Request.Forgery MEDIUM" "events-addon-for-elementor 2.0.3 Reflected.Cross-Site.Scripting MEDIUM" "events-addon-for-elementor 1.9.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-filter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "elisqlreports 5.25.10 Cross-Site.Request.Forgery MEDIUM" "elisqlreports 5.25.10 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "elisqlreports 5.25.10 5.25.08.-.Cross-Site.Request.Forgery.to.Remote.Code.Execution HIGH" "elisqlreports 5.25.08 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-pixels-by-jevnet No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "easy-tynt No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "easy-captcha No.known.fix Missing.Authorization MEDIUM" "easy-captcha No.known.fix Reflected.Cross-Site.Scripting HIGH" "events-widgets-for-elementor-and-the-events-calendar 1.5 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "ever-compare 1.2.4 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "exmage-wp-image-links 1.0.7 Admin+.Blind.SSRF LOW" "examapp No.known.fix Authenticated.SQL.Injection./.Cross-Site.Scripting HIGH" "eelv-redirection 1.5.1 Cross-Site.Request.Forgery.to.Arbitrary.Site.Redirect MEDIUM" "emoji-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-wp-smtp 2.3.1 Exposure.of.Sensitive.Information.via.the.UI LOW" "easy-wp-smtp 1.5.2 Admin+.Arbitrary.File.Access MEDIUM" "easy-wp-smtp 1.5.2 Admin+.Arbitrary.File.Deletion MEDIUM" "easy-wp-smtp 1.5.2 Admin+.RCE MEDIUM" "easy-wp-smtp 1.5.0 Admin+.PHP.Objection.Injection MEDIUM" "easy-wp-smtp 1.4.3 Debug.Log.Disclosure HIGH" "easy-wp-smtp 1.3.9.1 Unauthenticated.Arbitrary.wp_options.Import MEDIUM" "events-calendar-for-google 3.0.0 Contributor+.Local.File.Inclusion HIGH" "etruel-del-post-copies 6.0 Missing.Authorization MEDIUM" "easy-page-transition No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "easy-menu-manager-wpzest No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "easy-hide-login 1.0.8 Admin+.Stored.XSS LOW" "easy-hide-login 1.0.9 Arbitrary.settings.update.via.CSRF MEDIUM" "easy-marijuana-age-verify 1.5.2 Reflected.Cross-Site.Scripting MEDIUM" "easy-marijuana-age-verify 1.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "embedpress 4.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'provider_name' MEDIUM" "embedpress 4.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "embedpress 4.0.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "embedpress 4.0.10 Unauthenticated.Local.File.Inclusion CRITICAL" "embedpress 4.0.5 Missing.Authorization MEDIUM" "embedpress 3.9.11 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.PDF.Widget.URL MEDIUM" "embedpress 4.0.2 .Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.EmbedPress.PDF.Widget MEDIUM" "embedpress 3.9.13 Contributor+.PDF.Block.Embedding LOW" "embedpress 3.9.17 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "embedpress 3.9.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "embedpress 3.9.12 Missing.Authorization MEDIUM" "embedpress 3.9.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Youtube.Block MEDIUM" "embedpress 3.9.9 Missing.Authorization.via.handle_calendly_data MEDIUM" "embedpress 3.9.13 Authenticated.(Contributor+).Stored.Cross-site.Scripting.via.'embedpress_doc_custom_color' MEDIUM" "embedpress 3.9.13 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Widget.Attribute MEDIUM" "embedpress 3.9.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Wistia.Block MEDIUM" "embedpress 3.9.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.EmbedPress.PDF.Widget MEDIUM" "embedpress 3.9.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "embedpress 3.9.9 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Google.Calendar.Widget.Link MEDIUM" "embedpress 3.9.6 Contributor+.Stored.XSS MEDIUM" "embedpress 3.9.5 Missing.Authorization MEDIUM" "embedpress 3.9.2 Reflected.XSS MEDIUM" "embedpress 3.9.2 Reflected.XSS HIGH" "embedpress 3.8.4 Cross-Site.Request.Forgery MEDIUM" "embedpress 3.8.3 Subscriber+.Plugin.Settings.Delete MEDIUM" "embedpress 3.8.3 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "embedpress 2.0.3 Reflected.Cross-Site.Scripting MEDIUM" "embedpress 3.8.0 Sensitive.Data.Disclosure MEDIUM" "envato-elements 2.0.15 Author+.Server-Side.Request.Forgery MEDIUM" "envato-elements 2.0.11 Contributor+.Arbitrary.File.Upload HIGH" "easylogo No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "event-list 0.8.8 Admin+.Stored.Cross-Site.Scripting LOW" "event-list 0.7.10 XSS MEDIUM" "event-list 0.7.9 Authenticated.SQL.Injection HIGH" "easy-query No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "events-manager-pro-extended No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "extra-privacy-for-elementor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "exit-notifier 1.10.6 Reflected.Cross-Site.Scripting MEDIUM" "envira-gallery-lite 1.8.16 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "envira-gallery-lite 1.8.15 Missing.Authorization MEDIUM" "envira-gallery-lite 1.8.15 Author+.Stored.XSS MEDIUM" "envira-gallery-lite 1.8.8 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "envira-gallery-lite 1.8.7.3 Missing.Authorization.to.Gallery.Modification.via.envira_gallery_insert_images MEDIUM" "envira-gallery-lite 1.8.4.7 Reflected.Cross-Site.Scripting MEDIUM" "envira-gallery-lite 1.8.3.3 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "envira-gallery-lite 1.7.7 Authenticated.Stored.Cross-Site.Scripting.(XSS).Issue MEDIUM" "extensions-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "extensions-for-elementor No.known.fix Reflected.Cross-Site.Scripting HIGH" "extensions-for-elementor 2.0.32 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "extensions-for-elementor 2.0.33 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.EE.Events.and.EE.Flipbox.Widget MEDIUM" "extensions-for-elementor 2.0.31 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.url.Parameter MEDIUM" "easy-login-woocommerce 2.8.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.xoo_el_action.Shortcode MEDIUM" "easy-login-woocommerce 2.7.3 2.7.2.-.Missing.Authorization.to.Arbitrary.Options.Exposure MEDIUM" "easy-login-woocommerce 2.7.3 Missing.Authorization.to.Arbitrary.Options.Update HIGH" "easy-login-woocommerce 2.4 Settings.Reset.via.CSRF MEDIUM" "easy-login-woocommerce 2.3 Various.Versions.CSRF.to.Arbitrary.Options.Update HIGH" "easy-login-woocommerce 2.2 Reflected.Cross-Site.Scripting HIGH" "easy-login-woocommerce 1.5 Authenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "elex-request-a-quote No.known.fix Missing.Authorization MEDIUM" "external-url-as-post-featured-image-thumbnail 2.03 Reflected.Cross-Site.Scripting MEDIUM" "easy-media-gallery-pro 1.3.0 CSRF.&.Cross-Site.Scripting.(XSS) MEDIUM" "easy-child-theme-creator No.known.fix Cross-Site.Request.Forgery MEDIUM" "eventer 3.9.9.3 Subscriber+.SQLi HIGH" "eventer 3.9.9 Reflected.Cross-Site.Scripting MEDIUM" "eventer 3.9.9.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "eventer 3.9.9.5.1 Missing.Authorization.to.Unauthenticated.Event.Ticket.Download MEDIUM" "eventer 3.9.9.1 Missing.Authorization.to.Authenticated.(Subscriber+).Bookings.Export MEDIUM" "eventer 3.9.9 Unauthenticated.SQL.Injection.via.eventer_get_attendees HIGH" "eventer 3.9.8 Authenticated.(Subscriber+).Arbitrary.File.Read MEDIUM" "easy-social-share-buttons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "editorial-calendar 3.8.3 Contributor+.Stored.XSS MEDIUM" "ezplayer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-admin-menu No.known.fix Admin+.Stored.XSS LOW" "easy-post-duplicator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-post-duplicator No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "easy-schema-structured-data-rich-snippets 2.3.0 Reflected.Cross-Site.Scripting MEDIUM" "external-videos No.known.fix Admin+.Stored.XSS LOW" "easy-pdf-restaurant-menu-upload 1.2 XSS MEDIUM" "essential-real-estate 5.2.1 Unauthenticated.Local.File.Inclusion CRITICAL" "essential-real-estate 5.1.9 Cross-Site.Request.Forgery MEDIUM" "essential-real-estate 5.1.7 Missing.Authorization.to.Authenticated.(Contributor+).Information.Exposure MEDIUM" "essential-real-estate 4.4.5 Insecure.Direct.Object.Reference.to.Arbitrary.Attachment.Deletion MEDIUM" "essential-real-estate 4.4.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "essential-real-estate 4.4.0 Subscriber+.Stored.XSS HIGH" "essential-real-estate 4.4.0 Subscriber+.Denial.of.Service.via.Arbitrary.Option.Update HIGH" "essential-real-estate 4.4.0 Subscriber+.Arbitrary.File.Upload CRITICAL" "essential-real-estate 4.4.0 Subscriber+.Arbitrary.File.Upload HIGH" "essential-real-estate 3.9.6 Reflected.Cross-Site-Scripting MEDIUM" "easy-accordion-block 1.2.5 Missing.Authorization MEDIUM" "events-calendar-registration-booking-by-events-plus No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-video-player 1.2.2.11 Contributor+.Stored.XSS MEDIUM" "easy-video-player 1.2.2.3 Contributor+.Stored.XSS MEDIUM" "ez-form-calculator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "embedded-cdn 1.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "e-search No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "elements-plus 2.16.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elements-plus 2.16.3 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.widget.links MEDIUM" "elex-woocommerce-dynamic-pricing-and-discounts 2.1.8 Missing.Authorization MEDIUM" "elex-woocommerce-dynamic-pricing-and-discounts 2.1.3 Cross-Site.Request.Forgery MEDIUM" "elex-woocommerce-dynamic-pricing-and-discounts 2.1.3 Cross-Site.Request.Forgery MEDIUM" "elex-woocommerce-dynamic-pricing-and-discounts 2.1.3 Reflected.Cross-Site.Scripting MEDIUM" "exertio-framework 1.3.2 Unauthenticated.Arbitrary.User.Password.Update HIGH" "elo-rating-shortcode 1.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "event-tickets 5.20.1 Reflected.Cross-Site.Scripting MEDIUM" "event-tickets 5.19.1.2 Missing.Authorization.to.Ticket.Deletion MEDIUM" "event-tickets 5.18.1.1 Insecure.Direct.Object.Reference.to.Sensitive.Information.Exposure MEDIUM" "event-tickets 5.11.0.5 Cross-Site.Request.Forgery MEDIUM" "event-tickets 5.8.3 Improper.Authorization.to.Information.Disclosure MEDIUM" "event-tickets 5.8.2 Missing.Authorization MEDIUM" "event-tickets 5.8.1 Contributor+.Arbitrary.Events.Access LOW" "event-tickets 5.6.0 Reflected.Cross-Site.Scripting MEDIUM" "event-tickets 5.3.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "event-tickets 5.2.2 Open.Redirect MEDIUM" "event-tickets 4.10.7.2 CSV.Injection HIGH" "easy-event-calendar No.known.fix Admin+.Stored.XSS LOW" "easy-zillow-reviews 1.6.2 Reflected.Cross-Site.Scripting MEDIUM" "easy-zillow-reviews 1.4.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "email-keep No.known.fix Email.Deletion.via.CSRF MEDIUM" "email-keep No.known.fix Reflected.XSS HIGH" "easy-post-views-count 1.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-preloader No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "ecab-taxi-booking-manager 1.2.2 Missing.Authorization MEDIUM" "ecab-taxi-booking-manager 1.1.9 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "ecab-taxi-booking-manager 1.1.0 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "easy-wp-cookie-popup No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-wp-cookie-popup No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "elegant-calendar-lite 1.5.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ecommerce-product-catalog 3.3.44 Cross-Site.Request.Forgery.to.Password.Reset HIGH" "ecommerce-product-catalog 3.3.33 Reflected.Cross-Site.Scripting MEDIUM" "ecommerce-product-catalog 3.3.29 Cross-Site.Request.Forgery MEDIUM" "ecommerce-product-catalog 3.3.27 Sensitive.Information.Exposure.via.CSV.Files MEDIUM" "ecommerce-product-catalog 3.3.27 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "ecommerce-product-catalog 3.3.26 Products.Deletion.via.CSRF MEDIUM" "ecommerce-product-catalog 3.3.9 Admin+.Stored.XSS LOW" "ecommerce-product-catalog 3.3.5 Admin+.Stored.XSS LOW" "ecommerce-product-catalog 3.0.72 Reflected.XSS.via.AJAX MEDIUM" "ecommerce-product-catalog 3.0.72 Reflected.XSS MEDIUM" "ecommerce-product-catalog 3.0.71 Reflected.XSS MEDIUM" "ecommerce-product-catalog 3.0.39 Reflected.Cross-Site.Scripting HIGH" "ecommerce-product-catalog 3.0.18 Cross-Site.Request.Forgery MEDIUM" "ecommerce-product-catalog 3.0.18 CSRF.Nonce.Bypass MEDIUM" "ecommerce-product-catalog 2.9.44 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "erima-zarinpal-donate No.known.fix Cross-Site.Request.Forgery MEDIUM" "ezyonlinebookings-online-booking-system No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-affiliate-links 3.7.4 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Reset MEDIUM" "easy-affiliate-links 3.7.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-affiliate-links 3.7.1 Contributor+.Stored.XSS MEDIUM" "easy-settings-for-learndash No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-settings-for-learndash No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "external-markdown No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "element-ready-lite 6.6.3 Cross-Site.Request.Forgery MEDIUM" "element-ready-lite 6.4.9 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Elementor.Templates MEDIUM" "element-ready-lite 6.4.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "element-ready-lite 6.4.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "element-ready-lite 6.4.4 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "element-ready-lite 6.4.3 .Open.Redirect MEDIUM" "element-ready-lite 6.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "element-ready-lite 6.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "element-ready-lite 5.9.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "echosign 1.2 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "emergency-password-reset 9.0 Cross-Site.Request.Forgery MEDIUM" "email-log 2.4.9 Unauthenticated.Hook.Injection HIGH" "email-log 2.4.8 Reflected.Cross-Site.Scripting HIGH" "email-log 2.4.7 Admin+.SQL.Injection MEDIUM" "easy-amazon-product-information No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "embed-office-viewer 2.2.7 Reflected.Cross-Site.Scripting MEDIUM" "embed-office-viewer 2.2.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "embed-power-bi-reports 1.1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "edd-venmo No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "event-feed-for-eventbrite 1.1.2 Reflected.Cross-Site.Scripting MEDIUM" "event-feed-for-eventbrite 1.0.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "exit-intent-popups-by-optimonk 2.0.5 Account.ID.Update.via.CSRF MEDIUM" "eewee-admincustom No.known.fix Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "eewee-admincustom No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "eonet-manual-user-approve No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "education-addon No.known.fix Authenticated.(Contributor+).Insecure.Direct.Object.Reference.via.naedu_elementor_template.Shortcode MEDIUM" "education-addon No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "education-addon 1.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "elfsight-pricing-table No.known.fix Cross-Site.Request.Forgery.via.ajax() MEDIUM" "elfsight-pricing-table No.known.fix Missing.Authorization MEDIUM" "export-users No.known.fix CSV.Injection MEDIUM" "exchange-addon-membership 1.3.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "email-before-download No.known.fix Cross-Site.Request.Forgery MEDIUM" "email-before-download 6.8 Admin+.SQL.Injection MEDIUM" "email-before-download 4.0 SQL.Injection MEDIUM" "enhanced-plugin-admin 1.17 CSRF MEDIUM" "eventON 4.4.1 Reflected.Cross-Site.Scripting MEDIUM" "eventON 4.5.5 Reflected.XSS HIGH" "eventON 4.5.5 Unauthenticated.Virtual.Event.Password.Disclosure MEDIUM" "eventON 4.5.9 Unauthenticated.Virtual.Event.Settings.Update MEDIUM" "eventON 4.5.5 Unauthenticated.Email.Address.Disclosure MEDIUM" "eventON 4.5.5 Admin+.Stored.Cross-Site.Scripting LOW" "eventON 4.5.6 Unauthenticated.Arbitrary.Post.Metadata.Update HIGH" "eventON 4.4.1 Reflected.Cross-Site.Scripting HIGH" "eventON 4.4 Unauthenticated.Event.Access HIGH" "eventON 4.4 Unauthenticated.Post.Access.via.IDOR HIGH" "email-reminders 2.0.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "email-reminders 2.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "ez-form-calculator-premium No.known.fix WordPress.plugin.<=.2.14.1.2.-.Reflected.Cross-Site.Scripting MEDIUM" "eventr No.known.fix Blind.SQL.Injection CRITICAL" "easy-image-display No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "embed-twine No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "exquisite-paypal-donation No.known.fix Admin+.Stored.XSS LOW" "exchange-addon-easy-canadian-sales-taxes 1.1.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "easypromos 1.3.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "editor-wysiwyg-background-color No.known.fix Missing.Authorization MEDIUM" "easy-coming-soon No.known.fix Admin+.Stored.XSS LOW" "eventon-rsvp 2.9.5 Reflected.XSS HIGH" "exs-widgets 0.3.2 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "ebook-download 1.2 Directory.Traversal HIGH" "ere-recently-viewed 2.0 Unauthenticated.PHP.Object.Injection MEDIUM" "exclusive-addons-for-elementor 2.7.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Animated.Text.and.Image.Comparison.Widgets MEDIUM" "exclusive-addons-for-elementor 2.7.5 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Elementor.Templates MEDIUM" "exclusive-addons-for-elementor 2.7.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "exclusive-addons-for-elementor 2.6.9.9 Authenticated.(Contibutor+).Stored.Cross-Site.Scripting.via.Card.Widget MEDIUM" "exclusive-addons-for-elementor 2.6.9.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Team.Member.Widget MEDIUM" "exclusive-addons-for-elementor 2.6.9.2 Missing.Authorization.to.Post.Duplication MEDIUM" "exclusive-addons-for-elementor 2.6.9.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Expired.Title MEDIUM" "exclusive-addons-for-elementor 2.6.9.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Call.to.Action MEDIUM" "exclusive-addons-for-elementor 2.6.9.4 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "exclusive-addons-for-elementor 2.6.9.3 Contributor+.Stored.XSS MEDIUM" "exclusive-addons-for-elementor 2.6.9.3 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Post.Grid MEDIUM" "exclusive-addons-for-elementor 2.6.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "exclusive-addons-for-elementor 2.6.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "exclusive-addons-for-elementor 2.6.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "exclusive-addons-for-elementor 2.6.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Covid-19.Stats.Widget MEDIUM" "exclusive-addons-for-elementor 2.6.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Call.To.Action.Widget MEDIUM" "exclusive-addons-for-elementor 2.6.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Timer.Widget MEDIUM" "exclusive-addons-for-elementor 2.6.9 Contributor+.Stored.XSS MEDIUM" "exclusive-addons-for-elementor 2.6.9 Contributor+.Stored.XSS MEDIUM" "exclusive-addons-for-elementor 2.6.2 Arbitrary.Uninstall.Reason.Feedback.via.CSRF MEDIUM" "encyclopedia-lexicon-glossary-wiki-dictionary 1.7.61 Reflected.Cross-Site.Scripting MEDIUM" "email-templates 1.4.3 Email.Sending.via.CSRF MEDIUM" "everest-faq-manager-lite 1.0.9 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "extended-search-plugin No.known.fix Settings.Update.via.CSRF MEDIUM" "event-registration-calendar-by-vcita No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "event-registration-calendar-by-vcita No.known.fix CSRF.to.Stored.XSS.in.settings.page MEDIUM" "event-registration-calendar-by-vcita 1.4.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "everest-comment-rating-lite 2.0.5 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "enable-shortcodes-inside-widgetscomments-and-experts No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "embed-comment-images 0.6 Unauthenticated.Stored.XSS MEDIUM" "editable-table No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "easy-faq-with-expanding-text No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "editor-custom-color-palette 3.3.8 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "easy-gallery-slideshow No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "easy-custom-js-and-css No.known.fix Reflected.Cross-Site.Scripting HIGH" "enhanced-youtube-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-registration-forms No.known.fix Subscriber+.Information.Disclosure.via.Shortcode MEDIUM" "easy-registration-forms No.known.fix CSRF.to.Stored.Cross-Site.Scripting HIGH" "easy-registration-forms No.known.fix CSV.Injection MEDIUM" "easy-mls-listings-import 2.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "enqueue-anything No.known.fix Subscriber+.Arbitrary.Asset/Post.Deletion MEDIUM" "exports-and-reports 0.9.2 Contributor+.CSV.Injection LOW" "emi-calculator No.known.fix Missing.Authorization.to.Unauthenticated.Settings.Change MEDIUM" "extensive-vc-addon 1.9.1 Unauthenticated.RCE CRITICAL" "easy-language-switcher No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "enhanced-wordpress-contactform 2.3 Admin+.Stored.XSS LOW" "ekc-tournament-manager 2.2.2 Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "ekc-tournament-manager 2.2.2 Admin+.Arbitrary.File.Download LOW" "ekc-tournament-manager 2.2.2 Create.Tournaments/Teams.via.CSRF MEDIUM" "ekc-tournament-manager 2.2.2 Delete.Tournaments.via.CSRF MEDIUM" "eupago-gateway-for-woocommerce 3.1.10 CSRF MEDIUM" "eu-cookie-law No.known.fix Admin+.Stored.XSS LOW" "eu-cookie-law 3.1.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "enhanced-tooltipglossary 4.3.12 Reflected.XSS HIGH" "enhanced-tooltipglossary 4.3.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "enhanced-tooltipglossary 4.3.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "enhanced-tooltipglossary 4.3.4 Admin+.Stored.XSS LOW" "enhanced-tooltipglossary 4.3.0 Settings.Update.via.CSRF MEDIUM" "enhanced-tooltipglossary 3.9.21 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "enhanced-tooltipglossary 3.3.5 XSS MEDIUM" "easy-google-map No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "everest-coming-soon-lite 1.1.1 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "editionguard-for-woocommerce-ebook-sales-with-drm No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "editionguard-for-woocommerce-ebook-sales-with-drm No.known.fix Cross-Site.Request.Forgery.to.Privilege.Escalation MEDIUM" "eveeno 1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "everlightbox 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "everlightbox 1.1.18 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "edoc-employee-application No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "email-artillery No.known.fix Multiple.Reflected.Cross-Site.Scripting HIGH" "email-artillery No.known.fix Arbitrary.File.Upload MEDIUM" "email-artillery No.known.fix CSRF.to.Stored.XSS HIGH" "email-artillery No.known.fix Multiple.Authenticated.SQL.Injections MEDIUM" "eventify No.known.fix Admin+.Stored.XSS LOW" "easy-social-sharebar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ether-and-erc20-tokens-woocommerce-payment-gateway 4.12.13 Reflected.Cross-Site.Scripting MEDIUM" "ether-and-erc20-tokens-woocommerce-payment-gateway 4.12.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "events-for-geodirectory 2.3.15 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "extender-all-in-one-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ebay-feeds-for-wordpress 3.4 Admin+.Stored.XSS LOW" "ebay-feeds-for-wordpress 1.2 Cross-Site.Scripting.via.rss_url.Parameter MEDIUM" "easy-custom-code 1.0.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "edoc-easy-tables No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "exchange-addon-table-rate-shipping 1.1.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "eventbee-rsvp-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "embed-google-map No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-media-gallery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "exchange-addon-custom-url-tracking 1.1.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "expire-tags No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "expire-tags No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "easy-waveform-player 1.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "emailpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "evernote-sync No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "email-posts-to-subscribers No.known.fix Admin+.Stored.XSS LOW" "email-posts-to-subscribers No.known.fix Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "email-posts-to-subscribers No.known.fix Unauthenticated.SQLi HIGH" "exam-matrix No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "elasticpress 5.1.2 Data.Sync.via.CSRF MEDIUM" "elasticpress 3.5.4 Cross-Site.Request.Forgery MEDIUM" "easy-filtering No.known.fix Reflected.Cross-Site.Scripting HIGH" "external-media-without-import No.known.fix Subscriber+.Blind.SSRF LOW" "external-media-without-import 1.0.1 Reflected.XSS HIGH" "everest-timeline-lite 1.1.2 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "easy-form 2.7.0 Reflected.Cross-Site.Scripting MEDIUM" "easy-form 1.2.1 Admin+.Stored.XSS LOW" "easyevent No.known.fix Admin+.Stored.XSS LOW" "easy-justified-gallery 1.1.1 Reflected.Cross-Site.Scripting.(XSS) HIGH" "embed-google-fonts No.known.fix Missing.Authorization MEDIUM" "easy-career-openings No.known.fix jobid.Parameter.SQL.Injection MEDIUM" "easy-maintenance-mode-coming-soon No.known.fix Information.Exposure MEDIUM" "emag-marketplace-connector 1.0.1 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "easy-redirect-manager No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "external-database-based-actions No.known.fix Authenticated.(Subscriber+).Authentication.Bypass HIGH" "easy-age-verify 1.8.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "easy-age-verify 1.8.2 Reflected.Cross-Site.Scripting MEDIUM" "easy-age-verify 1.6.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "event-countdown-timer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "email-form-under-post No.known.fix Cross-Site.Request.Forgery MEDIUM" "easy-related-posts No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "everest-backup 2.2.14 Unauthenticated.Backup.Download HIGH" "everest-backup 2.2.5 Admin+.Arbitrary.File.Upload MEDIUM" "everest-backup 2.2.0 Sensitive.Information.Exposure.via.Log.File HIGH" "easy-courses No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ep4-more-embeds No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "easy-team-manager No.known.fix Authenticated.Blind.SQL.Injection CRITICAL" "email-on-publish No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "easy-appointments 3.11.19 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-appointments 3.11.19 Insufficient.Authorization MEDIUM" "easy-appointments 3.11.10 Cross-Site.Request.Forgery MEDIUM" "easy-appointments 3.11.2 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "easy-appointments 1.12.0 Cross-Site.Scripting.(XSS) MEDIUM" "explara-membership No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-replace No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "exit-popup-show No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "estatik No.known.fix Contributor+.Local.File.Inclusion HIGH" "estatik 4.1.1 Reflected.XSS HIGH" "estatik 4.1.1 Unauthenticated.PHP.Object.Injection HIGH" "estatik 4.1.1 Subscriber+.Arbitrary.Option.Update HIGH" "estatik 2.3.1 Arbitrary.File.Upload HIGH" "ect-social-share No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ect-add-to-cart-button No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "embed-privacy 1.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "embedstories 0.7.5 Contributor+.Stored.XSS MEDIUM" "edge-gallery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "edge-gallery No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-table-booking No.known.fix Cross-Site.Request.Forgery MEDIUM" "easy-embed-for-youtube-wall 1.2.3 Reflected.Cross-Site.Scripting MEDIUM" "ewww-image-optimizer 7.3.0 Cross-Site.Request.Forgery MEDIUM" "ewww-image-optimizer 7.2.1 Unauthenticated.Sensitive.Information.Exposure.via.Debug.Log MEDIUM" "ewww-image-optimizer 7.2.1 Sensitive.Information.Exposure MEDIUM" "ewww-image-optimizer 5.9 Cross-Site.Request.Forgery MEDIUM" "exchange-rates 1.2.3 Missing.Authorization MEDIUM" "exit-popup-free No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "easy-paypal-shopping-cart 1.1.11 Contributor+.Stored.XSS MEDIUM" "eroom-zoom-meetings-webinar 1.4.19 Missing.Authorization.to.Information.Exposure MEDIUM" "eroom-zoom-meetings-webinar 1.3.4 Reflected.Cross-Site.Scripting MEDIUM" "eroom-zoom-meetings-webinar 1.3.9 Cache.Deletion.via.CSRF MEDIUM" "eroom-zoom-meetings-webinar 1.3.8 Sync.Meetings.via.CSRF MEDIUM" "echoza No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "easy-testimonial-rotator 1.0.19 Admin+.Stored.XSS LOW" "easy-testimonial-rotator 1.0.16 Reflected.Cross-Site.Scripting HIGH" "empik-for-woocommerce 1.4.5 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "easy-login-styler No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "email-customizer-for-woocommerce 2.6.1 Information.Exposure MEDIUM" "ezoic-integration 2.8.9 Unauthenticated.Settings.Update.to.Stored.XSS MEDIUM" "ezoic-integration 2.8.9 Admin+.Stored.XSS LOW" "ezpz-one-click-backup No.known.fix Cross-Site.Scripting.(XSS) CRITICAL" "etemplates No.known.fix Unauthenticated.SQL.Injection CRITICAL" "email-shortcode No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "e-signature 1.5.6.8 Unauthenticated.Arbitrary.File.Upload.leading.to.RCE CRITICAL" "email-address-obfuscation 1.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.class.Parameter MEDIUM" "email-verification-for-woocommerce-pro 1.8.2 Loose.Comparison.to.Authentication.Bypass CRITICAL" "easy-svg-upload No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "emails-blacklist-everest-forms 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "emails-blacklist-everest-forms 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "empty-cart-button-for-woocommerce No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-facebook-likebox 6.5.7 Cross-Site.Request.Forgery MEDIUM" "easy-facebook-likebox 6.5.6 Contributor+.Stored.XSS MEDIUM" "easy-facebook-likebox 6.5.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.fb_appid MEDIUM" "easy-facebook-likebox 6.5.5 Cross-Site.Request.Forgery MEDIUM" "easy-facebook-likebox 6.5.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "easy-facebook-likebox 6.5.5 Cross-Site.Request.Forgery MEDIUM" "easy-facebook-likebox 6.5.3 Subscriber+.Settings.Update MEDIUM" "easy-facebook-likebox 6.5.0 Reflected.Cross-Site.Scripting MEDIUM" "easy-facebook-likebox 6.4.0 Contributor+.Stored.XSS MEDIUM" "easy-facebook-likebox 6.3.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-facebook-likebox 6.2.7 Reflected.Cross-Site.Scripting.(XSS) HIGH" "easy-facebook-likebox 6.2.7 Reflected.Cross-Site.Scripting HIGH" "email-newsletter No.known.fix SQL.Injection CRITICAL" "epoll-wp-voting 3.5 Subscriber+.Arbitrary.File.Upload CRITICAL" "epoll-wp-voting 3.4 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "epoll-wp-voting 3.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "easy-org-chart No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "embed-pdf-viewer 2.4.0 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "embed-pdf-viewer 2.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.height.and.width.Parameters MEDIUM" "elegant-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Switcher,.Slider,.and.Iconbox.Widgets MEDIUM" "elegant-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.HTML.tags MEDIUM" "erident-custom-login-and-dashboard 3.5.9 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "erident-custom-login-and-dashboard 3.5 Stored.Cross-Site.Scripting.(XSS) HIGH" "easy-textillate No.known.fix Authenticated(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-textillate 2.02 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "event-page-templates-addon-for-the-events-calendar 1.6 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "easy-newsletter-signups No.known.fix Admin+.SQLi MEDIUM" "easy-newsletter-signups No.known.fix Missing.Authorization MEDIUM" "easy-newsletter-signups 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "embed-ispring No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "enable-wp-debug-toggle No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "essential-content-types 1.9 Unauthorised.Plugin's.Setting.Change MEDIUM" "easy-code-snippets No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "easy-code-snippets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-code-snippets 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-code-snippets 1.0.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "eps-301-redirects 2.51 Easy.Redirect.Manager.<.2.51.-.Authenticated.SQL.Injection CRITICAL" "eps-301-redirects 2.45 Easy.Redirect.Manager.<.2.45.-.Authenticated.Arbitrary.Redirect.Injection.and.Modification,.XSS,.and.CSRF CRITICAL" "error-notification No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "easy-pricing-tables 3.2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.fontFamily.Attribute MEDIUM" "easy-pricing-tables 3.2.6 Reflected.Cross-Site.Scripting MEDIUM" "easy-pricing-tables 3.2.3 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "easy-pricing-tables 3.2.1 Reflected.Cross-Site-Scripting MEDIUM" "easy-pricing-tables 3.1.3 Author+.Stored.Cross-Site.Scripting MEDIUM" "easy-pricing-tables 3.1.3 Arbitrary.Post.Removal.via.CSRF MEDIUM" "enquiry-quotation-for-woocommerce 2.2.33.34 Authenticated.(Author+).PHP.Object.Injection.in.enquiry_detail.php HIGH" "enquiry-quotation-for-woocommerce 2.2.13 Admin+.Stored.XSS LOW" "events-calendar No.known.fix Admin+.Stored.XSS LOW" "easy-contact-form-solution 1.7 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "easy-custom-js-and-css-pro No.known.fix Reflected.Cross-Site.Scripting HIGH" "easy-table 1.7 Admin+.Stored.Cross-Site.Scripting LOW" "easy-table 1.5.3 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "easy-chart-builder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-call-now No.known.fix Cross-Site.Request.Forgery.via.settings_page MEDIUM" "excel-like-price-change-for-woocommerce-and-wp-e-commerce-light No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "elfsight-testimonials-slider No.known.fix Missing.Authorization MEDIUM" "elfsight-testimonials-slider No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "elfsight-testimonials-slider No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ekiline-block-collection 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "eu-vat-for-woocommerce 2.12.14 Reflected.Cross-Site.Scripting MEDIUM" "eu-vat-for-woocommerce 2.12.14 Missing.Authorization MEDIUM" "eu-vat-for-woocommerce 3.0.0 Reflected.Cross-Site.Scripting HIGH" "everest-tab-lite 2.0.4 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "exchange-addon-authorize-net 1.1.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "export-all-post-meta No.known.fix Missing.Authorization MEDIUM" "exchange-addon-manual-purchases 1.1.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "eyewear-prescription-form 4.0.19 Missing.Authorization.to.Unauthenticated.Arbitrary.Options.Update CRITICAL" "easy-tiktok-feed 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "easy-tiktok-feed 1.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "embedalbum-pro 1.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "embedalbum-pro 1.1.28 Contributor+.Stored.XSS MEDIUM" "easy-custom-css No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "enjoy-instagram-instagram-responsive-images-gallery-and-carousel No.known.fix Subscriber+.Plugin.Database.Reset MEDIUM" "enjoy-instagram-instagram-responsive-images-gallery-and-carousel No.known.fix Unauthenticated.Arbitrary.Instagram.Account.Unlinking MEDIUM" "enjoy-instagram-instagram-responsive-images-gallery-and-carousel 6.2.1 Reflected.Cross-Site.Scripting MEDIUM" "essential-grid 3.1.2 Unauthenticated.Private.Post.Disclosure MEDIUM" "essential-grid 3.0.19 Missing.Authorization HIGH" "essential-grid 3.1.1 Reflected.XSS HIGH" "easy-wp-tiles No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "edubin No.known.fix Unauthenticated.Server-Side.Request.Forgery HIGH" "etsy-importer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "endomondowp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "eduadmin-booking 5.3.0 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "everest-google-places-reviews-lite 2.0.0 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "enl-newsletter No.known.fix Stored.XSS.via.CSRF HIGH" "enl-newsletter No.known.fix Admin+.SQL.Injection MEDIUM" "enl-newsletter No.known.fix Campaign.Deletion.via.CSRF MEDIUM" "easy-shortcode-buttons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elfsight-telegram-chat-cc No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "ebecas No.known.fix Admin+.Stored.XSS LOW" "elementinvader-addons-for-elementor 1.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementinvader-addons-for-elementor 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementinvader-addons-for-elementor 1.3.2 Missing.Authorization MEDIUM" "elementinvader-addons-for-elementor 1.2.7 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "elementinvader-addons-for-elementor 1.3.2 Missing.Authorization.to.Arbitrary.Options.Read MEDIUM" "elementinvader-addons-for-elementor 1.3.0 Authenticated.(Contributor+).Information.Exposure MEDIUM" "elementinvader-addons-for-elementor 1.2.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementinvader-addons-for-elementor 1.2.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementinvader-addons-for-elementor 1.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementinvader-addons-for-elementor 1.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-portfolio No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "email-subscriber No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "event-calendars No.known.fix Unauthenticated.Arbitrary.Calendar.Deletion MEDIUM" "embed-calendly-scheduling 3.7 Embed.Calendly.<.3,7.Contributor+.Stored.XSS MEDIUM" "email-subscribe 1.2.24 Authenticated.(Administrator+).SQL.Injection MEDIUM" "email-subscribe 1.2.23 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.print_email_subscribe_form.Shortcode MEDIUM" "email-subscribe 1.2.21 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "email-subscribe 1.2.20 Reflected.XSS HIGH" "email-subscribe 1.2.19 .Reflected.Cross-Site.Scripting MEDIUM" "email-subscribe 1.2.17 Reflected.XSS HIGH" "easy-paypal-donation 1.4.5 Reflected.Cross-Site.Scripting MEDIUM" "easy-paypal-donation 1.3.4 Arbitrary.Post.Deletion.via.CSRF HIGH" "easy-paypal-donation 1.3.2 Admin+.Stored.Cross-Site.Scripting LOW" "easy-paypal-donation 1.3.1 Reflected.Cross-Site.Scripting.via.page.Parameter HIGH" "easy-paypal-donation 1.3.1 CSRF.to.Stored.Cross-Site.Scripting HIGH" "easy-paypal-donation 1.3.1 CSRF.to.Arbitrary.Post.Deletion MEDIUM" "event-calendar-wd 1.1.51 Reflected.Cross-Site.Scripting HIGH" "event-calendar-wd 1.1.51 Subscriber+.Event.Creation MEDIUM" "event-calendar-wd 1.1.46 Cross-Site.Scripting.(XSS) MEDIUM" "event-calendar-wd 1.1.45 Cross-Site.Scripting.(XSS) MEDIUM" "event-calendar-wd 1.1.22 Cross-Site.Scripting.(XSS) MEDIUM" "event-calendar-wd 1.0.94 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "elementskit 3.7.9 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.url.Parameter MEDIUM" "elementskit 3.6.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementskit 3.6.7 Authenticated.(Contributor+).Sensitive.Information.Exposure MEDIUM" "elementskit 3.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Motion.Text.and.Table.Widgets MEDIUM" "elementskit 3.6.3 Authenticated.(Contributor+).Server-Side.Request.Forgery HIGH" "elementskit 3.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementskit 3.6.1 Authenticated.(Contributor+).Local.File.Inclusion.via.Price.Menu,.Hotspot,.and.Advanced.Toggle.Widgets HIGH" "elementskit 3.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'ekit_btn_id' MEDIUM" "elementskit 2.2.0 Contributor+.Stored.XSS MEDIUM" "embed-swagger No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "email-encoder-bundle 2.2.2 Admin+.Stored.XSS LOW" "email-encoder-bundle 2.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "email-encoder-bundle 2.1.10 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "email-encoder-bundle 2.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "email-encoder-bundle 2.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "email-encoder-bundle 2.1.2 Reflected.Cross.Site.Scripting MEDIUM" "easy-liveblogs 2.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "evergreen-content-poster 1.4.5 Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "evergreen-content-poster 1.4.3 Missing.Authorization MEDIUM" "evergreen-content-poster 1.4.2 Reflected.Cross-Site.Scripting MEDIUM" "evergreen-content-poster 1.4.1 Admin+.Stored.XSS LOW" "essential-addons-elementor 5.8.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Lightbox.and.Modal.Widget MEDIUM" "essential-addons-elementor 5.8.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Team.Member.Carousel.Widget MEDIUM" "essential-addons-elementor 5.8.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'title_html_tag' MEDIUM" "essential-addons-elementor 5.4.9 Reflected.XSS HIGH" "essential-addons-elementor 5.4.9 Unauthenticated.SSRF MEDIUM" "easy-contact-form-pro 1.1.1.9 Authenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "easy-contact No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "external-media 1.0.36 Admin+.Stored.XSS LOW" "external-media 1.0.34 Authenticated.Arbitrary.File.Upload CRITICAL" "epermissions No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "elastic-email-sender 1.2.7 Admin+.Stored.XSS LOW" "embed-documents-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "emails-verification-for-woocommerce 2.9.5 Authenticated.(Contributor+).Sensitive.Information.Exposure MEDIUM" "emails-verification-for-woocommerce 2.9.6 Authentication.Bypass.via.Shortcode HIGH" "emails-verification-for-woocommerce 2.9.0 Unauthenticated.SQL.Injection HIGH" "emails-verification-for-woocommerce 2.7.5 Authentication.Bypass HIGH" "emails-verification-for-woocommerce 1.8.2 Loose.Comparison.to.Authentication.Bypass CRITICAL" "elementor 3.25.11 Contributor+.Stored.XSS MEDIUM" "elementor 3.27.5 Contributor+.Stored.XSS MEDIUM" "elementor 3.25.10 Contributor+.Stored.XSS.via.Typography.Settings MEDIUM" "elementor 3.25.8 Contributor+.Stored.XSS MEDIUM" "elementor 3.24.6 Contributor+.Information.Exposure.via.get_image_alt LOW" "elementor 3.24.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.in.the.URL.Parameter.in.Multiple.Widgets MEDIUM" "elementor 3.22.2 Contributor+.Arbitrary.SVG.Download MEDIUM" "elementor 3.21.6 Contributor+.DOM.Stored.XSS MEDIUM" "elementor 3.20.3 Contributor+.DOM.Stored.XSS MEDIUM" "elementor 3.19.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.get_image_alt MEDIUM" "elementor 3.19.1 Authenticated(Contributor+).Arbitrary.File.Deletion.and.PHAR.Deserialization HIGH" "elementor 3.18.2 Contributor+.Arbitrary.File.Upload.to.RCE.via.Template.Import HIGH" "elementor 3.16.5 Missing.Authorization.to.Arbitrary.Attachment.Read MEDIUM" "elementor 3.16.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.get_inline_svg() MEDIUM" "elementor 3.5.5 Iframe.Injection MEDIUM" "elementor 3.13.2 Missing.Authorization MEDIUM" "elementor 3.12.2 Admin+.SQLi MEDIUM" "elementor 3.5.6 DOM.Reflected.Cross-Site.Scripting MEDIUM" "elementor 3.6.3 Subscriber+.Arbitrary.File.Upload CRITICAL" "elementor 3.4.8 DOM.Cross-Site-Scripting MEDIUM" "elementor 3.1.4 Authenticated.Stored.Cross-Site.Scripting.(XSS).in.Column.Element MEDIUM" "elementor 3.1.4 Authenticated.Stored.Cross-Site.Scripting.(XSS).in.Divider.Widget MEDIUM" "elementor 3.1.4 Authenticated.Stored.Cross-Site.Scripting.(XSS).in.Icon.Box.Widget MEDIUM" "elementor 3.1.4 Authenticated.Stored.Cross-Site.Scripting.(XSS).in.Heading.Widget MEDIUM" "elementor 3.1.4 Authenticated.Stored.Cross-Site.Scripting.(XSS).in.Accordion.Widget MEDIUM" "elementor 3.1.4 Authenticated.Stored.Cross-Site.Scripting.(XSS).in.Image.Box.Widget MEDIUM" "elementor 3.0.14 SVG.Upload.Allowed.by.Default MEDIUM" "elementor 2.9.14 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "elementor 2.9.10 Authenticated.Stored.XSS HIGH" "elementor 2.9.8 SVG.Sanitizer.Bypass.leading.to.Authenticated.Stored.XSS MEDIUM" "elementor 2.9.6 Authenticated.Safe.Mode.Privilege.Escalation MEDIUM" "elementor 2.8.5 Authenticated.Reflected.XSS MEDIUM" "elementor 2.7.7 Authenticated.Stored.XSS MEDIUM" "elementor 2.8.4 Cross-Site.Scripting.(XSS) MEDIUM" "elementor 2.7.5 Authenticated.Arbitrary.File.Upload CRITICAL" "elementor 1.8.0 Authenticated.Unrestricted.Editing HIGH" "event-espresso-free 3.1.37.12.L Authenticated.Blind.SQL.Injection HIGH" "eazydocs No.known.fix Missing.Authorization MEDIUM" "eazydocs No.known.fix Contributor+.Local.File.Inclusion HIGH" "eazydocs 2.5.1 Missing.Authorization MEDIUM" "eazydocs 2.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "eazydocs 2.5.0 Admin+.Stored.XSS LOW" "eazydocs 2.4.0 Subscriber+.Arbitrary.Posts.Deletion.and.Document.Management MEDIUM" "eazydocs 2.3.6 Subscriber+.Arbitrary.Posts.Deletion.and.Document.Management MEDIUM" "eazydocs 2.3.4 Subscriber.+.SQLi HIGH" "eazydocs 2.3.6 Reflected.XSS MEDIUM" "eazydocs 2.3.6 Unauthenticated.OnePage.Document.Update/Publish MEDIUM" "eazydocs 2.2.1 Reflected.Cross-Site.Scripting MEDIUM" "easy-pie-maintenance-mode No.known.fix Admin+.Stored.XSS LOW" "easy-blocks-pro No.known.fix Missing.Authorization HIGH" "exchange-addon-easy-us-sales-taxes 1.1.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "emarksheet 5.4.4 Reflected.Cross-Site.Scripting HIGH" "extreme-blocks 0.8.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "export-media-urls 2.0 Cross-Site.Request.Forgery MEDIUM" "enable-svg-webp-ico-upload 1.1.1 Author+.Stored.XSS MEDIUM" "enable-svg-webp-ico-upload 1.0.7 Author+.Stored.Cross-Site.Scripting MEDIUM" "enable-svg-webp-ico-upload 1.1.1 Author+.Arbitrary.File.Upload HIGH" "event-notifier 1.2.1 XSS MEDIUM" "evaluate No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "explore-pages No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easyrecipe No.known.fix Cross-Site.Request.Forgery MEDIUM" "elex-bulk-edit-products-prices-attributes-for-woocommerce-basic No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "elex-bulk-edit-products-prices-attributes-for-woocommerce-basic 1.5.0 Shop.manager+.SQL.Injection MEDIUM" "eventprime-event-calendar-management 4.0.7.4 Missing.Authorization.to.Authenticated.(Subscriber+).Event.Attendees.Export MEDIUM" "eventprime-event-calendar-management 4.0.7.4 Unauthenticated.Stored.Cross-Site.Scripting.via.Ticket.Category.and.Ticket.Type.Name HIGH" "eventprime-event-calendar-management 4.0.4.8 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "eventprime-event-calendar-management 4.0.4.8 Unauthenticated.Stored.Cross-Site.Scripting.via.Transaction.Log MEDIUM" "eventprime-event-calendar-management 4.0.4.6 Open.Redirect MEDIUM" "eventprime-event-calendar-management 4.0.4.4 Missing.Authorization.to.Unauthenticated.Private.or.Password-Protected.Events.Disclosure MEDIUM" "eventprime-event-calendar-management 4.0.4.0 Missing.Authorization.via.calendar_event_create() MEDIUM" "eventprime-event-calendar-management 3.5.0 .Subscriber+.Arbitrary.booking.settings.update MEDIUM" "eventprime-event-calendar-management 3.3.5 Unauthenticated.Booking.Price.Manipulation MEDIUM" "eventprime-event-calendar-management 3.4.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "eventprime-event-calendar-management 3.4.4 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Email.Sending MEDIUM" "eventprime-event-calendar-management 3.4.3 Unauthenticated.Booking.Payment.Bypass MEDIUM" "eventprime-event-calendar-management 3.4.4 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Deletion MEDIUM" "eventprime-event-calendar-management 3.4.3 Missing.Authorization.to.Arbitrary.Post.Overwrite MEDIUM" "eventprime-event-calendar-management 3.4.4 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "eventprime-event-calendar-management 3.4.2 Missing.Authorization.to.Authenticated.(Subscriber+).Event.Export MEDIUM" "eventprime-event-calendar-management 3.4.1 Missing.Authorization.to.Authenticated.(Subscriber+).Attendee.List.Retrieval MEDIUM" "eventprime-event-calendar-management 3.4.0 Improper.Input.Validation.via.save_event_booking MEDIUM" "eventprime-event-calendar-management 3.3.6 Unauthenticated.Event.Access MEDIUM" "eventprime-event-calendar-management 3.3.3 Contributor+.Stored.XSS MEDIUM" "eventprime-event-calendar-management 3.3.6 Booking.Pricing.Bypass MEDIUM" "eventprime-event-calendar-management 3.1.6 Reflected.XSS HIGH" "eventprime-event-calendar-management 3.2.0 Reflected.XSS HIGH" "eventprime-event-calendar-management 3.2.0 Reflected.HTML.Injection.on.keyword.parameter MEDIUM" "eventprime-event-calendar-management 3.2.0 Booking.Creation.via.CSRF MEDIUM" "eventprime-event-calendar-management 3.0.6 Reflected.Cross-Site.Scripting HIGH" "eventprime-event-calendar-management 3.0.0 Unauthenticated.Reflected.XSS HIGH" "express-pay 1.1.9 Unauthenticated.SQL.Injection.via.type_id HIGH" "enable-wp-debug-from-admin-dashboard 1.86 Reflected.Cross-Site.Scripting MEDIUM" "exxp-wp No.known.fix Subscriber+.Stored.Cross-Site.Scripting HIGH" "emma-emarketing-plugin No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-code-placement No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "exchange-addon-invoices 1.4.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "easy2map 1.3.0 Local.File.Inclusion CRITICAL" "easy2map 1.3.0 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "easy-caller-with-moceanapi No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "elegant-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "export-import-menus 1.9.2 Missing.Authorization.to.Unauthenticated.Menu.Export MEDIUM" "export-import-menus 1.9.0 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "email-queue 1.1.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "embed-rentle No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "edwiser-bridge 3.1.0 Reflected.Cross-Site.Scripting MEDIUM" "edwiser-bridge 3.0.8 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "edwiser-bridge 3.0.8 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "edwiser-bridge 3.0.6 Authentication.Bypass.due.to.Missing.Empty.Value.Check CRITICAL" "edwiser-bridge 3.0.4 Authenticated.(Administrator+).SQL.Injection CRITICAL" "edwiser-bridge 2.0.7 Cross-Site.Request.Forgery MEDIUM" "edwiser-bridge 2.0.7 CSRF.Nonce.Bypass MEDIUM" "extended-widget-options 5.1.3 Extended.<=.5.1.0.&..Widget.Options.<=.4.0.1.-.Authenticated.(Subscriber+).Information.Disclosure MEDIUM" "ecommerce-two-factor-authentication 1.0.5 Two.Factor.Authentication.<.1.0.5.-.Reflected.Cross-Site.Scripting HIGH" "easy-countdowner No.known.fix Cross-Site.Request.Forgery MEDIUM" "embedding-barcodes-into-product-pages-and-orders 2.0.5 Authenticated.(Subscriber+).Arbitrary.Content.Deletion MEDIUM" "embedding-barcodes-into-product-pages-and-orders 2.0.5 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "embedding-barcodes-into-product-pages-and-orders 2.0.3 Authenticated.(Subscriber+).Sensitive.Information.Disclosure MEDIUM" "extra-user-details 0.5.1 Admin+.Stored.XSS LOW" "extra-user-details 0.5.1 Settings.Update.to.Stored.XSS.via.CSRF HIGH" "email-suscripcion No.known.fix Unauthenticated.SQL.Injection HIGH" "ecpay-logistics-for-woocommerce 1.3.1910240 Unauthenticated.Reflected.XSS MEDIUM" "estatebud-properties-listings No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "estatebud-properties-listings No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "extend-filter-products-by-price-widget No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "events-search-addon-for-the-events-calendar 1.2 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "export-post-info 1.2.1 Author+.CSV.Injection MEDIUM" "export-post-info 1.2.0 Admin+.Stored.Cross-Site.Scripting LOW" "easyappointments No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "easyappointments 1.3.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "embedder-for-google-reviews 1.5.11 Reflected.Cross-Site.Scripting MEDIUM" "export-woocommerce-customer-list 2.0.69 CSV.Injection LOW" "email-to-download No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-post-to-post-links No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "easy-popup-lightbox-maker No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "eyes-only-user-access-shortcode No.known.fix Admin+.Stored.XSS LOW" "exchange-addon-2checkout 1.1.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "edd-recent-purchases No.known.fix Unauthenticated.Remote.File.Inclusion CRITICAL" "easy-notify-lite 1.1.37 Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "easy-notify-lite 1.1.35 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-notify-lite 1.1.33 Contributor+.Stored.XSS MEDIUM" "easy-notify-lite 1.1.30 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "exchange-addon-stripe 1.2.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "extensions-leaflet-map 3.4.2 Reflected.XSS HIGH" "easy-popup-show No.known.fix Cross-Site.Request.Forgery MEDIUM" "exhibit-to-wp-gallery No.known.fix Reflected.XSS HIGH" "easy-broken-link-checker No.known.fix Admin+.Stored.XSS LOW" "easy-broken-link-checker No.known.fix Bulk.Actions.via.CSRF MEDIUM" "easy-broken-link-checker No.known.fix Reflected.XSS HIGH" "easy-broken-link-checker No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-testimonials No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "easy-testimonials 3.9.3 Contributor+.Stored.XSS MEDIUM" "easy-testimonials 3.9 Reflected.Cross-Site.Scripting MEDIUM" "easy-testimonials 3.7 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "easy-testimonials 3.7 Cross-Site.Request.Forgery MEDIUM" "easy-testimonials 3.6 Authenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "easy-testimonials 1.37 Authenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "embed-rss No.known.fix Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "express-shop 4.0.3 CSRF.Bypass MEDIUM" "easy-digital-downloads 3.3.7 Unauthenticated.Private.Post.Title.Disclosure MEDIUM" "easy-digital-downloads 3.3.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting.via.Title MEDIUM" "easy-digital-downloads 3.3.3 Authenticated.(Admin+).Arbitrary.File.Download MEDIUM" "easy-digital-downloads 3.3.5 3.3.4.-.Improper.Authorization.to.Paywall.Bypass LOW" "easy-digital-downloads 3.3.4 Authenticated.(Admin+).PHAR.Deserialization HIGH" "easy-digital-downloads 3.3.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting.via.Agreement.Text LOW" "easy-digital-downloads 3.3.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting.via.Currency.Settings MEDIUM" "easy-digital-downloads 3.3.1 Missing.Authorization MEDIUM" "easy-digital-downloads 3.3.1 Unauthenticated.SQL.Injection CRITICAL" "easy-digital-downloads 3.2.12 Cross-Site.Request.Forgery MEDIUM" "easy-digital-downloads 3.2.12 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "easy-digital-downloads 3.2.7 Cross-Site.Request.Forgery MEDIUM" "easy-digital-downloads 3.2.10 Sensitive.Information.Exposure MEDIUM" "easy-digital-downloads 3.2.7 Shop.Manager+.Stored.XSS MEDIUM" "easy-digital-downloads 3.2.6 Contributor+.Stored.XSS MEDIUM" "easy-digital-downloads 3.2.0 Missing.Authorization MEDIUM" "easy-digital-downloads 3.1.1.4.2 Unauthenticated.Privilege.Escalation CRITICAL" "easy-digital-downloads 3.1.0.5 Contributor+.Stored.XSS MEDIUM" "easy-digital-downloads 3.1.0.4 Unauthenticated.SQLi HIGH" "easy-digital-downloads 3.0 Arbitrary.Post.Deletion.via.CSRF MEDIUM" "easy-digital-downloads 3.1.0.2 Unauthenticated.CSV.Injection MEDIUM" "easy-digital-downloads 3.0.2 Admin+.PHP.Object.Injection MEDIUM" "easy-digital-downloads 2.11.6 Admin+.Stored.Cross-Site.Scripting LOW" "easy-digital-downloads 2.11.6 Arbitrary.Payment.Note.Insertion.via.CSRF LOW" "easy-digital-downloads 2.11.2.1 Reflected.Cross-Site.Scripting HIGH" "easy-digital-downloads 2.10.3 Unauthorised.Stripe.Disconnect.via.CSRF MEDIUM" "easy-digital-downloads 2.9.16 Stored.XSS MEDIUM" "easy-digital-downloads 2.5.8 PHP.Object.Injection MEDIUM" "easy-digital-downloads 2.3.7 Cross-Site.Scripting.Issue MEDIUM" "easy-digital-downloads 2.3.3 SQL.Injection CRITICAL" "embed-lottie-player 1.2.0 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.File.Upload MEDIUM" "esb-testimonials No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 6.1.10 Contributor+.Information.Disclosure LOW" "essential-addons-for-elementor-lite 6.1.10 Contributor+.Stored.XSS MEDIUM" "essential-addons-for-elementor-lite 6.0.15 Reflected.Cross-Site.Scripting HIGH" "essential-addons-for-elementor-lite 6.0.8 Contributor+.Stored.XSS MEDIUM" "essential-addons-for-elementor-lite 6.0.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 6.0.10 Authenticated.(Author+).Sensitive.Information.Exposure.to.Privilege.Escalation HIGH" "essential-addons-for-elementor-lite 6.0.10 Authenticated.(Contributor+).Sensitive.Information.Exposure MEDIUM" "essential-addons-for-elementor-lite 6.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Filterable.Gallery.Widget MEDIUM" "essential-addons-for-elementor-lite 6.0.4 Best.Elementor.Templates,.Widgets,.Kits.&.WooCommerce.Builders.<.6.0.4.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Fancy.Text.Widget MEDIUM" "essential-addons-for-elementor-lite 6.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.no_more_items_text.Parameter MEDIUM" "essential-addons-for-elementor-lite 5.9.27 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.9.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.9.23 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.9.22 Contributor+.Stored.Cross-Site.Scripting.via.Twitter.Feed MEDIUM" "essential-addons-for-elementor-lite 5.9.16 Contributor+.Stored.XSS MEDIUM" "essential-addons-for-elementor-lite 5.9.21 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.9.20 Contributor+.DOM-Based.Stored.Cross-Site.Scripting.via.Several.Widgets MEDIUM" "essential-addons-for-elementor-lite 5.9.20 Contributor+.Stored.Cross-Site.Scripting.via.'Dual.Color.Header',.'Event.Calendar',.&.'Advanced.Data.Table' MEDIUM" "essential-addons-for-elementor-lite 5.9.20 Contributor+.Stored.Cross-Site.Scripting.via.'Interactive.Circles' MEDIUM" "essential-addons-for-elementor-lite 5.9.18 Contributor+.Stored.XSS MEDIUM" "essential-addons-for-elementor-lite 5.9.16 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.9.16 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.9.16 Information.Exposure MEDIUM" "essential-addons-for-elementor-lite 5.9.15 Contributor+.Store.XSS.via.Widget.URL MEDIUM" "essential-addons-for-elementor-lite 5.9.14 Unauthenticated.Private/Draft.Posts.Access MEDIUM" "essential-addons-for-elementor-lite 5.9.14 Author+.PHP.Object.Injection MEDIUM" "essential-addons-for-elementor-lite 5.9.12 Contributor+.Stored.XSS MEDIUM" "essential-addons-for-elementor-lite 5.9.12 Contributor+.Stored.XSS MEDIUM" "essential-addons-for-elementor-lite 5.9.10 Contributor+.Stored.Cross-Site.Scripting.via.Event.Calendar HIGH" "essential-addons-for-elementor-lite 5.9.10 Contributor+.Stored.Cross-Site.Scripting.via.Data.Table MEDIUM" "essential-addons-for-elementor-lite 5.9.9 Contributor+.Stored.Cross-Site.Scripting.via.Accordion MEDIUM" "essential-addons-for-elementor-lite 5.9.9 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.9.9 Contributor+.Stored.Cross-Site.Scripting.via.Filterable.Gallery MEDIUM" "essential-addons-for-elementor-lite 5.9.9 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.9.8 Contributor+.Stored.XSS MEDIUM" "essential-addons-for-elementor-lite 5.9.5 Contributor+.Stored.Cross-Site.Scritping MEDIUM" "essential-addons-for-elementor-lite 5.9.5 Contributor+.Stored.Cross-Site.Scripting.via.Image.URl MEDIUM" "essential-addons-for-elementor-lite 5.9.3 Contributor+.Stored.XSS MEDIUM" "essential-addons-for-elementor-lite 5.8.9 Authenticated.(Contributor+).Privilege.Escalation HIGH" "essential-addons-for-elementor-lite 5.8.2 Unauthenticated.MailChimp.API.Key.Disclosure MEDIUM" "essential-addons-for-elementor-lite 5.7.2 Unauthenticated.Privilege.Escalation CRITICAL" "essential-addons-for-elementor-lite 5.0.9 Reflected.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.0.5 Unauthenticated.LFI CRITICAL" "essential-addons-for-elementor-lite 4.5.4 Contributor+.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "edd-cashapp No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "elementary-addons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "embed-any-document 2.7.6 Authenticated.(Contributor+).Blind.Server-Side.Request.Forgery.via.embeddoc.Shortcode MEDIUM" "embed-any-document 2.7.2 Author+.Stored.XSS LOW" "easyrotator-for-wordpress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "enhanced-text-widget 1.6.6 Admin+.Stored.XSS LOW" "enhanced-text-widget 1.5.8 Subscriber+.Plugin.Installation MEDIUM" "enhanced-text-widget 1.5.8 Plugin.Installation.via.CSRF MEDIUM" "ethiopian-calendar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elegant-themes-icons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-set-favicon No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "external-featured-image-from-bing No.known.fix Authenticated.(Subscriber+).Remote.Code.Execution HIGH" "easy-booked 2.4.6 Cross-Site.Request.Forgery MEDIUM" "ecommerce-addon 1.4 Reflected.Cross-Site.Scripting MEDIUM" "ecommerce-addon 1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "embed-peertube-playlist 1.10 Editor+.Stored.XSS LOW" "easy-image-collage 1.13.6 Missing.Authorization.to.Authenticated.(Contributor+).Data.Clearance MEDIUM" "enhanced-media-library 2.8.10 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "email-address-encoder 1.0.24 Cross-Site.Request.Forgery.via.eae_clear_caches() MEDIUM" "email-address-encoder 1.0.23 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "export-wp-page-to-static-html 2.2.3 Open.Redirect HIGH" "export-wp-page-to-static-html 2.2.0 Missing.Authorization.via.Multiple.AJAX.Actions MEDIUM" "export-wp-page-to-static-html 2.2.0 Cross-Site.Request.Forgery.via.Multiple.AJAX.Actions MEDIUM" "easy-testimonial-manager No.known.fix Authenticated.SQL.Injection MEDIUM" "email-customizer-woocommerce 1.7.2 Multiple.Author+.SQLi MEDIUM" "easy-side-tab-cta 1.0.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "exchange-rates-widget 1.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "event-monster 1.4.4 Information.Exposure.Via.Visitors.List.Export MEDIUM" "event-monster 1.4.4 Unauthenticated.Information.Exposure MEDIUM" "event-monster 1.4.0 Contributor+.PHP.Object.Injection.via.Custom.Meta MEDIUM" "event-monster No.known.fix Admin+.Stored.XSS LOW" "event-monster 1.2.1 Admin+.SQLi MEDIUM" "event-monster 1.2.0 Visitors.Deletion.via.CSRF MEDIUM" "easy-under-construction No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-under-construction 4.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-property-listings 3.5.4 Arbitrary.Contact.Deletion.via.CSRF MEDIUM" "easy-property-listings 3.5.4 Missing.Authorization.via.epl_update_listing_coordinates() MEDIUM" "easy-property-listings 3.5.3 Authenticated(Contributor+).SQL.Injection.via.Shortcode HIGH" "easy-property-listings 3.5.4 Admin+.Stored.XSS LOW" "easy-property-listings 3.4 Cross-Site.Request.Forgery.(CSRF) HIGH" "easy-property-listings 3.4 Cross-Site.Scripting.(XSS) MEDIUM" "everest-admin-theme-lite 1.0.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "export-woocommerce 2.1.0 Reflected.Cross-Site.Scripting MEDIUM" "export-woocommerce 2.0.12 Reflected.Cross-Site.Scripting MEDIUM" "export-woocommerce 2.0.9 Missing.Authorization MEDIUM" "export-woocommerce 2.0.11 Reflected.XSS HIGH" "easy-social-share-buttons3 9.5 Missing.Authorization MEDIUM" "easy-social-share-buttons3 9.5 Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "easy-social-share-buttons3 9.5 Reflected.Cross-Site.Scripting MEDIUM" "easy-facebook-like-box 4.1.3 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "easy-wp-cleaner 2.0 Data.Deletion.via.CSRF MEDIUM" "edit-comments No.known.fix Unauthenticated.SQL.Injection HIGH" "edit-comments No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "email-capture-lead-generation No.known.fix Missing.Authorization MEDIUM" "eprolo-dropshipping 1.7.2 Missing.Authorization MEDIUM" "easy-prayer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-prayer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "embed-youtube-video No.known.fix Authenticated.SQL.Injection MEDIUM" "everest-gallery-lite 1.0.9 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "easy-cookie-law No.known.fix Settings.Update.via.CSRF MEDIUM" "easy-wp-optimizer No.known.fix Missing.Authorization MEDIUM" "easy-smooth-scroll-links No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-smooth-scroll-links 2.23.1 Admin+.Stored.Cross-Site.Scripting LOW" "easy-smooth-scroll-links 2.23.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-post-types No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "easy-post-types No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.Meta MEDIUM" "easy-post-types No.known.fix Authenticated.(Subscriber+).Missing.Authorization.via.Multiple.Functions MEDIUM" "external-video-for-everybody No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-custom-auto-excerpt 2.5.0 Sensitive.Information.Exposure MEDIUM" "easy-custom-auto-excerpt 2.4.7 XSS MEDIUM" "email-users No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "email-users 4.8.4 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "email-users 4.8.3 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "email-users 4.7.6 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "easy-site-importer No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Change MEDIUM" "expandable-paywall 2.0.17 Reflected.Cross-Site.Scripting MEDIUM" "expandable-paywall 2.0.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-watermark 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "easy-watermark 0.7.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "essay-wizard-wpcres No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "eshop No.known.fix Authenticated.Blind.SQL.Injection HIGH" "eshop No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "eshop No.known.fix Reflected.Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "eshop 6.3.12 Remote.Code.Execution MEDIUM" "edd-courses 0.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "edd-courses 0.1.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "easy-fancybox 2.3.15 Contributor+.Stored.XSS MEDIUM" "easy-fancybox 2.3.4 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "easy-fancybox 2.3.4 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "easy-fancybox 1.8.18 Authenticated.Stored.XSS MEDIUM" "easy-sign-up No.known.fix Contributor+.Stored.XSS MEDIUM" "ethereumico 2.4.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.ethereum-ico.Shortcode MEDIUM" "ethereumico 2.4.4 Reflected.Cross-Site.Scripting MEDIUM" "ethereumico 2.3.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-cookies-policy No.known.fix Broken.Access.Control.to.Stored.Cross-Site.Scripting HIGH" "elespare 3.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Horizontal.Nav.Menu.Widge MEDIUM" "elespare 2.1.3 Missing.Authorization.to.Subscriber+.Arbitrary.Post.Creation MEDIUM" "events-manager 6.6.4.2 Missing.Authorization MEDIUM" "events-manager 6.6.4 Unauthenticated.SQL.Injection.via.Event.Status.Parameter HIGH" "events-manager 6.4.9 Reflected.Cross-Site.Scripting MEDIUM" "events-manager 6.4.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.event,.location,.and.event_category.Shortcodes MEDIUM" "events-manager 6.4.7.2 Cross-Site.Request.Forgery MEDIUM" "events-manager 6.4.7 Missing.Authorization MEDIUM" "events-manager 6.4.7.2 Cross-Site.Request.Forgery MEDIUM" "events-manager 6.4.7.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "events-manager 6.4.7 Authenticated(Administator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "events-manager 6.4.6 Reflected.Cross-Site.Scripting MEDIUM" "events-manager 5.9.8 Admin+.SQL.Injection MEDIUM" "events-manager 5.9.8 Cross-Site.Scripting.(XSS) LOW" "events-manager 5.9.7.2 CSV.Injection MEDIUM" "events-manager 5.9.6 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "events-manager 5.9 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "events-manager 5.8.1.2 Unauthenticated.Stored.XSS CRITICAL" "events-manager 5.6 Cross-Site.Scripting.(XSS).&.Code.Injection MEDIUM" "events-manager 5.5.7.1 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "events-manager 5.5.7 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "events-manager 5.3.4 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "events-manager 5.5.2 Multiple.Unspecified.XSS.Vulnerabilities MEDIUM" "events-manager 5.3.9 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "events-manager 5.5 Cross-Site.Scripting.(XSS) MEDIUM" "embed-chessboard No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "event-tickets-plus 5.9.1 Contributor+.Attendees.Lists.Disclosure LOW" "event-tickets-plus 5.9.1 Contributor+.Arbitrary.Events.Access LOW" "easync-booking No.known.fix Missing.Authorization MEDIUM" "easync-booking 1.3.15 Subscriber+.PayPal.Settings.Update MEDIUM" "easync-booking 1.3.12 Reflected.Cross-Site.Scripting HIGH" "easync-booking 1.3.7 Reflected.Cross-Site.Scripting MEDIUM" "easync-booking 1.1.16 Unauthenticated.Arbitrary.File.Upload CRITICAL" "easync-booking 1.1.10 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "embed-google-photos-album-easily 2.2.1 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "eid-easy-qualified-electonic-signature 3.3.1 Use.of.Polyfill.io MEDIUM" "elite-notification 2.0.0 Subscriber+.Stored.XSS MEDIUM" "exportfeed-list-woocommerce-products-on-ebay-store No.known.fix Admin+.SQL.Injection MEDIUM" "emc2-alert-boxes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-media-replace 0.2.0 Author+.File.Deletion MEDIUM" "error-log-viewer-wp No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "error-log-viewer-wp 1.0.4 Missing.Authorization.to.Unauthenticated.Arbitrary.File.Read HIGH" "enhanced-paypal-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "embed-video-thumbnail 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "easy-automatic-newsletter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "enable-svg-uploads No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "envo-extra 1.9.4 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "envo-extra 1.8.25 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Widget MEDIUM" "envo-extra 1.8.17 Authenticated.(Contributor+).Cross-Site.Scripting MEDIUM" "envo-extra 1.8.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "envo-extra 1.8.4 Cross-Site.Request.Forgery MEDIUM" "easy-quotes 1.2.3 Unauthenticated.SQL.Injection HIGH" "elementor-pro 3.25.11 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Shortcode MEDIUM" "elementor-pro 3.21.3 Reflected.Cross-Site.Scripting MEDIUM" "elementor-pro 3.21.2 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "elementor-pro 3.20.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Form.Widget.SVGZ.File.Upload MEDIUM" "elementor-pro 3.20.2 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.video_html_tag MEDIUM" "elementor-pro 3.20.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.Navigation MEDIUM" "elementor-pro 3.20.2 Authententicated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementor-pro 3.20.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementor-pro 3.19.3 Authenticated.(Contributor+).Information.Exposure MEDIUM" "elementor-pro 3.11.7 Subscriber+.Arbitrary.Options.Update HIGH" "elementor-pro 2.9.4 Authenticated.Arbitrary.File.Upload CRITICAL" "elementor-pro 2.0.10 XSS MEDIUM" "fullworks-directory No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fullworks-directory No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "free-event-banner No.known.fix Arbitrary.File.Upload.to.RCE CRITICAL" "floating-action-button 1.2.2 Cross-Site.Request.Forgery MEDIUM" "fusion No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fusion 1.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "flickr-rss No.known.fix XSS.and.CSRF HIGH" "flexytalk-widget No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "featured-images-for-rss-feeds 1.6.2 Reflected.Cross-Site.Scripting MEDIUM" "featured-images-for-rss-feeds 1.5.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "freemage No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "freemage No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "freemage No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "feeds-for-youtube 2.2.2 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "feeds-for-youtube 2.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "feeds-for-youtube 1.4.2 Reflected.Cross-Site.Scripting MEDIUM" "flash-video-player No.known.fix Cross-Site.Request.Forgery MEDIUM" "fraudlabs-pro-sms-verification 1.10.2 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "form-forms No.known.fix Contact.Form.<=.1.2.4.-.Admin+.Stored.Cross-Site.Scripting LOW" "form-vibes 1.4.13 Missing.Authorization.in.Multiple.Functions MEDIUM" "form-vibes 1.4.11 Authenticated.(Subscriber+).SQL.Injection.via.fv_export_data HIGH" "form-vibes 1.4.9 Reflected.Cross-Site.Scripting MEDIUM" "form-vibes 1.4.6 Admin+.SQLi MEDIUM" "form-vibes 1.4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fluent-boards 1.48 Unauthenticated.PHP.Object.Injection CRITICAL" "firedrum-email-marketing No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "frontend-post-submission No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "flower-delivery-by-florist-one 3.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "flower-delivery-by-florist-one No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "flight-search-widget-blocks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "flight-search-widget-blocks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "flight-search-widget-blocks No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "foogallery 2.4.30 Insecure.Direct.Object.Reference.to.Authenticated.(Custom+).Arbitrary.Post/Page.Updates MEDIUM" "foogallery 2.4.30 Authenticated.(Custom+).Stored.Cross-Site.Scripting.via.Album.Title.Size MEDIUM" "foogallery 2.4.30 Reflected.Cross-Site.Scripting MEDIUM" "foogallery 2.4.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Gallery.Custom.URL MEDIUM" "foogallery 2.4.15 Author+.Stored.XSS MEDIUM" "foogallery 2.4.15 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "foogallery 2.4.15 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Image.Attachment.Fields MEDIUM" "foogallery 2.4.9 Best.WordPress.Gallery.Plugin.–.FooGallery.<.2,4,9.-Admin+.Stored.Cross-Site.Scripting LOW" "foogallery 2.3.2 Reflected.XSS HIGH" "foogallery 2.3.2 Extensions.Mgt.via.CSRF MEDIUM" "foogallery 2.2.44 Reflected.Cross-Site.Scripting MEDIUM" "foogallery 2.2.41 Reflected.XSS HIGH" "foogallery 2.1.34 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "foogallery 2.0.35 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "foogallery 1.9.25 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "foogallery 1.6.17 Subscriber+.Arbitrary.Option.Update CRITICAL" "flashfader No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "formcraft No.known.fix Arbitrary.File.Deletion CRITICAL" "featured-posts-with-multiple-custom-groups-fpmcg No.known.fix Cross-Site.Request.Forgery MEDIUM" "featured-posts-with-multiple-custom-groups-fpmcg No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "friendstore-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "featured-image-generator 1.3.3 Missing.Authorization.to.Authenticated.(Subscriber+).Images.Upload MEDIUM" "five-minute-webshop No.known.fix Admin+.SQLi.via.orderby MEDIUM" "five-minute-webshop No.known.fix Admin+.SQLi.via.id MEDIUM" "f12-profiler 1.4.0 Settings.Update.via.CSRF MEDIUM" "frontend-registration-contact-form-7 No.known.fix Authenticated.(Editor+).Privilege.Escalation HIGH" "fileviewer No.known.fix Arbitrary.File.Upload/Deletion.via.CSRF CRITICAL" "full-site-editing 3.79150 Contributor+.Stored.XSS MEDIUM" "formlift 7.5.20 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "formlift 7.5.18 Unauthenticated.SQL.Injection CRITICAL" "falang 1.3.53 Missing.Authorization.to.Translation.Update.and.Information.Exposure MEDIUM" "falang 1.3.52 Cross-Site.Request.Forgery MEDIUM" "falang 1.3.50 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "falang 1.3.48 Authenticated.(Administrator+).SQL.Injection HIGH" "falang 1.3.40 Cross-Site.Request.Forgery MEDIUM" "falang 1.3.18 Reflected.Cross-Site.Scripting HIGH" "flowpaper-lite-pdf-flipbook 2.0.4 Contributor+.Stored.XSS MEDIUM" "flowpaper-lite-pdf-flipbook 2.0.0 Contributor+.Stored.XSS MEDIUM" "fp-rss-category-excluder No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fast-index 1.10 Reflected.Cross-Site.Scripting MEDIUM" "free-sales-funnel-squeeze-pages-landing-page-builder-templates-make 0.99 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "free-sales-funnel-squeeze-pages-landing-page-builder-templates-make No.known.fix Multiple.Cross-Site.Request.Forgery.(CSRF) MEDIUM" "flowfact-wp-connector 2.1.8 Reflected.XSS HIGH" "futurio-extra 2.0.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.header_size.tag MEDIUM" "futurio-extra 2.0.14 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "futurio-extra 2.0.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "futurio-extra 2.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Advanced.Text.Block.Widget MEDIUM" "futurio-extra 1.9.1 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "futurio-extra 1.6.3 Subscriber+.User.Email.Address.Disclosure MEDIUM" "futurio-extra 1.6.3 Authenticated.SQL.Injection MEDIUM" "formidable-registration 2.12 Contributor+.Arbitrary.User.Password.Reset.To.Account.Takeover HIGH" "foxyshop 4.8.2 Reflected.Cross-Site.Scripting MEDIUM" "featured-content-gallery No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "fv-wordpress-flowplayer 7.5.48.7212 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "fv-wordpress-flowplayer 7.5.47.7212 Authenticated.(Subscriber+).SQL.Injection.via.exclude.Parameter HIGH" "fv-wordpress-flowplayer 7.5.46.7212 Reflected.Cross-Site.Scripting MEDIUM" "fv-wordpress-flowplayer 7.5.45.7212 Authenticated.(Subscriber+).Server-side.Request.Forgery MEDIUM" "fv-wordpress-flowplayer 7.5.45.7212 Authenticated.(Contributor+).Arbitrary.Redirect MEDIUM" "fv-wordpress-flowplayer 7.5.44.7212 Reflected.Cross-Site.Scripting MEDIUM" "fv-wordpress-flowplayer 7.5.44.7212 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fv-wordpress-flowplayer 7.5.39.7212 Insufficient.Input.Validation.to.Unauthenticated.Stored.Cross-Site.Scripting.and.Arbitrary.Usermeta.Update MEDIUM" "fv-wordpress-flowplayer 7.5.35.7212 Reflected.XSS HIGH" "fv-wordpress-flowplayer 7.5.31.7212 Settings.Toggle.via.CSRF MEDIUM" "fv-wordpress-flowplayer 7.5.19.727 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "fv-wordpress-flowplayer 7.5.18.727 Author+.SQLi HIGH" "fv-wordpress-flowplayer 7.5.3.727 Reflected.Cross-Site.Scripting HIGH" "fv-wordpress-flowplayer 7.4.38.727 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "fv-wordpress-flowplayer 7.3.19.727 SQL.Injection CRITICAL" "fv-wordpress-flowplayer 7.3.15.727 SQL.Injection CRITICAL" "fv-wordpress-flowplayer 7.3.14.727 Unauthenticated.Stored.XSS MEDIUM" "fv-wordpress-flowplayer 7.3.15.727 CSV.Export MEDIUM" "front-end-only-users No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "front-end-only-users No.known.fix Authenticated.(Admin+).SQL.injection MEDIUM" "front-end-only-users No.known.fix Reflected.XSS HIGH" "front-end-only-users No.known.fix Reflected.XSS HIGH" "front-end-only-users 3.2.31 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "front-end-only-users 3.2.31 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.forgot-password.Shortcode MEDIUM" "front-end-only-users 3.2.29 Authenticated.(Contributor+).Time-Based.SQL.Injection HIGH" "front-end-only-users 3.2.29 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "front-end-only-users 3.2.25 Cross-Site.Request.Forgery MEDIUM" "fin-accounting-for-woocommerce 4.4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "flatpm-wp 3.1.05 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "flatpm-wp 3.0.13 Reflected.Cross-Site.Scripting HIGH" "fancy-elementor-flipbox 2.5.2 Contributor+.Stored.XSs.via.Fancy.Elementor.Flipbox.Widget MEDIUM" "flog No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "flexible-shipping 4.24.16 Missing.Authorization MEDIUM" "flexible-shipping 4.11.9 Reflected.Cross-Site.Scripting MEDIUM" "full-circle No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "forms-3rdparty-post-again No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "forms-gutenberg No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "forms-gutenberg 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "frontend-login-and-registration-blocks No.known.fix Subscriber+.Privilege.Escalation.via.Password.Reset HIGH" "fat-services-booking No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "fat-services-booking No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "fat-services-booking No.known.fix Unauthenticated.SQL.Injection HIGH" "filter-portfolio-gallery No.known.fix Arbitrary.Gallery.Deletion.via.CSRF MEDIUM" "facebook-for-woocommerce 1.9.15 CSRF.allowing.Option.Update HIGH" "footer-flyout-widget No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "freshmail-newsletter 1.6 shortcode.php.SQL.Injection HIGH" "for-the-visually-impaired No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "fv-descriptions No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "first-order-discount-woocommerce 1.22 Discount.Update.via.CSRF MEDIUM" "free-wp-booster-by-ads-pro No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "filled-in 1.9.3 Stored.XSS.via.CSRF HIGH" "filedownload No.known.fix Multiple.Issues CRITICAL" "favicon-by-realfavicongenerator 1.3.23 Reflected.Cross-Site.Scripting MEDIUM" "favicon-by-realfavicongenerator 1.3.22 Reflected.Cross-Site.Scripting.(XSS) HIGH" "frontier-post No.known.fix Cross-Site.Request.Forgery MEDIUM" "fast-wp-speed No.known.fix Reflected.XSS HIGH" "far-future-expiry-header 1.5 Plugin's.Settings.Update.via.CSRF MEDIUM" "formfacade 1.3.7 Reflected.Cross-Site.Scripting MEDIUM" "formfacade 1.3.7 Reflected.Cross-Site.Scripting HIGH" "formfacade 1.3.3 Reflected.Cross-Site.Scripting MEDIUM" "formfacade 1.2.2 Contributor+.Stored.XSS MEDIUM" "funnelcockpit No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "fast-video-and-image-display No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "freesoul-deactivate-plugins 2.1.4 Cross-Site.Request.Forgery.via.eos_dp_pro_delete_transient MEDIUM" "frndzk-expandable-bottom-bar No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.text.Parameter MEDIUM" "ftp-sync No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "fancy-product-designer 6.4.4 Unauthenticated.Arbitrary.File.Upload CRITICAL" "fancy-product-designer 6.4.4 Unauthenticated.SQL.Injection HIGH" "fancy-product-designer 6.1.81 Admin+.Cross.Site.Scripting LOW" "fancy-product-designer 6.1.8 Reflected.Cross.Site.Scripting HIGH" "fancy-product-designer 6.1.81 Admin+.Cross.Site.Scripting.via.Product.Title LOW" "fancy-product-designer 6.1.5 Admin+.SQL.Injection MEDIUM" "fancy-product-designer 4.7.0 Subscriber+.Unauthorized.Site.Options.Modification HIGH" "fancy-product-designer 4.7.0 Subscriber+.Unauthorized.Access.and.Modification MEDIUM" "fancy-product-designer 4.7.6 Arbitrary.File.Upload.via.CSRF HIGH" "fancy-product-designer 4.7.5 Admin+.SQL.Injection MEDIUM" "fancy-product-designer 4.6.9 Unauthenticated.Arbitrary.File.Upload.and.RCE CRITICAL" "fancy-product-designer 4.5.1 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "fish-and-ships 1.6 Reflected.Cross-Site.Scripting MEDIUM" "faq-and-answers 1.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "football-pool 2.12.3 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "football-pool 2.11.10 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "football-pool 2.12.1 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "football-pool 2.11.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "football-pool 2.6.5 Multiple.XSS MEDIUM" "flickr-picture-backup No.known.fix Unauthenticated.File.Upload CRITICAL" "featured-image-caption 0.8.11 Contributor+.Stored.XSS MEDIUM" "fws-ajax-contact-form 1.4.2 Contributor+.Stored.XSS MEDIUM" "full-screen-menu-for-elementor No.known.fix Authenticated.(Contributor+).Post.Disclosure MEDIUM" "file-manager-advanced 5.3.0 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "file-manager-advanced 5.2.14 5.2.13.-.Subscriber+.Arbitrary.File.Upload HIGH" "file-manager-advanced 5.2.11 Subscriber+.Arbitrary.File.Upload HIGH" "file-manager-advanced 5.2.9 Authenticated.(Administrator+).Local.JavaScript.File.Inclusion.via.fma_locale MEDIUM" "file-manager-advanced 5.2.9 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "file-manager-advanced 5.2.9 Authenticated.(Subscriber+).Limited.File.Upload MEDIUM" "file-manager-advanced 5.2.5 Sensitive.Information.Exposure.via.Directory.Listing MEDIUM" "file-manager-advanced 5.1.1 Admin+.Arbitrary.File/Folder.Access MEDIUM" "floating-tiktok-button 1.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "feedpress-generator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "feedpress-generator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "feedpress-generator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "feedpress-generator 1.2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "formzu-wp 1.6.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "formzu-wp 1.6.7 Contributor+.Stored.XSS.via.id MEDIUM" "fd-elementor-imagebox No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "float-block No.known.fix Admin+.Stored.XSS.via.Widget LOW" "fb-status-updater No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fs-shopping-cart No.known.fix Authenticated.SQL.Injection HIGH" "foogallery-premium 2.4.27 Authenticated.(Contributor+).Directory.Traversal HIGH" "foogallery-premium 2.4.15 Author+.Stored.XSS MEDIUM" "foogallery-premium 2.4.6 Contributor+.Stored.XSS MEDIUM" "favicon-my-blog No.known.fix Cross-Site.Request.Forgery MEDIUM" "full-picture-analytics-cookie-notice 5.0.0 Reflected.Cross-Site.Scripting MEDIUM" "full-picture-analytics-cookie-notice 3.2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "formidable 6.16.2 Reflected.Cross-Site.Scripting.via.Custom.HTML.Form.Parameter MEDIUM" "formidable 6.14.1 Admin+.Stored.XSS LOW" "formidable 6.11.2 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "formidable 6.8 CSRF.to.Stored.Cross-Site.Scripting MEDIUM" "formidable 6.7.1 Admin+.Stored.Cross-Site.Scripting MEDIUM" "formidable 6.7.1 HTML.Injection MEDIUM" "formidable 6.3.1 Subscriber+.Remote.Code.Execution CRITICAL" "formidable 6.2 Unauthenticated.PHP.Object.Injection HIGH" "formidable 6.1 IP.Spoofing MEDIUM" "formidable 5.5.7 Arbitrary.Entry.Deletion.via.CSRF MEDIUM" "formidable 5.0.07 Admin+.Stored.Cross-Site.Scripting LOW" "formidable 4.09.05 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "formidable 4.02.01 Unsafe.Deserialisation CRITICAL" "formidable 2.05.03 Multiple.Vulnerabilities HIGH" "formidable 2.0 Authenticated.Blind.SQL.Injection MEDIUM" "formidable 1.06.03 Arbitrary.File.Upload.via.ofc_upload_image.php CRITICAL" "fluid-responsive-slideshow 2.2.7 CSRF.&.XSS HIGH" "fixed-html-toolbar 1.0.8 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "frictionless No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "facebook-secret-meta No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "facebook-page-feed-graph-api 1.9.0 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "full-screen-page-background-image-slideshow No.known.fix Admin+.Stored.XSS LOW" "five-star-ratings-shortcode 1.2.48 Reflected.Cross-Site.Scripting MEDIUM" "five-star-ratings-shortcode 1.2.39 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "flickr-set-slideshows No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "flickr-set-slideshows No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "flexible-woocommerce-checkout-field-editor No.known.fix Missing.Authorization MEDIUM" "forms-to-sendinblue No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "final-tiles-grid-gallery-lite 3.6.1 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "final-tiles-grid-gallery-lite 3.6.0 Contributor+.Stored.XSS MEDIUM" "final-tiles-grid-gallery-lite 3.5.8 Reflected.Cross-Site.Scripting MEDIUM" "final-tiles-grid-gallery-lite 3.5.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "final-tiles-grid-gallery-lite 3.5.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "final-tiles-grid-gallery-lite 3.4.19 Authenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "final-tiles-grid-gallery-lite 3.3.57 Subscriber+.Arbitrary.Option.Update CRITICAL" "feedzy-rss-feeds 4.4.8 Authenticated(Contributor+).Blind.Server-Side.Request.Forgery.(SSRF) MEDIUM" "feedzy-rss-feeds 4.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode.Error.Message MEDIUM" "feedzy-rss-feeds 4.4.3 Authenticated(Contributor+).SQL.Injection HIGH" "feedzy-rss-feeds 4.4.3 Missing.Authorization.to.Arbitrary.Page.Creation.and.Publication MEDIUM" "feedzy-rss-feeds 4.4.2 Missing.Authorization MEDIUM" "feedzy-rss-feeds 4.3.3 Author+.Stored.Cross-Site.Scripting MEDIUM" "feedzy-rss-feeds 4.3.3 Missing.Authorization MEDIUM" "feedzy-rss-feeds 4.1.1 Contributor+.Stored.XSS MEDIUM" "feedzy-rss-feeds 3.4.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "feedzy-rss-feeds 3.4.3 Arbitrary.Settings.Update.via.CSRF MEDIUM" "fyrebox-shortcode No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "fraudlabs-pro-for-woocommerce 2.22.9 Stored.XSS.via.CSRF HIGH" "flickr-justified-gallery No.known.fix Cross-Site.Request.Forgery MEDIUM" "flickr-justified-gallery 3.4.0 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "filtr8-magazine No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "free-comments-for-wordpress-vuukle 4.0 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "friends 3.2.2 Missing.Authorization MEDIUM" "friends 2.8.6 Authenticated.(Admin+).Blind.Server-Side.Request.Forgery MEDIUM" "ferma-ru-net-checkout No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "form-to-chat 1.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fma-additional-registration-attributes No.known.fix Arbitrary.Field.Deletion.and.Form.Modification.via.CSRF HIGH" "frontend-checklist No.known.fix Admin+.Stored.XSS LOW" "frontend-checklist No.known.fix Admin+.Stored.XSS.via.Items LOW" "fscf-sms 2.4.0 Cross-Site.Scripting.(XSS) MEDIUM" "frontpage-category-filter No.known.fix Cross-Site.Request.Forgery MEDIUM" "foobox-image-lightbox-premium 2.7.28 Admin+.Stored.XSS LOW" "famethemes-demo-importer 1.1.6 Cross-Site.Request.Forgery MEDIUM" "filter-gallery 0.1.6 Admin+.Stored.XSS LOW" "filter-gallery 0.0.7 Unauthorised.AJAX.Calls HIGH" "fx-toc No.known.fix Contributor+.Stored.XSS MEDIUM" "front-editor 4.4.8 Admin+.Stored.XSS LOW" "front-editor 4.4.5 Admin+.Stored.XSS LOW" "front-editor 4.0.4 Reflected.Cross-Site.Scripting MEDIUM" "front-editor 3.4.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fast-custom-social-share-by-codebard No.known.fix Cross-Site.Request.Forgery MEDIUM" "fast-custom-social-share-by-codebard No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "fast-custom-social-share-by-codebard 1.1.0 Reflected.Cross-Site.Scripting MEDIUM" "form-block 1.0.2 Form.Submission.via.CSRF MEDIUM" "fancy-user-listing No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "flyzoo No.known.fix Admin+.Stored.XSS LOW" "fluent-security 1.0.2 Bypass.blocks.by.IP.Spoofing MEDIUM" "faltu-testimonial-rotator No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "featured-image-toolkit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "featured-image-toolkit No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "featured-image-toolkit No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "fast-flow-dashboard 1.2.18 Reflected.Cross-Site.Scripting MEDIUM" "fast-flow-dashboard 1.2.12 Reflected.Cross-Site.Scripting MEDIUM" "fast-flow-dashboard 1.2.13 Admin+.Stored.Cross-Site.Scripting LOW" "fast-flow-dashboard 1.2.12 Reflected.Cross-Site.Scripting MEDIUM" "freshdesk-support 2.4.0 Open.Redirect MEDIUM" "freshdesk-support 1.8 Open.Redirect MEDIUM" "fast-tube No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fast-tube No.known.fix Reflected.XSS HIGH" "faq-for-woocommerce 1.7.1 Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "faq-for-woocommerce 1.7.1 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "faq-for-woocommerce 1.6.4 WooCommerce.Product.FAQ.<.1.6.4.-.Reflected.Cross-Site.Scripting MEDIUM" "faq-for-woocommerce 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "find-any-think No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "flexi No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "flexi 4.20 Guest.Submit.<.4.20.-.Reflected.Cross-Site.Scripting MEDIUM" "formidablepro-2-pdf 3.11 Subscriber+.SQLi HIGH" "fast-search-powered-by-solr No.known.fix Admin+.Stored.XSS LOW" "fast-search-powered-by-solr No.known.fix Settings.Update.via.CSRF MEDIUM" "flipdish-ordering-system No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "flash-album-gallery No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "flash-album-gallery 4.25 Full.Path.Disclosure MEDIUM" "flash-album-gallery 2.56 "gid".SQL.Injection HIGH" "flash-album-gallery No.known.fix admin/news.php.want2Read.Parameter.Traversal.Arbitrary.File.Access HIGH" "fg-joomla-to-wordpress 4.21.0 Sensitive.Information.Exposure MEDIUM" "fat-coming-soon No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "forms-for-divi 8.1.3 Reflected.Cross-Site.Scripting MEDIUM" "forget-about-shortcode-buttons 2.1.3 CSRF MEDIUM" "forget-about-shortcode-buttons 1.1.2 XSS MEDIUM" "flexo-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fabrica-reusable-block-instances 1.0.9 Reflected.Cross-Site.Scripting HIGH" "flamix-bitrix24-and-contact-forms-7-integrations 3.2.0 Unauthenticated.Full.Path.Disclosure MEDIUM" "formafzar 2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "float-menu 6.1.3 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "float-menu 6.0.1 Menu.Deletion.via.CSRF MEDIUM" "float-menu 5.0.3 Admin+.Stored.Cross-Site.Scripting LOW" "float-menu 5.0.2 Reflected.XSS MEDIUM" "float-menu 4.3.1 Arbitrary.Menu.Deletion.via.CSRF MEDIUM" "favicon-switcher No.known.fix Arbitrary.Settings.Change.via.CSRF MEDIUM" "fast-wp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fast-wp No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fast-wp No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "featured-product-by-category-name No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "filr-protection 1.2.5 Editor+.Stored.XSS LOW" "filr-protection 1.2.3.6 Author+.RCE.via.file.upload.with.phar.ext CRITICAL" "filr-protection 1.2.3 Reflected.Cross-Site.Scripting MEDIUM" "filr-protection 1.2.2.1 Secure.Document.Library.<.1.2.2.1.-.Subscriber+.AJAX.Calls CRITICAL" "filr-protection 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fonts-manager-custom-fonts No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "f4-tree 1.1.19 Reflected.Cross-Site.Scripting MEDIUM" "f4-tree 1.1.15 Reflected.Cross-Site.Scripting MEDIUM" "f4-tree 1.1.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "flaming-forms No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "flaming-forms No.known.fix Unauthenticated.Stored.XSS HIGH" "flaming-forms No.known.fix Reflected.XSS HIGH" "fusion-slider No.known.fix Authenticated.(Contributor+).PHP.Object.Injection MEDIUM" "fontific No.known.fix Cross-Site.Request.Forgery.via.ajax_fontific_save_all HIGH" "feedwordpress 2024.0428 Unauthenticated.Draft.Access MEDIUM" "feedwordpress 2022.0123 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "feedwordpress 2015.0514 XSS.&.SQL-Injection MEDIUM" "finance-calculator-with-application-form No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "furikake No.known.fix Unauthenticated.Open.Redirect MEDIUM" "fast-image-adder No.known.fix Unauthenticated.Remote.File.Upload CRITICAL" "floating-action-buttons 1.0.1 Missing.Authorization MEDIUM" "floating-social-bar No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "floating-social-bar 1.1.7 Cross-Site.Scripting.(XSS) MEDIUM" "formscrm 3.6 Reflected.Cross-Site.Scripting MEDIUM" "fancy-gallery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "file-manager 6.5.8 Authenticated.(Subscriber+).Limited.JavaScript.File.Upload MEDIUM" "file-manager 6.5.6 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "file-manager 6.5.6 6.5.5.-.Unauthenticated.Remote.Code.Execution.via.Race.Condition HIGH" "file-manager 6.3 Admin+.Arbitrary.OS.File/Folder.Access.+.Path.Traversal MEDIUM" "file-manager 5.2.3 Subscriber+.Arbitrary.File.Creation/Upload/Deletion CRITICAL" "file-manager 5.0.2 Information.Disclosure HIGH" "frontend-admin 3.8.0 Reflected.Cross-Site.Scripting MEDIUM" "frontend-admin 3.3.33 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "freetobook-responsive-widget 1.1.1 Cross-Site.Request.Forgery MEDIUM" "flexible-cookies 1.1.9 Cross-Site.Request.Forgery MEDIUM" "form-data-collector 2.2.4 Reflected.Cross-Site.Scripting MEDIUM" "find-duplicates No.known.fix Authenticated.(Subscriber+).SQL.Injection CRITICAL" "foundation-columns No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "flash-show-and-hide-box No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "flexible-captcha No.known.fix Contributor+.Stored.XSS MEDIUM" "facebook-like-send-button 1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.width.Parameter MEDIUM" "facebook-like-send-button 1.2 Admin+.Stored.XSS LOW" "fluent-support 1.8.6 Unauthenticated.Sensitive.Information.Exposure.Through.Unprotected.Directory HIGH" "fluent-support 1.8.1 Insufficient.Authorization.on.Email.Verification MEDIUM" "fluent-support 1.8.1 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "fluent-support 1.7.7 Authenticated(Administrator+).SQL.Injection MEDIUM" "fluent-support 1.5.8 Admin+.SQLi MEDIUM" "font-awesome-wp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "free-product-table-for-woocommerce No.known.fix Missing.Authorization.to.Arbitrary.Content.Deletion MEDIUM" "free-product-table-for-woocommerce No.known.fix Missing.Authorization MEDIUM" "fathom-analytics 3.1.0 Admin+.Stored.XSS LOW" "fathom-analytics 3.0.5 Admin+.Stored.Cross-Site.Scripting LOW" "fatal-error-notify 1.5.3 Subscriber+.Test.Error.Email.Sending MEDIUM" "flags-widget No.known.fix .Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "fx-calculators 1.3.8 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "fx-calculators 1.3.7 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "flatty-flat-admin-theme No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "fuse-social-floating-sidebar 5.4.11 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.File.Upload MEDIUM" "fuse-social-floating-sidebar 5.4.9 Reflected.Cross-Site.Scripting MEDIUM" "fuse-social-floating-sidebar 5.4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "featured-page-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "foliopress-wysiwyg No.known.fix .Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "font-awesome-more-icons No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "formatted-post No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "flickr-photostream No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "featured-posts-scroll No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "floating-social-media-links No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "fastly 1.2.26 Missing.Authorization MEDIUM" "fastly 1.2.26 Missing.Authorization.via.AJAX.actions MEDIUM" "funnelforms-free No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "funnelforms-free 3.7.4.1 Missing.Authorization.to.Unauthenticated.Arbitrary.Media.Deletion MEDIUM" "funnelforms-free 3.7.4.1 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "funnelforms-free 3.7.4.1 Authenticated.(Administrator+).Arbitrary.File.Deletion MEDIUM" "funnelforms-free 3.7.4.1 Missing.Authorization.to.Unauthenticated.Arbitrary.Media.Upload MEDIUM" "funnelforms-free 3.4.2 Form.Deletion/Duplication.via.CSRF MEDIUM" "funnelforms-free 3.4.2 Missing.Authorization.to.Post.Modification MEDIUM" "funnelforms-free 3.4.2 Missing.Authorization.to.Enable/Disable.Dark.Mode MEDIUM" "funnelforms-free 3.4.2 Missing.Authorization.to.Category.Update MEDIUM" "funnelforms-free 3.4.2 Missing.Authorization.to.Arbitrary.Post.Duplication MEDIUM" "funnelforms-free 3.4.2 Missing.Authorization.to.Test.Email.Sending MEDIUM" "funnelforms-free 3.4.2 Cross-Site.Request.Forgery.to.Arbitrary.Post.Deletion MEDIUM" "funnelforms-free 3.4.2 Missing.Authorization.to.Category.Deletion MEDIUM" "funnelforms-free 3.4.2 Cross-Site.Request.Forgery.to.Arbitrary.Post.Duplication MEDIUM" "funnelforms-free 3.4.2 Missing.Authorization.to.Arbitrary.Post.Deletion MEDIUM" "funnelforms-free 3.4.2 Missing.Authorization.to.New.Category.Creation MEDIUM" "funnelforms-free 3.4 Funnelforms.Free.<.3,4.Unauthenticated.Stored.Cross-Site.Scripting CRITICAL" "funnelforms-free 3.3.8.5 Reflected.Cross-Site.Scripting MEDIUM" "formidable-sms 1.1.0 Cross-Site.Scripting.(XSS) MEDIUM" "flexible-blogtitle No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "facebook-conversion-pixel 3.0.6 Reflected.Cross-Site.Scripting MEDIUM" "facebook-conversion-pixel 2.6.4 Reflected.Cross-Site.Scripting MEDIUM" "facebook-conversion-pixel 2.6.2 CSRF.to.Stored.Cross-Site.Scripting HIGH" "facebook-conversion-pixel 2.6.3 Admin+.Stored.Cross-Site.Scripting LOW" "filebird 6.4.6 Authenticated.(Author+).Insecure.Direct.Object.Reference MEDIUM" "filebird 6.3.4 Missing.Authorization MEDIUM" "filebird 5.6.4 Author+.Users.Folder.Deletion LOW" "filebird 5.6.4 Author+.Stored.XSS MEDIUM" "filebird 5.6.1 Admin+.Stored.XSS MEDIUM" "filebird 4.7.4 Unauthenticated.SQL.Injection HIGH" "f4-improvements No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "f4-improvements 1.8.1 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "formcraft-form-builder 1.2.11 Missing.Authorization MEDIUM" "formcraft-form-builder 1.2.8 Missing.Authorization.via.formcraft_nag_update MEDIUM" "formcraft-form-builder 1.2.7 Admin+.Stored.XSS LOW" "formcraft-form-builder 3.9.7 Admin+.SQLi MEDIUM" "formcraft-form-builder 1.2.10 Contributor+.Stored.XSS MEDIUM" "formcraft-form-builder 1.2.6 Admin+.Stored.Cross.Site.Scripting LOW" "formcraft-form-builder 1.2.2 Cross-Site.Request.Forgery.(CSRF) HIGH" "frontend-post-submission-manager-lite 1.2.3 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "file-select-control-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "forms-to-zapier No.known.fix Authenticated.(Administrator+).SQL.Injection CRITICAL" "forms-to-zapier 1.1.10 Reflected.Cross-Site.Scripting MEDIUM" "forms-to-zapier 1.1.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "float-to-top-button No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "form-to-json No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "flying-twitter-birds No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "feedblitz-email-subscription No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "flexi-quote-rotator No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "fat-rat-collect 2.7.4 Reflected.Cross-Site.Scripting MEDIUM" "faq-builder-ays 1.7.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "faq-builder-ays 1.7.2 Reflected.Cross-Site.Scripting MEDIUM" "faq-builder-ays 1.3.6 Authenticated.Blind.SQL.Injections HIGH" "fossura-tag-miner 1.1.5 Cross-Site.Request.Forgery.(CSRF).&.XSS HIGH" "footnotes-for-wordpress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "football-leagues-by-anwppro 0.16.8 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "forminator 1.42.1 Contributor+.Stored.XSS.via.'limit' MEDIUM" "forminator 1.42.1 Order.Replay.Vulnerability MEDIUM" "forminator 1.39.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "forminator 1.38.3 Reflected.XSS.via.Title.Parameter HIGH" "forminator 1.38.3 Admin+.Stored.XSS LOW" "forminator 1.36.1 Unauthenticated.Arbitrary.Quiz.Submissions.Update MEDIUM" "forminator 1.36.0 Missing.Authorization.to.Authenticated.(Contributor+).Form.Update.and.Creation HIGH" "forminator 1.36.0 Draft.Quiz.Creation.via.CSRF MEDIUM" "forminator 1.36.0 Draft.Custom.Form.Creation.via.CSRF MEDIUM" "forminator 1.34.1 Reflected.Cross-Site.Scripting MEDIUM" "forminator 1.29.2 HubSpot.Developer.API.Key.Sensitive.Information.Exposure HIGH" "forminator 1.29.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "forminator 1.29.3 Admin+.SQL.Injection MEDIUM" "forminator 1.15.4 Reflected.Cross-Site.Scripting MEDIUM" "forminator 1.29.3 Contributor+.Stored.Cross-Site.Scripting.via.forminator_form.Shortcode MEDIUM" "forminator 1.29.1 Unauthenticated.Stored.XSS HIGH" "forminator 1.29.1 Reflected.Cross-Site.Scripting HIGH" "forminator 1.28.0 Admin+.Arbitrary.File.Upload MEDIUM" "forminator 1.27.0 Admin+.Stored.Cross-Site.Scripting LOW" "forminator 1.25.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "forminator 1.24.4 Reflected.XSS HIGH" "forminator 1.24.1 Unauthenticated.Race.Condition.on.poll.vote MEDIUM" "forminator 1.15.4 Admin+.Stored.Cross-Site.Scripting LOW" "forminator 1.14.12 Unauthenticated.Stored.XSS HIGH" "forminator 1.14.8.1 CSRF.Nonce.Bypasses MEDIUM" "forminator 1.13.5 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "forminator 1.6 Authenticated.Multiple.Vulnerabilities MEDIUM" "fluent-crm 2.8.45 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "fluent-crm 2.8.0 Marketing.Automation.For.WordPress..<.2.8.0.-.Unauthenticated.Subscriptions.Update MEDIUM" "fullworks-ice-ide-integration No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fullworks-ice-ide-integration No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "floating-links 3.6.2 Reflected.Cross-Site.Scripting MEDIUM" "floating-links 3.6.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "flagged-content No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "featured-image-from-url 4.8.3 Missing.Authorization MEDIUM" "featured-image-from-url 4.8.2 Missing.Authorization MEDIUM" "featured-image-from-url 4.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.fifu_input_url MEDIUM" "featured-image-from-url 4.5.4 Contributor+.Stored.XSS MEDIUM" "featured-image-from-url 4.0.1 Admin+.Stored.Cross-Site.Scripting LOW" "featured-image-from-url 4.0.0 Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "form-maker 1.15.32 Admin+.Stored.XSS LOW" "form-maker 1.15.30 Admin+.Stored.XSS LOW" "form-maker 1.15.30 Admin+.Stored.XSS LOW" "form-maker 1.15.33 .Admin+.Stored.XSS LOW" "form-maker 1.15.33 Admin+.Stored.XSS.via.Theme.Title LOW" "form-maker 1.15.31 Admin+.Stored.XSS LOW" "form-maker 1.15.28 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "form-maker 1.15.31 Reflected.Cross-Site.Scripting.via.add_query_arg.Parameter MEDIUM" "form-maker 1.15.28 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "form-maker 1.15.27 Reflected.Cross-Site.Scripting HIGH" "form-maker 1.15.26 Admin+.Stored.XSS MEDIUM" "form-maker 1.15.25 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "form-maker 1.15.25 Authenticated.(Subscriber+).Stored.Self-Based.Cross-Site.Scripting MEDIUM" "form-maker 1.15.24 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "form-maker 1.15.23 Sensitive.Information.Exposure MEDIUM" "form-maker 1.15.22 CSRF.to.limited.RCE MEDIUM" "form-maker 1.15.21 Captcha.Bypass HIGH" "form-maker 1.15.19 Reflected.XSS HIGH" "form-maker 1.15.19 Unauthenticated.Stored.XSS CRITICAL" "form-maker 1.15.20 Unauthenticated.Arbitrary.File.Upload MEDIUM" "form-maker 1.15.6 Admin+.SQLI LOW" "form-maker 1.14.12 Admin+.Stored.Cross-Site.Scripting MEDIUM" "form-maker 1.13.60 Authenticated.Stored.XSS HIGH" "form-maker 1.13.40 Authenticated.Reflected.XSS HIGH" "form-maker 1.13.36 Authenticated.SQL.Injection HIGH" "form-maker 1.13.3 Authenticated.SQL.Injection HIGH" "form-maker 1.13.5 Cross-Site.Request.Forgery.(CSRF).to.LFI MEDIUM" "form-maker 1.12.24 CSV.Injection MEDIUM" "floating-social-media-icon No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "fantastic-elasticsearch No.known.fix Reflected.XSS HIGH" "formassembly-web-forms 3.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "formassembly-web-forms 2.0.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "formello 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "fwd-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fullworks-pricing-tables No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fullworks-pricing-tables No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fiverr-official-search-box No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "fb-reviews-widget 2.4 Missing.Authorization MEDIUM" "formaloo-form-builder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "forms-to-klaviyo No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fotobook No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "facebook-fan-page-widget 2.1 Admin+.Stored.XSS LOW" "fitness-trainer 1.4.1 Subscriber+.Privilege.Escalation CRITICAL" "fediverse-embeds 1.5.4 Unauthenticated.Arbitrary.File.Upload CRITICAL" "flat-ui-button No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.flatbtn.Shortcode MEDIUM" "free-download-manager No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "flynsarmy-iframe-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "file-manager-advanced-shortcode 2.5.4 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "file-manager-advanced-shortcode 2.4.1 Authenticated.(Contributor+).Directory.Traversal HIGH" "file-manager-advanced-shortcode No.known.fix Unauthenticated.Remote.Code.Execution.through.shortcode CRITICAL" "fancier-author-box No.known.fix Admin+.Stored.XSS LOW" "fontsy No.known.fix Multiple.Unauthenticated.SQLi HIGH" "fwdmsp 8.0 Unauthenticated.Arbitrary.File.Read/Download HIGH" "floating-awesome-button 1.7.0 Reflected.Cross-Site.Scripting MEDIUM" "floating-awesome-button 1.5.14 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "forty-four No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "follow-me No.known.fix Stored.XSS.via.CSRF MEDIUM" "forumwp 2.1.1 Unauthenticated.PHP.Object.Injection CRITICAL" "forumwp 2.1.3 Reflected.Cross-Site.Scripting.via.url.Parameter HIGH" "forumwp 2.1.3 Reflected.Cross-Site.Scripting HIGH" "forumwp 2.1.0 Insecure.Direct.Object.Reference.to.Authenticated.(Subscriber+).Privilege.Escalation.via.Account.Takeover HIGH" "flexible-coupons 1.10.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "firsth3tagadsense No.known.fix Missing.Authorization MEDIUM" "footer-text No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "formcraft3 3.9.12 Premium.WordPress.Form.Builder.<.3.9.12.-.Unauthenticated.Stored.Cross-Site.Scripting.via.SVG.File.Upload HIGH" "formcraft3 3.9.12 Missing.Authorization.to.Plugin.Data.Export.in.formcraft-main.php MEDIUM" "formcraft3 3.8.28 Unauthenticated.SSRF MEDIUM" "formcraft3 3.4 Premium.WordPress.Form.Builder.<.3.4.-.Authenticated.Stored.XSS MEDIUM" "frontend-group-restriction-for-learndash No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "frontend-group-restriction-for-learndash No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fattura24 6.2.8 Reflected.Cross-Site.Scripting HIGH" "featured-posts-grid No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "flashnews-fading-effect-pearlbells No.known.fix Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "firework-videos No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fb-account-kit-login No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fb-account-kit-login No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "faqs No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "faqs No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "file-away No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.File.Read HIGH" "file-away No.known.fix Missing.Authorization.to.Unauthenticated.File.Upload.via.upload.Function CRITICAL" "file-away No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "fs-product-inquiry No.known.fix Unauthenticated.Stored.XSS HIGH" "fs-product-inquiry No.known.fix Reflected.XSS HIGH" "fast-ebay-listings 2.12.16 Open.Redirect MEDIUM" "fl3r-feelbox No.known.fix Unauthenticated.SQLi HIGH" "fl3r-feelbox No.known.fix Moods.Reset.via.CSRF MEDIUM" "fl3r-feelbox No.known.fix Settings.Update.via.CSRF.to.Stored.XSS HIGH" "flattr No.known.fix Admin+.Stored.XSS LOW" "first-comment-redirect No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fat-event-lite No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "fat-event-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fat-event-lite No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "feedbucket No.known.fix Cross-Site.Request.Forgery MEDIUM" "freshing No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "freshing No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "flowplayer6-video-player 1.0.5 Contributor+.Stored.XSS MEDIUM" "frontpage-manager No.known.fix Cross-Site.Request.Forgery.via.admin_page MEDIUM" "fonto No.known.fix Authenticated.(Author+).Arbitrary.File.Download MEDIUM" "fonto 1.2.2 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "frizzly No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "filester 1.8.7 Missing.Authorization.to.Authenticated.(Subscriber+).Filebird.Plugin.Installation MEDIUM" "filester 1.8.6 Authenticated.(Administrator+).Local.JavaScript.File.Inclusion HIGH" "filester 1.8.7 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "filester 1.8.3 Authenticated.Plugin.Settings.Update HIGH" "filester 1.8.1 Admin+.Stored.Cross-Site.Scripting LOW" "filester 1.8.1 Admin+.Remote.Code.Execution MEDIUM" "filester 1.8 Remote.Code.Execution.via.CSRF CRITICAL" "frontend-dashboard 2.2.7 2.2.6.-.Unauthenticated.Privilege.Escalation.via.fed_wp_ajax_fed_login_form_post.Function CRITICAL" "frontend-dashboard 2.2.6 Unauthenticated.SQL.Injection HIGH" "frontend-dashboard 2.2.5 Authenticated.(Subscriber+).Arbitrary.Function.Call HIGH" "frontend-dashboard 2.2.4 Frontend.Dashboard.<.2,2,4.- MEDIUM" "frontend-dashboard 2.2.2 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "floating-social-buttons No.known.fix Cross-Site.Request.Forgery MEDIUM" "floating-div No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "faq-manager-with-structured-data 5.4.4 Reflected.Cross-Site.Scripting MEDIUM" "faq-manager-with-structured-data 5.4.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "flashcounter No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "fluid-notification-bar No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "fooevents 1.19.21 Improper.Authorization.to.(Contributor+).Arbitrary.File.Upload HIGH" "font-organizer No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "floating-button 6.0.1 Cross-Site.Request.Forgery.via.process_bulk_action MEDIUM" "floating-button 5.3.1 Reflected.XSS MEDIUM" "free-stock-photos-foter No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "formget-contact-form No.known.fix Contributor+.Stored.XSS MEDIUM" "fluent-smtp 2.2.81 Cross-Site.Request.Forgery MEDIUM" "fluent-smtp 2.2.83 Unauthenticated.PHP.Object.Injection HIGH" "fluent-smtp 2.2.5 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "fluent-smtp 2.2.3 Stored.XSS.via.Email.Logs HIGH" "fluent-smtp 2.0.1 Authenticated.Stored.XSS LOW" "find-my-blocks 3.4.0 Private.Post.Titles.Disclosure MEDIUM" "fundpress 2.0.7 Unauthenticated.PHP.Object.Injection HIGH" "frontend-uploader No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "free-shipping-label 2.6.11 Reflected.Cross-Site.Scripting MEDIUM" "fixed-ip-logins 1.0 Reflected.Cross-Site.Scripting MEDIUM" "fd-elementor-button-plus No.known.fix Contributor+.Stored.XSS MEDIUM" "feed-changer 0.3 Admin+.Stored.XSS LOW" "food-and-drink-menu 2.4.17 Missing.Authorization.to.Menu.Creation MEDIUM" "food-and-drink-menu 2.4.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "food-and-drink-menu 2.4.11 Unauthenticated.PHP.Object.Injection HIGH" "food-and-drink-menu 2.4.7 .Cross-Site.Request.Forgery MEDIUM" "food-and-drink-menu 2.2.1 Unauthenticated.PHP.Object.Injection HIGH" "favicon-rotator 1.2.11 Reflected.Cross-Site.Scripting MEDIUM" "feedfocal 1.3.0 Unauthenticated.Tracking.Code.Update MEDIUM" "flo-launch 2.4.1 Missing.Authentication.Allow.Full.Site.Takeover CRITICAL" "fma-products-tabs-pro No.known.fix Arbitrary.Tab.Deletion/Edition.via.CSRF HIGH" "font-awesome-4-menus No.known.fix Contributor+.Stored.XSS MEDIUM" "font-awesome-4-menus No.known.fix Admin+.Stored.XSS LOW" "file-upload-types 1.5.0 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "fontawesomeio-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fix-my-feed-rss-repair No.known.fix Cross-Site.Request.Forgery MEDIUM" "flat-preloader 1.5.5 Admin+.Stored.Cross-Site.Scripting MEDIUM" "flat-preloader 1.5.4 CSRF.to.Stored.Cross-Site.Scripting HIGH" "forms-ada-form-builder No.known.fix Unauthenticated.Reflected.XSS HIGH" "fontsampler No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fontsampler 0.14.3 CSRF.to.Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "feedburner-optin-form No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "feedback-suite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "feedback-suite No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "feedback-suite No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "finale-woocommerce-sales-countdown-timer-discount 2.20.0 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.Countdown.Timer MEDIUM" "finale-woocommerce-sales-countdown-timer-discount 2.18.1 Cross-Site.Request.Forgery MEDIUM" "finale-woocommerce-sales-countdown-timer-discount 2.18.1 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Plugin.Installation.and.Activation MEDIUM" "finale-woocommerce-sales-countdown-timer-discount 2.18.0 Missing.Authorization.to.Unauthenticated.System.Information.Disclosure MEDIUM" "finale-woocommerce-sales-countdown-timer-discount 2.17.0 Unauthenticated.Arbitrary.File.Deletion HIGH" "full-customer 3.1.26 3.1.25.-.Authenticated.(Subscriber+).SQL.Injection MEDIUM" "full-customer 3.1.26 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "full-customer 3.1.23 Reflected.Cross-Site.Scripting MEDIUM" "full-customer 3.1.13 Unauthenticated.Stored.Cross-Site.Scripting.via.License.Plan.Parameter HIGH" "full-customer 2.3 Customer.<.2.3.-.Subscriber+.Arbitrary.Plugin.Installation HIGH" "full-customer 2.3 Customer.<.2.3.-.Subscriber+.Health.Check.Disclosure MEDIUM" "filebird-document-library 2.0.8 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "flickr-shortcode-importer No.known.fix Authenticated.(Administrator+).PHP.Object.Injection HIGH" "flexible-checkout-fields 4.1.3 Missing.Authorization MEDIUM" "folders 3.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "folders 3.0.1 Directory.Traversal.via.handle_folders_file_upload MEDIUM" "folders 3.0.3 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.User.First.Name.and.Last.Name MEDIUM" "folders 2.9.3 Authenticated.(Author+).Arbitrary.File.Upload.in.handle_folders_file_upload HIGH" "folders 2.9.3 Authenticated.(Author+).Arbitrary.File.Upload HIGH" "finpose No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "front-end-post-edit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "funnel-builder 3.9.1 Unauthenticated.Local.File.Inclusion CRITICAL" "funnel-builder 3.10.2 Admin+.SQL.Injection MEDIUM" "funnel-builder 3.4.7 Missing.Authorization.to.Authenticated.(Contributor+).Settings.Update MEDIUM" "funnel-builder 3.4.0 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.Upload MEDIUM" "funnel-builder 2.14.4 Authenticated(Administrator+).SQL.Injection MEDIUM" "friendly-functions-for-welcart 1.2.5 Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "foobox-image-lightbox 2.7.34 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "foobox-image-lightbox 2.7.32 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.HTML.Data.Attributes MEDIUM" "foobox-image-lightbox 2.7.28 Admin+.Stored.XSS LOW" "foobox-image-lightbox 2.7.27 Reflected.Cross-Site.Scripting MEDIUM" "foobox-image-lightbox 2.7.17 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "foobox-image-lightbox 2.6.4 Subscriber+.Arbitrary.Option.Update CRITICAL" "fullworks-firewall No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fullworks-firewall No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "forms-for-campaign-monitor 2.8.16 Unauthenticated.Full.Path.Disclosure MEDIUM" "forms-for-campaign-monitor 2.8.14 Reflected.Cross-Site.Scripting HIGH" "floating-cart-xforwc 1.3.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "fluentform 6.0.3 Contributor+.Stored.XSS MEDIUM" "fluentform 6.0.0 IP-Spoofing MEDIUM" "fluentform 5.2.7 Unauthenticated.Stored.XSS.via.Form.Subject HIGH" "fluentform 5.2.1 Admin+.Stored.XSS LOW" "fluentform 5.1.20 Form.Manager+.Stored.XSS LOW" "fluentform 5.1.19 .Missing.Authorization.to.Authenticated.(Subscriber+).Mailchimp.Integration.Modification MEDIUM" "fluentform 5.1.20 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "fluentform 5.1.20 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "fluentform 5.1.20 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "fluentform 5.1.20 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.Welcome.Screen.Fields MEDIUM" "fluentform 5.1.16 Contributor+.PHP.Object.Injection MEDIUM" "fluentform 5.1.17 Unauthenticated.Settings.Update MEDIUM" "fluentform 5.1.17 Contributor+.Stored.XSS MEDIUM" "fluentform 5.1.17 Unauthenticated.Limited.Privilege.Escalation MEDIUM" "fluentform 5.1.14 Subscriber+.Stored.XSS MEDIUM" "fluentform 5.1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fluentform 5.1.7 Admin+.Stored.Cross-Site.Scripting.via.imported.form.title MEDIUM" "fluentform 5.0.9 Insecure.Direct.Object.Reference MEDIUM" "fluentform 5.0.0 SQL.Injection MEDIUM" "fluentform 4.3.25 Contributor+.Stored.XSS.via.Custom.HTML.Form.Field MEDIUM" "fluentform 4.3.13 CSV.Injection LOW" "fluentform 3.6.67 Cross-Site.Request.Forgery.(CSRF) HIGH" "forms-by-made-it 2.8.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "forms-by-made-it 1.12.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "fami-sales-popup No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "fluentforms-pdf 1.1.8 Cross-Site.Scripting MEDIUM" "favicon-generator 2.1 Arbitrary.File.Deletion.via.CSRF HIGH" "favicon-generator 2.1 Arbitrary.File.Upload.via.CSRF HIGH" "favicon-generator 2.1 Cross-Site.Request.Forgery.to.Arbitrary.File.Deletion CRITICAL" "fastdup 2.2 Directory.Listing.to.Account.Takeover.and.Sensitive.Data.Exposure HIGH" "fastdup 2.1.8 Sensitive.Information.Exposure.via.Log.File MEDIUM" "filter-custom-fields-taxonomies-light No.known.fix Missing.Authorization MEDIUM" "filter-custom-fields-taxonomies-light No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "focus-on-reviews-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fg-prestashop-to-woocommerce 4.47.0 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "facilita-form-tracker No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "floating-contact 2.8 Admin+.Stored.XSS LOW" "fancybox-for-wordpress 3.3.5 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "fancybox-for-wordpress 3.3.4 3.3.3.-.Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "facebook-messenger-customer-chat 1.6 Authenticated.Options.Change.to.Chat.Takeover HIGH" "facebook-messenger-customer-chat 1.3 CSRF HIGH" "fami-woocommerce-compare No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "font-awesome 4.3.2 Contributor+.Stored.XSS MEDIUM" "facebook-by-weblizar 2.8.5 CSRF.&.XSS HIGH" "fusionspan-impexium-single-sign-on No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fusionspan-impexium-single-sign-on No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "foyer No.known.fix Content.Injection.via.Improper.Access.Control MEDIUM" "flo-forms No.known.fix Missing.Authorization MEDIUM" "flo-forms 1.0.43 Missing.Authorization MEDIUM" "flo-forms 1.0.42 Subscriber+.Test.Email.Sending MEDIUM" "flo-forms 1.0.41 Admin+.Stored.XSS LOW" "flo-forms 1.0.36 Authenticated.Options.Change.to.Stored.XSS CRITICAL" "formilla-live-chat 1.3.1 Admin+.Stored.XSS LOW" "fifthsegment-whitelist No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "filestack-upload 3.0.0 Reflected.Cross-Site.Scripting MEDIUM" "flx-dashboard-groups No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "formforall No.known.fix Contributor+.Stored.XSS MEDIUM" "formality 1.5.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.align.Parameter MEDIUM" "formality 1.5.8 Unauthenticated.Local.File.Inclusion CRITICAL" "feedburner-alternative-and-rss-redirect 3.8 Plugin.Installation.via.CSRF MEDIUM" "feedburner-alternative-and-rss-redirect 3.8 Subscriber+.Plugin.Installation MEDIUM" "foodbakery-sticky-cart No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "favorites 2.3.5 Admin+.Stored.XSS LOW" "favorites 2.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "favorites 2.3.3 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "fulltext-search 1.79.264 Missing.Authorization MEDIUM" "fulltext-search 1.79.262 Missing.Authorization MEDIUM" "fulltext-search 1.79.262 Cross-Site.Request.Forgery MEDIUM" "fulltext-search 1.69.234 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "fulltext-search 1.70.236 Cross-Site.Request.Forgery MEDIUM" "fulltext-search 1.69.234 Missing.Authorization MEDIUM" "fulltext-search 1.60.213 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.WPFTS.Live.Search.Widget MEDIUM" "file-gallery No.known.fix Reflected.Cross-Site.Scripting.via.post_id MEDIUM" "file-gallery 1.8.5.4 Contributor+.Stored.XSS MEDIUM" "floating-player No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "folder-gallery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "freshmail-integration No.known.fix Cross-Site.Request.Forgery MEDIUM" "freshmail-integration No.known.fix Reflected.XSS HIGH" "find-content-ids No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "floatbox-plus No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "feedbackscout No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "feedbackscout No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "free-facebook-reviews-and-recommendations-widgets 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "fresh-framework No.known.fix Missing.Authorization MEDIUM" "fresh-framework No.known.fix Unauthenticated.Remote.Code.Execution CRITICAL" "foobar-notifications-lite 2.1.32 Reflected.Cross-Site.Scripting MEDIUM" "foobar-notifications-lite 2.1.15 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fusion-builder 3.11.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fusion-builder 3.11.14 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "fusion-builder 3.11.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.in.Multiple.Widgets MEDIUM" "fusion-builder 3.11.13 Authenticated.(Contributor+).Protected.Post.Disclosure MEDIUM" "fusion-builder 3.11.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.fusion_button.Shortcode MEDIUM" "fusion-builder 3.11.2 Cross.Site.Scripting.(XSS).vulnerability.in.the.User.Register.element HIGH" "fusion-builder 3.6.2 Unauthenticated.SSRF HIGH" "fetch-jft 1.8.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "florapress 1.0.8 Reflected.Cross-Site.Scripting MEDIUM" "florapress 1.0.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "footer-putter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "featured-image-pro 5.15 Reflected.XSS HIGH" "facebook-button-plugin 2.74 Unauthenticated.Password.Protected.Post.Read MEDIUM" "facebook-button-plugin 2.54 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "flipping-cards 1.31 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "flip-boxes 1.9.0 Reflected.Cross-Site.Scripting MEDIUM" "fullscreen-galleria 1.6.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fareharbor 3.6.8 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "fareharbor 3.6.7 Admin+.Stored.XSS LOW" "fullworks-slack No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fullworks-slack No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fast-velocity-minify 2.7.7 Full.Path.Disclosure MEDIUM" "free-google-fonts 3.0.1 Reflected.XSS HIGH" "flying-press 3.9.7 Arbitrary.Settings.Update.to.Stored.XSS HIGH" "food-store No.known.fix Reflected.Cross-Site.Scripting HIGH" "food-store 1.4.7.5 Reflected.Cross-Site.Scripting MEDIUM" "food-store 1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "food-store 1.3.7 Unauthorised.AJAX.call.via.CSRF MEDIUM" "fastbook-responsive-appointment-booking-and-scheduling-system No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "formbuilder No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "formbuilder 1.0.8 Multiple.Authenticated.SQL.Injection MEDIUM" "formbuilder 1.08 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "fullworks-anti-spam 1.3.10 Reflected.Cross-Site.Scripting MEDIUM" "fullworks-anti-spam 1.3.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "flexidx-home-search No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ftp-access No.known.fix Subscriber+.Stored.XSS HIGH" "funnel-builder-pro 3.5.0 Funnel.Kit.Funnel.Builder.PRO.<.3,5,0.Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.allow_iframe_tag_in_post MEDIUM" "fluent-community 1.3.1 Unauthenticated.PHP.Object.Injection CRITICAL" "file-renaming-on-upload 2.5.2 Admin+.Stored.Cross-Site.Scripting LOW" "full-page-blog-designer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "forcefield 1.2.9 Reflected.Cross-Site.Scripting MEDIUM" "forcefield 1.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "find-your-reps No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "fudou 5.7.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "fw-integration-for-emailoctopus 1.0.8.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fw-integration-for-emailoctopus 1.0.8.2 Contributor+.Stored.XSS MEDIUM" "fetch-tweets No.known.fix Reflected.Cross-Site.Scripting HIGH" "fg-drupal-to-wp 3.71.0 Sensitive.Information.Exposure MEDIUM" "fg-drupal-to-wp 3.68.0 Cross-Site.Request.Forgery.via.ajax_importer MEDIUM" "flexmls-idx 3.14.29 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "flexmls-idx 3.14.28 Unauthenticated.PHP.Object.Injection CRITICAL" "flexmls-idx 3.14.27 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.API.parameters MEDIUM" "flexmls-idx 3.14.23 Reflected.Cross-Site.Scripting MEDIUM" "fintelligence-calculator No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "flexible-shipping-usps 1.10.0 Sensitive.Information.Exposure MEDIUM" "flexible-shipping-usps 1.9.3 Cross-Site.Request.Forgery MEDIUM" "feed-comments-number No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "foopeople No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "foopeople No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "flexible-shipping-ups 3.0.0 Missing.Authorization.to.Plugin.API.key.reset MEDIUM" "flexible-shipping-ups 2.2.5 Cross-Site.Request.Forgery MEDIUM" "font-farsi No.known.fix Administrator+.Stored.Cross-Site.Scripting MEDIUM" "font-farsi No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "font-farsi No.known.fix Admin+.Stored.XSS.in.Settings LOW" "fwduvp No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "falcon 2.8.4 Missing.Authorization MEDIUM" "final-user-wp-frontend-user-profiles 1.2.2 Subscriber+.Privilege.Escalation CRITICAL" "flexible-wishlist 1.2.27 Cross-Site.Request.Forgery.to.Wishlist.Creation/Modification MEDIUM" "flexible-wishlist 1.2.26 Unauthenticated.Stored.Cross-Site.Scripting.via.wishlist_name.Parameter HIGH" "facebook-pagelike-widget 6.4.2 Admin+.Stored.XSS LOW" "facebook-pagelike-widget 6.4 Admin+.Stored.XSS LOW" "food-recipes 2.6.1 Reflected.Cross-Site.Scripting MEDIUM" "food-recipes 2.1.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fancy-box No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "feather-login-page 1.1.6 Cross-Site.Request.Forgery.via.saveData() MEDIUM" "feather-login-page 1.1.4 CSRF MEDIUM" "feather-login-page 1.1.2 Missing.Authorization.to.Non-Arbitrary.User.Deletion HIGH" "feather-login-page 1.1.2 Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "fs-poster 7.1.8 Missing.Authorization MEDIUM" "fs-poster No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fs-poster No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "fs-poster No.known.fix Cross-Site.Request.Forgery MEDIUM" "feed-them-social 4.2.1 Cross-Site.Request.Forgery.via.review_nag_check LOW" "feed-them-social 4.0.0 Settings.Update.via.CSRF MEDIUM" "feed-them-social 3.0.1 Subscriber+.Stored.XSS MEDIUM" "feed-them-social 3.0.1 Settings.Update.via.CSRF MEDIUM" "feed-them-social 3.0.1 Reflected.Cross-Site.Scripting MEDIUM" "feed-them-social 3.0.1 Reflected.Cross-Site.Scripting MEDIUM" "feed-them-social 2.9.8.6 Unauthenticated.PHAR.Deserialisation MEDIUM" "feed-them-social 2.8.7 Cross-Site.Request.Forgery MEDIUM" "feed-them-social 2.8.7 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "feed-them-social 1.7.0 XSS.&.Arbitrary.Shortcode.Execution CRITICAL" "first-graders-toolbox 1.0.2 Plugins.Deactivation.via.CSRF MEDIUM" "find-and-replace-all No.known.fix Arbitrary.Replacement.via.CSRF HIGH" "find-and-replace-all 1.3 Reflected.Cross.Site.Scripting MEDIUM" "formsite 1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fitness-calculators 2.0.9 Admin+.Stored.XSS LOW" "fitness-calculators 1.9.6 Cross-Site.Request.Forgery.to.Cross-Site.Scripting.(XSS) HIGH" "fusedesk 6.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.successredirect.Parameter MEDIUM" "fusedesk 6.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fare-calculator No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "flightlog No.known.fix Authenticated.(editor+).SQL.Injection HIGH" "furnob-core No.known.fix Reflected.Cross-Site.Scripting HIGH" "front-end-pm 11.4.3 Sensitive.Data.Exposure.via.Directory.Listing MEDIUM" "front-end-pm 11.3.8 Reflected.Cross-Site.Scripting MEDIUM" "front-end-pm 11.3.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fix-rss-feed No.known.fix Cross-Site.Request.Forgery MEDIUM" "fence-url No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "forym No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "feature-comments 1.2.5 wp-admin/admin-ajax.php.Comment.Status.Manipulation.CSRF MEDIUM" "facebook-wall-and-social-integration 1.11 Admin+.Stored.Cross-Site.Scripting LOW" "freemind-wp-browser No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "foogallery-captions No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "flexible-faqs No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "flexible-faqs 0.5.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fx-private-site No.known.fix Sensitive.Information.Exposure MEDIUM" "fast-checkout-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fast-checkout-for-woocommerce 1.1.17 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fable-extra 1.0.7 Unauthenticated.Local.File.Inclusion CRITICAL" "fable-extra 1.0.7 Unauthenticated.SQL.Injection HIGH" "fable-extra 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "facebook-comment-by-vivacity No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "form-to-sheet No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "form-to-sheet No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "folders-pro 3.0.3 Directory.Traversal.via.handle_folders_file_upload MEDIUM" "folders-pro 3.0.3 Authenticated(Author+).Arbitrary.File.Upload.via.handle_folders_file_upload HIGH" "fancy-facebook-comments 1.2.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "fancy-facebook-comments 1.2.15 Contributor+.Stored.XSS MEDIUM" "fancy-facebook-comments 1.2.11 Contributor+.Stored.XSS MEDIUM" "fancy-roller-scroller 1.4.1 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "fomo-payment-gateway-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "flipbox-builder No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "full-width-responsive-slider-wp 1.1.8 Reflected.XSS HIGH" "fm-notification-bar No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "faculty-weekly-schedule 1.2.0 Folders.Disclosure.via.Outdated.jQueryFileTree.Library MEDIUM" "flynax-bridge No.known.fix Unauthenticated.Arbitrary.User.Deletion MEDIUM" "flynax-bridge No.known.fix Unauthenticated.Limited.Privilege.Escalation HIGH" "flynax-bridge No.known.fix Unauthenticated.Privilege.Escalation.via.Account.Takeover CRITICAL" "flynax-bridge No.known.fix Unauthenticated.Privilege.Escalation.via.Password.Update CRITICAL" "fotomoto No.known.fix Reflected.XSS HIGH" "font-awesome-integration No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "fruitcake-horsemanager No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "free-product-sample 1.2.1 Reflected.Cross-Site.Scripting MEDIUM" "free-product-sample 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "flickr-slideshow-wrapper No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "forge No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-site.Scripting MEDIUM" "fpw-category-thumbnails No.known.fix Missing.Authorization MEDIUM" "facebook-likebox-widget-and-shortcode 1.2.1 Admin+.Stored.XSS LOW" "fontmeister No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "file-icons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "falling-things 1.09 Authenticated.(Editor+).SQL.Injection MEDIUM" "featured-products-first-for-woocommerce 1.9.6 Reflected.Cross-Site.Scripting MEDIUM" "featured-products-first-for-woocommerce 1.9.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fileorganizer 1.1.5 Authenticated.(Administrator+).Local.JavaScript.File.Inclusion HIGH" "fileorganizer 1.1.0 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "fileorganizer 1.0.8 Sensitive.Information.Exposure.via.Directory.Listing HIGH" "fileorganizer 1.0.7 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "fileorganizer 1.0.3 Admin+.Arbitrary.File.Access MEDIUM" "fsflex-local-fonts No.known.fix Admin+.Stored.Cross-Site-Scripting LOW" "files-download-delay No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "files-download-delay 1.0.8 Reflected.Cross-Site.Scripting MEDIUM" "files-download-delay 1.0.7 Subscriber+.Settings.Reset MEDIUM" "files-download-delay 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "feed-instagram-lite 1.0.0.37 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "feed-instagram-lite 1.0.0.29 Arbitrary.Post.Duplication.via.CSRF MEDIUM" "great-quotes No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "getresponse 2.5.8 Reflected.Cross-Site.Scripting MEDIUM" "guten-post-layout 1.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.align.Attribute MEDIUM" "glasses-for-woocommerce No.known.fix Reflected.Cross-Site.Scipting MEDIUM" "gdreseller No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "gdreseller No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gracemedia-media-player No.known.fix Local.File.Inclusion.(LFI) CRITICAL" "google-mobile-sitemap No.known.fix Cross-Site.Request.Forgery MEDIUM" "gs-testimonial 3.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gs-testimonial 1.9.7 Contributor+.Stored.XSS MEDIUM" "gs-testimonial 1.9.7 Author+.Stored.Cross-Site.Scripting MEDIUM" "gp-back-to-top No.known.fix Cross-Site.Request.Forgery MEDIUM" "giga-messenger-bots No.known.fix Reflected.XSS HIGH" "gmace No.known.fix Arbitrary.File.Creation/Deletion/Update.via.CSRF HIGH" "gmace No.known.fix Admin+.Path.Traversal MEDIUM" "go-fetch-jobs-wp-job-manager 1.8.4.5 Reflected.Cross-Site.Scripting MEDIUM" "go-fetch-jobs-wp-job-manager 1.7.3.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "greeklish-permalink 3.5 Unauthenticated.Post.Slug.Update MEDIUM" "gg-woo-feed 1.2.7 Missing.Authorization MEDIUM" "gg-woo-feed 1.2.5 Unauthenticated.Settings.Update MEDIUM" "good-bad-comments No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "gmo-font-agent No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "generateblocks 2.0.0 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.'get_image_description' MEDIUM" "generateblocks 1.8.3 Contributor+.Arbitrary.Draft/Private.Post.Access LOW" "generateblocks 1.4.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "gravity-forms-css-themes-with-fontawesome-and-placeholder-support No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "gplus-comments No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "gmap-point-list No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gravitate-qa-tracker No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "geounit-maps 0.0.7 Reflected.Cross-Site.Scripting MEDIUM" "gps-plotter No.known.fix Admin+.Stored.XSS LOW" "genki-pre-publish-reminder No.known.fix Stored.XSS.&.RCE.via.CSRF HIGH" "gs-pinterest-portfolio 1.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gs-pinterest-portfolio 1.8.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shorcode MEDIUM" "gs-pinterest-portfolio 1.8.1 Missing.Authorization.via._update_shortcode MEDIUM" "geolocator No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "google-plus-share-and-plusone-button No.known.fix Cross-Site.Request.Forgery MEDIUM" "gs-logo-slider 3.7.4 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "gs-logo-slider 3.7.1 Settings.Update.via.Cross-Site.Request.Forgery MEDIUM" "gs-logo-slider 3.6.9 Admin+.Stored.XSS LOW" "gs-logo-slider 3.5.2 Cross-Site.Request.Forgery MEDIUM" "gs-logo-slider 3.3.8 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "getyourguide-ticketing 1.0.4 Admin+.Stored.XSS LOW" "google-analytics-top-posts-widget 1.5.7 Reflected.XSS MEDIUM" "galleria No.known.fix Cross-Site.Request.Forgery MEDIUM" "gs-portfolio 1.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gs-portfolio 1.6.1 Contributor+.Stored.XSS MEDIUM" "google-distance-calculator 3.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "goon-plugin-control 1.2.9.2 Reflected.Cross-Site.Scripting MEDIUM" "goon-plugin-control 1.2.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "googlemapper-2 No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "guild-armory-roster No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gf-zoho 1.1.6 Reflected.Cross-Site.Scripting HIGH" "gdpr-framework 2.2.0 Admin+.Stored.XSS LOW" "gpt3-ai-content-generator 1.8.97 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "gpt3-ai-content-generator 1.8.97 Authenticated.(Admin+).PHP.Object.Injection.via.wpaicg_export_ai_forms HIGH" "gpt3-ai-content-generator 1.8.97 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "gpt3-ai-content-generator 1.8.97 Authenticated.(Admin+).PHP.Object.Injection.via.wpaicg_export_prompts HIGH" "gpt3-ai-content-generator 1.8.90 Unauthenticated.Arbitrary.File.Upload CRITICAL" "gpt3-ai-content-generator 1.8.67 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gpt3-ai-content-generator 1.8.3 Missing.Authorization.to.Sensitive.Data.Exposure MEDIUM" "gpt3-ai-content-generator 1.8.13 Cross-Site.Request.Forgery MEDIUM" "gpt3-ai-content-generator 1.7.38 Reflected.Cross-Site.Scripting MEDIUM" "gpt3-ai-content-generator 1.4.38 Subscriber+.Arbitrary.Post.Content.Update MEDIUM" "google-analytics-dashboard-for-wp 8.2.0 Missing.Authorization MEDIUM" "google-analytics-dashboard-for-wp 7.14.2 Contributor+.Stored.XSS MEDIUM" "google-analytics-dashboard-for-wp 7.12.1 Contributor+.Stored.XSS MEDIUM" "gallery-image-gallery-photo 1.1.6 Grid.Gallery.<.1.1.6.-.Admin+.Stored.Cross-Site.Scripting LOW" "garden-gnome-package 2.4.0 Authenticated.(Author+).Arbitrary.File.Upload HIGH" "garden-gnome-package 2.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "garden-gnome-package 2.2.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "gallery-and-lightbox No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "generate-child-theme 2.0.1 Cross-Site.Request.Forgery.via.process_create_form() MEDIUM" "generate-child-theme 1.6 Unauthorised.Plugin's.Setting.Change MEDIUM" "greencon No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gdy-modular-content 0.9.93 Reflected.Cross-Site.Scripting MEDIUM" "gallery-voting 1.3 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "getresponse-integration No.known.fix Contributor+.Stored.XSS MEDIUM" "getresponse-integration 5.5.32 Contributor+.Stored.XSS MEDIUM" "getresponse-integration 5.5.21 API.Key.Update.via.CSRF MEDIUM" "globalquran No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "gallerio No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gallerio No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "goauth No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "goauth 2.20 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gdpr-cookie-consent 3.6.6 Missing.Authorization.to.Authenticated.(Subscriber+).Whitelist.Script MEDIUM" "gdpr-cookie-consent 3.3.0 Unauthenticated.Stored.Cross-Site.Scripting.via.Client-IP.header HIGH" "gdpr-cookie-consent 3.1.0 Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "gecka-terms-thumbnails No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "g-meta-keywords No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gsheetconnector-caldera-forms 1.3 Access.Code.Update.via.CSRF MEDIUM" "gc-testimonials No.known.fix Contributor+.Stored.XSS MEDIUM" "gn-publisher 1.5.6 Reflected.XSS HIGH" "gregs-high-performance-seo 1.6.2 Reflected.XSS MEDIUM" "gs-woo-brands 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "google-places-reviews 2.0.0 Admin+.Stored.Cross.Site.Scripting LOW" "gou-wc-account-tabs 1.0.1.9 Missing.Authorization MEDIUM" "gallery-for-ultimate-member No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "gallery-for-ultimate-member 1.1.3 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "gallery-for-ultimate-member 1.1.1 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "gallery-for-ultimate-member 1.1.2 Reflected.Cross-Site.Scripting MEDIUM" "google-news No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "gwebpro-store-locator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gwebpro-store-locator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gianism 5.2.1 Admin+.Stored.XSS LOW" "google-sitemap-plugin 3.0.8 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "graphina-elementor-charts-and-graphs 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "graphina-elementor-charts-and-graphs 1.8.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "googledrive-folder-list No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "gotcha-gesture-based-captcha No.known.fix Reflected.Cross-Site.Scripting.via.menu.Parameter MEDIUM" "gf-zendesk 1.0.8 Reflected.Cross-Site.Scripting HIGH" "globe-gateway-e4 No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "gwa-autoresponder No.known.fix Unauthenticated.SQL.Injection HIGH" "gamipress-reset-user 1.0.1 Reset.User.<=.1.0.0.-.GamiPress.User.Data.Removal.via.CSRF MEDIUM" "gutenberg 18.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Template.Part.Block MEDIUM" "gutenberg 18.01 18.0.0.-.Unauthenticated.&.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Avatar.Block MEDIUM" "gutenberg 16.8.1 Contributor+.Stored.XSS MEDIUM" "gutenberg 16.8.1 Contributor+.Stored.XSS.via.Navigation.Links.Block MEDIUM" "gutenberg 14.3.1 Multiple.Stored.XSS LOW" "gutenberg 12.7.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "gutenberg 12.7.2 Prototype.Pollution.via.Gutenberg’s.wordpress/url.package MEDIUM" "greenshiftwoo 1.9.8 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "groundhogg 4.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.label.Parameter MEDIUM" "groundhogg 3.7.3.6 Authenticated.(Author+).Arbitrary.File.Upload.via.gh_big_file_upload.Function HIGH" "groundhogg 3.7.3.4 Reflected.Cross-Site.Scripting MEDIUM" "groundhogg 3.4.3 Reflected.Cross-Site.Scripting MEDIUM" "groundhogg 3.4.3 Cross-Site.Request.Forgery MEDIUM" "groundhogg 2.7.11.11 Admin+.Stored.XSS LOW" "groundhogg 2.7.11.1 Admin+.SQLi MEDIUM" "groundhogg 2.7.11.1 CSRF MEDIUM" "groundhogg 2.7.10 Contributor+.Stored.XSS MEDIUM" "groundhogg 2.7.10 Privilege.Escalation.via.CSRF HIGH" "groundhogg 2.7.10 Disable.All.Plugins.via.CSRF MEDIUM" "groundhogg 2.7.10 Ticket.Creation.via.CSRF MEDIUM" "groundhogg 2.7.10 Lack.of.Authorization.for.Non-Arbitrary.File.upload MEDIUM" "groundhogg 2.7.9.4 Admin+.SQLi MEDIUM" "groundhogg 2.0.9.11 Authenticated.Reflected.XSS HIGH" "gravityforms 2.9.2 Unauthenticated.Stored.Cross-Site.Scripting.via.'alt'.parameter HIGH" "gravityforms 2.9.2 2.9.1.3.-.Unauthenticated.Stored.Cross-Site.Scripting.via.'style_settings'.parameter MEDIUM" "gravityforms 2.7.5 Reflected.XSS HIGH" "gravityforms 2.7.4 Unauthenticated.PHP.Object.Injection HIGH" "gravityforms 2.4.9 Hashed.Password.Leakage LOW" "gallery-slideshow No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "google-news-sitemap No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "geocache-stat-bar-widget No.known.fix Admin+.Stored.XSS LOW" "giveaways-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "giveaways-for-woocommerce No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "gf-multi-uploader 1.1.5 Unauthenticated.Arbitrary.File.Upload CRITICAL" "google-apps-login 3.4.5 Admin+.Stored.XSS LOW" "geodigs No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gd-mail-queue 4.4 CVE-2025-24608 MEDIUM" "gd-mail-queue 4.0 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "geo-targetly-geo-content No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "google-news-editors-picks-news-feeds No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "generate-post-thumbnails No.known.fix Cross-Site.Request.Forgery MEDIUM" "gatormail-smart-forms 1.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "google-document-embedder No.known.fix Authenticated.(Contributor+).Blind.Server.Side.Request.Forgery MEDIUM" "google-document-embedder 2.6.2 CSRF.&.XSS MEDIUM" "google-document-embedder 2.6.1 XSS MEDIUM" "gp-unique-id 1.5.6 Unauthenticated.Form.Submission.Unique.ID.Modification LOW" "global-notification-bar No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "gift-cards-for-woocommerce-pro 2.9.2 Missing.Authorization.to.Infinite.Money.Glitch HIGH" "gravity-forms-multiple-form-instances 1.1.2 Unauthenticated.Full.Path.Disclosure MEDIUM" "google-calendar-events 3.4.3 Reflected.Cross-Site.Scripting MEDIUM" "google-calendar-events 3.2.8 Contributor+.Stored.XSS.via.shortcode MEDIUM" "google-calendar-events 3.2.5 Cross-Site.Request.Forgery.via.duplicate_feed MEDIUM" "google-calendar-events 3.2.6 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "gravityformswebhooks 1.7.0 Authenticated.(Admin+).Server-Side.Request.Forgery.via.Webhook MEDIUM" "global-meta-keyword-and-description No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "gift-certificate-creator No.known.fix Reflected.Cross-Site.Scripting.via.receip_address.Parameter MEDIUM" "gift-certificate-creator 1.1 Stored.XSS MEDIUM" "google-docs-rsvp-guestlist No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "gfirem-advance-search No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gfirem-advance-search No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gfirem-advance-search No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "gallery-photo-gallery 5.7.1 Administrator+.HTML.Injection MEDIUM" "gallery-photo-gallery 5.5.3 Reflected.Cross-Site.Scripting MEDIUM" "gallery-photo-gallery 5.2.7 CSRF MEDIUM" "gallery-photo-gallery 5.1.4 Reflected.XSS HIGH" "gallery-photo-gallery 5.1.7 Reflected.XSS MEDIUM" "gallery-photo-gallery 4.4.4 Responsive.Image.Gallery.<.4.4.4.-.Authenticated.Blind.SQL.Injections HIGH" "gallery-photo-gallery 4.4.4 Reflected.Cross-Site.Scripting.(XSS) HIGH" "gallery-photo-gallery 1.0.1 SQL.Injection CRITICAL" "google-maps-gpx-viewer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "grandconference No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "genki-announcement No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "gradient-text-widget-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "genesis-columns-advanced 2.0.4 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "gseor No.known.fix Authenticated.SQL.Injection MEDIUM" "geo-mashup 1.13.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.geo_mashup_visible_posts_list.Shortcode MEDIUM" "geo-mashup 1.13.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "geo-mashup 1.13.12 Reflected.Cross-Site.Scripting MEDIUM" "geo-mashup 1.13.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "geo-mashup 1.10.4 Unspecified.Cross-Site.Scripting.(XSS) CRITICAL" "gigpress No.known.fix Admin+.Stored.Cross.Site.Scripting LOW" "gigpress No.known.fix Subscriber+.SQLi HIGH" "gigpress 2.3.28 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "gigpress 2.3.11 Authenticated.XSS.&.Blind.SQLi HIGH" "gt3-photo-video-gallery 2.7.7.25 GT3.Image.Gallery.&.Gutenberg.Block.Gallery.<.2.7.7.25.-.Reflected.Cross-Site.Scripting MEDIUM" "gt3-photo-video-gallery 2.7.7.22 GT3.Image.Gallery.&.Gutenberg.Block.Gallery.<.2.7.7.22.-.Authenticated.(Author+).Cross-Site.Scripting MEDIUM" "gdpr-compliance-cookie-consent 1.3 CSRF MEDIUM" "google-site-kit 1.8.0 Privilege.Escalation.to.gain.Search.Console.Access CRITICAL" "google-drive-wp-media No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "get-site-to-phone-by-qr-code No.known.fix Stored.XSS.via.CSRF MEDIUM" "gm-woocommerce-quote-popup 3.2 Reflected.XSS HIGH" "gm-woocommerce-quote-popup 3.1 Arbitrary.Enquiry.Deletion.via.CSRF MEDIUM" "gm-woocommerce-quote-popup 3.1 Admin+.Stored.XSS LOW" "gm-woocommerce-quote-popup 3.1 Cross-Site.Request.Forgery MEDIUM" "gm-woocommerce-quote-popup 3.2 Reflected.XSS HIGH" "gm-woocommerce-quote-popup 3.1 Unauthenticated.Stored.XSS HIGH" "goodlayers-blocks 1.0.3 Reflected.Cross-Site.Scripting MEDIUM" "group-category-creator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "geoportail-shortcode No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "geoportail-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gpx-viewer 2.2.12 Editor+.Path.Traversal LOW" "gpx-viewer 2.2.10 Subscriber+.Arbitrary.File.Creation HIGH" "gdpr-personal-data-reports No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gum-elementor-addon 1.3.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gum-elementor-addon 1.3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gum-elementor-addon 1.3.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gum-elementor-addon 1.3.6 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "gum-elementor-addon 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Price.Table.and.Post.Slider.Widgets MEDIUM" "gum-elementor-addon 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.Meta.Widget MEDIUM" "gf2pdf No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "google-maps-widget 4.25 Admin+.Stored.XSS LOW" "glossary-by-codeat 2.2.27 Unauthenticated.Full.Path.Disclosure MEDIUM" "glossary-by-codeat 2.2.3 Reflected.Cross-Site.Scripting MEDIUM" "glossary-by-codeat 2.1.28 Contributor+.Stored.XSS MEDIUM" "glossary-by-codeat 2.1.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "googl-url-shorter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "genoo 6.0.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "godaddy-email-marketing-sign-up-forms 1.1.4 Cross-Site.Request.Forgery.(CSRF) HIGH" "ga-for-wp 2.2.0 Reflected.Cross-Site.Scripting MEDIUM" "ga-for-wp 1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gd-mylist No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "gallery-bank 4.0.19 Reflected.Cross-Site.Scripting MEDIUM" "gallery-bank No.known.fix Author+.Stored.XSS.via.Media.Upload.Module MEDIUM" "gallery-bank No.known.fix Author+.Stored.XSS.via.Gallery.Description MEDIUM" "gallery-bank 3.0.330 Authenticated.Blind.SQL.Injection MEDIUM" "google-earth-tours No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gtm-server-side 2.1.20 Reflected.Cross-Site.Scripting MEDIUM" "google-website-translator 1.4.14 Admin+.Stored.XSS LOW" "google-website-translator 1.4.14 Admin+.Stored.XSS LOW" "google-website-translator 1.4.12 Google.Website.Translator.<.1.4.12.-.Authenticated.(Admin+).PHP.Object.Injection CRITICAL" "google-one 1.3.4 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "gs-books-showcase 1.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gs-books-showcase 1.3.1 Contributor+.Stored.XSS MEDIUM" "go-social No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "giveaway No.known.fix Authenticated.SQL.Injection HIGH" "glorious-sites-installer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "glorious-sites-installer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gallery-with-thumbnail-slider 6.1 Contributor+.Stored.XSS MEDIUM" "google-typography No.known.fix Missing.Authorization MEDIUM" "grey-owl-lightbox No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gAppointments No.known.fix Admin+.Stored.XSS LOW" "gAppointments 1.10.0 Reflected.Cross-Site.Scripting HIGH" "greek-multi-tool 2.3.2 Missing.Authorization MEDIUM" "greek-multi-tool 2.3.2 Unauthenticated.Stored.XSS HIGH" "gf-insightly 1.0.7 Reflected.Cross-Site.Scripting HIGH" "gs-projects 1.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gdpr-compliance No.known.fix Authenticated.(Subscriber+).Information.Exposure MEDIUM" "gumlet-video 1.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gym-management 67.2.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "gym-management 67.2.0 Missing.Authorization.to.Authenticated.(Subscriber+).Privilege.Escalation HIGH" "gtranslate 3.0.4 Admin+.Stored.XSS LOW" "gtranslate 2.9.9 CSRF.to.Account.Takeover HIGH" "gtranslate 2.9.7 Reflected.Cross-Site.Scripting LOW" "gtranslate 2.8.65 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "gtranslate 2.8.52 Unauthenticated.Reflected.Cross.Site.Scripting.(XSS) MEDIUM" "ganohrs-toggle-shortcode 0.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "google-pagespeed-insights 4.0.7 Multiple.CSRF MEDIUM" "google-pagespeed-insights 4.0.4 Reflected.Cross-Site.Scripting MEDIUM" "gravity-forms-pdf-extended 6.3.1 Reflected.Cross-Site.Scripting MEDIUM" "git-sync No.known.fix Cross-Site.Request.Forgery.to.Remote.Code.Execution HIGH" "gsearch-plus No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "google-visualization-charts No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gallery-videos 2.4.3 Authenticated.(Administrator+).SQL.Injection HIGH" "gallery-videos 2.4.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "gallery-videos 2.2.6 Admin+.SQLi MEDIUM" "gallery-videos 1.7.7 Admin+.Stored.XSS LOW" "go-to-top No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "gamipress-button 1.0.8 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "gf-block-ips 1.0.2 Cross-Site.Request.Forgery MEDIUM" "gsheetconnector-for-elementor-forms 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "gsheetconnector-for-elementor-forms 1.0.7 Reflected.XSS HIGH" "geoflickr 1.4 Reflected.Cross-Site.Scripting MEDIUM" "gallery-images 2.0.6 Stored.Cross-Site.Scripting.(XSS) CRITICAL" "get-a-quote-for-woocommerce No.known.fix Unauthenticated.Quote.PDF.and.CSV.Download MEDIUM" "gutenify No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gutenify 1.4.1 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "g-business-reviews-rating 5.3 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "global-gallery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "global-gallery 9.1.6 WordPress.Responsive.Gallery.<.9.1.6.-.Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "graphcomment-comment-system 2.3.5 Reflected.Cross-Site.Scripting MEDIUM" "glofox-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gratisfaction-all-in-one-loyalty-contests-referral-program-for-woocommerce 4.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "giphypress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gallery-styles 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "google-map-shortcode No.known.fix Settings.Update.via.CSRF MEDIUM" "google-map-shortcode No.known.fix Reflected.XSS HIGH" "google-map-shortcode No.known.fix Contributor+.Stored.XSS HIGH" "goodbarber 1.0.27 Open.Redirect MEDIUM" "goodbarber 1.0.24 Settings.Update.via.CSRF MEDIUM" "gsheetconnector-forminator 1.0.13 Reflected.XSS HIGH" "get-bookings-wp No.known.fix Missing.Authorization MEDIUM" "get-bookings-wp No.known.fix Appointments.&.Bookings.Plugin.Basic.Version.<=.1.1.27.-.Authenticated.(Subscriber+).Privilege.Escalation.via.Account.Takeover HIGH" "genealogical-tree 2.2.1 Reflected.Cross-Site.Scripting MEDIUM" "genealogical-tree 2.1.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gs-coach 1.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gs-facebook-comments 1.7.4 Missing.Authorization.via.wpfc_allow_comments() MEDIUM" "gsheetconnector-ninja-forms 1.2.8 Reflected.Cross-Site.Scripting MEDIUM" "gsheetconnector-ninja-forms 1.2.7 Reflected.XSS HIGH" "gsheetconnector-ninja-forms 1.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gmb-manager No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gp-premium 2.4.1 Reflected.Cross-Site.Scripting MEDIUM" "gutenverse 3.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.countdown.Block MEDIUM" "gutenverse 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gutenverse 1.9.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gutenverse 1.9.1 Contributor+.Stored.XSS MEDIUM" "good-reviews-wp 2.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Review.URL MEDIUM" "give 3.22.2 Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "give 3.22.1 Missing.Authorization.to.Unauthenticated.Arbitrary.Earning.Reports.Disclosure.via.give_reports_earnings.Function MEDIUM" "give 3.20.0 Unauthenticated.PHP.Object.Injection CRITICAL" "give 3.19.3 Unauthenticated.PHP.Object.Injection HIGH" "give 3.19.4 Unauthenticated.PHP.Object.Injection HIGH" "give 3.19.0 Reflected.XSS HIGH" "give 3.16.4 Unauthenticated.PHP.Object.Injection.to.Remote.Code.Execution CRITICAL" "give 3.16.2 Unauthenticated.PHP.Object.Injection CRITICAL" "give 3.16.2 Authenticated.(GiveWP.Manager+).SQL.Injection.via.order.Parameter MEDIUM" "give 3.16.0 Cross-Site.Request.Forgery MEDIUM" "give 3.16.0 Unauthenticated.Full.Path.Disclosure MEDIUM" "give 3.14.0 Missing.Authorization.to.Limited.Information.Exposure MEDIUM" "give 3.14.2 Unauthenticated.PHP.Object.Injection.to.RCE CRITICAL" "give 3.14.2 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.File.Deletion MEDIUM" "give 3.14.0 Missing.Authorization.to.Unauthenticated.Event.Settings.Update MEDIUM" "give 3.14.0 Insecure.Direct.Object.Reference.to.Authenticated.(GiveWP.Worker+).Arbitrary.Post.Actions MEDIUM" "give 3.12.1 Reflected.Cross-Site.Scripting MEDIUM" "give 3.11.0 Contributor+.Stored.XSS MEDIUM" "give 3.5.0 Authenticated.(GiveWP.Manager+).PHP.Object.Injection HIGH" "give 3.7.0 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "give 3.6.0 Contributor+.Stored.XSS MEDIUM" "give 3.4.0 Reflected.Cross-Site.Scripting HIGH" "give 3.3.0 Contributor+.Stored.XSS MEDIUM" "give 2.33.4 Cross-Site.Request.Forgery.to.plugin.deactivation MEDIUM" "give 2.33.4 Cross-Site.Request.Forgery.to.Stripe.Integration.Deletion MEDIUM" "give 2.33.4 Cross-Site.Request.Forgery.to.plugin.installation MEDIUM" "give 2.33.2 Missing.Authorization.via.handleBeforeGateway MEDIUM" "give 2.33.1 Donation.Plugin.<.2.33.1.-.Authenticated(Give.Manager+).Privilege.Escalation HIGH" "give 2.25.3 Cross-Site.Request.Forgery MEDIUM" "give 2.25.2 Cross-Site.Request.Forgery MEDIUM" "give 2.25.2 Author+.Stored.Cross-Site.Scripting MEDIUM" "give 2.25.2 Contributor+.Arbitrary.Content.Deletion MEDIUM" "give 2.25.2 Admin+.Server-Side.Request.Forgery MEDIUM" "give 2.25.2 Contributor+.Stored.XSS MEDIUM" "give 2.24.1 Unauthenticated.SQLi HIGH" "give 2.24.0 Contributor+.Stored.XSS MEDIUM" "give 2.21.0 Manager+.Arbitrary.File.Access.via.Export MEDIUM" "give 2.21.0 Manager+.Arbitrary.File.Creation.via.Export HIGH" "give 2.21.3 Admin+.Stored.Cross-Site.Scripting LOW" "give 2.21.3 DoS.via.CSRF LOW" "give 2.21.0 Reflected.Cross-Site.Scripting MEDIUM" "give 2.21.0 Donor.Information.Disclosure MEDIUM" "give 2.17.3 Reflected.Cross-Site.Scripting.via.Donation.Forms.Dashboard HIGH" "give 2.17.3 Reflected.Cross-Site.Scripting.via.Import.Tool MEDIUM" "give 2.17.3 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "give 2.12.0 Admin+.Stored.XSS MEDIUM" "give 2.10.4 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "give 2.10.0 Reflected.Cross.Site.Scripting.(XSS) HIGH" "give 2.5.10 Multiple.Issues HIGH" "give 2.5.5 Authentication.Bypass HIGH" "give 2.5.1 SQL.Injection CRITICAL" "give 2.4.7 Stored.XSS MEDIUM" "give 2.3.1 Cross-Site.Scripting.(XSS) MEDIUM" "gsheetconnector-ninja-forms-pro 1.5.2 Reflected.XSS HIGH" "gutensee 1.0.7 Contributor+.Stored.XSS MEDIUM" "gmaps-for-visual-composer-free No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "google-plus-google No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gap-hub-user-role No.known.fix Cross-Site.Request.Forgery MEDIUM" "geotagged-media No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "geotagged-media No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gestion-pymes No.known.fix Admin+.Stored.XSS LOW" "g-auto-hyperlink No.known.fix Admin+.SQL.Injection MEDIUM" "google-captcha 1.79 CAPTCHA.Bypass MEDIUM" "google-captcha 1.28 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "greenshift-animation-and-page-builder-blocks 11.4.6 11.4.5.-.Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "greenshift-animation-and-page-builder-blocks 11.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "greenshift-animation-and-page-builder-blocks 10.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "greenshift-animation-and-page-builder-blocks 9.0.1 Missing.Authorization.to.Authenticated.(Subscriber+).Server-Side.Request.Forgery.and.Stored.Cross-Site.Scripting MEDIUM" "greenshift-animation-and-page-builder-blocks 9.9.9.4 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "greenshift-animation-and-page-builder-blocks 9.8 Missing.Authorization MEDIUM" "greenshift-animation-and-page-builder-blocks 9.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "greenshift-animation-and-page-builder-blocks 8.9.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "greenshift-animation-and-page-builder-blocks 7.6.3 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "greenshift-animation-and-page-builder-blocks 4.3 Reflected.Cross-Site.Scripting MEDIUM" "greenshift-animation-and-page-builder-blocks 5.0.0 Author+.Stored.XSS MEDIUM" "greenshift-animation-and-page-builder-blocks 5.0 Contributor+.Stored.XSS MEDIUM" "greenshift-animation-and-page-builder-blocks 4.8.9 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "greenshift-animation-and-page-builder-blocks 1.1.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "guruwalk-affiliates No.known.fix Admin+.Stored.XSS LOW" "gdpr-compliance-by-supsystic No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "gdpr-tools No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "getsocial No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "grand-media 1.20.0 Admin+.Stored.Cross-Site.Scripting LOW" "grand-media 1.18.5 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "gmap-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gd-bbpress-attachments 4.7.3 Reflected.Cross-Site.Scripting MEDIUM" "gd-bbpress-attachments 4.4 Admin+.Stored.XSS LOW" "gallery-metabox No.known.fix Subscriber+.Unauthorized.Data.Access MEDIUM" "gallery-metabox No.known.fix Gallery.Removal.via.CSRF MEDIUM" "graceful-email-obfuscation No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "google-maps-travel-route No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "google-seo-author-snippets No.known.fix Cross-Site.Request.Forgery MEDIUM" "google-seo-author-snippets No.known.fix Missing.Authorization MEDIUM" "getwid 2.0.12 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "getwid 2.0.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "getwid 2.0.11 Missing.Authentication.to.MailChimp.API.key.update MEDIUM" "getwid 2.0.11 Missing.Authorization.to.Google.API.key.update MEDIUM" "getwid 2.0.8 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.'Countdown' MEDIUM" "getwid 2.0.6 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Block.Content MEDIUM" "getwid 2.0.5 Missing.Authorization.to.Recaptcha.API.Key.Modification MEDIUM" "getwid 2.0.5 Captcha.Bypass MEDIUM" "getwid 2.0.3 Unauthenticated.Arbitrary.Email.Sending.to.Admin MEDIUM" "getwid 1.8.4 Subscriber+.SSRF MEDIUM" "ghost 1.5.0 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "ghost 0.5.6 Unrestricted.Export.Download MEDIUM" "gtg-advanced-blocks No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "gistpress 3.0.2 Authenticated.Stored.XSS MEDIUM" "golf-tracker No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "gs-envato-portfolio 1.4.0 Contributor+.Stored.XSS MEDIUM" "gdpr-cookie-notice No.known.fix Missing.Authorization MEDIUM" "goqmieruca No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gsheetconnector-gravityforms-pro 4.3.6 Access.Code.Update.via.CSRF MEDIUM" "go-viral No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "go-viral 1.8.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "google-maps-anywhere No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "global-payments-woocommerce 1.13.3 Reflected.XSS HIGH" "ghactivity No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "google-analytics-for-wordpress 8.22.0 Missing.Authorization MEDIUM" "google-analytics-for-wordpress 8.14.1 Contributor+.Stored.XSS MEDIUM" "google-analytics-for-wordpress 8.12.1 Contributor+.Stored.XSS MEDIUM" "google-analytics-for-wordpress 8.9.1 Stored.Cross-Site.Scripting.via.Google.Analytics MEDIUM" "give-donation-modules-for-divi 2.0.1 Sensitive.Information.Dislcosure MEDIUM" "goftino 1.7 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "genesis-blocks 3.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Sharing.Block.Attributes MEDIUM" "genesis-blocks 3.1.4 Contributor+.Stored.XSS MEDIUM" "genesis-blocks 3.1.3 Contributor+.Stored.XSS MEDIUM" "genesis-blocks 3.1.3 Contributor+.Stored.XSS MEDIUM" "google-listings-and-ads 2.8.7 Information.Disclosure.via.Publicly.Accessible.PHP.Info.File MEDIUM" "giveaway-boost No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "geodirectory 2.8.98 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.Display_name.Parameter MEDIUM" "geodirectory 2.3.85 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "geodirectory 2.3.81 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "geodirectory 2.3.71 Missing.Authorization.via.geodirectory_rated() MEDIUM" "geodirectory 2.3.62 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "geodirectory 2.3.49 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'gd_single_tabs'.Shortcode MEDIUM" "geodirectory 2.3.29 Authenticated(Administrator+).SQL.Injection MEDIUM" "geodirectory 2.3.29 Authenticated.(Administrator+).SQL.Injection.via.orderby HIGH" "geodirectory 2.2.24 Admin+.SQLi MEDIUM" "geodirectory 2.2.22 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "geodirectory 2.1.1.3 Authenticated.(admin+).Stored.Cross-Site.Scripting.(XSS) MEDIUM" "getastra No.known.fix Missing.Authorization MEDIUM" "glorious-services-support 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "glorious-services-support 2.0.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gf-constant-contact 1.0.6 Reflected.Cross-Site.Scripting HIGH" "gwyns-imagemap-selector No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "geo-request No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "geo-request No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "google-map-on-postpage No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "grid-kit-premium 2.2.0 Multiple.Reflected.Cross-Site.Scripting HIGH" "grid-kit-premium 2.1.2 Reflected.Cross-Site.Scripting HIGH" "grid-kit-premium 2.1.2 Reflected.Cross-Site.Scripting HIGH" "geodatasource-country-region-dropdown 1.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gnucommerce No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "gnucommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gnucommerce 1.4.2 XSS MEDIUM" "gnucommerce 0.5.7-beta XSS MEDIUM" "generic-elements-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "google-1 No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "googleanalytics No.known.fix Cross-Site.Request.Forgery MEDIUM" "googleanalytics 3.2.2 Missing.Authorization.to.Unauthenticated.Feature.Deactivation MEDIUM" "googleanalytics 2.5.2 Reflected.Cross-Site.Scripting.(XSS) HIGH" "gold-price-chart-widget No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.plugin.settings MEDIUM" "get-directions 2.16.2 Reflected.Cross-Site.Scripting MEDIUM" "get-directions 2.15.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gallery-album No.known.fix Authenticated.(Contributor+).SQL.Injection CRITICAL" "gallery-album No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gallery-album No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gallery-album No.known.fix Unauthenticated.Stored.XSS HIGH" "gallery-album No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "gallery-album No.known.fix Missing.Authorization.via.Multiple.AJAX.Actions MEDIUM" "gallery-album 2.0.2 Reflected.XSS HIGH" "gallery-album 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "gallery-album 1.2.1 Admin+.SQLi MEDIUM" "gnupress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "google-image-sitemap No.known.fix Map.generation.through.CSRF MEDIUM" "get-a-quote-button-for-woocommerce 1.5 Unauthenticated.Arbitrary.Shortcode.Execution.via.fire_contact_form HIGH" "gdpr-data-request-form 1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "global-elementor-buttons No.known.fix Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.button.link MEDIUM" "gsheetconnector-wpforms-pro 2.5.7 Reflected.XSS HIGH" "gamepress No.known.fix Reflected.Cross-Site.Scripting HIGH" "gallery-lightbox-slider 1.0.0.41 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "gosign-posts-slider-block No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gosign-posts-slider-block No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "generatepress-premium 2.4.0 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Custom.Meta MEDIUM" "gocodes No.known.fix Authenticated.XSS.&.Blind.SQL.Injection HIGH" "genesis-style-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "google-cse No.known.fix Admin+.Stored.XSS LOW" "google-cse No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "gfirem-fields No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gfirem-fields No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gfirem-fields No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "google-analyticator 6.5.6 Admin+.PHP.Object.Injection LOW" "google-analyticator 6.5.6 Admin+.PHP.Object.Injection MEDIUM" "google-analyticator 6.4.9.6 Multiple.Cross-Site.Scripting.(XSS) HIGH" "google-analyticator 6.4.9.4 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "guestofy-restaurant-reservations No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "guestofy-restaurant-reservations No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gs-instagram-portfolio No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).CSS.Injection MEDIUM" "gs-instagram-portfolio 1.4.5 Contributor+.Stored.XSS MEDIUM" "graphicsly No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "gallery 2.2.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "gwp-histats No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gift-voucher 4.5.0 Missing.Authorization.to.Unauthenticated.Price,.Date,.and.Note.Updates MEDIUM" "gift-voucher 4.4.5 Author+.Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "gift-voucher 4.4.1 Cross-Site.Request.Forgery MEDIUM" "gift-voucher 4.3.3 Subscriber+.SQLi HIGH" "gift-voucher 4.1.8 Unauthenticated.Blind.SQL.Injection HIGH" "goodlms 2.1.5 Unauthenticated.SQL.Injection CRITICAL" "gallery-images-ape No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gallery-images-ape No.known.fix Contributor+.Stored.XSS MEDIUM" "gdpr-cookie-compliance 4.15.7 Admin+.Stored.XSS LOW" "gdpr-cookie-compliance 4.15.9 Admin+.Stored.XSS LOW" "gdpr-cookie-compliance 4.15.7 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "gdpr-cookie-compliance 4.15.7 Admin+.Stored.XSS LOW" "gdpr-cookie-compliance 4.15.7 Admin+.Stored.XSS LOW" "gdpr-cookie-compliance 4.15.9 Admin+.Stored.XSS LOW" "gdpr-cookie-compliance 4.15.7 Admin+.Stored.XSS LOW" "gdpr-cookie-compliance 4.12.5 License.Update/Deactivation.via.CSRF MEDIUM" "guitar-tuner No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gumroad No.known.fix Contributor+.Stored.XSS MEDIUM" "genesis-simple-love No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "gutenkit-blocks-addon 2.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gutenkit-blocks-addon 2.1.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "good-url-preview-box No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "green-wp-telegram-bot-by-teplitsa No.known.fix Telegram.Bot.for.WP.<=.1.3.-.Telegram.Bot.Token.Disclosure HIGH" "gallery-categories 1.0.9 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "grid-view-gallery No.known.fix Authenticated.(Editor+).PHP.Object.Injection HIGH" "grid-plus No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution.via.grid_plus_load_by_category HIGH" "grid-plus 1.3.3 Subscriber+.Grid.Layout.Creation/Deletion/Update MEDIUM" "grid-plus 1.3.4 Subscriber+.Local.File.Inclusion MEDIUM" "grid-plus 1.3.5 Reflected.XSS HIGH" "google-maps-v3-shortcode No.known.fix Contributor+.XSS MEDIUM" "get-cash 3.2 Reflected.Cross-Site.Scripting MEDIUM" "gf-salesforce-crmperks 1.2.6 Reflected.Cross-Site.Scripting HIGH" "gold-addons-for-elementor No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).License.Activation/Deactivation MEDIUM" "gold-addons-for-elementor 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gf-hubspot 1.0.9 Reflected.Cross-Site.Scripting HIGH" "gerryworks-post-by-mail No.known.fix Contributor+.Privilege.Escalation HIGH" "gboy-custom-google-map No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "gourl-bitcoin-payment-gateway-paid-downloads-membership 1.4.14 Shell.Upload HIGH" "gdpr-consent-manager 1.0.1 Author+.Stored.XSS.via.SVG.File.Upload MEDIUM" "global-income-stats-from-freemius No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "global-income-stats-from-freemius No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "global-income-stats-from-freemius No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "gf-salesmate-add-on No.known.fix Missing.Authorization MEDIUM" "gf-salesmate-add-on No.known.fix Unauthenticated.SQL.Injection HIGH" "gutena-kit No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "google-maps-for-wordpress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "g5plus-auteur No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "g5plus-auteur No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "g5plus-auteur No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Updates MEDIUM" "glance-that No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "goodlayers-core 2.1.3 Subscriber+.Stored.XSS.via.SVG.Upload HIGH" "goodlayers-core 2.0.10 Contributor+.Stored.XSS MEDIUM" "goodlayers-core 2.0.8 Reflected.Cross-Site.Scripting.via.'font-family' MEDIUM" "gs-behance-portfolio 3.0.2 Reflected.Cross-Site.Scripting MEDIUM" "glossy No.known.fix Reflected.XSS HIGH" "gf-freshdesk 1.2.9 Reflected.Cross-Site.Scripting HIGH" "gtbabel 6.6.9 Unauthenticated.Admin.Account.Takeover HIGH" "go-sphinx No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "genie-wp-favicon No.known.fix Arbitrary.Favicon.Change.via.CSRF MEDIUM" "gyta-buyback 1.2.9 Reflected.Cross-Site.Scripting MEDIUM" "gyta-buyback 1.1.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "google-sitemap-generator 4.1.3 Admin+.Stored.Cross-Site.Scripting LOW" "google-sitemap-generator 4.1.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "gravity-file-ajax-upload-free No.known.fix Arbitrary.File.Upload CRITICAL" "get-custom-field-values 4.1 Admin+.Stored.XSS LOW" "get-custom-field-values 4.0.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "get-custom-field-values 4.0 Contributors+.Arbitrary.Post.Metadata.Access MEDIUM" "giveasap 2.48.2 Authenticated.(Contributor+).SQL.Injection MEDIUM" "giveasap 2.46.1 CSRF MEDIUM" "giveasap 2.46.1 Reflected.Cross-Site.Scripting LOW" "giveasap 2.45.1 Admin+.Stored.Cross-Site.Scripting LOW" "giveasap 2.45.1 Admin+.Stored.XSS LOW" "giveasap 2.45.1 Editor+.Stored.Cross-Site.Scripting MEDIUM" "giveasap 2.42.1 Unauthorised.AJAX.Calls.via.Freemius HIGH" "giveasap 2.36.2 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) CRITICAL" "guest-author-name 4.35 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "google-map-locations No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gtpayment-donation No.known.fix Stored.XSS.via.CSRF HIGH" "gmap-embed 1.9.4 Admin+.Stored.XSS LOW" "gmap-embed 1.9.4 Admin+.Stored.XSS LOW" "gmap-embed 1.8.4 Arbitrary.Post.Deletion.and.Plugin's.Settings.Update.via.CSRF MEDIUM" "gmap-embed 1.8.1 Subscriber+.Map.Creation/Update/Deletion MEDIUM" "gmap-embed 1.8.1 Subscriber+.Arbitrary.Post.Deletion.and.Plugin's.Settings.Update MEDIUM" "gmap-embed 1.7.7 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "gallery-by-supsystic 1.15.17 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "gallery-by-supsystic 1.15.6 Arbitrary.Settings.Update.via.CSRF MEDIUM" "gallery-by-supsystic 1.8.6 Arbitrary.Image.Adding.via.CSRF MEDIUM" "gallery-by-supsystic 1.8.6 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "guardgiant No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "guardgiant 2.2.6 Admin+.SQLi MEDIUM" "grid-accordion-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gamipress 7.2.2 Unauthenticated.Arbitrary.Shortcode.Execution.via.gamipress_do_shortcode().Function HIGH" "gamipress 7.2.2 Unauthenticated.Arbitrary.Shortcode.Execution.via.gamipress_ajax_get_logs.Function HIGH" "gamipress 7.3.2 Unauthenticated.SQL.Injection.via.orderby.Parameter HIGH" "gamipress 7.1.6 Unauthenticated.Arbitrary.Shortcode.Execution.via.gamipress_get_user_earnings HIGH" "gamipress 6.8.9 Broken.Access.Control LOW" "gamipress 6.8.6 Cross-Site.Request.Forgery MEDIUM" "gamipress 6.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "gamipress 6.8.7 Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "gamipress 2.5.7.1 Unauthenticated.SQLi HIGH" "gtmetrix-for-wordpress 0.4.8 Arbitrary.Post.Deletion.via.CSRF MEDIUM" "gtmetrix-for-wordpress 0.4.6 Reflected.Cross-Site.Scripting HIGH" "gtmetrix-for-wordpress 0.4.6 Reflected.XSS HIGH" "goldstar No.known.fix Missing.Authorization MEDIUM" "gantry No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gamipress-vimeo-integration 1.0.9 Contributor+.Stored.XSS MEDIUM" "gp-notification-bar No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "gf-excel-import 1.18.1 Reflected.Cross-Site.Scripting HIGH" "google-map-professional No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "google-map-professional No.known.fix Reflected.XSS HIGH" "gravity-forms-sticky-list No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gravity-forms-sticky-list No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gravity-forms-sticky-list No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "gallery-plugin 4.7.4 Authenticated.(Administrator+).PHP.Object.Injection HIGH" "gallery-plugin 4.7.0 Author+.SQL.Injection MEDIUM" "gallery-plugin 4.7.0 Author+.Stored.Cross-Site.Scripting MEDIUM" "gallery-plugin 4.5.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "gb-gallery-slideshow No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gb-gallery-slideshow No.known.fix Missing.Authorization MEDIUM" "gna-search-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gravity-forms-sms-notifications 2.4.0 Cross-Site.Scripting.(XSS) MEDIUM" "google-maps-easy No.known.fix Author+.XML.Entity.Injection MEDIUM" "google-maps-easy 1.11.16 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "google-maps-easy 1.11.12 Cross-Site.Request.Forgery MEDIUM" "google-maps-easy 1.11.8 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "google-maps-easy 1.10.1 Admin+.Stored.Cross-Site.Scripting LOW" "google-maps-easy 1.9.32 Reflected.Cross-Site.Scripting MEDIUM" "gravity-forms-toolbar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "go-dash No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gs-dribbble-portfolio 1.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gmapsmania No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "gamipress-link 1.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "google-language-translator 6.0.12 Google.Language.Translator.<.6.0.12.-.Admin+.Stored.Cross-Site.Scripting LOW" "google-language-translator 6.0.10 Authenticated.(author+).Cross-Site.Scripting.(XSS) MEDIUM" "google-language-translator 6.0.10 Authenticated.Cross-Site.Scripting.(XSS) LOW" "google-language-translator 5.0.06 XSS MEDIUM" "gnu-mailman-integration No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gm-woo-product-list-widget No.known.fix Reflected.XSS HIGH" "guest-author 2.4 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "guest-author 2.4 Contributor+.Stored.XSS MEDIUM" "gestpay-for-woocommerce 20240307 Cross-Site.Request.Forgery.(CSRF).via.ajax_unset_default_card MEDIUM" "gestpay-for-woocommerce 20240307 Cross-Site.Request.Forgery.(CSRF).via.ajax_delete_card MEDIUM" "gestpay-for-woocommerce 20240307 Cross-Site.Request.Forgery.(CSRF).via.ajax_set_default_card MEDIUM" "gsheetconnector-gravity-forms 1.3.5 Access.Code.Update.via.CSRF MEDIUM" "gsheetconnector-easy-digital-downloads 1.6.6 Reflected.Cross-Site.Scripting MEDIUM" "gsheetconnector-easy-digital-downloads 1.6.6 Access.Code.Update.via.CSRF MEDIUM" "gsheetconnector-easy-digital-downloads 1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "graph-lite No.known.fix Missing.Authorization MEDIUM" "gs-woo-variation-swatches 1.6.0 Reflected.Cross-Site.Scripting MEDIUM" "gallery-from-files No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "gallery-from-files No.known.fix Unauthenticated.RCE CRITICAL" "google-analytics-opt-out 2.3.5 Admin+.Stored.XSS LOW" "google-font-fix No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "greek-namedays-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gaxx-keywords No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting HIGH" "goolytics-simple-google-analytics 1.1.2 Simple.Google.Analytics.<.1.1.2.-.Admin+.Stored.Cross-Site.Scripting LOW" "gutentor 3.4.7 Admin+.SQL.Injection MEDIUM" "gutentor 3.4.4 Contributor+.Stored.XSS MEDIUM" "gutentor 3.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Widget MEDIUM" "gutentor 3.3.6 Gutenberg.Blocks.-.Page.Builder.for.Gutenberg.Editor.<.3.3.6.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gutentor 3.3.6 Contributor+.Stored.XSS MEDIUM" "gutentor 1.0.3 Reflected.Cross-Site.Scripting MEDIUM" "google-picasa-albums-viewer 4.0.3 Reflected.Cross-Site.Scripting MEDIUM" "good-old-gallery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gwolle-gb 4.7.2 Reflected.Cross-Site.Scripting MEDIUM" "gwolle-gb 4.2.0 Reflected.Cross-Site.Scripting MEDIUM" "gwolle-gb 2.5.4 Cross-Site.Scripting.(XSS) MEDIUM" "gwolle-gb 2.1.1 Cross-Site.Request.Forgery.(CSRF) CRITICAL" "google-transliteration No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "goanimate No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "gd-security-headers 1.7.1 Admin+.SQLi MEDIUM" "gd-security-headers 1.7 Reflected.XSS HIGH" "gf-custom-style No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "google-org-chart No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gallery-factory-lite No.known.fix Contributor+.Stored.XSS MEDIUM" "generate-pdf-using-contact-form-7 4.1.3 Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "generate-pdf-using-contact-form-7 4.1.3 Cross-Site.Request.Forgery.to.Arbitrary.File.Deletion HIGH" "generate-pdf-using-contact-form-7 3.6 Admin+.Stored.Cross-Site.Scripting LOW" "get-post-custom-taxonomy-term-shortcode No.known.fix CSRF.Bypass NONE" "gutenium No.known.fix Contributor+.Stored.XSS MEDIUM" "gotowp No.known.fix Contributor+.Stored.XSS MEDIUM" "gift-up 2.22 Settings.Update.via.CSRF MEDIUM" "gift-up 2.20.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "gf-dynamics-crm 1.0.8 Reflected.Cross-Site.Scripting HIGH" "google-shortlink 1.5.3 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "gmo-social-connection No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "gmw-premium-settings 3.1 Admin+.Arbitrary.File.Upload MEDIUM" "goods-catalog No.known.fix Contributor+.Stored.XSS MEDIUM" "gixaw-chat No.known.fix Stored.XSS.via.CSRF HIGH" "gfirem-action-after No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gfirem-action-after No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "gd-rating-system 3.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.extra_class.Parameter MEDIUM" "gd-rating-system 3.6.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "gd-rating-system 3.5.1 Unauthenticated.Stored.Cross-Site.Scripting.via.IP MEDIUM" "gd-rating-system 2.3.1 Multiple.Vulnerabilities HIGH" "gd-rating-system 2.1 XSS MEDIUM" "gulri-slider 3.5.9 Reflected.Cross-Site.Scripting MEDIUM" "gf-infusionsoft 1.1.5 Reflected.Cross-Site.Scripting HIGH" "gtm-kit 2.4.1 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "grid-shortcodes 1.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "grid-shortcodes 1.1.1 Contributor+.Stored.XSS MEDIUM" "goqsmile No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "greenwallet-gateway 1.0.2 Reflected.Cross.Site.Scripting.in.checkout.page MEDIUM" "go-fetch-jobs-jobengine No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "go-fetch-jobs-jobengine No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "global-multisite-search No.known.fix CSRF.Bypass MEDIUM" "gs-team-members 2.2.4 Contributor+.Stored.XSS MEDIUM" "gs-team-members 2.2.2 Reflected.Cross-Site.Scripting MEDIUM" "gs-team-members 1.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "google-maps-advanced No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "gsheetconnector-wpforms 3.4.6 Reflected.XSS HIGH" "greenshiftquery 3.9.2 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "gotmls 4.23.56 Unauthenticated.Remote.Code.Execution CRITICAL" "gotmls 4.21.83 Reflected.Cross-Site.Scripting MEDIUM" "gotmls 4.20.96 Reflected.Cross-Site.Scripting LOW" "gotmls 4.20.94 Admin+.Reflected.Cross-Site.Scripting LOW" "guest-author-affiliate 1.1.6 Reflected.Cross-Site.Scripting MEDIUM" "guest-author-affiliate 1.1.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gravatarlocalcache No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "goal-tracker-ga 1.0.11 Reflected.Cross-Site.Scripting MEDIUM" "gettext-override-translations 2.0.0 Admin+.Stored.Cross-Site.Scripting LOW" "gloria-assistant-by-webtronic-labs No.known.fix Cross-Site.Request.Forgery MEDIUM" "green-money-payment-gateway 3.0.10 3.0.9.-.Unauthenticated.Information.Exposure MEDIUM" "generate-dummy-posts No.known.fix Missing.Authorization MEDIUM" "gs-woocommerce-products-slider 1.5.9 Contributor+.Stored.XSS MEDIUM" "glass No.known.fix CSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "get-your-number No.known.fix Admin+.Stored.XSS LOW" "gutenslider 5.10.2 Reflected.Cross-Site.Scripting MEDIUM" "gutenslider 5.7.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gutenslider 5.2.0 Contributor+.Stored.XSS MEDIUM" "google-adsense-and-hotel-booking No.known.fix Open.Proxy CRITICAL" "game-server-status No.known.fix Contributor+.SQL.Injection HIGH" "game-server-status No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "game-server-status No.known.fix Admin+.SQL.Injection MEDIUM" "getshop-ecommerce No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "gsheetconnector-for-elementor-forms-pro 1.0.5 Reflected.XSS HIGH" "gt-tabs No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "googmonify No.known.fix CSRF.&.XSS MEDIUM" "glomex-oembed 0.9.2 Contributor+.Stored.XSS MEDIUM" "get-post-content-shortcode No.known.fix Insecure.Direct.Object.Reference.to.Authenticated.(Contributor+).Sensitive.Information.Disclosure.via.post_content.Shortcode MEDIUM" "giveaways-contests-by-promosimple No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "geo-my-wp 4.5.1 Missing.Authorization.via.get_field_options_ajax MEDIUM" "geo-my-wp 4.5 Admin+.Arbitrary.File.Upload MEDIUM" "geo-my-wp 4.5.0.4 Reflected.Cross-Site.Scripting MEDIUM" "geo-my-wp 4.5.0.2 Unauthenticated.LFI.to.RCE/PHAR.Deserialization CRITICAL" "geo-my-wp 4.2 Cross-Site.Request.Forgery MEDIUM" "geo-my-wp 4.0.3 Authenticated(Administrator+).SQL.Injection MEDIUM" "geo-my-wp 4.0.1 Contributor+.Stored.XSS MEDIUM" "gift-message-for-woocommerce 1.7.9 Cross-Site.Request.Forgery MEDIUM" "gift-message-for-woocommerce 1.7.5 Reflected.Cross-Site.Scripting MEDIUM" "gift-message-for-woocommerce 1.6.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "guten-free-options No.known.fix Reflected.XSS HIGH" "guten-free-options No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hero-maps-pro No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "html5-mp3-player-with-mp3-folder-feedburner-playlist No.known.fix Authenticated.(Author+).PHP.Object.Injection HIGH" "heateor-social-comments 1.6.2 Contributor+.Stored.XSS MEDIUM" "header-enhancement 1.5 Unauthorised.Plugin's.Setting.Change MEDIUM" "honeypot 2.1.14 Reflected.XSS HIGH" "honeypot 1.5.7 Authenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "hungarian-pickup-points-for-woocommerce 1.9.0.3 Multiple.CSRF MEDIUM" "ht-mega-for-elementor 2.8.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "ht-mega-for-elementor 2.8.3 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.Countdown.Widget MEDIUM" "ht-mega-for-elementor 2.8.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Widget HIGH" "ht-mega-for-elementor 2.7.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.block_css.and.inner_css MEDIUM" "ht-mega-for-elementor 2.6.6 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.template_id MEDIUM" "ht-mega-for-elementor 2.5.8 Authenticated.(Contributor+).JSON.File.Directory.Traversal MEDIUM" "ht-mega-for-elementor 2.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "ht-mega-for-elementor 2.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Video.Player.Widget.Settings MEDIUM" "ht-mega-for-elementor 2.5.3 Contributor+.Stored.XSS MEDIUM" "ht-mega-for-elementor 2.5.3 Subscriber+.Options.Update HIGH" "ht-mega-for-elementor 2.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Tooltip.&.Popover.Widget MEDIUM" "ht-mega-for-elementor 2.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Gallery.Justify MEDIUM" "ht-mega-for-elementor 2.4.8 Missing.Authorization.to.Information.Exposure MEDIUM" "ht-mega-for-elementor 2.5.0 Contributor+.Stored.XSS.via.Countdown.Widget MEDIUM" "ht-mega-for-elementor 2.4.9 Contributor+.Stored.XSS.via.Accordion/FAQ MEDIUM" "ht-mega-for-elementor 2.4.7 Unauthenticated.Order.Data.Disclosure HIGH" "ht-mega-for-elementor 2.5.0 Contributor+.Stored.XSS.via.Image.Grid.Widget MEDIUM" "ht-mega-for-elementor 2.4.7 Contributor+.Stored.XSS.via.size MEDIUM" "ht-mega-for-elementor 2.4.7 Contributor+.Stored.XSS.via.Lightbox.Widget MEDIUM" "ht-mega-for-elementor 2.4.4 Contributor+.Stored.XSS MEDIUM" "ht-mega-for-elementor 2.4.7 Contributor+.Directory.Traversal HIGH" "ht-mega-for-elementor 2.4.5 Contributor+.Stored.Cross-Site.Scripting.via.Post.Carousel.Widget MEDIUM" "ht-mega-for-elementor 2.4.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.titleTag MEDIUM" "ht-mega-for-elementor 2.3.4 Arbitrary.Plugin/Theme.Activation.via.CSRF MEDIUM" "ht-mega-for-elementor 2.3.9 Reflected.Cross-Site.Scripting HIGH" "ht-mega-for-elementor 1.5.7 Absolute.Addons.for.Elementor.Page.Builder.<.1.5.7.-.Contributor+.Stored.XSS MEDIUM" "hb-audio-gallery No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "hotjar 1.0.16 Admin+.Stored.XSS MEDIUM" "how-to-wp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "horoscope-and-tarot 1.3.1 Contributor+.Stored.XSS MEDIUM" "htaccess-redirect No.known.fix Reflected.Cross-Site.Scripting HIGH" "houzez-crm 1.4.3 Authenticated.(Seller+).SQL.Injection HIGH" "hover-video-preview No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hockeydata-los No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "handl-utm-grabber 2.6.5 Authenticated.Option.Change.via.CSRF HIGH" "hash-form 1.2.2 Missing.Authorization.to.Authenticated.(Contributor+).Form.Style.Creation MEDIUM" "hash-form 1.2.0 Drag.&.Drop.Form.Builder.<.1.2.0.-.Unauthenticated.Limited.File.Upload MEDIUM" "hash-form 1.1.1 Unauthenticated.Arbitrary.File.Upload.to.Remote.Code.Execution CRITICAL" "hash-form 1.1.1 Unauthenticated.PHP.Object.Injection HIGH" "horizontal-line-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "html5-chat No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hotjar-connecticator No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "hotjar-connecticator No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "helpie-faq 1.28 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "helpie-faq 1.9.13 Reflected.Cross-Site.Scripting MEDIUM" "helpie-faq 1.9.9 Reflected.XSS MEDIUM" "helpie-faq 1.7.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "helpie-faq 0.7.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "hurrakify 8.0.1 Unauthenticated.Server-Side.Request.Forgery HIGH" "hide-admin-bar-based-on-user-roles 3.5.0 Reflected.Cross-Site.Scripting MEDIUM" "hide-admin-bar-based-on-user-roles 3.0.0 Subscriber+.Settings.Update MEDIUM" "hide-admin-bar-based-on-user-roles 3.1.0 Settings.Update.via.CSRF MEDIUM" "ht-contactform 1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ht-contactform 1.1.6 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "https-links-in-content No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "helloprint 2.1.0 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "helloprint 2.1.0 Subscriber+.Arbitrary.File.Deletion HIGH" "helloprint 2.0.5 Unauthenticated.Arbitrary.File.Upload CRITICAL" "helloprint 1.4.7 Reflected.Cross-Site.Scripting MEDIUM" "htaccess 1.8.2 CSRF.to.edit..htaccess HIGH" "htaccess 1.7.6 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "hacklog-downloadmanager No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "hk-filter-and-search No.known.fix Contributor+.Local.File.Inclusion HIGH" "hk-filter-and-search 2.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "hd-quiz-save-results-light 0.6 Missing.Authorization MEDIUM" "hm-cool-author-box-widget 3.0.0 Missing.Authorization MEDIUM" "hm-cool-author-box-widget 2.9.5 Reflected.Cross-Site.Scripting MEDIUM" "hyperlink-group-block No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hyperlink-group-block 1.17.6 Contributor+.Stored.XSS MEDIUM" "header-image-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "happy-elementor-addons-pro 2.10.0 Reflected.Cross-Site.Scripting HIGH" "happy-elementor-addons-pro 2.8.1 Reflected.XSS HIGH" "happy-elementor-addons-pro 1.17.0 Contributor+.Stored.XSS MEDIUM" "house-manager No.known.fix Reflected.XSS HIGH" "helpgent No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "hashthemes-demo-importer 1.1.2 Improper.Access.Control.to.Blog.Reset HIGH" "houzez-theme-functionality 3.2.3 Functionality.<.3.2.3.-.Authenticated.(Seller+).SQL.Injection HIGH" "hack-me-if-you-can No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "homepage-product-organizer-for-woocommerce No.known.fix Subscriber+.SQLi HIGH" "http-https-remover 3.2.4 Plugin.Installation.via.CSRF MEDIUM" "http-https-remover 3.2.4 Subscriber+.Plugin.Installation MEDIUM" "html5-video-player 2.5.36 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.heading.Parameter MEDIUM" "html5-video-player 2.5.35 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Options.Update MEDIUM" "html5-video-player 2.5.33 Missing.Authorization.in.multiple.functions.via.h5vp_ajax_handler MEDIUM" "html5-video-player 2.5.31 Missing.Authorization MEDIUM" "html5-video-player 2.5.32 Authenticated.(Subscriber+).Information.Exposure MEDIUM" "html5-video-player 2.5.27 Unauthenticated.SQLi HIGH" "html5-video-player 2.5.25 Unauthenticated.SQLi HIGH" "html5-video-player 2.5.19 Subscriber+.Stored.XSS HIGH" "hunk-companion 1.9.0 Unauthenticated.Plugin.Installation CRITICAL" "hunk-companion 1.8.5 Missing.Authorization.to.Unauthenticated.Arbitrary.Plugin.Installation/Activation CRITICAL" "hits-counter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hire-me-widget 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "hire-me-widget 1.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "heartland-management-terminal 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "header-footer 3.3.1 Authenticated.(Administrator+).PHP.Code.Injection.in.Multisite.Environments MEDIUM" "highlight-search-terms-results 1.04 Reflected.Cross-Site.Scripting MEDIUM" "happyforms 1.26.3 Admin+.Stored.XSS LOW" "happyforms 1.26.1 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "happyforms 1.25.11 Missing.Authorization MEDIUM" "happyforms 1.25.10 Reflected.Cross-Site.Scripting MEDIUM" "happyforms 1.22.0 Contributor+.Stored.XSS MEDIUM" "happy-elementor-addons 3.16.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "happy-elementor-addons 3.15.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "happy-elementor-addons 3.12.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Comparison MEDIUM" "happy-elementor-addons 3.12.4 Missing.Authorization MEDIUM" "happy-elementor-addons 3.12.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "happy-elementor-addons 3.12.3 Authenticated.(Contributor+).Sensitive.Information.Exposure MEDIUM" "happy-elementor-addons 3.11.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.PDF.View.Widget MEDIUM" "happy-elementor-addons 3.11.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Gradient.Heading.Widget MEDIUM" "happy-elementor-addons 3.11.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.Navigation.Widget MEDIUM" "happy-elementor-addons 3.11.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Accordion MEDIUM" "happy-elementor-addons 3.10.9 Contributor+.Stored.XSS MEDIUM" "happy-elementor-addons 3.10.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Event.Calendar.Widget MEDIUM" "happy-elementor-addons 3.10.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Stack.Group.Widget MEDIUM" "happy-elementor-addons 3.10.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "happy-elementor-addons 3.10.5 Contributor+.Stored.XSS MEDIUM" "happy-elementor-addons 3.10.6 Contributor+.Stored.XSS.via.HTML.Tags MEDIUM" "happy-elementor-addons 3.10.4 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.title_tag MEDIUM" "happy-elementor-addons 3.10.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Calendy MEDIUM" "happy-elementor-addons 3.10.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.Title.HTML.Tag MEDIUM" "happy-elementor-addons 3.10.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Photo.Stack.Widget MEDIUM" "happy-elementor-addons 3.10.5 Incorrect.Authorization.to.Information.Exposure MEDIUM" "happy-elementor-addons 3.10.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Page.Title.HTML.Tag MEDIUM" "happy-elementor-addons 3.10.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Archive.Title.Widget MEDIUM" "happy-elementor-addons 3.10.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Author.Meta.Widget MEDIUM" "happy-elementor-addons 3.10.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "happy-elementor-addons 3.10.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "happy-elementor-addons 3.10.2 Missing.Authorization.via.add_row_actions MEDIUM" "happy-elementor-addons 3.10.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "happy-elementor-addons 3.10.0 Reflected.Cross-Site.Scripting HIGH" "happy-elementor-addons 3.10.0 Contributor+.SSRF LOW" "happy-elementor-addons 3.8.3 Cross-Site.Request.Forgery MEDIUM" "happy-elementor-addons 2.24.0 Contributor+.Stored.XSS MEDIUM" "hotspots No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "hamburger-icon-menu-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hybrid-gallery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "html2wp No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "html2wp No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "html2wp No.known.fix Subscriber+.Arbitrary.File.Deletion HIGH" "hpbtool No.known.fix Admin+.Stored.Cross.Site.Scripting LOW" "ht-event No.known.fix Authenticated.(Contributor+).Sensitive.Information.Exposure.via.HT.Event:.Sponsor MEDIUM" "ht-event 1.4.6 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "hypercomments No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "hl-twitter No.known.fix Settings.Update.via.CSRF MEDIUM" "hl-twitter No.known.fix Unlink.Twitter.Account.via.CSRF MEDIUM" "hl-twitter No.known.fix Admin+.Stored.XSS.via.Widget LOW" "http-auth 1.0.0 Settings.Update.via.CSRF MEDIUM" "huurkalender-wp 1.6.0 Contributor+.Stored.XSS MEDIUM" "hreflang-manager-lite 1.07 Cross-Site.Request.Forgery MEDIUM" "horizontal-scroll-image-slideshow No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "host-php-info No.known.fix Missing.Authorization.to.Unauthenticated.Sensitive.Information.Disclosure HIGH" "hesabfa-accounting 2.2.0 Cross-Site.Request.Forgery MEDIUM" "hesabfa-accounting 2.1.3 Reflected.Cross-Site.Scripting MEDIUM" "hitsteps-visitor-manager 5.87 Admin+.Stored.XSS LOW" "hitsteps-visitor-manager 5.87 Arbitrary.Settings.Update.via.CSRF MEDIUM" "header-footer-elementor 1.6.47 Contributor+.Stored.XSS.via.Page.Title.Widget MEDIUM" "header-footer-elementor 1.6.46 Author+.Stored.XSS.via.SVG.File.Upload MEDIUM" "header-footer-elementor 1.6.44 Authenticated.(Contributor+).Information.Disclosure.via.Shortcode MEDIUM" "header-footer-elementor 1.6.36 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "header-footer-elementor 1.6.36 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Site.Title.Widget MEDIUM" "header-footer-elementor 1.6.26.1 Contributor+.Stored.XSS MEDIUM" "header-footer-elementor 1.6.27 Authenticated.(Author+).HTML.Injection MEDIUM" "header-footer-elementor 1.6.29 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "header-footer-elementor 1.6.25 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "header-footer-elementor 1.5.8 Header,.Footer.&.Blocks.Template.<.1.5.8.-.Contributor+.Stored.XSS MEDIUM" "horizontal-scrolling-announcement No.known.fix Horizontal.scrolling.announcement.for.WordPress.<=.9,2.Contributor+.Stored.XSS MEDIUM" "horizontal-scrolling-announcement No.known.fix Authenticated.(subscriber+).Blind.SQL.Injection HIGH" "help-scout No.known.fix Missing.Authorization MEDIUM" "hueman-addons No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "history-timeline No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "helloasso 1.1.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "helloasso 1.1.11 Missing.Authorization.to.Authenticated.(Contributor+).Limited.Options.Update MEDIUM" "helloasso 1.1.11 Missing.Authorization MEDIUM" "helloasso 1.1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "helloasso 1.1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hide-category-by-user-role-for-woocommerce 2.2 Subscriber+.Arbitrary.Content.Deletion MEDIUM" "houzez-login-register 3.3.0 Subscriber+.Privilege.Escalation.via.Account.Takeover HIGH" "hermit No.known.fix Subscriber+.SQLi HIGH" "hermit No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "hermit No.known.fix Unauthenticated.SQLi HIGH" "hermit No.known.fix Arbitrary.Cache/Source.Deletion.&.Source.Creation.via.CSRF MEDIUM" "hs-brand-logo-slider No.known.fix Authenticated.Arbitrary.File.Upload CRITICAL" "html5-responsive-faq No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "headline-analyzer 1.3.4 Cross-Site.Request.Forgery MEDIUM" "headline-analyzer 1.3.2 Missing.Authorization.via.REST.APIs MEDIUM" "ht-easy-google-analytics 1.1.8 Reflected.Cross-Site.Scripting MEDIUM" "ht-easy-google-analytics 1.2.0 Missing.Authorization.to.Unauthenticated.GA4.Email.Update MEDIUM" "ht-easy-google-analytics 1.0.7 Plugin.Activation.via.CSRF MEDIUM" "hyve-lite 1.2.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "horizontal-scrolling-announcements 2.5 .Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "hide-my-site No.known.fix Unauthenticated.Information.Exposure MEDIUM" "houzez-property-feed 2.5.5 Unauthenticated.Arbitrary.File.Download HIGH" "houzez-property-feed 2.4.22 Cross-Site.Request.Forgery.to.Property.Feed.Export.Deletion MEDIUM" "h5p 1.15.8 Contributor+.Stored.XSS MEDIUM" "helpdeskwp No.known.fix Editor+.Stored.XSS LOW" "header-images-rotator No.known.fix Reflected.Cross-Site.Scripting HIGH" "hitpay-payment-gateway 4.1.4 Information.Exposure.via.Log.Files MEDIUM" "hostel 1.1.5.7 Authenticated.(Administrator+).SQL.Injection MEDIUM" "hostel 1.1.5.6 Reflected.Cross-Site.Scripting MEDIUM" "hostel 1.1.5.5 Reflected.Cross-Site.Scripting MEDIUM" "hostel 1.1.5.3 Reflected.XSS HIGH" "hostel 1.1.5.4 Cross-Site.Request.Forgery MEDIUM" "hostel 1.1.5.2 Admin+.Stored.XSS LOW" "hostel 1.1.4 Unauthenticated.Stored.XSS MEDIUM" "html-forms 1.5.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "html-forms 1.5.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "html-forms 1.4.2 Reflected.Cross-Site.Scripting MEDIUM" "html-forms 1.3.34 Bulk.Delete.via.CSRF MEDIUM" "html-forms 1.3.33 Admin+.Stored.XSS LOW" "html-forms 1.3.30 Admin+.Stored.XSS LOW" "html-forms 1.3.25 Admin+.SQLi MEDIUM" "history-log-by-click5 No.known.fix Unauthenticated.SQL.Injection HIGH" "history-log-by-click5 1.0.13 Admin+.Time-Based.Blind.SQL.Injection MEDIUM" "hotscot-contact-form 1.3 Admin+.SQL.Injection MEDIUM" "htaccess-file-editor 1.0.20 Unauthenticated.Information.Exposure MEDIUM" "htaccess-file-editor 1.0.19 Missing.Authorization MEDIUM" "hashtagger No.known.fix Missing.Authorization MEDIUM" "hm-logo-showcase 2.0.4 Reflected.Cross-Site.Scripting MEDIUM" "hm-logo-showcase 1.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "h5pxapikatchu 0.4.15 Missing.Authorization MEDIUM" "helpful 4.5.26 Information.Disclosure MEDIUM" "helpful 4.5.15 Votes.Tampering MEDIUM" "helpful 4.4.59 Admin+.Stored.Cross-Site.Scripting LOW" "heart-this No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hdw-tube No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "hal 2.2 Admin+.Stored.Cross-Site.Scripting LOW" "happiness-reports-for-help-scout No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hm-testimonial 1.5 Reflected.Cross-Site.Scripting MEDIUM" "hm-testimonial 1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "hash-elements 1.5.1 Contributor+.Stored.XSS MEDIUM" "hash-elements 1.4.8 Missing.Authorization.to.Unauthenticated.Draft.Post.Title.Exposure MEDIUM" "hash-elements 1.3.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.url.Parameter.in.Multiple.Widgets MEDIUM" "hash-elements 1.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "header-footer-composer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "html5-audio-player 2.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "html5-audio-player 2.2.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "html5-audio-player 2.2.22 Best.WordPress.Audio.Player.Plugin.<.2.2.22.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "html5-audio-player 2.1.12 Contributor+.Stored.XSS MEDIUM" "html5-audio-player 2.1.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "hmapsprem No.known.fix Customizable.Google.Maps.Plugin.<=.2.3.9.-.Authenticated.(Subscriber+).SQL.Injection MEDIUM" "hmapsprem 2.2.3 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "hana-flv-player No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "html5-maps 1.7.1.5 Arbitrary.Settings.Update.via.CSRF MEDIUM" "html5-maps 1.6.5.7 CSRF.&.XSS HIGH" "handsome-testimonials 2.1.1 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "heureka 1.1.0 Cross-Site.Request.Forgery MEDIUM" "hc-custom-wp-admin-url No.known.fix Unauthenticated.Arbitrary.Settings.Update.via.CSRF MEDIUM" "hc-custom-wp-admin-url No.known.fix Unauthenticated.Secret.URL.Disclosure MEDIUM" "html5-video-player-with-playlist No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "highlight-focus No.known.fix Admin+.Stored.Cross.Site.Scripting LOW" "health-check 1.6.0 CSRF MEDIUM" "health-check 1.2.4 Missing.Authorization.Checks MEDIUM" "heat-trackr 1.01 XSS MEDIUM" "host-analyticsjs-local 4.7.15 Unauthenticated.Settings.Update MEDIUM" "host-analyticsjs-local 4.1.9 Admin+.Arbitrary.Folder.Deletion.via.Path.Traversal MEDIUM" "ht-builder 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "heateor-social-login 1.1.36 Authentication.Bypass HIGH" "heateor-social-login 1.1.33 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "heateor-social-login 1.1.33 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "heateor-social-login 1.1.32 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "heateor-social-login 1.1.31 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "hoo-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "htaccess-login-block No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "history-collection No.known.fix Arbitraty.File.Download HIGH" "honeypot-for-wp-comment No.known.fix Reflected.Cross-Site.Scripting.via.page MEDIUM" "honeypot-for-wp-comment No.known.fix Directory.Traversal.to.Unauthenticated.Arbitrary.File.Deletion CRITICAL" "hr-management 1.1.2 Unauthenticated.PHP.Object.Injection HIGH" "header-footer-code-manager 1.1.35 Snippets.Activation/Deactivation/Deletion.via.CSRF MEDIUM" "header-footer-code-manager 1.1.24 Reflected.Cross-Site.Scripting MEDIUM" "header-footer-code-manager 1.1.17 Reflected.Cross-Site.Scripting MEDIUM" "header-footer-code-manager 1.1.14 Admin+.SQL.Injections MEDIUM" "hm-portfolio No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hss-embed-streaming-video No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hcaptcha-for-forms-and-more 4.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.cf7-hcaptcha.Shortcode MEDIUM" "hms-testimonials 2.0.11 XSS MEDIUM" "hostfact-bestelformulier-integratie No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hot-linked-image-cacher No.known.fix Image.upload/cache.abuse.via.CSRF LOW" "ht-portfolio 1.1.6 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "hide-my-wp 5.4.02 Unauthenticated.Local.File.Inclusion HIGH" "hide-my-wp 5.4.02 Unauthenticated.Limited.File.Read MEDIUM" "hide-my-wp 5.4.01 Hidden.Login.Page.Disclosure MEDIUM" "hide-my-wp 5.3.02 Reflected.Cross-Site.Scripting.via.URL MEDIUM" "hide-my-wp 5.2.02 Hidden.Login.Page.Disclosure MEDIUM" "hide-my-wp 5.0.20 IP.Address.Spoofing MEDIUM" "hm-multiple-roles 1.9 Reflected.Cross-Site.Scripting MEDIUM" "hm-multiple-roles 1.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "hm-multiple-roles 1.3 Arbitrary.Role.Change CRITICAL" "holler-box 2.3.3 Admin+.Stored.XSS LOW" "holler-box 2.1.4 Admin+.SQL.Injection MEDIUM" "hqtheme-extra No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hqtheme-extra No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "hipaatizer 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hotel-listing 1.3.7 Subscriber+.Privilege.Escalation CRITICAL" "hotel-listing 1.3.3 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "hercules-core 6.7 Missing.Authorization.to.Settings.Update MEDIUM" "hercules-core 6.5 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "hide-shipping-method-for-woocommerce 1.5.2 Missing.Authorization MEDIUM" "hide-shipping-method-for-woocommerce 1.3.3 Reflected.Cross-Site.Scripting MEDIUM" "hide-shipping-method-for-woocommerce 1.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "hover-image-button No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hack-info 3.18 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "hide-login No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hive-support No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "hive-support No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hive-support No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "hive-support No.known.fix Missing.Authorization MEDIUM" "hive-support No.known.fix Missing.Authorization MEDIUM" "hive-support 1.1.7 Missing.Authorization MEDIUM" "hive-support 1.1.3 Cross-Site.Request.Forgery MEDIUM" "hive-support 1.1.3 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "hive-support 1.1.2 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "hiweb-migration-simple No.known.fix hiWeb.Migration.Simple.<=.2,0,0,1.Reflected.Cross-Site.Scripting HIGH" "http-headers 1.19.0 Admin+.SSRF MEDIUM" "http-headers 1.19.0 Admin+.Stored.XSS LOW" "http-headers 1.18.11 Admin+.Remote.Code.Execution MEDIUM" "http-headers 1.18.8 Admin+.SQL.Injection MEDIUM" "hover-effects 2.1.1 Admin+.LFI MEDIUM" "html5-virtual-classroom No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hmh-footer-builder-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hls-player 1.0.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "homey-login-register No.known.fix Unauthenticated.Privilege.Escalation.in.homey_register CRITICAL" "homey-login-register No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "host-webfonts-local 5.7.10 Unauthenticated.Directory.Deletion.&.Stored.XSS HIGH" "host-webfonts-local 4.5.12 Admin+.Arbitrary.Folder.Deletion.via.Path.Traversal MEDIUM" "host-webfonts-local 4.5.4 Subscriber+.Arbitrary.File/Folder.Deletion CRITICAL" "host-webfonts-local 4.5.4 Unauthenticated.Path.Traversal.in.REST.API MEDIUM" "html5-mp3-player-with-playlist No.known.fix Authenticated.(Author+).PHP.Object.Injecton HIGH" "html5-mp3-player-with-playlist 2.8.0 Full.Path.Disclosure.(FPD) MEDIUM" "hacklog-remote-attachment No.known.fix Cross-Site.Request.Forgery MEDIUM" "hot-random-image 1.8.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "haxcan No.known.fix CSRF.Bypass MEDIUM" "haxcan No.known.fix Arbitrary.File.Access MEDIUM" "hooked-editable-content No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hooked-editable-content No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "h5p-css-editor No.known.fix Reflected.Cross-Site.Scripting HIGH" "hdw-player-video-player-video-gallery No.known.fix Cross-Site.Scripting MEDIUM" "hyp3rl0cal-city-search No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hypotext No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hub2word No.known.fix Subscriber+.Arbitrary.Options.Update CRITICAL" "halfdata-optin-downloads No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "hostinger 1.9.8 Unauthenticated.Maintenance.Mode.Toggle MEDIUM" "hello-event-widgets-for-elementor 1.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hkdev-maintenance-mode 3.0.2 Unauthenticated.IP.Spoofing MEDIUM" "hkdev-maintenance-mode 3.0.2 Unauthenticated.Post/Page.Content.Disclosure MEDIUM" "hello-in-all-languages No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "hello-world 2.2.0 Authenticated.(Subscriber+).Arbitrary.File.Read MEDIUM" "ht-slider-for-elementor 1.4.0 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "ht-team-member 1.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.htteamember.Shortcode MEDIUM" "hestia-nginx-cache 2.4.1 Missing.Authorization MEDIUM" "ht-instagram 1.2.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ht-instagram 1.2.8 Cross-Site.Request.Forgery MEDIUM" "ht-menu-lite 1.2.2 Cross-Site.Request.Forgery MEDIUM" "hurrytimer 2.12.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Campaign.Name MEDIUM" "hurrytimer 2.11.0 Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.Post.Publication MEDIUM" "hurrytimer 2.10.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hrm 2.2.6 Multiple.Issues HIGH" "happy-scss-compiler No.known.fix Compile.SCSS.to.CSS.automatically.<=.1.3.10.-.Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "hslide No.known.fix WordPress.Slider.Plugin.<=.1.3.5.-.Authenticated.(Subscriber+).SQL.Injection MEDIUM" "hmenu No.known.fix Responsive.WordPress.Menu.Plugin.<=.1.16.5.-.Reflected.Cross-Site.Scripting MEDIUM" "hmenu No.known.fix Responsive.WordPress.Menu.Plugin.<=.1.16.5.-.Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Directory.Deletion MEDIUM" "hmenu No.known.fix Responsive.WordPress.Menu.Plugin.<=.1.16.5.-.Authenticated.(Subscriber+).SQL.Injection MEDIUM" "hmenu No.known.fix Responsive.WordPress.Menu.Plugin.<=.1.16.5.-.Authenticated.(Subscriber+).SQL.Injection MEDIUM" "hmenu No.known.fix Responsive.WordPress.Menu.Plugin.<=.1.16.5.-.Reflected.Cross-Site.Scripting MEDIUM" "hmenu No.known.fix Responsive.WordPress.Menu.Plugin.<=.1.16.5.-.Authenticated.(Subscriber+).SQL.Injection MEDIUM" "hola-free-video-player No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "html5-soundcloud-player-with-playlist No.known.fix Authenticated.(Author+).PHP.Object.Injection HIGH" "hq60-fidelity-card No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hummingbird-performance 3.9.2 Cross-Site.Request.Forgery MEDIUM" "hummingbird-performance 3.9.2 Missing.Authorization MEDIUM" "hummingbird-performance 3.7.4 Missing.Authorization MEDIUM" "hummingbird-performance 3.4.2 Unauthenticated.Path.Traversal HIGH" "hummingbird-performance 3.3.2 Admin+.Stored.Cross-Site.Scripting LOW" "header-footer-code 1.2 Admin+.Stored.XSS LOW" "header-footer-code 1.2 Admin+.Stored.XSS.via.CSS.Styles LOW" "hacklog-remote-image-autosave No.known.fix Cross-Site.Request.Forgery MEDIUM" "hebrewdates 2.3.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "hd-quiz 2.0.0 Editor+.Stored.XSS LOW" "hd-quiz 1.8.12 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.plugin.settings MEDIUM" "hd-quiz 1.8.4 Authenticated.Stored.XSS MEDIUM" "highlight 2.0.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "highlight 0.9.3 Authenticated.Stored.Cross-Site.Scripting LOW" "html5-lyrics-karaoke-player No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hashbar-wp-notification-bar 1.4.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "hashbar-wp-notification-bar 1.3.6 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "hover-image No.known.fix CSRF MEDIUM" "hide-links No.known.fix Unauthenticated.Shortcode.Execution MEDIUM" "hero-banner-ultimate No.known.fix Author+.Local.File.Inclusion HIGH" "hero-banner-ultimate 1.4 Contributor+.Stored.XSS MEDIUM" "hotlink2watermark No.known.fix Cross-Site.Request.Forgery MEDIUM" "hq-rental-software No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.Options.Update HIGH" "homepage-pop-up No.known.fix CSRF MEDIUM" "homepage-pop-up No.known.fix Admin+.Stored.XSS LOW" "hospital-management No.known.fix Unauthenticated.SQL.Injection HIGH" "hospital-management No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "hospital-management No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hospital-management No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "iconic-woothumbs 5.5.4 Reflected.Cross-Site.Scripting MEDIUM" "ithemes-sync 3.0.1 Stored.Cross-Site.Scripting.via.packages MEDIUM" "ithemes-sync 2.1.14 Cross-Site.Request.Forgery.and.Missing.Authorization.via.'hide_authenticate_notice' MEDIUM" "improved-sale-badges 4.4.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "ilab-media-tools 4.5.25 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "ilab-media-tools 4.5.21 Reflected.Cross-Site.Scripting MEDIUM" "ilab-media-tools 4.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "if-menu 0.19.2 Missing.Authorization.to.License.Key.Update MEDIUM" "images-asynchronous-load 1.06 Reflected.Cross-Site.Scripting MEDIUM" "imdb-info-box No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "integracao-entre-eduzz-e-wc-powers No.known.fix 1.7.5.-.Missing.Authorization.to.Authenticated.(Subscriber+).Privilege.Escalation HIGH" "internallink-audit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "image-gallery-box-by-crudlab No.known.fix Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "instagrate-to-wordpress 1.3.8 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "iframe 5.1 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "iframe 5.1 Contributor+.Stored.XSS MEDIUM" "iframe 4.9 Contributor+.Stored.XSS LOW" "iframe 4.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'iframe'.Shortcode MEDIUM" "iframe 4.5 Authenticated.Stored.Cross.Site.Scripting.(XSS) MEDIUM" "if-so 1.9.2.2 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "if-so 1.8.0.4 Admin+.Stored.XSS LOW" "if-so 1.8.0.4 Reflected.XSS MEDIUM" "if-so 1.8.0.3 Contributor+.Shortcode.Stored.XSS MEDIUM" "if-so 1.7.1.1 Missing.Authorization MEDIUM" "if-so 1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ibuildapp No.known.fix Reflected.XSS HIGH" "ithemes-exchange 1.12.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "iwjob No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "image-wall 3.1 Reflected.Cross-Site.Scripting MEDIUM" "insert-code No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "intelly-welcome-bar No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "imbachat-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "infusionsoft-official-opt-in-forms 2.0.2 Unauthenticated.Limited.Local.File.Inclusion CRITICAL" "infusionsoft-official-opt-in-forms No.known.fix Contributor+.Stored.XSS MEDIUM" "infusionsoft-official-opt-in-forms No.known.fix Contributor+.Stored.XSS MEDIUM" "infusionsoft-official-opt-in-forms 1.0.12 Admin+.Stored.XSS LOW" "image-classify No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "insert-or-embed-articulate-content-into-wordpress No.known.fix Authenticated.(Editor+).Arbitrary.File.Upload HIGH" "insert-or-embed-articulate-content-into-wordpress 4.3000000024 Author+.Arbitrary.File.Upload CRITICAL" "insert-or-embed-articulate-content-into-wordpress 4.3000000025 Iframe.Injection LOW" "insert-or-embed-articulate-content-into-wordpress 4.30000000254.3000000025 Author+.Upload.to.RCE CRITICAL" "insert-or-embed-articulate-content-into-wordpress 4.3000000023 Contributor+.Stored.XSS MEDIUM" "insert-or-embed-articulate-content-into-wordpress 4.3000000021 Reflected.Cross-Site.Scripting MEDIUM" "insert-or-embed-articulate-content-into-wordpress 4.3000000016 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "insert-or-embed-articulate-content-into-wordpress 4.29991 Authenticated.Arbitrary.Folder.Deletion.and.Rename MEDIUM" "insert-or-embed-articulate-content-into-wordpress 4.2999 Unauthenticated.RCE CRITICAL" "insert-or-embed-articulate-content-into-wordpress 4.2997 Subscriber+.Arbitrary.Option.Update CRITICAL" "increase-upload-file-size-maximum-execution-time-limit 3.0 Reflected.Cross-Site.Scripting MEDIUM" "infographic-and-list-builder-ilist 5.0.0 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "infographic-and-list-builder-ilist 4.7.5 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Title.Update MEDIUM" "infographic-and-list-builder-ilist 4.6.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "infographic-and-list-builder-ilist 4.3.8 iList.<.4.3.8.-.Unauthenticated.SQL.Injection HIGH" "instagram-slider-widget 2.2.9 Admin+.Stored.XSS LOW" "instagram-slider-widget 2.2.9 Admin+.Stored.XSS.via.Widgets LOW" "instagram-slider-widget 2.2.5 Missing.Authorization MEDIUM" "instagram-slider-widget 2.0.7 Admin+.Stored.XSS.via.Feeds LOW" "instagram-slider-widget 2.0.6 Admin+.Stored.XSS.via.API.Key LOW" "instagram-slider-widget 2.0.5 Subscriber+.Stored.XSS.via.Feeds HIGH" "instagram-slider-widget 2.0.5 Subscriber+.Arbitrary.API.Key.Update.to.Stored.XSS HIGH" "instagram-slider-widget 2.0.5 Subscriber+.Arbitrary.Feed.Deletion MEDIUM" "instagram-slider-widget 2.0.5 Reflected.Cross-Site.Scripting MEDIUM" "instagram-slider-widget 1.8.5 Authenticated.Reflected.Cross-Site.Scripting.(XSS) CRITICAL" "ithemelandco-woo-report 1.5.2 Cross-Site.Request.Forgery.to.Arbitrary.Options.Update HIGH" "ithemelandco-woo-report 1.5.0 Reflected.Cross-Site.Scripting MEDIUM" "image-carousel-for-divi 1.6.1 Reflected.Cross-Site.Scripting MEDIUM" "image-carousel-for-divi 1.5.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "icestats No.known.fix Cross-Site.Request.Forgery MEDIUM" "iconize No.known.fix Authenticated.(Admin+).Remote.Code.Execution HIGH" "integracao-rd-station 5.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "integracao-rd-station 5.2.1 Multiple.CSRF MEDIUM" "ithemeland-bulk-posts-editing-lite 4.2.4 Cross-Site.Request.Forgery MEDIUM" "ithemeland-bulk-posts-editing-lite 4.2.4 Authenticated.(Subscriber+).Missing.Authorization MEDIUM" "integration-for-szamlazz-hu-gravity-forms 1.2.7 Multiple.CSRF MEDIUM" "indieweb-post-kinds 1.3.1.1 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "instagram-widget-by-wpzoom 2.1.14 Missing.Authorization.to.Authenticated.(Subscriber+).Instagram.Image.Deletion MEDIUM" "indeed-learning-pro No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "improved-include-page No.known.fix Contributor+.Arbitrary.Posts/Pages.Access MEDIUM" "integrar-getnet-con-woo 0.0.5 Unauthenticated.Authorization.Bypass HIGH" "iphone-webclip-manager No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "insert-html-here No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ifolders 1.5.1 Admin+.XSS MEDIUM" "i-plant-a-tree 1.7.4 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "i-plant-a-tree No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "i2-pro-cons No.known.fix Contributor+.Stored.XSS MEDIUM" "instabot No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "iteras 1.8.1 Stored.XSSS.via.CSRF HIGH" "ip2location-world-clock 1.1.10 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "inpost-gallery 2.1.4.4 Cross-Site.Request.Forgery MEDIUM" "inpost-gallery 2.1.4.3 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution.via.inpost_gallery_get_shortcode_template MEDIUM" "inpost-gallery 2.1.4.2 Reflected.XSS HIGH" "inpost-gallery 2.1.4.1 Unauthenticated.LFI.to.RCE CRITICAL" "idpay-contact-form-7 No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ig-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ims-countdown No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "integrate-google-drive 1.3.94 Missing.Authorization MEDIUM" "integrate-google-drive 1.3.91 Missing.Authorization MEDIUM" "integrate-google-drive 1.3.91 Missing.Authorization MEDIUM" "integrate-google-drive 1.3.9 Missing.Authorization.to.Unauthenticated.Settings.Modification.and.Export CRITICAL" "integrate-google-drive 1.3.4 Subscriber+.Settings.Update MEDIUM" "integrate-google-drive 1.3.5 Cross-Site.Request.Forgery MEDIUM" "integrate-google-drive 1.3.3 Open.Redirect.via.state MEDIUM" "integrate-google-drive 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "integrate-google-drive 1.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "integration-for-szamlazzhu-woocommerce 5.6.3.3 Multiple.CSRF MEDIUM" "indeed-api No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "interactive-maps No.known.fix Cross-Site.Request.Forgery MEDIUM" "infility-global 2.9.9 Reflected.XSS HIGH" "infility-global 2.9.9 Reflected.XSS.via.set_type.Parameter HIGH" "infility-global 2.9.9 Subscriber+.Plugin.Settings.Update MEDIUM" "ip-loc8 No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "inline-text-popup No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "interact-quiz-embed 3.1 Contributor+.Stored.XSS MEDIUM" "institutions-directory 1.3.1 Subscriber+.Privilege.Escalation CRITICAL" "imagelinks-interactive-image-builder-lite 1.6.0 Admin+.SQLi MEDIUM" "imagelinks-interactive-image-builder-lite 1.5.4 Contributor+.Stored.XSS MEDIUM" "imagelinks-interactive-image-builder-lite 1.5.3 Reflected.Cross-Site.Scripting HIGH" "iframe-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "indigitall-web-push-notifications 3.2.3 Admin+.Stored.XSS LOW" "igumbi-online-booking 1.41 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "imdb-widget 1.0.9 Local.File.Inclusion.(LFI) HIGH" "increase-sociability No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "intergeo-maps No.known.fix Contributor+.Stored.XSS MEDIUM" "intergeo-maps 1.1.6 Reflected.Cross-Site.Scripting MEDIUM" "icon-widget 1.4.0 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "icon-widget 1.3.0 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "improved-sale-badges-free-version No.known.fix Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "ip-vault-wp-firewall 2.1 IP.Address.Spoofing.to.Protection.Mechanism.Bypass MEDIUM" "ip-vault-wp-firewall 2.1 WP.Firewall.<.2.1.-.Admin+.Stored.XSS LOW" "internal-link-builder No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "import-users-to-mailchimp No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "idx-broker-platinum 3.2.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "idx-broker-platinum 3.2.3 Contributor+.Stored.XSS MEDIUM" "idx-broker-platinum 3.0.6 Reflected.Cross-Site.Scripting HIGH" "idx-broker-platinum 2.6.2 Authenticated.Post.Creation,.Modification,.and.Deletion MEDIUM" "idx-broker-platinum 2.6.2 Authenticated.Stored.Cross-Site.Scripting.(XSS).via.unprotected.'idx_update_recaptcha_key'.AJAX MEDIUM" "iq-testimonials No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "interactive-3d-flipbook-powered-physics-engine 1.15.7 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "interactive-3d-flipbook-powered-physics-engine 1.15.5 Authenticated.(Author+).Stored.Cross-Site.Scritping.via.Bookmark.URL MEDIUM" "interactive-3d-flipbook-powered-physics-engine 1.15.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Bookmarks MEDIUM" "interactive-3d-flipbook-powered-physics-engine 1.15.3 Contributor+.Stored.XSS MEDIUM" "interactive-3d-flipbook-powered-physics-engine 1.13.3 Contributor+.Stored.XSS MEDIUM" "interactive-3d-flipbook-powered-physics-engine 1.12.1 Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "importify 1.0.5 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "interactive-world-map 3.4.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "interactive-world-map 3.4.4 Reflected.Cross-Site.Scripting HIGH" "interactive-world-map 3.4.4 CSRF MEDIUM" "image-hover-effects-ultimate 9.8.5 Admin+.Stored.XSS LOW" "image-hover-effects-ultimate 9.7.2 Authenticated.Arbitrary.Options.Change HIGH" "image-hover-effects-ultimate 9.8.0 Authenticated.Stored.XSS MEDIUM" "image-hover-effects-ultimate 9.7.2 Reflected.Cross-Site.Scripting MEDIUM" "image-hover-effects-ultimate 9.7.1 Reflected.Cross-Site.Scripting HIGH" "image-hover-effects-ultimate 9.7.0 Unauthenticated.Arbitrary.Option.Update CRITICAL" "image-watermark 1.7.4 Missing.Authorization.to.Authenticated.(Subscriber+).Watermark.Modification MEDIUM" "ip-address-blocker No.known.fix IP.Spoofing MEDIUM" "ip-address-blocker No.known.fix Cross-Site.Request.Forgery MEDIUM" "inline-tweet-sharer 2.6 Admin+.Stored.XSS LOW" "integration-of-zoho-crm-and-contact-form-7 No.known.fix Open.Redirect MEDIUM" "icons-enricher No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ie-css3-support No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "image-vertical-reel-scroll-slideshow 9.1 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "image-vertical-reel-scroll-slideshow No.known.fix Admin+.Stored.XSS LOW" "instant-chat-wp No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "ip2location-country-blocker 2.38.9 Unauthenticated.Information.Disclosure MEDIUM" "ip2location-country-blocker 2.38.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ip2location-country-blocker 2.34.3 Cross-Site.Request.Forgery MEDIUM" "ip2location-country-blocker 2.33.4 Unauthenticated.Sensitive.Information.Exposure.via.Debug.Log.File MEDIUM" "ip2location-country-blocker 2.26.9 Admin+.Stored.Cross-Site.Scripting LOW" "ip2location-country-blocker 2.26.6 Arbitrary.Country.Ban.via.CSRF MEDIUM" "ip2location-country-blocker 2.26.5 Ban.Bypass MEDIUM" "ip2location-country-blocker 2.26.5 Subscriber+.Arbitrary.Country.Ban MEDIUM" "iframe-to-embed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "include-lottie-animation-for-elementor 1.10.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "intelligent-importer 5.1.4 Reflected.Cross-Site.Scripting MEDIUM" "import-xml-feed 2.1.6 Authenticated.(Administrator+).Arbitrary.File.Upload CRITICAL" "import-xml-feed 2.1.5 Unauthenticated.RCE CRITICAL" "import-xml-feed 2.1.4 Admin+.Arbitrary.File.Upload MEDIUM" "import-xml-feed 2.0.3 Authenticated.Server-side.Request.Forgery.(SSRF) MEDIUM" "ideal-wp-login-logo-changer 1.1.8 Cross-Site.Request.Forgery MEDIUM" "image-hover-effects-for-visual-composer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ip-locator 4.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "inquiry-cart No.known.fix Stored.XSS.via.CSRF HIGH" "inet-webkit 1.2.3 Missing.Authorization MEDIUM" "image-tag-manager No.known.fix Reflected.Cross-Site.Scripting.via.default_class MEDIUM" "idealien-category-enhancements No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "improved-variable-product-attributes 5.3.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "image-regenerate-select-crop 7.3.1 Sensitive.Information.Exposure MEDIUM" "iflychat No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "iflychat 4.7.0 Admin+.Stored.Cross-Site.Scripting.(XSS) LOW" "ilc-thickbox No.known.fix Settings.update.via.CSRF MEDIUM" "inline-call-to-action-builder-lite 1.1.1 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "include-fussball-de-widgets No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "iframe-popup No.known.fix Admin+.Stored.XSS LOW" "iamport-payment No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ipanorama-360-virtual-tour-builder-lite 1.8.4 Missing.Authorization MEDIUM" "ipanorama-360-virtual-tour-builder-lite 1.8.2 Missing.Authorization MEDIUM" "ipanorama-360-virtual-tour-builder-lite 1.8.1 .Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "ipanorama-360-virtual-tour-builder-lite 1.8.0 Authenticated.(Admin+).SQL.injection HIGH" "ipanorama-360-virtual-tour-builder-lite 1.6.30 Contributor+.Stored.XSS MEDIUM" "ipanorama-360-virtual-tour-builder-lite 1.6.22 Reflected.Cross-Site.Scripting HIGH" "icons-with-links-widget No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "ibtana-visual-editor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ibtana-visual-editor 1.2.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.align.Attribute MEDIUM" "ibtana-visual-editor 1.2.3.4 WordPress.Website.Builder.<.1.2.3.4.-.Unauthenticated.reCAPTCHA.Settings.Update MEDIUM" "ibtana-visual-editor 1.2.2.1 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "ibtana-visual-editor 1.1.8.8 Contributor+.Stored.XSS.via.Shortcode HIGH" "ibtana-visual-editor 1.1.4.9 Subscriber+.Settings.Update.to.Stored.XSS MEDIUM" "infolinks-ad-wrap No.known.fix Settings.Update.via.CSRF MEDIUM" "intelliwidget-elements No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "indeed-job-importer No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "internal-link-building-plugin No.known.fix CSRF MEDIUM" "internal-link-building-plugin No.known.fix Admin+.Stored.XSS LOW" "image-widget 4.4.11 Admin+.Stored.XSS LOW" "image-captcha No.known.fix Cross-Site.Request.Forgery MEDIUM" "inline-click-to-tweet No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "imagements No.known.fix Unauthenticated.Arbitrary.File.Upload.to.RCE CRITICAL" "imageseo 3.1.2 Unauthenticated.Full.Path.Disclosure MEDIUM" "imageseo 2.0.8 Settings.Update.via.CSRF LOW" "indeed-affiliate-pro 4.0 Authenticated.Stored.XSS MEDIUM" "intimate-io-cryptocurrency-payments No.known.fix CSRF.Bypass MEDIUM" "insta-gallery 4.4.0 Missing.Authorization MEDIUM" "insta-gallery 2.4.8 CSRF.&.Missing.Authorisation.Checks HIGH" "inlocation No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "include-url No.known.fix Authenticated.(Contributor+).Arbitrary.File.Download MEDIUM" "include-url No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "image-gallery-with-slideshow No.known.fix Multiple.XSS.and.SQL.Injection CRITICAL" "interactive-page-hierarchy No.known.fix Missing.Authorization MEDIUM" "image-map-pro-lite No.known.fix CSRF.to.Stored.XSS MEDIUM" "image-map-pro-lite No.known.fix Subscriber+.Stored.XSS MEDIUM" "intuitive-custom-post-order 3.1.5 Admin+.SQLi LOW" "intuitive-custom-post-order 3.1.4 Arbitrary.Menu.Order.Update.via.CSRF MEDIUM" "intuitive-custom-post-order 3.1.4 Subscriber+.Arbitrary.Menu.Order.Update MEDIUM" "image-over-image-vc-extension 3.0 Contributor+.Stored.XSS MEDIUM" "imagemagick-engine 1.7.11 Administrator+.OS.Command.Injection MEDIUM" "imagemagick-engine 1.7.6 PHAR.Deserialization.via.CSRF HIGH" "imagemagick-engine 1.7.6 Command.Injection.via.CSRF HIGH" "ione360-configurator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "import-social-statistics 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "import-social-statistics No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "import-social-statistics No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "ibtana-ecommerce-product-addons 0.2.4 Ecommerce.Product.Addons.<.0.2.4.-.Reflected.Cross-Site.Scripting HIGH" "image-optimizer-wd 1.0.27 Admin+.Path.Traversal MEDIUM" "image-optimizer-wd 1.0.27 Reflected.Cross-Site.Scripting HIGH" "instant-css 1.2.2 Theme/CSS/Minify/Preprocessor.Data.Update.via.CSRF MEDIUM" "instant-css 1.1.5 Subscriber+.Unauthorised.AJAX.Calls MEDIUM" "include-file No.known.fix Authenticated.(Contributor+).Arbitrary.File.Download MEDIUM" "include-file No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "interactive-us-map No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "independent-analytics 1.25.1 Reflected.Cross-Site.Scripting MEDIUM" "iksweb 3.8 Admin+.Stored.XSS LOW" "insert-headers-and-footers-script 1.1.3 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Options.Update MEDIUM" "image-map-pro 6.0.21 Missing.Authorization.to.Authenticated.(Contributor+).Map.Project.Add/Update/Delete MEDIUM" "image-map-pro 6.0.21 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "image-map-pro 5.6.9 Cross-Site.Scripting HIGH" "image-map-pro 5.6.9 Cross-Site.Request.Forgery MEDIUM" "include-me 1.2.2 Authenticated.Remote.Code.Execution.(RCE).via.LFI.log.poisoning HIGH" "internal-link-shortcode No.known.fix Unauthenticated.SQL.Injection HIGH" "import-holded-products-woocommerce 2.0 Reflected.Cross-Site.Scripting MEDIUM" "import-holded-products-woocommerce 2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "integration-dynamics 1.3.24 Contributor+.RCE.and.Arbitrary.File.Read CRITICAL" "integration-dynamics 1.3.18 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "internal-link-finder 5.1.4 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "internal-link-finder 5.1.3 Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "intelligence No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "index-wp-mysql-for-speed 1.4.18 Admin+.Reflected.XSS HIGH" "image-horizontal-reel-scroll-slideshow No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "image-horizontal-reel-scroll-slideshow 13.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "image-horizontal-reel-scroll-slideshow 13.3 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "invoice-payment-for-woocommerce 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "internal-links 2.24.4 Cross-Site.Request.Forgery MEDIUM" "internal-links 2.23.5 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "internal-links 2.23.3 Reflected.Cross-Site.Scripting MEDIUM" "internal-links 1.3.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ifeature-slider No.known.fix Contributor+.Stored.XSS MEDIUM" "iwp-client 1.13.1 Unauthenticated.Limited.Directory.Traversal.to.Arbitrary..txt.File.Reading MEDIUM" "iwp-client 1.12.3.1 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "iwp-client 1.12.1 Unauthenticated.Sensitive.Information.Exposure HIGH" "iwp-client 1.9.4.5 Authentication.Bypass CRITICAL" "igniteup No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "igniteup 3.4.1 Multiple.Issues HIGH" "inactive-user-deleter 1.60 Cross-Site.Request.Forgery MEDIUM" "issuu-panel No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "infusionsoft-landing-pages No.known.fix Settings.Update.via.CSRF MEDIUM" "image-hover-effects-with-carousel No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via._id,.oxi_addons_f_title_tag,.and.content_description_tag.Parameters MEDIUM" "image-hover-effects-with-carousel 3.0 Reflected.XSS HIGH" "implied-cookie-consent No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "inbound-brew No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "inbound-brew No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "inbound-brew No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "inline-google-spreadsheet-viewer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "info-boxes-shortcode-and-widget No.known.fix Cross-Site.Request.Forgery MEDIUM" "ider-login No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ithemes-security-pro 6.8.4 Hide.Backend.Bypass MEDIUM" "integrate-firebase 0.10.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "inline-footnotes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "indeed-wp-superbackup 2.4 Reflected.Cross-Site.Scripting MEDIUM" "indeed-wp-superbackup 2.4 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "indeed-wp-superbackup 2.4 Unauthenticated.Arbitrary.File.Upload CRITICAL" "indeed-wp-superbackup 2.4 Missing.Authorization MEDIUM" "indeed-wp-superbackup 2.4 Missing.Authorization.to.Unauthenticated.Back-Up.File.Download HIGH" "indeed-wp-superbackup 2.4 Migrate.for.WordPress.<.2.4.-.Unauthenticated.Arbitrary.File.Upload CRITICAL" "imagerecycle-pdf-image-compression 3.1.17 Reflected.Cross-Site.Scripting MEDIUM" "imagerecycle-pdf-image-compression 3.1.15 Missing.Authorization.in.Several.AJAX.Actions MEDIUM" "imagerecycle-pdf-image-compression 3.1.15 Cross-Site.Request.in.Several.AJAX.Actions MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Missing.Authorization.to.Settings.Update.in.optimizeAllOn MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Cross-Site.Request.Forgery.to.Settings.Update.in.enableOptimization MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Missing.Authorization.to.Settings.Update.in.stopOptimizeAll MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Cross-Site.Request.Forgery.to.Settings.Update.in.disableOptimization MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Cross-Site.Request.Forgery.to.Plugin.Data.Removal.in.reinitialize MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Cross-Site.Request.Forgery.to.Settings.Update.in.stopOptimizeAll MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Cross-Site.Request.Forgery.to.Settings.Update.in.optimizeAllOn MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Missing.Authorization.to.Settings.Update.in.enableOptimization MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Missing.Authorization.to.Settings.Update.in.disableOptimization MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Missing.Authorization.to.Plugin.Data.Removal.in.reinitialize MEDIUM" "imagerecycle-pdf-image-compression 3.1.12 Reflected.XSS HIGH" "imagerecycle-pdf-image-compression 3.1.11 Reflected.XSS HIGH" "inline-svg-elementor No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "inactive-logout 3.2.3 Cross-Site.Request.Forgery MEDIUM" "inactive-logout 3.2.3 Missing.Authorization MEDIUM" "imagemapper No.known.fix Contributor+.Stored.XSS MEDIUM" "imagemapper No.known.fix Settings.Update.via.CSRF MEDIUM" "imagemapper No.known.fix Subscriber+.Arbitrary.Post.Deletion MEDIUM" "imagemapper No.known.fix Stored.XSS.via.CSRF HIGH" "ignitiondeck 1.10.0 Missing.Authorization MEDIUM" "instalinker 1.1.2 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "ithemes-mobile 1.2.8 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "iks-menu 1.11.2 Reflected.Cross-Site.Scripting MEDIUM" "iks-menu 1.9.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "infogram No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "incoming-links 0.9.10b referrers.php.XSS MEDIUM" "instawp-connect 0.1.0.86 Unauthenticated.Local.PHP.File.Inclusion HIGH" "instawp-connect 0.1.0.83 Unauthenticated.Local.File.Inclusion CRITICAL" "instawp-connect 0.1.0.84 Cross-Site.Request.Forgery.to.Local.File.Inclusion HIGH" "instawp-connect 0.1.0.45 Authentication.Bypass.to.Admin CRITICAL" "instawp-connect 0.1.0.39 Unauthenticated.Arbitrary.File.Upload CRITICAL" "instawp-connect 0.1.0.39 Missing.Authorization.to.Unauthenticated.API.setup/Arbitrary.Options.Update/Administrative.User.Creation CRITICAL" "instawp-connect 0.1.0.25 Missing.Authorization MEDIUM" "instawp-connect 0.1.0.23 Unauthenticated.Arbitrary.File.Upload CRITICAL" "instawp-connect 0.1.0.9 Authenticated.(Subscriber+).Remote.Code.Execution HIGH" "instawp-connect 0.1.0.10 Missing.Authorization.to.Sensitive.Information.Dislcosure MEDIUM" "instawp-connect 0.1.0.10 Authenticated.(Subscriber+).SQL.Injection HIGH" "instawp-connect 0.1.0.9 Missing.Authorization.to.Arbitrary.Options.Update HIGH" "instawp-connect 0.1.0.9 Cross-Site.Request.Forgery.via.create_file_db_manager MEDIUM" "instawp-connect 0.0.9.19 Unauthenticated.Data.Modification CRITICAL" "instantsearch-for-woocommerce No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ipblocklist No.known.fix CSRF MEDIUM" "iloveimg 1.0.6 iLoveIMG.<.1.0.6.-.Admin+.PHP.Object.Injection HIGH" "ipages-flipbook 1.5.2 Missing.Authorization MEDIUM" "ipages-flipbook 1.5.0 Authenticated.(Administrator+).SQL.Injection HIGH" "ipages-flipbook 1.4.7 Contributor+.Stored.XSS MEDIUM" "ipages-flipbook 1.4.3 Reflected.Cross-Site.Scripting HIGH" "idcrm-contacts-companies 1.0.3 Reflected.Cross-Site.Scripting MEDIUM" "information-for-help 0.0.3 Reflected.Cross-Site.Scripting MEDIUM" "image-alt-text 3.0.0 Missing.Authorization.to.Authenticated.(Subscriber+).Image.Alt.Text.Update MEDIUM" "image-mapper No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "instagram-feed 2.9.2 Reflected.Cross-Site.Scripting MEDIUM" "icalendrier 1.81 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ical-feeds No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "internal-links-generator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "import-eventbrite-events 1.7.5 Reflected.Cross-Site.Scripting MEDIUM" "idraw No.known.fix Authenticated.(Author+).Arbitrary.File.Upload HIGH" "info-cards 1.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "imgspider 2.3.11 Authenticated.(Contributor+).Arbitrary.File.Upload.via.'upload_img_file' HIGH" "imgspider 2.3.11 Authenticated.(Contributor+).Arbitrary.File.Upload.via.'upload' HIGH" "iva-business-hours-pro No.known.fix Unauthenticated.Arbitrary.File.Upload.to.RCE CRITICAL" "ink-official No.known.fix Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "import-users-from-csv 1.3 Authenticated.(Admin+).PHP.Object.Injection HIGH" "instagram-for-wordpress No.known.fix Contributor+.Stored.XSS MEDIUM" "image-upload-for-bbpress 1.1.20 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "image-upload-for-bbpress 1.1.19 Cross-Site.Request.Forgery.via.hm_bbpui_admin_page MEDIUM" "image-magnify No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "imagemagick-sharpen-resized-images No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ipanorama-pro 1.6.22 Reflected.Cross-Site.Scripting HIGH" "ithemes No.known.fix New-Password.Requirements.Not.Enforced.Until.second.Login HIGH" "i-recommend-this 3.9.0 Admin+.Stored.XSS LOW" "i-recommend-this 3.9.1 CSRF MEDIUM" "i-recommend-this 3.8.2 Authenticated.SQL.Injection HIGH" "ip-metaboxes No.known.fix Unauthenticated.Reflected.XSS HIGH" "ip-metaboxes No.known.fix Admin+.Stored.XSS LOW" "in-stock-mailer-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "issuupress No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "imageboss 3.0.6 Admin+.Stored.Cross-Site.Scripting LOW" "impreza 8.18 Reflected.Cross-Site.Scripting MEDIUM" "ia-map-analytics-basic No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "indexisto No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "image-content-show-hover No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "innovs-hr-manager No.known.fix Employee.Creation.via.CSRF MEDIUM" "innovs-hr-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "icegram-rainmaker 1.3.15 Missing.Authorization MEDIUM" "icegram-rainmaker 1.3.9 Contributor+.Stored.XSS MEDIUM" "image-hover-effects-visual-composer-extension 5.0 Contributor+.Stored.XSS MEDIUM" "image-hover-effects-addon-for-elementor 1.4.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.eihe_link.Parameter MEDIUM" "image-hover-effects-addon-for-elementor 1.4.2 Elementor.Addon.<.1.4.2.-.Authenticated(Contributor+).DOM-based.Stored.Cross-Site.Scripting.via.Image.Hover.Effects.Widget MEDIUM" "image-hover-effects-addon-for-elementor 1.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'eihe_align' MEDIUM" "image-hover-effects-addon-for-elementor 1.3.4 Elementor.Addon.<.1.3.4.-.Contributor+.Stored.XSS MEDIUM" "insert-headers-and-footers 2.0.13.1 Reflected.XSS HIGH" "insert-headers-and-footers 2.0.9 Arbitrary.Log.File.Deletion.via.CSRF MEDIUM" "insert-headers-and-footers 2.0.7 Contributor+.WPCode.Library.Auth.Key.Update/Deletion LOW" "interactive-geo-maps 1.6.25 Reflected.Cross-Site.Scripting HIGH" "interactive-geo-maps 1.6.1 Reflected.Cross-Site.Scripting MEDIUM" "interactive-geo-maps 1.5.11 Editor+.Stored.XSS LOW" "interactive-geo-maps 1.5.9 Contributor+.Stored.XSS MEDIUM" "interactive-geo-maps 1.5.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "image-hover-effects-elementor-addon No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "insert-estimated-reading-time No.known.fix Admin+.Stored.XSS LOW" "infusionsoft 1.5.12 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "infusionsoft 1.5.10 1.5.10.Arbitrary.File.Upload MEDIUM" "insertify No.known.fix Cross-Site.Request.Forgery.to.Remote.Code.Execution HIGH" "interactive-polish-map 1.2.1 Admin+.Stored.XSS LOW" "image-gallery 1.3.0 Image.Gallery.<.1.3.0.-.Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Plugin.Settings MEDIUM" "image-gallery 1.3.0 Image.Gallery.<.1.3.0.-.Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Deletion.and.Post.Title.Update MEDIUM" "image-gallery 1.3.0 Cross-Site.Request.Forgery.to.Plugin.Settings.Update MEDIUM" "icustomizer 1.5.0 Reflected.Cross-Site.Scripting.(XSS) HIGH" "inlinkz-scripter No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "invoicing 2.8.12 Missing.Authorization.via.column_subscription() MEDIUM" "invoicing 2.3.4 Authenticated.Stored.XSS HIGH" "internal-comments No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "internal-comments 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "infugrator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "idsk-toolkit No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "idsk-toolkit No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "infinite-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ipages-flipbook-pro 1.4.3 Reflected.Cross-Site.Scripting HIGH" "import-external-images No.known.fix CSRF MEDIUM" "integration-for-contact-form-7-and-google-sheets 1.1.0 Cross-Site.Request.Forgery MEDIUM" "ics-button No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "inline-tweets No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "icon 1.0.0.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "icon 1.0.0.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "interactive-uk-map 3.4.9 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting HIGH" "inavii-social-feed-for-elementor 2.1.3 Reflected.Cross-Site.Scripting MEDIUM" "icons-font-loader 1.1.5 Authenticated(Administrator+).Arbitrary.File.Upload MEDIUM" "icons-font-loader 1.1.2.1 Improper.Neutralization.of.Special.Elements.used.in.an.SQL.Command.('SQL.Injection') HIGH" "inventorypress No.known.fix Author+.Stored.XSS MEDIUM" "interactive-world-maps 2.5 Reflected.Cross-Site.Scripting MEDIUM" "import-spreadsheets-from-microsoft-excel 10.1.5 Authenticated.(Editor+).Arbitrary.File.Upload CRITICAL" "import-spreadsheets-from-microsoft-excel 10.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "improve-my-city No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "integration-of-capsule-crm-for-contact-form-7 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "integration-of-capsule-crm-for-contact-form-7 No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "icegram 3.1.32 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "icegram 3.1.32 Author+.Stored.XSS MEDIUM" "icegram 3.1.32 Admin+.Stored.XSS LOW" "icegram 3.1.32 Admin+.Stored.XSS LOW" "icegram 3.1.26 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "icegram 3.1.25 Missing.Authorization MEDIUM" "icegram 3.1.25 Missing.Authorization.to.Unauthenticated.Message.Duplication MEDIUM" "icegram 3.1.22 Contributor+.Campaign.Status.Toggle./.Duplication LOW" "icegram 3.1.19 Cross-Site.Request.Forgery.via.save_campaign_preview MEDIUM" "icegram 3.1.20 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Campaign.Message MEDIUM" "icegram 3.1.12 Reflected.XSS HIGH" "icegram 2.1.8 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "icegram 2.0.5 Reflected.Cross-Site.Scripting MEDIUM" "icegram 2.0.3 Admin+.Stored.Cross-Site.Scripting LOW" "icegram 1.10.29 CSRF.to.Stored.XSS MEDIUM" "icegram 1.9.19 Cross-Site.Request.Forgery.(CSRF).&.XSS MEDIUM" "import-csv-files No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "insert-php 2.5.1 Woody.code.snippets.–.Insert.Header.Footer.Code,.AdSense.Ads.<.2,5,1.-Authenticated.(Contributor+).Remote.Code.Execution CRITICAL" "insert-php 2.5.1 Admin+.Stored.XSS MEDIUM" "insert-php 2.4.6 Reflected.Cross-Site.Scripting MEDIUM" "insert-php 2.3.10 Arbitrary.Settings.Update.via.CSRF MEDIUM" "insert-php 2.3.10 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "insert-php 2.2.9 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "insert-php 2.2.6 Arbitrary.Post.Deletion MEDIUM" "insert-php 2.2.5 Multiple.issues.leading.to.RCE HIGH" "instant-appointment No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "instant-appointment No.known.fix Unauthenticated.SQL.Injection HIGH" "ip-blacklist-cloud No.known.fix Admin+.Stored.XSS LOW" "ip-blacklist-cloud No.known.fix Admin+.SQLi MEDIUM" "ip-blacklist-cloud 3.43 Admin+.Arbitrary.File.Disclosure MEDIUM" "imagenius No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "information-reel 10.1 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "immotoolbox-connect 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "inspirational-quote-rotator No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "instant-images 6.1.1 Author+.Arbitrary.Options.Update HIGH" "instant-images 5.2.0 Author+.SSRF LOW" "instant-images 4.4.0.1 Authenticated.Stored.XSS.&.XFS MEDIUM" "ideapush 8.73 Missing.Authorization MEDIUM" "ideapush 8.72 Missing.Authorization.to.Board.Term.Deletion MEDIUM" "ideapush 8.71 Cross-Site.Request.Forgery MEDIUM" "ideapush 8.69 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ideapush 8.66 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "ideapush 8.61 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "ideapush 8.58 Subscriber+.Memory.Tab/Routine/Taxonomy.Creation MEDIUM" "ideapush 8.53 Admin+.Stored.XSS LOW" "ideal-interactive-map No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ics-calendar 10.12.0.2 Authenticated(Contributor+).Directory.Traversal.via._url_get_contents MEDIUM" "integration-for-billingo-gravity-forms 1.0.4 Multiple.CSRF MEDIUM" "insight-core No.known.fix Subscriber+.PHP.Object.Injection.&.Stored.XSS MEDIUM" "invitation-code-content-access 1.5.5 Reflected.Cross-Site.Scripting MEDIUM" "ip2location-variables 2.9.6 Cross-Site.Request.Forgery MEDIUM" "idonate No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "idonate 2.0.0 Admin+.Stored.XSS LOW" "infunding No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "itempropwp No.known.fix Admin+.Stored.XSS LOW" "iamport-for-woocommerce 3.2.6 Reflected.Cross-Site.Scripting MEDIUM" "iframe-forms No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "infusionsoft-web-form-javascript No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "image-hover-effects-css3 No.known.fix Admin+.Stored.XSS LOW" "image-protector No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "ip2location-redirection 1.33.4 Missing.Authorization.to.Unauthenticated.Settings.Export MEDIUM" "icon-list-block 1.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "integration-for-contact-form-7-and-pipedrive 1.2.1 Cross-Site.Request.Forgery MEDIUM" "integration-for-contact-form-7-and-pipedrive 1.1.1 Reflected.Cross-Site.Scripting HIGH" "images-optimize-and-upload-cf7 No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "import-export-for-woocommerce No.known.fix Subscriber+.Arbitrary.File.Upload CRITICAL" "infinite-scroll No.known.fix Cross-Site.Request.Forgery.to.Plugin.Settings.Update MEDIUM" "invite-anyone 1.4.8 Reflected.Cross-Site.Scripting MEDIUM" "invite-anyone 1.3.19 Unauthenticated.PHP.Object.Injection CRITICAL" "invite-anyone 1.3.16 Multiple.Issues MEDIUM" "indeed-membership-pro 12.8 Unauthenticated.PHP.Object.Injection HIGH" "indeed-membership-pro 12.8 Unauthenticated.Privilege.Escalation CRITICAL" "indeed-membership-pro 12.8 Reflected.Cross-Site.Scripting HIGH" "icdsoft-reseller-store 2.5.0 Reflected.Cross-Site.Scripting MEDIUM" "import-users-from-csv-with-meta 1.27.13 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "import-users-from-csv-with-meta 1.27.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "import-users-from-csv-with-meta 1.26.9 Unauthenticated.Information.Exposure MEDIUM" "import-users-from-csv-with-meta 1.26.7 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "import-users-from-csv-with-meta 1.26.7 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "import-users-from-csv-with-meta 1.26.6 Missing.Authorization MEDIUM" "import-users-from-csv-with-meta 1.26.3 Authenticated.(Admin+).PHP.Object.Injection HIGH" "import-users-from-csv-with-meta 1.24.7 Missing.Authorization.via.fire_cron.REST.endpoint MEDIUM" "import-users-from-csv-with-meta 1.24.4 Contributor+.Stored.XSS MEDIUM" "import-users-from-csv-with-meta 1.24.3 Admin+.Arbitrary.File.Read/Deletion MEDIUM" "import-users-from-csv-with-meta 1.20.5 Subscriber+.CSV.Injection MEDIUM" "import-users-from-csv-with-meta 1.19.2.1 Admin+.Stored.Cross-Site.Scripting LOW" "import-users-from-csv-with-meta 1.16.3.6 CSV.Injection MEDIUM" "import-users-from-csv-with-meta 1.15.0.1 Unauthorised.Authenticated.Users.Export LOW" "import-users-from-csv-with-meta 1.14.2.2 CSRF.leading.to.attachment.deletion.&.Path.Traversal HIGH" "import-users-from-csv-with-meta 1.14.1.3 XSS MEDIUM" "import-users-from-csv-with-meta 1.14.0.3 XSS.and.CSRF HIGH" "import-users-from-csv-with-meta 1.12.1 Import.Cross-Site.Scripting.(XSS) MEDIUM" "include-mastodon-feed 1.9.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "include-mastodon-feed 1.9.6 Contributor+.Stored.XSS MEDIUM" "ibryl-switch-user No.known.fix Authenticated.(Subscriber+).Privilege.Escalation.via.Account.Takeover HIGH" "intelly-posts-footer-manager No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "intelly-posts-footer-manager 2.2.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "import-legacy-media No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "icafe-library No.known.fix Authenticated.(Editor+).SQL.Injection MEDIUM" "integrate-automate No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "integrate-automate 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "iq-block-country 1.2.20 Protection.Bypass.due.to.IP.Spoofing MEDIUM" "iq-block-country 1.2.13 Admin+.Arbitrary.File.Deletion.via.Zip.Slip MEDIUM" "iq-block-country 1.2.12 Admin+.Stored.Cross-Site.Scripting LOW" "iq-block-country 1.1.20 Reflected.Cross-Site.Scripting.(XSS) CRITICAL" "image-switcher No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "image-switcher No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "import-shopify-to-woocommerce 1.1.13 Import.Shopify.to.WooCommerce.<.1.1.13.-.Admin+.Arbitrary.File.Access MEDIUM" "internal-link-flow-topical-authority-topical-map No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "insert-pages 3.7.5 Contributor+.Stored.XSS MEDIUM" "insert-pages 3.7.0 Contributor+.Arbitrary.Posts/Pages.Access MEDIUM" "insert-pages 3.7.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "insert-pages 3.2.4 Directory.Traversal CRITICAL" "ipushpull 2.3.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "image-hover-effects-ultimate-visual-composer 2.6.1 Authenticated.Arbitrary.Options.Update HIGH" "ip-based-login 2.4.1 Log.Deletion.via.CSRF MEDIUM" "ip-based-login 2.4.1 Admin+.Stored.XSS LOW" "imagemeta No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "iworks-pwa 1.6.4 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "integration-for-gravity-forms-and-pipedrive 1.0.7 Reflected.Cross-Site.Scripting HIGH" "image-carousel-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "invitation-based-registrations No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "insert-post-ads No.known.fix Missing.Authorization MEDIUM" "inpost-for-woocommerce 1.4.5 Missing.Authorization.to.Unauthenticated.Arbitrary.File.Read.and.Delete CRITICAL" "imagelinks-pro 1.5.3 Reflected.Cross-Site.Scripting HIGH" "infusionsoft-web-tracker No.known.fix Cross-Site.Request.Forgery MEDIUM" "image-export No.known.fix Directory.Traversal CRITICAL" "ichart 2.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.width.Parameter MEDIUM" "images-to-webp 1.9 Authenticated.Local.File.Inclusion LOW" "images-to-webp 1.9 Multiple.Cross.Site.Request.Forgery.(CSRF) MEDIUM" "intelly-related-posts 3.8.0 Admin+.Stored.XSS LOW" "intelly-related-posts 3.7.0 Reflected.XSS HIGH" "intelly-related-posts 3.4.0 Tracking.Toggle.via.CSRF MEDIUM" "intelly-related-posts 3.6.0 Subscriber+.Password.Protected.Post.Read MEDIUM" "intelly-related-posts 3.5.0 Admin+.Stored.XSS LOW" "intelly-related-posts 3.0.5 Admin+.Cross-Site.Scripting LOW" "idbbee No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "interactive-image-map-builder 1.1 Admin+.Stored.XSS LOW" "image-source-control-isc 2.28.1 Reflected.Cross-Site.Scripting MEDIUM" "image-source-control-isc 2.29.1 Reflected.Cross-Site.Scripting MEDIUM" "image-source-control-isc 2.17.1 Sensitive.Information.Exposure.via.Log.File MEDIUM" "image-source-control-isc 2.3.1 Contributor+.Arbitrary.Post.Meta.Value.Change MEDIUM" "indieblocks 0.13.2 Unauthenticated.Server-Side.Request.Forgery HIGH" "insert-php-code-snippet 1.3.7 Cross-Site.Request.Forgery.to.Code.Snippet.Activate/Deactivate/Deletion MEDIUM" "insert-php-code-snippet 1.3.5 Admin+.Stored.XSS LOW" "images-optimizer No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Download MEDIUM" "issues-tracker 1.2.3 Reflected.Cross-Site.Scripting MEDIUM" "issues-tracker 1.0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "isee-products-extractor 2.1.4 .Reflected.Cross-Site.Scripting HIGH" "iubenda-cookie-law-solution 3.3.3 Subscriber+.Privileges.Escalation.to.Admin HIGH" "incredible-font-awesome No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "image-hover-effects 5.6 Caption.Settings.Update.via.CSRF MEDIUM" "image-hover-effects 5.5 Admin+.Stored.XSS LOW" "image-slider-widget 1.1.127 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "image-slider-widget 1.1.123 Arbitrary.Post.Duplication.via.CSRF MEDIUM" "interactive-medical-drawing-of-human-body 2.6 Admin+.Stored.XSS LOW" "iws-geo-form-fields No.known.fix Geo.Form.Fields.<=.1.0.-.Unauthenticated.SQLi HIGH" "icon-widget-with-links No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "instantio 1.2.6 CSRF.Bypass MEDIUM" "jet-woo-product-gallery 2.1.22.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jm-twitter-cards 14.1.0 Password.Protected.Post.Access MEDIUM" "jet-theme-core 2.2.1 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "jazz-popups No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting HIGH" "journey-analytics 1.0.13 Unauthorised.AJAX.call.via.CSRF MEDIUM" "job-portal No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "jquery-reply-to-comment No.known.fix CSRF.to.Stored.Cross-Site.Scripting HIGH" "justified-image-grid No.known.fix Unauthenticated.Server-Side.Request.Forgery MEDIUM" "joli-table-of-contents 2.0.10 Reflected.Cross-Site.Scripting MEDIUM" "joli-table-of-contents 1.3.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "jetpack-boost 3.4.8 Contributor+.Stored.XSS MEDIUM" "jetpack-boost 3.4.7 Admin+.SSRF MEDIUM" "jsm-show-post-meta 4.6.1 Missing.Authorization MEDIUM" "jquery-news-ticker 3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "jquery-news-ticker 3.1 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "jeeng-push-notifications 2.0.4 Admin+.Stored.Cross-Site.Scripting LOW" "justified-image-gallery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jet-tabs 2.2.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jet-tabs 2.2.3.1 Authenticated.(Contributor+).Arbitrary.Local.File.Inclusion HIGH" "jivochat 1.3.5.4 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "jquery-validation-for-contact-form-7 5.3 Arbitrary.Options.Update.via.CSRF HIGH" "javascript-logic No.known.fix CSRF.to.Stored.XSS HIGH" "jtrt-responsive-tables No.known.fix Cross-Site.Request.Forgery MEDIUM" "jtrt-responsive-tables 4.1.2 JTRT.Responsive.Tables.<.4,1,2.–.Authenticated.SQL.Injection HIGH" "js-support-ticket 2.9.3 Unauthenticated.SQL.Injection HIGH" "js-support-ticket 2.9.3 Unauthenticated.Local.File.Inclusion CRITICAL" "js-support-ticket 2.9.3 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "js-support-ticket 2.9.3 Missing.Authorization MEDIUM" "js-support-ticket 2.9.2 Unauthenticated.Arbitrary.File.Download HIGH" "js-support-ticket 2.8.9 Unauthenticated.Sensitive.Information.Exposure.Through.Unprotected.Directory HIGH" "js-support-ticket 2.8.9 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "js-support-ticket 2.8.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "js-support-ticket 2.8.7 Unauthenticated.PHP.Code.Injection.to.Remote.Code.Execution CRITICAL" "js-support-ticket 2.8.4 Missing.Authorization MEDIUM" "js-support-ticket 2.8.2 Unauthenticated.SQL.Injection.via.email.and.trackingid CRITICAL" "js-support-ticket 2.7.8 Best.Help.Desk.&.Support.<.2.7.8.-.Subscriber+.Ticket.Manipulation.via.IDOR MEDIUM" "js-support-ticket 2.7.2 CSRF MEDIUM" "js-support-ticket 2.0.6 CSRF HIGH" "just-tables 1.5.0 Cross-Site.Request.Forgery MEDIUM" "jayj-quicktag 1.3.2 CSRF HIGH" "job-board-manager No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "job-board-manager No.known.fix Missing.Authorization MEDIUM" "job-board-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "job-board-manager 2.1.60 Cross-Site.Request.Forgery MEDIUM" "job-board-manager No.known.fix Missing.Authorization MEDIUM" "job-board-manager 2.1.59 Subscriber+.Stored.XSS HIGH" "jobwp 2.4.0 Unauthenticated.SQL.Injection HIGH" "jobwp 2.4.0 Cross-Site.Request.Forgery MEDIUM" "jobwp 2.2 Sensitive.Information.Exposure HIGH" "jobwp 2.0 Reflected.Cross-Site.Scripting MEDIUM" "jquery-drop-down-menu-plugin No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "jt-express 2.0.15 Reflected.Cross-Site.Scripting.via.[placeholder] MEDIUM" "joomsport-sports-league-results-management 5.6.18 Reflected.Cross-Site.Scripting.via.page HIGH" "joomsport-sports-league-results-management 5.6.4 Missing.Authorization MEDIUM" "joomsport-sports-league-results-management 5.5.7 Missing.Authorization MEDIUM" "joomsport-sports-league-results-management 5.2.8 Unauthenticated.SQLi HIGH" "joomsport-sports-league-results-management 5.2.6 Admin+.SQLi MEDIUM" "joomsport-sports-league-results-management 5.1.8 Unauthenticated.PHP.Object.Injection MEDIUM" "joomsport-sports-league-results-management 3.4 SQL.Injection CRITICAL" "jsp-store-locator No.known.fix Contributor+.SQL.Injection HIGH" "jsp-store-locator No.known.fix Deletion.via.Missing.CSRF MEDIUM" "jetgridbuilder 1.1.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "jvm-rich-text-icons 1.2.4 Subscriber+.Arbitrary.File.Upload HIGH" "jvm-rich-text-icons 1.2.7 Subscriber+.Arbitrary.File.Deletion HIGH" "jet-search 3.5.7.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jet-search 3.5.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jalbum-bridge 2.0.18 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jalbum-bridge 2.0.19 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jalbum-bridge 2.0.17 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.ar.Parameter MEDIUM" "jibu-pro No.known.fix Stored.XSS MEDIUM" "jet-blog 2.4.3.1 Missing.Authorization MEDIUM" "jet-blog 2.4.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jet-smart-filters 3.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "just-wp-variables No.known.fix Cross-Site.Request.Forgery MEDIUM" "jwp-a11y No.known.fix Admin+.Stored.XSS LOW" "jetwoo-widgets-for-elementor 1.1.8 Authenticated.(Contributor+).Limited.Local.File.Inclusion HIGH" "justified-gallery 1.8.0b1 Reflected.Cross-Site.Scripting MEDIUM" "justified-gallery 1.7.1 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "justified-gallery 1.5.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "jb-horizontal-scroller-news-ticker No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "joli-clear-lightbox No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "joli-clear-lightbox 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "jsfiddle-shortcode 1.1.3 Contributor+.XSS.via.Shortcode MEDIUM" "jquery-collapse-o-matic No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "jquery-collapse-o-matic 1.8.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "jquery-collapse-o-matic No.known.fix Contributor+.Stored.XSS MEDIUM" "jquery-collapse-o-matic 1.8.3 Contributor+.Stored.XSS MEDIUM" "jquery-vertical-accordion-menu No.known.fix Contributor+.Stored.XSS MEDIUM" "jetpackcrm-ext-woo-connect 2.13 Unauthorized.Invoice.Disclosure LOW" "js-vehicle-manager No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "jiangqie-official-website-mini-program No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "jiangqie-official-website-mini-program 1.1.1 Authenticated.SQL.Injection CRITICAL" "joli-faq-seo 1.3.3 Cross-Site.Request.Forgery MEDIUM" "joli-faq-seo 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "joli-faq-seo 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "jreviews No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "js-css-script-optimizer No.known.fix Cross-Site.Request.Forgery MEDIUM" "jk-html-to-pdf No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "json-content-importer 1.6.0 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "json-content-importer 1.5.4 Reflected.XSS HIGH" "json-content-importer 1.3.16 Admin+.Stored.XSS LOW" "jc-ajax-search-for-woocommerce 1.0.3 Reflected.Cross-Site.Scripting MEDIUM" "jazzcash-woocommerce-gateway No.known.fix Reflected.Cross-Site.Scripting HIGH" "jp-staticpagex No.known.fix Arbitrary.Settings.Update.via.CSRF.to.Stored.XSS MEDIUM" "job-board-vanilla No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "jet-menu 2.4.9.1 Missing.Authorization MEDIUM" "job-postings 2.7.12 Authenticated.(Subscriber+).Arbitrary.File.Read MEDIUM" "job-postings 2.7.11 Contributor+.Stored.XSS MEDIUM" "job-postings 2.7.8 Contributor+.Stored.XSS MEDIUM" "job-postings 2.7.6 Reflected.Cross-Site.Scripting.via.job-search MEDIUM" "job-postings 2.7.6 Reflected.Cross-Site.Scripting MEDIUM" "job-postings 2.7.4 Contributor+.Stored.XSS MEDIUM" "job-postings 2.5.11 Admin+.Stored.XSS LOW" "job-postings 2.6.0 Author+.Stored.XSS MEDIUM" "jlayer-parallax-slider-wp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "jsmol2wp No.known.fix Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "jsmol2wp No.known.fix Unauthenticated.Server.Side.Request.Forgery.(SSRF) HIGH" "joan 5.6.2 Arbitrary.Plugin's.Settings.Update.via.CSRF MEDIUM" "joan 5.6.3 Authenticated.Stored.Cross-Site.Scripting LOW" "joan 5.6.2 Reflected.Cross-Site.Scripting HIGH" "jobboardwp 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "jobboardwp 1.2.2 Unauthenticated.Arbitrary.File.Upload CRITICAL" "jobboardwp 1.1.0 Admin+.Stored.Cross-Site.Scripting LOW" "jet-elements 2.7.4.2 Missing.Authorization MEDIUM" "jet-elements 2.7.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jet-elements 2.7.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "jet-elements 2.6.20.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jet-elements 2.6.20.1 Authenticated.(Contributor+).Arbitrary.Local.File.Inclusion HIGH" "jet-elements 2.6.13.1 Missing.Authorization.to.Unauthenticated.Arbitrary.Attachment.Download MEDIUM" "jh-404-logger No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "judgeme-product-reviews-woocommerce 1.3.21 Contributor+.Stored.XSS MEDIUM" "jekyll-exporter 2.2.1 Unauthenticated.RCE.via.PHPUnit CRITICAL" "jet-footer-code No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "jungbillig-portfolio-gallery No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "jquery-tagline-rotator No.known.fix Reflected.Cross-Site.Scripting HIGH" "job-board 1.1.4 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "job-board 1.0.1 Admin+.Stored.XSS LOW" "jonradio-private-site 3.1.0 Improper.Access.Control.to.Sensitive.Information.Exposure.via.REST.API MEDIUM" "jonradio-private-site 3.0.8 Arbitrary.Settings.Update.via.CSRF MEDIUM" "job-board-light No.known.fix Authenticated.(Employer+).Insecure.Direct.Object.Reference MEDIUM" "job-board-light No.known.fix Missing.Authorization MEDIUM" "job-board-light 1.2.7 Unauthenticated.Arbitrary.File.Upload CRITICAL" "jigoshop-exporter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "jch-optimize 4.2.1 Authenticated.(Subscriber+).Directory.Traversal MEDIUM" "jch-optimize 3.2.3 Admin+.Stored.XSS LOW" "just-custom-fields No.known.fix Cross-Site.Request.Forgery.via.AJAX.actions MEDIUM" "just-custom-fields No.known.fix Missing.Authorization.via.AJAX.actions MEDIUM" "just-custom-fields No.known.fix Cross-Site.Request.Forgery.on.AJAX.Actions MEDIUM" "just-custom-fields No.known.fix Missing.Authorization.on.AJAX.Actions MEDIUM" "jquery-t-countdown-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.tminus.Shortcode MEDIUM" "jquery-t-countdown-widget 2.3.24 Contributor+.Stored.XSS MEDIUM" "jetpack 14.1-a.1 Unauthenticated.DOM-XSS MEDIUM" "jetpack 13.6.1 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 12.6.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 11.0.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 9.2.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 7.6.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 5.8.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 4.2.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 8.3.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 6.7.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 6.5.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 4.9.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 12.7.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 11.7.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 10.1.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 5.6.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 4.0.7 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.4.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 12.4.1 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 10.8.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 9.0.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 7.4.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 11.5.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 9.9.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 8.1.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 6.3.7 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 4.7.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 5.4.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.2.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 12.2.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 10.6.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 8.8.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 7.2.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 11.3.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 9.7.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 9.5.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 7.9.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 6.1.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 4.5.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.9.1 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 8.6.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 7.0.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 5.2.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.0.1 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 12.0.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 10.4.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.7.1 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 11.1.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 9.3.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 7.7.6 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 5.9.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 4.3.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 8.4.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 6.8.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 6.6.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 5.0.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 12.8.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 11.8.6 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 10.2.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 5.7.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 4.1.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.5.1 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 12.5.1 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 10.9.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 9.1.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 7.5.7 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 8.2.6 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 6.4.6 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 4.8.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 11.6.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 10.0.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 5.5.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 3.9.10 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.3.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 12.3.1 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 10.7.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 8.9.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 7.3.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 11.4.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 9.8.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 9.6.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 8.0.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 6.2.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 4.6.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 5.3.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.1.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 12.1.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 10.5.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 8.7.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 7.1.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.8.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 11.2.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 9.4.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 7.8.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 6.0.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 4.4.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 8.5.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 6.9.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 5.1.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 12.9.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 11.9.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 10.3.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.8 Unauthenticated.Arbitrary.Block.&.Shortcode.Execution MEDIUM" "jetpack 13.8 Contributor+.Stored.XSS MEDIUM" "jetpack 13.4 Contributor+.Stored.Cross-Site.Scripting.via.wpvideo.Shortcode MEDIUM" "jetpack 13.2.1 Contributor+.Stored.XSS MEDIUM" "jetpack 12.7 Improper.Authorization.via.WPCom.External.Media.REST.endpoints MEDIUM" "jetpack 12.8-a.3 Contributor+.Stored.XSS.via.block.attribute MEDIUM" "jetpack 12.7 Authenticated(Contributor+).Clickjacking.via.Iframe.Injection MEDIUM" "jetpack 12.1.1 Author+.Arbitrary.File.Manipulation.via.API HIGH" "jetpack 9.8 Carousel.Module.Non-Published.Page/Post.Attachment.Comment.Leak MEDIUM" "jetpack 7.9.1 Vulnerability.in.Shortcode.Embed.Code MEDIUM" "jetpack 6.5 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "jetpack 4.0.4 Multiple.Vulnerabilities MEDIUM" "json-api-user 3.9.4 Unauthenticated.Privilege.Escalation CRITICAL" "jupiterx-core 4.8.12 Unauthenticated.PHP.Object.Injection.via.PHAR HIGH" "jupiterx-core 4.8.8 Authenticated.(Contributor+).SVG.Upload.to.Local.File.Inclusion.(Remote.Code.Execution) HIGH" "jupiterx-core 4.8.8 Authenticated.(Contributor+).Arbitrary.File.Read MEDIUM" "jupiterx-core 4.8.6 Missing.Authorization.to.Unauthenticated.Popup.Template.Export MEDIUM" "jupiterx-core 4.8.6 Missing.Authorization.to.Authenticated.Library.Sync MEDIUM" "jupiterx-core 4.7.8 Limited.Unauthenticated.Authentication.Bypass.to.Account.Takeover HIGH" "jupiterx-core 4.6.6 Unauthenticated.Arbitrary.File.Upload CRITICAL" "jupiterx-core 3.4.3 Unauthenticated.Privilege.Escalation CRITICAL" "jupiterx-core 3.3.8 Unauthenticated.Arbitrary.File.Upload CRITICAL" "jupiterx-core 4.6.9 Unauthenticated.Arbitrary.File.Download HIGH" "jupiterx-core 2.0.7 Subscriber+.Arbitrary.Plugin.Deactivation.and.Settings.Update MEDIUM" "jupiterx-core 2.0.8 Subscriber+.Privilege.Escalation.and.Post.Deletion CRITICAL" "jupiterx-core 2.0.7 Information.Disclosure,.Modification,.and.Denial.of.Service MEDIUM" "js-jobs No.known.fix Unauthenticated.SQL.Injection HIGH" "js-jobs No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "js-jobs No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "js-jobs No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "js-jobs No.known.fix Missing.Authorization MEDIUM" "js-jobs No.known.fix Authenticated.Insecure.Direct.Object.Reference MEDIUM" "js-jobs 2.0.1 Multiple.CSRF MEDIUM" "js-jobs 2.0.1 Missing.Authorization MEDIUM" "js-jobs 2.0.1 Subscriber+.Stored.XSS HIGH" "js-jobs 1.1.9 Unauthenticated.Arbitrary.Plugin.Installation/Activation CRITICAL" "js-jobs 1.0.7 CSRF HIGH" "jetwidgets-for-elementor 1.0.19 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "jetwidgets-for-elementor 1.0.18 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.layout_type.and.id.Parameters MEDIUM" "jetwidgets-for-elementor 1.0.17 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Widget.Button.URL MEDIUM" "jetwidgets-for-elementor 1.0.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Animated.Box.Widget MEDIUM" "jetwidgets-for-elementor 1.0.13 Settings.Update.via.CSRF MEDIUM" "jetwidgets-for-elementor 1.0.14 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "jetwidgets-for-elementor 1.0.9 Contributor+.Stored.XSS MEDIUM" "jet-blocks 1.3.16.1 Missing.Authorization MEDIUM" "jet-blocks 1.3.16.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jet-blocks 1.3.12.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jet-blocks 1.3.8.1 Reflected.Cross.Site.Scripting MEDIUM" "jcarousel-for-wordpress No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "jc-importer 2.14.6 Unauthenticated.Sensitive.Information.Exposure.Through.Unprotected.Directory HIGH" "jc-importer 2.13.1 Admin+.Server-side.Request.Forgery MEDIUM" "jc-importer 2.4.6 Admin+.Arbitrary.File.Upload.to.RCE MEDIUM" "juicer 1.11 Contributor+.Stored.XSS MEDIUM" "jet-woo-builder 2.1.18.1 Missing.Authorization MEDIUM" "jet-woo-builder 2.1.18.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "jquery-accordion-slideshow 8.2 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "job-manager-career 1.4.5 Cross-Site.Request.Forgery.to.PHP.Object.Injection HIGH" "job-manager-career 1.4.4 Directory.listing.to.Sensitive.Data.Exposure HIGH" "js-twentytwenty No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jiangqie-free-mini-program No.known.fix Unauthenticated.Arbitrary.File.Uplaod CRITICAL" "jet-engine 3.6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jet-engine 3.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.list_tag.Parameter MEDIUM" "jet-engine 3.2.5 Authenticated.(Contributor+).Privilege.Escalation HIGH" "jet-engine 3.2.5 Missing.Authorization HIGH" "jet-engine 3.1.3.1 Author+.Remote.Code.Execution HIGH" "jetformbuilder 3.3.4.2 Authenticated.(Administrator+).Privilege.Escalation HIGH" "jetformbuilder 3.1.5 Unauthenticated.Content.Injection MEDIUM" "jetformbuilder 3.0.7 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "jds-portfolio No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "jet-compare-wishlist 1.5.10 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "jetpack-feedback-exporter No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "jet-popup 2.0.12 Missing.Authorization MEDIUM" "jw-player-7-for-wp No.known.fix Missing.Authorization MEDIUM" "job-manager No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "job-manager No.known.fix .Insecure.Direct.Object.Reference.(IDOR) MEDIUM" "job-manager 0.7.25 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "justrows-free No.known.fix Reflected.XSS HIGH" "joomdev-wp-pros-cons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "json-structuring-markup No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "jet-reviews 2.3.7 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "jf3-maintenance-mode 2.1.0 IP.Spoofing.to.Maintenance.Mode.Bypass MEDIUM" "just-post-preview No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "jigoshop-store-toolkit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "joy-of-text No.known.fix Missing.Authorization MEDIUM" "joy-of-text No.known.fix Settings.Update.via.CSRF MEDIUM" "joy-of-text 2.3.1 Unauthenticated.SQLi HIGH" "jemployee No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "just-writing-statistics 5.4 Missing.Authorization MEDIUM" "just-writing-statistics 4.8 Authenticated.(Administrator+).SQL.Injection MEDIUM" "just-writing-statistics 4.6 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "javo-core 3.0.0.266 Unauthenticated.Privilege.Escalation.in.ajax_signup CRITICAL" "jma-youtube-playlists-with-schema No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jet-skinner-for-buddypress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "jeg-elementor-kit 2.6.12 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Countdown.and.Off-Canvas MEDIUM" "jeg-elementor-kit 2.6.10 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.sg_content_template MEDIUM" "jeg-elementor-kit 2.6.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.JKit.-.Countdown.Widget MEDIUM" "jeg-elementor-kit 2.6.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jeg-elementor-kit 2.6.8 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File MEDIUM" "jeg-elementor-kit 2.6.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.JKit.-.Tabs.and.JKit.-.Accordion.Widgets MEDIUM" "jeg-elementor-kit 2.6.5 Contributor+.Stored.XSS.via.Countdown.Widget MEDIUM" "jeg-elementor-kit 2.6.5 Contributor+.Stored.XSS.via.Elementor.Widget.URL.Custom.Attributes MEDIUM" "jeg-elementor-kit 2.6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.JKit.-.Banner MEDIUM" "jeg-elementor-kit 2.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Box MEDIUM" "jeg-elementor-kit 2.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Testimonial MEDIUM" "jeg-elementor-kit 2.6.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "jeg-elementor-kit 2.5.7 Subscriber+.Authorization.Bypass MEDIUM" "jeg-elementor-kit 2.5.7 Unauthenticated.Settings.Update MEDIUM" "jet-tricks 1.5.1.1 Missing.Authorization MEDIUM" "jobcareer No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Multiple.Administrative.Actions HIGH" "kingcomposer No.known.fix Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "kingcomposer No.known.fix Open.Redirect MEDIUM" "kingcomposer 2.9.5 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "kingcomposer 2.9.4 Multiple.Critical.Issues CRITICAL" "kingcomposer 2.8.2 Authenticated.Stored.XSS HIGH" "kingcomposer 2.8.1 Reflected.Cross-Site.Scripting MEDIUM" "kodex-posts-likes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kodex-posts-likes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kodex-posts-likes No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "kodex-posts-likes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kodex-posts-likes 2.5.0 Settings.Update.via.CSRF MEDIUM" "kh-easy-user-settings No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "kama-spamblock 1.8.3 Reflected.Cross-Site.Scripting MEDIUM" "kvoucher No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kvoucher No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "kadence-starter-templates 1.2.17 Admin+.PHP.Object.Injection MEDIUM" "kaya-qr-code-generator 1.5.3 Contributor+.Stored.XSS MEDIUM" "kiwi-logo-carousel 1.7.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "knight-lab-timelinejs No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "knight-lab-timelinejs 3.9.3.4 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "knight-lab-timelinejs 3.7.0.0 Outdated.TimelineJS.library.could.Lead.to.Stored.XSS MEDIUM" "kadence-blocks 3.4.10 Contributor+.Stored.XSS MEDIUM" "kadence-blocks 3.3.2 Missing.Authorization MEDIUM" "kadence-blocks 3.4.3 Authenticated.(contributor+).Stored.Cross-Site.Scripting.via.Button.Link MEDIUM" "kadence-blocks 3.2.54 Admin+.Stored.XSS LOW" "kadence-blocks 3.2.54 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "kadence-blocks 3.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kadence-blocks 3.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Icon.Widget MEDIUM" "kadence-blocks 3.2.53 Contributor+.Stored.XSS MEDIUM" "kadence-blocks 3.2.46 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.HTML.Data.Attributes MEDIUM" "kadence-blocks 3.2.43 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.in.Google.Maps.Widget MEDIUM" "kadence-blocks 3.2.39 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.titleFont.Parameter MEDIUM" "kadence-blocks 3.2.37 Contributor+.Stored.XSS MEDIUM" "kadence-blocks 3.2.38 Contributor+.Stored.Cross-Site.Scripting.via.Typer.Effect MEDIUM" "kadence-blocks 3.2.38 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "kadence-blocks 3.2.37 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Timer MEDIUM" "kadence-blocks 3.2.37 Contributor+.Stored.Cross-Site.Scripting.via.Block.Link MEDIUM" "kadence-blocks 3.2.35 Contributor+.Stored.XSS MEDIUM" "kadence-blocks 3.2.12 Contributor+.Server-Side.Request.Forgery HIGH" "kadence-blocks 3.2.32 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.and.CountUp.Widget MEDIUM" "kadence-blocks 3.2.18 Authenticated(Editor+).Stored.Cross-Site.Scripting.via.Contact.Form.Message.Settings MEDIUM" "kadence-blocks 3.2.26 Authenticated.(Author+).Server-Side.Request.Forgery MEDIUM" "kadence-blocks 3.2.20 Contributor+.Server-Side.Request.Forgery MEDIUM" "kadence-blocks 3.2.26 Contributor+.Stored.XSS MEDIUM" "kadence-blocks 3.2.26 Contributor+.Stored.XSS MEDIUM" "kadence-blocks 3.2.26 Contributor+.Stored.XSS MEDIUM" "kadence-blocks 3.2.24 Contributor+.Stored.XSS MEDIUM" "kv-tinymce-editor-fonts No.known.fix Font.List.Update.via.CSRF MEDIUM" "kundgenerator 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "ksher-payment 1.1.3 Missing.Authorization MEDIUM" "ksher-payment 1.1.2 Missing.Authorization MEDIUM" "knr-author-list-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "knr-author-list-widget 3.0.0 Unauthenticated.SQL.Injection CRITICAL" "ko-fi-button 1.3.3 Admin+.Stored.XSS LOW" "kredeum-nfts 1.6.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kioken-blocks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "kapost-byline No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "kp-fastest-tawk-to-chat No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "key4ce-osticket-bridge No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kopatheme No.known.fix Cross-Site.Request.Forgery MEDIUM" "korea-sns 1.6.5 Settings.Update.via.CSRF MEDIUM" "keep-backup-daily 2.1.1 Authenticated.(Admin+).Arbitrary.File.Download MEDIUM" "keep-backup-daily No.known.fix Unauthenticated.Information.Disclosure MEDIUM" "keep-backup-daily 2.0.3 Reflected.Cross-Site.Scripting MEDIUM" "kalender-digital 1.0.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kento-post-view-counter No.known.fix CSRF.&.multiple.XSS HIGH" "kargo-entegrator 1.1.15 Authenticated.(Shop.Manager+).SQL.Injection MEDIUM" "kvcore-idx No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "koko-analytics 1.3.13 Reflected.Cross-Site.Scripting MEDIUM" "kb-support No.known.fix Unauthenticated.Sensitive.Information.Exposure.Through.Unprotected.Directory HIGH" "kb-support 1.6.8 Unauthenticated.Open.Redirect MEDIUM" "kb-support 1.6.7 Unauthenticated.Ticket.Reply.Exposure MEDIUM" "kb-support 1.6.7 Subscriber+.Multiple.Administrator.Actions HIGH" "kb-support 1.6.1 Missing.Authorization MEDIUM" "kb-support 1.5.6 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "kn-fix-your No.known.fix Authenticated.Stored.XSS LOW" "kontxt-semantic-engine No.known.fix CSRF.Bypass MEDIUM" "keyword-meta No.known.fix CSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "kiotvietsync No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "kiotvietsync No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "kona-instagram-feed-for-gutenberg No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kona-instagram-feed-for-gutenberg No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kali-forms 2.4.3 Contributor+.Stored.XSS MEDIUM" "kali-forms 2.3.42 Missing.Authorization MEDIUM" "kali-forms 2.3.42 Missing.Authorization.to.Arbitrary.Plugin.Deactivation HIGH" "kali-forms 2.3.37 Kali.Forms.<.2.3.37.-.Insecure.Direct.Object.Reference MEDIUM" "kali-forms 2.3.28 Kali.Forms.<.2.3.28.-.Missing.Authorization.via.Contact.Form MEDIUM" "kali-forms 2.3.29 Kali.Forms.<.2.3.29.-.Missing.Authorization.via.get_log MEDIUM" "kali-forms 2.1.2 Form.builder.by.Kali.Forms.<.2.1.2.-.Authenticated.Plugin's.Settings.Change HIGH" "kali-forms 2.1.2 Form.builder.by.Kali.Forms.<.2.1.2.-.Unauthenticated.Arbitrary.Post.Deletion HIGH" "kali-forms 2.1.2 Form.builder.by.Kali.Forms.<.2.1.2.-.Multiple.CSRF.Bypass.Issues MEDIUM" "ketchup-shortcodes-pack 0.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ketchup-shortcodes-pack 0.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kivicare-clinic-management-system 3.6.8 Authenticated.(Doctor+).SQL.Injection.via.'u_id'.Parameter MEDIUM" "kivicare-clinic-management-system 3.6.5 Authenticated.(Doctor/Receptionist+).SQL.Injection MEDIUM" "kivicare-clinic-management-system 3.6.5 Unauthenticated.SQL.Injection HIGH" "kivicare-clinic-management-system 3.6.5 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "kivicare-clinic-management-system 3.6.7 Patient+.Insecure.Direct.Object.Reference MEDIUM" "kivicare-clinic-management-system 3.2.1 Subscriber+.Unauthorised.AJAX.Calls HIGH" "kivicare-clinic-management-system 3.2.1 Reflected.Cross-Site.Scripting HIGH" "kivicare-clinic-management-system 3.2.1 Multiple.CSRF HIGH" "kivicare-clinic-management-system 3.2.1 Subscriber+.Sensitive.Information.Disclosure MEDIUM" "kivicare-clinic-management-system 2.3.9 Unauthenticated.SQLi HIGH" "kau-boys-backend-localization No.known.fix Settings.Update.via.CSRF MEDIUM" "konnichiwa No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kudos-donations 3.3.0 Reflected.Cross-Site.Scripting.via.'add_query_arg' MEDIUM" "kudos-donations 3.3.0 Reflected.Cross-Site.Scripting MEDIUM" "kudos-donations 3.1.2 Arbitrary.Items.Deletion.via.CSRF HIGH" "knowledgebase 2.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kaswara No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "k-elements 5.4.0 Authentication.Bypass CRITICAL" "kineticpay-for-woocommerce 3.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "kata-plus No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "kata-plus 1.5.0 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "kata-plus 1.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kiwi-social-share 2.1.8 Information.Disclosure MEDIUM" "kiwi-social-share 2.1.3 Kiwi.2.1.0.-.Unauthenticated.Arbitrary.WordPress.Options.Update.and.Read CRITICAL" "kiwi-social-share 2.0.11 Kiwi.<.2.0.11.-.Arbitrary.WordPress.Options.Update CRITICAL" "kama-clic-counter 3.5.0 Authenticated.Blind.SQL.Injection HIGH" "kama-clic-counter 3.5.0 XSS MEDIUM" "kento-ads-rotator No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "keycaptcha No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "kangu 2.2.10 Reflected.XSS HIGH" "korea-for-woocommerce 1.1.12 Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "ketchup-restaurant-reservations No.known.fix Unauthenticated.Stored.XSS HIGH" "ketchup-restaurant-reservations No.known.fix Unauthenticated.Blind.SQLi HIGH" "kadence-blocks-pro 2.3.8 Contributor+.Arbitrary.Option.Access MEDIUM" "kanzu-support-desk No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kanzu-support-desk No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "kanzu-support-desk No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "kbucket 4.2.2 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "kbucket 4.2.3 Subscriber+.Arbitrary.File.Upload HIGH" "kbucket 4.1.5 Reflected.XSS MEDIUM" "kbucket 4.1.6 Admin+.Stored.XSS LOW" "kd-coming-soon No.known.fix Unauthenticated.PHP.Object.Injection.via.cetitle HIGH" "kenta-blocks 1.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kenta-blocks 1.3.4 Reflected.Cross-Site.Scripting MEDIUM" "koalendar-free-booking-widget 1.0.3 Contributor+.Stored.XSS.via.height.Parameter MEDIUM" "king-addons 24.12.59 Missing.Authorization MEDIUM" "kubio 2.5.2 Unauthenticated.Local.File.Inclusion CRITICAL" "kubio 2.4.0 Reflected.Cross-Site.Scripting MEDIUM" "kubio 2.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kv-send-email-from-admin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kikfyre-events-calendar-tickets No.known.fix Missing.Authorization MEDIUM" "kwayy-html-sitemap 4.0 Admin+.Stored.XSS LOW" "kings-tab-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "keywords-highlight-tool No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kenta-companion 1.1.9 Reflected.Cross-Site.Scripting MEDIUM" "king-ie No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "keymaster-chord-notation-free No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kitestudio-core 2.3.1 Reflected.Cross-Site-Scripting MEDIUM" "kanban No.known.fix Missing.Authorization MEDIUM" "kanban No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kanban 2.5.21 Admin+.Stored.XSS LOW" "kanban 2.5.21 Admin+.Stored.XSS LOW" "kanban No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "kumihimo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "klarna-checkout-for-woocommerce 2.13.5 DoS.via.Excessive.Logging MEDIUM" "klarna-checkout-for-woocommerce 2.0.10 Authenticated.Arbitrary.Plugin.Deactivation,.Activation.and.Installation CRITICAL" "kjm-admin-notices No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "kodo-qiniu 1.5.1 Cross-Site.Request.Forgery MEDIUM" "kintpv-connect No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "kkprogressbar No.known.fix Progress.Bar.Deletion.via.CSRF MEDIUM" "kkprogressbar No.known.fix Admin+.SQL.Injection MEDIUM" "kkprogressbar No.known.fix Stored.XSS.via.CSRF HIGH" "kattene 1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "keydatas 2.6.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "klaviyo 3.0.10 Admin+.Stored.XSS LOW" "klaviyo 3.0.8 Admin+.Stored.XSS LOW" "kunze-law 2.1 Admin+.Stored.Cross-Site.Scripting LOW" "kopa-nictitate-toolkit No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kadence-woocommerce-email-designer 1.5.15 Admin+.Arbitrary.File.Upload MEDIUM" "kadence-woocommerce-email-designer 1.5.12 CSRF MEDIUM" "kadence-woocommerce-email-designer 1.5.7 Admin+.PHP.Objection.Injection MEDIUM" "killer-theme-options No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kevins-plugin No.known.fix Cross-Site.Request.Forgery MEDIUM" "kush-micro-news No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "kk-i-like-it No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "kiwichat No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.url.Parameter MEDIUM" "klarna-payments-for-woocommerce 3.3.0 Missing.Authorization MEDIUM" "kraken-image-optimizer 2.6.6 Settings.Update.via.CSRF MEDIUM" "krsp-frontend-file-upload No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "krsp-frontend-file-upload No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "kento-wp-stats No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kimili-flash-embed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kimili-flash-embed No.known.fix Cross-Site.Request.Forgery MEDIUM" "kk-star-ratings 5.4.10.2 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "kk-star-ratings 5.4.6 Rating.Tampering.via.Race.Condition LOW" "kk-star-ratings 5.4.6 Missing.Authorization MEDIUM" "kk-star-ratings 5.4.5 Reflected.Cross-Site.Scripting MEDIUM" "kk-star-ratings 5.2.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "libsyn-podcasting No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "libsyn-podcasting No.known.fix Cross-Site.Request.Forgery MEDIUM" "libsyn-podcasting No.known.fix Sensitive.Information.Exposure MEDIUM" "libsyn-podcasting No.known.fix Reflected.XSS HIGH" "ldap-login-for-intranet-sites 4.2 Admin.LDAP.Passback LOW" "ldap-login-for-intranet-sites 4.1.10 Unauthenticated.Log.Disclosure MEDIUM" "ldap-login-for-intranet-sites 4.1.6 Sensitive.Information.Disclosure HIGH" "ldap-login-for-intranet-sites 4.1.5 SQL.Injection.via.CSRF LOW" "ldap-login-for-intranet-sites 4.1.1 Unauthenticated.Data.Disclosure MEDIUM" "ldap-login-for-intranet-sites 3.6.95 Reflected.Cross-Site.Scripting HIGH" "linkedin-login 1.1 Reflected.Cross-Site.Scripting MEDIUM" "lh-ogp-meta-tags No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "latex2html 2.6.0 Reflected.Cross-Site.Scripting MEDIUM" "latex2html 2.5.5 Reflected.Cross-Site.Scripting MEDIUM" "logo-scheduler-great-for-holidays-events-and-more 1.2.2 Admin+.Stored.XSS LOW" "login-logout-register-menu No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'llrmloginlogout'.Shortcode MEDIUM" "login-logout-register-menu No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lh-add-media-from-url 1.30 Reflected.Cross-Site.Scripting MEDIUM" "lh-add-media-from-url 1.23 Reflected.Cross-Site.Scripting MEDIUM" "lafka-plugin No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Theme.Option.Update MEDIUM" "layerslider 7.11.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.ls_search_form.Shortcode MEDIUM" "layerslider 7.10.1 7.10.0.-.Unauthenticated.SQL.Injection CRITICAL" "layerslider 7.7.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "layerslider 7.7.10 Cross-Site.Request.Forgery MEDIUM" "local-shipping-labels-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "lws-affiliation 2.3.5 Missing.Authorization MEDIUM" "leira-roles 1.1.10 Reflected.Cross-Site.Scripting MEDIUM" "lws-hide-login 2.1.9 Protection.Mechanism.Bypass MEDIUM" "lws-hide-login 2.1.7 Plugin.Settings.Page.Creation.via.CSRF MEDIUM" "l-squared-hub-wp-virtual-device No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "lsd-google-maps-embedder No.known.fix Cross-Site.Request.Forgery.Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "livemesh-weight-based-shipping 1.4 Reflected.Cross-Site.Scripting MEDIUM" "limit-login-attempts-plus No.known.fix IP.Address.Spoofing.to.Protection.Mechanism.Bypass MEDIUM" "link-list-manager No.known.fix Reflected.Cross-Site.Scripting HIGH" "ltl-freight-quotes-ups-edition 3.6.5 Unauthenticated.SQL.Injection HIGH" "ltl-freight-quotes-fedex-freight-edition 3.4.2 Unauthenticated.SQL.Injection HIGH" "lightweight-and-responsive-youtube-embed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lightweight-and-responsive-youtube-embed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "list-mixcloud No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "library-bookshelves 5.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "library-bookshelves 5.9 Reflected.Cross-Site.Scripting MEDIUM" "library-bookshelves 5.9 Reflected.Cross-Site.Scripting MEDIUM" "letterpress No.known.fix Subscriber.Deletion.via.CSRF MEDIUM" "letterpress No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "list-one-category-of-posts No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "lbstopattack 1.1.3 Arbitrary.Settings.Update.via.CSRF MEDIUM" "lightbox-gallery 0.9.5 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "login-with-azure 1.4.5 Reflected.Cross-Site.Scripting.via.appId HIGH" "linkworth-wp-plugin 3.3.4 Arbitrary.Setting.Update.via.CSRF MEDIUM" "linkid No.known.fix Missing.Authorization.to.Unauthenticated.Sensitive.Information.Exposure HIGH" "ltl-freight-quotes-unishippers-edition 2.5.9 Reflected.Cross-Site.Scripting MEDIUM" "ltl-freight-quotes-unishippers-edition 2.5.9 Missing.Authorization MEDIUM" "ltl-freight-quotes-unishippers-edition 2.5.9 Unauthenticated.SQL.Injection HIGH" "ltl-freight-quotes-globaltranz-edition 2.3.13 Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "ltl-freight-quotes-globaltranz-edition 2.3.12 Unauthenticated.SQL.Injection HIGH" "len-slider No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "lpagery 1.2.6 Reflected.Cross-Site.Scripting MEDIUM" "learnpress 4.2.7.6 Missing.Authorization MEDIUM" "learnpress 4.2.7.5.1 Authenticated.(LP.Instructor+).Stored.Cross-Site.Scripting.via.Lesson.Name MEDIUM" "learnpress 4.2.7.2 Authenticated.(Subscriber+).Open.Redirect MEDIUM" "learnpress 4.2.7.5.1 Admin+.Stored.XSS LOW" "learnpress 4.2.7.5.1 Admin+.Stored.XSS LOW" "learnpress 4.2.7.4 Course.Material.Sensitive.Information.Exposure.via.REST.API MEDIUM" "learnpress 4.2.7.2 Admin+.Stored.XSS LOW" "learnpress 4.2.7.2 Admin+.Stored.XSS LOW" "learnpress 4.2.7.1 Unauthenticated.SQL.Injection.via.'c_fields' CRITICAL" "learnpress 4.2.7.1 Unauthenticated.SQL.Injection.via.'c_only_fields' CRITICAL" "learnpress 4.2.6.9.4 Authenticated.(Contributor+).SQL.Injection.via.order.Parameter HIGH" "learnpress 4.2.6.9 Cross-Site.Request.Forgery MEDIUM" "learnpress 4.2.6.9 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "learnpress 4.2.6.9 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "learnpress 4.2.6.8.2 Unauthenticated.Bypass.to.User.Registration MEDIUM" "learnpress 4.2.6.8.2 Missing.Authorization.to.Unauthenticated.User.Registration.Bypass MEDIUM" "learnpress 4.2.6.8.1 Basic.Information.Disclosure.via.JSON.API MEDIUM" "learnpress 4.2.6.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "learnpress 4.2.6.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.layout_html.Parameter MEDIUM" "learnpress 4.2.6.6 Unauthenticated.Bypass.to.User.Registration MEDIUM" "learnpress 4.2.6.6 Unauthenticated.Time-Based.SQL.Injection CRITICAL" "learnpress 4.2.6.6 Authenticated.(Instructor+).Arbitrary.File.Upload HIGH" "learnpress 4.2.6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "learnpress 4.2.6.4 Insecure.Direct.Object.Reference MEDIUM" "learnpress 4.2.6.4 Authenticated(LP.Instructor+).Stored.Cross-Site.Scripting MEDIUM" "learnpress 4.0.1 Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "learnpress 4.2.5.8 Unauthenticated.Command.Injection HIGH" "learnpress 4.2.5.8 Unauthenticated.SQLi HIGH" "learnpress 4.2.5.8 Subscriber+.Arbitrary.Course.Progress.Disclosure MEDIUM" "learnpress 4.2.5.5 Reflected.Cross-Site.Scripting HIGH" "learnpress 4.2.0 Unauthenticated.SQLi HIGH" "learnpress 4.2.0 Unauthenticated.LFI CRITICAL" "learnpress 4.2.0 Subscriber+.SQLi HIGH" "learnpress 4.1.7.2 Unauthenticated.PHP.Object.Injection.via.REST.API MEDIUM" "learnpress 4.1.6.7 Reflected.Cross-Site.Scripting MEDIUM" "learnpress 4.1.6 Reflected.Cross-Site.Scripting MEDIUM" "learnpress 4.1.5 Arbitrary.Image.Renaming MEDIUM" "learnpress 4.1.4 Admin+.SQL.Injection MEDIUM" "learnpress 4.1.3.2 Admin+.Stored.Cross-Site.Scripting LOW" "learnpress 4.1.3.1 Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "learnpress 3.2.7.3 CSRF.&.XSS LOW" "learnpress 3.2.6.8 Authenticated.Time.Based.Blind.SQL.Injection HIGH" "learnpress 3.2.6.9 Privilege.Escalation.to."LP.Instructor" HIGH" "learnpress 3.2.6.9 Authenticated.Post.Creation.and.Status.Modification HIGH" "learnpress 3.2.6.7 Privilege.Escalation MEDIUM" "livejournal-shortcode No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "login-with-ajax 4.2 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "login-with-ajax 4.2 Missing.Authorization MEDIUM" "list-related-attachments-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "latest-custom-post-type-updates No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "login-customizer 2.2.3 Reflected.Cross-Site.Scripting MEDIUM" "login-customizer 2.1.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "laposta No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "link-to-bible 2.5.10 Administrator+.Stored.XSS LOW" "login-sidebar-widget No.known.fix Open.Redirect MEDIUM" "login-with-phone-number 1.7.50 Authenticated.(Subscriber+).Authorization.Bypass.to.Privilege.Escalation HIGH" "login-with-phone-number 1.7.36 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "login-with-phone-number 1.7.35 Insecure.Password.Reset.Mechanism HIGH" "login-with-phone-number 1.7.27 Authentication.Bypass.due.to.Missing.Empty.Value.Check CRITICAL" "login-with-phone-number 1.7.20 Missing.Authorization MEDIUM" "login-with-phone-number 1.6.94 Missing.Authorization MEDIUM" "login-with-phone-number 1.7.17 Unauthorized.Account.Password.Change.to.Privilege.Escalation HIGH" "login-with-phone-number 1.6.94 Cross-Site.Request.Forgery MEDIUM" "login-with-phone-number 1.5.7 User.Password.Change.via.CSRF HIGH" "login-with-phone-number 1.4.2 Reflected.Cross-Site.Scripting HIGH" "login-with-phone-number 1.3.8 Multiple.Admin+.Stored.XSS LOW" "login-with-phone-number 1.3.7 Unauthenticated.remote.plugin.deletion MEDIUM" "ltl-freight-quotes-estes-edition 3.3.8 Unauthenticated.SQL.Injection HIGH" "leadsquared-suite No.known.fix Admin+.Stored.XSS LOW" "leadsquared-suite No.known.fix CSRF MEDIUM" "lana-shortcodes 1.2.0 Contributor+.Stored.XSS MEDIUM" "login-or-logout-menu-item 1.2.0 Unauthenticated.Options.Change MEDIUM" "listingpro-plugin No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "listingpro-plugin No.known.fix Authenticated.(Subscriber+).SQL.Injection CRITICAL" "listingpro-plugin No.known.fix Unauthenticated.SQL.Injection CRITICAL" "listingpro-plugin No.known.fix Authenticated.(Author+).Local.File.Inclusion HIGH" "ltl-freight-quotes-sefl-edition 3.2.5 Unauthenticated.SQL.Injection HIGH" "ltl-freight-quotes-abf-freight-edition 3.3.8 Unauthenticated.SQL.Injection HIGH" "library-instruction-recorder No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "link-log No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "link-log No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "link-log 2.1 SQL.Injection CRITICAL" "link-log 2.0 HTTP.Response.Splitting HIGH" "login-logo-editor-by-oizuled No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "legal-plus No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "lawpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "lawpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "lawpress 1.4.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "like-on-vkontakte No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "list-categories 0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "leenkme No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "leenkme 2.6.0 XSS.&.CSRF MEDIUM" "localize-my-post No.known.fix Unauthenticated.Local.File.Inclusion.(LFI) HIGH" "luzuk-team No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "location-click-map No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lifterlms 8.0.2 Missing.Authorization.to.Unauthenticated.Post.Trashing MEDIUM" "lifterlms 7.8.6 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Deletion MEDIUM" "lifterlms 8.0.1 Reflected.XSS HIGH" "lifterlms 7.7.6 Authenticated.(Admin+).SQL.Injection HIGH" "lifterlms 7.6.3 Authenticated.(Contributor+).SQL.Injection.via.Shortcode CRITICAL" "lifterlms 7.5.1 Cross-Site.Request.Forgery MEDIUM" "lifterlms 7.5.2 Missing.Authorization.via.process_review MEDIUM" "lifterlms 7.5.0 Authenticated(Administrator+).Directory.Traversal.to.Arbitrary.CSV.File.Deletion LOW" "lifterlms 4.21.2 Access.Other.Student.Grades/Answers.via.IDOR MEDIUM" "lifterlms 4.21.1 Reflected.Cross-Site.Scripting.(XSS).via.Coupon.Code.in.Checkout MEDIUM" "lifterlms 4.21.1 Authenticated.Stored.XSS.in.Edit.Profile HIGH" "lifterlms 3.37.15 Arbitrary.File.Writing CRITICAL" "lifterlms 3.35.1 Unauthenticated.Options.Import CRITICAL" "leadquizzes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "location-weather 1.3.4 Contributor+.Stored.XSS MEDIUM" "lastunes No.known.fix Settings.Update.via.CSRF HIGH" "learnpress-import-export 4.0.5 Reflected.Cross-Site.Scripting MEDIUM" "learnpress-import-export 4.0.4 Reflected.Cross-Site.Scripting MEDIUM" "learnpress-import-export 4.0.4 Authenticated.(Administrator+).SQL.Injection CRITICAL" "learnpress-import-export 4.0.3 Reflected.XSS HIGH" "learn-manager 1.1.5 Unauthenticated.Arbitrary.User.Field.Edition/Creation MEDIUM" "learn-manager 1.1.3 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "lawyer-directory 1.2.9 Subscriber+.Privilege.Escalation CRITICAL" "lazy-facebook-comments 2.0.5 Admin+.Stored.Cross-Site.Scripting LOW" "leaky-paywall 4.21.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "leaky-paywall 4.21.3 Cross-Site.Request.Forgery MEDIUM" "leaky-paywall 4.20.9 Missing.Authorization.to.Price.Manipulation MEDIUM" "leaky-paywall 4.16.7 Admin+.Stored.Cross-Site.Scripting LOW" "license-manager-for-woocommerce 3.0.10 Reflected.Cross-Site.Scripting MEDIUM" "license-manager-for-woocommerce 3.0.7 Improper.Authorization.to.Authenticated(Contributor+).Sensitive.Information.Exposure MEDIUM" "license-manager-for-woocommerce 2.2.11 Authenticated.(Administrator+).SQL.Injection HIGH" "license-manager-for-woocommerce 2.3b1 Reflected.Cross-Site.Scripting MEDIUM" "license-manager-for-woocommerce 2.2.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "login-logger No.known.fix Cross-Site.Request.Forgery MEDIUM" "legal-pages 1.4.3 Cross-Site.Request.Forgery MEDIUM" "legal-pages 1.3.9 Cross-Site.Request.Forgery.via.moveToTrash.and.fetch_and_insert_template_data MEDIUM" "legal-pages 1.3.9 Missing.Authorization MEDIUM" "legal-pages 1.3.8 Missing.Authorization.on.'deleteLegalTemplate' MEDIUM" "locations-and-areas 1.7.2 Reflected.Cross-Site.Scripting MEDIUM" "locations-and-areas 1.7.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "login-as-users 1.4.4 Missing.Authorization.to.Privielge.Escalation.via.Account.Takeover HIGH" "login-as-users 1.4.3 Authentication.Bypass CRITICAL" "localgrid No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "lgpd-framework No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "lgx-owl-carousel No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lh-login-page No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "login-with-vipps 1.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lana-email-logger 1.1.0 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "livemesh-siteorigin-widgets 3.3 Reflected.Cross-Site.Scripting MEDIUM" "livemesh-siteorigin-widgets 2.8.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "livemesh-siteorigin-widgets 2.5.2 Subscriber+.Arbitrary.Option.Update CRITICAL" "ladipage No.known.fix Missing.Authorization.via.init_endpoint MEDIUM" "ladipage No.known.fix Cross-Site.Request.Forgery.via.ladiflow_save_hook() MEDIUM" "ladipage No.known.fix Missing.Authorization.via.ladiflow_save_hook() MEDIUM" "ladipage No.known.fix Missing.Authorization.via.save_config() MEDIUM" "ladipage No.known.fix Cross-Site.Request.Forgery.via.save_config() MEDIUM" "ladipage No.known.fix Cross-Site.Request.Forgery.via.init_endpoint MEDIUM" "ladipage No.known.fix Missing.Authorization.on.publish_lp() MEDIUM" "ladipage No.known.fix Cross-Site.Request.Forgery.via.publish_lp() MEDIUM" "ladipage No.known.fix Missing.Authorization MEDIUM" "logwpmail No.known.fix Email.Logs.Publicly.Accessible HIGH" "linear No.known.fix Cross-Site.Request.Forgery.to.Cache.Reset MEDIUM" "linear No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "linear 2.8.1 Contributor+.Stored.XSS MEDIUM" "ldd-directory-lite No.known.fix Reflected.Cross-Site.Scripting.via.remove_query_arg.Parameter MEDIUM" "ldd-directory-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "language-icons-flags-switcher No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "lh-email No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "live-tv No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "lazyload-background-images No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Settings.Update MEDIUM" "list-custom-taxonomy-widget 4.2 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "lws-optimize 2.0 Cross-Site.Request.Forgery MEDIUM" "language-field No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "loginizer-security 1.9.3 Authentication.Bypass HIGH" "libro-de-reclamaciones-y-quejas No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "leads-crm No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "livemesh-dynamic-pricing 1.2 Reflected.Cross-Site.Scripting MEDIUM" "login-logout-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.class.Parameter MEDIUM" "ltl-freight-quotes-odfl-edition 4.2.11 Unauthenticated.SQL.Injection HIGH" "login-recaptcha 1.7 IP.Check.Bypass LOW" "login-screen-manager No.known.fix Stored.XSS.via.CSRF HIGH" "login-screen-manager No.known.fix Admin+.Stored.XSS LOW" "livemesh-table-rate-shipping 1.2 Reflected.Cross-Site.Scripting MEDIUM" "layouts-importer 1.0.3 Reflected.Cross-Site.Scripting MEDIUM" "limit-max-ips-per-user No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "live-search-xforwc 2.1.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "lava-directory-manager No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "lava-directory-manager No.known.fix Unauthenticated.Stored.XSS HIGH" "locations No.known.fix Contributor+.Stored.XSS MEDIUM" "locations 4.0 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "locations 4.0 Cross-Site.Request.Forgery HIGH" "lightview-plus No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "link-party No.known.fix Unauthenticated.Arbitrary.Link.Deletion MEDIUM" "link-party No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "link-party No.known.fix Settings.Update.via.CSRF MEDIUM" "link-party No.known.fix Unauthenticated.Stored.XSS HIGH" "lordicon-interactive-icons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "leadin 11.1.34 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.HubSpot.Meeting.Widget MEDIUM" "leadin 8.8.15 Contributor+.Blind.SSRF MEDIUM" "lastudio-element-kit 1.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Table.of.Contents.Widget MEDIUM" "lastudio-element-kit 1.5.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lastudio-element-kit 1.4.5 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "lastudio-element-kit 1.4.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "lastudio-element-kit 1.3.9.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lastudio-element-kit 1.3.9.2 Contributor+.Stored.XSS MEDIUM" "lastudio-element-kit 1.3.9 Authenticated.(Contributor+).Local.File.Inclusion.via.'progress_type' MEDIUM" "lastudio-element-kit 1.3.9 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "lastudio-element-kit 1.3.7.4 Missing.Authorization MEDIUM" "lastudio-element-kit 1.3.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "lastudio-element-kit 1.3.7.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.LaStudioKit.Post.Author.Widget MEDIUM" "lastudio-element-kit 1.3.7.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lastudio-element-kit 1.1.6 Missing.Authorization MEDIUM" "ldap-ad-staff-employee-directory-search 1.3 Admin.LDAP.Credentials.Retrieval LOW" "ldap-ad-staff-employee-directory-search 1.2.3 Improper.escaping.of.LDAP.entries HIGH" "landingi-landing-pages 3.1.2 Cross-Site.Request.Forgery MEDIUM" "leadster-marketing-conversacional 1.1.3 Cross-Site.Request.Forgery.via.leadster_script_code_action MEDIUM" "leadster-marketing-conversacional 1.1.3 Settings.Update.via.CSRF MEDIUM" "libreform 2.0.9 Unauthenticated.Arbitrary.Submissions.Listing.&.Deletion HIGH" "log-http-requests 1.3.2 Stored.Cross-Site.Scripting MEDIUM" "linkedin-lite No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "localize-remote-images No.known.fix Settings.Update.via.CSRF MEDIUM" "launcher No.known.fix Admin+.Stored.XSS MEDIUM" "launcher 1.0.11 Multiple.Stored.XSS MEDIUM" "lana-text-to-image 1.1.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "lava-ajax-search No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "list-pages-at-depth No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "linkpreview No.known.fix Cross-Site.Request.Forgery MEDIUM" "ltl-freight-quotes-saia-edition 2.2.11 Unauthenticated.SQL.Injection HIGH" "localseomap-for-elementor No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "links-in-captions No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "logo-slider-wp 4.6.0 Contributor+.Stored.XSS MEDIUM" "logo-slider-wp 4.5.0 Author+.Stored.XSS MEDIUM" "logo-slider-wp 4.5.0 Contributor+.Stored.XSS MEDIUM" "logo-slider-wp 4.1.0 Contributor+.Stored.XSS MEDIUM" "logo-slider-wp 4.0.0 Contributor+.Stored.XSS MEDIUM" "logo-slider-wp 3.6.0 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "listings-for-buildium No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "live-chat-support-by-social-intents No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "lazy-load-videos-and-sticky-control No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "live-scores-for-sportspress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "live-scores-for-sportspress 1.9.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "live-scores-for-sportspress 1.9.1 Authenticated.Local.File.Inclusion MEDIUM" "live-scores-for-sportspress 1.9.1 Reflected.Cross-Site.Scripting HIGH" "launchpage-app-importer No.known.fix Unauthenticated.SQL.Injection CRITICAL" "live-dashboard No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "loading-page 1.0.83 Admin+.Stored.Cross-Site.Scripting LOW" "likebot No.known.fix Admin+.Stored.XSS.via.CSRF LOW" "linkmyposts No.known.fix Reflected.XSS HIGH" "login-logout-menu 1.4.0 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "list-posts-by-category No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "limit-login-attempts No.known.fix Subscriber+.Stored.XSS HIGH" "limit-login-attempts 1.7.2 Unauthenticated.Stored.XSS HIGH" "limit-login-attempts 1.7.1 Auth.Cookies.Brute.Force.Bypass LOW" "layouts-for-elementor 1.8 Missing.Authorization.to.Unauthenticated.Arbitrary.File.Upload CRITICAL" "logs-de-connexion No.known.fix Log.Deletion.via.CSRF MEDIUM" "logs-de-connexion No.known.fix Admin+.SQL.Injection LOW" "llama-redirect No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "landing-pages-and-domain-aliases No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "linker 1.2.2 Contributor+.Stored.XSS MEDIUM" "ltl-freight-quotes-rl-edition 3.3.5 Unauthenticated.SQL.Injection HIGH" "link-library 7.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "link-library 7.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Link.Additional.Parameters MEDIUM" "link-library 7.7.3 Reflected.Cross-Site.Scripting MEDIUM" "link-library 7.7.2 Reflected.Cross-Site.Scripting MEDIUM" "link-library 7.6.4 Reflected.Cross-Site.Scripting MEDIUM" "link-library 7.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.link-library.Shortcode MEDIUM" "link-library 7.6.1 Reflected.Cross-Site.Scripting MEDIUM" "link-library 7.6.7 Reflected.Cross-Site.Scripting MEDIUM" "link-library 7.6.1 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "link-library 7.6 Reflected.Cross-Site.Scripting.via.'link_price'.and.'link_tags' MEDIUM" "link-library 7.6 Cross-Site.Request.Forgery.via.action_admin_init MEDIUM" "link-library 7.4.1 Admin+.Stored.XSS LOW" "link-library 7.2.9 Reflected.Cross-Site.Scripting MEDIUM" "link-library 7.2.8 Unauthenticated.Arbitrary.Links.Deletion MEDIUM" "link-library 7.2.8 Library.Settings.Reset.via.CSRF MEDIUM" "loco-translate 2.6.10 Cross-Site.Request.Forgery MEDIUM" "loco-translate 2.6.1 Authenticated.Stored.Cross-Site.Scripting HIGH" "loco-translate 2.5.4 Authenticated.PHP.Code.Injection HIGH" "loco-translate 2.2.2 Authenticated.LFI MEDIUM" "lunar-sell-photos-online No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "login-configurator No.known.fix Reflected.Cross-Site.Scripting HIGH" "login-configurator No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "login-configurator No.known.fix Reflected.XSS HIGH" "lu-radioplayer 6.24.11.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "lu-radioplayer 6.24.11.07 Unauthenticated.Arbitrary.File.Read HIGH" "lgpd-compliant-cookie-banner No.known.fix Cross-Site.Request.Forgery MEDIUM" "listplus No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "list-category-posts 0.90.3 Author+.Stored.XSS LOW" "list-category-posts 0.89.7 Contributor+.Stored.XSS MEDIUM" "list-category-posts 0.89.4 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "leyka 3.31.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "leyka 3.31.7 Missing.Authorization MEDIUM" "leyka 3.31.2 Missing.Authorization MEDIUM" "leyka 3.30.7.1 Subscriber+.Sensitive.Information.Disclosure MEDIUM" "leyka 3.30.4 Admin+.Stored.XSS LOW" "leyka 3.30.3 Reflected.XSS HIGH" "leyka 3.30.3 Subscriber+.Privilege.Escalation HIGH" "leyka 3.30.2 Reflected.XSS HIGH" "leyka 3.30 Unauthenticated.Stored.XSS HIGH" "lock-user-account No.known.fix User.Lock.Bypass MEDIUM" "lock-user-account 1.0.4 Arbitrary.Account.Lock/Unlock.via.CSRF MEDIUM" "latepoint 5.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "latepoint 5.0.13 Authentication.Bypass HIGH" "latepoint 5.0.12 Unauthenticated.Arbitrary.User.Password.Change.via.SQL.Injection CRITICAL" "latepoint 4.9.9.1 Missing.Authorization.and.Sensitive.Information.Exposure.via.IDOR CRITICAL" "luzuk-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "liveforms 4.8.5 Missing.Authorization MEDIUM" "liveforms No.known.fix Entry.Deletion.via.CSRF MEDIUM" "liveforms No.known.fix Missing.Authorization MEDIUM" "liveforms 4.8.5 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "liveforms 3.4.0 XSS MEDIUM" "liveforms 3.2.0 Visual.Form.Builder.3.0.1.-.Blind.SQL.Injection CRITICAL" "link-shield No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "login-watchdog No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "lead-form-builder 1.9.8 Admin+.Stored.XSS LOW" "lead-form-builder 1.9.2 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "lead-form-builder 1.9.8 Admin+.Stored.XSS LOW" "lead-form-builder 1.9.0 Missing.Authorization MEDIUM" "lead-form-builder 1.9.0 Cross-Site.Request.Forgery MEDIUM" "lead-form-builder 1.7.4 Multiple.Subscriber+.Settings.Update MEDIUM" "lead-form-builder 1.7.0 Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "lead-form-builder 1.6.8 Subscriber+.Arbitrary.Lead.Deletion MEDIUM" "lead-form-builder 1.6.4 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "lead-capturing-call-to-actions-by-vcita No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Contact/Widget.Toggle MEDIUM" "lead-capturing-call-to-actions-by-vcita No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lead-capturing-call-to-actions-by-vcita 2.7.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "lead-capturing-call-to-actions-by-vcita No.known.fix Settings.Update.Via.CSRF MEDIUM" "logo-manager-for-enamad 0.7.2 Admin+.Stored.XSS.via.Widget LOW" "logo-manager-for-enamad 0.7.1 Stored.XSS.via.CSRF HIGH" "leaflet-maps-marker 3.12.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "leaflet-maps-marker 3.12.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "leaflet-maps-marker 3.12.7 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "leaflet-maps-marker 3.12.5 Admin+.SQLi MEDIUM" "limit-bio No.known.fix Stored.XSS.via.CSRF HIGH" "limit-bio No.known.fix Reflected.XSS HIGH" "list-pages-shortcode 1.7.6 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "login-attempts-limit-wp No.known.fix IP.Address.Spoofing.to.Protection.Mechanism.Bypass MEDIUM" "login-attempts-limit-wp No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "laposta-signup-basic 1.4.2 CSRF MEDIUM" "laposta-signup-basic 1.4.2 Missing.Authorization MEDIUM" "loan-comparison 2.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "loan-comparison 1.5.3 Reflected.XSS.via.shortcode MEDIUM" "loan-comparison 1.5.3 Contributor+.Stored.XSS.via.shortcode MEDIUM" "ldap-login-password-and-role-manager No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "logo-showcase-with-slick-slider 3.2.1 Reflected.Cross-Site.Scripting MEDIUM" "logo-showcase-with-slick-slider 2.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "logo-showcase-with-slick-slider 2.0.1 Arbitrary.Media.Title/Description/Alt.Text/URL.Update.via.CSRF MEDIUM" "logo-showcase-with-slick-slider 1.2.5 Subscriber+.Arbitrary.Media.Title/Description/Alt.Text/URL.Update MEDIUM" "logo-showcase-with-slick-slider 1.2.4 Author+.Stored.Cross.Site.Scripting MEDIUM" "login-and-logout-redirect No.known.fix .Open.Redirect MEDIUM" "lenix-elementor-leads-addon 1.8.3 Unauthenticated.Stored.Cross-Site.Scripting.via.URL.Form.Field HIGH" "loi-hamon No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "leadboxer 1.4 Reflected.XSS HIGH" "landing-page-cat 1.7.9 Reflected.Cross-Site.Scripting MEDIUM" "landing-page-cat 1.7.8 Reflected.Cross-Site.Scripting MEDIUM" "landing-page-cat 1.7.7 Reflected.Cross-Site.Scripting MEDIUM" "landing-page-cat 1.7.5 Missing.Authorization MEDIUM" "landing-page-cat 1.7.3 Unauthenticated.Information.Exposure MEDIUM" "link-to-url-post No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "light-messages No.known.fix CSRF.to.Stored.XSS HIGH" "loginplus No.known.fix Missing.Authorization MEDIUM" "loginplus No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "ltl-freight-quotes-xpo-edition 4.3.8 Unauthenticated.SQL.Injection HIGH" "lazy-load-for-videos 2.18.3 Arbitrary.Settings.Update.via.CSRF MEDIUM" "like-box 0.8.41 Contributor+.Stored.XSS MEDIUM" "like-box 0.8.40 Admin+.Stored.XSS LOW" "label-grid-tools 1.3.59 Reflected.Cross-Site.Scripting MEDIUM" "likebtn-like-button 2.6.54 Cross-Site.Request.Forgery MEDIUM" "likebtn-like-button 2.6.45 Arbitrary.e-mail.Sending MEDIUM" "likebtn-like-button 2.6.38 Unauthorised.Vote.Export.to.Email.&.IP.Addresses.Disclosure HIGH" "likebtn-like-button 2.6.32 Unauthenticated.Full-Read.SSRF HIGH" "likebtn-like-button 2.5.4 Unauthenticated.Arbitrary.Blog.Settings.Change HIGH" "linet-erp-woocommerce-integration No.known.fix Authenticated.(Admin+).Arbitrary.File.Read.&.Deletion HIGH" "linet-erp-woocommerce-integration 3.5.8 Cross-Site.Request.Forgery MEDIUM" "lastform No.known.fix Drag.&.Drop.Contact.Form.Builder.<=.1.0.5.-.Admin+.Arbitrary.System.File.Read MEDIUM" "local-magic No.known.fix Unauthenticated.SQL.Injection HIGH" "local-magic No.known.fix Missing.Authorization MEDIUM" "license-envato No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "license-envato No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "lws-cleaner 2.3.1 Cross-Site.Request.Forgery MEDIUM" "limit-attempts 1.3.0 Reflected.Cross-Site.Scripting MEDIUM" "limit-attempts 1.1.8 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "limit-attempts 1.1.1 SQL.Injection CRITICAL" "luckywp-table-of-contents 2.1.11 Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "luckywp-table-of-contents 2.1.7 Admin+.Stored.XSS LOW" "luckywp-table-of-contents 2.1.6 Admin+.Stored.XSS LOW" "luckywp-table-of-contents 2.1.5 Admin+.Stored.XSS MEDIUM" "luckywp-table-of-contents 2.1.6 Reflected.Cross-Site.Scripting MEDIUM" "luckywp-table-of-contents 2.1.5 Contributor+.Stored.XSS MEDIUM" "lh-qr-codes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "list-last-changes 1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "logo-slider No.known.fix Admin+.SQLi MEDIUM" "labinator-content-types-duplicator No.known.fix Cross-Site.Request.Forgery MEDIUM" "letsrecover-woocommerce-abandoned-cart 1.2.0 Unauthenticated.SQLi HIGH" "letsrecover-woocommerce-abandoned-cart 1.2.0 Admin+.SQLi MEDIUM" "letsrecover-woocommerce-abandoned-cart 1.2.0 Admin+.SQLi MEDIUM" "linklaunder-seo-plugin No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "lodgixcom-vacation-rental-listing-management-booking-plugin No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "lightbox-plus 2.8 CSRF.to.XSS MEDIUM" "login-alert No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "live-weather-station 3.8.13 Mode.Switch.via.CSRF MEDIUM" "locatoraid 3.9.51 Unauthenticated.PHP.Object.Injection CRITICAL" "locatoraid 3.9.48 Reflected.Cross-Site.Scripting MEDIUM" "locatoraid 3.9.31 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "locatoraid 3.9.24 Reflected.XSS HIGH" "locatoraid 3.9.19 Subscriber+.Stored.XSS HIGH" "locatoraid 3.9.15 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "locatoraid 3.9.12 CSRF MEDIUM" "ltl-freight-quotes-worldwide-express-edition 5.0.21 Missing.Authorization.to.Unauthenticated.Arbitrary.Content.Deletion MEDIUM" "ltl-freight-quotes-worldwide-express-edition 5.0.22 Reflected.Cross-Site.Scripting MEDIUM" "ltl-freight-quotes-worldwide-express-edition 5.0.21 Worldwide.Express.Edition.<.5.0.21.-.Unauthenticated.SQL.Injection HIGH" "ltl-freight-quotes-worldwide-express-edition 5.0.21 Unauthenticated.SQL.Injection HIGH" "limit-login-attempts-reloaded 2.25.27 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "limit-login-attempts-reloaded 2.25.26 Admin+.Missing.Authorization.to.Toggle.Plugin.Auto-Update LOW" "limit-login-attempts-reloaded 2.16.0 Authenticated.Reflected.Cross-Site.Scripting HIGH" "limit-login-attempts-reloaded 2.17.4 Login.Rate.Limiting.Bypass LOW" "list-all-posts-by-authors-nested-categories-and-titles 2.8.3 CSRF MEDIUM" "loginizer 1.9.3 Authentication.Bypass HIGH" "loginizer 1.7.9 Reflected.XSS HIGH" "loginizer 1.7.6 Reflected.XSS HIGH" "loginizer 1.7.6 Cross-Site.Request.Forgery MEDIUM" "loginizer 1.6.4 Unauthenticated.SQL.Injection CRITICAL" "loginizer 1.4.0 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "loginizer 1.3.6 Cross-Site.Request.Forgery.(CSRF) HIGH" "loginizer 1.3.6 Blind.SQL.Injection CRITICAL" "logo-showcase-ultimate 1.4.5 Contributor+.Local.File.Inclusion HIGH" "logo-showcase-ultimate 1.4.2 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "logo-showcase-ultimate 1.3.9 Authenticated(Contributor+).PHP.Object.Injection HIGH" "login-block-ips No.known.fix IP.Spoofing.Bypass LOW" "login-block-ips No.known.fix Arbitrary.Setting.Update.via.CSRF MEDIUM" "login-widget-for-ultimate-member 1.1.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "luzuk-testimonials No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "livechat-elementor 1.0.14 Cross-Site.Request.Forgery MEDIUM" "live-2d No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "logo-carousel-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "live-news-lite 1.07 Settings.Update.via.CSRF MEDIUM" "leaderboard-lite No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "livestream-notice 1.3.0 Admin+.Stored.XSS LOW" "lexicata No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "lexicata No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "legoeso-pdf-manager No.known.fix Authenticated.(Author+).SQL.Injection.via.checkedVals.Parameter MEDIUM" "leadfox No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "login-with-cognito 1.4.9 Admin+.Stored.XSS LOW" "login-with-cognito 1.4.4 Reflected.Cross-Site.Scripting.via.appId HIGH" "litespeed-cache 6.5.2 Unauthenticated.Privilege.Escalation HIGH" "litespeed-cache 6.5.1 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "litespeed-cache 6.5.1 Contributor+.Stored.XSS MEDIUM" "litespeed-cache 6.5.1 Author+.Path.Traversal MEDIUM" "litespeed-cache 6.5 Authenticated.(Administrator+).Stored.Cross-Site.Scripting LOW" "litespeed-cache 6.5.0.1 Unauthenticated.Sensitive.Information.Exposure.via.Log.Files HIGH" "litespeed-cache 6.4 Unauthenticated.Privilege.Escalation HIGH" "litespeed-cache 6.3 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "litespeed-cache 5.7.0.1 Unauthenticated.Stored.XSS HIGH" "litespeed-cache 5.7.0.1 Unauthenticated.CDN.Status.Update MEDIUM" "litespeed-cache 5.7 Contributor+.Stored.XSS MEDIUM" "litespeed-cache 5.3.1 CSRF MEDIUM" "litespeed-cache 4.4.4 Admin+.Reflected.Cross-Site.Scripting LOW" "litespeed-cache 4.4.4 IP.Check.Bypass.to.Unauthenticated.Stored.XSS HIGH" "litespeed-cache 3.6.1 Authenticated.Stored.Cross-Site.Scripting LOW" "lean-wp No.known.fix Subscriber+.Arbitrary.Plugin.Activation MEDIUM" "lean-wp No.known.fix Arbitrary.Plugin.Installation.from.Dependency.via.CSRF LOW" "liquid-speech-balloon 1.2 Settings.Update.via.CSRF MEDIUM" "lets-box 1.13.3 Reflected.Cross-Site.Scripting MEDIUM" "lightweight-accordion 1.5.17 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "lightweight-accordion 1.5.15 Contributor+.Stored.XSS MEDIUM" "login-as-customer-or-user No.known.fix Admin.Account.Takeover HIGH" "login-as-customer-or-user No.known.fix Authentication.Bypass CRITICAL" "login-as-customer-or-user 3.3 Unauthenticated.Privilege.Escalation.to.Admin CRITICAL" "login-as-customer-or-user 2.1 Arbitrary.Plugin.Installation/Activation.via.CSRF CRITICAL" "login-as-customer-or-user 1.8 Arbitrary.Plugin.Installation/Activation.via.Low.Privilege.User CRITICAL" "listapp-mobile-manager No.known.fix Missing.Authorization.to.Privilege.Escalation CRITICAL" "ltl-freight-quotes-freightquote-edition 2.3.12 Missing.Authorization MEDIUM" "ltl-freight-quotes-freightquote-edition 2.3.12 Unauthenticated.SQL.Injection HIGH" "login-box No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "login-lockdown 2.12 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.IP.Whitelisting MEDIUM" "login-lockdown 2.09 Subscriber+.Options.Leak MEDIUM" "login-lockdown 2.07 Admin+.SQLi MEDIUM" "login-lockdown 2.07 Administrator+.SQL.Injection HIGH" "lazy-blocks 3.8.3 Reflected.XSS HIGH" "live-chat-facebook-fanpage No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "lifeline-donation No.known.fix Authentication.Bypass CRITICAL" "locked-payment-methods-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "locked-payment-methods-for-woocommerce 1.3.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "leadinfo 1.1 Settings.Update.via.CSRF MEDIUM" "listamester 2.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "listamester 2.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lite-wp-logger No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "live-flight-radar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "loginpress 4.0.0 Arbitrary.Options.Update.via.CSRF HIGH" "loginpress 1.6.3 Unauthenticated.Settings.Update MEDIUM" "loginpress 1.5.12 Reflected.Cross-Site.Scripting MEDIUM" "loginpress 1.1.14 Unauthorized.Blind.SQL.Injection CRITICAL" "like-dislike-plus-counter No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "leaflet-map 3.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "leaflet-map 3.0.0 Arbitrary.Settings.Update.via.CSRF.Leading.to.Stored.XSS MEDIUM" "leaflet-map 3.0.0 Contributor+.Stored.XSS MEDIUM" "lucas-string-replace No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "leira-cron-jobs 1.2.10 Reflected.Cross-Site.Scripting MEDIUM" "leopard-wordpress-offload-media 3.1.2 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update CRITICAL" "leopard-wordpress-offload-media No.known.fix WordPress.offload.media.<=.2.0.36.-.Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "leopard-wordpress-offload-media No.known.fix WordPress.offload.media.<=.2.0.36.-.Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "laybuy-gateway-for-woocommerce No.known.fix Missing.Authorization MEDIUM" "laybuy-gateway-for-woocommerce No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "linkify-text No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "link-whisper 0.7.9 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "link-whisper 0.7.0 Link.Whisper.Free.<.0,7,0 MEDIUM" "link-whisper 0.7.2 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "link-whisper 0.6.9 Reflected.Cross-Site.Scripting MEDIUM" "link-whisper 0.6.6 Authenticated.(Contributor+).SQL.Injection HIGH" "loggedin 1.3.2 Reflected.Cross-Site.Scripting MEDIUM" "league-table-lite 1.14 Tables.Cloning/Update/Deletion.via.CSRF MEDIUM" "lenxel-core No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lenxel-core No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "lenxel-core 1.2.5 Author+.Stored.XSS.via.SVG.File.Upload MEDIUM" "logdash-activity-log 1.1.4 Unauthenticated.SQLi HIGH" "latest-tweets-widget No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "light-poll No.known.fix Poll.Answers.Deletion.via.CSRF MEDIUM" "light-poll No.known.fix Polls.Deletion.via.CSRF MEDIUM" "login-me-now No.known.fix Authentication.Bypass HIGH" "leader No.known.fix Missing.Authorization MEDIUM" "login-rebuilder 2.8.1 Admin+.Stored.XSS LOW" "leanpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "larsens-calender No.known.fix Stored.Cross-Site.Scripting.(XSS) HIGH" "laika-pedigree-tree No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "login-designer 1.6.2 Reflected.Cross-Site.Scripting MEDIUM" "legalweb-cloud 1.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "live-composer-page-builder 1.5.43 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "live-composer-page-builder 1.5.43 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "live-composer-page-builder No.known.fix Author+.Stored.XSS MEDIUM" "live-composer-page-builder 1.5.39 Missing.Authorization MEDIUM" "live-composer-page-builder 1.5.36 Cross-Site.Request.Forgery MEDIUM" "live-composer-page-builder 1.5.29 .Author+.PHP.Object.Injection MEDIUM" "live-composer-page-builder 1.5.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "live-composer-page-builder 1.5.23 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "logo-carousel-free 3.4.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "logo-carousel-free 3.4.2 Unauthorised.Private.Post.Access MEDIUM" "livesupporti No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "local-sync 1.1.7 Missing.Authorization MEDIUM" "ltl-freight-quotes-purolator-freight-edition 2.2.4 Unauthenticated.SQL.Injection HIGH" "lemonade-sna-pinterest-edition No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "liquid-blocks 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "last-viewed-posts 1.0.2 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "last-viewed-posts 1.0.1 Unauthenticated.PHP.Object.Injection CRITICAL" "linked-orders-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "linked-orders-for-woocommerce 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "linkz-ai 1.2.0 Subscriber+.Plugin.Settings.Update MEDIUM" "linkz-ai 1.2.0 Unauthenticated.Plugin.Settings.Update MEDIUM" "leartes-try-exchange-rates No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "login-page-styler 7.1.2 Missing.Authorization.to.Authenticated.(Subsciber+).Log.Deletion.and.Session.Termination MEDIUM" "login-page-styler 7.1.2 Missing.Authorization.to.Authenticated.(Subscriber+)Privilege.Escalation HIGH" "login-page-styler 6.2.5 Admin+.Stored.XSS LOW" "limb-gallery No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Download MEDIUM" "limb-gallery No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "limb-gallery 1.5.6 Reflected.Cross-Site.Scripting MEDIUM" "limb-gallery 1.5.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "limb-gallery 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "legull No.known.fix Reflected.XSS HIGH" "lw-all-in-one 1.6.5 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "landing-pages 2.2.5 Reflected.Cross-Site.Scripting.(XSS) HIGH" "landing-pages 1.9.2 Unauthenticated.Remote.Command.Execution MEDIUM" "list-children 2.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "lucidlms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "livesync No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "leads-5050-visitor-insights 1.1.0 Unauthorised.License.Change HIGH" "leads-5050-visitor-insights 1.0.4 Unauthenticated.License.Change HIGH" "libro-de-reclamaciones No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "lj-custom-menu-links No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "lktags-linkedin-insight-tags 1.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "library-management-system No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "library-management-system No.known.fix Authenticated.(Admin+).SQL.Injection MEDIUM" "language-switcher-for-transposh 1.6.0 Reflected.Cross-Site.Scripting MEDIUM" "lime-developer-login No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "leadconnector 3.0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "leadconnector 1.8 Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "league-of-legends-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "league-of-legends-shortcodes No.known.fix Authenticated.(Contributor+).SQL.Injection.via.Shortcode MEDIUM" "lightbox-popup 2.1.6 Admin+.Stored.XSS LOW" "left-right-image-slideshow-gallery 12.1 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "lws-tools 2.4.2 Cross-Site.Request.Forgery MEDIUM" "lana-downloads-manager 1.10.0 Admin+.Arbitrary.File.Download.via.Path.Traversal MEDIUM" "lana-downloads-manager 1.8.0 Contributor+.Arbitrary.File.Download HIGH" "livechat-woocommerce 2.2.17 Cross-Site.Request.Forgery MEDIUM" "list-urls No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "lis-video-gallery No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "lingotek-translation No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "lockets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "link-juice-keeper 2.0.3 Admin+.Stored.XSS LOW" "learning-management-system 1.13.4 Authenticated.(Student+).Stored.Cross-Site.Scripting.via.Ask.a.Question.Functionality MEDIUM" "learning-management-system 1.13.4 Authenticated.(Student+).Missing.Authorization.to.Privilege.Escalation HIGH" "learning-management-system 1.11.5 LMS.<.1.11.5.-.Authenticated.(Student+).Insecure.Direct.Object.Reference MEDIUM" "learning-management-system 1.11.5 LMS.<.1.11.5.-.Missing.Authorization MEDIUM" "learning-management-system 1.12.0 LMS.<.1.12.0.-.Missing.Authorization MEDIUM" "learning-management-system 1.7.4 LMS.<.1.7.4.-.Insecure.Direct.Object.Reference MEDIUM" "learning-management-system 1.7.3 LMS.<.1.7.3.-.Unauthenticated.Privilege.Escalation CRITICAL" "learning-management-system 1.6.8 Information.Exposure MEDIUM" "location-piker No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ledenbeheer-external-connection 2.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "loginpress-pro 3.0.0 Captcha.Bypass MEDIUM" "loginpress-pro 3.0.0 Unauthenticated.License.Activation/Deactivation MEDIUM" "login-form-recaptcha No.known.fix Admin+.Stored.XSS LOW" "lh-copy-media-file 1.09 Reflected.Cross-Site.Scripting MEDIUM" "login-with-yourmembership 1.1.4 Admin+.Stored.XSS LOW" "lara-google-analytics 2.0.5 Authenticated.Stored.XSS HIGH" "labtools No.known.fix Subscriber+.Arbitrary.Publication.Deletion MEDIUM" "library-viewer 2.0.6.1 Contributor+.Stored.XSS MEDIUM" "ldap-wp-login-integration-with-active-directory 3.0.2 Reflected.Cross-Site.Scripting MEDIUM" "ldap-wp-login-integration-with-active-directory 3.0.2 Unauthenticated.Settings.Update.to.Auth.Bypass CRITICAL" "logaster-logo-generator No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "language-switcher 3.8.0 Reflected.Cross-Site.Scripting MEDIUM" "listdom 4.1.0 Open.Redirect MEDIUM" "listdom 3.7.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode.Parameter MEDIUM" "lock-my-bp 1.7.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "language-bar-flags No.known.fix CSRF.to.Stored.XSS HIGH" "linked-variation-for-woocommerce 2.0.0 CSRF MEDIUM" "latex No.known.fix Arbitrary.Settings.Update.via.CSRF.to.Stored.XSS MEDIUM" "local-delivery-drivers-for-woocommerce 1.9.1 Missing.Authorization.to.Driver.Account.Takeover HIGH" "local-delivery-drivers-for-woocommerce 1.9.0 Reflected.Cross-Site.Scripting MEDIUM" "local-delivery-drivers-for-woocommerce 1.8.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "littlebot-invoices No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "littlebot-invoices No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "listings-for-appfolio 1.2.1 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "lifterlms-gateway-paypal 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "lws-sms No.known.fix Cross-Site.Request.Forgery MEDIUM" "load-more-posts No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "login-redirect No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "lock-your-updates No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "luckywp-scripts-control 1.2.2 Missing.Authorization MEDIUM" "luckywp-scripts-control 1.2.2 CSRF.via.multiple.AJAX.actions LOW" "locateandfilter 1.6.16 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "live-stock-prices-for-wordpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "local-search-seo-contact-page No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "launchpad-by-obox No.known.fix Admin+.Stored.XSS LOW" "launchpad-by-obox No.known.fix CSRF MEDIUM" "linked-variation 1.0.4 Missing.Authorization MEDIUM" "link-optimizer-lite No.known.fix Stored.Cross-Site.Scripting.via.CSRF HIGH" "live-support-tickets 1.11.1 Unauthenticated.Information.Disclosure MEDIUM" "magic-action-box No.known.fix Contributor+.Stored.XSS MEDIUM" "mx-time-zone-clocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mx-time-zone-clocks 3.4.1 Contributor+.Cross-Site.Scripting MEDIUM" "my-custom-css No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "multi-rating No.known.fix Unauthenticated.Ratings.Update MEDIUM" "multi-rating No.known.fix Admin+.Stored.XSS LOW" "multi-rating 5.0.6 Reflected.XSS HIGH" "multi-rating 5.0.6 Ratings.Deletion.via.CSRF MEDIUM" "marmoset-viewer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "marmoset-viewer 1.9.3 Reflected.Cross.Site.Scripting HIGH" "myshopkit-popup-smartbar-slidein No.known.fix .Unauthenticated.Sensitive.Information.Exposure MEDIUM" "maintenance-coming-soon-redirect-animation 2.3.0 Missing.Authorization.to.Settings.Update MEDIUM" "maintenance-coming-soon-redirect-animation No.known.fix IP.Spoofing.to.Bypass MEDIUM" "mapme No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "microcopy No.known.fix Authenticated.SQL.Injection MEDIUM" "memeone No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mega-forms 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "mega-forms 1.2.5 Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "media-library-downloader 1.3.2 Missing.Authorization MEDIUM" "mailpress No.known.fix Arbitrary.Settings.Update.&.Log.Files.Purge.via.CSRF MEDIUM" "mhr-post-ticker 1.2 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "mobile-address-bar-changer No.known.fix Settings.Update.via.CSRF MEDIUM" "mojo-under-construction No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "master-slider No.known.fix Missing.Authorization MEDIUM" "master-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.ms_layer.Shortcode MEDIUM" "master-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.ms_slider.Shortcode MEDIUM" "master-slider 3.10.5 Editor+.Stored.XSS LOW" "master-slider 3.10.0 CSRF.to.slider.deletion MEDIUM" "master-slider 3.10.5 Reflected.Cross-Site.Scripting HIGH" "master-slider 3.10.0 Contributor+.Stored.XSS.via.ms_layer.Shortcode MEDIUM" "master-slider 3.9.10 Responsive.Touch.Slider.<.3.9.10.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "master-slider 3.9.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "master-slider 3.9.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "master-slider 3.9.7 Unauthenticated.PHP.Object.Injection CRITICAL" "master-slider 3.10.0 Contributor+.Stored.XSS MEDIUM" "master-slider 3.9.10 Editor+.Stored.XSS.via.slider.callback LOW" "master-slider 3.10.0 Sliders.Deletion.via.CSRF MEDIUM" "master-slider 3.7.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "master-slider 2.8.0 Reflected.Cross-Site.Scripting.(XSS) HIGH" "master-slider 2.5.2 Authenticated.Blind.SQL.Injection CRITICAL" "mercadolibre-integration No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "membersonic-lite 1.302 Authentication.Bypass CRITICAL" "metadata-seo No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "multimanager-wp 1.1.0 Authentication.Bypass.via.User.Impersonation CRITICAL" "media-downloader 0.4.7.6 Reflected.Cross-Site.Scripting MEDIUM" "media-downloader 0.4.7.5 Reflected.Cross-Site.Scripting MEDIUM" "marketer-addons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "moceansms-order-sms-notification-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "marketing-performance No.known.fix Reflected.XSS HIGH" "motors-car-dealership-classified-listings 1.4.72 Unauthenticated.Local.File.Inclusion CRITICAL" "motors-car-dealership-classified-listings 1.4.65 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Plugin.Installation HIGH" "motors-car-dealership-classified-listings 1.4.64 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "motors-car-dealership-classified-listings 1.4.67 Missing.Authorization.to.Authenticated.(Subscriber+).Wizard.Set-up MEDIUM" "motors-car-dealership-classified-listings 1.4.72 Contributor+.Local.File.Inclusion HIGH" "motors-car-dealership-classified-listings 1.4.72 Contributor+.Stored.XSS MEDIUM" "motors-car-dealership-classified-listings 1.4.58 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Deletion.and.Listing.Template.Creation MEDIUM" "motors-car-dealership-classified-listings 1.4.44 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution.via.Custom.Title MEDIUM" "motors-car-dealership-classified-listings 1.4.11 Missing.Authorization MEDIUM" "motors-car-dealership-classified-listings 1.4.7 Unauthenticated.SSRF MEDIUM" "motors-car-dealership-classified-listings 1.4.7 Reflected.XSS HIGH" "motors-car-dealership-classified-listings 1.4.5 CSRF MEDIUM" "motors-car-dealership-classified-listings 1.4.4 Car.Dealer,.Classifieds.&.Listing.<.1.4.4.-.Arbitrary.File.Upload CRITICAL" "motors-car-dealership-classified-listings 1.4.1 Multiple.Issues MEDIUM" "multi-day-booking-calendar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "moloni 4.8.0 Reflected.Cross-Site.Scripting MEDIUM" "mas-wp-job-manager-company 1.0.14 Reflected.Cross-Site.Scripting MEDIUM" "missing-widgets-for-elementor 1.3.5 Reflected.Cross-Site.Scripting MEDIUM" "missing-widgets-for-elementor 1.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "moova-for-woocommerce 3.8 Reflected.Cross-Site.Scripting HIGH" "marketplace-items No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "marketplace-items No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'marketplace'.Shortcode MEDIUM" "music-press-pro No.known.fix Missing.Authorization MEDIUM" "music-press-pro No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "minimalistic-event-manager No.known.fix Missing.Authorization MEDIUM" "meks-easy-ads-widget 2.0.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "mollie-forms 2.6.14 Cross-Site.Request.Forgery.to.Arbitrary.Post.Duplication MEDIUM" "mollie-forms 2.6.4 Missing.Authorization.to.Arbitrary.Post.Duplication MEDIUM" "mollie-forms 2.6.4 Missing.Authorization MEDIUM" "mobile-events-manager 1.4.8 Admin+.CSV.Injection LOW" "mobile-events-manager 1.4.4 Admin+.Stored.Cross-Site.Scripting LOW" "misiek-paypal No.known.fix Stored.XSS.via.CSRF HIGH" "media-from-ftp 11.17 Author+.Arbitrary.File.Access CRITICAL" "media-from-ftp 9.85 Authenticated.Directory.Traversal MEDIUM" "mjm-clinic 1.1.23 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "mjm-clinic 1.1.23 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "mail-subscribe-list 2.1.10 Contributor+.Stored.XSS MEDIUM" "mail-subscribe-list 2.1.4 Arbitrary.Subscribed.User.Deletion.via.CSRF MEDIUM" "mail-subscribe-list 2.1 Stored.XSS MEDIUM" "martins-link-network 1.2.30 Reflected.XSS HIGH" "maxab No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "melhor-envio-cotacao 2.15.12 Unauthenticated.Sensitive.Information.Exposure.via.Hardcoded.Hash MEDIUM" "mytube No.known.fix Reflected.Cross-Site.Scripting.via.addplaylistid MEDIUM" "multiplayer-plugin No.known.fix Reflected.Cross-Site.Scripting HIGH" "mapifylite 4.0.0 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "multicons 3.0 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "mojito-shipping 1.3.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "makecommerce 3.5.2 Reflected.Cross-Site.Scripting MEDIUM" "members-page-only-for-logged-in-users No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mg-parallax-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mdc-youtube-downloader No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mdc-youtube-downloader No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mdc-youtube-downloader 2.1.1 Local.File.Inclusion HIGH" "miguras-divi-maker No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "munk-sites No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.Plugin.Installation MEDIUM" "motopress-slider-lite No.known.fix Subscriber+.Stored.Cross-Site.Scripting CRITICAL" "motopress-slider-lite No.known.fix Reflected.Cross-Site.Scripting HIGH" "metricool 1.18 Admin+.Stored.XSS LOW" "mmx-make-me-christmas No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mailchimp-wp 2.5.8 Reflected.Cross-Site.Scripting MEDIUM" "mailchimp-wp 2.5.8 Authenticated.(Editor+).Stored.Cross-Site.Scripting.via.Form.Color.Parameters MEDIUM" "mailchimp-wp 2.5.5 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "menu-ordering-reservations 2.4.3 Reflected.Cross-Site.Scripting MEDIUM" "menu-ordering-reservations 2.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "menu-ordering-reservations 2.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "menu-ordering-reservations 2.3.7 Reflected.XSS HIGH" "menu-ordering-reservations 2.3.6 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "menu-ordering-reservations 2.3.1 Unauthorised.AJAX.Calls MEDIUM" "menu-ordering-reservations 2.3.2 Multiple.CSRF MEDIUM" "mindbody-access-management 2.0.9 Unauthorised.AJAX.call MEDIUM" "multilanguage 1.2.3 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "mobile-app-for-woocommerce No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "mediaview No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mediaview No.known.fix Reflected.Cross-Site.Scripting.via.id.Parameter MEDIUM" "mtouch-quiz No.known.fix Admin+.Stored.Cross.Site.Scripting LOW" "mtouch-quiz 3.1.3 Multiple.Vulnerabilities.XSS.&.CSRF MEDIUM" "my-quota No.known.fix Reflected.XSS HIGH" "mainwp-child 5.3 Authentication.Bypass HIGH" "mainwp-child 4.4.1.2 Sensitive.File.Disclosure MEDIUM" "mainwp-child 4.1.8 Admin+.SQL.Injection MEDIUM" "maniac-seo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mas-addons-for-elementor 1.1.8 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG MEDIUM" "mas-addons-for-elementor 1.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "media-library-plus 8.3.1 Missing.Authorization.to.Plugin.Settings.Change MEDIUM" "media-library-plus 8.2.4 Missing.Authorization.on.Various.Functions MEDIUM" "media-library-plus 8.2.3 Authenticated.(Subscriber+).Second-Order.SQL.Injection CRITICAL" "media-library-plus 8.2.1 Reflected.Cross-Site.Scripting.via.'s' MEDIUM" "media-library-plus 8.1.9 Authenticated.(Author+).Directory.Traversal MEDIUM" "media-library-plus 8.1.8 Authenticated.(Author+).SQL.Injection CRITICAL" "media-library-plus 7.1.2 Plugin.Reset.via.CSRF MEDIUM" "more-from-google No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mark-posts 2.2.5 Missing.Authorization MEDIUM" "mark-posts 2.0.1 Admin+.Stored.Cross-Site.Scripting LOW" "membership-by-supsystic No.known.fix Authenticated.SQL.Injection CRITICAL" "mshop-naver-talktalk 1.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mshop-naver-talktalk 1.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.add_plus_friends.and.add_plus_talk.Shortcodes MEDIUM" "music-sheet-viewer No.known.fix Unauthenticated.Arbitrary.File.Read HIGH" "music-sheet-viewer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mailrelay 2.1.2 Arbitrary.Settings.Update.via.CSRF MEDIUM" "memphis-documents-library 3.1.6 Arbitrary.File.Download CRITICAL" "mooberry-book-manager 4.15.13 Unauthenticated.Information.Exposure.via.Export.Files MEDIUM" "multiple-domain 1.0.3 XSS.in.Canonical/Alternate.Tags LOW" "menu-icons 0.13.14 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.Upload MEDIUM" "move-addons 1.3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "move-addons 1.3.6 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Elementor.Templates MEDIUM" "move-addons 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "move-addons 1.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "move-addons 1.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "move-addons 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "move-addons 1.3.0 Missing.Authorization MEDIUM" "move-addons 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "my-restaurant-menu No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "milat-jquery-automatic-popup No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-site.Scripting MEDIUM" "mega-addons-for-visual-composer 4.3.0 Contributor+.Stored.XSS MEDIUM" "mega-addons-for-visual-composer No.known.fix Subscriber+.Settings.Update MEDIUM" "mega-addons-for-visual-composer No.known.fix Settings.Update.via.CSRF MEDIUM" "my-wp-health-check No.known.fix Cross-Site.Request.Forgery MEDIUM" "miguras-divi-enhancer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "miguras-divi-enhancer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "meta-box 5.9.11 Missing.Authorization.to.Information.Exposure MEDIUM" "meta-box 5.9.4 Contributor+.Arbitrary.Posts'.Custom.Field.Disclosure LOW" "meta-box 5.9.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "meta-box 4.16.3 Unauthorised.File.Deletion MEDIUM" "meta-box 4.16.2 Mishandled.Uploaded.Files HIGH" "moveto No.known.fix Missing.Authorization.to.Unauthenticated.Options.Update CRITICAL" "moveto No.known.fix Unauthenticated.Directory.Traversal.to.Arbitrary.File.Deletion CRITICAL" "moveto No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "moveto No.known.fix Unauthenticated.SQL.Injection CRITICAL" "multimedial-images No.known.fix Admin+.SQLi MEDIUM" "mastercurrency-wp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Currency.Converter.Form.Shortcode MEDIUM" "moceanapi-sendsms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mambo-joomla-importer No.known.fix Authenticated.(Administrator+).PHP.Object.Injection HIGH" "mass-delete-unused-tags 3.0.0 Tags.Deletion.via.CSRF MEDIUM" "master-popups-lite No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "media-list 1.4.0 Contributor+.Stored.XSS MEDIUM" "media-list 1.4.1 Contributor+.Stored.XSS MEDIUM" "mighty-builder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "maps-for-wp 1.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "maps-for-wp 1.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "make-email-customizer-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting HIGH" "minify-html-markup 2.1.11 -.Regular.Expressions.Denial.of.Service MEDIUM" "minify-html-markup 2.1.8 Settings.Update.via.CSRF MEDIUM" "miniorange-wp-as-saml-idp 1.15.7 Authenticated.(Administrator+).SQL.Injection HIGH" "miniorange-wp-as-saml-idp 1.13.4 Admin+.Stored.Cross-Site.Scripting LOW" "make-builder 1.1.11 Authenticated.(Subscriber+).Server-Side.Request.Forgery.via.make_builder_ajax_subscribe.Function MEDIUM" "microkids-related-posts No.known.fix Cross-Site.Request.Forgery MEDIUM" "my-favorites 1.4.3 Contributor+.Stored.XSS MEDIUM" "my-favorites No.known.fix Contributor+.Stored.XSS MEDIUM" "mapster-wp-maps 1.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mapster-wp-maps 1.6.0 Incorrect.Authorization.to.Authenticated.(Contributor+).Arbitrary.Options.Update HIGH" "mapster-wp-maps 1.2.39 Contributor+.Stored.XSS MEDIUM" "mapster-wp-maps 1.2.36 Reflected.Cross-Site.Scripting MEDIUM" "mediaburst-ecommerce-sms-notifications 2.4.2 Cross-Site.Scripting.(XSS) MEDIUM" "mfolio-lite No.known.fix Contributor+.Stored.XSS MEDIUM" "mfolio-lite 1.2.2 Missing.Authorization.to.Authenticated.(Author+).File.Upload.via.EXE.and.SVG.Files CRITICAL" "musicbox No.known.fix Reflected.XSS HIGH" "multisite-post-duplicator 1.1.3 Cross-Site.Request.Forgery.(CSRF) HIGH" "memberspace 2.1.14 Reflected.Cross-Site.Scripting MEDIUM" "memberspace 2.1.14 Reflected.XSS MEDIUM" "media-category-library No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "miniorange-login-security 1.0.8 Reflected.Cross-Site.Scripting HIGH" "mainwp-code-snippets-extension 4.0.3 Subscriber+.Stored.XSS HIGH" "mainwp-code-snippets-extension 4.0.3 Subscriber+.Settings.Update MEDIUM" "mainwp-code-snippets-extension 4.0.3 Subscriber+.PHP.Objection.Injection HIGH" "media-cleaner 6.7.3 Unauthenticated.Information.Exposure MEDIUM" "mas-static-content 1.0.9 Authenticated.(Contributor+).Private.Static.Content.Page.Disclosure MEDIUM" "myworks-woo-sync-for-quickbooks-online 2.9.2 Reflected.Cross-Site.Scripting MEDIUM" "mail-control 0.3.0 Reflected.Cross-Site.Scripting MEDIUM" "mail-control 0.3.2 Unauthenticated.Stored.XSS.via.Email.Subject HIGH" "modern-designs-for-gravity-forms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "modern-designs-for-gravity-forms No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mark-new-posts 7.6 Missing.Authorization.via.save_options MEDIUM" "meet-my-team No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "momoyoga-integration 2.8.0 Contributor+.Stored.XSS MEDIUM" "meks-easy-social-share 1.2.8 Admin+.Stored.Cross-Site.Scripting LOW" "movies No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "mailchimp-subscribe-sm 4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mailchimp-subscribe-sm 4.0.9.8 Editor+.Stored.XSS LOW" "mailchimp-subscribe-sm 4.0.9.2 Admin+.Stored.XSS LOW" "mobile-contact-bar 3.0.5 Admin+.Stored.XSS LOW" "mainwp-google-analytics-extension 4.0.5 Subscriber+.SQLi HIGH" "mainwp-google-analytics-extension 4.0.5 Subscriber+.Settings.Update MEDIUM" "magic-google-maps No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "miniorange-oauth-20-server 4.0.1 Authentication.Bypass CRITICAL" "manager-for-icomoon 2.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "manager-for-icomoon 2.2 Contributor+.Stored.XSS MEDIUM" "my-waze No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "mobile-booster No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mobile-booster 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "marquee-style-rss-news-ticker No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mini-loops No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mmm-file-list No.known.fix Subscriber+.Arbitrary.Directory.Listing MEDIUM" "mmm-file-list No.known.fix Contributor+.Stored.XSS MEDIUM" "minimal-coming-soon-maintenance-mode 2.39 Missing.Authorization.to.Limited.Settings.Change MEDIUM" "minimal-coming-soon-maintenance-mode 2.38 Unauthenticated.Maintenance.Mode.Bypass LOW" "minimal-coming-soon-maintenance-mode 2.35 Multiple.Authenticated.Stored.XSS LOW" "minimal-coming-soon-maintenance-mode 2.15 Insecure.Permissions:.Enable.and.Disable.Maintenance.Mode HIGH" "minimal-coming-soon-maintenance-mode 2.15 CSRF.to.Stored.XSS.and.Setting.Changes HIGH" "minimal-coming-soon-maintenance-mode 2.17 Insecure.permissions:.Export.Settings/Theme.Change MEDIUM" "meta-data-filter 2.2.8 Arbitrary.Settings.Update.via.CSRF MEDIUM" "mwp-skype 4.0.4 Button.Deletion.via.CSRF MEDIUM" "mwp-skype 4.0.2 Reflected.XSS MEDIUM" "miniorange-malware-protection 4.7.3 Unauthenticated.Privilege.Escalation CRITICAL" "miniorange-malware-protection 4.7.3 Admin+.SQLi MEDIUM" "miniorange-malware-protection 4.7.2 IP.Spoofing MEDIUM" "miniorange-malware-protection 4.5.2 Admin+.Stored.Cross-Site.Scripting LOW" "mindvalley-pagemash No.known.fix Authenticated.(Editor+).SQL.Injection MEDIUM" "m-vslider No.known.fix Authenticated.(admin+).SQL.Injection HIGH" "msrp-for-woocommerce 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "mfplugin No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mywebtonet-performancestats No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "masterbip-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mybb-cross-poster No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "multi-page-toolkit No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "mycss No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "more-mime-type-filters No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "media-modal No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "my-chatbot No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "my-chatbot No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "meetup No.known.fix Authentication.Bypass CRITICAL" "material-design-icons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.mdi-icon.Shortcode MEDIUM" "mailmunch 3.2.0 Reflected.Cross-Site.Scripting MEDIUM" "mailmunch 3.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mailmunch 3.1.3 Settings.Update.via.CSRF MEDIUM" "magic-fields 1.7.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "miniorange-firebase-sms-otp-verification 3.6.1 Authentication.Bypass HIGH" "miniorange-firebase-sms-otp-verification 3.6.1 Unauthenticated.Arbitrary.User.Password.Change CRITICAL" "miniorange-firebase-sms-otp-verification 3.6.1 Privilege.Escalation.via.Registration.due.to.Administrator.Default.User.Role.Value CRITICAL" "mapplic-lite No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "mapplic-lite 1.0.1 SSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "mshop-mysite 1.1.8 Subscriber+.Settings.Update MEDIUM" "modern-events-calendar 7.13.0 Subscriber+.Server.Side.Request.Forgery HIGH" "modern-events-calendar 7.12.0 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "miniorange-2-factor-authentication 5.6.6 Missing.Authorization.to.Plugin.Settings.Change HIGH" "miniorange-2-factor-authentication 5.6.2 Subscriber+.Settings.Update MEDIUM" "miniorange-2-factor-authentication 5.5.75 Reflected.Cross-Site.Scripting MEDIUM" "miniorange-2-factor-authentication 5.5.6 Admin+.Stored.Cross-Site.Scripting LOW" "miniorange-2-factor-authentication 5.5 Unauthenticated.Arbitrary.Options.Deletion CRITICAL" "miniorange-2-factor-authentication 5.4.40 Reflected.Cross-Site.Scripting HIGH" "mobile-browser-color-select No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "mobile-login-woocommerce 2.3 Unauthenticated.Privilege.Escalation HIGH" "my-bootstrap-menu No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "membermouse 2.2.9 Blind.SQL.Injection CRITICAL" "my-wp-responsive-video No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mb-custom-post-type 2.7.7 Admin+.Stored.XSS LOW" "majestic-support 1.0.7 Unauthenticated.Local.File.Inclusion CRITICAL" "majestic-support 1.0.6 Unauthenticated.Sensitive.Information.Exposure.Through.Unprotected.Directory HIGH" "majestic-support 1.0.6 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "mobile-friendly-flickr-slideshow 2.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mobile-friendly-flickr-slideshow 2.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "minimum-purchase-for-woocommerce No.known.fix Contributor+.Stored.XSS MEDIUM" "mapfig-studio No.known.fix Stored.XSS.via.CSRF HIGH" "menus-plus No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "material-design-icons-for-elementor 1.4.3 Contributor+.Stored.XSS MEDIUM" "material-design-icons-for-elementor 1.4.3 Settings.Update.via.CSRF MEDIUM" "multilist-subscribe-for-sendy No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "multilist-subscribe-for-sendy No.known.fix Subscriber+.Arbitrary.Options.Update HIGH" "multilist-subscribe-for-sendy No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "multilist-subscribe-for-sendy No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "mapbox-for-wp-advanced No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "multifox-plus No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "multifox-plus 1.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "melascrivi No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "memorialday 1.1.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mdr-webmaster-tools No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "monitor-chat No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "melapress-login-security 2.1.1 Authenticated.(Administrator+).PHP.Object.Injection HIGH" "melapress-login-security 2.1.1 Missing.Authorization.to.Unauthenticated.Arbitrary.User.Deletion MEDIUM" "melapress-login-security 1.3.1 Authenticated.(Admin+).Remote.File.Inclusion MEDIUM" "month-name-translation-benaceur 2.3.8 Admin+.Stored.XSS LOW" "mobile-app 3.8.3 Missing.Authorization MEDIUM" "macme No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "my-shortcodes No.known.fix Missing.Authorization.via.Multiple.AJAX.Actions MEDIUM" "master-bar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "my-wp-translate 1.0.4 CSRF.&.XSS HIGH" "modal-popup-box 1.5.3 Authenticated.(Contributor+).PHP.Object.Injection.in.awl_modal_popup_box_shortcode HIGH" "menu-manager-ultra 1.0.8 Reflected.Cross-Site.Scripting MEDIUM" "meta-tags-for-seo 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "min-and-max-purchase-for-woocommerce No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mpoperationlogs No.known.fix Unauthenticated.Stored.XSS HIGH" "momo-venmo 4.2 Reflected.Cross-Site.Scripting MEDIUM" "master-blocks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "master-blocks No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "mabel-shoppable-images-lite 1.2.4 Arbitrary.Post.Deletion.via.CSRF MEDIUM" "menubar 5.9 Cross-Site.Request.Forgery MEDIUM" "menubar 5.8 Reflected.Cross-Site.Scripting MEDIUM" "mind3dom-ryebread-widgets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mystickymenu 2.7.3 Admin+.Stored.XSS LOW" "mystickymenu 2.7.2 Admin+.Stored.XSS LOW" "mystickymenu 2.6.8 Admin+.Stored.XSS LOW" "mystickymenu 2.6.7 CSV.Export.via.CSRF.to.Sensitive.Information.Disclosure LOW" "mystickymenu 2.6.5 Subscriber+.Arbitrary.Form.Leads.Deletion MEDIUM" "mystickymenu 2.5.2 Authenticated.Stored.XSS MEDIUM" "my-instagram-feed 3.1.2 Reflected.Cross-Site.Scripting MEDIUM" "my-instagram-feed 3.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mhr-custom-anti-copy No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "multiple-post-passwords 1.1.2 Admin+.Stored.XSS LOW" "mainwp-broken-links-checker-extension No.known.fix Unauthenticated.SQLi CRITICAL" "mwp-forms No.known.fix Admin+.SQL.Injection HIGH" "mailchimp-for-woocommerce 2.7.1 Subscriber+.SSRF MEDIUM" "mailchimp-for-woocommerce 2.7.2 Admin+.SSRF LOW" "media-file-renamer 5.7.8 Admin+.Remote.Code.Execution MEDIUM" "media-file-renamer 5.7.0 Sensitive.Information.Exposure.via.Log.File MEDIUM" "media-file-renamer 5.2.7 Auto.&.Manual.Rename.<.5.2.7.-.Media.Title/Filename/Locking.State.Update.via.CSRF MEDIUM" "mts-url-shortener No.known.fix Admin+.Stored.XSS LOW" "mts-url-shortener No.known.fix Reflected.XSS HIGH" "manage-user-columns 1.0.6 Cross-Site.Request.Forgery MEDIUM" "my-wp 1.24.1 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "mass-messaging-in-buddypress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "marquee-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mp-timetable 2.4.14 Admin+.PHP.Object.Injection MEDIUM" "mp-timetable 2.4.12 Authenticated.(Contributor+).SQL.Injection CRITICAL" "mp-timetable 2.4.2 Unauthorised.Event.TimeSlot.Deletion MEDIUM" "mp-timetable 2.4.0 Arbitrary.User's.Hashed.Password/Email/Username.Disclosure MEDIUM" "mp-timetable 2.4.2 Unauthorised.Event.TimeSlot.Update MEDIUM" "mp-timetable 2.3.19 Author+.Stored.Cross-Site.Scripting MEDIUM" "moreads-se 1.4.7 XSS MEDIUM" "mycurator 3.79 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "mycurator 3.77 Reflected.Cross-Site.Scripting MEDIUM" "mycurator 3.75 Cross-Site.Request.Forgery MEDIUM" "mass-custom-fields-manager No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "miniorange-limit-login-attempts 4.0.72 Admin+.Stored.Cross-Site.Scripting LOW" "miniorange-limit-login-attempts 4.0.50 Unauthenticated.Stored.Cross-Site.Scripting CRITICAL" "mj-contact-us No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "manage-shipyaari-shipping No.known.fix Admin+.Stored.XSS LOW" "medical-addon-for-elementor 1.6.3 Insecure.Direct.Object.Reference.to.Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Shortcode MEDIUM" "medical-addon-for-elementor No.known.fix Contributor+.Stored.XSS MEDIUM" "media-net-ads-manager No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "maintenance-switch No.known.fix Theme.Files.Creation/Deletion.via.CSRF MEDIUM" "maintenance-switch No.known.fix Reflected.XSS HIGH" "mobile-bottom-menu-for-wp No.known.fix Missing.Authorization MEDIUM" "media-slider 1.4.0 Missing.Authorization MEDIUM" "mousewheel-smooth-scroll 5.7 Plugin's.Setting.Update.via.CSRF MEDIUM" "more-better-reviews-for-woocommerce No.known.fix Missing.Authorization MEDIUM" "more-better-reviews-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "more-better-reviews-for-woocommerce 3.0.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "microsoft-clarity 0.9.4 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "microsoft-clarity 0.4 Admin+.Stored.Cross-Site.Scripting LOW" "masterslider No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "masterslider No.known.fix Authenticated.(Editor+).SQL.Injection HIGH" "masterslider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "magical-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mailoptin 1.2.70.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mailoptin 1.2.54.1 Admin+.Stored.XSS LOW" "mailoptin 1.2.50.0 Unauthenticated.Campaign.Cache.Deletion MEDIUM" "mailoptin 1.2.35.2 Unauthorised.AJAX.Call MEDIUM" "mini-course-generator 1.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mapwiz No.known.fix Admin+.SQLi MEDIUM" "memberlite-shortcodes 1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.memberlite_accordion.Shortcode MEDIUM" "memberlite-shortcodes 1.3.9 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "mihdan-index-now 2.6.4 Cross-Site.Request.Forgery.via.reset_form HIGH" "minterpress No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Content.Deletion HIGH" "minterpress No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "mihanpanel-lite 12.7 Cross-Site.Request.Forgery MEDIUM" "mapplic 6.2.1 SSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "modal-dialog 3.5.15 Reflected.XSS HIGH" "modal-dialog 3.5.10 Admin+.Stored.XSS LOW" "multi-step-form 1.7.24 Missing.Authorization.to.Unauthenticated.Limited.File.Upload MEDIUM" "multi-step-form 1.7.22 Missing.Authorization.via.fw_delete_files MEDIUM" "multi-step-form 1.7.19 Form.Deletion.via.CSRF MEDIUM" "multi-step-form 1.7.17 Admin+.Stored.XSS LOW" "multi-step-form 1.7.13 Form.Update/Deletion.via.CSRF MEDIUM" "multi-step-form 1.7.8 Admin+.Stored.XSS LOW" "multi-step-form 1.2.6 Cross-Site.Scripting.(XSS) MEDIUM" "multi-step-form 1.2.6 Multiple.Unauthenticated.Reflected.XSS MEDIUM" "my-geo-posts-free No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "mz-mindbody-api 2.8.3 Unauthorised.AJAX.Calls HIGH" "mobile-app-editor 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "mobile-app-editor 1.1.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "motopress-hotel-booking-lite 4.11.2 Unauthenticated.PHP.Object.Injection CRITICAL" "motopress-hotel-booking-lite 4.8.5 Unauthenticated.Arbitrary.File.Download.&.Deletion CRITICAL" "motopress-hotel-booking-lite 4.7.0 Settings.Update.via.CSRF MEDIUM" "mh-board No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "meta-slider-and-carousel-with-lightbox 2.0.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "markdown-on-save-improved 2.5.1 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "mypixs No.known.fix Unauthenticated.Local.File.Inclusion.(LFI) HIGH" "marketing-automation 1.2.6.9 Reflected.Cross-Site.Scripting MEDIUM" "mww-disclaimer-buttons 3.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "magical-posts-display 1.2.39 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mp3-jplayer No.known.fix Multiple.CSRF MEDIUM" "mp3-jplayer 2.5 Full.Path.Disclosure MEDIUM" "multi-video-box No.known.fix Reflected.Cross-Site.Scripting.via.video_id.and.group_id.Parameters MEDIUM" "members-import No.known.fix XSS.via.Imported.CSV MEDIUM" "modal-portfolio No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "mobile-pages No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mobile-pages No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mobile-pages 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mediaburst-email-to-sms No.known.fix Authenticated(Administrator+).SQL.Injection MEDIUM" "mediaburst-email-to-sms 3.0.0 Cross-Site.Scripting.(XSS) MEDIUM" "mihdan-no-external-links 5.0.2 Admin+.Stored.Cross-Site.Scripting LOW" "mihdan-yandex-turbo-feed 1.6.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "maximum-products-per-user-for-woocommerce 4.2.9 Reflected.Cross-Site.Scripting MEDIUM" "ml-slider 3.95.0 Editor+.Stored.XSS LOW" "ml-slider 3.95.0 Editor+.Stored.XSS LOW" "ml-slider 3.95.0 Authenticated.(Editor+).PHP.Object.Injection HIGH" "ml-slider 3.70.1 Contributor+.Stored.Cross-Site.Scripting.via.metaslider.Shortcode MEDIUM" "ml-slider 3.29.1 Reflected.XSS HIGH" "ml-slider 3.27.9 Admin+.Stored.Cross.Site.Scripting LOW" "ml-slider 3.17.2 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "marketking-multivendor-marketplace-for-woocommerce 2.0.0 Authenticated.(Shop.Manager+).Stored.Cross-Site.Scripting MEDIUM" "marketking-multivendor-marketplace-for-woocommerce 2.0.25 Missing.Authorization MEDIUM" "mlanguage No.known.fix Cross-Site.Request.Forgery MEDIUM" "mail-boxes-etc 2.2.1 Cross-Site.Request.Forgery MEDIUM" "mail-boxes-etc 2.2.1 Information.Exposure MEDIUM" "mail-boxes-etc 2.3.0 Reflected.XSS HIGH" "monkee-boy-wp-essentials No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "material-dashboard 1.4.7 Unauthenticated.Privilege.Escalation CRITICAL" "material-dashboard 1.4.6 Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "material-dashboard 1.4.6 Unauthenticated.Local.File.Inclusion CRITICAL" "material-dashboard 1.4.6 Unauthenticated.Privilege.Escalation CRITICAL" "metrika No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "map-addons-for-elementor-waze-map No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "my-wish-list 1.4.2 Multiple.Parameter.XSS MEDIUM" "magic-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "material-design-for-contact-form-7 No.known.fix Subscriber+.Arbitrary.Settings.Update.leading.to.DoS MEDIUM" "material-design-for-contact-form-7 No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "migrate-post No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "moka-get-posts No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mailcwp 1.110 Unauthenticated.Arbitrary.File.Upload CRITICAL" "macro-admin-email-data-optin-calculator No.known.fix Unauthenticated.Information.Disclosure MEDIUM" "mytweetlinks No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "mail-masta No.known.fix Multiple.SQL.Injection CRITICAL" "mail-masta No.known.fix Unauthenticated.Local.File.Inclusion.(LFI) HIGH" "mw-wp-form 5.1.0 Editor+.Stored.XSS MEDIUM" "mw-wp-form 5.0.4 Improper.Limitation.of.File.Name.to.Unauthenticated.Arbitrary.File.Deletion HIGH" "mw-wp-form 5.0.2 Unauthenticated.Arbitrary.File.Upload HIGH" "mw-wp-form 5.0.0 Missing.Authorization MEDIUM" "mw-wp-form 4.4.3 Unauthenticated.Path.Traversal MEDIUM" "my-wp-tabs 2.2.7 Admin+.Stored.XSS LOW" "mwp-countdown No.known.fix Admin+.SQLi MEDIUM" "mp3-music-player-by-sonaar 5.9.5 Missing.Authorization MEDIUM" "mp3-music-player-by-sonaar 5.9.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Podcast.RSS.Feed MEDIUM" "mp3-music-player-by-sonaar 5.9 Missing.Authorization MEDIUM" "mp3-music-player-by-sonaar 5.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sonaar_audioplayer.Shortcode MEDIUM" "mp3-music-player-by-sonaar 5.7.1 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "mp3-music-player-by-sonaar 5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sonaar_audioplayer.Shortcode MEDIUM" "mp3-music-player-by-sonaar 5.0 Unauthenticated.Arbitrary.File.Download MEDIUM" "mp3-music-player-by-sonaar 5.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mp3-music-player-by-sonaar 5.1.1 Missing.Authorization MEDIUM" "mp3-music-player-by-sonaar 4.10.1 Missing.Authorization.to.Template.Import MEDIUM" "mp3-music-player-by-sonaar 2.4.2 Multiple.Admin+.Cross.Site.Scripting LOW" "mass-email-to-users 1.1.5 Reflected.XSS HIGH" "mm-email2image No.known.fix Contributor+.Stored.XSS MEDIUM" "mm-email2image No.known.fix Stored.XSS.via.CSRF HIGH" "moving-users 1.10 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "mstore-api 4.17.5 Unauthenticated.Limited.Privilege.Escalation MEDIUM" "mstore-api 4.16.5 Authenticated.(Subscriber+).HTML.File.Upload.(Stored.Cross-Site.Scripting) MEDIUM" "mstore-api 4.15.8 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "mstore-api 4.15.4 Authenticated.(Subscriber+).Limited.Arbitrary.File.Upload MEDIUM" "mstore-api 4.15.4 Unauthorized.User.Registration HIGH" "mstore-api 4.15.3 Authentication.Bypass.to.Account.Takeover HIGH" "mstore-api 4.15.0 Authentication.Bypass CRITICAL" "mstore-api 4.10.2 Cross-Site.Request.Forgery MEDIUM" "mstore-api 4.0.7 Subscriber+.SQLi HIGH" "mstore-api 3.9.8 Unauthenticated.SQL.Injection HIGH" "mstore-api 4.0.2 Unauthenticated.SQL.Injection CRITICAL" "mstore-api 3.9.7 Subscriber+.Unauthorized.Settings.Update MEDIUM" "mstore-api 4.10.8 Unauthenticated.Privilege.Escalation CRITICAL" "mstore-api 3.9.9 Unauthenticated.Privilege.Escalation CRITICAL" "mstore-api 3.9.8 Unauthenticated.Blind.SQLi HIGH" "mstore-api 3.9.7 Multiple.CSRF MEDIUM" "mstore-api 3.9.3 Authentication.Bypass CRITICAL" "mstore-api 3.9.2 Authentication.Bypass CRITICAL" "mstore-api 3.9.1 Authentication.Bypass CRITICAL" "mstore-api 3.4.5 Unauthenticated.PHP.File.Upload CRITICAL" "mstore-api 3.2.0 Authentication.Bypass.With.Sign.In.With.Apple HIGH" "mstore-api 2.1.6 Unauthenticated.Arbitrary.Account.Creation/Edition HIGH" "masterstudy-elementor-widgets 1.2.3 Missing.Authorization MEDIUM" "memberful-wp 1.74.0 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "memberful-wp 1.73.8 Authenticated.(contributor+).Stored.Cross-Site.Scripting MEDIUM" "modify-comment-fields 1.04 Reflected.Cross-Site.Scripting MEDIUM" "magic-login-api No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "monetize No.known.fix Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "marketing-optimizer No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "my-tickets 2.0.17 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "my-tickets 2.0.10 Missing.Authorization MEDIUM" "my-tickets 1.9.11 Bulk.Emailing.via.CSRF MEDIUM" "my-tickets 1.8.31 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "metasync 1.8.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "modal-survey No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "modal-survey No.known.fix Unauthenticated.SQL.Injection HIGH" "modal-survey No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "mobigatevn No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "manage-gravity-forms-stripe-subscriptions 4.1.6 Reflected.Cross-Site.Scripting MEDIUM" "manage-gravity-forms-stripe-subscriptions 4.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "my-calendar 3.4.24 Authenticated.Stored.XSS MEDIUM" "my-calendar 3.4.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "my-calendar 3.4.22 Unauthenticated.SQL.Injection CRITICAL" "my-calendar 3.4.4 Cross-Site.Request.Forgery MEDIUM" "my-calendar 3.3.25 Event/Location.Deletion.via.CSRF MEDIUM" "my-calendar 3.2.18 Subscriber+.Reflected.Cross-Site.Scripting MEDIUM" "my-calendar 3.1.10 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "mipl-wc-multisite-sync 1.1.6 Unauthenticated.Arbitrary.File.Download HIGH" "menu-shortcode No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "maintenance 4.03 Authenticated.Stored.XSS MEDIUM" "mightyforms 1.3.10 Missing.Authorization MEDIUM" "mightyforms 1.3.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "myanime-widget No.known.fix Cross-Site.Request.Forgery.to.Privilege.Escalation CRITICAL" "media-alt-renamer No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via._wp_attachment_image_alt.postmeta MEDIUM" "magazine-lister-for-yumpu No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "meks-smart-social-widget No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "meks-smart-social-widget 1.6.4 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "molongui-authorship 4.7.8 Authenticated.(Author+).Insecure.Direct.Object.Reference MEDIUM" "molongui-authorship 4.7.8 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "molongui-authorship 4.7.5 Information.Exposure.via.ma_debug MEDIUM" "molongui-authorship 4.7.4 Missing.Authorization MEDIUM" "molongui-authorship 4.6.20 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "molongui-authorship 4.6.20 Reflected.XSS HIGH" "multilang-contact-form No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mitm-bug-tracker No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "meks-easy-instagram-widget 1.2.4 Subscriber+.Settings.Update.to.Stored.XSS MEDIUM" "moceanapi-abandoned-carts No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mapfig-premium-leaflet-map-maker No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "mayosis-core 5.4.2 Unauthenticated.Arbitrary.File.Read HIGH" "multiparcels-shipping-for-woocommerce 1.16.9 Cross-Site.Request.Forgery MEDIUM" "multiparcels-shipping-for-woocommerce 1.15.4 Reflected.XSS HIGH" "multiparcels-shipping-for-woocommerce 1.15.2 Arbitrary.Shipment.Deletion.via.CSRF MEDIUM" "multiparcels-shipping-for-woocommerce 1.14.14 Subscriber+.Arbitrary.Shipment.Deletion MEDIUM" "multiparcels-shipping-for-woocommerce 1.15.4 Reflected.XSS HIGH" "multiparcels-shipping-for-woocommerce 1.14.15 Subscriber+.SQLi HIGH" "matrix-pre-loader No.known.fix Cross-Site.Request.Forgery MEDIUM" "market-exporter 2.0.22 Missing.Authorization MEDIUM" "market-exporter 2.0.20 Missing.Authorization.to.Arbitrary.File.Deletion HIGH" "market-exporter 2.0.19 Reflected.Cross-Site.Scripting MEDIUM" "market-exporter 2.0.14 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mtphr-widgets No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mobile-navigation No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "miniorange-saml-20-single-sign-on 5.0.5 Missing.Authorization.to.notice.dismissal MEDIUM" "miniorange-saml-20-single-sign-on 16.0.8 Open.Redirect.in.SSO.login MEDIUM" "miniorange-saml-20-single-sign-on 20.0.7 Open.Redirect.in.SSO.login MEDIUM" "miniorange-saml-20-single-sign-on 12.1.0 Open.Redirect.in.SSO.login MEDIUM" "miniorange-saml-20-single-sign-on 4.8.84 Cross-Site.Scripting.(XSS).via.Crafted.SAML.XML.Response MEDIUM" "miniorange-saml-20-single-sign-on 4.8.73 Cross-Site.Scripting.(XSS) MEDIUM" "multisafepay 4.16.0 Unauthenticated.Arbitrary.File.Access HIGH" "modern-polls No.known.fix Cross-Site.Request.Forgery MEDIUM" "miniorange-discord-integration 2.1.6 Subscriber+.App.Disabling MEDIUM" "myorderdesk 3.3.0 Contributor+.Stored.XSS MEDIUM" "modify-profile-fields-dashboard-menu-buttons 1.04 Reflected.Cross-Site.Scripting MEDIUM" "master-elements No.known.fix Unauthenticated.SQLi CRITICAL" "mobile-blocks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mobile-blocks 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mycbgenie-clickbank-storefront No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "miniorange-login-openid 200.3.10 Authentication.Bypass HIGH" "miniorange-login-openid 7.6.7 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "miniorange-login-openid 7.6.5 Authentication.Bypass CRITICAL" "miniorange-login-openid 7.6.0 Admin+.Stored.XSS LOW" "miniorange-login-openid 7.5.15 Multiple.CSRF MEDIUM" "miniorange-login-openid 7.6.1 Unauthenticated.Arbitrary.Content.Deletion MEDIUM" "meta-tag-manager 3.2 Missing.Authorization MEDIUM" "meta-tag-manager 3.1 Subscriber+.PHP.Object.Injection HIGH" "meta-tag-manager 2.1 Reflected.Cross-Site.Scripting MEDIUM" "magicpost 1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wb_share_social.Shortcode MEDIUM" "map-block-gutenberg 1.32 Unauthorised.Google.API.Key.change MEDIUM" "mediavine-create 1.9.9 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "mediavine-create 1.9.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mediavine-create 1.9.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Schema.Meta.Shortcode MEDIUM" "mediavine-create 1.9.5 Unauthenticated.SQLi HIGH" "mail-integration-365 1.9.1 Reflected.XSS HIGH" "mwp-herd-effect 6.2.2 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "mwp-herd-effect 5.2.7 Effect.Deletion.via.CSRF MEDIUM" "mwp-herd-effect 5.2.4 Effect.Deletion.via.CSRF MEDIUM" "mwp-herd-effect 5.2.3 Admin+.Stored.XSS LOW" "mwp-herd-effect 5.2.2 Reflected.XSS MEDIUM" "mwp-herd-effect 5.2.1 Admin+.LFI MEDIUM" "my-related-posts No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mind-doodle-sitemap No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "media-element-html5-video-and-audio-player No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "moose-elementor-kit 1.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "moose-elementor-kit 1.1.0 Reflected.Cross-Site.Scripting MEDIUM" "mime-types-extended No.known.fix Author+.Stored.XSS.via.SVG.Upload MEDIUM" "mainwp 5.0 Cross-Site.Request.Forgery.via.posting_bulk MEDIUM" "mainwp 4.4.3.4 Authenticated.(Administrator+).SQL.Injection HIGH" "mainwp 4.5.1.3 Authenticated(Administrator+).CSS.Injection LOW" "mobile-smart No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mshop-npay 3.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.mnp_purchase.Shortcode MEDIUM" "my-idx-home-search 2.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "my-idx-home-search 2.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mega-elements-addons-for-elementor 1.2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mega-elements-addons-for-elementor 1.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mega-elements-addons-for-elementor 1.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mega-elements-addons-for-elementor 1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Widget MEDIUM" "mega-elements-addons-for-elementor 1.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "media-download No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "media-download 1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mortgage-calculators-wp 1.60 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mortgage-calculators-wp 1.56 Admin+.Stored.Cross-Site.Scripting LOW" "mobile-banner 1.6 CSRF MEDIUM" "media-library-assistant 3.25 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "media-library-assistant 3.24 Reflected.Cross-Site.Scripting.via.smc_settings_tab,.unattachfixit-action,.and.woofixit-action.Parameters MEDIUM" "media-library-assistant 3.20 Authenticated.(Administrator+).Remote.Code.Execution HIGH" "media-library-assistant 3.19 Authenticated.(Author+).Arbitrary.File.Upload.via.mla-inline-edit-upload-scripts.AJAX.Action HIGH" "media-library-assistant 3.18 Reflected.Cross-Site.Scripting MEDIUM" "media-library-assistant 3.17 Authenticated.(Contributor+).SQL.Injection.via.order.Parameter HIGH" "media-library-assistant 3.16 Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "media-library-assistant 3.16 Reflected.Cross-Site.Scripting HIGH" "media-library-assistant 3.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.mla_gallery.Shortcode MEDIUM" "media-library-assistant 3.14 Authenticated.(Contributor+).SQL.Injection.via.Shortcode MEDIUM" "media-library-assistant 3.12 Author+.Stored.XSS MEDIUM" "media-library-assistant 3.11 Contributor+.Stored.XSS MEDIUM" "media-library-assistant 3.10 Unauthenticated.Local/Remote.File.Inclusion.&.Remote.Code.Execution HIGH" "media-library-assistant 3.08 Reflected.Cross-Site.Scripting MEDIUM" "media-library-assistant 3.06 Admin+.SQLi MEDIUM" "media-library-assistant 3.01 Unauthenticated.Error.Log.Access LOW" "media-library-assistant 2.90 Authenticated.Blind.SQL.Injection MEDIUM" "media-library-assistant 2.82 Authenticated.RCE CRITICAL" "media-library-assistant 2.82 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "media-library-assistant 2.82 Unauthenticated.Limited.Local.File.Inclusion HIGH" "media-library-assistant 2.7.4 Cross-Site.Scripting.(XSS) MEDIUM" "mollie-payments-for-woocommerce 7.8.0 .Unauthenticated.Full.Path.Disclosure MEDIUM" "mollie-payments-for-woocommerce 7.3.12 Authenticated.(Shop.Manager+).Arbitrary.File.Upload HIGH" "media-file-manager No.known.fix Authenticated.Multiple.Vulnerabilities MEDIUM" "matomo 5.1.1 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "matomo 5.0.1 Reflected.Cross-Site.Scripting.via.idsite MEDIUM" "mappress-google-maps-for-wordpress 2.94.10 Admin+.Stored.XSS LOW" "mappress-google-maps-for-wordpress 2.94.9 Contributor+.Stored.XSS MEDIUM" "mappress-google-maps-for-wordpress 2.94.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Map.Block MEDIUM" "mappress-google-maps-for-wordpress 2.93 Admin+.Stored.XSS.via.Map.Settings LOW" "mappress-google-maps-for-wordpress 2.88.17 Contributor+.Stored.XSS.via.Map.Settings MEDIUM" "mappress-google-maps-for-wordpress 2.88.15 Contributor+.Stored.XSS MEDIUM" "mappress-google-maps-for-wordpress 2.88.16 Unauthenticated.Arbitrary.Private/Draft.Post.Disclosure MEDIUM" "mappress-google-maps-for-wordpress 2.88.14 Contributor+.Stored.XSS MEDIUM" "mappress-google-maps-for-wordpress 2.88.5 Contributor+.Stored.XSS MEDIUM" "mappress-google-maps-for-wordpress 2.85.5 Contributor+.SQL.Injection MEDIUM" "mappress-google-maps-for-wordpress 2.73.13 Admin+.File.Upload.to.Remote.Code.Execution MEDIUM" "mappress-google-maps-for-wordpress 2.73.4 Reflected.Cross-Site.scripting MEDIUM" "mappress-google-maps-for-wordpress 2.54.6 Improper.Capability.Checks.in.AJAX.Calls CRITICAL" "mappress-google-maps-for-wordpress 2.53.9 Remote.Code.Execution.(RCE).due.to.Incorrect.Access.Control.in.AJAX.Actions CRITICAL" "mappress-google-maps-for-wordpress 2.53.9 Authenticated.Map.Creation/Deletion.Leading.to.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "map-multi-marker No.known.fix Reflected.Cross-Site.Scripting HIGH" "media-library-helper 1.3.0 Cross-Site.Request.Forgery MEDIUM" "my-loginlogout No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "microsoft-advertising-universal-event-tracking-uet 1.0.4 Admin+.Stored.Cross-Site.Scripting LOW" "melapress-login-security-premium 2.1.1 Missing.Authorization.to.Unauthenticated.Arbitrary.User.Deletion MEDIUM" "my-reading-library No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "mass-pagesposts-creator 2.1.7 Reflected.Cross-Site.Scripting MEDIUM" "mass-pagesposts-creator 2.1.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mass-pagesposts-creator 1.2.5 DoS MEDIUM" "my-wp-brand 1.1.3 Missing.Authorization MEDIUM" "music-player-for-elementor 2.4.2 Missing.Authorization.to.Authenticated.(Subscriber+).Template.Import MEDIUM" "music-player-for-elementor 1.5.9.9 Reflected.Cross-Site.Scripting MEDIUM" "music-player-for-elementor 1.5.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mycustomwidget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mrlegend-typedjs No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.typespeed.Parameter MEDIUM" "migrate-shopify-to-woocommerce No.known.fix Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "mycred 2.7.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.mycred_send.Shortcode MEDIUM" "mycred 2.7.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.mycred_link.Shortcode MEDIUM" "mycred 2.7.4 Missing.Authorization.to.Unauthenticated.Database.Upgrade MEDIUM" "mycred 2.7.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mycred 2.7.3 Unauthenticated.PHP.Object.Injection HIGH" "mycred 2.7.3 Unauthenticated.Information.Exposure MEDIUM" "mycred 2.6.4 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "mycred 2.6.2 Contributor+.Stored.XSS MEDIUM" "mycred 2.5.3 Reflected.Cross-Site.Scripting MEDIUM" "mycred 2.5.1 Cross-Site.Request.Forgery MEDIUM" "mycred 2.4.4.1 Subscriber+.User.E-mail.Addresses.Disclosure MEDIUM" "mycred 2.4.4 Subscriber+.Arbitrary.Post.Creation MEDIUM" "mycred 2.4.4 Subscriber+.Import/Export.to.Email.Address.Disclosure MEDIUM" "mycred 2.4.4 Reflected.Cross-Site.Scripting MEDIUM" "mycred 2.4.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mycred 2.4 Reflected.Cross-Site.Scripting HIGH" "mycred 2.3 Subscriber+.SQL.Injection HIGH" "mycred 1.7.8 Reflected.Cross-Site.Scripting HIGH" "multisite-robotstxt-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "multisite-robotstxt-manager No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "moolamojo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "my-content-management 1.7.7 Admin+.Stored.XSS LOW" "max-addons-pro-bricks 1.6.2 Reflected.Cross-Site.Scripting MEDIUM" "max-addons-pro-bricks 1.6.2 Missing.Authorization MEDIUM" "maxbuttons 9.8.4 Admin+.Stored.XSS LOW" "maxbuttons 9.8.1 Admin+.Stored.XSS.via.Text.Color LOW" "maxbuttons 9.8.1 Admin+.Stored.XSS.via.Button.Width LOW" "maxbuttons 9.8.0 Full.Path.Disclosure MEDIUM" "maxbuttons 9.7.8 Editor+.Stored.XSS LOW" "maxbuttons 9.7.7 Contributor+.Stored.XSS MEDIUM" "maxbuttons 9.7.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "maxbuttons 9.6 Contributor+.Stored.XSS MEDIUM" "maxbuttons 9.3 Arbitrary.Settings.Update.via.CSRF MEDIUM" "maxbuttons 9.3 Admin+.Stored.Cross-Site.Scripting LOW" "maxbuttons 6.19 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "multiple-location-google-map No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mt-addons-for-elementor 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mq-woocommerce-products-price-bulk-edit No.known.fix XSS MEDIUM" "mapping-multiple-urls-redirect-same-page No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "makewebbetter-hubspot-for-woocommerce 1.6.0 Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.Options.Update HIGH" "media-file-organizer No.known.fix Directory.Traversal MEDIUM" "megamenu 3.3.1 Missing.Authorization MEDIUM" "megamenu 2.4 Authenticated.XSS MEDIUM" "mcjh-button-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "m1downloadlist No.known.fix Authenticated.(Contributor+).Sensitive.Information.Disclosure MEDIUM" "m1downloadlist 0.20 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "menu-image 3.11 Admin+.Stored.XSS LOW" "menu-image 3.10 Reflected.Cross-Site.Scripting MEDIUM" "menu-image 3.0.8 Subscriber+.Stored.Cross-Site.Scripting HIGH" "menu-image 3.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "md-custom-content No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mantenimiento-web 0.14 Stored.XSS.via.CSRF MEDIUM" "mantenimiento-web 0.14 Admin+.Stored.XSS LOW" "music-let-loose-mp3-audio-player No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "my-account-page-editor 1.3.2 Subscriber+.Arbitrary.File.Upload CRITICAL" "media-hygiene 3.0.2 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Attachment.Deletion MEDIUM" "meteor-slides No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "meteor-slides No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "meteor-slides 1.5.7 Contributor+.Stored.XSS MEDIUM" "multi-purpose-mail-form No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "multi-purpose-mail-form No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "msync No.known.fix Authenticated.(Administrator+).SQL.Injection HIGH" "muzaara-adwords-optimize-dashboard No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "muzaara-adwords-optimize-dashboard No.known.fix Information.Exposure MEDIUM" "music-pack-for-elementor No.known.fix Contributor+.Stored.XSS MEDIUM" "mystickyelements 2.1.4 Unauthenticated.Unauthorised.Action MEDIUM" "mystickyelements 2.1.2 Admin+.Stored.Cross-Site.Scripting LOW" "mystickyelements 2.0.9 Admin+.SQLi MEDIUM" "mystickyelements 2.0.4 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "ms-registration No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "ms-registration No.known.fix Missing.Authorization MEDIUM" "multi-column-taxonomy-list No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mygallery No.known.fix Unauthenticated.File.Inclusion CRITICAL" "mycryptocheckout 2.126 CSRF MEDIUM" "mycryptocheckout 2.124 Reflected.XSS HIGH" "makestories-helper 3.0.4 Authenticated.(Subscriber+).Arbitrary.File.Download.and.Server-Side.Request.Forgery MEDIUM" "makestories-helper 3.0.3 Settings.Update.via.CSRF MEDIUM" "multiple-shipping-address-woocommerce 2.0 Unauthenticated.SQLi HIGH" "magical-addons-for-elementor 1.3.7 Contributor+.Stored.XSS MEDIUM" "magical-addons-for-elementor 1.2.5 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Elementor.Template MEDIUM" "magical-addons-for-elementor 1.2.3 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "magical-addons-for-elementor 1.1.42 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "magical-addons-for-elementor 1.1.42 Contributor+.Stored.XSS MEDIUM" "magical-addons-for-elementor 1.1.40 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "magical-addons-for-elementor 1.1.35 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "magical-addons-for-elementor 1.1.38 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Text.Effect.Widget MEDIUM" "members 3.2.11 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "music-store 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "music-store 1.1.14 WordPress.eCommerce.<.1.1.14.-.Authenticated.(Admin+).SQL.Injection CRITICAL" "music-store 1.0.43 Cross-Site.Scripting.(XSS) MEDIUM" "magic-post-voice No.known.fix Reflected.Cross-Site.Scripting HIGH" "mad-mimi No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mp-restaurant-menu 2.4.5 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "mp-restaurant-menu 2.4.2 Admin+.Stored.Cross.Site.Scripting LOW" "menu-swapper 1.1.1 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "menu-swapper 1.1.1 Cross-Site.Request.Forgery MEDIUM" "mobile-kiosk No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "magee-shortcodes No.known.fix Contributor+.Stored.XSS.via.shortcode MEDIUM" "magee-shortcodes 2.0.9 Reflected.Cross-Site.Scripting MEDIUM" "migrate-users No.known.fix CSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "modern-addons-elementor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "modern-addons-elementor 1.2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "movie-database No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "morpheus-slider No.known.fix Authenticated.SQL.Injection MEDIUM" "maxgalleria 6.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.maxgallery_thumb.Shortcode MEDIUM" "maxgalleria 6.4.3 Missing.Authorization MEDIUM" "maxgalleria 6.2.7 Author+.Stored.Cross-Site.Scripting MEDIUM" "motopress-hotel-booking 4.8.5 Unauthenticated.Arbitrary.File.Download.&.Deletion CRITICAL" "morkva-ua-shipping 1.0.20 Unauthenticated.Local.File.Inclusion CRITICAL" "modula-best-grid-gallery 2.10.2 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.FancyBox.5.JavaScript.Library MEDIUM" "modula-best-grid-gallery 2.11.11 Author+.Arbitrary.File.Upload HIGH" "modula-best-grid-gallery 2.7.5 Incomplete.Authorization.via.'save_image'.and.'save_images' LOW" "modula-best-grid-gallery 2.6.91 Unauthenticated.Troubleshooting.Settings.Update MEDIUM" "modula-best-grid-gallery 2.6.7 Reflected.Cross-Site.Scripting MEDIUM" "modula-best-grid-gallery 2.2.5 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "marker-io 1.1.9 Cross-Site.Request.Forgery MEDIUM" "marker-io 1.1.7 Cross-Site.Request.Forgery MEDIUM" "mdc-comment-toolbar No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "my-wpdb 2.5 Arbitrary.SQL.Query.via.CSRF MEDIUM" "masterstudy-lms-learning-management-system 3.5.29 Missing.Authorization MEDIUM" "masterstudy-lms-learning-management-system 3.5.29 Contributor+.Local.File.Inclusion HIGH" "masterstudy-lms-learning-management-system 3.3.24 Privilege.Escalation.to.Instructor MEDIUM" "masterstudy-lms-learning-management-system 3.2.13 Missing.Authorization MEDIUM" "masterstudy-lms-learning-management-system 3.2.2 Cross-Site.Request.Forgery MEDIUM" "masterstudy-lms-learning-management-system 3.3.9 Missing.Authorization MEDIUM" "masterstudy-lms-learning-management-system 3.3.4 Unauthenticated.Local.File.Inclusion.via.template CRITICAL" "masterstudy-lms-learning-management-system 3.3.1 Unauthenticated.Local.File.Inclusion.via.modal CRITICAL" "masterstudy-lms-learning-management-system 3.3.2 Unauthenticated.Privilege.Escalation HIGH" "masterstudy-lms-learning-management-system 3.3.0 Missing.Authorization.to.Sensitive.Information.Exposure.in.search_posts MEDIUM" "masterstudy-lms-learning-management-system 3.2.11 Basic.Information.Exposure.via.REST.route MEDIUM" "masterstudy-lms-learning-management-system 3.2.6 Unauthenticated.SQL.Injection CRITICAL" "masterstudy-lms-learning-management-system 3.0.18 Unauthenticated.Instructor.Account.Creation MEDIUM" "masterstudy-lms-learning-management-system 2.8.0 Reflected.Cross-Site.Scripting MEDIUM" "masterstudy-lms-learning-management-system 3.0.9 Contributor+.Stored.XSS MEDIUM" "masterstudy-lms-learning-management-system 3.0.9 Subscriber+.Course.Category.Creation MEDIUM" "masterstudy-lms-learning-management-system 2.7.6 Unauthenticated.Admin.Account.Creation CRITICAL" "mage-forms No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "multi-gallery No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "map-store-location No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "magayo-lottery-results No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mybookprogress No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "mybookprogress No.known.fix Missing.Authorization MEDIUM" "mybookprogress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.book.Parameter MEDIUM" "medma-matix No.known.fix Unauthenticated.Arbitrary.Options.Update CRITICAL" "market-360-viewer No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "most-and-least-read-posts-widget 2.5.21 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "most-and-least-read-posts-widget 2.5.19 Cross-Site.Request.Forgery.via.most_and_least_read_posts_options MEDIUM" "most-and-least-read-posts-widget 2.5.17 Authenticated(Contributor+).SQL.Injection.via.Widget.settings HIGH" "multi-feed-reader No.known.fix Cross-Site.Request.Forgery MEDIUM" "multi-feed-reader 2.2.4 SQL.Injection HIGH" "minical No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "myweather No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "machic-core No.known.fix Reflected.Cross-Site.Scripting HIGH" "mybb-last-topics No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mojoplug-slide-panel No.known.fix Admin+.Stored.XSS LOW" "mini-twitter-feed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "meta-accelerator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mobile-friendly-app-builder-by-easytouch No.known.fix Unauthenticated.File.Upload CRITICAL" "mybooktable 3.5.4 Cross-Site.Request.Forgery MEDIUM" "mybooktable 3.5.0 Stored.XSS.via.CSRF MEDIUM" "mybooktable 3.3.8 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "mybooktable 3.3.5 API.Key.Update.via.CSRF MEDIUM" "member-hero No.known.fix Unauthenticated.RCE CRITICAL" "m-wp-popup No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "m-wp-popup 1.3.1 Unauthenticated.Denial.of.Service HIGH" "mimo-woocommerce-order-tracking No.known.fix Missing.Authorization.to.Limited.Settings.Update MEDIUM" "mimo-woocommerce-order-tracking No.known.fix Missing.Authorization.to.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "motor-racing-league No.known.fix Admin+.XSS LOW" "mortgage-loan-calculator No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mortgage-loan-calculator 1.5.17 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "mapifylite-master 4.0.0 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "metronet-profile-picture 2.6.2 Authenticated.(Author+).Insecure.Direct.Object.Reference.to.Profile.Picture.Update MEDIUM" "metronet-profile-picture 2.6.0 Arbitrary.User.Picture.Change/Deletion.via.IDOR MEDIUM" "metronet-profile-picture 2.5.0 Sensitive.Information.Disclosure MEDIUM" "m-chart 1.10 Contributor+.Stored.XSS MEDIUM" "movylo-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mindmeister-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "multiple-pages-generator-by-porthas 4.0.6 Authenticated.(Editor+).Server-Side.Request.Forgery.via.fileUrl MEDIUM" "multiple-pages-generator-by-porthas 4.0.3 Authenticated.(Editor+).Directory.Traversal.to.Limited.File.Deletion LOW" "multiple-pages-generator-by-porthas 4.0.2 Missing.Authorization MEDIUM" "multiple-pages-generator-by-porthas 3.4.8 Authenticated.(Contributor+).SQL.Injection MEDIUM" "multiple-pages-generator-by-porthas 3.4.1 Cross-Site.Request.Forgery MEDIUM" "multiple-pages-generator-by-porthas 3.4.1 Missing.Authorization.via.mpg_get_log_by_project_id MEDIUM" "multiple-pages-generator-by-porthas 3.4.1 Authenticated.(Editor+).Remote.Code.Execution HIGH" "multiple-pages-generator-by-porthas 3.0.0 Reflected.Cross-Site.Scripting MEDIUM" "multiple-pages-generator-by-porthas 3.3.20 SQL.Injection MEDIUM" "multiple-pages-generator-by-porthas 3.3.18 SQLi.via.CSRF LOW" "multiple-pages-generator-by-porthas 3.3.18 Admin+.SQLi MEDIUM" "multiple-pages-generator-by-porthas 3.3.10 MPG.<.3.3.10.-.Multiple.CSRF MEDIUM" "magic-post-thumbnail 5.2.10 Reflected.Cross-Site.Scripting MEDIUM" "magic-post-thumbnail 5.2.8 Admin+.Stored.XSS LOW" "magic-post-thumbnail 4.1.13 Reflected.Cross-Site.Scripting MEDIUM" "magic-post-thumbnail 4.1.11 Reflected.XSS HIGH" "magic-post-thumbnail 3.3.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "magic-post-thumbnail 3.3.7 Reflected.Cross-Site.Scripting.(XSS) HIGH" "mergado-marketing-pack No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "meks-video-importer 1.0.13 Missing.Authorization.to.Authenticated.(Subscriber+).API.Keys.Modification MEDIUM" "meks-video-importer No.known.fix Missing.Authorization MEDIUM" "multicarousel No.known.fix Unauthenticated.SQL.Injection HIGH" "mailarchiver 2.11.0 Unauthenticated.Stored.XSS HIGH" "misiek-photo-album No.known.fix Stored.XSS.via.CSRF HIGH" "misiek-photo-album No.known.fix Album.Deletion.via.CSRF MEDIUM" "maintenance-and-noindex-nofollow No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mailpoet 5.5.2 Admin+.Stored.XSS LOW" "mailpoet 5.3.2 Admin+.Stored.XSS LOW" "mailpoet 3.23.2 Reflected.Cross-Site.Scripting.Issue HIGH" "member-database No.known.fix Reflected.XSS HIGH" "mesmerize-companion 1.6.149 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.mesmerize_contact_form.Shortcode MEDIUM" "mesmerize-companion 1.6.135 Contributor+.Stored.XSS MEDIUM" "mailchimp-top-bar 1.6.1 Reflected.Cross-Site.Scripting MEDIUM" "maanstore-api No.known.fix Authentication.Bypass CRITICAL" "meeting-scheduler-by-vcita No.known.fix Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "meeting-scheduler-by-vcita 4.5.2 Cross-Site.Request.Forgery MEDIUM" "meeting-scheduler-by-vcita 4.5.2 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "meeting-scheduler-by-vcita 4.5 Reflected.Cross-Site.Scripting MEDIUM" "meeting-scheduler-by-vcita 4.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "meeting-scheduler-by-vcita 4.4.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "meeting-scheduler-by-vcita 4.4.3 Reflected.Cross-Site.Scripting MEDIUM" "meeting-scheduler-by-vcita 4.4.3 Missing.Authorization.to.Unauthenticated.Stored.Cross-Site.Scripting HIGH" "meeting-scheduler-by-vcita 4.4.3 Reflected.Cross-Site.Scripting MEDIUM" "meeting-scheduler-by-vcita 4.3.3 Reflected.XSS HIGH" "meeting-scheduler-by-vcita 4.3.1 Unauthenticated.Stored.Cross-Site.Scripting CRITICAL" "meeting-scheduler-by-vcita 4.3.0 Subscriber+.Denial.of.Service.by.account.logout MEDIUM" "meeting-scheduler-by-vcita 4.5 Subscriber+.Settings.Update.&.Stored.XSS MEDIUM" "meeting-scheduler-by-vcita 4.4.3 Unauthenticated.Stored.XSS CRITICAL" "meeting-scheduler-by-vcita 4.5.2 Denial.of.Service.via.CSRF MEDIUM" "monarch 1.2.7 Privilege.Escalation HIGH" "molie-instructure-canvas-linking-tool No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "molie-instructure-canvas-linking-tool No.known.fix Authenticated.SQL.Injection HIGH" "mashsharer No.known.fix Missing.Authorization MEDIUM" "mashsharer 3.8.7 Contributor+.Stored.XSS MEDIUM" "mashsharer 3.8.5 Admin+.Stored.Cross-Site.Scripting LOW" "magicform No.known.fix WordPress.Form.Builder.<=.1.6.2.-.Missing.Authorization MEDIUM" "magicform No.known.fix Reflected.Cross-Site.Scripting HIGH" "monetag-official No.known.fix Missing.Authorization MEDIUM" "masjidal 1.8.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "multiple-votes-in-one-page No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "multi-column-tag-map 17.0.34 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.mctagmap.Shortcode MEDIUM" "multi-column-tag-map 17.0.27 Cross-Site.Request.Forgery MEDIUM" "multi-column-tag-map 17.0.25 Contributor+.Stored.XSS MEDIUM" "min-and-max-quantity-for-woocommerce 2.1.0 Missing.Authorization MEDIUM" "min-and-max-quantity-for-woocommerce 1.1.1 Reflected.Cross-Site.Scripting MEDIUM" "maan-elementor-addons No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "meintopf No.known.fix Reflected.XSS HIGH" "membership-for-woocommerce 2.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "membership-for-woocommerce 2.1.7 Unauthenticated.Arbitrary.File.Upload CRITICAL" "mailchimp-for-wp 4.9.17 Authenticated.(Administrator+).Stored.Cross-Site.Scripting LOW" "mailchimp-for-wp 4.9.17 4.9.16.-.Reflected.Cross-Site.Scripting HIGH" "mailchimp-for-wp 4.9.10 Unauthenticated.Unpublished.Form.Preview MEDIUM" "mailchimp-for-wp 4.8.7 Admin+.Stored.Cross-Site.Scripting LOW" "mailchimp-for-wp 4.8.7 Admin+.Stored.Cross-Site.Scripting LOW" "mailchimp-for-wp 4.8.5 Unauthorised.Actions.via.CSRF MEDIUM" "mailchimp-for-wp 4.8.5 Authenticated.Arbitrary.Redirect MEDIUM" "mailchimp-for-wp 4.1.7 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "mailchimp-for-wp 4.1.8 XSS MEDIUM" "mangboard 1.8.7 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Board.Header.And.Footer MEDIUM" "mangboard 1.8.5 Reflected.Cross-Site.Scripting MEDIUM" "mangboard 1.8.1 Reflected.Cross-Site.Scripting MEDIUM" "mangboard 1.7.8 Admin+.Stored.XSS LOW" "mangboard 1.8.2 Settings.Update.via.CSRF MEDIUM" "mangboard 1.6.9 SQL.Injection HIGH" "marketing-automation-by-azexo No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "marketing-automation-by-azexo No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "msstiger No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mejorcluster 1.1.16 Contributor+.Stored.XSS MEDIUM" "mpl-publisher 2.18.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mpl-publisher 1.30.4 Self-publish.your.book.&.ebook.<.1.30.4.-.Admin+.Stored.Cross-Site.Scripting LOW" "mpl-publisher 1.29.2 Reflected.Cross-Site.Scripting.via.PHPRelativePath.Library HIGH" "modal-window 6.1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.iframeBox.Shortcode MEDIUM" "modal-window 6.1.5 Cross-Site.Request.Forgery.to.Settings.Ipdate MEDIUM" "modal-window 6.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "modal-window 5.3.10 Modal.Deletion.via.CSRF MEDIUM" "modal-window 5.3.9 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "modal-window 5.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "modal-window 5.2.2 RFI.leading.to.RCE.via.CSRF HIGH" "mobile-dj-manager 1.7.5.3 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "mobile-dj-manager 1.7.6 Reflected.Cross-Site.Scripting MEDIUM" "master-addons 2.0.7.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "master-addons 2.0.7.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "master-addons 2.0.6.8 Free.Widgets,.Hover.Effects,.Toggle,.Conditions,.Animations.for.Elementor.<.2.0.6.8.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Tooltip.Module MEDIUM" "master-addons No.known.fix Author+.Stored.XSS MEDIUM" "master-addons 2.0.6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.data-jltma-wrapper-link.Element MEDIUM" "master-addons 2.0.6.3 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "master-addons 2.0.6.2 Missing.Authorization.to.MA.Template.Creation.or.Modification MEDIUM" "master-addons 2.0.6.2 Missing.Authorization.to.Unauthenticated.Stored.Cross-Site.Scripting.via.Navigation.Menu.Widget HIGH" "master-addons 2.0.5.6 Missing.Authorization.via.get_jltma_save_menuitem_settings() MEDIUM" "master-addons 2.0.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "master-addons 2.0.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "master-addons 2.0.6.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "master-addons 2.0.5.6 Missing.Authorization.on.Duplicate.Post MEDIUM" "master-addons 2.0.5.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Pricing.Table.Widget MEDIUM" "master-addons 2.0.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "master-addons 2.0.4 Contributor+.Stored.XSS MEDIUM" "master-addons 2.0.3 Reflected.Cross-Site.Scripting MEDIUM" "master-addons 1.8.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "master-addons 1.8.2 Reflected.Cross-Site.Scripting MEDIUM" "music-request-manager No.known.fix Reflected.XSS MEDIUM" "music-request-manager No.known.fix Unauthenticated.Stored.XSS MEDIUM" "music-request-manager No.known.fix Stored.XSS.via.CSRF HIGH" "marekkis-watermark No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "meks-themeforest-smart-widget No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "metform 3.9.3 Admin+.SSRF MEDIUM" "metform 3.3.0 Unauthenticated.Double-Extension.Arbitrary.File.Upload HIGH" "metform 3.8.9 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "metform 3.8.4 Missing.Authorization.to.Notice.Dismissal MEDIUM" "metform 3.8.6 Contributor+.Stored.XSS MEDIUM" "metform 3.8.4 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "metform 3.8.2 Cross-Site.Request.Forgery MEDIUM" "metform 3.3.2 Authenticated.(Subscriber+).Information.Disclosure.via.'mf_first_name'.shortcode MEDIUM" "metform 3.3.3 Cross-Site.Request.Forgery MEDIUM" "metform 3.3.1 Multiple.Contributor+.Stored.XSS.via.Shortcode MEDIUM" "metform 3.3.1 Unauthenticated.CSV.Injection HIGH" "metform 3.3.2 Multiple.Subscriber+.Sensitive.Information.Disclosure.Issues MEDIUM" "metform 3.3.2 Unauthenticated.Permalink.Structure.Update MEDIUM" "metform 3.2.2 reCaptcha.Bypass MEDIUM" "metform 3.2.0 Unauthenticated.Stored.XSS HIGH" "metform 2.1.4 Unauthenticated.API.keys.and.Secrets.Disclosure HIGH" "miniorange-otp-verification 4.2.2 Missing.Authorization.via.dismiss_notice MEDIUM" "manage-notification-emails 1.8.6 Missing.Authorization MEDIUM" "manage-notification-emails 1.8.3 Settings.Reset.via.CSRF MEDIUM" "manage-notification-emails 1.8.3 Settings.Reset.via.CSRF MEDIUM" "my-default-post-content No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "mrkwp-footer-for-divi No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mrkwp-footer-for-divi No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "media-library-tools 1.5.0 Author+.Stored.XSS.via.SVG MEDIUM" "multi-scheduler No.known.fix Arbitrary.Record.Deletion.via.CSRF HIGH" "mf-gig-calendar No.known.fix Cross-Site.Request.Forgery MEDIUM" "mf-gig-calendar No.known.fix Arbitrary.Event.Deletion.via.CSRF MEDIUM" "mf-gig-calendar No.known.fix Editor+.Stored.XSS LOW" "mf-gig-calendar No.known.fix Authenticated(Contributor+).SQL.Injection HIGH" "mf-gig-calendar 1.2.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "mf-gig-calendar 1.2 Reflected.Cross-Site.Scripting.(XSS) HIGH" "memberpress 1.12.0 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "memberpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "memberpress 1.11.30 Reflected.Cross-Site.Scripting.via.mepr_screenname.and.mepr_key.Parameters MEDIUM" "memberpress 1.11.35 Missing.Authorization MEDIUM" "memberpress 1.11.30 Authenticated.(Contributor+).Blind.Server-Side.Request.Forgery.via.mepr-user-file.Shortcode HIGH" "memberpress 1.11.30 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.arglist.Parameter MEDIUM" "memberpress 1.11.27 Reflected.Cross-Site.Scripting.via.message.and.error MEDIUM" "mage-eventpress 4.3.7 Contributor+.PHP.Object.Injection MEDIUM" "mage-eventpress 4.3.0 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "mage-eventpress 4.3.0 Missing.Authorization MEDIUM" "mage-eventpress 4.2.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mage-eventpress 4.2.2 Authenticated.(Contributor+).Local.File.Inclusion CRITICAL" "mage-eventpress 4.1.2 Authenticated.(Contributor+).PHP.Object.Injection.in.mep_event_meta_save HIGH" "mage-eventpress 3.9.6 Editor+.Stored.Cross-Site.Scripting MEDIUM" "mage-eventpress 3.8.7 Admin+.Stored.XSS LOW" "mage-eventpress 3.7.8 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "mage-eventpress 3.8.0 Contributor+.Stored.XSS MEDIUM" "mage-eventpress 3.5.8 Contributor+.SQL.Injection HIGH" "mage-eventpress 3.5.3 Unauthenticated.Arbitrary.Options.Reset HIGH" "mage-eventpress 3.5.3 Unauthenticated.Arbitrary.Elementor.Template.Import MEDIUM" "materialis-companion 1.3.42 Authenticated.(Contributor+).Store.Cross-Site.Scripting.via.materialis_contact_form.Shortcode MEDIUM" "materialis-companion 1.3.40 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "media-tags No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "message-ticker No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "message-ticker 9.3 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "moving-media-library 1.23 Authenticated.(Administrator+).Directory.Traversal.to.Arbitrary.File.Deletion MEDIUM" "miniorange-oauth-oidc-single-sign-on 38.4.9 SSO.(OAuth.Client).Premium.<.38.4.9.-.IdP.Deletion.via.CSRF MEDIUM" "miniorange-oauth-oidc-single-sign-on 48.4.9 SSO.(OAuth.Client).Enterprise.<.48.4.9.-.IdP.Deletion.via.CSRF MEDIUM" "miniorange-oauth-oidc-single-sign-on 28.4.9 SSO.(OAuth.Client).Standard.<.28.4.9.-.IdP.Deletion.via.CSRF MEDIUM" "medibazar-core No.known.fix Reflected.Cross-Site.Scripting HIGH" "mailster 4.0.10 Reflected.Cross-Site.Scripting MEDIUM" "mailster 4.0.7 Unauthenticated.Local.File.Inclusion CRITICAL" "mailster 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "mailster 2.4.9 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "mailchimp-forms-by-mailmunch 3.2.4 Reflected.Cross-Site.Scripting MEDIUM" "mailchimp-forms-by-mailmunch 3.2.2 Cross-Site.Request.Forgery MEDIUM" "mailchimp-forms-by-mailmunch 3.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "mailchimp-forms-by-mailmunch 3.1.5 Arbitrary.Actions.via.CSRF MEDIUM" "multilevel-referral-plugin-for-woocommerce No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "multilevel-referral-plugin-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "multilevel-referral-plugin-for-woocommerce 2.23 Reflected.Cross-Site.Scripting MEDIUM" "maxslider 1.2.4 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "manycontacts-bar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "meow-gallery 5.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "meow-gallery 4.2.0 Unauthorised.Arbitrary.Options.Update.via.REST.API HIGH" "meow-gallery 4.1.9 Contributor+.SQL.Injection HIGH" "media-usage No.known.fix Reflected.Cross-Site.Scripting HIGH" "mobile-menu 2.8.5 Missing.Authorization.to._mobmenu_icon.Post.Meta.Modification MEDIUM" "mobile-menu 2.8.4.4 Cross-Site.Request.Forgery MEDIUM" "mobile-menu 2.8.4.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Alt MEDIUM" "mobile-menu 2.8.4 Reflected.Cross-Site.Scripting MEDIUM" "mobile-menu 2.8.2.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mobile-menu 2.8.2.3 Reflected.Cross-Site.Scripting.(XSS) HIGH" "mobile-menu 2.7.3 Subscriber+.Arbitrary.Option.Update CRITICAL" "multiline-files-for-contact-form-7 2.9 Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Deactivation MEDIUM" "mobile-app-builder-by-wappress No.known.fix Unauthenticated.File.Upload CRITICAL" "mendeleyplugin No.known.fix Admin+.Stored.XSS LOW" "mailup-auto-subscribtion 1.2.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mailin 3.1.88 Cross-Site.Request.Forgery MEDIUM" "mailin 3.1.83 Cross-Site.Request.Forgery MEDIUM" "mailin 3.1.78 Reflected.Cross-Site.Scripting MEDIUM" "mailin 3.1.78 Reflected.XSS HIGH" "mailin 3.1.61 Reflected.XSS HIGH" "mailin 3.1.31 Reflected.Cross-Site.Scripting MEDIUM" "mailin 3.1.25 Reflected.XSS HIGH" "manual-image-crop 1.11 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "map-location-picker-at-checkout-for-woocommerce 1.9.0 Missing.Authorization.via.checkout_map_rules_order_ajax_handler MEDIUM" "map-location-picker-at-checkout-for-woocommerce 1.8.5 Reflected.Cross-Site.Scripting MEDIUM" "map-location-picker-at-checkout-for-woocommerce 1.4.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "member-access No.known.fix Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "mediamatic No.known.fix Cross-Site.Request.Forgery MEDIUM" "mediamatic 2.8.1 Subscriber+.SQL.Injection HIGH" "mobilook 1.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mlr-audio No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "microblog-poster No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "microblog-poster 1.6.2 Authenticated.Blind.SQL.Injection HIGH" "mighty-addons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mg-post-contributors No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "marketing-and-seo-booster No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "mimetic-books No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "meks-smart-author-widget 1.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "members-list 4.3.7 Reflected.Cross-Site.Scripting MEDIUM" "mainwp-maintenance-extension 4.1.2 Subscriber+.SQL.Injection.(SQLi) HIGH" "mediavine-control-panel 2.10.7 Unauthenticated.Information.Exposure MEDIUM" "mediavine-control-panel 2.10.5 Contributor+.Stored.XSS MEDIUM" "mmt-eventon-exim-lite 1.1.2 Reflected.Cross-Site.Scripting MEDIUM" "myticket-events No.known.fix Unauthenticated.Limited.File.Read MEDIUM" "memberpress-downloads 1.2.6 Subscriber+.Arbitrary.File.Upload CRITICAL" "mobile-call-now-map-buttons No.known.fix Admin+.Stored.XSS LOW" "mycred-for-elementor 1.2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "multiple-image-uploads-with-preview-for-wpforms No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ms-reviews No.known.fix Subscriber+.Stored.XSS HIGH" "most-popular-posts-widget-lite 0.9 Admin+.SQL.injection MEDIUM" "mainwp-piwik-extension 4.0.5 CSRF MEDIUM" "miniorange-login-with-eve-online-google-facebook 6.26.4 Authentication.Bypass HIGH" "miniorange-login-with-eve-online-google-facebook 6.23.4 Improper.Authentication HIGH" "miniorange-login-with-eve-online-google-facebook 6.24.2 SSO.(OAuth.Client).Free.<.6.24.2.-.IdP.Deletion.via.CSRF MEDIUM" "miniorange-login-with-eve-online-google-facebook 6.24.2 SSO.(OAuth.Client).<.6.24.2.-.IdP.Discard.via.CSRF MEDIUM" "miniorange-login-with-eve-online-google-facebook 6.22.6 Authentication.Bypass CRITICAL" "miniorange-login-with-eve-online-google-facebook 6.20.3 Reflected.Cross-Site.Scripting.via.appId HIGH" "myagileprivacy 2.1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.vis.Shortcode MEDIUM" "mailhawk 1.3.2 Unauthenticated.Local.File.Inclusion CRITICAL" "miniorange-google-authenticator 1.0.5 CSRF.to.Stored.Cross-Site.Scripting MEDIUM" "miniorange-google-authenticator 1.0.8 Admin+.Stored.Cross-Site.Scripting LOW" "modern-footnotes 1.4.17 Contributor+.Stored.XSS MEDIUM" "modern-footnotes 1.4.16 Admin+.Stored.XSS LOW" "metorik-helper 1.7.2 Cross-Site.Request.Forgery MEDIUM" "multiple-admin-emails No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "minimum-password-strength No.known.fix Cross-Site.Request.Forgery MEDIUM" "modern-events-calendar-lite 7.13.0 Subscriber+.Server.Side.Request.Forgery HIGH" "modern-events-calendar-lite 7.12.0 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "modern-events-calendar-lite 7.1.0 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "modern-events-calendar-lite 6.5.2 Admin+.Stored.XSS LOW" "modern-events-calendar-lite 6.3.0 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "modern-events-calendar-lite 6.5.2 Admin+.Stored.Cross-Site.Scripting LOW" "modern-events-calendar-lite 6.4.7 Reflected.Cross-Site.Scripting MEDIUM" "modern-events-calendar-lite 6.4.0 Contributor+.Stored.Cross.Site.Scripting MEDIUM" "modern-events-calendar-lite 6.2.0 Subscriber+.Category.Add.Leading.to.Stored.XSS MEDIUM" "modern-events-calendar-lite 6.1.5 Reflected.Cross-Site.Scripting HIGH" "modern-events-calendar-lite 6.1.5 Unauthenticated.Blind.SQL.Injection HIGH" "modern-events-calendar-lite 5.22.3 Authenticated.Stored.Cross.Site.Scripting LOW" "modern-events-calendar-lite 5.22.2 Admin+.Stored.Cross-Site.Scripting LOW" "modern-events-calendar-lite 5.16.6 Authenticated.SQL.Injection CRITICAL" "modern-events-calendar-lite 5.16.5 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "modern-events-calendar-lite 5.16.5 Authenticated.Arbitrary.File.Upload.leading.to.RCE CRITICAL" "modern-events-calendar-lite 5.16.5 Unauthenticated.Events.Export MEDIUM" "modern-events-calendar-lite 5.1.7 Multiple.Subscriber+.Stored.XSS MEDIUM" "mainwp-child-reports 2.2.1 Cross-Site.Request.Forgery.to.Arbitrary.Options.Update HIGH" "mainwp-child-reports 2.2 Cross-Site.Request.Forgery MEDIUM" "mainwp-child-reports 2.0.8 Admin+.SQL.Injection MEDIUM" "my-contador-wp 2.1 Missing.Authorization.to.Unauthenticated.User.Registration.CSV.Export MEDIUM" "media-mirror No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "machform-shortcode 1.5.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "marketo-forms-and-tracking No.known.fix CSRF.to.XSS HIGH" "maxi-blocks 1.9.3 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "mancx-askme-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mailtree-log-mail 1.0.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "multipurpose-block 1.7.6 Reflected.Cross-Site.Scripting MEDIUM" "multipurpose-block 1.7.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mediabay-lite No.known.fix Missing.Authorization.via.AJAC.actions MEDIUM" "mediabay-lite No.known.fix Editor+.Stored.XSS MEDIUM" "meta-store-elements No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "more-link-modifier No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mailclient No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "maintenance-page 1.0.9 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "maintenance-page 1.0.9 Security.Mechanism.Bypass.via.REST.API MEDIUM" "mj-update-history No.known.fix Missing.Authorization MEDIUM" "mj-update-history No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "menukaart 1.4 Reflected.Cross-Site.Scripting MEDIUM" "mail-picker 1.0.15 Unauthenticated.PHP.Object.Injection CRITICAL" "mail-picker No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "magazine-blocks 1.3.21 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "magazine-blocks 1.3.18 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "magazine-blocks 1.3.15 Reflected.Cross-Site.Scripting MEDIUM" "magazine-blocks 1.3.7 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "membership-simplified-for-oap-members-only No.known.fix Unauthenticated.Arbitrary.File.Download CRITICAL" "meks-flexible-shortcodes 1.3.5 Contributor+.Stored.XSS MEDIUM" "magic-the-gathering-card-tooltips 3.6.0 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "magic-the-gathering-card-tooltips 3.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mixcloud-embed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "masy-gallery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mins-to-read No.known.fix Cross-Site.Request.Forgery..to.Stored.Cross-Site.Scripting MEDIUM" "make-paths-relative No.known.fix Settings.Update.via.CSRF MEDIUM" "map-contact No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "my-favorite-cars No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "miniorange-openid-connect-client 2.1.5 Reflected.Cross-Site.Scripting.via.appId HIGH" "maz-loader 1.4.1 Arbitrary.Loader.Deletion.via.CSRF MEDIUM" "maz-loader 1.3.3 Contributor+.SQL.Injection HIGH" "my-auctions-allegro-free-edition No.known.fix Cross-Site.Request.Forgery MEDIUM" "my-auctions-allegro-free-edition No.known.fix Contributor+.SQLi MEDIUM" "my-auctions-allegro-free-edition 3.6.19 Reflected.Cross-Site.Scripting MEDIUM" "my-auctions-allegro-free-edition 3.6.18 Reflected.Cross-Site.Scripting MEDIUM" "maintenance-notice 1.0.7 Settings.Reset.via.CSRF MEDIUM" "mobilize No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mapsvg 6.2.20 Unauthenticated.SQLi HIGH" "meinturnierplande-widget-viewer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "multiple-roles 1.3.2 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "multiple-roles 1.3.2 Cross-Site.Request.Forgery MEDIUM" "my-marginalia No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "menu-items-visibility-control No.known.fix Admin+.Arbitrary.PHP.Code.Execution MEDIUM" "mwb-point-of-sale-pos-for-woocommerce 1.0.1 CSRF.Bypass./.Unauthorised.AJAX.Call MEDIUM" "mynx-page-builder No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "mapsvg-lite-interactive-vector-maps No.known.fix Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "mapsvg-lite-interactive-vector-maps No.known.fix Missing.Authorization MEDIUM" "mapsvg-lite-interactive-vector-maps No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mapsvg-lite-interactive-vector-maps 3.3.0 Cross-Site.Request.Forgery.(CSRF) HIGH" "mautic-integration-for-woocommerce 1.0.3 Arbitrary.Options.Update.via.CSRF HIGH" "mm-breaking-news No.known.fix Stored.XSS.via.CSRF HIGH" "mm-breaking-news No.known.fix Reflected.XSS MEDIUM" "muslim-prayer-time-bd 2.5 Settings.Reset.via.CSRF MEDIUM" "menu-item-scheduler No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "newsmanapp 2.7.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "new-image-gallery 1.4.6 Missing.Authorization MEDIUM" "newsletter2go No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Style.Reset MEDIUM" "newsletter2go No.known.fix Authenticated(Subscriber+).Stored.Cross-Site.Scripting.via.style MEDIUM" "nktagcloud No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "nextend-social-login-pro 3.1.17 Authentication.Bypass.via.Apple.OAuth.provider CRITICAL" "nextend-social-login-pro 3.1.15 Authentication.Bypass CRITICAL" "new-video-gallery 1.5.4 Missing.Authorization MEDIUM" "new-order-notification-for-woocommerce No.known.fix Missing.Authorization MEDIUM" "notice-board No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "nativery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "new-royalslider 3.4.3 Reflected.Cross-Site.Scripting MEDIUM" "neon-product-designer-for-woocommerce No.known.fix Unauthenticated.SQL.Injection HIGH" "neon-product-designer-for-woocommerce No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "nex-forms-express-wp-form-builder 8.9.2 Authenticated.(Custom).Limited.Code.Execution.via.get_table_records.Function MEDIUM" "nex-forms-express-wp-form-builder 8.9.2 Authenticated.(Custom).Stored.Cross-Site.Scripting MEDIUM" "nex-forms-express-wp-form-builder 8.8.2 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "nex-forms-express-wp-form-builder 8.7.16 Authenticated.(Admin+).SQL.Injection MEDIUM" "nex-forms-express-wp-form-builder 8.7.9 Authenticated.(Administrator+).SQL.Injection MEDIUM" "nex-forms-express-wp-form-builder 8.7.4 Reflected.Cross-Site.Scripting MEDIUM" "nex-forms-express-wp-form-builder 8.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nex-forms-express-wp-form-builder 8.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "nex-forms-express-wp-form-builder 8.5.7 Missing.Authorization.via.restore_records() MEDIUM" "nex-forms-express-wp-form-builder 8.5.7 Missing.Authorization.via.set_read() MEDIUM" "nex-forms-express-wp-form-builder 8.5.7 Missing.Authorization.via.set_starred() MEDIUM" "nex-forms-express-wp-form-builder 8.5.5 Cross-Site.Request.Forgery MEDIUM" "nex-forms-express-wp-form-builder 8.5.6 Authenticated.(Admin+).SQL.Injection MEDIUM" "nex-forms-express-wp-form-builder 8.4.4 Authenticated.Stored.XSS LOW" "nex-forms-express-wp-form-builder 8.4 Admin+.SQL.Injection MEDIUM" "nex-forms-express-wp-form-builder 8.3.3 Contributor+.Stored.XSS MEDIUM" "nex-forms-express-wp-form-builder 7.9.7 Authenticated.SQLi MEDIUM" "nex-forms-express-wp-form-builder 8.4.3 Stored.Cross-Site.Scripting.via.CSRF HIGH" "nex-forms-express-wp-form-builder 7.8 Subscriber+.Unauthorised.AJAX.Calls MEDIUM" "nex-forms-express-wp-form-builder 4.6.1 Unauthenticated.Blind.SQL.Injection CRITICAL" "netgsm 2.9.33 Missing.Authorization MEDIUM" "netgsm 2.9.1 Reflected.Cross-Site.Scripting MEDIUM" "new-photo-gallery 1.4.3 Contributor+.PHP.Object.Injection.via.Shortcode MEDIUM" "nextgen-gallery-sell-photo No.known.fix Authenticated.Stored.Cross-Site.Scripting LOW" "no-update-nag No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "nichetable 2.8.0 Reflected.Cross-Site.Scripting MEDIUM" "nichetable 2.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "nearby-locations No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "nextcellent-gallery-nextgen-legacy No.known.fix Admin+.Stored.XSS LOW" "nirweb-support No.known.fix Missing.Authorization MEDIUM" "nirweb-support 2.8.2 Unauthenticated.SQLi HIGH" "notices No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ns-coupon-to-become-customer No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "nokaut-offers-box No.known.fix Plugin.Reset.via.CSRF MEDIUM" "nokaut-offers-box No.known.fix Admin+.Stored.XSS LOW" "news-announcement-scroll 9.1.0 .Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "news-announcement-scroll 9.0.0 Admin+.Stored.XSS LOW" "nc-wishlist-for-woocommerce No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "nicebackgrounds No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "new-album-gallery 1.6.4 Authenticated.(Editor+).PHP.Object.Injection.via.Gallery.Meta HIGH" "new-album-gallery 1.5.8 Missing.Authorization MEDIUM" "new-album-gallery 1.5.0 Cross-Site.Request.Forgery MEDIUM" "new-year-firework No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "nd-projects No.known.fix Contributor+.Stored.XSS MEDIUM" "nd-projects No.known.fix Contributor+.Stored.XSS MEDIUM" "nd-projects No.known.fix Authenticated.Local.File.Inclusion MEDIUM" "nd-projects 1.6 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "nd-learning 5.0 Admin+.Stored.Cross-Site.Scripting LOW" "nd-learning 4.8 Unauthenticated.Options.Change MEDIUM" "ns-simple-intro-loader No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "naver-map No.known.fix Contributor+.Stored.XSS MEDIUM" "nofollow-links 1.0.11 Cross-Site.Scripting.(XSS) MEDIUM" "no-bot-registration 2.0 Cross-Site.Request.Forgery MEDIUM" "name-directory 1.30.1 Missing.Authorization MEDIUM" "name-directory 1.29.1 Reflected.Cross-Site.Scripting MEDIUM" "name-directory 1.27.2 Settings.Update.via.CSRF MEDIUM" "name-directory 1.25.5 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "name-directory 1.25.4 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "name-directory 1.25.3 Reflected.Cross-Site.Scripting MEDIUM" "name-directory 1.25.4 Arbitrary.Directory/Name.Deletion.via.CSRF MEDIUM" "name-directory 1.18 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "nanosupport No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "nanosupport No.known.fix Missing.Authorization MEDIUM" "newspack-newsletters 2.13.3 Missing.Authorization MEDIUM" "newspack-newsletters 2.13.3 Cross-Site.Request.Forgery MEDIUM" "notificationx 3.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "notificationx 2.9.4 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "notificationx 2.8.3 Unauthenticated.SQL.Injection CRITICAL" "notificationx 2.3.12 Unauthenticated.SQLi HIGH" "notificationx 2.3.9 Unauthenticated.Blind.SQL.Injection HIGH" "notificationx 1.8.3 Cross-Site.Request.Forgery MEDIUM" "notificationx 1.8.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "newsletter-manager No.known.fix Unauthenticated.Insecure.Deserialisation HIGH" "newsletter-manager 1.5 Unauthenticated.Open.Redirect MEDIUM" "newsletter-manager 1.0.2 Authenticated.Reflected.Cross.Site.Scripting HIGH" "newsletter-manager 1.0.2 Cross-Site.Request.Forgery MEDIUM" "nepali-date-utilities No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ns-facebook-pixel-for-wp No.known.fix Admin+.Stored.XSS LOW" "nofollow-free No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "nite-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "news-ticker-for-elementor No.known.fix Missing.Authorization MEDIUM" "newsticker No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "notifikacie-sk No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "newsletter-by-supsystic No.known.fix Authenticated.SQL.Injection CRITICAL" "newsletter-by-supsystic 1.1.8 Authenticated.Stored.XSS.&.CSRF HIGH" "n5-uploadform No.known.fix Unauthenticated.Arbitrary.File.Upload.to.RCE CRITICAL" "no-api-amazon-affiliate 4.4.0 Admin+.Stored.XSS LOW" "ns-woocommerce-watermark No.known.fix Abuse.of.Functionality MEDIUM" "ntzantispam No.known.fix Settings.Update.via.CSRF HIGH" "ni-woo-sales-commission No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Commission.Update MEDIUM" "n-media-woocommerce-checkout-fields 18.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "noo-timetable No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "noo-timetable No.known.fix Cross-Site.Request.Forgery MEDIUM" "new-adman No.known.fix Admin+.Stored.XSS LOW" "new-adman No.known.fix Settings.Update.via.CSRF MEDIUM" "newspack-content-converter 1.0.0 Missing.Authorization MEDIUM" "ninja-forms-uploads 3.3.18 Unauthenticated.Stored.Cross-Site.Scripting.via.File.Upload HIGH" "ninja-forms-uploads 3.3.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "ninja-forms-uploads 3.3.13 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "ninja-forms-uploads 3.0.23 Unauthenticated.Arbitrary.File.Upload HIGH" "nelio-content 3.2.1 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "nafeza-prayer-time No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "news-wall No.known.fix Cross-Site.Request.Forgery.to.Plugin.Settings.Update MEDIUM" "nd-donations No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "nd-donations No.known.fix Unauthenticated.SQLi HIGH" "nd-donations 1.4 Unauthenticated.Options.Change MEDIUM" "nhrrob-options-table-manager 1.1.3 Authenticated.(Admin+).PHP.Object.Injection HIGH" "n-media-wp-simple-quiz No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "news-kit-elementor-addons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "news-kit-elementor-addons No.known.fix Contributor+.Stored.XSS MEDIUM" "news-kit-elementor-addons 1.2.2 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Canvas.Menu.Elementor.Template MEDIUM" "notification-plus No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "netforum-directory-with-importer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "netforum-directory-with-importer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "nias-course No.known.fix Contributor+.Stored.XSS MEDIUM" "ninjateam-telegram 1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nix-anti-spam-light No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "next-page No.known.fix Admin+.Stored.XSS LOW" "no-disposable-email No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "newsplugin 1.1.0 CSRF.to.Stored.Cross-Site.Scripting HIGH" "newsletter-page-redirects No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "ni-woocommerce-custom-order-status 1.9.7 Subscriber+.SQL.Injection HIGH" "navigation-tree-elementor No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "nblocks No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "nopeamedia No.known.fix Cross-Site.Request.Forgery MEDIUM" "nopeamedia 1.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "newsletter-subscriptions No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "nino-social-connect No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "nmr-strava-activities 1.0.8 Contributor+.Stored.XSS MEDIUM" "nofollow-jquery-links 1.5.2 Reflected.Cross-Site.Scripting MEDIUM" "nofollow-jquery-links 1.4.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "news-element No.known.fix Contributor+.Stored.XSS MEDIUM" "news-element 1.0.6 Unauthenticated.LFI HIGH" "ni-woocommerce-sales-report-email No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "neshan-maps No.known.fix Admin+.SQLi MEDIUM" "noted-pro No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "noted-pro No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "nd-travel No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "nd-travel 1.7 Unauthenticated.Options.Change MEDIUM" "navz-photo-gallery 2.7 Missing.Authorization MEDIUM" "navz-photo-gallery 2.0 Subscriber+.UserMeta.Update MEDIUM" "navz-photo-gallery 1.7.5 Reflected.Cross-Site.Scripting MEDIUM" "note-press No.known.fix Admin+.SQLi.via.Update MEDIUM" "note-press No.known.fix Admin+.SQLi.via.id MEDIUM" "note-press No.known.fix Admin+.SQLi.via.Bulk.Actions MEDIUM" "note-press 0.1.2 SQL.Injection CRITICAL" "network-summary No.known.fix Unauthenticated.SQL.Injection CRITICAL" "newspack-popups 2.31.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nemesis-all-in-one No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "navigation-du-lapin-blanc No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nooz 1.7.0 Admin+.Stored.XSS LOW" "ninja-page-categories-and-tags No.known.fix Admin+.Stored.XSS LOW" "notify-odoo 1.0.1 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "nd-restaurant-reservations No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nd-restaurant-reservations 2.0 Directory.Traversal.to.Authenticated.(Contributor+).Local.File.Inclusion HIGH" "nd-restaurant-reservations 1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nd-restaurant-reservations 1.5 Unauthenticated.Options.Change CRITICAL" "ngg-smart-image-search 3.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "neon-text 1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "newsboard No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "night-mode 1.4.0 Admin+.Stored.Cross-Site.Scripting LOW" "nd-shortcodes 7.6 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "nd-shortcodes 7.0 Contributor+.Stored.XSS.via.Shortcodes MEDIUM" "nd-shortcodes 7.0 Subscriber+.LFI HIGH" "nd-shortcodes 6.0 Unauthenticated.WP.Options.Update MEDIUM" "nd-booking 3.7 Unauthenticated.Local.File.Inclusion CRITICAL" "nd-booking 3.3 Contributor+.Stored.XSS MEDIUM" "nd-booking 2.5 Unauthenticated.Options.Change MEDIUM" "nexus No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "nexus No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "nexus No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "ninjafirewall 4.3.4 Authenticated.(admin+).PHAR.Deserialization LOW" "ninja-forms 3.10.1 Admin+.Stored.XSS LOW" "ninja-forms 3.10.1 Admin+.Stored.XSS LOW" "ninja-forms 3.10.1 Admin+.Stored.XSS LOW" "ninja-forms 3.8.25 Contributor+.Stored.XSS MEDIUM" "ninja-forms 3.8.23 Subscriber+.Arbitrary.Shortcode.Execution MEDIUM" "ninja-forms 3.8.20 Unauthenticated.Stored.XSS.via.Form.Calculations HIGH" "ninja-forms 3.8.18 Admin+.Stored.XSS LOW" "ninja-forms 3.8.18 Admin+.Stored.XSS LOW" "ninja-forms 3.8.16 Reflected.Self-Based.Cross-Site.Scripting.via.Referer MEDIUM" "ninja-forms 3.8.12 Administrator+.Stored.Cross-Site.Scripting MEDIUM" "ninja-forms 3.8.11 Reflected.XSS HIGH" "ninja-forms 3.8.7 Cross-Site.Request.Forgery MEDIUM" "ninja-forms 3.8.5 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "ninja-forms 3.8.1 Admin+.Stored.Cross-Site.Scripting MEDIUM" "ninja-forms 3.8.1 Publicly.Accessible.Form.Submission.Export.via.CSRF MEDIUM" "ninja-forms 3.8.1 Author+.Stored.XSS LOW" "ninja-forms 3.7.2 Unauthenticated.Second.Order.SQL.Injection MEDIUM" "ninja-forms 3.6.34 Admin+.Stored.XSS NONE" "ninja-forms 3.6.26 Admin+.Stored.HTML.Injection NONE" "ninja-forms 3.6.26 Contributor+.Form.Entries.Export MEDIUM" "ninja-forms 3.6.26 Subscriber+.Form.Entries.Export MEDIUM" "ninja-forms 3.6.26 Reflected.Cross-Site.Scripting HIGH" "ninja-forms 3.6.25 Admin+.Arbitrary.File.Deletion LOW" "ninja-forms 3.6.22 Reflected.XSS HIGH" "ninja-forms 3.6.13 Admin+.PHP.Objection.Injection MEDIUM" "ninja-forms 3.6.11 Unauthenticated.PHP.Object.Injection CRITICAL" "ninja-forms 3.6.10 Admin+.Stored.Cross-Site.Scripting LOW" "ninja-forms 3.6.10 Admin+.Stored.Cross-Site.Scripting.via.Import LOW" "ninja-forms 3.6.8-wp Unauthenticated.Email.Address.Disclosure MEDIUM" "ninja-forms 3.6.4 Admin+.SQL.Injection MEDIUM" "ninja-forms 3.5.8.2 Admin+.Stored.Cross-Site.Scripting LOW" "ninja-forms 3.5.8 Unprotected.REST-API.to.Sensitive.Information.Disclosure MEDIUM" "ninja-forms 3.5.8 Unprotected.REST-API.to.Email.Injection MEDIUM" "ninja-forms 3.5.5 Reflected.Cross-Site.Scripting MEDIUM" "ninja-forms 3.4.34.1 Authenticated.OAuth.Connection.Key.Disclosure HIGH" "ninja-forms 3.4.34 CSRF.to.OAuth.Service.Disconnection MEDIUM" "ninja-forms 3.4.34 Authenticated.SendWP.Plugin.Installation.and.Client.Secret.Key.Disclosure CRITICAL" "ninja-forms 3.4.34 Administrator.Open.Redirect MEDIUM" "ninja-forms 3.4.27.1 CSRF.leading.to.Arbitrary.Plugin.Installation HIGH" "ninja-forms 3.4.27.1 Validation.Bypass.via.Email.Field MEDIUM" "ninja-forms 3.4.28 Stored.Cross-Site.Scripting MEDIUM" "ninja-forms 3.4.24.2 CSRF.to.Stored.XSS HIGH" "ninja-forms 3.4.23 CSRF.to.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "ninja-forms 3.3.21.3 XSS.and.SQLi CRITICAL" "ninja-forms 3.3.21.2 SQL.Injection MEDIUM" "ninja-forms 3.3.19.1 Authenticated.Open.Redirect MEDIUM" "ninja-forms 3.3.18 Unauthenticated.Cross-Site.Scripting.(XSS) HIGH" "ninja-forms 3.3.14 Cross-Site.Scripting.(XSS).in.Import.Function CRITICAL" "ninja-forms 3.3.14 CSV.Injection HIGH" "ninja-forms 3.3.9 Insufficient.Restrictions.during.Export.Personal.Data.requests MEDIUM" "ninja-forms 3.2.15 Parameter.Tampering MEDIUM" "ninja-forms 3.2.14 Cross-Site.Scripting.(XSS) CRITICAL" "nimble-builder 3.2.2 Reflected.Cross-Site.Scripting MEDIUM" "news-articles No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "newsletter-image-generator No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "nabz-image-gallery No.known.fix Unauthenticated.SQL.Injection CRITICAL" "narnoo-commerce-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "news-list No.known.fix Reflected.XSS HIGH" "ni-woocommerce-sales-report 3.7.4 Subscriber+.Sale.&.Order.Reports.Access MEDIUM" "nextgen-gallery-pro 3.1.11 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "notice-board-by-towkir No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nmedia-user-file-uploader 22.8 Sensitive.Information.Exposure.via.user.uploads MEDIUM" "nmedia-user-file-uploader 22.7 Editor+.Arbitrary.File.Download HIGH" "nmedia-user-file-uploader 21.4 File.Upload.via.CSRF MEDIUM" "nmedia-user-file-uploader 21.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "nmedia-user-file-uploader 21.3 Subscriber+.Arbitrary.File.Upload CRITICAL" "nmedia-user-file-uploader 21.3 Unauthenticated.File.Renaming CRITICAL" "nmedia-user-file-uploader 18.3 Unauthenticated.Post.Meta.Change.to.Arbitrary.File.Download HIGH" "nmedia-user-file-uploader 18.3 Unauthenticated.Content.Injection.and.Stored.XSS HIGH" "nmedia-user-file-uploader 18.3 Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "nmedia-user-file-uploader 18.3 Unauthenticated.HTML.Injection MEDIUM" "nmedia-user-file-uploader 18.3 Privilege.Escalation MEDIUM" "nmedia-user-file-uploader 18.3 Authenticated.Arbitrary.Settings.Change.to.Arbitrary.File.Upload CRITICAL" "news-magazine-and-blog-elements No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "navigation-menu-as-dropdown-widget 1.3.5 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "nugget-by-ingot No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "nugget-by-ingot No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "nlinks No.known.fix Authenticated.SQL.Injection HIGH" "nautic-pages No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "novelist 1.2.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "novelist 1.2.3 Cross-Site.Request.Forgery MEDIUM" "novelist 1.2.1 Admin+.Stored.XSS MEDIUM" "newpost-catch 1.3.20 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.npc.Shortcode MEDIUM" "navayan-csv-export No.known.fix Unauthenticated.SQL.Injection CRITICAL" "newsletter-optin-box 3.4.3 Missing.Authorization.to.Unauthenticated.Form.Submission MEDIUM" "newsletter-optin-box 1.6.5 Open.Redirect MEDIUM" "nextgen-gallery 3.59.9 Admin+.Stored.XSS LOW" "nextgen-gallery 3.59.5 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "nextgen-gallery 3.59.5 Admin+.Stored.XSS LOW" "nextgen-gallery 3.59.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "nextgen-gallery 3.59.3 Admin+.Stored.XSS LOW" "nextgen-gallery 3.59.1 Admin+.Stored.XSS LOW" "nextgen-gallery 3.59.1 Missing.Authorization.to.Unauthenticated.Information.Disclosure MEDIUM" "nextgen-gallery 3.39 Admin+.Arbitrary.File.Read.and.Delete MEDIUM" "nextgen-gallery 3.39 Admin+.PHAR.Deserialization HIGH" "nextgen-gallery 3.39 Admin+.Local.File.Inclusion MEDIUM" "nextgen-gallery 3.3.10 Reflected.Cross-Site.Scripting MEDIUM" "nextgen-gallery 3.29 Thumbnail.Deletion.via.CSRF MEDIUM" "nextgen-gallery 3.5.0 CSRF.allows.File.Upload,.Stored.XSS,.and.RCE CRITICAL" "nextgen-gallery 3.5.0 CSRF.allows.File.Upload HIGH" "nextgen-gallery 3.2.11 SQL.Injection CRITICAL" "nextgen-gallery 3.1.7 Subscriber+.Arbitrary.Option.Update CRITICAL" "nextgen-gallery 3.1.6 Authenticated.PHP.Object.Injection HIGH" "nextgen-gallery 2.2.50 Galley.Paths.Not.Secured HIGH" "nextgen-gallery 2.2.45 Cross-Site.Scripting.(XSS) MEDIUM" "nextgen-gallery 2.1.79 Unauthenticated.SQL.Injection HIGH" "nextgen-gallery 2.1.57 Authenticated.Local.File.Inclusion.(LFI).&.SQLi CRITICAL" "nextgen-gallery 2.1.15 Unrestricted.File.Upload HIGH" "nextgen-gallery 2.1.10 Multiple.XSS MEDIUM" "nextgen-gallery 2.1.9 Authenticated.Path.Traversal MEDIUM" "nextgen-gallery 2.1.15 Path.Traversal MEDIUM" "nextgen-gallery 2.0.77.3 CSRF.&.Arbitrary.File.Upload HIGH" "nextgen-gallery 2.0.0 Full.Path.Disclosure HIGH" "nextgen-gallery 2.0.0 gallerypath.Parameter.Stored.XSS CRITICAL" "nurelm-get-posts No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nm-visitors No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.via.HTTP.Header HIGH" "nepali-post-date No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nimbata-call-tracking No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "newspack-blocks 3.0.9 Authenticated.(Contributor+).Arbitrary.File.Upload CRITICAL" "newspack-blocks 3.0.9 Missing.Authorization MEDIUM" "newspack-blocks 3.0.9 Authenticated.(Contributor+).Arbitrary.Directory.Deletion MEDIUM" "newspack-blocks 3.0.9 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "nmedia-mailchimp-widget No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "nowpayments-for-woocommerce 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "nelio-ab-testing 4.6.4 CSRF HIGH" "nelio-ab-testing 4.5.11 SSRF CRITICAL" "nelio-ab-testing 4.5.9 Server.Side.Request.Forgery.(SSRF) CRITICAL" "nelio-ab-testing 4.5.0 Path.Traversal MEDIUM" "nv-slider No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "nv-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "naver-blog-api No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "newsletter-api 2.4.6 API.v1.and.v2.addon.for.Newsletter.<.2.4.6.-.Missing.Authorization.to.Email.Subscribers.Management MEDIUM" "nova-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nova-blocks 2.1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.align.Attribute MEDIUM" "namaste-lms No.known.fix Cross-Site.Request.Forgery MEDIUM" "namaste-lms 2.6.5 Cross-Site.Request.Forgery MEDIUM" "namaste-lms 2.6.4 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "namaste-lms 2.6.3 Authenticated.(Student+).Stored.Cross-Site.Scripting MEDIUM" "namaste-lms 2.6.4.1 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "namaste-lms 2.6.3 Reflected.Cross-Site.Scripting MEDIUM" "namaste-lms 2.6.1.2 Reflected.Cross-Site.Scripting MEDIUM" "namaste-lms 2.6 Admin+.Stored.XSS LOW" "namaste-lms 2.5.9.4 Admin+.Stored.XSS LOW" "namaste-lms 2.5.9.2 Admin+.Stored.XSS LOW" "notibar 2.1.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "notibar 2.1.5 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution.via.njt_nofi_text MEDIUM" "notibar 2.1.5 Missing.Authorization.via.ajax_install_plugin MEDIUM" "ninjalibs-ses No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "nd-elements 2.2 Authenticated.(Contributor+).Local.File.Inclusion.via.Multiple.Widget.Attributes HIGH" "newsletter 8.7.1 Admin+.Stored.XSS LOW" "newsletter 8.3.5 Unauthenticated.Stored.Cross-Site.Scripting.via.np1 MEDIUM" "newsletter 8.2.1 IP.Spoofing MEDIUM" "newsletter 7.9.0 Contributor+.Stored.XSS MEDIUM" "newsletter 7.6.9 Reflected.XSS HIGH" "newsletter 7.4.6 Admin+.Stored.Cross-Site.Scripting LOW" "newsletter 7.4.5 Reflected.Cross-Site.Scripting LOW" "newsletter 6.8.2 Authenticated.PHP.Object.Injection MEDIUM" "newsletter 6.8.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "newsletter 6.7.7 Authenticated.Stored.Cross-Site.Scripting LOW" "newsletter 6.5.4 CSV.Injection LOW" "newsletter 3.8.3 Open.Redirect LOW" "newsletter 3.2.7 Cross-Site.Scripting.(XSS) MEDIUM" "newsletter 3.0.9 SQL.Injection MEDIUM" "naver-analytics No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "noveldesign-store-directory No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "ni-crm-lead No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ni-crm-lead No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "news-ticker-widget-for-elementor 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "narnoo-distributor No.known.fix Unauthenticated.LFI.to.Arbitrary.File.Read./.RCE HIGH" "newsletter-bulk-email No.known.fix Contributor+.Stored.XSS MEDIUM" "network-favorites No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "nextgen-cooliris-gallery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nudgify 1.3.4 Cross-Site.Request.Forgery.via.sync_orders_manually() MEDIUM" "nexter-extension 2.0.4 Reflected.XSS HIGH" "nexter-extension 2.0.4 Authenticated(Editor+).Remote.Code.Execution.via.metabox HIGH" "nitek-carousel-cool-transitions No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "nitek-carousel-cool-transitions No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "nitek-carousel-cool-transitions No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "nertworks-all-in-one-social-share-tools No.known.fix Cross-Site.Request.Forgery MEDIUM" "nextend-facebook-connect 3.1.13 Reflected.Self-Based.Cross-Site.Scripting.via.error_description MEDIUM" "nuajik-cdn No.known.fix Admin+.Stored.XSS LOW" "notifier 2.6.1 Admin+.Stored.XSS LOW" "nextgen-gallery-voting No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "neuvoo-jobroll No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "ni-woocommerce-order-export No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "notice-faq No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ninja-job-board 1.3.3 Resume.Disclosure.via.Directory.Listing MEDIUM" "ninja-beaver-lite-addons-for-beaver-builder No.known.fix .Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Widgets MEDIUM" "new-user-email-set-up No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "nepali-date-converter 3.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nextend-smart-slider3-pro 3.5.0.9 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "nimble-portfolio No.known.fix Unauthenticated.Server-Side.Request.Forgery CRITICAL" "nova-poshta-ttn 1.19.7 Unauthenticated.SQL.Injection HIGH" "nova-poshta-ttn 1.7.49 Reflected.Cross-Site.Scripting MEDIUM" "next-order-coupon-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "next-order-coupon-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "next-order-coupon-woocommerce No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "nitropack 1.17.6 Subscriber+.Limited.Options.Update HIGH" "nitropack 1.17.6 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Transient.Update MEDIUM" "nitropack 1.16.8 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "nitropack 1.10.3 Multiple.CSRF MEDIUM" "nitropack 1.10.0 Missing.Authorization.via.multiple.AJAX.functions MEDIUM" "ni-woocommerce-product-enquiry No.known.fix Missing.Authorization MEDIUM" "no-future-posts No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "newstatpress 1.3.6 Reflected.Cross-Site.Scripting MEDIUM" "newstatpress 1.2.5 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "newstatpress 1.0.6 SQL.Injection CRITICAL" "newstatpress 1.0.6 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "newstatpress 1.0.4 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "newstatpress 1.0.1 SQL.Injection CRITICAL" "newspack-ads 1.47.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "new-contact-form-widget 1.4.3 Cross-Site.Request.Forgery MEDIUM" "new-contact-form-widget 1.4.0 Sensitive.Information.Exposure MEDIUM" "noakes-menu-manager 3.2.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "netreviews 2.3.15 Admin+.Stored.XSS LOW" "novo-map No.known.fix CSRF MEDIUM" "ni-woocommerce-cost-of-goods 3.2.9 Subscriber+.Stored.XSS MEDIUM" "ni-woocommerce-cost-of-goods 3.2.9 Missing.Authorization MEDIUM" "ni-woocommerce-cost-of-goods 3.2.9 Admin+.SQL.Injection MEDIUM" "new-order-popup No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "nex-forms 7.8.8 Authentication.Bypass.for.PDF.Reports MEDIUM" "nex-forms 7.8.8 Authentication.Bypass.for.Excel.Reports MEDIUM" "notif-bell 0.9.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "nps-computy 2.8.1 Reflected.Cross-Site.Scripting MEDIUM" "nps-computy 2.7.6 Results.Deletion.via.CSRF MEDIUM" "nps-computy 2.7.6 Admin+.Stored.XSS LOW" "newsletter-popup No.known.fix Admin+.Stored.XSS LOW" "newsletter-popup No.known.fix Subscriber.Deletion.via.CSRF MEDIUM" "newsletter-popup No.known.fix List.Deletion.via.CSRF MEDIUM" "newsletter-popup No.known.fix Unauthenticated.Stored.XSS HIGH" "newsletter-popup No.known.fix Unauthenticated.Stored.XSS HIGH" "newsletter-popup No.known.fix Record.Deletion.via.CSRF MEDIUM" "nextcart-woocommerce-migration 3.9.5 Unauthenticated.SQL.Injection HIGH" "nextcart-woocommerce-migration 3.9.4 Reflected.Cross-Site.Scripting MEDIUM" "norse-runes-oracle 1.4.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "norse-runes-oracle 1.4.3 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "no-external-links No.known.fix Admin+.Stored.XSS LOW" "notification 6.1.0 Reflected.Cross-Site.Scripting MEDIUM" "notification 8.0.0 Admin+.Stored.Cross-Site.Scripting LOW" "notifyvisitors-lead-form No.known.fix Admin+.Stored.XSS LOW" "notification-for-telegram 3.3.2 Missing.Authorization.to.Authenticated.(Subscriber+).Send.Telegram.Test.Message MEDIUM" "nifty-coming-soon-and-under-construction-page 1.58 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "navegg No.known.fix Cross-Site.Request.Forgery MEDIUM" "newsletters-lite 4.9.9.8 Authenticated.(Administrator+).SQL.Injection MEDIUM" "newsletters-lite 4.9.9.8 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "newsletters-lite 4.9.9.8 Reflected.Cross-Site.Scripting.via.To.Parameter MEDIUM" "newsletters-lite 4.9.9.7 Reflected.Cross-Site.Scripting MEDIUM" "newsletters-lite 4.9.9.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.newsletters_video.Shortcode MEDIUM" "newsletters-lite 4.9.9.2 Reflected.Cross-Site.Scripting MEDIUM" "newsletters-lite 4.9.9.3 Authenticated.Privilege.Escalation HIGH" "newsletters-lite 4.9.9 Reflected.Cross-Site.Scripting MEDIUM" "newsletters-lite 4.9.9.1 Unauthenticated.Full.Path.Disclosure MEDIUM" "newsletters-lite 4.9.8 Cross-Site.Request.Forgery MEDIUM" "newsletters-lite 4.9.6 Reflected.Cross-Site.Scripting MEDIUM" "newsletters-lite 4.9.6 Information.Exposure.via.Log.files MEDIUM" "newsletters-lite 4.9.6 Authenticated.(Admin+).Arbitrary.File.Upload CRITICAL" "newsletters-lite 4.9.3 Admin+.Command.Injection MEDIUM" "newsletters-lite 4.6.19 Multiple.Issues HIGH" "newsletters-lite 4.6.8.6 PHP.Object.Injection CRITICAL" "nextgen-gallery-geo 2.0.3 Unauthenticated.PHP.Object.Injection MEDIUM" "ni-purchase-orderpo-for-woocommerce 1.2.2 Admin+.File.Upload.to.Remote.Code.Execution MEDIUM" "notifications-center No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ni-woocommerce-product-editor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "number-chat No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "number-chat No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "nextend-twitter-connect 1.5.2 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "new-grid-gallery 1.4.4 Contributor+.PHP.Object.Injection.via.shortcode MEDIUM" "new-grid-gallery 1.2.5 Authenticated.Stored.Cross.Site.Scripting.(XSS) LOW" "notice-bar 3.1.1 Contributor+.Stored.XSS MEDIUM" "nicejob 3.7.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nicejob 3.7.2 Contributor+.Stored.XSS MEDIUM" "nicejob 3.6.5 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "nicejob 3.6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nice-paypal-button-lite No.known.fix CSRF MEDIUM" "new-user-approve 2.6.4 Missing.Authorization MEDIUM" "new-user-approve 2.5.2 Cross-Site.Request.Forgery.via.admin_notices MEDIUM" "new-user-approve 2.5.1 Reflected.Cross-Site.Scripting MEDIUM" "new-user-approve 2.4 Arbitrary.Settings.Update.&.Invitation.Code.Creation.via.CSRF MEDIUM" "new-user-approve 2.4.1 Reflected.Cross-Site.Scripting MEDIUM" "new-user-approve 2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ninja-tables 5.0.17 Admin+.Stored.XSS LOW" "ninja-tables 5.0.13 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "ninja-tables 5.0.10 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "ninja-tables 5.0.7 Contributor+.Table.Data.Access LOW" "ninja-tables 4.3.5 Admin+.Stored.XSS LOW" "ninja-tables 4.1.8 Admin+.Stored.Cross-Site.Cross-Site.Scripting LOW" "nacc-wordpress-plugin 4.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ninja-gdpr-compliance 2.7.2 Missing.Authorization MEDIUM" "ninja-gdpr-compliance 2.7.1 Missing.Authorization.to.Settings.Update.and.Stored.Cross-Site.Scripting MEDIUM" "ninja-gdpr-compliance 2.4 Unauthenticated.PHP.Object.Injection HIGH" "nofollow No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "narnoo-shortcodes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ovic-addon-toolkit No.known.fix Missing.Authorization MEDIUM" "oxygenbuilder 4.9 Missing.Authorization.to.Authenticated.(Subscriber+).Stylesheet.Update MEDIUM" "oxygenbuilder 4.8.3 Authenticated.(Contributor+).Remote.Code.Execution HIGH" "oxygenbuilder 4.8.1 Contributor+.Stored.XSS MEDIUM" "opcache No.known.fix Reflected.XSS HIGH" "os-our-team No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "optinmonster 2.16.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "optinmonster 2.16.0 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "optinmonster 2.12.2 Subscriber+.Arbitrary.Post.Content.Disclosure MEDIUM" "optinmonster 2.6.5 Unprotected.REST-API.Endpoints HIGH" "optinmonster 2.6.1 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "optinmonster 1.1.4.6 Execution.of.Arbitrary.Shortcodes MEDIUM" "order-auto-complete-for-woocommerce 1.2.1 Admin+.Stored.XSS LOW" "one-click-plugin-updater No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "optinly 1.0.19 Missing.Authorization MEDIUM" "optinly 1.0.16 CSRF MEDIUM" "one-click-demo-import 3.2.1 Authenticated.(Admin+).PHP.Object.Injection HIGH" "one-click-demo-import 3.1.0 Admin+.Arbitrary.File.Upload MEDIUM" "otp-login No.known.fix Authentication.Bypass.via.Weak.OTP HIGH" "oauth-client 1.11.4 Authenticated.Bypass CRITICAL" "order-status-for-woocommerce 1.6.1 Reflected.Cross-Site.Scripting MEDIUM" "opensea No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "opensea 1.0.3 Admin+.Stored.XSS MEDIUM" "opensea 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "off-page-seo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "order-picking-for-woocommerce 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "opt-in-hound No.known.fix Reflected.Cross-Site.Scripting.via.add_query_arg.Parameter MEDIUM" "oz-canonical No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "oik 4.12.1 Cross-Site.Request.Forgery MEDIUM" "oik 4.12.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.bw_button.Shortcode MEDIUM" "oik 4.10.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "open-rdw-kenteken-voertuiginformatie 2.1.0 Reflected.XSS HIGH" "optio-dentistry 2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "opencart-product-in-wp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "out-of-the-box 1.20.3 Reflected.Cross-Site.Scripting MEDIUM" "open-graphite 1.6.1 Reflected.Cross-Site.Scripting HIGH" "opal-widgets-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "one-page-express-companion 1.6.38 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.one_page_express_contact_form.Shortcode MEDIUM" "official-sendle-shipping-method 5.18 Reflected.XSS HIGH" "opal-membership No.known.fix Authenticated.(Subscriber+).Information.Disclosure MEDIUM" "opal-membership No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "optimate-ads No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "one-backend-language No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "organization-chart 1.5.1 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.title_input.and.node_description.Parameters MEDIUM" "organization-chart 1.4.5 Multiple.CSRF MEDIUM" "organization-chart 1.4.5 Admin+.Stored.XSS LOW" "olive-one-click-demo-import No.known.fix Unauthenticated.Information.Exposure MEDIUM" "olive-one-click-demo-import 1.1.2 Missing.Authorization MEDIUM" "olive-one-click-demo-import No.known.fix Admin+.Arbitrary.File.Upload MEDIUM" "olivewp-companion No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "orbisius-child-theme-creator 1.5.6 Missing.Authorization.to.Authenticated.(Subscriber+).Cloud.Snippet.Update/Delete MEDIUM" "orbisius-child-theme-creator 1.5.5 Reflected.Cross-Site.Scripting MEDIUM" "orbisius-child-theme-creator 1.5.2 CSRF.to.Arbitrary.File.Modification/Creation HIGH" "orbisius-child-theme-creator 1.2.8 Arbitrary.File.Write MEDIUM" "oxygen-mydata 1.0.65 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "opal-hotel-room-booking No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "onelogin-saml-sso 2.4.3 Signature.Wrapping HIGH" "os-pricing-tables No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "order-tracking 3.3.13 Missing.Authorization.via.send_test_email() MEDIUM" "order-tracking 3.3.7 Reflected.Cross-Site.Scripting HIGH" "order-tracking 3.3.7 Admin+.Stored.Cross-Site.Scripting LOW" "ocean-extra 2.4.7 Contributor+.Stored.XSS.via.'ocean_gallery_id' MEDIUM" "ocean-extra 2.4.7 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "ocean-extra 2.4.7 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "ocean-extra 2.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ocean-extra 2.2.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Flickr.Widget MEDIUM" "ocean-extra 2.2.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "ocean-extra 2.2.5 Contributor+.Stored.XSS MEDIUM" "ocean-extra 2.2.3 Cross-Site.Request.Forgery.to.Arbitrary.Plugin.Activation MEDIUM" "ocean-extra 2.1.8 Reflected.Cross-Site.Scripting MEDIUM" "ocean-extra 2.1.3 Contributor+.Stored.XSS MEDIUM" "ocean-extra 2.1.3 Subscriber+.Arbitrary.Post.Content.Disclosure MEDIUM" "ocean-extra 2.1.2 Contributor+.Stored.XSS MEDIUM" "ocean-extra 2.0.5 Admin+.PHP.Objection.Injection MEDIUM" "ocean-extra 1.9.5 Reflected.Cross-Site.Scripting MEDIUM" "ocean-extra 1.9.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ocean-extra 1.6.6 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "ocean-extra 1.5.9 Unauthenticated.Settings.change.and.CSS.injection HIGH" "opentracker-analytics No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "odihost-easy-redirect-301 No.known.fix Cross-Site.Request.Forgery MEDIUM" "ovic-vc-addon No.known.fix Missing.Authorization MEDIUM" "ovic-vc-addon 1.2.9 Subscriber+.Option.Update HIGH" "order-hours-scheduler-for-woocommerce 4.3.22 Reflected.Cross-Site.Scripting MEDIUM" "openpgp-form-encryption 1.5.1 Contributor+.Stored.XSS MEDIUM" "oauth2-server No.known.fix Authentication.Bypass MEDIUM" "olimometer 2.57 Unauthenticated.SQL.Injection CRITICAL" "optin-forms 1.3.7 Admin+.Stored.Cross-Site.Scripting LOW" "optin-forms 1.3.3 Admin+.Stored.XSS LOW" "olevmedia-shortcodes No.known.fix Contributor+.Stored.XSS MEDIUM" "olevmedia-shortcodes 1.1.9 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "online-appointment-scheduling-software No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "opti-marketing 2.0.10 Unauthenticated.SQLi HIGH" "ok-poster-group No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "official-facebook-pixel 3.0.0 PHP.Object.Injection.with.POP.Chain CRITICAL" "official-facebook-pixel 3.0.4 CSRF.to.Stored.XSS.and.Settings.Deletion HIGH" "omnisend-connect 1.14.4 Cross-Site.Request.Forgery MEDIUM" "omnisend-connect 1.13.9 Sensitive.Information.Exposure MEDIUM" "orangebox No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "oa-social-login 5.10.0 Authentication.Bypass CRITICAL" "our-team-members 2.3 Missing.Authorization.to.Authenticated.(Subscriber+).Information.Disclosure MEDIUM" "osd-subscribe No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ocim-mp3 No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "omnipress 1.5.5 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "omnipress 1.5.0 Contributor+.Stored.XSS MEDIUM" "outdooractive-embed 1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "onwebchat 3.2.0 Live.support.<.3.2.0.-.Cross-Site.Request.Forgery MEDIUM" "online-lesson-booking-system 0.8.7 CSRF.&.XSS HIGH" "order-post No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "out-of-stock-badge No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-site.Scripting MEDIUM" "oauth-twitter-feed-for-developers No.known.fix Admin+.Stored.XSS LOW" "out-of-stock-display-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "opal-portfolios No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "open-graph-metabox No.known.fix CSRF MEDIUM" "official-mailerlite-sign-up-forms 1.7.7 Missing.Authorization MEDIUM" "official-mailerlite-sign-up-forms 1.7.7 1.7.6.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "official-mailerlite-sign-up-forms 1.5.8 Signup.forms.(official).<.1.5.8.-.API.Key.Update.via.CSRF MEDIUM" "official-mailerlite-sign-up-forms 1.5.4 Reflected.Cross-Site.Scripting MEDIUM" "official-mailerlite-sign-up-forms 1.4.4 Unauthenticated.SQL.Injection CRITICAL" "official-mailerlite-sign-up-forms 1.4.5 Multiple.CSRF.Issues HIGH" "ootb-openstreetmap 2.8.4 Contributor+.Stored.XSS.via.ootb_query.Shortcode MEDIUM" "oauth2-provider 4.4.0 Open.Redirect MEDIUM" "oauth2-provider 4.2.5 Arbitrary.Post.Deletion.via.CSRF MEDIUM" "oauth2-provider 4.3.0 Subscriber+.Arbitrary.Client.Deletion MEDIUM" "oauth2-provider 3.4.2 Client.Secret.Regeneration.via.CSRF MEDIUM" "oauth2-provider 4.2.2 Admin+.Stored.XSS LOW" "oauth2-provider 3.1.5 Insecure.Pseudor&om.Number.Generation CRITICAL" "oopspam-anti-spam 1.1.45 Cross-Site.Request.Forgery MEDIUM" "oopspam-anti-spam 1.1.36 Admin+.Stored.XSS LOW" "one-click-order-reorder 1.1.10 Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "onestore-sites No.known.fix Unauthenticated.Blind.Server-Side.Request.Forgery MEDIUM" "onestore-sites No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.Plugin.Installation MEDIUM" "otp-easy-login-with-mocean No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "online-accessibility No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "online-accessibility No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "online-accessibility No.known.fix Missing.Authorization MEDIUM" "online-accessibility 4.13 Subscriber+.SQLi HIGH" "online-accessibility 4.13 Subscriber+.SQLi HIGH" "oracle-cards 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "oshine-modules 3.3.8 Unauthenticated.Server-Side.Request.Forgery HIGH" "oshine-modules 3.3.8 Reflected.Cross-Site.Scripting MEDIUM" "open-ai-search-bar No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "order-attachments-for-woocommerce No.known.fix Unauthenticated.Sensitive.Information.Exposure.Through.Unprotected.Directory MEDIUM" "order-attachments-for-woocommerce 2.5.0 2.4.1.-.Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Arbitrary.File.Upload MEDIUM" "osm No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "osm 6.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "osm 6.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.osm_map.and.osm_map_v3.Shortcodes MEDIUM" "osm 6.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "osm 6.0.4 Contributor+.SQL.Injection MEDIUM" "osm 6.0.6 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "osm 6.0.3 CSRF MEDIUM" "otter-blocks 3.0.7 Unauthetnicated.Path.Traversal.to.Arbitrary.Image.View MEDIUM" "otter-blocks 3.0.4 Gutenberg.Block.<.3.0.4.-.Missing.Authorization MEDIUM" "otter-blocks 3.0.5 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "otter-blocks 2.6.10 Contributor+.Stored.XSS.via.titleTag MEDIUM" "otter-blocks 2.6.9 Contributor+.Stored.Cross-Site.Scripting.via.Block.Attributes MEDIUM" "otter-blocks 2.6.9 Author+.Stored.XSS.via.SVG.Upload MEDIUM" "otter-blocks 2.6.6 Contributor+.Stored.XSS MEDIUM" "otter-blocks 2.6.6 Contributor+.Stored.XSS MEDIUM" "otter-blocks 2.6.5 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "otter-blocks 2.2.6 Gutenberg.Blocks.<.2.2.6.-.Author+.PHAR.Deserialization MEDIUM" "oxygen 4.4 CSRF MEDIUM" "order-audit-log-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "otter-pro 2.6.12 Authenticated.(Subscriber+).Information.Exposure MEDIUM" "otter-pro 2.6.4 Unauthenticated.Stored.Cross-Site.Scripting.via.SVG.Upload MEDIUM" "otter-pro 2.6.4 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.File.Field.CSS MEDIUM" "one-click-close-comments No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "openbook-book-data No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "openid No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "onlyoffice-docspace 2.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "overlay-image-divi-module 1.5 Reflected.Cross-Site.Scripting MEDIUM" "overlay-image-divi-module 1.3.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "olympus-google-fonts 3.7.8 Cross-Site.Request.Forgery MEDIUM" "olympus-google-fonts 3.7.8 Missing.Authorization MEDIUM" "olympus-google-fonts 3.0.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "off-canvas-sidebars 0.5.8.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "off-canvas-sidebars 0.5.8.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "open-menu No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "oembed-gist No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "olympus-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "onesignal-free-web-push-notifications 1.17.8 Stored.XSS MEDIUM" "onclick-show-popup 6.6 Admin+.Stored.XSS LOW" "ohio-extra No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "open-external-links-in-a-new-window 1.43 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "open-external-links-in-a-new-window 1.43 Tabnabbing LOW" "orange-form No.known.fix SQL.Injection.via.CSRF HIGH" "orange-form No.known.fix Unauthenticated.Arbitrary.Post.Deletion CRITICAL" "onlinecontract No.known.fix Missing.Authorization.to.Unauthenticated.Settings.Import MEDIUM" "open-user-map 1.3.27 Admin+.Stored.XSS LOW" "open-user-map 1.3.15 Reflected.Cross-Site.Scripting MEDIUM" "open-user-map 1.2.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "onlyoffice 2.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "oxyextras 1.4.5 Unauthenticated.Cross-Site.Scripting MEDIUM" "order-your-posts-manually No.known.fix Reflected.XSS HIGH" "order-your-posts-manually No.known.fix Admin+.SQLi MEDIUM" "opal-estate-pro No.known.fix Contributor+.Stored.XSS MEDIUM" "one-user-avatar 2.3.7 Avatar.Update.via.CSRF LOW" "one-user-avatar 2.3.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "os-bxslider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ovic-import-demo No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Download MEDIUM" "oppso-unit-converter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "oneelements-ultimate-addons-for-elementor No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "offload-videos-bunny-netaws-s3 1.0.1 Offload.Videos.–.Bunny,net,.AWS.S3.<=.1,0,1.Subscriber+.CSRF MEDIUM" "orbisius-simple-notice 1.1.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "owm-weather 5.6.12 Post.Duplication.via.CSRF MEDIUM" "owm-weather 5.6.9 Contributor+.SQLi HIGH" "openai-tools-for-wp-wc No.known.fix Missing.Authorization MEDIUM" "obfuscate-email No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "opal-woo-custom-product-variation 1.1.4 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "official-skrill-woocommerce 1.0.67 Settings.Update.via.CSRF MEDIUM" "oliver-pos 2.4.2.4 Sensitive.Information.Exposure.to.Privilege.Escalation CRITICAL" "oliver-pos 2.4.1.9 Cross-Site.Request.Forgery MEDIUM" "oliver-pos 2.4.2.1 Subscriber+.Unauthorized.AJAX.Calls MEDIUM" "otpless No.known.fix 2.0.59.-.Unauthenticated.Arbitrary.Email.Update.to.Account.Takeover/Privilege.Escalation CRITICAL" "otpless 2.0.59 Reflected.Cross-Site.Scripting MEDIUM" "oauth-client-for-user-authentication 3.0.4 Unauthenticated.Settings.Update.to.Authentication.Bypass CRITICAL" "official-saleswizard-crm 1.0.4 Contributor+.Stored.XSS MEDIUM" "octrace-support No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "octrace-support No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "octrace-support 1.2.5 Reflected.Cross-Site.Scripting MEDIUM" "octrace-support 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "occupancyplan No.known.fix Cross-Site.Request.Forgery.to.SQL.Injection MEDIUM" "occupancyplan No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "order-export-and-more-for-woocommerce 3.25 Unauthenticated.Sensitive.Information.Exposure.Through.Unprotected.Directory MEDIUM" "order-export-and-more-for-woocommerce 3.24 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "ovic-product-bundle No.known.fix Missing.Authorization MEDIUM" "og-tags 2.0.2 Plugin's.Settings.Update.via.CSRF MEDIUM" "od-photogallery-plugin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "option-tree 2.7.3 Object.Injection.Bypass CRITICAL" "option-tree 2.7.0 PHP.Object.Injection CRITICAL" "option-tree 2.6.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "option-tree 2.5.4 XSS MEDIUM" "omnify-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "order-notification-for-telegram No.known.fix Missing.Authorization.to.Unauthenticated.Send.Telegram.Test.Message MEDIUM" "one-page-blocks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "one-page-blocks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "one-page-blocks No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "one-click-login No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "onceki-yazi-linki No.known.fix Cross-Site.Request.Forgery MEDIUM" "oss-upload No.known.fix Cross-Site.Request.Forgery MEDIUM" "owl-carousel No.known.fix Contributor+.Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "optimole-wp 3.13.0 Author+.Stored.Cross-Site.Scripting.via.SVG.Upload MEDIUM" "optimole-wp 3.3.2 Admin+.Stored.Cross-Site.Scripting LOW" "osm-map-elementor 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "order-and-inventory-manager-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "order-and-inventory-manager-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "opal-estate No.known.fix CSRF.Bypass MEDIUM" "opal-estate No.known.fix Missing.Authorization MEDIUM" "opal-estate No.known.fix Cross-Site.Request.Forgery MEDIUM" "osmapper No.known.fix Unauthenticated.Arbitrary.Post.Deletion HIGH" "open-hours No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "outbound-link-manager No.known.fix Settings.Update.via.CSRF MEDIUM" "original-texts-yandex-webmaster No.known.fix Cross-Site.Request.Forgery MEDIUM" "oss-aliyun 1.4.11 Authenticated.(Administrator+).SQL.Injection CRITICAL" "ota-sync-booking-engine-widget 1.3.0 Settings.Update.via.CSRF MEDIUM" "order-status-rules-for-woocommerce 3.7.2 Open.Redirect HIGH" "order-redirects-for-woocommerce 0.8.1 Reflected.Cross-Site.Scripting MEDIUM" "open-social No.known.fix Admin+.Stored.XSS LOW" "opencart-product-display No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "order-on-chat-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "order-on-chat-for-woocommerce 1.6.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "only-tweet-like-share-and-google-1 No.known.fix Admin+.Stored.XSS LOW" "order-import-export-for-woocommerce 2.6.1 Directory.Traversal.to.Authenticated.(Administrator+).Limited.Arbitrary.File.Read.via.download_file.Function MEDIUM" "order-import-export-for-woocommerce 2.6.1 Authenticated.(Admin+).PHP.Object.Injection.via.form_data.Parameter HIGH" "order-import-export-for-woocommerce 2.6.1 Directory.Traversal.to.Authenticated.(Administrator+).Limited.Arbitrary.File.Deletion.via.admin_log_page.Function LOW" "order-import-export-for-woocommerce 2.6.1 Authenticated.(Administrator+).Server-Side.Request.Forgery.via.validate_file.Function HIGH" "order-import-export-for-woocommerce 2.5.0 Authenticated.(Administrator+).PHP.Object.Injection HIGH" "order-import-export-for-woocommerce 2.4.4 Shop.Manager+.Arbitrary.File.Upload HIGH" "order-delivery-date-for-woocommerce 3.21.1 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "order-delivery-date-for-woocommerce 3.20.1 Reflected.XSS HIGH" "order-delivery-date 12.4.0 Reflected.XSS HIGH" "order-delivery-date 12.3.1 Unauthenticated.Arbitrary.Option.Update CRITICAL" "order-delivery-date No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "order-delivery-date No.known.fix Admin+.Stored.XSS LOW" "order-delivery-date No.known.fix Settings.Update.via.CSRF MEDIUM" "ops-robots-txt 2.0.1 Stored.XSS.via.CSRF HIGH" "ops-robots-txt 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "one-click-ssl 1.4.7 Multiple.Issues HIGH" "oi-yamaps No.known.fix Contributor+.Stored.XSS MEDIUM" "order-tip-woo 1.4.0 Missing.Authorization.to.Unauthenticated.Data.Export MEDIUM" "omnileads-scripts-and-tags-manager No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "opening-hours 1.47 Admin+.Stored.XSS LOW" "opening-hours 1.46 Cross-Site.Request.Forgery MEDIUM" "opening-hours 1.45 Missing.Authorization MEDIUM" "opening-hours 1.42 Admin+.Stored.Cross-Site.Scripting LOW" "opening-hours 1.38 Admin+.Stored.XSS LOW" "onoffice-for-wp-websites No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "options-for-twenty-seventeen 2.5.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "onlywire-multi-autosubmitter No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "ooohboi-steroids-for-elementor 2.1.5 Arbitrary.File.Upload MEDIUM" "ooohboi-steroids-for-elementor 2.1.5 Subscriber+.Attachment.Deletion MEDIUM" "opengraph 1.11.3 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "oneclick-whatsapp-order 1.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "oneclick-whatsapp-order 1.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "oneclick-whatsapp-order 1.0.5 Admin+.Stored.XSS LOW" "oneclick-whatsapp-order 1.0.4.2 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "office-locator No.known.fix Unauthenticated.SQL.Injection HIGH" "office-locator No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "om-stripe No.known.fix Reflected.XSS HIGH" "ownerrez No.known.fix Cross-Site.Request.Forgery MEDIUM" "official-statcounter-plugin-for-wordpress 2.0.7 Admin+.Stored.Cross-Site.Scripting LOW" "optima-express 7.3.1 Admin+.Stored.XSS LOW" "order-delivery-pickup-location-date-time-free-version No.known.fix Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "option-editor No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.Options.Update HIGH" "post-block No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-block 6.0.1 Missing.Authorization.to.Authenticated.(Subscriber+).Shortcode.Export MEDIUM" "post-block 5.3.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "passwords-manager 1.5.1 Unauthenticated.SQL.Injection HIGH" "passwords-manager 1.5.1 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "passwords-manager 1.5.1 Missing.Authorization.to.Authenticated.(Subscriber+).Add.Password.+.Update.Encryption.Key HIGH" "pdf-embedder 4.8.0 Arbitrary.JavaScript.Execution MEDIUM" "pdf-embedder 4.7.1 Contributor+.Stored.XSS MEDIUM" "progress-bar 2.2.2 Contributor+.Stored.XSS MEDIUM" "pushbiz No.known.fix Reflected.XSS HIGH" "paypal-payment-button-by-vcita 3.30.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "paypal-payment-button-by-vcita 3.30.0 Contributor+.Stored.XSS MEDIUM" "paypal-payment-button-by-vcita 3.10.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "paypal-payment-button-by-vcita 3.20.0 CSRF.to.Stored.XSS.in.settings.page MEDIUM" "pin-locations-on-map No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "post-grid-for-elementor 1.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "popup-zyrex 1.1 Admin+.Arbitrary.File.Upload MEDIUM" "profit-products-tables-for-woocommerce 1.0.6.8 .Unauthenticated.Arbitrary.Filter.Call HIGH" "profit-products-tables-for-woocommerce 1.0.6.7 Reflected.Cross-Site.Scripting MEDIUM" "profit-products-tables-for-woocommerce 1.0.6.6 Unauthenticated.Arbitrary.Shortcode.Execution.via.woot_get_smth HIGH" "profit-products-tables-for-woocommerce 1.0.6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.woot_button.Shortcode MEDIUM" "profit-products-tables-for-woocommerce 1.0.6.4 Reflected.Cross-Site.Scripting MEDIUM" "profit-products-tables-for-woocommerce 1.0.6.3 Missing.Authorization MEDIUM" "profit-products-tables-for-woocommerce 1.0.6.2 Cross-Site.Request.Forgery MEDIUM" "profit-products-tables-for-woocommerce 1.0.6.2 Missing.Authorization MEDIUM" "profit-products-tables-for-woocommerce 1.0.6.1 Unauthenticated.PHP.Object.Injection CRITICAL" "profit-products-tables-for-woocommerce 1.0.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "profit-products-tables-for-woocommerce 1.0.5 Reflected.Cross-Site-Scripting MEDIUM" "profit-products-tables-for-woocommerce 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "post-snippets 4.0.4 Reflected.Cross-Site.Scripting MEDIUM" "post-snippets 4.0.3 Admin+.Stored.XSS LOW" "post-snippets 3.1.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "post-snippets 3.1.4 CSRF.to.Stored.Cross-Site.Scripting HIGH" "post-snippets 3.0.4 Subscriber+.Arbitrary.Option.Update CRITICAL" "prime-addons-for-elementor 2.0.2 Authenticated.(Contributor+).Insecure.Direct.Object.Reference.via.pae_global_block.Shortcode MEDIUM" "pixelyoursite 10.1.1.2 Unauthenticated.PHP.Object.Injection HIGH" "pixelyoursite 10.0.2 Settings.Update.via.CSRF MEDIUM" "pixelyoursite 9.7.2 Unauthenticated.Information.Exposure.and.Log.Deletion MEDIUM" "pixelyoursite 9.6.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "pixelyoursite 9.3.7 Admin+.Stored.Cross-Site.Scripting LOW" "pixelyoursite 5.3.0 XSS MEDIUM" "popup-with-fancybox 3.6 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "private-content No.known.fix Unauthenticated.Privilege.Escalation.via.Account.Takeover CRITICAL" "private-content No.known.fix Missing.Authorization MEDIUM" "private-content No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "private-content No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "private-content 8.4.4 Brute.Force.Protection.Bypass MEDIUM" "pickup-and-delivery-from-customer-locations-for-woocommerce 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "pickup-and-delivery-from-customer-locations-for-woocommerce 1.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pinterest-rss-widget No.known.fix Contributor+.Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "podamibe-twilio-private-call No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "post-connector 1.0.10 Admin+.Stored.Cross-Site.Scripting MEDIUM" "post-connector 1.0.4 XSS MEDIUM" "pretix-widget 1.0.6 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "pandavideo 1.4.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "pandavideo 1.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "persian-woocommerce-shipping 4.2.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pixelyoursite-pro 10.4.3 Unauthenticated.Information.Exposure.and.Log.Deletion MEDIUM" "pixelyoursite-pro 9.6.2 Admin+.Stored.Cross-Site.Scripting LOW" "product-layouts 1.1.4 Reflected.Cross-Site.Scripting MEDIUM" "password-protected 2.7.8 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "password-protected 2.6.7 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "password-protected 2.6.7 Admin+.Stored.XSS LOW" "password-protected 2.6.3.2 Reflected.Cross-Site.Scripting MEDIUM" "password-protected 2.6.3 Admin+.Stored.XSS LOW" "product-size-chart-for-woo 1.1.6 Settings.Update.via.CSRF MEDIUM" "preferred-languages 2.3.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "pb-oembed-html5-audio-with-cache-support No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "print-invoices-packing-slip-labels-for-woocommerce 4.7.2 Authenticated.(Shop.Manager+).Stored.Cross-Site.Scripting MEDIUM" "print-invoices-packing-slip-labels-for-woocommerce 4.4.3 Missing.Authorization.to.Unauthenticated.Settings.Reset MEDIUM" "print-invoices-packing-slip-labels-for-woocommerce 4.4.1 Reflected.Cross-Site.Scripting MEDIUM" "print-invoices-packing-slip-labels-for-woocommerce 4.4.2 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "print-invoices-packing-slip-labels-for-woocommerce 4.3.1 Subscriber+.Arbitrary.Order.Export MEDIUM" "print-invoices-packing-slip-labels-for-woocommerce 4.3.0 Shop.Manager+.Arbitrary.Options.Update HIGH" "post-and-page-reactions No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "phraseanet-client No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pdf-invoices-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "post-shortcode No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "peepso-core No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "peepso-core 6.4.6.2 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "peepso-core 6.4.6.1 Unauthenticated.Full.Path.Disclosure MEDIUM" "peepso-core 6.4.6.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.content.Parameter MEDIUM" "peepso-core 6.4.6.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "peepso-core 6.2.7.1 Unauthenticated.Sensitive.Information.Disclosure.via.Log.file MEDIUM" "peepso-core 6.3.1.2 Reflected.XSS HIGH" "peepso-core 6.3.1.2 User.Post.Creation.via.CSRF MEDIUM" "peepso-core 6.2.7.0 Reflected.Cross-Site.Scripting HIGH" "peepso-core 6.2.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "peepso-core 6.2.0.0 Cross-Site.Request.Forgery.via.delete MEDIUM" "peepso-core 6.0.3.0 Multiple.CSRF MEDIUM" "peepso-core 1.6.1 Authenticated.Privilege.Escalation HIGH" "price-calculator-to-your-website No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "product-page-shipping-calculator-for-woocommerce 1.3.26 Admin+.Stored.XSS LOW" "product-page-shipping-calculator-for-woocommerce 1.3.21 Admin+.Stored.XSS LOW" "page-list 5.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "page-list 5.3 Contributor+.Stored.XSS MEDIUM" "price-bands-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "price-bands-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "price-bands-for-woocommerce No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "photo-image-gallery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "plugins-last-updated-column 0.1.4 Cache.Clear.via.CSRF MEDIUM" "pretty-opt-in-lite 1.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "parallax-image 1.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.position.Parameter MEDIUM" "parallax-image 1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.dd-parallax.Shortcode MEDIUM" "parallax-image 1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "posts-table-filterable 1.0.4 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "posts-table-filterable No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "posts-table-filterable No.known.fix Missing.Authorization MEDIUM" "posts-table-filterable 1.0.1 Reflected.Cross-Site.Scripting MEDIUM" "push-envoy No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "page-builder-sandwich No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "page-builder-sandwich No.known.fix Missing.Authorization MEDIUM" "page-builder-sandwich No.known.fix Missing.Authorization.to.Authenticated(Subscriber+).Arbitrary.Post.Editing MEDIUM" "page-builder-sandwich No.known.fix Sensitive.Information.Exposure MEDIUM" "page-builder-sandwich No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "page-builder-sandwich 4.5.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "popup-anything-on-click 2.8.1 Missing.Authorization MEDIUM" "popup-anything-on-click 2.2.2 Popup.Settings.Reset.via.CSRF MEDIUM" "popup-anything-on-click 2.1.7 Reflected.Cross-Site.Scripting MEDIUM" "popup-anything-on-click 2.0.4 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "product-catalog-feed 2.2.0 Cross-Site.Request.Forgery MEDIUM" "product-catalog-feed 2.1.1 Reflected.XSS HIGH" "product-catalog-feed 2.1.1 Reflected.XSS HIGH" "pagepost-content-shortcode No.known.fix Contributor+.Arbitrary.Posts/Pages.Access MEDIUM" "plugversions 0.0.8 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Creation HIGH" "poll-maker 5.6.6 Authenticated.(Administrator+).SQL.Injection MEDIUM" "poll-maker 5.5.4 Admin+.Stored.XSS LOW" "poll-maker 5.5.5 Unauthenticated.HTML.Injection MEDIUM" "poll-maker 5.5.7 Missing.Authorization MEDIUM" "poll-maker 5.5.5 Cross-Site.Request.Forgery.to.Poll.Duplication MEDIUM" "poll-maker 5.4.7 Authenticated.(Administrator+).Time-Based.SQL.Injection MEDIUM" "poll-maker 5.4.7 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Poll.Settings MEDIUM" "poll-maker 5.4.7 Authenticated.(Administrator+).SQL.Injection.via.Order_by.Parameter MEDIUM" "poll-maker 5.1.9 .Missing.Authorization.to.Unauthenticated.Email.Enumeration MEDIUM" "poll-maker 5.1.9 Missing.Authorization.to.Unauthenticated.Stored.Cross-Site.Scripting HIGH" "poll-maker 4.8.1 Missing.Authorization MEDIUM" "poll-maker 4.7.2 Missing.Authorization MEDIUM" "poll-maker 4.7.1 Reflected.XSS HIGH" "poll-maker 4.0.2 Admin+.Stored.Cross-Site.Scripting LOW" "poll-maker 3.4.2 Unauthenticated.Time.Based.SQL.Injection CRITICAL" "poll-maker 3.2.9 Reflected.Cross-Site.Scripting HIGH" "poll-maker 3.2.1 Authenticated.Blind.SQL.Injections HIGH" "puredevs-customer-history-for-woocommerce 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "puredevs-customer-history-for-woocommerce 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "progress-tracker No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "postie 1.9.41 Post.Submission.Spoofing.&.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "patreon-connect 1.9.2 Missing.Authorization MEDIUM" "patreon-connect 1.9.1 Protection.Mechanism.Bypass MEDIUM" "patreon-connect 1.8.8 Cross-Site.Request.Forgery MEDIUM" "patreon-connect 1.8.2 Admin+.Stored.Cross-Site.Scripting LOW" "patreon-connect 1.7.0 CSRF.to.Overwrite/Create.User.Meta MEDIUM" "patreon-connect 1.7.2 Reflected.XSS.on.Login.Form HIGH" "patreon-connect 1.7.0 Unauthenticated.Local.File.Disclosure HIGH" "patreon-connect 1.7.0 CSRF.to.Disconnect.Sites.From.Patreon MEDIUM" "patreon-connect 1.7.2 Reflected.XSS.on.patreon_save_attachment_patreon_level.AJAX.action HIGH" "patreon-connect 1.2.2 PHP.Object.Injection CRITICAL" "phplist-form-integration No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "powr-pack 2.2.0 Contributor+.Stored.XSS MEDIUM" "pods 3.2.8.2 Admin+.SQL.Injection MEDIUM" "pods 3.2.8.1 Admin+.Stored.XSS LOW" "pods 3.2.7.1 Admin+.Stored.XSS LOW" "pods 3.2.1.1 Contributor+.Stored.Cross-Site.Scripting.via.Pod.Form.Redirect.URL MEDIUM" "pods 3.1 Contributor+.Pods/Users.Creation MEDIUM" "pods 3.1 Contributor+.SQLi MEDIUM" "pods 3.1 Contributor+.Remote.Code.Execution HIGH" "pods 2.8.0 Reflected.Cross-Site.Scripting MEDIUM" "pods 2.9.11 Pods.Deletion.via.CSRF MEDIUM" "pods 2.7.29 Multiple.Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "pods 2.7.27 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "pods 2.7.27 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "preloader-sws No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "plainview-protect-passwords No.known.fix Reflected.XSS HIGH" "plainview-protect-passwords No.known.fix Cross-Site.Request.Forgery MEDIUM" "pepro-bacs-receipt-upload-for-woocommerce 2.7.0 Reflected.Cross-Site.Scripting MEDIUM" "pull-this No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "parallax-slider-block 1.2.6 Author+.Stored.XSS MEDIUM" "progressive-license No.known.fix CSRF.to.Stored.XSS MEDIUM" "perfect-survey 1.5.2 Unauthorised.AJAX.Call.to.Stored.XSS./.Survey.Settings.Update HIGH" "perfect-survey 1.5.2 Reflected.Cross-Site.Scripting HIGH" "perfect-survey 1.5.2 Unauthenticated.SQL.Injection HIGH" "perfect-survey No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "postaffiliatepro 1.26.10 Admin+.Stored.XSS LOW" "picture-gallery No.known.fix Unauthenticated.Stored.XSS HIGH" "picture-gallery 1.5.20 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "picture-gallery 1.5.23 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.videowhisper_picture_upload_guest.Shortcode MEDIUM" "picture-gallery 1.5.12 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "picture-gallery 1.4.4 Authenticated.Stored.XSS LOW" "pardakht-delkhah 2.9.9 Form.Fields.Reset.via.CSRF MEDIUM" "pardakht-delkhah 2.9.3 Unauthenticated.Stored.XSS HIGH" "portfolio-filter-gallery 1.6.5 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "portfolio-filter-gallery 1.5.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "participants-database 2.5.9.3 Unauthenticated.PHP.Object.Injection HIGH" "participants-database 2.5.6 Missing.Authorization MEDIUM" "participants-database 1.9.5.6 Authenticated.Time.Based.SQL.Injection HIGH" "participants-database 1.7.5.10 Cross-Site.Scripting MEDIUM" "participants-database 1.5.4.9 Unauthenticated.SQL.Injection CRITICAL" "policy-genius No.known.fix Reflected.XSS HIGH" "pricer-ninja-pricing-tables No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "prdctfltr 8.2.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "play-ht No.known.fix Missing.Authorization MEDIUM" "play-ht No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "play-ht No.known.fix Missing.Authorization MEDIUM" "play-ht No.known.fix Cross-Site.Request.Forgery MEDIUM" "pie-calendar 1.2.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.piecal.Shortcode MEDIUM" "promotion-slider No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "pop-over-xyz No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pop-over-xyz No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "page-and-post-lister No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Deletion MEDIUM" "pinterest-pin-it-button-on-image-hover-and-post 3.4 Subscriber+.Arbitrary.Settings.Update MEDIUM" "post-carousel-slider-for-elementor 1.6.0 Contributor+.Stored.XSS MEDIUM" "portfolio-and-projects No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "post-page-notes No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "project-status No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "payplus-payment-gateway 7.0.8 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "payplus-payment-gateway 6.6.9 Reflected.Cross-Site.Scripting MEDIUM" "payplus-payment-gateway 6.6.9 Unauthenticated.SQLi HIGH" "popup-modal-for-youtube No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "pagerestrict No.known.fix Unauthenticated.Protected.Post.Access MEDIUM" "pagerestrict No.known.fix Cross-Site.Request.Forgery.via.pr_admin_page MEDIUM" "pdf-rechnungsverwaltung No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "postmash No.known.fix Reflected.Cross-Site.Scripting.via.m MEDIUM" "postmash No.known.fix Unauthenticated.SQL.Injection CRITICAL" "process-steps-template-designer 1.3 CSRF.to.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "preloader-for-divi 1.5 Reflected.Cross-Site.Scripting MEDIUM" "preloader-for-divi 1.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "post-grid-carousel-ultimate 1.7 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "post-grid-carousel-ultimate 1.7 Authenticated.(Contributor+).Local.File.Inclusion.via.post_type_ajax_handler() HIGH" "post-grid-carousel-ultimate 1.7 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "post-grid-carousel-ultimate 1.6.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-grid-carousel-ultimate 1.6.8 Authenticated.(Contributor+).PHP.Object.Injection.in.outpost_shortcode_metabox_markup HIGH" "post-grid-carousel-ultimate 1.5.0 Admin+.Stored.XSS LOW" "private-google-calendars 20240106 Contributor+.Stored.XSS MEDIUM" "popup-surveys No.known.fix Missing.Authorization MEDIUM" "price-calc No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "pie-register-premium 3.8.3.3 Authenticated.(Subscriber+).Limited.File.Deletion MEDIUM" "pie-register-premium 3.8.3.3 Missing.Authorization MEDIUM" "pie-register-premium 3.8.3.3 Unauthenticated.Arbitrary.File.Upload CRITICAL" "pie-register-premium 3.8.3.3 Unauthenticated.Cross-Site.Scripting MEDIUM" "pie-register-premium 3.8.3.3 Missing.Authorization MEDIUM" "pedalo-connector No.known.fix Authentication.Bypass.to.Administrator CRITICAL" "powerpack-elements 2.10.15 Contributor+.Privilege.Escalation HIGH" "powerpack-elements 2.10.18 Authenticated.(Contributor+).Privilege.Escalation HIGH" "powerpack-elements 2.10.8 Missing.Authorization.to.Settings.Reset HIGH" "powerpack-elements 2.10.8 Cross-Site.Request.Forgery.to.Plugin.Settings.Modification.and.Cross-Site.Scripting MEDIUM" "powerpack-elements 2.9.24 Reflected.Cross-Site.Scripting MEDIUM" "prenotazioni No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "product-blocks 4.2.5 Missing.Authorization MEDIUM" "product-blocks 3.1.5 PHP.Object.Injection.via.wopb_wishlist.and.wopb_compare CRITICAL" "product-blocks 3.0.0 Missing.Authorization.via.option_data_save MEDIUM" "plausible-analytics 1.3.4 Reflected.XSS HIGH" "plausible-analytics 1.2.4 Subscriber+.Arbitrary.Settings.Update MEDIUM" "plausible-analytics 1.2.3 Admin+.Stored.Cross-Site.Scripting MEDIUM" "profilepro No.known.fix Subscriber+.Stored.Cross.Site.Scripting HIGH" "premium-seo-pack 1.6.002 Authenticated.(Contributor+).SQL.Injection MEDIUM" "premium-seo-pack No.known.fix Unauthenticated.Information.Exposure MEDIUM" "polldaddy No.known.fix Cross-Site.Request.Forgery MEDIUM" "polldaddy 3.1.0 Reflected.Cross-Site.Scripting HIGH" "polldaddy 3.1.0 Rating.Update.via.CSRF MEDIUM" "polldaddy 3.0.10 Contributor+.Rating.Settings.Update MEDIUM" "polldaddy 3.0.8 Reflected.Cross-Site.Scripting MEDIUM" "property-hive-stamp-duty-calculator 1.0.23 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-in-page-for-elementor 1.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "prettyphoto No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.url.Parameter MEDIUM" "pdq-csv 2.0.0 Admin+.Stored.Cross-Site.Scripting LOW" "persian-woocommerce 9.0.0 Missing.Authorization MEDIUM" "persian-woocommerce 5.9.8 Reflected.Cross-Site.Scripting MEDIUM" "people-lists 2.0.0 Missing.Authorization MEDIUM" "pressference-exporter No.known.fix Authenticated.(Administrator+).SQL.Injection HIGH" "popcashnet-code-integration-tool 1.1 Cross-Site.Scripting.(XSS) MEDIUM" "permalink-manager-pro 2.2.15 Reflected.Cross-Site.Scripting MEDIUM" "payment-page 1.2.9 Reflected.Cross-Site.Scripting MEDIUM" "payment-page 1.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "paypal-express-checkout No.known.fix Cross-Site.Request.Forgery MEDIUM" "pocket-widget No.known.fix Admin+.Stored.XSS LOW" "post-saint No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "powerpack-lite-for-elementor 2.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "powerpack-lite-for-elementor 2.8.2 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "powerpack-lite-for-elementor 2.7.21 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Link.Effects.Widget MEDIUM" "powerpack-lite-for-elementor 2.7.20 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "powerpack-lite-for-elementor 2.7.19 Contributor+.Stored.XSS MEDIUM" "powerpack-lite-for-elementor 2.7.18 Contributor+.Stored.XSS MEDIUM" "powerpack-lite-for-elementor 2.7.16 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "powerpack-lite-for-elementor 2.7.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "powerpack-lite-for-elementor 2.7.14 Settings.Reset/Update.via.CSRF MEDIUM" "powerpack-lite-for-elementor 2.6.2 Reflected.Cross-Site.Scripting HIGH" "powerpack-lite-for-elementor 2.3.2 Contributor+.Stored.XSS MEDIUM" "page-or-post-clone 6.1 Insecure.Direct.Object.Reference.to.Authenticated.(Author+).Sensitive.Information.Exposure MEDIUM" "png-to-jpg 4.1 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "post-carousel 3.0.1 Editor+.Stored.XSS LOW" "post-carousel 2.4.28 Editor+.Stored.XSS LOW" "post-carousel 2.4.19 Contributor+.Stored.XSS MEDIUM" "post-carousel 2.3.5 CSRF.Bypass./.Unauthorised.AJAX.Calls MEDIUM" "planyo-online-reservation-system No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "password-protect-plugin-for-wordpress No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "posts-and-products-views 2.1.1 Contributor+.Stored.XSS MEDIUM" "paypal-gift-certificate No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting.via.wpppgc_plugin_options MEDIUM" "post-index No.known.fix CSRF.to.Stored.XSS HIGH" "portfolio-manager-powered-by-behance No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "portfolio-manager-powered-by-behance No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "porsline No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "premmerce-woocommerce-variation-swatches 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-variation-swatches 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "premmerce-woocommerce-variation-swatches 1.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "pootle-button No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pootle-button 1.2.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "ppo-call-to-actions No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "post-layouts No.known.fix Contributor+.Stored.XSS MEDIUM" "pdf-generator-for-wp 1.1.2 Reflected.XSS HIGH" "product-designer 1.0.37 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "product-designer 1.0.34 Unauthenticated.Arbitrary.Attachment.Deletion MEDIUM" "product-designer 1.0.33 Unauthenticated.PHP.Object.Injection CRITICAL" "portfolio-wp 2.1.0 Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "password-for-wp 1.6 Stored.XSS.via.CSRF HIGH" "profilepress-pro 4.11.2 Pro.<.4.11.2.-.Authentication.Bypass HIGH" "private-only No.known.fix CSRF.&.XSS HIGH" "post-lockdown 4.0.3 Missing.Authorization.to.Authenticated.(Subscriber+).Post.Disclosure MEDIUM" "podiant No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "photo-gallery-pearlbells No.known.fix Cross-Site.Request.Forgery.to.Privilege.Escalation MEDIUM" "parcel-tracker-ecourier 1.0.2 Plugin's.Settings.Update.via.CSRF MEDIUM" "primary-addon-for-elementor 1.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "primary-addon-for-elementor 1.6.3 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "primary-addon-for-elementor 1.5.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "primary-addon-for-elementor 1.5.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "primary-addon-for-elementor 1.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Pricing.Table.Widget MEDIUM" "primary-addon-for-elementor 1.5.3 Reflected.Cross-Site.Scripting MEDIUM" "primary-addon-for-elementor 1.5.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "php-everywhere 3.0.0 Contributor+.RCE.via.Metabox CRITICAL" "php-everywhere 3.0.0 Subscriber+.RCE.via.Shortcode CRITICAL" "php-everywhere 3.0.0 Contributor+.RCE.via.Gutenberg.Block CRITICAL" "php-everywhere 2.0.3 Arbitrary.Settings.Update.via.CSRF MEDIUM" "premmerce-woocommerce-product-filter 3.7.3 Missing.Authorization MEDIUM" "premmerce-woocommerce-product-filter 3.7.2 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-product-filter 3.6.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "premmerce-woocommerce-product-filter 3.2 Subscriber+.Arbitrary.Option.Update CRITICAL" "parsian-bank-gateway-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting HIGH" "postify-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pakkelabels-for-woocommerce 5.0.4 Missing.Authorization.to.Authenticated.(Customer+).Information.Disclosure MEDIUM" "premmerce-woocommerce-toolkit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-toolkit No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "popup-maker 1.20.3 Contributor+.Stored.XSS MEDIUM" "popup-maker 1.20.3 Contributor+.Stored.XSS MEDIUM" "popup-maker 1.20.0 Missing.Authorization MEDIUM" "popup-maker 1.19.1 Contributor+.Stored.XSS MEDIUM" "popup-maker 1.19.1 Admin+.Stored.XSS LOW" "popup-maker 1.18.3 Contributor+.Stored.XSS MEDIUM" "popup-maker 1.16.11 Contributor+.Stored.Cross.Site.Scripting MEDIUM" "popup-maker 1.16.9 Contributor+.Stored.XSS.via.Subscription.Form MEDIUM" "popup-maker 1.16.9 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "popup-maker 1.16.5 Admin+.Stored.Cross-Site.Scripting LOW" "popup-maker 1.8.13 Multiple.Vulnerabilities CRITICAL" "popup-maker 1.8.3 Subscriber+.Arbitrary.Option.Update CRITICAL" "popup-maker 1.6.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "product-delivery-date 1.1.5 Reflected.Cross-Site.Scripting MEDIUM" "pluginpass-pro-plugintheme-licensing No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "platformly-for-woocommerce 1.1.7 Unauthenticated.Blind.Server-Side.Request.Forgery MEDIUM" "push-notification-for-post-and-buddypress 2.12 Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "push-notification-for-post-and-buddypress 2.08 Reflected.Cross-Site.Scripting MEDIUM" "push-notification-for-post-and-buddypress 1.9.4 Multiple.Unauthenticated.SQLi HIGH" "pay-addons-for-elementor 1.2.1 Reflected.Cross-Site.Scripting MEDIUM" "postcasa No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "plms No.known.fix Authenticated.(Salesman+).Arbitrary.File.Upload HIGH" "post-custom-templates-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "page-and-post-restriction 1.3.7 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "page-and-post-restriction 1.3.5 Unauthenticated.Protected.Post.Access MEDIUM" "page-and-post-restriction 1.2.7 Admin+.Stored.Cross-Site.Scripting LOW" "protected-page No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "protected-page No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pdf-for-woocommerce 4.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pmpro-mailchimp 2.3.5 Unauthenticated.Information.Disclosure MEDIUM" "paygreen-payment-gateway 1.0.27 Reflected.Cross-Site.Scripting MEDIUM" "post-pay-counter 2.790 Reflected.XSS HIGH" "post-pay-counter 2.731 PHP.Obj.Injection.&.Access.Control.Issues CRITICAL" "pwa-for-wp 1.7.73 Missing.Authorization MEDIUM" "pwa-for-wp 1.7.72 PWA.For.WP.&.AMP.<.1,7,72.Administrator+.Stored.XSS LOW" "pwa-for-wp 1.7.33 Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "pwa-for-wp 1.7.33 Authenticated.(Subscriber+).Settings.Change MEDIUM" "pmpro-register-helper 1.8.1 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "publishpress-authors 4.7.4 Authenticated.(Administrator+).SQL.Injection MEDIUM" "publishpress-authors 4.7.2 Insecure.Direct.Object.Reference.to.Authenticated.(Author+).Arbitrary.User.Email.Update.and.Account.Takeover HIGH" "post-views-stats No.known.fix Reflected.Cross-Site.Scripting.via.from.and.to MEDIUM" "popup-seo-optimized No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "particle-background No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pricing-table-addon-for-elementor No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "product-shipping-countdown-free-version No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "product-shipping-countdown-free-version No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "phzoom No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "post-title-counter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pta-member-directory 1.8.0 Missing.Authorization MEDIUM" "php-execution-plugin No.known.fix Settings.Update.via.CSRF HIGH" "photoblocks-grid-gallery 1.3.0 Reflected.Cross-Site.Scripting MEDIUM" "photoblocks-grid-gallery 1.2.9 Cross-Site.Request.Forgery MEDIUM" "photoblocks-grid-gallery 1.2.7 Contributor+.Stored.XSS MEDIUM" "photoblocks-grid-gallery 1.2.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "photoblocks-grid-gallery 1.2.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "photoblocks-grid-gallery 1.1.43 Authenticated.Reflected.XSS HIGH" "photoblocks-grid-gallery 1.1.41 Unauthenticated.Reflected.XSS MEDIUM" "post-type-modifier-simple 1.04 Reflected.Cross-Site.Scripting MEDIUM" "passwordless-wp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pdf-poster 2.1.22 Arbitrary.JavaScript.Execution MEDIUM" "pdf-poster 2.1.18 PDF.Embedder.Plugin.for.WordPress.<.2.1.18.-.Reflected.Cross-Site.Scripting MEDIUM" "page-loading-effects 3.0.0 Admin+.Stored.XSS LOW" "pagepost-specific-social-share-buttons No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "popup4phone No.known.fix Unauthenticated.Stored.XSS HIGH" "popup4phone No.known.fix Editor+.Stored.XSS LOW" "pjw-mime-config No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "product-lister-ebay No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "product-specifications 0.7.0 Reflected.Cross-Site.Scripting HIGH" "phoenix-media-rename 3.4.4 Author.Arbitrary.Media.File.Renaming MEDIUM" "page-layout-builder No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "premmerce 1.3.18 Reflected.Cross-Site.Scripting MEDIUM" "premmerce 1.3.17 Cross-Site.Request.Forgery MEDIUM" "premmerce 1.3.16 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "premmerce-woocommerce-wishlist 1.1.10 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-wishlist 1.1.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "premmerce-woocommerce-wishlist 1.1.2 Subscriber+.Arbitrary.Option.Update CRITICAL" "preprocess-dezrez No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "preprocess-dezrez No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "premmerce-woocommerce-product-bundles No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-product-bundles No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "platformly 1.14 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "page-visit-counter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "page-visit-counter No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "protect-uploads-with-login-page No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "protect-uploads-with-login-page No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "panda-pods-repeater-field 1.5.4 Reflected.XSS HIGH" "promolayer-popup-builder 1.1.1 Missing.Authorization MEDIUM" "paypal-responder No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "push-notification-for-wp-by-pushassist No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "push-notification-for-wp-by-pushassist No.known.fix Reflected.Cross-Site.Scripting HIGH" "podlove-subscribe-button 1.3.11 Authenticated.(Contributor+).SQL.Injection HIGH" "podlove-subscribe-button 1.3.9 Multiple.CSRF MEDIUM" "podlove-subscribe-button 1.3.9 Admin+.Stored.XSS LOW" "page-specific-sidebars No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "pirate-forms 2.6.0 Admin+.Stored.XSS LOW" "pirate-forms 2.6.0 Admin+.Stored.XSS LOW" "pirate-forms 2.6.1 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "pirate-forms 2.5.2 HTML.Injection.&.CSRF MEDIUM" "paytm-payments 2.7.7 Editor+.SQLi MEDIUM" "payment-form-for-paypal-pro 1.1.73 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "payment-form-for-paypal-pro 1.1.65 Unauthenticated.SQL.Injection CRITICAL" "payment-form-for-paypal-pro 1.0.2 Multiple.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "password-protected-woo-store 2.3 Unauthenticated.Arbitrary.Post.Tile.&.Content.Access MEDIUM" "product-filter-for-woocommerce-product No.known.fix Unauthenticated.SQLi HIGH" "pardot 2.1.1 Missing.Authorization MEDIUM" "pearl-header-builder No.known.fix Missing.Authorization MEDIUM" "pearl-header-builder No.known.fix Cross-Site.Request.Forgery MEDIUM" "pearl-header-builder 1.3.9 Cross-Site.Request.Forgery.to.Header.Deletion MEDIUM" "pearl-header-builder 1.3.8 Missing.Authorization.to.Unauthenticated.Arbitrary.Site.Options.Deletion MEDIUM" "pearl-header-builder 1.3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "pearl-header-builder 1.3.5 CSRF MEDIUM" "pages-order No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "persian-fonts No.known.fix Admin+.Stored.XSS LOW" "pcloud-backup No.known.fix Missing.Authorization MEDIUM" "product-table No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "product-table No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "paid-member-subscriptions 2.14.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "paid-member-subscriptions 2.13.8 Authentication.Bypass.via.pms_payment_id CRITICAL" "paid-member-subscriptions 2.13.5 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "paid-member-subscriptions 2.13.1 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "paid-member-subscriptions 2.12.9 Reflected.Cross-Site.Scripting MEDIUM" "paid-member-subscriptions 2.11.1 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "paid-member-subscriptions 2.11.2 Missing.Authorization.via.creating_pricing_table_page MEDIUM" "paid-member-subscriptions 2.11.2 Missing.Authorization.via.pms_stripe_connect_handle_authorization_return MEDIUM" "paid-member-subscriptions 2.10.5 Cross-Site.Request.Forgery.via.ajax_add_log_entry MEDIUM" "paid-member-subscriptions 2.4.2 Authenticated.SQL.Injection MEDIUM" "paid-member-subscriptions 2.4.2 Reflected.Cross-Site.Scripting.(XSS) HIGH" "pgall-for-woocommerce 5.2.2 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "pgall-for-woocommerce 5.2.3 Reflected.Cross-Site.Scripting.via.add_query_arg.Function MEDIUM" "pgall-for-woocommerce 5.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.pafw_instant_payment.Shortcode MEDIUM" "pdf24-post-to-pdf No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "propertyhive 2.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "propertyhive 2.1.1 Reflected.XSS HIGH" "propertyhive 2.0.20 Cross-Site.Request.Forgery.via.save_account_details HIGH" "propertyhive 2.0.10 Missing.Authorization MEDIUM" "propertyhive 2.0.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "propertyhive 2.0.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "propertyhive 2.0.13 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Deletion MEDIUM" "propertyhive 2.0.9 Reflected.Cross-Site.Scripting MEDIUM" "propertyhive 2.0.10 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "propertyhive 2.0.7 Missing.Authorization.via.activate_pro_feature MEDIUM" "propertyhive 2.0.6 Unauthenticated.PHP.Object.Injection.via.propertyhive_currency HIGH" "propertyhive 1.5.49 Reflected.XSS HIGH" "propertyhive 1.5.47 Reflected.XSS HIGH" "propertyhive 1.4.26 Unvalidated.Input.to.do_action() MEDIUM" "paid-memberships-pro 3.0.6 Authenticated.(Administrator+).SQL.Injection CRITICAL" "paid-memberships-pro 3.0.5 Unauthenticated.Insecure.Direct.Object.Reference.to.Order.Status.Update MEDIUM" "paid-memberships-pro 3.0 Cross-Site.Request.Forgery.to.Membership.Modification MEDIUM" "paid-memberships-pro 3.0.2 Cross-Site.Request.Forgery MEDIUM" "paid-memberships-pro 3.0 Cross-Site.Request.Forgery MEDIUM" "paid-memberships-pro 2.12.9 Contributor+.Arbitrary.User.Custom.Field.Disclosure MEDIUM" "paid-memberships-pro 2.12.8 Cross-Site.Request.Forgery MEDIUM" "paid-memberships-pro 2.12.7 Information.Exposure.in.Debug.Logs MEDIUM" "paid-memberships-pro 2.12.6 Missing.Authorization.via.API MEDIUM" "paid-memberships-pro 2.12.4 Subscriber+.Arbitrary.File.Upload HIGH" "paid-memberships-pro 2.9.12 Subscriber+.SQL.Injection HIGH" "paid-memberships-pro 2.9.9 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "paid-memberships-pro 2.9.8 Unauthenticated.SQLi HIGH" "paid-memberships-pro 2.6.7 Unauthenticated.Blind.SQL.Injection CRITICAL" "paid-memberships-pro 2.6.6 Reflected.Cross-Site.Scripting HIGH" "paid-memberships-pro 2.5.10 Cross-Site.Scripting.(XSS) MEDIUM" "paid-memberships-pro 2.5.6 Authenticated.SQL.Injection MEDIUM" "paid-memberships-pro 2.5.3 Unauthorised.Order.Information.Disclosure MEDIUM" "paid-memberships-pro 2.5.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "paid-memberships-pro 2.4.3 Arbitrary.Settings.Update.via.CSRF MEDIUM" "paid-memberships-pro 2.4.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "paid-memberships-pro 2.3.3 Authenticated.SQL.Injection MEDIUM" "paid-memberships-pro 2.0.6 Authenticated.Open.Redirect MEDIUM" "pdf-print 2.0.3 Unauthenticated.Cross-Site-Scripting.(XSS) MEDIUM" "pdf-print 1.9.4 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "piotnet-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "piotnet-addons-for-elementor No.known.fix Contributor+.Stored.XSS MEDIUM" "piotnet-addons-for-elementor 2.4.33 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "piotnet-addons-for-elementor 2.4.32 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.Heading.Widget MEDIUM" "piotnet-addons-for-elementor 2.4.32 Contributor+.Stored.XSS MEDIUM" "piotnet-addons-for-elementor 2.4.31 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "piotnet-addons-for-elementor 2.4.30 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "piotnet-addons-for-elementor 2.4.29 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widget.Attributes HIGH" "piotnet-addons-for-elementor 2.4.28 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "piotnet-addons-for-elementor 2.4.27 Contributor+.Stored.XSS MEDIUM" "piotnet-addons-for-elementor 2.4.26 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "payday No.known.fix Missing.Authorization MEDIUM" "phppoet-checkout-fields 3.5.13 Unauthenticated.Arbitrary.File.Upload CRITICAL" "pop-up No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "pop-up No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "pdf-catalog-woocommerce 3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "product-price-history 2.1.5 Reflected.Cross-Site.Scripting MEDIUM" "project-app No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "podcast-box No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "podcast-box 1.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pdf2post No.known.fix Authenticated.(Subscriber+).Remote.Code.Execution HIGH" "plugins-on-steroids No.known.fix Missing.Authorization MEDIUM" "plugins-on-steroids 4.1.3 Missing.Authorization.via.update_options MEDIUM" "product-slider-for-woocommerce-lite No.known.fix Contributor+.Stored.XSS MEDIUM" "product-slider-for-woocommerce-lite 1.1.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "preloader-plus No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "preloader-plus 2.1 Reflected.Cross-Site.Scripting MEDIUM" "profile-builder 3.13.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "profile-builder 3.13.0 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "profile-builder 3.12.2 Admin+.Stored.Cross.Site.Scripting LOW" "profile-builder 3.11.9 Unauthenticated.Privilege.Escalation CRITICAL" "profile-builder 3.11.8 Unauthenticated.Media.Upload MEDIUM" "profile-builder 3.11.3 Restricted.Email.Bypass MEDIUM" "profile-builder 3.10.9 Missing.Authorization.to.Plugin.Settings.Change.via.wppb_two_factor_authentication_settings_update HIGH" "profile-builder 3.10.8 Contributor+.User.Metadata.Disclosure MEDIUM" "profile-builder 3.10.4 Plugins.Activation/Deactivation.CSRF MEDIUM" "profile-builder 3.9.8 Unauthenticated.Plugin's.Pages.Creation MEDIUM" "profile-builder 3.9.1 Subscriber+.Arbitrary.User.Meta.Disclosure MEDIUM" "profile-builder 3.9.1 Unauthorised.Password.Reset HIGH" "profile-builder 3.6.1 Settings.Import.via.CSRF LOW" "profile-builder 3.6.8 Admin+.Stored.Cross-Site.Scripting LOW" "profile-builder 3.6.2 Reflected.Cross-Site.Scripting MEDIUM" "profile-builder 3.5.1 Reflected.Cross-Site.Scripting MEDIUM" "profile-builder 3.4.9 Admin.Access.via.Password.Reset CRITICAL" "profile-builder 3.4.8 Authenticated.Stored.XSS MEDIUM" "profile-builder 3.3.3 Authenticated.Blind.SQL.Injection MEDIUM" "profile-builder 3.1.1 User.Registration.With.Administrator.Role CRITICAL" "profile-builder 2.5.8 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "profile-builder 2.4.2 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "profile-builder 2.4.1 Privilege.Escalation HIGH" "profile-builder 2.2.5 XSS MEDIUM" "profile-builder 2.1.4 Missing.Access.Controls HIGH" "profile-builder 2.0.3 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "profile-builder 1.1.60 Password.Recovery.Bypass MEDIUM" "profile-builder 1.1.66 Multiple.XSS MEDIUM" "piotnetforms No.known.fix Authenticated.(Editor+).Path.Traversal LOW" "piotnetforms No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "piotnetforms No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "piotnetforms 1.0.30 Missing.Authorization.via.multiple.AJAX.actions MEDIUM" "piotnetforms 1.0.29 Unauthenticated.Arbitrary.File.Upload CRITICAL" "piotnetforms No.known.fix Unauthenticated.Arbitrary.File.Upload HIGH" "post-thumbnail-editor No.known.fix Sensitive.Information.Exposure MEDIUM" "project-panorama-lite No.known.fix Admin+.Stored.XSS LOW" "project-panorama-lite 1.5.1 WordPress.Project.Management.<.1.5.1.-.Admin+.Stored.XSS LOW" "postman-widget No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ps-phpcaptcha 1.2.0 PS.PHPCaptcha.<.1,2,0.-Denial.of.Service CRITICAL" "pepro-ultimate-invoice No.known.fix Insecure.Direct.Object.Reference.to.Unauthenticated.Order.Information.Exposure MEDIUM" "pepro-ultimate-invoice 2.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pepro-ultimate-invoice 2.0.2 Missing.Authorisation MEDIUM" "pepro-ultimate-invoice 1.9.8 Unauthenticated.Arbitrary.Invoice.Access HIGH" "product-expiry-for-woocommerce 2.6 Subscriber+.Settings.Update MEDIUM" "paypal-pay-buy-donation-and-cart-buttons-shortcode No.known.fix Admin+.Stored.XSS LOW" "paypal-pay-buy-donation-and-cart-buttons-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "paypal-pay-buy-donation-and-cart-buttons-shortcode No.known.fix .Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "pray-for-me No.known.fix Settings.Update.via.CSRF MEDIUM" "pray-for-me No.known.fix Unauthenticated.Stored.XSS HIGH" "plenigo No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "payform No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "pb-seo-friendly-images No.known.fix Admin+.Stored.XSS LOW" "primer-mydata 4.2.4 Reflected.Cross-Site.Scripting MEDIUM" "primer-mydata 4.2.2 Reflected.Cross-Site.Scripting MEDIUM" "post-carousel-slider No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "prevent-direct-access 2.8.8.1 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "prevent-direct-access 2.8.8.3 2.8.8.2.-.Incorrect.Authorization.to.Authenticated.(Contributor+).Multiple.Media.Actions MEDIUM" "payment-gateway-for-telcell 2.0.4 Unauthenticated.Open.Redirect MEDIUM" "piwigopress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "print-page 1.0.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "package-quantity-xforwc 1.2.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "plugmatter-optin-feature-box-lite 2.0.14 Unauthenticated.Blind.SQL.Injection CRITICAL" "paypal-promotions-and-insights No.known.fix Missing.Authorization MEDIUM" "post-category-image-with-grid-and-slider 1.4.8 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "passwordless-login 1.1.3 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "pronamic-google-maps 2.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "page-scroll-to-id 1.7.9 Contributor+.Stored.XSS MEDIUM" "page-scroll-to-id 1.7.6 Contributor+.Stored.XSS MEDIUM" "powerpress-multisite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "plugin-central No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Deletion HIGH" "propertyshift No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "padma-advanced 0.0.17 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pdf-light-viewer 1.4.12 Authenticated.Command.Injection LOW" "payment-forms-for-paystack 4.0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "payment-forms-for-paystack 4.0.2 Authenticated.(Administrator+).SQL.Injection MEDIUM" "payment-forms-for-paystack 4.0.0 Contributor+.Stored.XSS MEDIUM" "popularis-extra 1.2.8 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "popularis-extra 1.2.7 Reflected.Cross-Site.Scripting MEDIUM" "powerpack-addon-for-beaver-builder 1.3.1 Reflected.Cross-Site.Scripting.via.Navigate.Parameter MEDIUM" "powerpack-addon-for-beaver-builder 1.3.0.5 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "powerpack-addon-for-beaver-builder 1.3.0.4 Authenticated.(Editor+).Local.File.Inclusion HIGH" "powerpack-addon-for-beaver-builder 1.3.0.1 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.element.link MEDIUM" "powerpack-addon-for-beaver-builder 1.2.9.1 Reflected.Cross-Site.Scripting MEDIUM" "powerpack-addon-for-beaver-builder 1.2.9.3 Reflected.Cross-Site.Scripting MEDIUM" "plugins-list 2.5.1 Admin+.Stored.XSS LOW" "premmerce-woocommerce-multi-currency 2.3.5 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-multi-currency 2.3.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "prevent-landscape-rotation 2.1 Settings.Update.via.CSRF MEDIUM" "photospace No.known.fix Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "photospace No.known.fix Subscriber+.Arbitrary.Settings.Update MEDIUM" "posttabs No.known.fix Arbitrary.Settings.Update.via.CSRF.to.Stored.XSS MEDIUM" "performance-kit No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pagemash No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "print-my-blog 3.27.1 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "print-my-blog 3.26.3 Missing.Authorization MEDIUM" "print-my-blog 3.25.2 Reflected.Cross-Site.Scripting MEDIUM" "print-my-blog 3.11.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "print-my-blog 3.4.2 Plugin.Deactivation.via.CSRF MEDIUM" "print-my-blog 1.6.6 Unauthenticated.Server.Side.Request.Forgery.(SSRF) CRITICAL" "poll-wp 2.4.7 Authenticated.(Administrator+).SQL.Injection.via.'s'.Parameter MEDIUM" "poll-wp 2.4.1 Admin+.SQLi MEDIUM" "poll-wp 2.4.0 Admin+.SQL.Injection MEDIUM" "poll-wp 1.5.9 Reflected.Cross-Site.Scripting HIGH" "poll-wp 1.3.4 Broken.Authentication.and.Missing.Capability.Checks.on.AJAX.calls CRITICAL" "podclankova-inzerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pkt1-centro-de-envios 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "perfmatters 2.1.7 Cross-Site.Request.Forgery MEDIUM" "perfmatters 2.2.0 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "perfmatters 2.1.7 Reflected.Cross-Site.Scripting MEDIUM" "perfmatters 2.1.7 Missing.Authorization MEDIUM" "portfolio-pro No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pinblocks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pinblocks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pro-addons-for-elementor 1.6.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "posts-to-page No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "projecthuddle-child-site 1.0.35 Missing.Authorization.via.ph_child_ajax_notice_handler MEDIUM" "pdfjs-viewer-shortcode 2.2 Arbitrary.JavaScript.Execution MEDIUM" "pdfjs-viewer-shortcode 2.1.8 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "pdfjs-viewer-shortcode 2.0.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "pubsubhubbub 3.2.0 Admin+.Stored.XSS MEDIUM" "penci-data-migrator 1.3.1 Unauthenticated.Local.File.Inclusion CRITICAL" "peepso-photos 6.3.1.0 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "printus-cloud-printing-for-woocommerce 1.2.7 Missing.Authorization MEDIUM" "printus-cloud-printing-for-woocommerce 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "page-health-o-meter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pricing-table-by-supsystic 1.9.13 Admin+.Content.Injection LOW" "pricing-table-by-supsystic 1.9.5 Reflected.Cross-Site.Scripting MEDIUM" "pricing-table-by-supsystic 1.9.0 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "pricing-table-by-supsystic 1.8.9 Authenticated.SQL.Injections CRITICAL" "pricing-table-by-supsystic 1.8.2 Unauthenticated.Stored.XSS HIGH" "pricing-table-by-supsystic 1.8.2 Insecure.Permissions.on.AJAX.Actions HIGH" "pricing-table-by-supsystic 1.8.1 Cross-Site.Request.Forgery.to.XSS.and.Setting.Changes HIGH" "ppv-live-webcams 7.3.12 Authentication.Bypass CRITICAL" "ppv-live-webcams 7.3.1 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "plestar-directory-listing No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "photo-gallery-builder No.known.fix Missing.Authorization MEDIUM" "propovoice-pro No.known.fix Unauthenticated.SQL.Injection CRITICAL" "planning-center-online-giving No.known.fix Contributor+.XSS.via.Shortcode MEDIUM" "personalization-by-flowcraft No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "postman-smtp No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "postmarkapp-email-integrator No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "postmarkapp-email-integrator No.known.fix Missing.Authorization MEDIUM" "pet-manager No.known.fix Contributor+.Stored.XSS MEDIUM" "pet-manager No.known.fix Reflected.XSS HIGH" "plexx-elementor-extension 1.3.7 Contributor+.Stored.XSS MEDIUM" "provide-forex-signals No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pramadillo-activecampaign-email-preference-center 2.0.12 Reflected.Cross-Site.Scripting MEDIUM" "pramadillo-activecampaign-email-preference-center 2.0.10 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "post-types-carousel-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "post-types-carousel-slider 1.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-highlights 2.6.1 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "product-websites-showcase No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "pegapoll No.known.fix Unauthenticated.Arbitrary.Options.Update CRITICAL" "premium-addons-for-elementor 4.10.57 Missing.Authorization LOW" "premium-addons-for-elementor 4.10.61 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.Video.Box.Widget MEDIUM" "premium-addons-for-elementor 4.10.53 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Media.Grid.Widget MEDIUM" "premium-addons-for-elementor 4.10.39 Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.Content.Deletion.and.Arbitrary.Title.Update MEDIUM" "premium-addons-for-elementor 4.10.37 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.Animated.Text.Widget MEDIUM" "premium-addons-for-elementor 4.10.35 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.10.36 Regular.Expressions.Denial.of.Service LOW" "premium-addons-for-elementor 4.10.36 Contributor+.Stored.Cross-Site.Scripting.via.Countdown.Widget MEDIUM" "premium-addons-for-elementor 4.10.34 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.10.32 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Fancy.Text.Widget MEDIUM" "premium-addons-for-elementor 4.10.32 Missing.Authorization.to.Information.Disclosure MEDIUM" "premium-addons-for-elementor 4.10.32 Contributor+.DOM-Based.Stored.Cross-Site.Scripting.via.Global.Tooltip MEDIUM" "premium-addons-for-elementor 4.10.32 Missing.Authorization.to.Information.Disclosure MEDIUM" "premium-addons-for-elementor 4.10.32 Contributor+.Stored.XSS MEDIUM" "premium-addons-for-elementor 4.10.31 Contributor+.Stored.XSS MEDIUM" "premium-addons-for-elementor 4.10.29 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.10.29 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.10.26 Contributor+.Stored.XSS MEDIUM" "premium-addons-for-elementor 4.10.25 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.10.17 Contributor+.Stored.Cross-Site.Scripting.via.Wrapper.Link.Widget MEDIUM" "premium-addons-for-elementor 4.10.28 Contributor+.Stored.Cross-Site.Scripting.via.Button MEDIUM" "premium-addons-for-elementor 4.10.25 Contributor+.DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.10.23 Authenticated.(Contributor+).Sensitive.Information.Exposure MEDIUM" "premium-addons-for-elementor 4.10.24 Contributor+.Stored.XSS MEDIUM" "premium-addons-for-elementor 4.10.22 Contributor+.Stored.XSS MEDIUM" "premium-addons-for-elementor 4.10.19 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.10.19 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.10.17 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.5.2 Subscriber+.Arbitrary.Blog.Option.Update HIGH" "premium-addons-for-elementor 4.2.8 Contributor+.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "pondol-carousel No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "popup-more 2.3.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "popup-more 2.2.5 Admin+.Directory.Traversal.to.Limited.Local.File.Inclusion MEDIUM" "plinks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "power-ups-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "power-ups-for-elementor 1.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pro-links-maintainer-dev No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pro-links-maintainer-dev No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "project-source-code-download No.known.fix Unauthenticated.Backup.Download HIGH" "parcelpanel 4.3.3 Reflected.Cross-Site.Scripting MEDIUM" "parcelpanel 3.9.0 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "plugin-logic 1.0.8 Admin+.SQLi MEDIUM" "proranktracker No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "pdf-for-wpforms 5.3.1 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "pdf-for-wpforms 4.8.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.yeepdf_dotab.Shortcode MEDIUM" "push-monkey-desktop-push-notifications No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "post-thumbs No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "print-o-matic No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "print-o-matic No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "print-o-matic 2.1.8 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "print-o-matic 2.0.3 Admin+.Stored.Cross-Site.Scripting LOW" "product-visibility-by-country-for-woocommerce No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "pdfjs-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "plugnedit 6.2.0 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "pretty-simple-popup-builder 1.0.10 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "pretty-simple-popup-builder 1.0.10 Admin+.Stored.XSS LOW" "pretty-simple-popup-builder 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "pubydoc-data-tables-and-charts No.known.fix Admin+.Stored.XSS MEDIUM" "presto-player 3.0.3 Missing.Authorization MEDIUM" "presto-player 2.2.3 Contributor+.Stored.XSS MEDIUM" "post-grid-elementor-addon 2.0.19 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-grid-elementor-addon 2.0.17 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.title_tag MEDIUM" "product-loops 1.7.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "photoshow 1.0.19 Update/Delete.Google.API.Key.via.CSRF MEDIUM" "peoplepond No.known.fix CSRF.to.Stored.XSS HIGH" "photographer-connections No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pricing-tables-for-wpbakery-page-builder 3.0 Contributor+.Stored.XSS MEDIUM" "pricing-tables-for-wpbakery-page-builder 3.0 Subscriber+.LFI HIGH" "printfriendly 5.5.2 Admin+.Stored.XSS LOW" "printfriendly 5.2.3 Admin+.Stored.Cross-Site.Scripting LOW" "posti-shipping 3.10.4 Cross-Site.Request.Forgery MEDIUM" "posti-shipping 3.10.4 Reflected.Cross-Site.Scripting MEDIUM" "posti-shipping 3.10.3 Full.Path.Disclosure MEDIUM" "postlists No.known.fix Reflected.XSS MEDIUM" "plezi 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "plezi 1.0.3 Unauthenticated.Stored.XSS HIGH" "prime-affiliate-links No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "page-builder-add 1.5.2.1 Authenticated.(Editor+).Local.File.Inlcusion HIGH" "page-builder-add 1.5.1.9 Reflected.Cross-Site.Scripting.via.pageType MEDIUM" "page-builder-add 1.5.1.8 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "page-builder-add 1.5.1.6 Open.Redirect MEDIUM" "page-builder-add 1.5.1.3 Admin+.Stored.XSS LOW" "page-builder-add 1.4.9.9 Contributor+.Cross-Site.Scripting.via.Shortcode MEDIUM" "page-builder-add 1.4.9.6 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "post-status-notifier-lite 1.11.7 Reflected.Cross-Site.Scripting.via.page MEDIUM" "post-status-notifier-lite 1.11.1 Reflected.Cross-Site.Scripting MEDIUM" "post-status-notifier-lite 1.10.1 Reflected.XSS HIGH" "pathomation No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pathomation No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "permalinks-customizer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "payment-gateway-payfabric 1.0.13 Reflected.Cross-Site.Scripting MEDIUM" "payment-gateway-payfabric 1.0.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "private-files No.known.fix Protection.Disabling.via.CSRF MEDIUM" "premmerce-redirect-manager 1.0.12 Admin+.Stored.XSS MEDIUM" "premmerce-redirect-manager 1.0.10 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-redirect-manager 1.0.11 Cross-Site.Request.Forgery MEDIUM" "premmerce-redirect-manager 1.0.12 Admin+.Stored.XSS LOW" "premmerce-redirect-manager 1.0.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "protected-wp-login No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "plerdy-heatmap 1.3.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "product-customizer-light No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "product-delivery-date-for-woocommerce-lite 2.8.1 Lite.<.2.8.1.-.Reflected.Cross-Site.Scripting MEDIUM" "product-delivery-date-for-woocommerce-lite 2.7.4 Reflected.Cross-Site.Scripting MEDIUM" "product-delivery-date-for-woocommerce-lite 2.7.3 Missing.Authorization MEDIUM" "product-delivery-date-for-woocommerce-lite 2.7.1 Missing.Authorization MEDIUM" "pdf-viewer-block 1.0.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "poll-builder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-slider-and-carousel 3.2.1 Reflected.Cross-Site.Scripting MEDIUM" "post-slider-and-carousel 2.1.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pretty-google-calendar 2.0.0 Contributor+.Stored.XSS MEDIUM" "pretty-google-calendar 1.6.0 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.pretty_google_calendar.shortcode MEDIUM" "pilotpress 2.0.31 Subscriber+.Report.Access.&.DB.Transients.Purging MEDIUM" "post-views-counter 1.4.5 Cross-Site.Request.Forgery.via.save_bulk_post_views() MEDIUM" "post-views-counter 1.3.5 Authenticated.Stored.XSS LOW" "profile-widget-ninja No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-type-archive-mapping No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-type-archive-mapping 5.3.0 Missing.Authorization.via.REST.Routes MEDIUM" "porto-functionality 3.1.1 Functionality.<.3.1.1.-.Authenticated.(Contributor+).Local.File.Inclusion.via.Shortcode HIGH" "porto-functionality 3.1.0 Functionality.<.3.1.0.-.Authenticated.(Contributor+).Local.File.Inclusion.via.Post.Meta HIGH" "porto-functionality 2.12.1 Functionality.<.2.12.1.-.Unauthenticated.SQL.Injection CRITICAL" "porto-functionality 2.12.1 Functionality.<.2.12.1.-.Missing.Authorization MEDIUM" "page-parts 1.4.4 Reflected.Cross-Site.Scripting MEDIUM" "posts-search No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "photo-contest No.known.fix CSRF.Bypass MEDIUM" "photo-contest No.known.fix Cross-Site.Request.Forgery MEDIUM" "posten-post-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pafacile No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "perelandra-sermons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "perelandra-sermons No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "perelandra-sermons No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "podcast-channels 0.28 Unauthenticated.Reflected.XSS MEDIUM" "print-science-designer No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "print-science-designer No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "print-science-designer 1.3.153 Unauthenticated.PHP.Object.Injection HIGH" "product-tabs-for-woocommerce 1.7.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pootle-page-builder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pootle-page-builder No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pootle-page-builder 5.7.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pre-orders-for-woocommerce 1.2.14 Contributor+.Stored.XSS MEDIUM" "pz-linkcard 2.5.3 Admin+.Stored.XSS LOW" "pz-linkcard 2.5.3 Contributor+.SSRF LOW" "pz-linkcard 2.5.3 Reflected.XSS HIGH" "pz-linkcard 2.5.3 Caching.Management.via.CSRF MEDIUM" "pz-linkcard 2.4.5.3 Reflected.Cross-Site.Scripting MEDIUM" "profile-extra-fields 1.2.8 Unauthenticated.Sensitive.Data.Disclosure MEDIUM" "profile-extra-fields 1.2.4 Reflected.Cross-Site.Scripting HIGH" "profile-extra-fields 1.0.7 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "premium-blocks-for-gutenberg 2.1.43 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "premium-blocks-for-gutenberg 2.1.34 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "premium-blocks-for-gutenberg 2.1.28 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-to-google-my-business 3.1.14 Reflected.Cross-Site.Scripting MEDIUM" "post-to-google-my-business 3.0.10 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "portable-phpmyadmin No.known.fix /pma/phpinfo.php.Direct.Request.System.Information.Disclosure CRITICAL" "portable-phpmyadmin No.known.fix Multiple.Script.Direct.Request.Authentication.Bypass CRITICAL" "portugal-ctt-tracking-woocommerce 2.2 Reflected.Cross-Site.Scripting MEDIUM" "pin-generator No.known.fix Missing.Authorization MEDIUM" "publish-post-email-notification 1.0.2.4 Cross-Site.Request.Forgery MEDIUM" "publish-post-email-notification 1.0.2.3 Admin+.Stored.XSS LOW" "post-and-page-builder 1.27.7 Path.Traversal.to.Authenticated.(Contributor+).Arbitrary.File.Read.via.template_via_url.Function MEDIUM" "post-and-page-builder 1.27.6 Contributor+.Stored.XSS MEDIUM" "post-and-page-builder 1.26.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.File.Upload MEDIUM" "post-and-page-builder 1.26.5 Authenticated.(Contributer+).Stored.Cross-Site.Scripting MEDIUM" "post-and-page-builder 1.26.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-and-page-builder 1.24.2 Editor.Settings.Update.via.CSRF MEDIUM" "peekaboo No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pie-forms-for-wp 1.5 Reflected.Cross-Site.Scripting MEDIUM" "pie-forms-for-wp 1.4.9.4 Admin+.Stored.Cross-Site.Scripting LOW" "photoxhibit No.known.fix Reflected.XSS.Issues MEDIUM" "pixproof No.known.fix Missing.Authorization MEDIUM" "powies-whois 0.9.33 Authenticated.Stored.Cross-Site.Scripting LOW" "pripre No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "peters-custom-anti-spam-image 3.2.4 Cross-Site.Request.Forgery.via.cas_register_post.Function MEDIUM" "peters-custom-anti-spam-image 3.2.3 Reflected.XSS HIGH" "portfolleo No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "pollin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pollin No.known.fix Authenticated.(Admin+).SQL.Injection MEDIUM" "parallaxer-lite-parallax-effects-on-images No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "product-filter-widget-for-elementor 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "posts-for-page No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pie-register 3.8.4.1 Sensitive.Information.Exposure.via.Log.Files MEDIUM" "pie-register 3.8.3.5 Basic.<=.3.8.3.4.-.Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Plugin.Installation.and.Activation/Deactivation HIGH" "pie-register 3.8.3.3 Unauthenticated.Arbitrary.File.Upload HIGH" "pie-register 3.8.2.3 Open.Redirect MEDIUM" "pie-register 3.8.1.3 Unauthenticated.Arbitrary.User.Deletion HIGH" "pie-register 3.7.2.4 Open.Redirect MEDIUM" "pie-register 3.1.7.6 Unauthenticated.Arbitrary.Login CRITICAL" "pie-register 3.7.1.6 Unauthenticated.SQL.Injection HIGH" "pie-register 3.7.0.1 Reflected.Cross-Site.Scripting.(XSS) HIGH" "pie-register 3.1.2 SQL.Injection CRITICAL" "pie-register 3.0.18 Unauthenticated.Cross-Site.Scripting.(XSS) CRITICAL" "poptin 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "product-code-for-woocommerce 1.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pretty-url No.known.fix Cross-Site.Request.Forgery MEDIUM" "pretty-url No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pretty-url No.known.fix Admin+.Stored.XSS.in.plugin.settings LOW" "product-input-fields-for-woocommerce 1.12.1 Unauthenticated.Limited.File.Upload HIGH" "product-input-fields-for-woocommerce 2.0 .Contributor+.Arbitrary.File.Read MEDIUM" "product-input-fields-for-woocommerce 1.8.0 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "product-input-fields-for-woocommerce 1.2.7 Unauthenticated.File.Download HIGH" "portfolio-builder-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pcrecruiter-extensions 1.4.23 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pixelstats No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "photography-portfolio 1.4.9 Reflected.Cross-Site.Scripting MEDIUM" "prepost-seo No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "post-by-email No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pie-register-social-site 1.8 Authentication.Bypass.via.WordPress.com.OAuth.provider HIGH" "pie-register-social-site 1.7.8 Social.Sites.Login.(Add.on).<.1.7.8.-.Unauthenticated.Privilege.Escalation CRITICAL" "proofreading 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "proofreading 1.1 Reflected.XSS HIGH" "posts-filter No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "popups 1.8 Reflected.Cross-Site.Scripting MEDIUM" "popups No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "platinum-seo-pack No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "portfolio-gallery 2.1.11 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "powerkit 2.9.2 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "powerkit 2.5.9 Post.Views.Settings.Update/Reset.via.CSRF MEDIUM" "paritypress 1.0.1 Admin+.Stored.XSS LOW" "perfect-portal-widgets 3.0.4 Contributor+.Stored.XSS MEDIUM" "processing-projects No.known.fix Authenticated.(Shop.Manager+).Arbitrary.File.Upload HIGH" "processing-projects No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pretty-grid 1.0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "property-hive-mortgage-calculator 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.price.Parameter MEDIUM" "pdf-image-generator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "post-status-notifier 1.11.7 Reflected.Cross-Site.Scripting.via.page MEDIUM" "payment-gateway-stripe-and-woocommerce-integration 3.8.0 Unauthenticated.SQL.Injection CRITICAL" "payment-gateway-stripe-and-woocommerce-integration 3.8.0 Unauthenticated.WC.Order.Status.Update MEDIUM" "payment-gateway-stripe-and-woocommerce-integration 3.7.8 Authentication.Bypass HIGH" "payment-gateway-stripe-and-woocommerce-integration 3.6.0 Reflected.Cross-Site.Scripting.(XSS) HIGH" "post-duplicator 2.36 Missing.Authorization MEDIUM" "post-duplicator 2.37 Authenticated.(Contributor+).Protected.Post.Disclosure MEDIUM" "post-duplicator 2.32 Missing.Authorization.via.mtphr_duplicate_post MEDIUM" "post-duplicator 2.27 Admin+.Stored.Cross-Site.Scripting LOW" "page-builder-by-azexo No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "page-builder-by-azexo No.known.fix Cross-Site.Request.Forgery.(CSRF).to.Stored.XSS MEDIUM" "page-builder-by-azexo No.known.fix Contributor+.Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "page-builder-by-azexo No.known.fix Subscriber+.Post.Creation MEDIUM" "protect-admin-account 2.0.2 Reflected.Cross-Site.Scripting MEDIUM" "post-indexer 3.0.6.2 PHP.Object.Injection.via.MitM HIGH" "post-indexer 3.0.6.2 Authenticated.SQL.Injection HIGH" "prevent-content-copy-image-save No.known.fix CSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "pretty-link 3.6.3 Reflected.Cross-Site.Scripting.via.post_status HIGH" "pretty-link 3.6.4 Plugin.Settings.Update.via.CSRF MEDIUM" "pretty-link 3.4.1 Link.Visit.Stats.Clear.via.CSRF MEDIUM" "pretty-link 2.1.10 Stored.XSS.and.CSV.Injection HIGH" "pretty-link 1.6.8 Authenticated.SQL.Injection MEDIUM" "php-to-page No.known.fix Authenticated.(Subscriber+).Local.File.Inclusion.to.Remote.Code.Execution.via.Shortcode CRITICAL" "publish-to-schedule 4.5.5 Admin+.Stored.XSS LOW" "pdf-viewer-by-themencode 3.2.0 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "pdf-viewer-by-themencode 2.9.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "payhere-payment-gateway 2.2.12 Unauthenticated.Log.Data.Disclosure MEDIUM" "preview-link-generator 1.0.4 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "planaday-api 11.5 Reflected.Cross-Site.Scripting MEDIUM" "podcast-importer-secondline 1.3.8 Admin+.SQLi MEDIUM" "podcast-importer-secondline 1.1.5 Server-Side.Request.Forgery.(SSRF) MEDIUM" "pricing-deals-for-woocommerce No.known.fix Missing.Authorization.via.vtprd_ajax_clone_rule MEDIUM" "pricing-deals-for-woocommerce 2.0.3 Unauthenticated.SQLi HIGH" "payment-gateway-groups-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "payment-gateway-groups-for-woocommerce 1.1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "parsi-font 4.3 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "phone-orders-for-woocommerce 3.7.2 Subscriber+.Sensitive.Data.Exposure MEDIUM" "pojo-forms 1.4.8 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution.via.form_preview_shortcode MEDIUM" "popup-maker-wp 1.3.7 Subscriber+.Stored.XSS HIGH" "print-google-cloud-print-gcp-woocommerce 4.5.4 Missing.Authorization.via.showTemplatePreview() MEDIUM" "print-google-cloud-print-gcp-woocommerce 4.5.6 Cross-Site.Request.Forgery.to.Cross-Site.Scripting.via.process.php MEDIUM" "print-google-cloud-print-gcp-woocommerce 4.5.4 Unauthenticated.WC.Order.Data.Access MEDIUM" "print-google-cloud-print-gcp-woocommerce 4.5.4 Printer.Settings.Update.via.CSRF MEDIUM" "post-smtp 3.1.3 Authenticated.(Administrator+).SQL.Injection.via.columns.Parameter MEDIUM" "post-smtp 3.1.0 Unauthenticated.Stored.XSS HIGH" "post-smtp 2.9.12 Missing.Authorization.via.regenerate_qrcode() MEDIUM" "post-smtp 2.9.10 Admin+.SQLi MEDIUM" "post-smtp 2.9.4 Administrator+.SQL.Injection MEDIUM" "post-smtp 2.8.8 Authorization.Bypass.via.type.connect-app.API CRITICAL" "post-smtp 2.8.8 Unauthenticated.Stored.Cross-Site.Scripting.via.device HIGH" "post-smtp 2.8.7 Reflected.Cross-Site.Scripting HIGH" "post-smtp 2.8.7 Admin+.SQL.Injection MEDIUM" "post-smtp 2.7.1 Unauthenticated.Cross-site.Scripting HIGH" "post-smtp 2.6.1 Authenticated.(Administrator+).SQL.Injection HIGH" "post-smtp 2.5.8 Reflected.Cross-Site.Scripting MEDIUM" "post-smtp 2.5.8 Unauthenticated.Stored.Cross-Site.Scripting.via.Email.Contents HIGH" "post-smtp 2.5.7 Account.Takeover.via.CSRF MEDIUM" "post-smtp 2.5.7 Arbitrary.Log.Deletion.via.CSRF MEDIUM" "post-smtp 2.1.7 Admin+.Blind.SSRF LOW" "post-smtp 2.1.4 Admin+.Stored.Cross-Site.Scripting LOW" "post-smtp 2.0.21 CSRF.Nonce.Bypass MEDIUM" "premium-addons-pro 2.9.14 Contributor+.Stored.XSS MEDIUM" "premium-addons-pro 2.9.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Premium.Magic.Scroll.Module MEDIUM" "premium-addons-pro 2.9.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Messenger.Chat.Widget MEDIUM" "premium-addons-pro 2.9.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multi.Scroll.Widget MEDIUM" "premium-addons-pro 2.9.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Global.Badge.Module MEDIUM" "premium-addons-pro 2.9.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Custom.Mouse.Cursor.Module MEDIUM" "premium-addons-pro 2.9.13 .Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.widget.link MEDIUM" "premium-addons-pro 2.8.25 Reflected.XSS HIGH" "pricing-tables-for-visual-composer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wdo_pricing_tables.Shortcode MEDIUM" "privy-crm-integration No.known.fix Missing.Authorization MEDIUM" "pdf-thumbnail-generator 1.4 Reflected.Cross-Site.Scripting MEDIUM" "partdo-core No.known.fix Reflected.Cross-Site.Scripting HIGH" "payments-stripe-gateway No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "payments-stripe-gateway No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "payments-stripe-gateway 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "packlink-pro-shipping 3.4.7 Missing.Authorization MEDIUM" "ptypeconverter No.known.fix Authenticated.(Editor+).SQL.Injection HIGH" "pagemanager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "patron-button-and-widgets-by-codebard No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "patron-button-and-widgets-by-codebard 2.2.0 Cross-Site.Request.Forgery MEDIUM" "patron-button-and-widgets-by-codebard 2.2.0 Reflected.XSS MEDIUM" "patron-button-and-widgets-by-codebard 2.1.9 Reflected.XSS HIGH" "plugin-groups 2.0.7 Missing.Authorization.to.Unauthenticated.Denial.of.Service MEDIUM" "page-studio-lite No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "page-studio-lite No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "post-to-csv 1.4.1 Author+.CSV.Injection MEDIUM" "post-to-csv 1.3.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "premmerce-user-roles 1.0.13 Missing.Authorization.via.role.management.functions HIGH" "premmerce-user-roles 1.0.12 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-user-roles 1.0.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "premium-blog-addons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "podpress 8.8.10.17 players/1pixelout/1pixelout_player.swf.playerID.Parameter.XSS MEDIUM" "propovoice No.known.fix Unauthenticated.Insecure.Direct.Object.Reference MEDIUM" "propovoice 1.7.6.3 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "product-recommendation-quiz-for-ecommerce 2.1.2 Missing.Authorization.in.prq_set_token MEDIUM" "password-protect-page 1.9.6 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "password-protect-page 1.9.0 .Protection.Mechanism.Bypass MEDIUM" "password-protect-page 1.8.6 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "post-carousel-divi 1.2 Reflected.Cross-Site.Scripting MEDIUM" "post-carousel-divi 1.1.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "paytm-donation No.known.fix Admin+.Stored.XSS LOW" "paytm-donation 2.3.2 Reflected.Cross-Site.Scripting MEDIUM" "paytm-donation 2.2.1 Reflected.XSS HIGH" "pop-up-pop-up 1.2.0 Subscriber+.Plugin.Installation MEDIUM" "pop-up-pop-up 1.2.0 Plugin.Installation.via.CSRF MEDIUM" "pop-up-pop-up 1.1.6 Arbitrary.Settings.Update.via.CSRF MEDIUM" "pdf-invoices-and-packing-slips-for-woocommerce 1.3.8 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "piotnet-addons-for-elementor-pro No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "piotnet-addons-for-elementor-pro No.known.fix Cross-Site.Request.Forgery MEDIUM" "piotnet-addons-for-elementor-pro No.known.fix Unauthenticated.Server-Side.Request.Forgery HIGH" "piotnet-addons-for-elementor-pro No.known.fix Missing.Authorization.to.Arbitrary.Post/Page.Deletion MEDIUM" "piotnet-addons-for-elementor-pro No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pixcodes 2.3.7 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "petfinder-listings 1.1 Admin+.Stored.Cross-Site.Scripting LOW" "pi-woocommerce-order-date-time-and-type 3.0.20 Admin+.Stored.XSS LOW" "permalink-finder No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "prevent-file-access 2.5.2 Admin+.Arbitrary.File.Upload MEDIUM" "post-meta 1.1.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "pdf24-posts-to-pdf No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "premmerce-search 2.2.4 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-search 2.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ploxel 2.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "prismatic 2.8 Contributor+.Stored.XSS MEDIUM" "prismatic 2.8 Reflected.Cross-Site.Scripting.(XSS) HIGH" "paytium 4.4.12 Unauthenticated.Full.Path.Disclosure MEDIUM" "paytium 4.4.11 Missing.Authorization MEDIUM" "paytium 4.4.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "paytium 4.3.7 Admin+.Stored.XSS LOW" "paytium 3.1.2 Stored.Cross-Site.Scripting.(XSS) CRITICAL" "photoswipe-masonry 1.2.15 Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "powerpress 11.12.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting HIGH" "powerpress 11.12.7 Contributor+.SSRF LOW" "powerpress 11.12.6 Contributor+.Stored.XSS MEDIUM" "powerpress 11.9.18 Author+.XSS.via.Podcast.URL MEDIUM" "powerpress 11.9.19 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.skipto.Shortcode MEDIUM" "powerpress 11.9.18 Author+.XSS MEDIUM" "powerpress 11.9.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.media_url.Parameter MEDIUM" "powerpress 11.9.6 Injected.Backdoor CRITICAL" "powerpress 11.0.12 Contributor+.Stored.XSS HIGH" "powerpress 11.0.7 Contributor+.SSRF MEDIUM" "powerpress 10.0.2 Contributor+.Stored.XSS MEDIUM" "powerpress 10.0.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "powerpress 8.3.8 Authenticated.Arbitrary.File.Upload.leading.to.RCE CRITICAL" "powerpress 6.0.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "powerpress 6.0.1 Cross-Site.Scripting.(XSS) CRITICAL" "postmatic No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "postmatic 2.2.10 Subscriber+.PHP.Object.Injection MEDIUM" "postmatic 2.2.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "postmatic 1.4.6 Cross-Site.Scripting.(XSS) MEDIUM" "push-notifications-for-wp 6.0.1 Settings.Update.via.CSRF MEDIUM" "pixnet No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "page-views-count 2.8.5 2.8.4.-.Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Options.Update HIGH" "page-views-count 2.6.1 Contributor+.Stored.XSS MEDIUM" "page-views-count 2.5.6 Settings.Reset.via.CSRF MEDIUM" "page-views-count 2.4.15 Unauthenticated.SQL.Injection HIGH" "page-views-count 2.4.9 Contributor+.Stored.XSS MEDIUM" "popup-manager No.known.fix Unauthenticated.Arbitrary.Popup.Deletion MEDIUM" "popup-manager No.known.fix Unauthenticated.Stored.XSS HIGH" "popup-contact-form No.known.fix Admin+.Stored.XSS LOW" "popup-contact-form No.known.fix Admin+.Stored.XSS LOW" "post-expirator 2.6.0 Contributor+.Arbitrary.Post.Schedule.Deletion HIGH" "pressforward 5.2.4 Reflected.Cross-Site.Scripting.(XSS) HIGH" "podlove-podcasting-plugin-for-wordpress 4.2.3 Cross-Site.Request.Forgery.via.ajax_transcript_delete.Function MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.2.0 Authenticated.(Admin+).Stored.Cross-Site.Scripting.via.Feed.Name MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.1.24 Admin+.Stored.XSS LOW" "podlove-podcasting-plugin-for-wordpress 4.2.1 Admin+.Stored.XSS LOW" "podlove-podcasting-plugin-for-wordpress 4.1.17 Authenticated.(Admin+).Remote.Code.Execution HIGH" "podlove-podcasting-plugin-for-wordpress 4.1.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.1.14 Cross-Site.Request.Forgery.to.Remote.Code.Execution HIGH" "podlove-podcasting-plugin-for-wordpress 4.0.15 Cross-Site.Request.Forgery MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.0.12 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.1.1 Missing.Authorization MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.0.14 Authenticated.(Contributor+).SQL.Injection CRITICAL" "podlove-podcasting-plugin-for-wordpress 4.0.10 Reflected.Cross-Site.Scripting MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.0.12 Missing.Authorization.to.Unauthenticated.Data.Export MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.0.12 Missing.Authorization.to.Settings.Import MEDIUM" "podlove-podcasting-plugin-for-wordpress 3.8.4 Cross-Site.Request.Forgery MEDIUM" "podlove-podcasting-plugin-for-wordpress 3.8.3 Admin+.Stored.XSS LOW" "podlove-podcasting-plugin-for-wordpress 3.5.6 Unauthenticated.SQL.Injection MEDIUM" "podlove-podcasting-plugin-for-wordpress 2.6.0 Authenticated.SQL.Injection HIGH" "podlove-podcasting-plugin-for-wordpress 2.3.16 Multiple.SQLi.&.XSS CRITICAL" "pricingtable No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "profile-builder-pro 3.10.1 Reflected.Cross-Site.Scripting MEDIUM" "profile-builder-pro 3.10.1 Cross-Site.Request.Forgery HIGH" "profile-builder-pro 3.10.1 Authenticated.(Subscriber+).Time-Based.One-Time.Password.Sensitive.Information.Exposure MEDIUM" "profile-builder-pro 3.6.2 Reflected.Cross-Site.Scripting MEDIUM" "profile-builder-pro 3.3.3 Authenticated.Blind.SQL.Injection MEDIUM" "profile-builder-pro 3.1.1 User.Registration.With.Administrator.Role CRITICAL" "player No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "player No.known.fix Reflected.XSS HIGH" "publish-confirm-message 2.0 Settings.Update.via.CSRF MEDIUM" "private-messages-for-wordpress No.known.fix Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "private-messages-for-wordpress No.known.fix Arbitrary.Message.Sent.via.CSRF MEDIUM" "personal-dictionary 1.3.4 Unauthenticated.SQLi HIGH" "product-category-tree No.known.fix Reflected.XSS HIGH" "product-category-tree No.known.fix CSRF MEDIUM" "pocket-news-generator No.known.fix .Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "pocket-news-generator No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "product-notices-for-woocommerce No.known.fix Cross-Site.Request.Forgery MEDIUM" "popup-box 3.2.5 Cross-Site.Request.Forgery MEDIUM" "popup-box 2.2.7 Popup.Deletion.via.CSRF MEDIUM" "popup-box 2.2.2 Reflected.XSS MEDIUM" "popup-box 2.2 Admin+.LFI MEDIUM" "post-from-frontend No.known.fix Post.Deletion.via.CSRF MEDIUM" "pb-mailcrypt-antispam-email-encryption No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pmpro-membership-maps 0.7 Membership.Maps.Add.On.<.0.7.-.Contributor+.Sensitive.Information.Disclosure MEDIUM" "progressive-wp No.known.fix Missing.Authorization MEDIUM" "pmpro-member-directory 1.2.6 Member.Directory.Add.On.<.1.2.6.-.Contributor+.Sensitive.Information.Disclosure.and.SQLi MEDIUM" "pretty-file-links No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "prezi-embedder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "panorama 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "panorama 1.0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pricing-table No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "ptoffice-sign-ups No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "post-slider-carousel 1.0.21 Admin+.Stored.XSS LOW" "post-grid 2.3.7 Unauthenticated.User.Information.Exposure MEDIUM" "post-grid 2.3.6 Unauthenticated.Paid.Order.Creation MEDIUM" "post-grid 2.3.4 2.3.3.-.Unauthenticated.Privilege.Escalation CRITICAL" "post-grid 2.2.94 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-grid 2.2.90 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-grid 2.2.91 2.2.90.-.Subscriber+.Privilege.Escalation HIGH" "post-grid 2.2.93 Contributor+.Stored.XSS MEDIUM" "post-grid 2.2.88 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Accordion.Block MEDIUM" "post-grid 2.2.87 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-grid 2.2.86 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.redirectURL.Parameter.of.Date.Countdown.Widget MEDIUM" "post-grid 2.2.81 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-grid 2.2.81 Combo.Blocks.<.2.2.81.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Block.Attribute MEDIUM" "post-grid 2.2.81 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-grid 2.2.79 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "post-grid 2.2.76 Reflected.Cross-Site.Scripting MEDIUM" "post-grid 2.2.76 Unauthenticated.Password.Protected.Posts.Access MEDIUM" "post-grid 2.2.69 Information.Exposure.via.get_posts.API.Endpoint HIGH" "post-grid 2.2.65 Authenticated.(Contributor+).Cross-Site.Scripting MEDIUM" "post-grid 2.1.16 Reflected.Cross-Site.Scripting.via.post_types MEDIUM" "post-grid 2.1.16 Reflected.Cross-Site.Scripting.via.keyword MEDIUM" "post-grid 2.1.13 Contributor+.SQL.Injection MEDIUM" "post-grid 2.1.8 Reflected.Cross-Site.Scripting.(XSS) HIGH" "post-grid 2.0.73 Authenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "post-grid 2.0.73 PHP.Object.Injection HIGH" "phpinfo-wp 6.0 Unauthenticated.Information.Exposure MEDIUM" "powers-triggers-of-woo-to-chat No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "pondol-formmail No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "portfolio-responsive-gallery 1.1.8 Authenticated.Blind.SQL.Injections HIGH" "portfolio-responsive-gallery 1.1.8 Reflected.Cross-Site.Scripting.(XSS) HIGH" "product-puller No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "popup-builder 4.3.5 Admin+.Stored.XSS LOW" "popup-builder 4.3.7 Sensitive.Information.Exposure.via.Imported.Subscribers.CSV.File MEDIUM" "popup-builder 4.3.2 Missing.Authorization.in.Multiple.AJAX.Actions HIGH" "popup-builder 4.3.2 Missing.Authorization.and.Nonce.Exposure HIGH" "popup-builder 4.3.0 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Custom.JS MEDIUM" "popup-builder 4.2.7 Contributor.Stored.XSS MEDIUM" "popup-builder 4.2.6 Admin+.SSRF.&.File.Read MEDIUM" "popup-builder 4.2.3 Unauthenticated.Stored.XSS HIGH" "popup-builder 4.2.0 Admin+.Stored.Cross-Site.Scripting LOW" "popup-builder 4.1.12 Settings.Update.via.CSRF MEDIUM" "popup-builder 4.1.11 Admin+.Stored.Cross-Site.Scripting LOW" "popup-builder 4.1.1 Popup.Status.Change.via.CSRF MEDIUM" "popup-builder 4.1.1 SQL.Injection.to.Reflected.Cross-Site.Scripting MEDIUM" "popup-builder 4.0.7 LFI.to.RCE CRITICAL" "popup-builder 4.0.7 Admin+.SQL.Injection MEDIUM" "popup-builder 3.74 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "popup-builder 3.64.1 Multiple.Issues MEDIUM" "popup-builder 3.0 SQL.injection.via.PHP.Deserialization CRITICAL" "popup-builder 3.45 SQL.Injection CRITICAL" "plugmatter-pricing-table No.known.fix Reflected.Cross-Site.Scripting HIGH" "pixel-for-web-stories 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "power-forms-builder No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "pets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pets 1.4.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pesapal-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "postbox-email-logs 1.0.5 Missing.Authorization.to.Authenticated.(Subscriber+).Log.Export MEDIUM" "postmash-custom No.known.fix Unauthenticated.SQL.Injection CRITICAL" "picu 2.4.1 Missing.Authorization MEDIUM" "premmerce-woocommerce-pinterest No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-pinterest No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "perfect-pullquotes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-wholesale-pricing 1.1.10 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-wholesale-pricing 1.1.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "premmerce-woocommerce-wholesale-pricing 1.1.4 Subscriber+.Arbitrary.Option.Update CRITICAL" "popliup No.known.fix Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "projectopia-core 5.1.17 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Option.Deletion HIGH" "projectopia-core No.known.fix Unauthenticated.Privilege.Escalation.via.Account.Takeover CRITICAL" "projectopia-core 5.1.8 Missing.Authorization.to.Privilege.Escalation.via.pto_reset_password() CRITICAL" "projectopia-core 5.1.5 Reflected.Cross-Site.Scripting MEDIUM" "projectopia-core 5.0.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "persian-nested-showhide-text No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "phonetrack-meu-site-manager No.known.fix Authenticated.Stored.XSS MEDIUM" "posts-reminder No.known.fix Settings.Update.via.CSRF MEDIUM" "polls-widget No.known.fix Admin+.Stored.XSS LOW" "polls-widget 1.5.3 Unauthenticated.Blind.SQL.Injection CRITICAL" "post-type-x 1.8.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.show_products.Shortcode MEDIUM" "post-type-x 1.7.7 Sensitive.Information.Exposure.via.Product.CSV MEDIUM" "post-type-x 1.7.6 Cross-Site.Request.Forgery.via.ic_system_status MEDIUM" "post-type-x 1.7.0 Reflected.XSS HIGH" "post-type-x 1.5.13 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "post-type-x 1.5.13 Cross-Site.Request.Forgery MEDIUM" "product-carousel-slider-for-woocommerce No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "pagopar-woocommerce-gateway No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "post-list-with-featured-image No.known.fix Reflected.XSS HIGH" "pallet-packaging-for-woocommerce 1.1.16 Missing.Authorization MEDIUM" "pastebin-embed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ps-ads-pro No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "posts-in-page 1.3.0 Directory.Traversal HIGH" "paypal-donations 1.9.9 Admin+.Stored.XSS LOW" "prayer-times-anywhere No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "peters-collaboration-e-mails No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "payflex-payment-gateway 2.6.2 Open.Redirect MEDIUM" "payflex-payment-gateway 2.6.0 Missing.Authorization.to.Order.Status.Update MEDIUM" "postpage-import-export-with-custom-fields-taxonomies 2.0.4 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "postpage-import-export-with-custom-fields-taxonomies 2.0.1 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "pagebar 2.70 Arbitrary.Settings.Update.via.CSRF.to.Stored.XSS MEDIUM" "photo-video-store No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "photo-video-store No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "product-lister-walmart No.known.fix Unauthenticated.RCE.via.Outdated.PHPUnit CRITICAL" "portfolio-elementor 3.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "portfolio-elementor 2.3.1 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "portfolio-elementor 2.1.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "philantro 5.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.donate.Shortcode MEDIUM" "philantro 5.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "peters-login-redirect 3.0.0.5 Reflected.Cross-Site.Scripting HIGH" "peters-login-redirect 2.9.2 Multiple.CSRF HIGH" "peters-login-redirect 2.9.1 Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "pdf-viewer 1.0.0 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "popping-content-light No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pepro-cf7-database No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "pepro-cf7-database 1.9.0 Cross-Site.Request.Forgery MEDIUM" "pepro-cf7-database 1.8.0 Unauthenticated.Stored.XSS HIGH" "protect-your-content No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "pdf-generator-addon-for-elementor-page-builder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pdf-generator-addon-for-elementor-page-builder 2.0.1 Unauthenticated.Arbitrary.File.Download HIGH" "pdf-generator-addon-for-elementor-page-builder 1.7.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "product-blocks-for-woocommerce 2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-timeline 2.3.10 Reflected.XSS HIGH" "post-timeline 2.3.10 Reflected.Cross-Site.Scripting MEDIUM" "post-timeline 2.2.6 Reflected.XSS HIGH" "phastpress 1.111 Open.Redirect MEDIUM" "progress-planner 0.9.2 Missing.Authorization MEDIUM" "progress-planner 0.9.3 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "portfolio-slideshow No.known.fix Contributor+.XSS MEDIUM" "post-list-designer 3.3.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "post-list-designer 3.3.1 Reflected.Cross-Site.Scripting MEDIUM" "post-list-designer 3.2 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "post-list-designer 2.1.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "popupally 2.1.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "popupally No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "popupally 2.1.1 Cross-Site.Request.Forgery.via.optin_submit_callback MEDIUM" "post-read-time No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "promobar 1.1.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "publitio No.known.fix Contributor+.Arbitrary.File.Read MEDIUM" "publitio 2.1.9 Missing.Authorization MEDIUM" "publitio 2.1.9 Missing.Authorization MEDIUM" "post-to-pdf 1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "productdyno 1.0.25 Reflected.Cross-Site.Scripting.via.'res'.Parameter MEDIUM" "productdyno 1.0.25 Reflected.Cross-Site.Scripting HIGH" "price-commander-xforwc 1.3.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "pdf-block No.known.fix Contributor+.Stored.XSS MEDIUM" "pdf-builder-for-wpforms 1.2.117 Unauthenticated.Full.Path.Disclosure MEDIUM" "pdf-builder-for-wpforms 1.2.89 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pagelayer 2.0.0 Missing.Authorization.to.Authenticated.(Contributor+).Post.Publication MEDIUM" "pagelayer 1.9.9 Authenticated.(Contributor+).Private.Post.Disclosure.in.pagelayer_builder_posts_shortcode MEDIUM" "pagelayer 1.9.9 Cross-Site.Request.Forgery.(CSRF).To.Post.Contents.Modification MEDIUM" "pagelayer 1.9.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pagelayer 1.9.0 Admin+.Stored.XSS LOW" "pagelayer 1.8.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "pagelayer 1.8.8 Admin+.Stored.XSS LOW" "pagelayer 1.8.2 Missing.Authorization MEDIUM" "pagelayer 1.8.5 Contributor+.Stored.XSS MEDIUM" "pagelayer 1.8.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Custom.Attributes MEDIUM" "pagelayer 1.8.3 Contributor+.Stored.XSS MEDIUM" "pagelayer 1.8.0 Author+.Stored.XSS LOW" "pagelayer 1.7.9 Contributor+.Stored.XSS MEDIUM" "pagelayer 1.8.1 Admin+.Stored.XSS LOW" "pagelayer 1.7.8 Author+.Stored.XSS MEDIUM" "pagelayer 1.7.7 Unauthenticated.Stored.XSS HIGH" "pagelayer 1.7.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pagelayer 1.3.5 Multiple.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "pagelayer 1.1.2 Drag.and.Drop.website.builder.<.1.1.2.-.CSRF.leading.to.XSS HIGH" "pagelayer 1.1.2 Drag.and.Drop.website.builder.<.1.1.2.-.Unprotected.AJAX's.leading.to.XSS HIGH" "post-meta-data-manager No.known.fix Authentciated.(Admin+).Multisite.Privilege.Escalation HIGH" "post-meta-data-manager 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-meta-data-manager 1.2.2 Cross-Site.Request.Forgery.to.Post,.Term,.and.User.Meta.Deletion MEDIUM" "post-meta-data-manager 1.2.1 Unauthenticated.Data.Deletion HIGH" "post-meta-data-manager 1.2.1 Subscriber+.Privilege.Escalation HIGH" "post-meta-data-manager 1.2.1 Missing.Authorization.to.Post,.Term,.and.User.Meta.Deletion MEDIUM" "pit-login-welcome No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "prodigy-commerce 3.0.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "prodigy-commerce 3.1.3 Missing.Authorization LOW" "past-events-extension No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "past-events-extension No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "past-events-extension No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "profilegrid-user-profiles-groups-and-communities 5.9.4.9 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.4.6 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "profilegrid-user-profiles-groups-and-communities 5.9.4.5 Missing.Authorinzation.to.Authenticated.(Subscriber+).Join.Group.Requests.Management MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.4.8 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.4.4 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "profilegrid-user-profiles-groups-and-communities 5.9.4.3 Insecure.Direct.Object.Reference.to.Authenticated.(Subscriber+).Private.Messages.Disclosure MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.4.3 Authenticated.(Subscriber+).Limited.Server-Side.Request.Forgery MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.3.7 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.User.Meta.Deletion MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.3.1 Cross-Site.Request.Forgery MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.0 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.0 Authenticated.(Subscriber+).Authorization.Bypass.to.Privilege.Escalation HIGH" "profilegrid-user-profiles-groups-and-communities 5.8.8 Missing.Authorization MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.8.7 Missing.Authorization MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.7.2 Authenticated.(Contributor+).SQL.Injection MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.8.0 Insecure.Direct.Object.Reference MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.8.0 Insecure.Direct.Object.Reference MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.8.3 Bypass.Group.Members.Limit MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.8.4 Missing.Authorization MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.7.9 Cross-Site.Request.Forgery MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.7.7 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.7.3 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.7.9 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "profilegrid-user-profiles-groups-and-communities 5.7.9 Unauthenticated.SQL.Injection CRITICAL" "profilegrid-user-profiles-groups-and-communities 5.6.7 Missing.Authorization MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.7.2 Cross-Site.Request.Forgery MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.5.2 Subscriber+.Arbitrary.Option.Update HIGH" "profilegrid-user-profiles-groups-and-communities 5.5.3 Group.Owner+.Unauthorized.Data.Modification HIGH" "profilegrid-user-profiles-groups-and-communities 5.5.2 Subscriber+.Unauthorized.Data.Modification MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.3.1 Subscriber+.Arbitrary.Password.Reset HIGH" "profilegrid-user-profiles-groups-and-communities 5.1.8 Subscriber+.CSV.Injection MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.0.4 Subscriber+.Private.Message.Read/Edition MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.1.1 Reflected.Cross-Site.Scripting MEDIUM" "profilegrid-user-profiles-groups-and-communities 4.7.5 Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "profilegrid-user-profiles-groups-and-communities 2.8.6 Authenticated.Code.Execution HIGH" "post-plugin-library No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "post-sync No.known.fix Reflected.XSS HIGH" "pc-robotstxt 1.10 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "push-notification-by-feedify 2.4.6 Reflected.Cross-Site.Scripting MEDIUM" "push-notification-by-feedify 2.4.6 Reflected.XSS HIGH" "push-notification-by-feedify 2.4.3 Reflected.Cross-Site.Scripting MEDIUM" "push-notification-by-feedify 2.1.9 Reflected.Cross-Site.Scripting MEDIUM" "point-maker No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "point-maker 0.1.5 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "product-table-for-woocommerce 1.2.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pre-party-browser-hints 1.8.20 Admin+.SQLi MEDIUM" "postmagthemes-demo-import 1.0.8 Admin+.Arbitrary.File.Upload MEDIUM" "papercite No.known.fix Missing.Authorization MEDIUM" "persian-woocommerce-sms 7.0.6 Reflected.Cross-Site.Scripting MEDIUM" "persian-woocommerce-sms 7.0.6 Reflected.Cross-Site.Scripting MEDIUM" "persian-woocommerce-sms 7.0.3 Reflected.Cross-Site.Scripting MEDIUM" "persian-woocommerce-sms 3.3.4 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "photographer-directory 1.0.9 Subscriber+.Privilege.Escalation CRITICAL" "preloader-for-website 1.3 Missing.Authorization.via.plwao_register_settings() MEDIUM" "photospace-responsive 2.1.2 Admin+.Stored.XSS MEDIUM" "post-content-xmlrpc No.known.fix Admin+.SQL.Injections HIGH" "price-alert-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pvn-auth-popup No.known.fix Admin+.Stored.XSS LOW" "pvn-auth-popup No.known.fix Contributor+.XSS.via.Shortcode MEDIUM" "pj-news-ticker 1.9.6 Contributor+.Stored.XSS MEDIUM" "picsmize No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "paid-membership 2.9.30 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "paid-membership No.known.fix Reflected.Cross-Site.Scripting HIGH" "paid-membership 2.9.30 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "paid-membership 1.9.6 Arbitrary.Settings.Update.via.CSRF MEDIUM" "purple-xmls-google-product-feed-for-woocommerce No.known.fix Authenticated.(Administrator+).SQL.Injection CRITICAL" "purple-xmls-google-product-feed-for-woocommerce 3.2.3.4 Reflected.Cross-Site.Scripting MEDIUM" "purple-xmls-google-product-feed-for-woocommerce 3.3.1.0 Authenticated.SQL.Injection MEDIUM" "popup-by-supsystic 1.10.30 Admin+.Remote.Code.Execution MEDIUM" "popup-by-supsystic 1.10.28 Missing.Authorization MEDIUM" "popup-by-supsystic 1.10.20 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "popup-by-supsystic 1.10.19 Prototype.Pollution MEDIUM" "popup-by-supsystic 1.10.9 Unauthenticated.Subscriber.Email.Addresses.Disclosure HIGH" "popup-by-supsystic 1.10.5 Reflected.Cross-Site.scripting.(XSS) HIGH" "popup-by-supsystic 1.7.9 Cross-Site.Request.Forgery.(CSRF) HIGH" "popup-image No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "precious-metals-chart-and-widgets 1.2.9 Authenticated.(Contributor+).Stored.Cross-site.Scripting MEDIUM" "personalize-woocommerce-cart-page 4.0 Missing.Authorization.to.Unuthenticated.Settings.Update MEDIUM" "personalize-woocommerce-cart-page 2.5 Cross-Site.Request.Forgery.(CSRF) HIGH" "product-import-export-for-woo 2.5.1 Authenticated.(Admin+).PHP.Object.Injection.via.form_data.Parameter HIGH" "product-import-export-for-woo 2.5.1 Authenticated.(Administrator+).Server-Side.Request.Forgery.via.validate_file.Function HIGH" "product-import-export-for-woo 2.5.1 Directory.Traversal.to.Authenticated.(Administrator+).Limited.Arbitrary.File.Deletion.via.admin_log_page.Function LOW" "product-import-export-for-woo 2.5.1 Directory.Traversal.to.Authenticated.(Administrator+).Limited.Arbitrary.File.Read.via.download_file.Function MEDIUM" "product-import-export-for-woo 2.4.2 Authenticated(Shop.Manager+).Arbitrary.File.Upload HIGH" "product-import-export-for-woo 2.3.8 Shop.Manager+.Arbitrary.File.Upload.via.upload_import_file HIGH" "perfect-font-awesome-integration 2.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "perfect-font-awesome-integration 2.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "per-page-add-to No.known.fix Authenticated.Stored.XSS LOW" "per-page-add-to 1.4.4 CSRF.to.Stored.XSS HIGH" "pdf-invoicing-for-woocommerce 2.2.2 Reflected.Cross-Site.Scripting MEDIUM" "podlove-web-player 5.7.4 Missing.Authorization.to.Unauthenticated.Information.Exposure MEDIUM" "podlove-web-player 5.7.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting HIGH" "preloader-quotes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "photo-gallery 1.8.35 Photo.Gallery.by.10Web.–.Mobile-Friendly.Image.Gallery.<.1,8,35.Reflected.Cross-Site.Scripting.via.'image_id'.Parameter MEDIUM" "photo-gallery 1.8.34 Unauthenticated.Stored.XSS HIGH" "photo-gallery 1.8.33 Admin+.Stored.XSS LOW" "photo-gallery 1.8.31 Admin+.Stored.XSS LOW" "photo-gallery 1.8.31 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "photo-gallery 1.8.28 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "photo-gallery 1.8.28 Admin+.Stored.XSS LOW" "photo-gallery 1.8.29 Admin+.Stored.XSS LOW" "photo-gallery 1.8.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Zipped.SVG MEDIUM" "photo-gallery 1.8.24 Authenticated.(Contributor+).Path.Traversal.via.esc_dir.Function MEDIUM" "photo-gallery 1.8.26 Subscriber+.Notice.Dismiss MEDIUM" "photo-gallery 1.8.21 Missing.Authorization MEDIUM" "photo-gallery 1.8.22 Admin+.Stored.XSS.via.SVG LOW" "photo-gallery 1.8.22 Multiple.Reflected.XSS HIGH" "photo-gallery 1.8.20 Mobile-Friendly.Image.Gallery.<.1.8.20.-.Directory.Traversal.to.Arbitrary.File.Rename CRITICAL" "photo-gallery 1.8.19 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Widget MEDIUM" "photo-gallery 1.8.15 Admin+.Path.Traversal MEDIUM" "photo-gallery 1.8.3 Stored.XSS.via.CSRF MEDIUM" "photo-gallery 1.7.1 Reflected.Cross-Site.Scripting MEDIUM" "photo-gallery 1.6.4 Admin+.Stored.Cross-Site.Scripting LOW" "photo-gallery 1.6.3 Unauthenticated.SQL.Injection HIGH" "photo-gallery 1.6.3 Reflected.Cross-Site.Scripting MEDIUM" "photo-gallery 1.6.0 Unauthenticated.SQL.Injection HIGH" "photo-gallery 1.5.79 Stored.XSS.via.Uploaded.SVG.in.Zip MEDIUM" "photo-gallery 1.5.75 File.Upload.Path.Traversal LOW" "photo-gallery 1.5.75 Stored.Cross-Site.Scripting.via.Uploaded.SVG MEDIUM" "photo-gallery 1.5.67 Authenticated.Stored.Cross-Site.Scripting.via.Gallery.Title MEDIUM" "photo-gallery 1.5.69 Multiple.Reflected.Cross-Site.Scripting.(XSS) HIGH" "photo-gallery 1.5.69 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "photo-gallery 1.5.68 Reflected.Cross-Site.Scripting.(XSS) HIGH" "photo-gallery 1.5.55 Unauthenticated.SQL.Injection CRITICAL" "photo-gallery 1.5.46 Multiple.Cross-Site.Scripting.(XSS).Issues MEDIUM" "photo-gallery 1.5.35 SQL.Injection.&.XSS CRITICAL" "photo-gallery 1.5.31 SQL.Injection CRITICAL" "photo-gallery 1.5.25 Authenticated.LFI MEDIUM" "photo-gallery 1.5.23 Authenticated.XSS MEDIUM" "photo-gallery 1.3.67 Cross-Site.Scripting.(XSS) HIGH" "photo-gallery 1.3.51 Authenticated.SQL.Injection MEDIUM" "photo-gallery 1.3.43 Authenticated.Path.Traversal HIGH" "photo-gallery 1.3.36 Authenticated.SQL.Injection MEDIUM" "photo-gallery 1.2.13 Cross-Site.Scripting.(XSS) HIGH" "partners No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "partners No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "pdf-embedder-fay No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "postcode-redirect 5.0.0 Reflected.Cross-Site.Scripting MEDIUM" "postcode-redirect 4.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pz-frontend-manager 1.0.6 CSRF.change.user.profile.picture MEDIUM" "playlist-for-youtube 1.40 Editor+.Stored.XSS LOW" "pay-with-contact-form-7 No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "pago-redsys-tpv-grafreak 1.0.13 Reflected.Cross-Site.Scripting MEDIUM" "photo-feed No.known.fix Reflected.XSS HIGH" "photo-video-gallery-master No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "perfect-woocommerce-brands 2.0.5 Subscriber+.Arbitrary.Brand.Creation MEDIUM" "perfect-woocommerce-brands 2.0.5 Subscriber+.Sensitive.Information.Disclosure MEDIUM" "pixtypes No.known.fix Reflected.XSS HIGH" "pixtypes 1.4.15 Cross-Site.Request.Forgery MEDIUM" "php-compatibility-checker 1.6.0 Cross-Site.Request.Forgery MEDIUM" "pre-publish-checklist 1.1.2 Insecure.Direct.Object.Reference.to.Arbitrary.Post.'_ppc_meta_key'.Update MEDIUM" "portfolio 2.40 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "pipdisqus No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "producer-retailer No.known.fix Subscriber+.Privilege.Escalation CRITICAL" "plugin-notes-plus 1.2.8 Authenticated.(Subscriber+).Arbitrary.Note.Deletion MEDIUM" "plugin-notes-plus 1.2.7 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "pagination 1.2.3 Admin+.Stored.XSS LOW" "pagination 1.0.7 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "pojo-accessibility 3.2.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "permalink-manager 2.4.4.1 Missing.Authorization.to.Unauthenticated.Sensitive.Information.Exposure MEDIUM" "permalink-manager 2.4.3.4 Reflected.Cross-Site.Scripting MEDIUM" "permalink-manager 2.4.3.2 Missing.Authorization.via.get_uri_editor MEDIUM" "permalink-manager 2.4.3.2 Reflected.Cross-Site.Scripting MEDIUM" "permalink-manager 2.4.3.2 Missing.Authorization.to.Authenticated(Author+).arbitrary.post.slug.modification MEDIUM" "permalink-manager 2.4.3.1 Reflected.Cross-Site.Scripting MEDIUM" "permalink-manager 2.3.0 Authenticated.Stored.XSS MEDIUM" "permalink-manager 2.2.20.2 Settings.Update.via.CSRF MEDIUM" "permalink-manager 2.2.20.1 Unauthenticated.URI.Deletion MEDIUM" "permalink-manager 2.2.15 Reflected.Cross-Site.Scripting MEDIUM" "permalink-manager 2.2.13.1 Admin+.SQL.Injection MEDIUM" "plainview-activity-monitor 20180826 Remote.Command.Execution.(RCE) HIGH" "payu-india 3.8.4 Unauthenticated.Privilege.Escalation CRITICAL" "payu-india No.known.fix Reflected.Cross-Site.Scripting.via.type HIGH" "passbeemedia-web-push-notifications No.known.fix Reflected.XSS HIGH" "podcast-subscribe-buttons 1.4.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "podcast-subscribe-buttons 1.4.2 Contributor+.Stored.XSS MEDIUM" "pure-chat 2.41 Reflected.Cross-Site.Scripting.via.purechatWidgetName.Parameter MEDIUM" "pure-chat 2.23 Cross-Site.Request.Forgery MEDIUM" "pure-chat No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "product-image-watermark-for-woo 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "peachpay-for-woocommerce 1.113.0 Reflected.Cross-Site.Scripting MEDIUM" "pdf-viewer-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.render MEDIUM" "pdf-viewer-for-elementor No.known.fix Arbitrary.JavaScript.Execution MEDIUM" "pdf-viewer-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pingmeter-uptime-monitoring No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "product-gtin-ean-upc-isbn-for-woocommerce No.known.fix Contributor+.Stored.XSS MEDIUM" "pixobe-cartography No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pixobe-cartography No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "photoshelter-official-plugin No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "photokit No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "press-elements No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "press-elements No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "press-elements No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "page-generator 1.7.2 Authenticated(Administrator+).SQL.Injection MEDIUM" "page-generator 1.6.6 Arbitrary.Keywords.Deletion/Duplication.via.CSRF MEDIUM" "page-generator 1.6.5 Admin+.Stored.Cross-Site.Scripting LOW" "page-generator 1.5.9 Reflected.Cross-Site.Scripting HIGH" "pagerank-tools No.known.fix Reflected.XSS HIGH" "pricetable No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "posts-date-ranges No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "product-configurator-for-woocommerce 1.2.32 Unauthenticated.Arbitrary.File.Deletion HIGH" "prime-mover 1.9.3 Directory.Listing.to.Sensitive.Data.Exposure HIGH" "prime-mover 1.8.8 Reflected.Cross-Site.Scripting MEDIUM" "prime-mover 1.5.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "page-takeover No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "predict-when No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-brands 1.2.13 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-brands 1.2.12 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "polo-video-gallery No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "pf-timer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "publishpress 1.9.5 Reflected.Cross-Site.Scripting MEDIUM" "publishpress 3.5.1 Reflected.Cross-Site.Scripting HIGH" "plethora-tabs-accordions 1.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "plethora-tabs-accordions 1.2 Contributor+.Stored.XSS MEDIUM" "post-ideas No.known.fix Unauthenticated.SQL.Injection HIGH" "playerjs 2.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "planso-forms No.known.fix Authenticated.Stored.Cross-Site.Scripting LOW" "poeditor 0.9.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "poeditor 0.9.5 CSRF MEDIUM" "poeditor 0.9.8 Settings.Reset.via.CSRF MEDIUM" "performance-lab 2.3.0 CSRF MEDIUM" "perelink No.known.fix Settings.Update.via.CSRF MEDIUM" "protected-posts-logout-button 1.4.6 Admin+.Stored.XSS LOW" "protected-posts-logout-button 1.4.5 Settings.Update.via.CSRF MEDIUM" "protected-posts-logout-button 1.4.6 Missing.Authorization MEDIUM" "posturinn 1.3.3 Reflected.XSS HIGH" "parone 1.18.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "phpsword-favicon-manager No.known.fix Authenticated.(Admin+).Arbitrary.File.Upload CRITICAL" "pure-css-circle-progress-bar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "paytr-taksit-tablosu-woocommerce No.known.fix CSRF MEDIUM" "paytr-taksit-tablosu-woocommerce 1.3.2 Unauthenticated.Settings.Update MEDIUM" "pixfields 0.7.1 Arbitrary.Settings.Update.via.CSRF MEDIUM" "pixfields No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "pmpro-payfast 1.4.2 Unauthenticated.Information.Exposure MEDIUM" "qrcode-wprhe No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "qr-code-tag-for-wc-from-goaskle-com No.known.fix Cross-Site.Request.Forgery MEDIUM" "quttera-web-malware-scanner 3.4.2.1 Admin+.Path.Traversal MEDIUM" "quttera-web-malware-scanner 3.4.2.1 Directory.Listing.to.Sensitive.Data.Exposure MEDIUM" "quentn-wp 1.2.9 Unauthenticated.Privilege.Escalation CRITICAL" "quentn-wp 1.2.9 Unauthenticated.SQL.Injection HIGH" "qtranslate-x No.known.fix Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "qtranslate-x 3.4.4 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "quick-localization No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "quick-pagepost-redirect-plugin 5.2.4 Admin+.Stored.XSS LOW" "quick-pagepost-redirect-plugin 5.2.0 Authenticated.Settings.Update CRITICAL" "quick-contact-form 8.0.6.8 Reflected.Cross-Site.Scripting MEDIUM" "quick-contact-form 8.0.4 Admin+.Stored.XSS LOW" "quick-contact-form 8.0.4 Contributor+.Stored.XSS MEDIUM" "quick-contact-form 8.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "qi-addons-for-elementor 1.8.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "qi-addons-for-elementor 1.8.1 Sensitive.Information.Exposure MEDIUM" "qi-addons-for-elementor 1.7.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "qi-addons-for-elementor 1.7.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Widget MEDIUM" "qi-addons-for-elementor 1.7.1 Contributor+.Stored.XSS MEDIUM" "qi-addons-for-elementor 1.6.8 Contributor+.Stored.XSS MEDIUM" "qi-addons-for-elementor 1.6.5 Contributor+.Stored.XSS MEDIUM" "qi-addons-for-elementor 1.6.4 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "quotes-collection No.known.fix Admin+.SQL.Injection MEDIUM" "quotes-collection 2.0.6 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "qr-master No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "quote-comments No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "qmean No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "quick-code No.known.fix Stored.XSS.via.CSRF HIGH" "query-wrangler 1.5.55 Cross-Site.Request.Forgery MEDIUM" "query-wrangler 1.5.52 Reflected.XSS HIGH" "qr-code-and-barcode-scanner-reader No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "quick-affiliate-store No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "qa-heatmap-analytics 4.1.1.2 Unauthenticated.Settings.Update MEDIUM" "qyrr-code 1.4.4 Reflected.Cross-Site.Scripting MEDIUM" "qyrr-code 0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "qyrr-code 0.7 Authenticated.(contributor+).Stored.XSS MEDIUM" "qs-dark-mode 3.0 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "quick-license-manager 2.4.18 Reflected.Cross-Site.Scripting MEDIUM" "q2w3-inc-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "qqworld-auto-save-images No.known.fix Missing.Authorization.to.Arbitrary.Post.Content.Retrieval MEDIUM" "quick-orders-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "quick-orders-for-woocommerce No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "quick-chat No.known.fix Authenticated.Stored.Cross-Site.Scripting HIGH" "quick-chat No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "quick-chat 4.00 SQL.Injection CRITICAL" "quiz-maker 6.6.8.8 Unauthenticated.SQL.Injection HIGH" "quiz-maker 31.8.0.100 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "quiz-maker 8.8.0.100 Unauthenticated.Stored.XSS HIGH" "quiz-maker 21.8.0.100 Unauthenticated.Stored.XSS HIGH" "quiz-maker 31.8.0.100 Reflected.DOM.XSS.via.content HIGH" "quiz-maker 8.8.0.100 Unauthenticated.SQL.Injection.via.id HIGH" "quiz-maker 21.8.0.100 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "quiz-maker 21.8.0.100 Unauthenticated.SQL.Injection.via.id HIGH" "quiz-maker 8.8.0.100 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "quiz-maker 31.8.0.100 Unauthenticated.Stored.XSS HIGH" "quiz-maker 8.8.0.100 Reflected.DOM.XSS.via.content HIGH" "quiz-maker 21.8.0.100 Reflected.DOM.XSS.via.content HIGH" "quiz-maker 31.8.0.100 Unauthenticated.SQL.Injection.via.id HIGH" "quiz-maker 6.5.9.9 Admin+.Stored.XSS LOW" "quiz-maker 6.5.8.4 Unauthenticated.SQL.Injection.via.'ays_questions'.Parameter CRITICAL" "quiz-maker 6.5.2.5 Missing.Authorization.to.Unauthenticated.Quiz.Data.Retrieval MEDIUM" "quiz-maker 6.5.2.5 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Quiz.Creation.&.Modification MEDIUM" "quiz-maker 6.5.0.6 Denial.of.Service MEDIUM" "quiz-maker 6.5.1.2 Missing.Authorization MEDIUM" "quiz-maker 6.4.9.5 Reflected.Cross-Site.Scripting HIGH" "quiz-maker 6.4.9.5 Unauthenticated.Email.Address.Disclosure MEDIUM" "quiz-maker 6.4.2.7 Reflected.XSS MEDIUM" "quiz-maker 6.2.0.9 Multiple.Authenticated.Blind.SQL.Injections HIGH" "qtranslate-slug No.known.fix CSRF.Bypass.in.Multiple.Plugins MEDIUM" "qtranslate-slug No.known.fix Cross-Site.Request.Forgery MEDIUM" "quiz-cat 3.0.9 Missing.Authorization MEDIUM" "quiz-cat 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "qode-instagram-widget 2.0.2 Open.Redirect HIGH" "quote-press No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "quote-press No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "qubotchat 1.1.6 Unauthenticated.Stored.XSS HIGH" "qubotchat 1.1.6 Qubotchat.<.1,1,6.–.Admin+.Stored.XSS LOW" "quick-count No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "quadmenu 3.2.1 Cross-Site.Request.Forgery.to.Limited.User.Meta.Update MEDIUM" "quadmenu 2.0.7 Unauthenticated.RCE.via.compiler_save CRITICAL" "qe-seo-handyman No.known.fix Admin+.SQLi MEDIUM" "qe-seo-handyman No.known.fix Admin+.SQLi MEDIUM" "qr-twitter-widget No.known.fix Contributor+.Stored.XSS MEDIUM" "quick-call-button No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "quick-view-and-buy-now-for-woocommerce 1.5.9 Authenticated.(Shop.manager+).Stored.Cross-Site.Scripting.via.Custom.CSS.Code MEDIUM" "qubely 1.8.14 Contributor+.Sensitive.Information.Exposure LOW" "qubely 1.8.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'align'.and.'UniqueID' MEDIUM" "qubely 1.8.6 Unauthenticated.Arbitrary.E-mail.Sending MEDIUM" "qubely 1.8.5 Contributor+.Stored.XSS MEDIUM" "qubely 1.8.1 Authenticated.Arbitrary.Settings.Update MEDIUM" "qubely 1.7.8 Subscriber+.Arbitrary.Post.Deletion MEDIUM" "quick-learn No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "quran-shortcode No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "q2w3-post-order No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "quick-adsense-reloaded 2.0.88 Unauthenticated.SQL.Injection HIGH" "quick-adsense-reloaded 2.0.88 Missing.Authorization MEDIUM" "quick-adsense-reloaded 2.0.85 Missing.Authorization MEDIUM" "qr-code-composer 2.0.4 Subscriber+.Stored.XSS HIGH" "qards No.known.fix Stored.Cross-Site.Scripting.(XSS) MEDIUM" "quote-tweet No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "qr-redirector 1.6.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "qr-redirector 1.6 Subscriber+.Arbitrary.QR.Redirect.Response.Status.Update MEDIUM" "quizzin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "quick-event-manager 9.8.5.3 Reflected.Cross-Site.Scripting MEDIUM" "quick-event-manager 9.6.5 Admin+.Stored.XSS LOW" "quick-event-manager 9.7.5 Unauthenticated.Stored.XSS HIGH" "quick-event-manager 9.7.5 Registration.Deletion/Update.via.CSRF MEDIUM" "quick-event-manager 9.7.5 Reflected.Cross-Site HIGH" "quick-event-manager 9.2.17 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "quick-interest-slider No.known.fix Contributor+.Stored.XSS MEDIUM" "quick-interest-slider 2.9.5 Cross-Site.Request.Forgery MEDIUM" "quick-interest-slider 2.9.4 Admin+.Stored.XSS LOW" "quotes-and-tips 1.45 Admin+.Arbitrary.File.Upload MEDIUM" "quotes-and-tips 1.32 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "quotes-and-tips 1.20 Cross-Site.Scripting.(XSS) MEDIUM" "quotemedia-tools No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "quick-adsense 2.8.2 Subscriber+.Post.Stats.Reset MEDIUM" "quillforms 4.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "quillforms 3.8.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "quillforms 3.4.0 Cross-Site.Request.Forgery MEDIUM" "qrmenu-lite No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "quran-phrases-about-most-people-shortcodes 1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "querywall No.known.fix Admin+.SQLi MEDIUM" "qode-essential-addons 1.6.4 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "qode-essential-addons 1.5.3 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Plugin.Installation/Activation MEDIUM" "quick-featured-images 13.7.1 Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.Thumbnail.Deletion/Setting MEDIUM" "qt-kentharadio 2.0.2 Unauthenticated.RFI.and.SSRF MEDIUM" "quick-edit-template-link No.known.fix Cross-Site.Request.Forgery MEDIUM" "quickiebar No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "qwiz-online-quizzes-and-flashcards 3.62 Admin+.Stored.Cross.Site.Scripting LOW" "quote-requests-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "quote-requests-for-woocommerce 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "quickswish 1.1.0 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "quform 2.21.0 WordPress.Form.Builder.<.2.21.0.-.Unauthenticated.Sensitive.Information.Exposure MEDIUM" "quran-text-multilanguage 2.3.22 Reflected.Cross-Site.Scripting.via.sourate.and.lang.Parameters MEDIUM" "quietly-insights No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "quiz-expert No.known.fix Cross-Site.Request.Forgery MEDIUM" "qr-code-tag No.known.fix Contributor+.Stored.XSS MEDIUM" "question-answer No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "question-answer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "question-answer No.known.fix Missing.Authorization MEDIUM" "quizlord No.known.fix Admin+.Stored.XSS LOW" "quote-o-matic No.known.fix Admin+.SQLi MEDIUM" "quicksand-jquery-post-filter No.known.fix Cross-Site.Request.Forgery.via.renderAdmin MEDIUM" "quicksand-jquery-post-filter No.known.fix Missing.Authorization.via.quicksand_admin_ajax CRITICAL" "quick-restaurant-menu 2.1.0 Admin+.Stored.XSS LOW" "quick-restaurant-menu 2.1.0 Subscriber+.Arbitrary.Post.Deletion/Updating MEDIUM" "quick-restaurant-menu 2.1.0 .Menu.Items.Update.via.CSRF MEDIUM" "qode-twitter-feed 2.0.1 Open.Redirect HIGH" "quote-post-type-plugin No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "quotes-llama 3.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "quotes-llama 3.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "quotes-llama 3.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "quotes-llama 1.0.0 Admin+.Stored.Cross-Site.Scripting LOW" "quick-restaurant-reservations 1.5.5 CSRF MEDIUM" "quick-restaurant-reservations 1.4.2 Reflected.Cross-Site.Scripting MEDIUM" "quote-me No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "quasar-form No.known.fix Subscriber+.SQLi HIGH" "qi-blocks 1.4 Contributor+.Stored.XSS.vi.Countdown.Block MEDIUM" "qi-blocks 1.4 Contributor+.Stored.XSS.via.ToC.Block MEDIUM" "qi-blocks 1.4 Contributor+.Stored.XSS.via.Counter.Block MEDIUM" "qi-blocks 1.3.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "qi-blocks 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "qi-blocks 1.3.0 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "quick-audio-player No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "quick-audio-player No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "quotes-for-woocommerce 2.0.2 Quote.Status.Update./.Quote.Sending.via.CSRF MEDIUM" "quotes-for-woocommerce 2.0.2 Missing.Authorization MEDIUM" "quiz-tool-lite No.known.fix Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "quiz-organizer No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "quick-subscribe No.known.fix Arbitrary.Settings.Update.via.CSRF.to.Stored.XSS MEDIUM" "qodeblock No.known.fix Missing.Authorization.to.Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "qodeblock No.known.fix Missing.Authorization MEDIUM" "quick-paypal-payments 5.7.28 Reflected.Cross-Site.Scripting MEDIUM" "quick-paypal-payments 5.7.26.4 Admin+.Stored.XSS LOW" "quick-paypal-payments 5.7.26 Contributor+.Stored.XSS MEDIUM" "quick-paypal-payments 5.7.26 Unauthenticated.Stored.XSS HIGH" "quick-paypal-payments 5.7.26 Unauthenticated.Payment.Message.Deletion/Update MEDIUM" "quick-paypal-payments 5.7.26 Admin+.Stored.XSS LOW" "quick-paypal-payments 5.7.22 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "quiz-master-next 9.2.1 Author+.Stored.XSS MEDIUM" "quiz-master-next 9.1.3 Author+.Stored.XSS MEDIUM" "quiz-master-next 9.1.1 Contributor+.Stored.XSS MEDIUM" "quiz-master-next 9.1.0 Contributor+.Stored.XSS MEDIUM" "quiz-master-next 9.0.5 Contributor+.Stored.XSS MEDIUM" "quiz-master-next 9.0.2 Contributor+.SQLi MEDIUM" "quiz-master-next 9.0.2 Contributor+.Stored.XSS MEDIUM" "quiz-master-next 9.0.2 Authenticated.(Contributor+).SQL.Injection CRITICAL" "quiz-master-next 8.2.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "quiz-master-next 8.1.17 Unauthenticated.Unauthorised.Action MEDIUM" "quiz-master-next 8.1.19 Quiz.Results.Deletion.via.CSRF MEDIUM" "quiz-master-next 8.1.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "quiz-master-next 8.1.19 Multiple.Cross-Site.Request.Forgery MEDIUM" "quiz-master-next 8.1.16 Cross-Site.Request.Forgery.via.'display_results' MEDIUM" "quiz-master-next 8.1.11 Contributor+.Stored.XSS MEDIUM" "quiz-master-next 8.0.8 Text.Message.Setting.Update.via.CSRF MEDIUM" "quiz-master-next 8.0.9 Unauthenticated.Arbitrary.Media.File.Delete MEDIUM" "quiz-master-next 8.0.5 Unauthenticated.iFrame.Injection HIGH" "quiz-master-next 8.0.5 Improper.Input.Validation MEDIUM" "quiz-master-next 7.3.5 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "quiz-master-next 7.3.5 Contributor+.Stored.XSS MEDIUM" "quiz-master-next 7.3.11 Bypass MEDIUM" "quiz-master-next 7.3.5 Reflected.Cross-Site.Scripting MEDIUM" "quiz-master-next 7.3.7 Multiple.Author+.IDOR LOW" "quiz-master-next 7.3.11 Sensitive.Information.Disclosure MEDIUM" "quiz-master-next 7.3.11 Subscriber+.XSS MEDIUM" "quiz-master-next 7.3.5 Admin+.SQL.Injection MEDIUM" "quiz-master-next 7.3.5 Quiz.Update.via.IDOR LOW" "quiz-master-next 7.3.7 Reflected.Cross-Site.Scripting MEDIUM" "quiz-master-next 7.3.7 CSRF MEDIUM" "quiz-master-next 7.3.7 Low.Privilege.Stored.Cross-Site.Scripting MEDIUM" "quiz-master-next 7.3.2 Admin+.Stored.Cross-Site.Scripting LOW" "quiz-master-next 7.1.14 Reflected.Cross-Site.Scripting HIGH" "quiz-master-next 7.1.19 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "quiz-master-next 7.1.18 Reflected.Cross-Site.Scripting.(XSS) HIGH" "quiz-master-next 7.1.12 Authenticated.SQL.injection.via.shortcode HIGH" "quiz-master-next 7.1.14 Authenticated.SQL.injection.via.Rest.API HIGH" "quiz-master-next 7.0.2 Unauthenticated.Arbitrary.File.Upload HIGH" "quiz-master-next 7.0.1 Arbitrary.File.Upload CRITICAL" "quiz-master-next 7.0.1 Unauthenticated..Arbitrary.File.Deletion CRITICAL" "quiz-master-next 7.0.0 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "quiz-master-next 6.3.5 Authenticated.Reflected.XSS HIGH" "quiz-master-next 6.2.2 Authenticated.Cross-Site.Scripting.(XSS) HIGH" "quiz-master-next 4.7.9 Stored.Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "quiz-master-next 4.4.4 Authenticated.Blind.SQL.Injection MEDIUM" "redirect-after-login No.known.fix Admin+.Stored.XSS LOW" "remote-images-grabber No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "redux-converter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "real-wp-shop-lite No.known.fix Admin+.Stored.XSS LOW" "recent-backups No.known.fix Remote.File.Download HIGH" "rustolat No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "romethemeform 1.1.6 Missing.Authorization.via.export_entries,.rtformnewform,.and.rtformupdate MEDIUM" "romethemeform 1.1.3 Missing.Authorization MEDIUM" "related-posts-via-taxonomies No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "remove-duplicate-posts 1.3 Reflected.Cross-Site.Scripting MEDIUM" "razorpay-payment-button-elementor 1.2.6 Reflected.Cross-Site.Scripting MEDIUM" "review-widgets-for-hotels-com 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "rss-chimp 1.2.5 Reflected.Cross-Site.Scripting MEDIUM" "rss-chimp 1.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "reader-mode No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "rs-members No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "ravpage 2.33 PHP.Object.Injection CRITICAL" "ravpage 2.25 Reflected.Cross-Site.Scripting MEDIUM" "rig-elements No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "raise-prices-with-sales-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "raise-prices-with-sales-for-woocommerce 1.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rometheme-for-elementor 1.5.5 Authenticated.(Subscriber+).Arbitrary.Plugin.Installation/Activation HIGH" "rometheme-for-elementor 1.5.3 Missing.Authorization MEDIUM" "rometheme-for-elementor 1.5.3 Contributor+.Sensitive.Information.Exposure.via.Elementor.Templates MEDIUM" "rometheme-for-elementor 1.5.4 Missing.Authorization.in.save_options.and.reset_widgets MEDIUM" "rometheme-for-elementor 1.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rometheme-for-elementor 1.4.2 Missing.Authorization MEDIUM" "rometheme-for-elementor 1.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "redux-framework 4.4.18 .4.4.17.-.Unauthenticated.JSON.File.Upload.to.Stored.Cross-Site.Scripting HIGH" "redux-framework 4.2.13 Contributor+.Arbitrary.Plugin.Installation.and.Post.Deletion HIGH" "redux-framework 4.2.13 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "redux-framework 4.1.21 CSRF.Nonce.Validation.Bypass MEDIUM" "redux-framework 4.1.24 4.1.23.-.CSRF.Nonce.Validation.Bypass MEDIUM" "rate-limiting-for-contact-form-7 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "reportattacks 2.33 Authenticated.(Admin+).SQL.Injection MEDIUM" "rearrange-woocommerce-products 3.0.8 Subscriber+.SQL.Injection HIGH" "recently-viewed-and-most-viewed-products No.known.fix Authenticated.(Shop.Manager+).Stored.Cross-Site.Scripting MEDIUM" "rac No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "responsive-accordion-tabs 1.4.3 Reflected.Cross-Site.Scripting MEDIUM" "rumbletalk-chat-a-chat-with-themes 6.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rumbletalk-chat-a-chat-with-themes 6.2.0 Missing.Authorization.via.handleRequest HIGH" "rich-web-share-button No.known.fix Unauthenticated.SQL.Injection CRITICAL" "rich-web-share-button No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "responsive-lightbox 2.5.1 Contributor+.Stored.XSS MEDIUM" "responsive-lightbox 2.4.8 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.Featherlight.js.JavaScript.Library MEDIUM" "responsive-lightbox 2.4.9 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "responsive-lightbox 2.4.9 Author+.Stored.XSS MEDIUM" "responsive-lightbox 2.4.8 Missing.Authorization MEDIUM" "responsive-lightbox 2.4.8 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.File.Upload MEDIUM" "responsive-lightbox 2.4.7 Information.Disclosure MEDIUM" "responsive-lightbox 2.4.6 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.name MEDIUM" "responsive-lightbox 1.7.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "realia No.known.fix User.Email.Change.via.Cross-Site.Request.Forgery HIGH" "realia No.known.fix Unauthenticated.IDOR.leading.to.Arbitrary.Post.Deletion HIGH" "right-click-disable-or-ban 1.2.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "resads No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "resads No.known.fix Reflected.Cross-Site.Scripting.via.Multiple.Parameters MEDIUM" "resads 1.0.2 .Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "rara-one-click-demo-import 1.3.0 Arbitrary.File.Upload.via.CSRF HIGH" "restropress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "restropress No.known.fix Missing.Authorization MEDIUM" "restropress 3.1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "restropress 3.1.2.1 Cross-Site.Request.Forgery.via.rpress_orders_list_table_process_bulk_actions MEDIUM" "restropress 2.8.3 Cart.Manipulation.via.CSRF MEDIUM" "restropress 2.8.3.1 Unauthorised.AJAX.Calls HIGH" "relevanssi 4.24.4 Unauthenticated.Stored.Cross-Site.Scripting.via.Search.Highlights MEDIUM" "relevanssi 4.23.1 Contributor+.Stored.XSS MEDIUM" "relevanssi 4.23.0 Unauthenticated.Information.Exposure MEDIUM" "relevanssi 4.22.2 Missing.Authorization.to.Unauthenticated.Count.Option.Update MEDIUM" "relevanssi 4.22.1 Unauthenticated.Query.Log.Export MEDIUM" "relevanssi 4.22.0 Unauthenticated.Private/Draft.Post.Disclosure MEDIUM" "relevanssi 4.14.6 Subscriber+.Unauthorised.AJAX.Calls MEDIUM" "relevanssi 4.14.3 A.Better.Search.<.4.14.3.-.Unauthenticated.Stored.Cross-Site.Scripting HIGH" "relevanssi 4.0.5 Cross-Site.Scripting.(XSS) MEDIUM" "relevanssi 3.6.1 Authenticated.Admin.SQL.Injection MEDIUM" "relevanssi-live-ajax-search 2.5 Unauthenticated.WP_Query.Argument.Injection MEDIUM" "rsvpmaker-volunteer-roles No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "rating-widget 3.2.0 Reflected.Cross-Site.Scripting MEDIUM" "rating-widget 3.2.1 Contributor+.Stored.XSS MEDIUM" "rating-widget 3.1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "reset-course-progress-for-learndash No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "reset-course-progress-for-learndash No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "replace-default-words No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "read-more-without-refresh 3.2 Admin+.Stored.Cross-Site.Scripting LOW" "responsive-jquery-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rm-mailchimp-manager No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rm-mailchimp-manager No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "rest-api-to-miniprogram No.known.fix Cross-Site.Request.Forgery MEDIUM" "rest-api-to-miniprogram 4.7.6 Unauthenticated.Arbitrary.User.Email.Update.and.Privilege.Escalation.via.Account.Takeover CRITICAL" "rest-api-to-miniprogram No.known.fix Unauthenticated.SQL.Injection HIGH" "rest-api-to-miniprogram No.known.fix Subscriber+.Attachment.Deletion MEDIUM" "really-simple-ssl-pro-multisite 9.1.2 9.1.1.1.-.Authentication.Bypass CRITICAL" "rio-photo-gallery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "responsive-iframe No.known.fix Contributor+.Stored.XSS HIGH" "realtycandy-idx-broker-extended No.known.fix Cross-Site.Request.Forgery MEDIUM" "review-widgets-for-opentable 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "refer-a-friend-widget-for-wp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "reservation-studio-widget 1.0.12 Admin+.Stored.XSS LOW" "reservation-studio-widget 1.0.12 Cross-Site.Request.Forgery MEDIUM" "run-time-image-resizing No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "run-time-image-resizing No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "responsive-owl-carousel-elementor 1.2.1 Local.File.Inclusion HIGH" "review-stream 1.6.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "review-stream 1.6.6 Admin+.Stored.XSS LOW" "randomize No.known.fix Authenticated.(Contributor+).SQL.Injection HIGH" "rk-responsive-contact-form No.known.fix Authenticated.Blind.SQL.Injection CRITICAL" "rvg-optimize-database 5.1 Missing.Authorization.via.'odb_csv_download' MEDIUM" "rvg-optimize-database 5.1.1 Database.Optimization.via.CSRF MEDIUM" "recover-wc-abandoned-cart 2.3 Cross-Site.Request.Forgery MEDIUM" "reftagger-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "real-time-find-and-replace 4.0.2 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting HIGH" "redi-restaurant-reservation 24.1015 Reflected.Cross-Site.Scripting MEDIUM" "redi-restaurant-reservation 24.0712 Missing.Authorization MEDIUM" "redi-restaurant-reservation 24.0303 Cross-Site.Request.Forgery.via.redi_restaurant_admin_options_page() MEDIUM" "redi-restaurant-reservation 24.0303 Cross-Site.Request.Forgery.via.redi_restaurant_admin_options_page() MEDIUM" "redi-restaurant-reservation 24.0303 Reflected.Cross-Site.Scripting MEDIUM" "redi-restaurant-reservation 21.0426 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "review-stars-count-for-woocommerce No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "royal-slider 3.2.7 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "redirection 3.6.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "redirection 2.8 Authenticated.Local.File.Inclusion MEDIUM" "rduplicator No.known.fix Contributor+.SQLi HIGH" "revisionary 3.5.16 Missing.Authorization.to.Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "revisionary 3.5.15 Reflected.Cross-Site.Scripting MEDIUM" "review-widgets-for-arukereso 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "redirect-404-to-parent 1.3.1 Reflected.Cross-Site.Scripting.(XSS) HIGH" "rocket-addons No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "restaurant-pickup-delivery-dine-in No.known.fix Admin+.Stored.XSS LOW" "review-widgets-for-booking-com 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "rich-counter 1.2.0 Cross-Site.Scripting.(XSS) MEDIUM" "rb-internal-links No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "responsive-css-editor No.known.fix Admin+.SQLi MEDIUM" "review-widgets-for-airbnb 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "revision-manager-tmc 2.8.20 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Email.Sending MEDIUM" "revision-manager-tmc 2.8.0 Folders.Disclosure.via.Outdated.jQueryFileTree.Library MEDIUM" "ratemyagent-official 1.5.0 Cross-Site.Request.Forgery.to.API.Key.Update MEDIUM" "related-post-shortcode No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "rate-own-post No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "revive-so No.known.fix Missing.Authorization MEDIUM" "responsive-data-table No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "revolution-for-elementor No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "revolution-for-elementor No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "rating-bws No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "rating-bws 1.6 Rating.Denial.of.Service MEDIUM" "rating-bws 0.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "revision-diet No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "rolo-slider No.known.fix Missing.Authorization.to.Authenticated(Subscriber+).Settings.Change MEDIUM" "richtexteditor No.known.fix Missing.Authorization MEDIUM" "richtexteditor No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "rocket-maintenance-mode 4.4 Admin+.Stored.XSS LOW" "rocket-maintenance-mode 4.4 Reflected.Cross-Site.Scripting MEDIUM" "rocket-maintenance-mode 4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rj-quickcharts No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "rj-quickcharts No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "responsive-column-widgets No.known.fix Reflected.XSS HIGH" "responsive-column-widgets No.known.fix Open.Redirect.via.responsive_column_widgets_link MEDIUM" "revenueflex-easy-ads 1.5.1 Missing.Authorization.to.Authenticated.(Editor+).Settings.Update LOW" "rselements-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "react-webcam No.known.fix Contributor+.Stored.XSS MEDIUM" "responsive-cookie-consent 1.8 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "resume-builder No.known.fix Subscriber+.Stored.XSS HIGH" "radius-blocks No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "radius-blocks 2.2.0 Cross-Site.Request.Forgery MEDIUM" "radius-blocks 2.2.0 Contributor+.Stored.XSS MEDIUM" "rss-feed-post-generator-echo 5.4.7 Unauthenticated.Privilege.Escalation CRITICAL" "replace-image 1.1.11 Insecure.Direct.Object.Reference MEDIUM" "reviewpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "reviewpress No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "reviewpress No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "rest-routes 5.5.4 Reflected.Cross-Site.Scripting MEDIUM" "rest-routes 4.24.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rs-survey No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "robokassa 1.6.2 Reflected.Cross-Site.Scripting MEDIUM" "reviews-widgets-for-yelp 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "radio-forge No.known.fix Reflected.Cross-Site.Scripting HIGH" "ruby-help-desk 1.3.4 Subscriber+.Ticket.Update.via.IDOR MEDIUM" "real-media-library-lite 4.11.12 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "real-media-library-lite 4.22.8 Contributor+.Stored.XSS MEDIUM" "real-media-library-lite 4.18.29 Author+.Stored.XSS MEDIUM" "real-media-library-lite 4.14.2 Author.Stored.Cross-Site.Scripting MEDIUM" "renee-work-in-progress No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "renee-work-in-progress No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "realtyna-provisioning 1.2.3 Reflected.Cross-Site.Scripting MEDIUM" "rewardsystem No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "rsvpmaker-for-toastmasters 6.2.5 Unauthenticated.Arbitrary.File.Upload CRITICAL" "raphicon No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rps-include-content 1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "risk-warning-bar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "reaction-buttons No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "reveal-template No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "real-kit No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "real-kit 5.1.1 Contributor+.Stored.XSS MEDIUM" "ruven-toolkit No.known.fix tinymce/popup.php.popup.Parameter.Reflected.XSS MEDIUM" "role-based-pricing-for-woocommerce 1.6.3 Subscriber+.PHAR.Deserialization HIGH" "role-based-pricing-for-woocommerce 1.6.2 Subscriber+.Arbitrary.File.Upload HIGH" "responsive-tabs-for-wpbakery No.known.fix Contributor+.Stored.XSS MEDIUM" "rss-feed-widget 3.0.0 Contributor+.Stored.XSS MEDIUM" "rss-feed-widget 3.0.1 Reflected.XSS MEDIUM" "rss-feed-widget 3.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.rfw-youtube-videos.Shortcode MEDIUM" "rss-feed-widget 2.9.8 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "rss-feed-widget 2.8.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "republish-old-posts 1.27 Cross-Site.Request.Forgery.via.rop_options_page MEDIUM" "ragic-shortcode 1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "reviewstap 1.1.3 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "related-posts-line-up-exactry-by-milliard No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "radio-station 2.5.8 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "radio-station 2.5.0 Reflected.XSS HIGH" "radio-station 2.5.5 Reflected.Cross-Site.Scripting MEDIUM" "radio-station 2.4.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "read-more-excerpt-link 1.6.1 Settings.Update.via.CSRF MEDIUM" "read-more-excerpt-link 1.6.1 Settings.Update.via.CSRF MEDIUM" "relevant 1.2.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "relevant 1.0.8 Cross-Site.Scripting.(XSS) MEDIUM" "remove-schema 1.6 Cross-Site.Request.Forgery MEDIUM" "remove-schema 1.6 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "responsive-facebook-and-twitter-widget No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rlm-elementor-widgets-pack 1.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rdp-wiki-embed No.known.fix Cross-Site.Request.Forgery MEDIUM" "revy No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "revy No.known.fix Unauthenticated.SQL.Injection HIGH" "revy No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "rename-wp-login No.known.fix Secret.URL.Update.via.CSRF MEDIUM" "restrict-anonymous-access 1.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "really-simple-ssl-pro 9.1.2 9.1.1.1.-.Authentication.Bypass CRITICAL" "recent-posts-slider No.known.fix Cross-Site.Request.Forgery MEDIUM" "recent-posts-slider No.known.fix Unauthenticated.Stored.XSS HIGH" "remote-content-shortcode No.known.fix Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "remote-content-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "remote-content-shortcode No.known.fix Authenticated(Contributor+).Local.File.Inclusion.via.shortcode MEDIUM" "rsvpmaker-excel No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "read-more No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Read.More.Button.Deletion MEDIUM" "read-more No.known.fix Cross-Site.Request.Forgery MEDIUM" "responsive-horizontal-vertical-and-accordion-tabs 1.1.18 Authenticated.(Contributor+).SQL.Injection CRITICAL" "responsive-horizontal-vertical-and-accordion-tabs 1.1.18 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive-horizontal-vertical-and-accordion-tabs 1.1.16 Reflected.XSS HIGH" "responsive-horizontal-vertical-and-accordion-tabs 1.1.16 Reflected.Cross-Site.Scripting MEDIUM" "responsive-video No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "random-image-selector No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "rise-blocks 3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.TitleTag.Parameter MEDIUM" "rise-blocks 3.2 Cross-Site.Request.Forgery MEDIUM" "review-manager No.known.fix Missing.Authorization MEDIUM" "reusable-text-blocks No.known.fix Author+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "rewp 1.0.2 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "rdp-linkedin-login No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "random-featured-post-plugin No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "restricted-content 2.2.9 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "restricted-content 2.2.5 Reflected.XSS HIGH" "restricted-content 2.1.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "reviewscouk-for-woocommerce 1.2.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rsvpmaker No.known.fix Unauthenticated.SQL.Injection HIGH" "rsvpmaker 11.4.6 Missing.Authorization MEDIUM" "rsvpmaker 10.6.7 Improper.Neutralization.of.Special.Elements.used.in.an.SQL.Command.('SQL.Injection') LOW" "rsvpmaker 9.9.4 Improper.Neutralization.of.Special.Elements.used.in.an.SQL.Command.('SQL.Injection') CRITICAL" "rsvpmaker 10.6.7 Admin+.Stored.XSS HIGH" "rsvpmaker 10.6.7 Unauthenticated.PHP.Object.Injection HIGH" "rsvpmaker 10.6.7 Unauthenticated.Stored.XSS HIGH" "rsvpmaker 10.5.5 Admin+.SQL.Injection.(SQLi) HIGH" "rsvpmaker 9.2.7 Unauthenticated.SQLi MEDIUM" "rsvpmaker 9.2.6 Unauthenticated.SQLi CRITICAL" "rsvpmaker 8.7.3 Authenticated.(admin+).SSRF HIGH" "rsvpmaker 7.8.2 Unauthenticated.SQL.Injection HIGH" "rsvpmaker 6.2 SQL.Injection CRITICAL" "reverbnation-widgets No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "romancart-on-wordpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "revi-io-customer-and-product-reviews 5.8.0 Reflected.Cross-Site.Scripting MEDIUM" "responsive-client-logo-carousel-slider 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "relicwp-helper No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "remove-add-to-cart-woocommerce 1.4.5 Settings.Update.via.CSRF MEDIUM" "remove-add-to-cart-woocommerce 1.4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rss-manager No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "restaurantconnect-reswidget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "racar-clear-cart-for-woocommerce 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rss-control 3.0.8 Reflected.Cross-Site.Scripting MEDIUM" "rss-control 2.0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rebrand-fluent-forms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "responsive-google-map No.known.fix Missing.Authorization MEDIUM" "rsv-google-maps No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "robotcpa No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "restaurant-cafe-addon-for-elementor 1.5.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "restaurant-cafe-addon-for-elementor 1.6.0 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "restaurant-cafe-addon-for-elementor 1.5.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "restaurant-cafe-addon-for-elementor 1.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "restaurant-cafe-addon-for-elementor 1.5.4 Missing.Authorization.via.multiple.AJAX.functions LOW" "restaurant-cafe-addon-for-elementor 1.5.3 Missing.Authorization MEDIUM" "restaurant-cafe-addon-for-elementor 1.5.3 Cross-Site.Request.Forgery MEDIUM" "restaurant-cafe-addon-for-elementor 1.4.8 Reflected.Cross-Site.Scripting MEDIUM" "restaurant-cafe-addon-for-elementor 1.4.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ra-qrcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "reglevel No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "rsv-pdf-preview No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "re-attacher 1.0.9 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "revolut-gateway-for-woocommerce 4.17.4 Missing.Authorization.to.Unauthenticated.Order.Status.Update MEDIUM" "revolut-gateway-for-woocommerce 4.9.8 Missing.Authorization MEDIUM" "role-and-customer-based-pricing-for-woocommerce 1.4.1 Reflected.Cross-Site.Scripting MEDIUM" "role-and-customer-based-pricing-for-woocommerce 1.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rapid-cache No.known.fix Unauthenticated.Cache.Poisoning HIGH" "retain No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "restrict-user-access 2.6 Reflected.Cross-Site.Scripting MEDIUM" "restrict-user-access 2.6 Information.Exposure MEDIUM" "restrict-user-access 2.4.3 Reflected.Cross-Site.Scripting MEDIUM" "restrict-user-access 2.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "recaptcha-jetpack No.known.fix Cross-Site.Request.Forgery MEDIUM" "recaptcha-jetpack No.known.fix Settings.Update.via.CSRF MEDIUM" "recaptcha-jetpack No.known.fix Stored.XSS.via.CSRF HIGH" "recall-products No.known.fix Authenticated.Cross-Site.Scripting MEDIUM" "recall-products No.known.fix Authenticated.SQL.Injection MEDIUM" "recipe-card-blocks-by-wpzoom 3.4.4 Insecure.Direct.Object.Reference.to.Authenticated.(Contributor+).Post.Disclosure MEDIUM" "recipe-card-blocks-by-wpzoom 3.3.2 Missing.Authorization MEDIUM" "recipe-card-blocks-by-wpzoom 2.8.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "recipe-card-blocks-by-wpzoom 2.8.1 Reflected.Cross-Site.Scripting HIGH" "revampcrm-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "rotating-posts No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "review-widgets-for-foursquare 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "restrict-categories No.known.fix Reflected.XSS HIGH" "rehub-framework 19.6.2 Authenticated.(Subscriber+).SQL.Injection HIGH" "rockhoist-badges No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "rough-chart No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "remove-slug-from-custom-post-type No.known.fix Settings.Update.via.CSRF MEDIUM" "responsive-addons-for-elementor 1.6.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'rael_title_tag' MEDIUM" "responsive-addons-for-elementor 1.6.9 Authenticated.(Contributor+).Sensitive.Information.Exposure MEDIUM" "responsive-addons-for-elementor 1.6.5 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "responsive-addons-for-elementor 1.6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive-addons-for-elementor 1.6.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "real-wysiwyg No.known.fix Reflected.Cross-Site.Scripting HIGH" "rankology-seo-all-in-one-seo-analytics 2.2.5 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "remove-wp-update-nags 1.5.0 Reflected.Cross-Site.Scripting MEDIUM" "remove-wp-update-nags 1.4.0 Subscriber+.Arbitrary.Option.Update CRITICAL" "roi-calculator 1.1 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "review-wave-google-places-reviews No.known.fix Cross-Site.Request.Forgery MEDIUM" "rws-enquiry No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "related-posts 1.8.2 XSS MEDIUM" "residential-address-detection 2.5.5 Missing.Authorization MEDIUM" "residential-address-detection 2.5.5 Unauthenticated.Arbitrary.Options.Update CRITICAL" "responsive-google-maps 1.2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "resmushit-image-optimizer 0.4.4 Subscriber+.AJAX.Calls MEDIUM" "resmushit-image-optimizer 0.4.7 Multiple.CSRF MEDIUM" "resmushit-image-optimizer 0.4.6 Admin+.Cross-Site.Scripting LOW" "real-estate-manager No.known.fix Unauthenticated.Remote.Code.Execution CRITICAL" "real-estate-manager No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "real-estate-manager No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "real-estate-manager No.known.fix CAPTCHA.Bypass MEDIUM" "real-estate-manager No.known.fix Subscriber+.Privilege.Escalation HIGH" "real-estate-manager 7.0 Subscriber+.Settings.Update MEDIUM" "random-sorting-order-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "random-sorting-order-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "random-sorting-order-for-woocommerce No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "referrer-detector No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "rock-form-builder 2.5 Privilege.Escalation HIGH" "recurwp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "recurwp No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "responsive-flickr-gallery No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "review-widgets-for-capterra 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "rw-divi-unite-gallery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "rw-divi-unite-gallery No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rw-divi-unite-gallery No.known.fix Security.Bypass.via.Outdated.Freemius CRITICAL" "rdp-ingroups No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "rimons-twitter-widget 1.3 XSS MEDIUM" "restrict-for-elementor 1.0.8 Protection.Mechanism.Bypass MEDIUM" "restrict-for-elementor 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rapidexpcart No.known.fix Stored.XSS.via.CSRF CRITICAL" "rays-grid No.known.fix Cross-Site.Request.Forgery MEDIUM" "rays-grid 1.2.3 CSRF.Bypass MEDIUM" "resume-upload-form No.known.fix Captcha.Bypass MEDIUM" "review-widgets-for-amazon 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "rss-for-yandex-turbo 1.31 Admin+.Stored.Cross-Site.Scripting LOW" "rss-for-yandex-turbo 1.30 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "reactflow-session-replay-heatmap No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "rencontre 3.11.2 Subscriber+.PHP.Object.Injection HIGH" "rencontre 3.11 Privilege.Escalation CRITICAL" "rencontre 3.11 Unauthenticated.Arbitrary.File.Upload CRITICAL" "rencontre 3.2.3 Multiple.CSRF CRITICAL" "rate-star-review 1.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rate-star-review 1.5.2 Reflected.Cross-Site.Scripting MEDIUM" "rss-news-scroller No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "rocket-media-library-mime-type No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "rsfirewall 1.1.25 IP.Block.Bypass MEDIUM" "regenerate-post-permalinks No.known.fix Cross-Site.Request.Forgery MEDIUM" "related-posts-via-categories No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "rucy No.known.fix Cross-Site.Request.Forgery MEDIUM" "rucy No.known.fix CSRF.Bypass MEDIUM" "reset 1.7 Cross-Site.Request.Forgery.to.Database.Reset HIGH" "responsive-tabs 4.0.11 Contributor+.Stored.XSS MEDIUM" "responsive-tabs 4.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive-tabs 4.0.7 Contributor+.Stored.XSS MEDIUM" "responsive-tabs 2.2.7 Editor+.Stored.Cross-Site.Scripting MEDIUM" "responsive-tabs 4.0.6 Authenticated.(Contributor+).Content.Injection MEDIUM" "responsive-tabs 4.0.6 Author+.Stored.Cross-Site.Scripting MEDIUM" "require-taxonomy-image-category-tag 1.27 Reflected.Cross-Site.Scripting MEDIUM" "readme-creator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "rife-elementor-extensions 1.2.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Writing.Effect.Headline.Shortcode MEDIUM" "rife-elementor-extensions 1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Writing.Effect.Headline.Widget MEDIUM" "rife-elementor-extensions 1.1.6 Contributor+.Stored.XSS MEDIUM" "reactive-mortgage-calculator No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "remember-me-controls 2.1 Unauthenticated.Full.Path.Disclosure MEDIUM" "repayment-calculator No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "rt-easy-builder-advanced-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-site.Scripting MEDIUM" "rt-easy-builder-advanced-addons-for-elementor 2.1 Missing.Authorization MEDIUM" "rt-easy-builder-advanced-addons-for-elementor 1.9 Reflected.Cross-Site.Scripting MEDIUM" "rt-easy-builder-advanced-addons-for-elementor 1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "razorpay-subscription-button-elementor 1.0.4 Reflected.Cross-Site.Scripting.via.add_query_arg.and.remove_query_arg.Functions MEDIUM" "restrict-taxonomies No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "report-broken-links No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "report-broken-links No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "responsive-filterable-portfolio 1.0.9 Authenticated.(Admin+).SQL.Injection MEDIUM" "responsive-filterable-portfolio 1.0.23 Server-Side.Request.Forgery MEDIUM" "responsive-filterable-portfolio 1.0.20 Reflected.XSS HIGH" "raygun4wp 1.8.3 XSS MEDIUM" "raygun4wp 1.8.1 Unauthenticated.Reflected.XSS MEDIUM" "reflex-gallery 3.1.5 jQuery.prettyPhoto.DOM.Cross-Site.Scripting.(XSS) MEDIUM" "reviews-widgets 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "resize-at-upload-plus No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "randomtext No.known.fix Subscriber+.SQLi HIGH" "review-schema 2.2.5 Authenticated.(Contributor+).Local.File.Inclusion.via.Post.Meta HIGH" "review-schema 2.2.0 Missing.Authorization.to.Arbitrary.Review.Update MEDIUM" "review-widgets-for-szallas-hu 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "regpack No.known.fix Admin+.Stored.XSS LOW" "really-simple-google-tag-manager 1.0.7 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "related-post 2.0.60 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "related-post 2.0.59 Sensitive.Information.Exposure MEDIUM" "related-post 2.0.54 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rock-convert 3.0.0 Admin+.Stored.XSS LOW" "rock-convert 2.6.0 Reflected.Cross-Site.Scripting MEDIUM" "rock-convert 2.11.0 Admin+.Stored.Cross-Site.Scripting LOW" "radio-buttons-for-taxonomies 2.0.6 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "radio-buttons-for-taxonomies 2.0.6 Cross-Site.Request.Forgery MEDIUM" "rezgo 4.17.1 Unauthenticated.Local.File.Inclusion HIGH" "rezgo 4.1.8 Reflected.Cross-Site-Scripting MEDIUM" "rezgo 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "restricted-site-access 7.3.2 Access.Bypass.via.IP.Spoofing MEDIUM" "redirect-by-cookie 1.07 Reflected.Cross-Site.Scripting MEDIUM" "recipes-writer No.known.fix XSS MEDIUM" "request-a-quote 2.4.1 Admin+.Stored.XSS LOW" "request-a-quote 2.3.9 Admin+.Stored.Cross-Site.Scripting LOW" "request-a-quote 2.3.9 Admin+.Stored.Cross-Site.Scripting LOW" "request-a-quote 2.3.4 Authenticated.Stored.XSS MEDIUM" "rio-video-gallery No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "related-youtube-videos 1.9.9 CSRF.&.XSS HIGH" "remove-add-to-cart-button-for-woocommerce 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "remove-add-to-cart-button-for-woocommerce 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "responsive-gallery-grid 2.3.15 Admin+.Stored.XSS LOW" "responsive-gallery-grid 2.3.11 Admin+.Stored.XSS LOW" "responsive-gallery-grid 2.3.14 Settings.Update.via.CSRF MEDIUM" "responsive-gallery-grid 2.3.9 Contributor+.Stored.XSS MEDIUM" "rabbit-loader 2.21.1 Reflected.Cross-Site.Scripting MEDIUM" "rabbit-loader 2.19.14 Missing.Authorization.via.multiple.AJAX.actions MEDIUM" "recencio-book-reviews No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rsvp 2.7.15 Authenticated.(Administrator+).SQL.Injection MEDIUM" "rsvp 2.7.14 Missing.Authorization MEDIUM" "rsvp 2.7.8 Unauthenticated.Entries.Export HIGH" "rsvp 2.7.5 Reflected.Cross-Site.Scripting MEDIUM" "rsvp 2.3.8 XSS MEDIUM" "riovizual No.known.fix Cross-Site.Request.Forgery MEDIUM" "recaptcha-for-all 2.23 Cross-Site.Request.Forgery MEDIUM" "related-videos-for-jw-player No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "restaurant-solutions-checklist No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "reservit-hotel 3.0 Admin+.Stored.XSS LOW" "replace-word No.known.fix Cross-Site.Request.Forgery MEDIUM" "rizzi-guestbook No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "robin-image-optimizer 1.7.0 Missing.Authorization MEDIUM" "responsive-coming-soon 2.2.2 Maintenance.Mode.Bypass MEDIUM" "responsive-coming-soon 1.8.2 Arbitrary.Settings.Reset MEDIUM" "reach-us-contact-form No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "reach-us-contact-form No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "reach-us-contact-form No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "responsive-flipbook No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "rrdevs-for-elementor No.known.fix Authenticated.(Contributor+).Post.Disclosure MEDIUM" "rrdevs-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rich-table-of-content 1.4.1 Missing.Authorization MEDIUM" "rich-table-of-content 1.3.9 Contributor+.Stored.XSS MEDIUM" "recently-viewed-most-viewed-and-sold-products-for-woocommerce No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "relevanssi-premium 2.25.2 Missing.Authorization.to.Unauthenticated.Count.Option.Update MEDIUM" "relevanssi-premium 2.25 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "relevanssi-premium 2.25.0 Unauthenticated.Private/Draft.Post.Disclosure MEDIUM" "relevanssi-premium 2.16.5 Subscriber+.Unauthorised.AJAX.Calls MEDIUM" "relevanssi-premium 1.14.6.1 SQL.Injection.&.PHP.Object.Injection HIGH" "r3w-instafeed No.known.fix Reflected.XSS HIGH" "remove-cpt-base 5.9 CPT.Deletion.via.CSRF MEDIUM" "rsv-360-view No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "real-estate-listing-realtyna-wpl 4.14.14 Admin+.Arbitrary.File.Upload MEDIUM" "real-estate-listing-realtyna-wpl 4.14.8 Reflected.XSS HIGH" "real-estate-listing-realtyna-wpl 4.14.8 Unauthenticated.SQLi HIGH" "rss-in-page No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "review-buddypress-groups 2.8.4 Subscriber+.Arbitrary.Settings.Update.&.Review.Modification MEDIUM" "review-buddypress-groups 2.8.1 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "real3d-flipbook-lite 4.8.5 Authenticated.(Author+).Arbitrary.File.Upload HIGH" "real3d-flipbook-lite 3.72 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "real3d-flipbook-lite 3.63 Reflected.Cross-Site.Scripting MEDIUM" "recurring-bookings-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "recurring-bookings-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "remove-old-slugspermalinks 2.7.0 Cross-Site.Request.Forgery MEDIUM" "responsivevoice-text-to-speech 1.7.7 Contributor+.Stored.XSS MEDIUM" "rate-my-post 4.2.5 Unauthenticated.Voting.On.Scheduled.Posts MEDIUM" "rate-my-post 3.4.5 Insecure.Direct.Object.Reference MEDIUM" "rate-my-post 3.4.3 IP.Spoofing MEDIUM" "rate-my-post 3.3.9 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "rate-my-post 3.3.5 Subscriber+.Votes.Tampering.via.Race.Condition MEDIUM" "rate-my-post 3.3.5 Cross-Site.Request.Forgery MEDIUM" "role-based-bulk-quantity-pricing 1.1.7 Reflected.Cross-Site.Scripting MEDIUM" "read-and-understood 2.2 Authenticated.Stored.XSS.&.CSRF HIGH" "remove-date-and-gravatar-under-comment No.known.fix Cross-Site.Request.Forgery MEDIUM" "rankbear No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "rankbear No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rewrite No.known.fix Cross-Site.Request.Forgery MEDIUM" "redirection-plus No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "realty-workstation No.known.fix Missing.Authorization MEDIUM" "realty-workstation No.known.fix Authentication.Bypass.to.Account.Takeover CRITICAL" "realty-workstation 1.0.15 Agent.SQLi HIGH" "relogo No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "rich-event-timeline No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "rotatingtweets No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "review-engine No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "review-engine No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "review-engine No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "rentpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "required-taxonomies 1.1.8 Reflected.Cross-Site.Scripting MEDIUM" "required-taxonomies 1.1.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "reviews-plus 1.3.5 Missing.Authorization.to.Notice.Dismissal MEDIUM" "reviews-plus 1.2.14 Subscriber+.Reviews.DoS LOW" "role-includer No.known.fix Reflected.Cross-Site.Scripting.via.user_id.Parameter MEDIUM" "role-includer No.known.fix Reflected.Cross-Site.Scripting.via.user_id.Parameter MEDIUM" "rightmessage No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive-vector-maps 6.4.2 Responsive.Vector.Maps.<.6.4.2.-.Subscriber+.Arbitrary.File.Read HIGH" "relais-2fa No.known.fix Authentication.Bypass CRITICAL" "resermy No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "resermy No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "resermy No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "radio-player No.known.fix Unauthenticated.Server-Side.Request.Forgery HIGH" "radio-player 2.0.79 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.align.Attribute MEDIUM" "radio-player 2.0.74 Missing.Authorization.to.Player.Deletion MEDIUM" "radio-player 2.0.74 Missing.Authorization.to.Settings.Update MEDIUM" "radio-player 2.0.74 Missing.Authorization.to.Player.Update MEDIUM" "radio-player 2.0.74 Missing.Authorization MEDIUM" "radio-player 2.0.74 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "radio-player 2.0.74 Unauthenticated.Server-Side.Request.Forgery HIGH" "radio-player 2.0.74 Missing.Authorization.to.Authenticated.(Subscriber+).Information.Disclosure MEDIUM" "radio-player 2.0.74 Missing.Authorization.via.get_players MEDIUM" "radio-player 2.0.5 Reflected.Cross-Site.Scripting MEDIUM" "radio-player 1.0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "role-scoper 1.3.67 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "reviews-feed 1.2.0 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Settings.Update MEDIUM" "reviews-feed 1.2.0 Cross-Site.Request.Forgery MEDIUM" "reviewx 1.6.29 Insufficient.Rating.Validation MEDIUM" "reviewx 1.6.28 Missing.Authorization MEDIUM" "reviewx 1.6.22 Missing.Authorization MEDIUM" "reviewx 1.6.23 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "reviewx 1.6.14 Subscriber+.Privilege.Escalation HIGH" "reviewx 1.6.4 Subscriber+.SQLi HIGH" "reviewx 1.2.9 Unauthorised.AJAX.call.via.CSRF MEDIUM" "reciply No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "reciply 1.1.8 Unauthenticated.File.Upload MEDIUM" "recipepress-reloaded No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "radslide No.known.fix Missing.Authorization MEDIUM" "realbig-media 1.0.7 Settings.Update.via.CSRF MEDIUM" "remove-footer-credit 1.0.14 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "remove-footer-credit 1.0.11 Admin+.Stored.Cross-Site.Scripting LOW" "remove-footer-credit 1.0.6 CSRF.to.Stored.Cross-Site.Scripting HIGH" "registered-user-sync-activecampaign No.known.fix Missing.Authorization MEDIUM" "robo-gallery 3.2.22 Contributor+.Stored.XSS MEDIUM" "robo-gallery 3.2.24 Admin+.Stored.XSS LOW" "robo-gallery 3.2.22 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "robo-gallery 3.2.22 Missing.Authorization.to.Authenticated.(Subscriber+).Private.Gallery.Title.Disclosure MEDIUM" "robo-gallery 3.2.22 Contributor+.Stored.XSS MEDIUM" "robo-gallery 3.2.20 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Gallery.Title MEDIUM" "robo-gallery 3.2.20 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Image.Title MEDIUM" "robo-gallery 3.2.20 Cross-Site.Request.Forgery.to.Post.Creation.and.Limited.Data.Loss HIGH" "robo-gallery 3.2.19 Unauthenticated.Information.Exposure MEDIUM" "robo-gallery 3.2.18 Author+.Stored.XSS MEDIUM" "robo-gallery 3.2.16 Admin+.Stored.XSS LOW" "robo-gallery 3.2.13 Contributor+.Stored.XSS MEDIUM" "robo-gallery 3.2.11 Plugin.Activation/Deactivation.via.CSRF MEDIUM" "robo-gallery 3.2.12 Cross-Site.Request.Forgery MEDIUM" "rescue-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rescue-shortcodes 3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.rescue_progressbar.Shortcode MEDIUM" "rescue-shortcodes 2.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "rescue-shortcodes 2.6 Contributor+.Stored.XSS MEDIUM" "recapture-for-woocommerce 1.0.44 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "rich-snippets-vevents No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.Options.Update HIGH" "redirects No.known.fix Missing.Authorization.via.save MEDIUM" "redirects No.known.fix Missing.Authorization MEDIUM" "royal-elementor-addons 1.7.1018 Contributor+.Stored.XSS MEDIUM" "royal-elementor-addons 1.3.979 Contributor+.Stored.XSS MEDIUM" "royal-elementor-addons 1.7.1013 Contributor+.DOM-Based.Stored.XSS MEDIUM" "royal-elementor-addons 1.7.1013 Contributor+.Stored.XSS MEDIUM" "royal-elementor-addons 1.7.1007 Admin+.SSRF LOW" "royal-elementor-addons 1.7.1008 Reflected.XSS HIGH" "royal-elementor-addons 1.7.1007 Stored.XSS.via.CSRF HIGH" "royal-elementor-addons 1.7.1002 Reflected.Cross-Site.Scripting HIGH" "royal-elementor-addons 1.7.1002 Missing.Authorization LOW" "royal-elementor-addons 1.7.1 Contributor+.Stored.XSS MEDIUM" "royal-elementor-addons 1.7.1004 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "royal-elementor-addons 1.7.1002 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.Google.Maps.Widget MEDIUM" "royal-elementor-addons 1.7.1002 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.Form.Builder.Widget MEDIUM" "royal-elementor-addons 1.7.1002 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Widget MEDIUM" "royal-elementor-addons 1.3.981 Authenticated.(Author+).External.Entity.Injection MEDIUM" "royal-elementor-addons 1.3.987 Authenticated.(Subscriber+).Private.Post.Disclosure MEDIUM" "royal-elementor-addons 1.3.987 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Team.Member.Widget MEDIUM" "royal-elementor-addons 1.3.985 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "royal-elementor-addons 1.3.981 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.Magazine.Grid/Slider.Widget MEDIUM" "royal-elementor-addons 1.3.977 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "royal-elementor-addons 1.3.977 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.Uploads MEDIUM" "royal-elementor-addons 1.3.976 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Back.to.Top.Widget MEDIUM" "royal-elementor-addons 1.3.976 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "royal-elementor-addons 1.3.975 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Form.Builder.Widget MEDIUM" "royal-elementor-addons 1.3.95 Unauthenticated.IP.Spoofing MEDIUM" "royal-elementor-addons 1.3.972 Contributor+.DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "royal-elementor-addons 1.3.972 Contributor+.Stored.Cross-Site.Scripting.via.Flip.Carousel,.Flip.Box,.Post.Grid,.and.Taxonomy.List.Widget.Attributes MEDIUM" "royal-elementor-addons 1.3.972 Contributor+.Stored.Cross-Site.Scripting.via.Advanced.Accordion.Title.Tags MEDIUM" "royal-elementor-addons 1.3.972 Contributor+.Stored.Cross-Site.Scripting.via.HTML.Tags MEDIUM" "royal-elementor-addons 1.3.95 Unauthenticated.Limited.File.Upload HIGH" "royal-elementor-addons 1.3.95 Contributor+.Stored.Cross-Site.Scriting MEDIUM" "royal-elementor-addons 1.3.92 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Logo.Widget MEDIUM" "royal-elementor-addons 1.3.88 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "royal-elementor-addons 1.3.88 Multiple.Cross-Site.Request.Forgery MEDIUM" "royal-elementor-addons 1.3.88 Missing.Authorization.via.wpr_update_form_action_meta MEDIUM" "royal-elementor-addons 1.3.81 Unauthenticated.Arbitrary.Post.Read MEDIUM" "royal-elementor-addons 1.7.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "royal-elementor-addons 1.3.79 Unauthenticated.Arbitrary.File.Upload CRITICAL" "royal-elementor-addons 1.3.71 Reflected.Cross-Site.Scripting MEDIUM" "royal-elementor-addons 1.3.71 Unauthenticated.API.Key.Disclosure MEDIUM" "royal-elementor-addons 1.3.60 Menu.Template.Creation.via.CSRF MEDIUM" "royal-elementor-addons 1.3.60 Subscriber+.Arbitrary.Template.Import MEDIUM" "royal-elementor-addons 1.3.60 Subscriber+.Mega.Menu.Settings.Update MEDIUM" "royal-elementor-addons 1.3.60 Subscriber+.Arbitrary.Import.Deletion MEDIUM" "royal-elementor-addons 1.3.60 Subscriber+.Arbitrary.Plugin.Deactivation MEDIUM" "royal-elementor-addons 1.3.60 Reflected.XSS HIGH" "royal-elementor-addons 1.3.60 Subscriber+.Template.Kit.Import MEDIUM" "royal-elementor-addons 1.3.60 Subscriber+.Template.Condition.Update MEDIUM" "royal-elementor-addons 1.3.60 Subscriber+.Arbitrary.Template.Activation MEDIUM" "royal-elementor-addons 1.3.60 Subscriber+.Arbitrary.Plugin.Activation MEDIUM" "royal-elementor-addons 1.3.60 Subscriber+.Arbitrary.Theme.Activation MEDIUM" "royal-elementor-addons 1.3.56 Subscriber+.Arbitrary.Post.Creation MEDIUM" "royal-elementor-addons 1.3.56 Subscriber+.Arbitrary.Post.Deletion HIGH" "royal-elementor-addons 1.3.33 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "random-quotes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "royal-core No.known.fix Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "restrict-usernames-emails-characters 3.1.4 Admin+.Stored.XSS LOW" "rrssb No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "razorpay-payment-button 2.4.7 Reflected.Cross-Site.Scripting MEDIUM" "really-simple-ssl 9.2.0 Cross-Site.Request.Forgery MEDIUM" "really-simple-ssl 9.1.2 9.1.1.1.-.Authentication.Bypass CRITICAL" "really-simple-ssl 8.0.0 Admin+.Server-Side.Request.Forgery MEDIUM" "r-animated-icon No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "rankchecker-io-integration No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "rename-media-files No.known.fix Authenticated.(Contributor+).Remote.Code.Execution HIGH" "rich-reviews No.known.fix Arbitrary.Reviews.Deletion.via.CSRF MEDIUM" "rich-reviews 1.9.6 Admin+.SQL.Injection MEDIUM" "rss-filter No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "rafflepress 1.12.17 Admin+.Stored.XSS LOW" "rafflepress 1.12.16 Editor+.Stored.XSS LOW" "rafflepress 1.12.14 Editor+.Stored.XSS LOW" "rafflepress 1.12.5 Missing.Authorization MEDIUM" "rafflepress 1.12.11 IP.Spoofing MEDIUM" "rafflepress 1.12.7 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "rafflepress 1.12.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "rafflepress 1.11.3 Contributor+.Stored.XSS MEDIUM" "rss-icon-widget No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "related-posts-list-grid-and-slider-all-in-one No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "rccp-free No.known.fix Stored.XSS.via.CSRF HIGH" "responsive-youtube-videos No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive-video-embed 0.5.1 Contributor+.Stored.XSS MEDIUM" "rest-api-fns No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "rest-api-fns No.known.fix Privilege.Escalation CRITICAL" "rocket-wp-mobile No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "rover-idx 3.0.0.2906 Authenticated.(Subscriber+).Authentication.Bypass.to.Administrator HIGH" "rover-idx 3.0.0.2905 Authenticated.(Subscriber+).Missing.Authorization.via.Multiple.Functions MEDIUM" "root-cookie No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "rss-import No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "real-time-auto-find-and-replace 1.6.8 Missing.Authorization.to.Authenticated.(Subscriber+).Privilege.Escalation HIGH" "real-time-auto-find-and-replace 1.6.2 Unauthenticated.PHP.Object.Injection HIGH" "real-time-auto-find-and-replace 1.3.6 Admin+.SQLi MEDIUM" "real-time-auto-find-and-replace 1.2.9 Reflected.Cross-Site.Scripting HIGH" "related-posts-for-wp 2.2.2 Cross-Site.Request.Forgery MEDIUM" "related-posts-for-wp 2.0.5 Authenticated.Stored.XSS.&.XFS MEDIUM" "related-posts-for-wp 2.0.4 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "related-posts-for-wp 1.8.2 Cross-Site.Scripting.(XSS) CRITICAL" "recently-purchased-products-for-woo 1.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.view.Parameter MEDIUM" "rename-author-slug No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "restrict-content 3.2.14 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "restrict-content 3.2.9 Missing.Authorization MEDIUM" "restrict-content 3.2.8 Information.Exposure.via.legacy.log.file MEDIUM" "restrict-content 3.2.5 Reflected.Cross-Site.Scripting MEDIUM" "restrict-content 3.2.3 Restrict.Content.<.3.2.3.-.Reflected.XSS HIGH" "review-widgets-for-tripadvisor 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "rsvp-me No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "rsvp-me No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "rsvp-me No.known.fix Unauthenticated.SQL.Injection HIGH" "redirect-404-error-page-to-homepage-or-custom-page 1.8.8 Authenticated.(Administrator+).SQL.Injection HIGH" "redirect-404-error-page-to-homepage-or-custom-page 1.8.0 Reflected.Cross-Site.Scripting MEDIUM" "redirect-404-error-page-to-homepage-or-custom-page 1.7.9 Log.Deletion.via.CSRF MEDIUM" "rocket-font No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "recurring-donation 1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "responsive-menu 4.1.8 Subscriber+.Arbitrary.File.Upload./.Theme.Deletion./.Plugin.Settings.Update HIGH" "responsive-menu 4.0.4 CSRF.to.Arbitrary.File.Upload HIGH" "responsive-menu 4.0.4 CSRF.to.Settings.Update MEDIUM" "responsive-menu 4.0.4 4.0.3.-.Authenticated.Arbitrary.File.Upload CRITICAL" "responsive-menu 3.1.4 XSS.and.CSRF HIGH" "real-cookie-banner 3.4.10 Contributor+.Stored.XSS MEDIUM" "real-cookie-banner 2.18.2 Reflected.Cross-Site.Scripting MEDIUM" "real-cookie-banner 2.14.2 Settings.Reset.via.CSRF MEDIUM" "rollover-tab No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "real-estate-pro 1.7.1 Subscriber+.Privilege.Escalation CRITICAL" "restrict-user-registration No.known.fix Restrict.User.Registration.<=.1,0,1..Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "request-call-back No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "reloaded-rezdy No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "rentsyst No.known.fix Stored.XSS.via.CSRF HIGH" "rebuild-permalinks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "revslider 6.7.19 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "revslider 6.7.14 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "revslider 6.7.11 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Add.Layer.class,.id,.and.title.Attributes MEDIUM" "revslider 6.7.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Elementor.wrapperid.and.zindex MEDIUM" "revslider 6.7.0 Missing.Authorization MEDIUM" "revslider 6.7.11 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "revslider 6.7.8 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.htmltag.Parameter MEDIUM" "revslider 6.7.0 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "revslider 6.6.19 Author+.Insecure.Deserialization.leading.to.RCE HIGH" "revslider 6.6.16 Authenticated.(Author+).Arbitrary.File.Upload HIGH" "revslider 6.6.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "revslider 6.6.13 Author+.Remote.Code.Execution MEDIUM" "revslider 4.1.5 Local.File.Disclosure HIGH" "revslider 3.0.96 WordPress.Slider.Revolution.Shell.Upload CRITICAL" "responsive-lightbox2 1.0.4 Contributor+.Stored.XSS MEDIUM" "responsive-lightbox2 1.0.3 Authenticated.Stored.Cross-Site.Scripting LOW" "realteo 1.2.9 Real.Estate.Plugin.by.Purethemes.<.1.2.9.-.Authentication.Bypass.via.'do_register_user' CRITICAL" "realteo 1.2.4 Arbitrary.Property.Deletion.via.IDOR HIGH" "realteo 1.2.4 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "removehide-author-date-category-like-entry-meta No.known.fix Settings.Update.via.CSRF MEDIUM" "rollbar No.known.fix Cross-Site.Request.Forgery MEDIUM" "responsive-header-image-slider No.known.fix Contributor+.Stored.XSS MEDIUM" "robo-maps No.known.fix Google.Maps.<=.1.0.6.-.Contributor+.Stored.XSS MEDIUM" "responsivity No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "really-simple-featured-video 0.7.2 Reflected.Cross-Site.Scripting MEDIUM" "really-simple-featured-video 0.5.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "read-more-copy-link No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "rng-refresh No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "responsive-menu-pro 4.0.4 CSRF.to.Arbitrary.File.Upload HIGH" "responsive-menu-pro 4.0.4 CSRF.to.Settings.Update MEDIUM" "responsive-menu-pro 4.0.4 4.0.3.-.Authenticated.Arbitrary.File.Upload CRITICAL" "random-banner No.known.fix Contributor+.Stored.XSS MEDIUM" "random-banner No.known.fix Admin+.Stored.XSS LOW" "random-banner 4.1.6 Admin+.Stored.Cross-Site.Scripting LOW" "random-banner 2.0 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "read-offline No.known.fix Folders.Disclosure.via.Outdated.jQueryFileTree.Library MEDIUM" "read-offline No.known.fix Reflected.Cross-Site.Scripting.via.PHPRelativePath.Library HIGH" "responsive-coming-soon-page No.known.fix Unauthenticated.Information.Exposure MEDIUM" "responsive-coming-soon-page 1.6.0 Improper.Neutralization.of.Special.Elements.used.in.an.SQL.Command.('SQL.Injection') HIGH" "ratings-shorttags No.known.fix Stored.XSS.via.CSRF HIGH" "realty 1.1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "realty 1.1.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "recently 3.0.5 Authenticated.Code.Injection HIGH" "recently 3.0.5 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "responsive-block-editor-addons 2.0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive-block-editor-addons 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive-block-editor-addons 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.section_tag.Parameter MEDIUM" "responsive-block-editor-addons 1.9.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive-block-editor-addons 1.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "restaurant-reservations 2.6.30 Missing.Authorization MEDIUM" "restaurant-reservations 2.6.17 Missing.Authorization MEDIUM" "restaurant-reservations 2.6.8 Reflected.Cross-Site.Scripting HIGH" "restaurant-reservations 2.4.12 Unauthenticated.Arbitrary.Payment.Status.Update.to.Stored.XSS HIGH" "restaurant-reservations 2.4.8 Subscriber+.Stored.Cross-Site.Scripting HIGH" "registrations-for-the-events-calendar 2.13.4 Admin+.Stored.XSS LOW" "registrations-for-the-events-calendar 2.12.4 Unauthenticated.Stored.XSS HIGH" "registrations-for-the-events-calendar 2.12.2 Missing.Authorization MEDIUM" "registrations-for-the-events-calendar 2.12.3 Authenticated.(Contributor+).SQL.Injection CRITICAL" "registrations-for-the-events-calendar 2.7.10 Reflected.Cross-Site.Scripting HIGH" "registrations-for-the-events-calendar 2.7.6 Unauthenticated.SQL.Injection HIGH" "registrations-for-the-events-calendar 2.7.5 Reflected.Cross-Site.Scripting HIGH" "redirect-to-welcome-or-landing-page No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "revechat No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "redirect-redirection 1.2.0 Subscriber+.Unauthorised.Action.Calls MEDIUM" "redirect-redirection 1.1.4 Plugin.Installation.via.CSRF MEDIUM" "redirect-redirection 1.1.4 Subscriber+.Plugin.Installation MEDIUM" "redirect-redirection 1.1.5 Plugin.Reset.via.CSRF MEDIUM" "redirect-redirection 1.1.4 Redirect.Creation.via.CSRF MEDIUM" "responsive-add-ons 3.1.5 Authenticated.(Contributor+).Blind.Server-Side.Request.Forgery.via.remote_request MEDIUM" "responsive-add-ons 3.0.6 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "responsive-add-ons 2.2.6 Unprotected.AJAX.Endpoints CRITICAL" "site-pin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "suevafree-essential-kit 1.1.4 Contributor+.Stored.XSS MEDIUM" "spark-gf-failed-submissions No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "smart-maintenance-countdown No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "simple-comment-editing 3.1.0 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "slickquiz No.known.fix Authenticated.SQL.Injection HIGH" "slickquiz No.known.fix Unauthenticated.Stored.XSS MEDIUM" "svt-simple No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sequel No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "svg-uploads-support No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "sitekit 1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sitekit 1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "sitekit 1.5 Contributor+.Stored.XSS MEDIUM" "sitekit 1.4 Contributor+.Stored.XSS MEDIUM" "splash-connector 2.0.8 Reflected.Cross-Site.Scripting MEDIUM" "seo-bulk-editor No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "sg-security 1.5.1 Missing.Authorization.via.hide_notice() MEDIUM" "sg-security 1.3.1 Admin+.SQLi MEDIUM" "sg-security 1.2.6 Authorization.Weakness.to.Authentication.Bypass.via.2-FA.Back-up.Codes HIGH" "sg-security 1.2.6 Authentication.Bypass.via.2-FA.Authentication.Setup CRITICAL" "staging-cdn No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-nav-archives No.known.fix Settings.Update.via.CSRF MEDIUM" "shortcodes-ultimate 7.3.4 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 7.3.0 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "shortcodes-ultimate 7.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.su_lightbox.Shortcode MEDIUM" "shortcodes-ultimate 7.1.6 Contributor+.Stored.XSS.via.su_members.Shortcode MEDIUM" "shortcodes-ultimate 7.1.3 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 7.1.2 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 7.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.su_lightbox MEDIUM" "shortcodes-ultimate 7.1.0 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 7.0.5 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 7.0.5 Contributor+.Stored.Cross-Site.Scripting.via.'note_color'.Shortcode MEDIUM" "shortcodes-ultimate 7.0.4 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 7.0.3 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 7.0.2 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "shortcodes-ultimate 7.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shortcodes-ultimate 7.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shortcodes-ultimate 7.0.0 Insecure.Direct.Object.Reference.to.Information.Disclosure MEDIUM" "shortcodes-ultimate 5.13.1 Reflected.Cross-Site.Scripting MEDIUM" "shortcodes-ultimate 5.12.8 Subscriber+.User.Meta.Disclosure MEDIUM" "shortcodes-ultimate 5.12.8 Subscriber+.Arbitrary.Post.Access MEDIUM" "shortcodes-ultimate 5.12.7 Subscriber+.SSRF MEDIUM" "shortcodes-ultimate 5.12.7 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 5.12.7 Subscriber+.Arbitrary.File.Access MEDIUM" "shortcodes-ultimate 5.12.1 Stored.XSS.via.CSRF MEDIUM" "shortcodes-ultimate 5.12.1 Settings.Preset.Update.via.CSRF MEDIUM" "shortcodes-ultimate 5.10.2 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 5.0.1 Authenticated.Contributor.Code.Execution CRITICAL" "shortcodes-ultimate 4.10.0 Authenticated.Directory.Traversal MEDIUM" "sticky-social-link No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "super-notes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "super-notes No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "social2blog No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "singsong No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "smart-popup-blaster No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "smart-popup-blaster No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sv-tracking-manager 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "sv-tracking-manager 1.8.02 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ssv-mailchimp No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "so-pinyin-slugs 2.3.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "swiftxr-3darvr-viewer No.known.fix Cross-Site.Request.Forgery MEDIUM" "simple-tooltips No.known.fix Admin+.Stored.XSS LOW" "simple-tooltips 2.1.4 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "stackable-ultimate-gutenberg-blocks 3.13.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "stackable-ultimate-gutenberg-blocks 3.13.7 Unauthenticated.CSS.Injection MEDIUM" "stackable-ultimate-gutenberg-blocks 3.13.2 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "stackable-ultimate-gutenberg-blocks 3.12.12 Contributor+.Stored.XSS.via.Posts.Block MEDIUM" "stackable-ultimate-gutenberg-blocks 3.9.1 Reflected.Cross-Site.Scripting MEDIUM" "stackable-ultimate-gutenberg-blocks 3.1.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "security-antivirus-firewall No.known.fix IP.Address.Spoofing.to.Protection.Mechanism.Bypass MEDIUM" "smart-mockups No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "small-package-quotes-ups-edition 4.5.17 Unauthenticated.SQL.Injection HIGH" "shortcode-menu No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "spam-byebye No.known.fix Cross-Site.Request.Forgery MEDIUM" "spam-byebye 2.2.2 Cross-Site.Scripting.(XSS) MEDIUM" "seo-blogger-to-wordpress-301-redirector No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-basic-contact-form 20250114 Admin+.Stored.XSS LOW" "simple-basic-contact-form 20240511 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "simple-basic-contact-form 20240502 Reflected.Cross-Site.Scripting MEDIUM" "simple-basic-contact-form 20221201 Admin+.Stored.XSS LOW" "stop-referrer-spam 1.3.1 CSRF MEDIUM" "stars-rating 3.5.1 Comments.Denial.of.Service MEDIUM" "show-visitor-ip-address No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "smooth-scrolling-links-ssl No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "schedule-posts-calendar 5.3 CSRF MEDIUM" "schedule-posts-calendar 5.3 Admin+.Stored.XSS LOW" "soundrise-music 1.7.1 Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "sitepact-klaviyo-contact-form-7 3.0.0 Unauthenticated.SQL.Injection HIGH" "side-menu 3.1.5 Authenticated.(admin+).SQL.Injection HIGH" "simple-admin-language-change 2.0.2 Arbitrary.User.Locale.Change MEDIUM" "seedprod-coming-soon-pro-5 6.18.13 Authenticated.(Administrator+).SQL.Injection MEDIUM" "seedprod-coming-soon-pro-5 6.18.14 Authenticated.(Editor+).Remote.Code.Execution HIGH" "seedprod-coming-soon-pro-5 6.18.13 Authenticated.(Editor+).SQL.Injection MEDIUM" "sendpulse-web-push 1.3.7 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "sendpulse-web-push 1.3.2 CSRF MEDIUM" "slider-pro-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simplemortgage No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-vertical-timeline No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sidebartabs No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "support-x 1.1.8 Reflected.Cross-Site.Scripting MEDIUM" "support-x 1.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "support-x 1.1.6 Reflected.Cross-Site.Scripting MEDIUM" "simple-membership 4.5.6 Exposure.of.Private.Personal.Information.to.an.Unauthorized.Actor MEDIUM" "simple-membership 4.5.4 Unauthenticated.Open.Redirect MEDIUM" "simple-membership 4.4.6 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "simple-membership 4.4.4 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "simple-membership 4.4.3 Unauthenticated.Stored.Self-Based.Cross-Site.Scripting MEDIUM" "simple-membership 4.4.2 Open.Redirect MEDIUM" "simple-membership 4.3.9 Reflected.Cross-Site.Scripting.Vulnerability.via.environment_mode MEDIUM" "simple-membership 4.3.5 Account.Takeover.via.Password.Reset HIGH" "simple-membership 4.3.5 Privilege.escalation.via.Registration HIGH" "simple-membership 4.3.6 Reflected.XSS HIGH" "simple-membership 4.2.2 Contributor+.Stored.XSS MEDIUM" "simple-membership 4.1.3 Membership.Privilege.Escalation MEDIUM" "simple-membership 4.1.3 Unauthenticated.Membership.Privilege.Escalation MEDIUM" "simple-membership 4.1.1 Reflected.Cross-Site.Scripting MEDIUM" "simple-membership 4.1.0 Arbitrary.Transaction.Deletion.via.CSRF MEDIUM" "simple-membership 4.0.9 Arbitrary.Member.Deletion.via.CSRF MEDIUM" "simple-membership 4.0.4 Authenticated.SQL.Injections CRITICAL" "simple-membership 3.8.5 Cross-Site.Request.Forgery.(CSRF) HIGH" "simple-membership 3.5.7 XSS MEDIUM" "simple-membership 3.3.3 Multiple.CSRF HIGH" "searchterms-tagging-2 No.known.fix XSS.&.Authenticated.SQL.Injection HIGH" "scalable-vector-graphics-svg No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "send-prebuilt-emails No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "send-prebuilt-emails No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "scripts-organizer 3.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "subscribe2 10.44 Unauthenticated.Stored.Cross-Site.Scripting.via.IP.Parameter HIGH" "subscribe2 10.41 Sending.Emails.via.CSRF MEDIUM" "subscribe2 10.41 Missing.Access.Controls MEDIUM" "subscribe2 10.38 User.Deletion.via.CSRF HIGH" "subscribe2 10.16 XSS MEDIUM" "shiftcontroller 4.9.67 Reflected.Cross-Site.Scripting MEDIUM" "shiftcontroller 4.9.65 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "shiftcontroller 4.9.58 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "shiftcontroller 4.9.24 CSRF MEDIUM" "shiftcontroller 4.9.26 Reflected.Cross-Site.Scripting MEDIUM" "social-rocket No.known.fix Missing.Authorization.to.Settings.Update MEDIUM" "social-rocket No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "social-rocket 1.3.4 Reflected.Cross-Site.Scripting MEDIUM" "social-rocket 1.3.3 Admin+.Stored.Cross-Site.Scripting LOW" "social-rocket 1.2.10 Cross-Site.Request.Forgery.in.Settings MEDIUM" "smartarget-message-bar No.known.fix Admin+.Stored.XSS LOW" "seo-content-randomizer 3.28.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "spiderpowa-embed-pdf No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-social-share-block No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "site-launcher No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "super-forms-bundle 4.9.703 Unauthenticated.PHP.File.Upload.to.RCE CRITICAL" "ship-to-ecourier 1.0.2 Plugin's.Settings.Update.via.CSRF MEDIUM" "sf-booking 6.0 Unauthenticated.Privilege.Escalation.via.'nsl_registration_store_extra_input' CRITICAL" "sf-booking 5.1 Unauthenticated.Privilege.Escalation.via.Account.Takeover CRITICAL" "sf-booking 3.2 Unauthenticated.Local.File.Disclosure HIGH" "shantz-wordpress-qotd No.known.fix Arbitrary.Setting.Update.via.CSRF MEDIUM" "safe-ai-malware-protection-for-wp No.known.fix Missing.Authorization MEDIUM" "safe-ai-malware-protection-for-wp 1.0.18 Missing.Authorization.to.Unauthenticated.Database.Export HIGH" "smtp2go 1.5.0 Admin+.Stored.XSS LOW" "simply-excerpts No.known.fix Admin+.Stored.XSS LOW" "seers-cookie-consent-banner-privacy-policy 8.1.1 Cross-Site.Request.Forgery MEDIUM" "seers-cookie-consent-banner-privacy-policy 8.1.2 Unauthenticated.Cookie.Policy.Update MEDIUM" "simple-load-more No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sports-rankings-lists No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "smart-forms 2.6.92 Missing.Authorization.to.Notice.Dismissal MEDIUM" "smart-forms 2.6.96 Admin+.Stored.XSS LOW" "smart-forms 2.6.94 Edit.Entries.via.CSRF MEDIUM" "smart-forms 2.6.94 Subscriber+.Edit.Entries.via.Broken.Access.Control MEDIUM" "smart-forms 2.6.87 Subscriber+.Arbitrary.Entry.Deletion MEDIUM" "smart-forms 2.6.85 Subscriber+.Arbitrary.Options.Update HIGH" "smart-forms 2.6.71 Subscriber+.Form.Data.Download MEDIUM" "smart-forms 2.6.16 Cross-Site.Request.Forgery.(CSRF) HIGH" "simple-auto-tag No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "shopper 3.2.6 Unauthenticated.SQL.Injection HIGH" "shareaholic 9.7.12 Missing.Authorization.via.accept_terms_of_service MEDIUM" "shareaholic 9.7.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "shareaholic 9.7.6 Information.Disclosure MEDIUM" "simple-ads-manager No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "simple-ads-manager 2.9.5.118 SQL.Injection MEDIUM" "sv-media-library 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "sv-media-library 1.8.01 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "subscribe-to-comments-reloaded 240119 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "subscribe-to-comments-reloaded 220502 Multiple.CSRF MEDIUM" "subscribe-to-comments-reloaded 150820 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "small-package-quotes-unishippers-edition 2.4.10 Reflected.Cross-Site.Scripting MEDIUM" "small-package-quotes-unishippers-edition 2.4.10 Missing.Authorization MEDIUM" "small-package-quotes-unishippers-edition 2.4.9 Unauthenticated.SQL.Injection HIGH" "scroll-triggered-animations 3.0.16 Reflected.Cross-Site.Scripting HIGH" "scroll-triggered-animations 3.0.11 Missing.Authorization.to.Plugin.Settings.Update MEDIUM" "sexy-author-bio No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sexy-author-bio No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "spideranalyse No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-google-sitemap No.known.fix Cross-Site.Request.Forgery MEDIUM" "simple-site-verify 1.0.8 Admin+.Stored.XSS LOW" "scancircle 2.9.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "stellissimo-text-box No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "seo-by-rank-math-pro 3.0.36 Unauthenticated.Reflected.XSS MEDIUM" "super-seo-content-cloner 1.0.2 Missing.Authorization MEDIUM" "super-interactive-maps 2.2 Unauthenticated.SQL.Injections CRITICAL" "super-interactive-maps 2.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "shared-counts 1.5.0 Missing.Authorization.to.Arbitrary.Email.Sending MEDIUM" "ship-depot No.known.fix Missing.Authorization MEDIUM" "site-audit No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "site-editor-google-map No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "structured-content 1.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "structured-content 1.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sc_fs_local_business.Shortcode MEDIUM" "structured-content 1.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "structured-content 1.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Classic.Editor.Shortcode MEDIUM" "structured-content 1.6 Contributor+.PHP.Object.Injection HIGH" "structured-content 1.6 Contributor+.Stored.XSS MEDIUM" "structured-content 1.5.1 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "sitemap 4.4 Contributor+.Stored.XSS MEDIUM" "show-notice-or-message-on-admin-area No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "side-cart-woocommerce 2.3 Admin+.Stored.XSS LOW" "side-cart-woocommerce 2.2 Settings.Reset.via.CSRF MEDIUM" "side-cart-woocommerce 2.1 Various.Versions.CSRF.to.Arbitrary.Options.Update HIGH" "steel No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.btn.Shortcode MEDIUM" "smsa-shipping-official 2.4 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "shortcode-gallery-for-matterport-showcase 2.2.0 Cross-Site.Request.Forgery MEDIUM" "shortcode-gallery-for-matterport-showcase 2.1.8 Contributor+.Stored.XSS.via.shortcode MEDIUM" "shortcode-gallery-for-matterport-showcase 2.1.7 Reflected.XSS HIGH" "shortcode-gallery-for-matterport-showcase 2.1.5 Contributor+.Stored.XSS MEDIUM" "send-from No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "storecontrl-wp-connection 4.1.4 Unauthenticated.Arbitrary.File.Download HIGH" "simple-email-subscriber No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simplesamlphp-authentication No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sk-wp-settings-backup No.known.fix Cross-Site.Request.Forgery.to.PHP.Object.Injection HIGH" "simple-calendar-for-elementor 1.6.5 Cross-Site.Request.Forgery MEDIUM" "simple-code-insert-shortcode No.known.fix Authenticated.(Contributor+).SQL.Injection HIGH" "spider-contacts No.known.fix Reflected.XSS HIGH" "sovratec-case-management No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "sabai-discuss 1.4.14 Reflected.Cross.Site.Scripting MEDIUM" "simply-schedule-appointments 1.6.8.7 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "simply-schedule-appointments 1.6.8.5 Reflected.Cross-Site.Scripting MEDIUM" "simply-schedule-appointments 1.6.7.55 Admin+.Stored.XSS LOW" "simply-schedule-appointments 1.6.7.55 Admin+.Stored.XSS LOW" "simply-schedule-appointments 1.6.7.43 Admin+.Template.Injection.to.RCE MEDIUM" "simply-schedule-appointments 1.6.7.18 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simply-schedule-appointments 1.6.6.24 Reflected.Cross-Site.Scripting MEDIUM" "simply-schedule-appointments 1.6.7.9 Authenticated.(Subscriber+).SQL.Injection HIGH" "simply-schedule-appointments 1.6.7.9 Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "simply-schedule-appointments 1.6.6.24 Cross-Site.Request.Forgery.to.Plugin.Data.Reset MEDIUM" "simply-schedule-appointments 1.6.6.1 Authenticated(Administrator+).SQL.Injection MEDIUM" "simply-schedule-appointments 1.5.7.7 Admin+.Stored.Cross-Site.Scripting LOW" "simply-schedule-appointments 1.5.7.7 Unauthenticated.Email.Address.Disclosure MEDIUM" "skt-blocks 2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "skt-blocks 1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "skt-blocks 2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "skt-blocks 1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "skt-blocks 1.7 Contributor+.Stored.XSS MEDIUM" "smooth-page-scroll-updown-buttons 1.4.1 Authenticated.Stored.XSS.via.psb_positioning LOW" "smooth-page-scroll-updown-buttons 1.4 Authenticated.Stored.XSS MEDIUM" "sender-net-automated-emails 2.6.16 Reflected.Cross-Site.Scripting MEDIUM" "sender-net-automated-emails 2.6.19 Cross-Site.Request.Forgery MEDIUM" "social-login-wp No.known.fix CSRF MEDIUM" "superlogoshowcase-wp 2.3 Unauthenticated.Arbitrary.File.Upload CRITICAL" "simple-video-management-system No.known.fix Admin+.Stored.XSS LOW" "simple-video-management-system No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sastra-essential-addons-for-elementor 1.0.15 Missing.Authorization.to.Spexo.Theme.Install MEDIUM" "sastra-essential-addons-for-elementor 1.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "spam-stopper No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "special-box-for-content No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "skt-templates 6.15 Reflected.Cross-Site.Scripting MEDIUM" "skt-templates 4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "super-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-icons No.known.fix Missing.Authorization MEDIUM" "simple-icons 2.7.8 Simple.Icons.<.2.7.8.-.Contributor+.Stored.XSS MEDIUM" "simple-support-ticket-system 1.2.1 Unauthenticated.SQL.Injection CRITICAL" "seraphinite-post-docx-source 2.16.10 Missing.Authorization MEDIUM" "seraphinite-post-docx-source 2.16.10 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "seraphinite-post-docx-source 2.16.7 Settings.Update/Reset/Import.via.CSRF MEDIUM" "slash-admin 3.8.2 Cross-Site.Request.Forgery MEDIUM" "smart-app-banner 1.1.4 Admin+.Stored.XSS LOW" "smart-app-banner 1.1.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "simple-shortcode-buttons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "shortcodehub 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "simple-long-form No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "simple-map-no-api No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-map-no-api No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.width.Parameter MEDIUM" "simple-embed-code 2.5.1 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "simple-embed-code 2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-embed-code 2.3.7 Authenticated(Contributor+).Denial.of.Service MEDIUM" "streamweasels-youtube-integration 1.3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "streamweasels-youtube-integration 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sw-youtube-embed.Shortcode MEDIUM" "sparkle-elementor-kit No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "sparkle-elementor-kit No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "subaccounts-for-woocommerce 1.6.1 Reflected.Cross-Site.Scripting HIGH" "subaccounts-for-woocommerce 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "saoshyant-page-builder No.known.fix Missing.Authorization MEDIUM" "slider-for-writers No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "sky-elementor-addons 3.0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sky-elementor-addons 2.6.3 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Arbitrary.Options.Update HIGH" "sky-elementor-addons 2.6.2 Cross-Site.Request.Forgery.to.Limited.Arbitrary.Options.Update HIGH" "sky-elementor-addons 2.6.2 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Content.Switcher.Widget.Elementor.Template MEDIUM" "sky-elementor-addons 2.5.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sky-elementor-addons 2.5.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sky-elementor-addons 2.5.8 Contributor+.Stored.XSS MEDIUM" "sky-elementor-addons 2.5.0 Authenticated(Contributor+).Stored.Cross-site.scripting.via.Wrapper.Link.URL MEDIUM" "site-search-360 No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "site-search-360 2.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "siteimprove 2.0.7 Cross-Site.Request.Forgery MEDIUM" "subscriptions-memberships-for-paypal 1.1.7 Cross-Site.Request.Forgery.to.Arbitrary.Post.Deletion MEDIUM" "subscriptions-memberships-for-paypal 1.1.3 Reflected.Cross-Site.Scripting.via.page.Parameter HIGH" "social-networks-auto-poster-facebook-twitter-g No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "social-networks-auto-poster-facebook-twitter-g 4.4.4 Cross-Site.Request.Forgery.to.Arbitrary.Post.Deletion MEDIUM" "social-networks-auto-poster-facebook-twitter-g 4.4.4 Unauthenticated.Stored.Cross-Site.Scripting.via.User.Agent MEDIUM" "social-networks-auto-poster-facebook-twitter-g 4.4.4 Subscriber+.Sensitive.Information.Exposure MEDIUM" "social-networks-auto-poster-facebook-twitter-g 4.4.3 Reflected.Cross-Site.Scripting.via.code MEDIUM" "social-networks-auto-poster-facebook-twitter-g 4.3.26 Reflected.Cross-Site.Scripting MEDIUM" "social-networks-auto-poster-facebook-twitter-g 4.3.24 Unauthenticated.Stored.XSS HIGH" "social-networks-auto-poster-facebook-twitter-g 4.3.25 Arbitrary.Post.Deletion.via.CSRF MEDIUM" "social-networks-auto-poster-facebook-twitter-g 4.3.21 Reflected.Cross-Site.Scripting HIGH" "social-networks-auto-poster-facebook-twitter-g 4.3.18 Insufficient.Privilege.Validation HIGH" "social-networks-auto-poster-facebook-twitter-g 4.2.8 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "social-networks-auto-poster-facebook-twitter-g 3.4.18 CSRF.to.Stored.XSS MEDIUM" "slider-range-htapps 1.1.6 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "so-called-air-quotes No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "shopp-arrange No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-schools-staff-directory No.known.fix Admin+.Arbitrary.File.Upload CRITICAL" "scribble-maps No.known.fix Reflected.Cross-Site.Scripting HIGH" "super-block-slider 2.8 Missing.Authorization MEDIUM" "social-media-links No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "small-package-quotes-wwe-edition 5.2.20 Missing.Authorization MEDIUM" "small-package-quotes-wwe-edition 5.2.19 Reflected.Cross-Site.Scripting MEDIUM" "small-package-quotes-wwe-edition 5.2.19 Unauthenticated.SQL.Injection HIGH" "small-package-quotes-wwe-edition 5.2.18 Unauthenticated.SQL.Injection HIGH" "seo-for-local 9.2.1 Reflected.Cross-Site.Scripting MEDIUM" "seo-for-local 9.1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "seo-wordpress No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "share-buttons No.known.fix Admin+.Stored.XSS LOW" "share-buttons No.known.fix Unauthenticated.Image.Upload.&.Path.Traversal MEDIUM" "squelch-tabs-and-accordions-shortcodes 0.4.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.tab.Shortcode MEDIUM" "squelch-tabs-and-accordions-shortcodes 0.4.8 Cross-Site.Request.Forgery MEDIUM" "squelch-tabs-and-accordions-shortcodes 0.4.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.accordions.Shortcode MEDIUM" "seo-meta No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-tweet No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "simple-tweet No.known.fix Admin+.Stored.XSS LOW" "sided No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sync-posts No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "stacks-mobile-app-builder No.known.fix Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "stacks-mobile-app-builder No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "stacks-mobile-app-builder No.known.fix Authentication.Bypass CRITICAL" "simple-project-managment No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "simple-301-redirects-addon-bulk-uploader 1.2.5 Multiple.Issues MEDIUM" "solidres No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "solidres No.known.fix Reflected.XSS HIGH" "solidres No.known.fix Admin+.Stored.XSS LOW" "solidres No.known.fix Multiple.Reflected.XSS HIGH" "service-provider-profile-cpt No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "soundcloud-is-gold 2.3.2 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "s3-video No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "simple-proxy No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-image-sizes 3.2.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "subscribe-to-unlock-lite 1.3.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "social-share-with-floating-bar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sp-client-document-manager No.known.fix Authenticated.(Subscriber+).Directory.Traversal MEDIUM" "sp-client-document-manager No.known.fix Authenticated.(Subscriber+).Arbitrary.Folder.Name.Update MEDIUM" "sp-client-document-manager No.known.fix Missing.Authorization MEDIUM" "sp-client-document-manager No.known.fix Subscriber+.File.Download.via.IDOR MEDIUM" "sp-client-document-manager No.known.fix Data.Update.via.IDOR MEDIUM" "sp-client-document-manager No.known.fix Authenticated.(Author+).SQL.Injeciton CRITICAL" "sp-client-document-manager No.known.fix Missing.Authorization.Stored.Cross-Site.Scripting MEDIUM" "sp-client-document-manager 4.70 Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "sp-client-document-manager 4.68 Admin+.Stored.XSS LOW" "sp-client-document-manager 4.68 Subscriber+.SQLi HIGH" "sp-client-document-manager 4.68 Subscriber+.Insecure.Direct.Object.References HIGH" "sp-client-document-manager 4.62 Reflected.Cross-Site.Scripting MEDIUM" "sp-client-document-manager 4.58 Sensitive.File.Disclosure MEDIUM" "sp-client-document-manager 4.26 Reflected.Cross-Site.Scripting HIGH" "sp-client-document-manager 4.24 Subscriber+.Shell.Upload HIGH" "sp-client-document-manager 4.22 Authenticated.Shell.Upload MEDIUM" "sticky-header-oceanwp No.known.fix CSRF MEDIUM" "service-area-postcode-checker No.known.fix Admin+.Stored.XSS LOW" "snippy No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "smart-recent-posts-widget No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "simple-photo-sphere No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-google-icalendar-widget 2.6.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-theme-options 1.7 Admin+.Stored.Cross-Site.Scripting LOW" "sticky-chat-button No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "simple-popup-plugin No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-popup-plugin 4.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-popup-plugin 4.5 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "simply-static 3.1.4 Unauthenticated.Information.Exposure MEDIUM" "simply-static 3.1.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "shared-files 1.7.43 Limited.Unauthenticated.Stored.Cross-Site.Scripting.via.File.Upload HIGH" "shared-files 1.7.29 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "shared-files 1.7.20 Missing.Authorization MEDIUM" "shared-files 1.7.17 Missing.Authorization.to.Notice.Dismissal MEDIUM" "shared-files 1.7.6 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "shared-files 1.7.1 Reflected.Cross-Site.Scripting MEDIUM" "shared-files 1.6.72 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "shared-files 1.6.61 Admin+.Stored.Cross-Site.Scripting LOW" "shared-files 1.6.57 Admin+.Stored.Cross-Site.Scripting LOW" "sakolawp-lite No.known.fix Cross-Site.Request.Forgery.to.Exam.Setting.Manipulation MEDIUM" "sakolawp-lite No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "scrollbar-customizer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sinking-dropdowns No.known.fix Cross-Site.Request.Forgery HIGH" "smart-protect No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "smart-protect No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "social-stream-design No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "standout-color-boxes-and-buttons No.known.fix Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "simple-booking-widget No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "slidedeck2 2.1.20130313 XSS.in.ZeroClipboard CRITICAL" "scss-library No.known.fix Cross-Site.Request.Forgery MEDIUM" "security-force No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "security-ninja 5.159 Reflected.Cross-Site.Scripting MEDIUM" "security-ninja 5.135 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "seo-manager No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.Meta MEDIUM" "songkick-concerts-and-festivals 0.10.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "slp-extenders No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "slp-extenders 5.9.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-membership-wp-user-import 1.8 Admin+.SQLi MEDIUM" "simple-matted-thumbnails No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "seo-optimized-images 2.1.4 Injected.Backdoor CRITICAL" "seo-optimized-images 2.1 Reflected.Cross-Site.Scripting MEDIUM" "simple-job-manager No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "seo-beginner-auto-post No.known.fix Missing.Authorization.to.File.Overwrite/Upload.(Remote.Code.Execution) CRITICAL" "sp-news-and-widget 4.0.1 Reflected.Cross-Site.Scripting MEDIUM" "shipdeo-woo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sa-post-author-filter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "smart-scroll-to-top-lite 1.0.4 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "sportspress-tv No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "seo-automatic-wp-core-tweaks No.known.fix Arbitrary.Admin.Account.Creation./.Admin.Email.Update.via.CSRF HIGH" "sitesupercharger 5.2.0 Unauthenticated.SQLi HIGH" "salesforce-wordpress-to-candidate No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "speakpipe-voicemail-for-websites No.known.fix Cross-Site.Request.Forgery MEDIUM" "step-by-step No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sql-reporting-services No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sql-reporting-services No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "supportboard 3.4.2 Multiple.Authenticated.SQLi HIGH" "supportboard 3.3.6 Arbitrary.File.Deletion.via.CSRF HIGH" "supportboard 3.3.5 Agent+.Stored.Cross-Site.Scripting MEDIUM" "supportboard 3.3.4 Multiple.Unauthenticated.SQL.Injections CRITICAL" "supportboard 1.2.9 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "supportboard 1.2.4 Stored.Cross-Site.Scripting MEDIUM" "shortcode-in-comment No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "si-contact-form 4.0.38 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "scrollto-bottom No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "social-crowd No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "startend-subscription-add-on-for-gravityforms 4.0.6 Reflected.Cross-Site.Scripting MEDIUM" "social-link-groups No.known.fix Authenticated.(Contributor+).SQL.Injection HIGH" "smooth-dynamic-slider No.known.fix Reflected.Cross-Site.Scriptign MEDIUM" "sumome 1.35 Cross-Site.Request.Forgery MEDIUM" "salesking 1.6.30 Unauthenticated.Sensitive.Information.Exposure HIGH" "salesking 1.6.30 Unauthenticated.Privilege.Escalation CRITICAL" "salesking 1.6.30 Missing.Authorization.to.Settings.Change MEDIUM" "simple-optimizer No.known.fix Cross-Site.Request.Forgery MEDIUM" "slickr-flickr No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "seo-backlinks No.known.fix CSRF.to.Stored.XSS HIGH" "service-boxs 2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "streamcast 2.2.4 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "streamcast 2.1.9 Reflected.Cross-Site.Scripting MEDIUM" "streamcast 2.1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "streamcast 2.1.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "section-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "section-widget No.known.fix Unauthenticated.Path.Traversal MEDIUM" "smsa-shipping-for-woocommerce 1.0.5 Subscriber+.Arbitrary.File.Download HIGH" "starfish-reviews No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "starfish-reviews 3.1.0 Reflected.Cross-Site.Scripting MEDIUM" "starfish-reviews 3.0.26 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "starfish-reviews 2.0.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "social-tape No.known.fix CSRF.to.Stored.XSS HIGH" "send-booking-invites-to-friends No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "srbtranslatin No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "srbtranslatin 2.4.1 Cross-Site.Scripting.From.Third-party.Library HIGH" "srbtranslatin 1.47 Stored.XSS.&.CSRF HIGH" "slider-path No.known.fix Missing.Authorization MEDIUM" "swift-framework No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcodes MEDIUM" "swift-framework No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Content.Update MEDIUM" "smart-product-gallery-slider No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "search-analytics 1.4.11 Reflected.Cross-Site.Scripting MEDIUM" "search-analytics 1.4.10 Missing.Authorization MEDIUM" "search-analytics 1.4.8 Reflected.XSS HIGH" "search-analytics 1.4.6 Admin+.Stored.XSS LOW" "south-pole-the-offset-movement No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "south-pole-the-offset-movement 1.0.2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "soundcloud-ultimate No.known.fix Cross-Site.Request.Forgery MEDIUM" "super-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sb-random-posts-widget 1.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "shortcoder 6.3.1 Subscriber+.Unauthorised.AJAX.Call MEDIUM" "stencies No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "share-one-drive 1.15.3 Reflected.Cross-Site.Scripting MEDIUM" "simple-events-calendar No.known.fix Authenticated.(admin+).SQL.Injection MEDIUM" "simple-slider-ssp No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "slideshow-gallery 1.8.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "slideshow-gallery 1.8.2 Authenticated.(Contributor+).SQL.Injection HIGH" "slideshow-gallery 1.8.1 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "slideshow-gallery 1.7.9 Contributor+.SQLi MEDIUM" "slideshow-gallery 1.7.9 Settings.Reset.via.CSRF MEDIUM" "slideshow-gallery 1.7.4 Admin+.Stored.Cross-Site.Scripting LOW" "slideshow-gallery 1.6.9 XSS.and.SQLi CRITICAL" "slideshow-gallery 1.6.6 Multiple.Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "scheduled No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "searchwp 4.2.6 Subscriber+.Settings.Update MEDIUM" "sticky-popup No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "sexy-contact-form 1.0.0 Shell.Upload CRITICAL" "simple-google-photos-grid 1.6 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "spatialmatch-free-lifestyle-search No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "spatialmatch-free-lifestyle-search No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "starbox 3.5.3 Contributor+.Stored.XSS MEDIUM" "starbox 3.5.2 Admin+.Stored.XSS LOW" "starbox 3.5.0 Contributor+.Stored.XSS MEDIUM" "starbox 3.5.0 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.Job.Settings MEDIUM" "starbox 3.5.0 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.Profile.Display.Name.and.Social.Settings MEDIUM" "starbox 3.4.8 Subscriber+.Plugin.Preferences./.User.Settings.Access.via.IDOR MEDIUM" "sender 1.2.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "simpleshop-cz 2.10.3 Missing.Authorization MEDIUM" "simpleshop-cz 2.10.1 Cross-Site.Request.Forgery MEDIUM" "sliding-widgets No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "seur 2.2.24 Unauthenticated.Local.File.Inclusion CRITICAL" "seur 2.2.12 Reflected.Cross-Site.Scripting MEDIUM" "seur 2.2.11 Unauthenticated.SQL.Injection HIGH" "seur 1.7.2 Admin+.Arbitrary.File.Download MEDIUM" "seur 1.7.0 Admin+.Stored.Cross-Site.Scripting MEDIUM" "site-notes No.known.fix Admin.Note.Deletion.via.CSRF MEDIUM" "salient-shortcodes 1.5.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "salient-shortcodes 1.5.4 Authenticated.(Contributor+).Local.File.Inclusion.via.Shortcode HIGH" "shop-as-a-customer-for-woocommerce 1.2.4 Shop.Manager+.Privilege.Escalation CRITICAL" "shop-as-a-customer-for-woocommerce 1.1.8 Subscriber+.Privilege.Escalation CRITICAL" "st-daily-tip No.known.fix CSRF.to.Stored.Cross-Site.Scripting HIGH" "specia-companion No.known.fix Missing.Authorization MEDIUM" "simple-cloudflare-turnstile 1.23.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "simple-post-notes 1.7.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "simple-post-notes 1.7.7 Cross-Site.Request.Forgery MEDIUM" "simple-post-notes 1.7.6 Admin+.Stored.Cross-Site.Scripting LOW" "station-pro 2.3.4 Reflected.Cross-Site.Scripting MEDIUM" "station-pro 2.2.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "station-pro 2.2.2 Reflected.Cross-Site.Scripting.(XSS) HIGH" "sellkit 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "sellkit 1.8.3 Authenticated.(Subscriber+).Arbitrary.File.Download MEDIUM" "security-safe 2.5.2 Reflected.Cross-Site.Scripting MEDIUM" "security-safe 2.4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sales-page-addon No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sales-page-addon 1.4.1 Reflected.Cross-Site.Scripting MEDIUM" "sales-page-addon 1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "smart-scroll-posts 2.0.9 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "search-field-for-gravity-forms 0.6 Reflected.Cross-Site.Scripting MEDIUM" "smsify 6.1.0 Reflected.Cross-Site.Scripting MEDIUM" "sloth-logo-customizer No.known.fix Stored.XSS.via.CSRF HIGH" "simple-tour-guide 1.0.6 Reflected.Cross-Site.Scripting MEDIUM" "seraphinite-old-slugs-mgr 1.4 Cross-Site.Request.Forgery MEDIUM" "simplistic-seo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "spice-post-slider 2.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "spice-post-slider 2.0.1 Reflected.Cross-Site.Scripting MEDIUM" "save-as-pdf-by-pdfcrowd 4.4.1 Unauthenticated.PHP.Object.Injection HIGH" "save-as-pdf-by-pdfcrowd 4.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "save-as-pdf-by-pdfcrowd 4.0.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "save-as-pdf-by-pdfcrowd 3.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "save-as-pdf-by-pdfcrowd 3.2.1 Missing.Authorization MEDIUM" "save-as-pdf-by-pdfcrowd 3.2.0 Admin+.Stored.XSS LOW" "save-as-pdf-by-pdfcrowd 3.2.2 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "save-as-pdf-by-pdfcrowd 2.16.1 Admin+.Stored.XSS LOW" "shiftnav-responsive-mobile-menu 1.7.2 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "shortcode-for-font-awesome 1.4.1 Contributor+.Stored.XSS MEDIUM" "surbma-magyar-woocommerce 2022.0.3 Reflected.Cross-Site.Scripting MEDIUM" "surbma-magyar-woocommerce 30.3.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "smartemailing 2.2.6 Reflected.Cross-Site.Scripting MEDIUM" "sb-core No.known.fix Authentication.Bypass CRITICAL" "setka-editor No.known.fix Cross-Site.Request.Forgery.via.handleRequest MEDIUM" "setka-editor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "setka-editor 2.1.17 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "slicewp 1.1.24 Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "slicewp 1.1.19 Reflected.Cross-Site.Scripting MEDIUM" "slicewp 1.1.21 Reflected.Cross-Site.Scripting MEDIUM" "slicewp 1.1.11 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "slicewp 1.0.46 Reflected.Cross-Site.Scripting.(XSS) HIGH" "search-console 2.1.2 Reflected.Cross-Site.Scripting MEDIUM" "simple-page-access-restriction 1.0.30 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "simple-page-access-restriction 1.0.23 Improper.Access.Control.to.Sensitive.Information.Exposure.via.REST.API MEDIUM" "sharebar No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "sharebar 1.2.2 SQL.Injection.&.Cross.Site.Scripting CRITICAL" "simple-notification No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "simple-notification No.known.fix Missing.Authorization MEDIUM" "sv-gravity-forms-enhancer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sv-gravity-forms-enhancer 1.8.00 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sparrow No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sparrow No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "shibboleth 1.8 Cross-Site.Scripting.(XSS) MEDIUM" "sticky-social-icons No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "sticky-social-icons No.known.fix Admin+.Stored.XSS LOW" "shortcode-factory 2.8 Local.File.Inclusion CRITICAL" "shortcode-factory 1.1.1 XSS MEDIUM" "shopconstruct No.known.fix Admin+.Stored.XSS LOW" "super-simple-subscriptions No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "simple-file-downloader No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "smart-agreements 1.0.4 Unauthenticated.Local.File.Inclusion CRITICAL" "surbma-premium-wp 10.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "stop-wp-emails-going-to-spam 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "sliced-invoices No.known.fix Missing.Authorization MEDIUM" "sliced-invoices 3.9.3 Missing.Authorization MEDIUM" "sliced-invoices 3.8.4 Multiple.Vulnerabilities HIGH" "small-package-quotes-usps-edition 1.3.6 Unauthenticated.SQL.Injection HIGH" "support-chat No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "support-chat 2.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpsaio_snapchat.Shortcode MEDIUM" "safetymails-forms No.known.fix Cross-Site.Request.Forgery HIGH" "simplemodal No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sucuri-scanner 1.8.34 Event.log.Entry.Creation.via.CSRF MEDIUM" "scroll-styler No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "saragna-social-stream No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "stops-core-theme-and-plugin-updates 8.0.5 Insufficient.Restrictions.on.Option.Changes MEDIUM" "square-thumbnails 1.1.2 Missing.Authorization MEDIUM" "smartcrawl-seo 3.10.9 Unauthenticated.Full.Path.Disclosure MEDIUM" "smartcrawl-seo 3.10.3 Missing.Authorization MEDIUM" "smartcrawl-seo 3.8.3 Unauthenticated.Password.Protected.Post.Disclosure MEDIUM" "smarty-for-wordpress No.known.fix Admin+.Stored.XSS LOW" "smarty-for-wordpress No.known.fix Settings.Update.via.CSRF MEDIUM" "sc-simple-zazzle No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "stopbadbots 10.24 Missing.Authorization.to.Information.Expsoure MEDIUM" "stopbadbots 7.32 Admin+.Stored.XSS LOW" "stopbadbots 7.24 Subscriber+.Arbitrary.Plugin.Installation HIGH" "stopbadbots 6.930 Unauthenticated.SQLi HIGH" "stopbadbots 6.88 Unauthenticated.SQLi HIGH" "stopbadbots 6.67 Unauthenticated.SQL.Injection CRITICAL" "stopbadbots 6.62 Reflected.Cross-Site.Scripting HIGH" "stopbadbots 6.60 Authenticated.SQL.Injections MEDIUM" "show-me-the-cookies No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "scrollup No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "smart-variations-images 5.2.8 Reflected.Cross-Site.Scripting MEDIUM" "smart-variations-images 5.1.10 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "s3bubble-amazon-s3-audio-streaming No.known.fix Arbitrary.File.Download HIGH" "slide No.known.fix Missing.Authorization.to.Content.Injection MEDIUM" "slide No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "slide No.known.fix Missing.Authorization MEDIUM" "super-socializer 7.14.1 Unauthenticated.Limited.SQL.Injection.via.'SuperSocializerKey' MEDIUM" "super-socializer 7.14 Authentication.Bypass HIGH" "super-socializer 7.13.64 Editor+.Stored.XSS MEDIUM" "super-socializer 7.13.55 Missing.Authorization MEDIUM" "super-socializer 1.13.53 Contributor+.Stored.XSS MEDIUM" "super-socializer 7.13.52 Reflected.XSS HIGH" "super-socializer 7.13.44 Contributor+.Stored.XSS MEDIUM" "super-socializer 7.13.30 Reflected.Cross-Site.Scripting MEDIUM" "super-socializer 7.11 Authentication.Bypass CRITICAL" "st-gallery-wp No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "seraphinite-accelerator-ext 2.22.16 Authenticated.(Subscriber+).Information.Exposure MEDIUM" "seraphinite-accelerator-ext 2.21.13.1 Cross-Site.Request.Forgery.to.Arbitrary.File.Deletion MEDIUM" "salient-core 2.0.8 Authenticated.(Contributor+).Local.File.Inclusion.via.Shortcode HIGH" "salient-core 2.0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "salient-core 2.0.3 Reflected.Cross-Site.Scripting MEDIUM" "simple-blog-card 1.32 Subscriber+.Arbitrary.Post.Access MEDIUM" "simple-blog-card 1.31 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "sagepay-server-gateway-for-woocommerce 1.0.9 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "showtime-slideshow No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "sully 4.3.1 Reflected.XSS HIGH" "sully 4.3.1 Plugin.Reset.via.CSRF MEDIUM" "sully 4.3.1 Admin+.Stored.XSS LOW" "sully 4.3.1 Admin+.Stored.XSS.via.CSRF HIGH" "seo-automatic-links No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "skt-addons-for-elementor 3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "skt-addons-for-elementor 3.4 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "skt-addons-for-elementor 3.2 Contributor+.Stored.XSS MEDIUM" "skt-addons-for-elementor 2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Age.Gate.and.Creative.Slider.Widgets HIGH" "skt-addons-for-elementor 1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Widget.Page.Title MEDIUM" "skt-addons-for-elementor 1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Block MEDIUM" "sendpulse-email-marketing-newsletter 2.1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-event-planner 1.5.5 Author+.Stored.Cross-Site.Scripting MEDIUM" "simple-event-planner 1.5.5 Contributor+.Stored.XSS LOW" "surly No.known.fix Missing.Authorization MEDIUM" "simple-job-board 2.12.4 Authenticated.(Editor+).PHP.Object.Injection HIGH" "simple-job-board 2.12.2 Admin+.Stored.XSS LOW" "simple-job-board 2.12.6 Unauthenticated.Resumes.Download LOW" "simple-job-board 2.11.1 Unauthenticated.PHP.Object.Injection.via.Job.Application.Fields CRITICAL" "simple-job-board 2.11.0 Missing.Authorization.to.Unauthenticated.Information.Disclosure MEDIUM" "simple-job-board 2.10.7 Cross-Site.Request.Forgery MEDIUM" "simple-job-board 2.10.6 Missing.Authorization MEDIUM" "simple-job-board 2.10.4 Settings.Update.via.CSRF MEDIUM" "simple-job-board 2.10.0 Resume.Disclosure.via.Directory.Listing MEDIUM" "simple-job-board 2.9.5 Admin+.Stored.Cross-Site.Scripting LOW" "simple-job-board 2.9.4 Authenticated.Path.Traversal.Leading.to.Arbitrary.File.Download HIGH" "simple-job-board 2.4.4 Reflected.XSS MEDIUM" "sticky-chat-widget 1.1.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "simple-301-redirects 2.0.8 Missing.Authorization.via.clicked MEDIUM" "simple-301-redirects 2.0.8 Cross-Site.Request.Forgery.via.'clicked' MEDIUM" "simple-301-redirects 2.0.4 2.0.0.–.2.0.3.-.Unauthenticated.Redirect.Export CRITICAL" "simple-301-redirects 2.0.4 2.0.0.–.2.0.3.-.Arbitrary.Plugin.Installation HIGH" "simple-301-redirects 2.0.4 2.0.0.–.2.0.3.-.Arbitrary.Plugin.Activation HIGH" "simple-301-redirects 2.0.4 2.0.0.–.2.0.3.-.Unauthenticated.Redirect.Import CRITICAL" "simple-301-redirects 2.0.4 2.0.0.–.2.0.3.-.Update.and.Retrieve.Wildcard.Value MEDIUM" "simple-contact-forms No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "scrollto-top No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "simple-responsive-menu No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "simple-restrict 1.2.8 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "simple-restrict 1.2.7 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "schema-and-structured-data-for-wp 1.36 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "schema-and-structured-data-for-wp 1.34.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.url.Attribute MEDIUM" "schema-and-structured-data-for-wp 1.30 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.How.To.and.FAQ.Blocks MEDIUM" "schema-and-structured-data-for-wp 1.27 Contributor+.reCaptcha.Key.Update MEDIUM" "schema-and-structured-data-for-wp 1.27 Authenticated.Stored.XSS MEDIUM" "schema-and-structured-data-for-wp 1.26 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "schema-and-structured-data-for-wp 1.24 Contributor+.Stored.XSS MEDIUM" "splash-header 1.20.8 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "styler-for-ninja-forms-lite No.known.fix Authenticated.(Subscriber+).Arbitrary.Option.Deletion.via.deactivate_license MEDIUM" "superior-faq No.known.fix CSRF MEDIUM" "simple-iframe 1.2.0 Contributor+.Stored.XSS MEDIUM" "simple-header-and-footer No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "simple-presenter 1.5.2 Reflected.Cross-Site.Scripting MEDIUM" "stepbyteservice-openstreetmap No.known.fix Use.of.Polyfill.io MEDIUM" "stepbyteservice-openstreetmap 1.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-org-chart 2.3.5 Unauthenticated.Tree.Settings.Update MEDIUM" "simple-org-chart 2.3.5 Settings.Update.via.CSRF MEDIUM" "syndicate-out No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "system-dashboard 2.8.19 Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "system-dashboard 2.8.18 Reflected.Cross-Site.Scripting.via.Filename.Parameter MEDIUM" "system-dashboard 2.8.15 Admin+.Path.Traversal MEDIUM" "system-dashboard 2.8.15 Unauthenticated.Stored.XSS HIGH" "system-dashboard 2.8.10 XSS.via.Header.Injection LOW" "system-dashboard 2.8.8 Missing.Authorization.to.Information.Disclosure.(sd_constants) MEDIUM" "system-dashboard 2.8.8 Missing.Authorization.to.Information.Disclosure.(sd_db_specs) MEDIUM" "system-dashboard 2.8.8 Missing.Authorization.to.Information.Disclosure.(sd_option_value) MEDIUM" "system-dashboard 2.8.8 Missing.Authorization.to.Information.Disclosure.(sd_php_info) MEDIUM" "system-dashboard 2.8.8 Missing.Authorization.to.Information.Disclosure.(sd_global_value) MEDIUM" "soj-soundslides No.known.fix Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "simple-image-manipulator No.known.fix Remote.File.Download HIGH" "simple-post-expiration No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-cod-fee-for-woocommerce No.known.fix Missing.Authorization MEDIUM" "super-forms 6.0.4 Reflected.Cross-Site.Scripting MEDIUM" "super-forms 4.9.703 Unauthenticated.PHP.File.Upload.to.RCE CRITICAL" "soumettre-fr 2.1.4 Missing.Authorization MEDIUM" "simple-jwt-login 3.2.1 Arbitrary.Settings.Update.to.Site.Takeover.via.CSRF HIGH" "simple-jwt-login 3.3.0 Insecure.Password.Creation LOW" "sheetpress No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sheetpress No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "stripe-payments 2.0.87 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.accept_stripe_payment_ng.Shortcode MEDIUM" "stripe-payments 2.0.80 Insecure.Direct.Object.Reference MEDIUM" "stripe-payments 2.0.64 Admin+.Stored.Cross-Site.Scripting LOW" "stripe-payments 2.0.40 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "shipengine-shipping-quotes 1.0.8 Unauthenticated.SQL.Injection HIGH" "schedule No.known.fix Unauthenticated.SQL.Injection HIGH" "schedule No.known.fix Reflected.XSS HIGH" "sketchfab-oembed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sign-in-with-google No.known.fix Authentication.Bypass.in.authenticate_user CRITICAL" "smtp-amazon-ses 1.9 Unauthenticated.Stored.Cross-Site.Scripting.via.Email.Logs HIGH" "smtp-amazon-ses 1.9 Unauthenticated.Stored.Cross-Site.Scripting.via.Email.Logs HIGH" "simply-gallery-block 3.2.6 Contributor+.Stored.XSS MEDIUM" "simply-gallery-block 3.2.4.3 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "simply-gallery-block 3.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.galleryID.and.className.Parameters MEDIUM" "simply-gallery-block 3.1.5 Reflected.Cross-Site.Scripting MEDIUM" "simply-gallery-block 3.0.8 Subscriber+.Arbitrary.Options.Update HIGH" "simply-gallery-block 2.3.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simply-gallery-block 2.2.1 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "stout-google-calendar No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "smartsearchwp 2.4.6 Unauthenticated.OpenAI.Key.Disclosure MEDIUM" "smartsearchwp 2.4.5 Unauthenticated.Log.Purge MEDIUM" "smartsearchwp 2.4.5 Unauthenticated.SQLi HIGH" "smartsearchwp 2.4.5 Unauthenticated.Stored.XSS HIGH" "smart-manager-for-wp-e-commerce 8.53.0 Authenticated.(Administrator+).SQL.Injection MEDIUM" "smart-manager-for-wp-e-commerce 8.46.0 Missing.Authorization MEDIUM" "smart-manager-for-wp-e-commerce 8.28.0 Admin+.SQL.Injection MEDIUM" "slider-image 2.8.7 Authenticated.Blind.SQL.Injection HIGH" "simple-membership-custom-messages 2.5 Reflected.Cross-Site.Scripting MEDIUM" "snazzyadmin-wp-admin-theme No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "snazzyadmin-wp-admin-theme No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "snazzyadmin-wp-admin-theme No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "shortcode-addons No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "shortcode-addons No.known.fix Authenticated.(Admin+).Arbitrary.File.Upload CRITICAL" "shortcode-addons 3.2.0 Authenticated.Arbitrary.Options.Update MEDIUM" "shortcode-addons 3.1.0 Unauthenticated.Arbitrary.Option.Update CRITICAL" "skyboot-portfolio-gallery No.known.fix Contributor+.Stored.XSS MEDIUM" "simplified-content 1.0.1 XSS MEDIUM" "skip-to No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "simple-post-series No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "shopcred No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "server-status-by-hostnameip No.known.fix Authenticated.SQL.Injection HIGH" "surferseo 1.6.0.523 Authenticated.(Administrator+).SQL.Injection MEDIUM" "surferseo 1.3.3.379 Missing.Authorization MEDIUM" "smallerik-file-browser No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "svegliat-buttons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "skillbars 1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "stop-spam-comments No.known.fix Access.Token.Bypass LOW" "simple-photoswipe No.known.fix Subscriber+.Arbitrary.Settings.Update MEDIUM" "simple-photoswipe No.known.fix Admin+.Stored.XSS LOW" "super-social-content-locker-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "suremembers 1.10.7 Sensitive.Information.Exposure MEDIUM" "skt-nurcaptcha 3.6.0 Cross-Site.Request.Forgery..to.Stored.Cross-Site.Scripting MEDIUM" "shine-pdf No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "same-but-different No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "similarity No.known.fix Plugin.Reset.via.CSRF MEDIUM" "similarity No.known.fix Stored.XSS.via.CSRF HIGH" "slick-contact-forms No.known.fix Contributor+.Stored.XSS MEDIUM" "saoshyant-slider No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "saaspricing No.known.fix Contributor+.Stored.XSS MEDIUM" "saoshyant-element No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-website-logo No.known.fix Missing.Authorization MEDIUM" "simple-catalogue No.known.fix Reflected.XSS HIGH" "scrollrevealjs-effects No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "shopbuilder 2.1.13 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "shopbuilder 2.1.9 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "sexbundle No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "staff-directory-pro No.known.fix Reflected.Cross-Site.Scripting.via.add_query_arg.Function MEDIUM" "staff-directory-pro No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "staff-directory-pro 4.0 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "staff-directory-pro 4.0 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "sell-with-razorpay No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simpleform-contact-form-submissions No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "seos-contact-form No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "social-locker-content No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "secure-copy-content-protection 4.5.6 Admin+.Stored.XSS LOW" "secure-copy-content-protection 4.4.5 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "secure-copy-content-protection 4.4.8 Missing.Authorization.to.Unauthenticated.User.Email.Retrieval.via.ays_sccp_reports_user_search.Function MEDIUM" "secure-copy-content-protection 4.2.4 Reflected.Cross-Site.Scripting MEDIUM" "secure-copy-content-protection 4.1.7 Admin+.Stored.XSS LOW" "secure-copy-content-protection 4.1.7 Admin+.Stored.XSS LOW" "secure-copy-content-protection 4.0.9 Admin+.Stored.XSS LOW" "secure-copy-content-protection 3.9.1 Missing.Authorization MEDIUM" "secure-copy-content-protection 3.7.2 Missing.Authorization MEDIUM" "secure-copy-content-protection 2.8.2 Unauthenticated.SQL.Injection HIGH" "secure-copy-content-protection 2.6.7 Authenticated.Blind.SQL.Injections HIGH" "spicebox 2.2 Reflected.Cross-Site.Scripting MEDIUM" "spin360 No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "seo-wizard No.known.fix Unauthorised.AJAX.Calls HIGH" "seo-wizard No.known.fix Unauthorised.robots.txt.&..htaccess.Edit.via.CSRF HIGH" "scroll-baner No.known.fix CSRF.to.RCE CRITICAL" "seo-simple-pack 3.3.0 Information.Exposure MEDIUM" "spotim-comments 4.0.4 Multiple.Vulnerabilities MEDIUM" "s3bubble-amazon-s3-html-5-video-with-adverts No.known.fix Directory.Traversal.leading.to.Arbitrary.File.Access HIGH" "simple-trackback-disabler No.known.fix Cross-Site.Request.Forgery MEDIUM" "ssv-events No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "simple-membership-after-login-redirection 1.7 Open.Redirect MEDIUM" "smooth-slider 2.8.7 Authenticated.SQL.Injection HIGH" "smooth-slider 2.7 Authenticated.SQL.Injection HIGH" "show-website-content-in-wordpress-page-or-post 2024.04.09 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "sydney-toolbox 1.32 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.aThemes:.Portfolio.Widget MEDIUM" "sydney-toolbox 1.31 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sydney-toolbox 1.29 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Filterable.Gallery MEDIUM" "sydney-toolbox 1.27 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via._id MEDIUM" "sydney-toolbox 1.26 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simplepress No.known.fix Missing.Authorization MEDIUM" "simplepress No.known.fix Cross-Site.Request.Forgery.to.Unauthorized.Post.Editing MEDIUM" "simplepress 6.10.11 Reflected.XSS HIGH" "simplepress 6.10.12 Reflected.Cross-Site.Scripting MEDIUM" "simplepress 6.8.1 Admin+.Arbitrary.File.Update LOW" "simplepress 6.8.1 Subscriber+.Arbitrary.File.Deletion HIGH" "simplepress 6.8.1 Subscriber+.Stored.XSS.via.Profile.Signatures MEDIUM" "simplepress 6.8.1 Unauthenticated.Stored.XSS.via.Forum.Replies HIGH" "simplepress 6.6.1 Broken.Access.Control.leading.to.RCE CRITICAL" "svg-flags-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "svg-flags-lite 0.9.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sportspress 2.7.22 Admin+.Stored.XSS LOW" "sportspress 2.7.21 Missing.Authorization.to.Notice.Dismissal LOW" "sportspress 2.7.18 Missing.Authorization.to.Unauthenticated.Event.Permalink.Update MEDIUM" "sportspress 2.7.9 Reflected.Cross-Site.Scripting HIGH" "sportspress 2.7.2 Authenticated.Stored.Cross-Site.Scripting HIGH" "simplr-registration-form No.known.fix Subscriber+.Arbitrary.User.Password.Change.via.IDOR HIGH" "sahu-tiktok-pixel No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "seo-site-auditor-agency 1.2.9 Reflected.Cross-Site.Scripting MEDIUM" "seo-site-auditor-agency 1.2.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sticky-related-posts No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "stock-ticker 3.24.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.stock_ticker.Shortcode MEDIUM" "stock-ticker 3.23.5 Authenticated.(Contributor+).Stored.Cross-Site.Scritping MEDIUM" "stock-ticker 3.23.4 Reflected.XSS HIGH" "stock-ticker 3.23.3 Reflected.XSS HIGH" "stock-ticker 3.23.1 Missing.Authorization.in.AJAX.Actions MEDIUM" "strategery-migrations No.known.fix Unauthenticated.Arbitrary.File.Deletion HIGH" "syntaxhighlighter 3.7.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "stax-buddy-builder 1.8.0 Contributor+.Post.Disclosure MEDIUM" "soundcloud-shortcode 4.0.2 Contributor+.Stored.XSS MEDIUM" "soundcloud-shortcode 4.0.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "socialsnap 1.4 Admin+.Stored.XSS LOW" "socialsnap 1.3.6 Missing.Authorization MEDIUM" "shariff 4.6.14 Unauthenticated.Local.File.Inclusion CRITICAL" "shariff 4.6.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "shariff 4.6.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shariff 4.6.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shariff 4.6.10 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "shariff 4.6.10 Admin+.Stored.XSS LOW" "seo-meta-tags No.known.fix Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "side-menu-lite 5.3.2 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "side-menu-lite 4.2.1 Menu.Deletion.via.CSRF MEDIUM" "side-menu-lite 4.0.2 Reflected.XSS MEDIUM" "side-menu-lite 2.2.6 Authenticated.SQL.Injection HIGH" "side-menu-lite 2.2.1 Authenticated.SQL.Injection LOW" "salvador-ai-image-generator No.known.fix Missing.Authorization MEDIUM" "social-bookmarking-reloaded No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "shortcodes-ui No.known.fix Contributor+.Stored.XSS MEDIUM" "shortcodes-ui No.known.fix CSRF MEDIUM" "search-with-typesense 2.0.9 Authenticated.(Admin+).Path.Traversal LOW" "social-auto-poster 5.3.16 Cross-Site.Request.Forgery MEDIUM" "social-auto-poster 5.3.16 Reflected.Cross-Site.Scripting MEDIUM" "social-auto-poster 5.3.15 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "social-auto-poster 5.3.15 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Meta.Update.via.wpw_auto_poster_update_tweet_template MEDIUM" "social-auto-poster 5.3.15 Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "social-auto-poster 5.3.15 Missing.Authorization.via.Multiple.Functions HIGH" "social-auto-poster 5.3.15 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "social-auto-poster 5.3.15 Cross-Site.Request.Forgery.via.Multiple.Functions MEDIUM" "social-auto-poster 5.3.15 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "seriously-simple-podcasting 3.10.0 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "seriously-simple-podcasting 3.6.0 Reflected.Cross-Site.Scripting.via.add_query_arg.Parameter MEDIUM" "seriously-simple-podcasting 3.3.0 Admin+.Stored.XSS LOW" "seriously-simple-podcasting 3.1.0 Reflected.Cross-Site.Scripting MEDIUM" "seriously-simple-podcasting 3.0.0 Unauthenticated.Administrator.Email.Disclosure MEDIUM" "seriously-simple-podcasting 2.19.1 Contributor+.Stored.XSS MEDIUM" "seriously-simple-podcasting 2.16.1 Arbitrary.Settings.Update.via.CSRF MEDIUM" "sumo-divi-modules No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sumo-divi-modules 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "spreadr-for-woocomerce 1.0.5 Missing.Authorization MEDIUM" "spreadr-for-woocomerce 1.0.5 Missing.Authorization.to.Arbitrary.Content.Deletion HIGH" "stock-quotes-list 2.9.12 Contributor+.Stored.XSS MEDIUM" "showbizpro No.known.fix Shell.Upload CRITICAL" "subscriptiondna 2.2 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "simple-business-manager No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "spam-control-xforwc 1.5.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "sticky-social-bar No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "spendino No.known.fix Unauthenticated.Arbitrary.Options.Update CRITICAL" "shoutcast-icecast-html5-radio-player No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-news No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.news.Shortcode MEDIUM" "select-all-categories-and-taxonomies-change-checkbox-to-radio-buttons 1.3.2 Reflected.Cross-Site.Scripting.(XSS) HIGH" "soccer-engine-lite 1.13 Cross-Site.Request.Forgery MEDIUM" "sticky-header-on-scroll No.known.fix Missing.Authorization MEDIUM" "simplemodal-contact-form-smcf No.known.fix Admin+.Stored.XSS LOW" "sendgrid-email-delivery-simplified No.known.fix Authenticated.Authorization.Bypass MEDIUM" "stklcode-liveticker 1.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "service-booking-manager No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "supreme-modules-for-divi 2.5.52 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "supreme-modules-for-divi 2.5.4 Contrib+.DOM-Based.Cross-Site.Scripting MEDIUM" "searchpro 2.1.2 Reflected.Cross-Site.Scripting MEDIUM" "searchpro 1.7.7 Unauthenticated.Arbitrary.File.Uplaod CRITICAL" "searchpro 1.7.6 Unauthenticated.Server-Side.Request.Forgery HIGH" "search-logger No.known.fix Admin+.SQLi MEDIUM" "simple-lightbox 2.9.4 Contributor+.Stored.XSS MEDIUM" "simple-banner 3.0.5 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "simple-banner 3.0.4 Admin+.Stored.XSS LOW" "simple-banner 2.12.0 Admin+.Stored.Cross.Site.Scripting LOW" "simple-banner 2.12.0 Admin+.Stored.Cross-Site.Scripting LOW" "simple-banner 2.10.4 Admin+.Stored.XSS MEDIUM" "subscribe-to-download-lite 1.3.0 Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "subscribe-to-download-lite 1.3.0 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "sharethis-share-buttons 2.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sharethis-inline-buttons.Shortcode MEDIUM" "shortcode-collection No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sksdev-toolkit No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "seed-fonts 2.4.0 Admin+.Stored.XSS LOW" "search-order-by-product-sku-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "slideshow-ck 1.4.10 Admin+.Stored.Cross-Site.Scripting LOW" "scheduled-notification-bar No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "social-media-sharing No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "simplebooklet 1.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simplebooklet 1.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "streamweasels-kick-integration 1.1.2 Blocks.and.Shortcodes.for.Embedding.Kick.Streams.<.1.1.2.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sw-kick-embed.Shortcode MEDIUM" "shalom-world-media-gallery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "shockingly-simple-favicon No.known.fix Settings.Update.via.CSRF MEDIUM" "schema-app-structured-data-for-schemaorg 2.2.5 Reflected.Cross-Site.Scripting MEDIUM" "schema-app-structured-data-for-schemaorg 2.2.1 Cross-Site.Request.Forgery MEDIUM" "schema-app-structured-data-for-schemaorg 2.2.1 Missing.Authorization MEDIUM" "schema-app-structured-data-for-schemaorg 1.22.4 Missing.Authorization.via.page_init MEDIUM" "shortcodes-anywhere No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "search-everything 8.1.7 SQL.Injection CRITICAL" "search-everything 8.1.6 SQL.Injection CRITICAL" "seatgeek-affiliate-tickets No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "seo-backlink-monitor 1.6.0 Reflected.Cross-Site.Scripting MEDIUM" "simple-ldap-login 1.6.1 Reflected.Cross-Site.Scripting MEDIUM" "slick-sitemap No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "slp-extended-data-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "slp-extended-data-manager 5.9.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "store-locator No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "store-locator No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "store-locator 3.98.8 Settings.Update.via.CSRF MEDIUM" "store-locator 3.34 SQL.Injection CRITICAL" "simple-social-buttons 6.0.0 Admin+.Stored.XSS LOW" "simple-social-buttons 5.1.1 Unauthenticated.Password.Protected.Post.Access MEDIUM" "simple-social-buttons 3.2.4 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "simple-social-buttons 3.2.3 Contributor+.Stored.XSS MEDIUM" "simple-social-buttons 3.2.0 Reflected.Cross-Site.Scripting CRITICAL" "simple-social-buttons 3.2.1 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "simple-social-buttons 2.0.22 Authenticated.Option.Injection HIGH" "shopperapproved-reviews 2.2 2.1.-..Subscriber+.Arbitrary.Options.Update HIGH" "svgmagic No.known.fix Stored.XSS.via.SVG.Upload MEDIUM" "slider-by-supsystic 1.8.11 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "slider-by-supsystic 1.8.11 Authenticated.(Admin+).SQL.Injection CRITICAL" "slider-by-supsystic 1.8.7 Missing.Authorization MEDIUM" "slider-by-supsystic 1.8.7 CSRF MEDIUM" "simple-custom-author-profiles No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "speedsize-ai-image-optimizer 1.5.2 Cross-Site.Request.Forgery.to.Clear.Cache MEDIUM" "simple-travel-map No.known.fix Cross-Site.Request.Forgery MEDIUM" "superfast-mailgun-newsletter 1.1.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "single-sign-on-client No.known.fix Authentication.Bypass HIGH" "sell-media-file No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sell-photo 1.0.6 Authenticated.Stored.Cross-Site.Scripting LOW" "swipehq-payment-gateway-woocommerce No.known.fix Unauthenticated.Reflected.XSS MEDIUM" "svg-complete No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "smoothscroller No.known.fix Admin+.Stored.XSS LOW" "simple-fields No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "simple-fields 1.4.11 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "shop-assistant-for-woocommerce-jarvis 2.9.2 Missing.Authorization MEDIUM" "seo-alert No.known.fix Admin+.Stored.XSS LOW" "simple-login-log 1.1.2 Authenticated.SQL.Injection CRITICAL" "sparkpost 2.3.6 Admin+.Stored.XSS LOW" "stockdio-historical-chart 2.8.19 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "stockdio-historical-chart 2.8.1 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "simple-download-monitor 3.9.26 Authenticated.(Administrator+).SQL.Injection MEDIUM" "simple-download-monitor 3.9.11 Contributor+.Stored.Cross-Site.Scripting.via.Shortcodes MEDIUM" "simple-download-monitor 3.9.9 Multiple.CSRF MEDIUM" "simple-download-monitor 3.9.6 Arbitrary.Thumbnails.Removal MEDIUM" "simple-download-monitor 3.9.5 Reflected.Cross-Site.Scripting HIGH" "simple-download-monitor 3.9.6 Unauthorised.Log.Reset MEDIUM" "simple-download-monitor 3.9.6 Unauthenticated.Log.Access MEDIUM" "simple-download-monitor 3.9.5 Contributor+.Stored.Cross-Site.Scripting.via.File.Thumbnail MEDIUM" "simple-download-monitor 3.9.5 Contributor+.Arbitrary.File.Download.via.Path.Traversal MEDIUM" "simple-download-monitor 3.8.9 Unauthenticated.Cross-Site.Scripting MEDIUM" "simple-download-monitor 3.8.9 SQL.Injection MEDIUM" "simple-download-monitor 3.5.4 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "script-compressor No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "search-filter 1.2.16 Contributor+.Stored.XSS MEDIUM" "snazzy-maps 1.1.5 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "suki-sites-import No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "salavat-counter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "smartifw No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "securesubmit No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "securesubmit No.known.fix Missing.Authorization MEDIUM" "secure-admin-ip No.known.fix Missing.Authorization.via.'saveSettings' MEDIUM" "social-metrics No.known.fix Admin+.Stored.XSS LOW" "sp-blog-designer No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "sp-blog-designer No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "stax No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "stax 1.3.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sr-partner No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "sandbox No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Sandbox.Download MEDIUM" "sandbox No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "s-dev-seo No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "social-counter No.known.fix Authenticated.(Administrator+).PHP.Object.Injection MEDIUM" "store-locator-widget 2025r3 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "store-locator-widget 2025r2 Contributor+.Stored.XSS MEDIUM" "style-admin No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "social-share-buttons-by-supsystic 2.2.4 Subscriber+.Unauthorised.Actions MEDIUM" "social-share-buttons-by-supsystic 2.2.4 Subscriber+.SQLi HIGH" "social-share-buttons-by-supsystic 2.2.4 Multiple.CSRF MEDIUM" "stylish-google-sheet-reader 4.1 Reflected.XSS HIGH" "stylish-google-sheet-reader 4.1 Reflected.Cross-Site.Scripting HIGH" "shorten-url No.known.fix Cross-Site.Request.Forgery.via.configuration_page MEDIUM" "shorten-url No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "shorten-url No.known.fix Missing.Authorization.via.multiple.AJAX.functions MEDIUM" "shorten-url No.known.fix CSRF MEDIUM" "shorten-url 1.6.5 Admin+.Cross.Site.Scripting LOW" "shorten-url 1.6.5 Subscriber+.SQLi HIGH" "shorten-url 1.6.5 Admin+.Stored.Cross-Site.Scripting MEDIUM" "shop-page-wp 1.2.8 Admin+.Stored.Cross-Site.Scripting MEDIUM" "spectra-pro 1.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Block.IDs MEDIUM" "spectra-pro 1.1.6 Authenticated.(Author+).Privilege.Escalation HIGH" "serial-codes-generator-and-validator 2.7.8 Cross-Site.Request.Forgery.via.[placeholder] MEDIUM" "serial-codes-generator-and-validator 2.4.15 Admin+.Stored.XSS LOW" "smaily-for-wp 3.1.6 Contributor+.Stored.XSS MEDIUM" "social-autho-bio No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "social-media-feather 2.1.4 Subscriber+.Unauthorised.Action MEDIUM" "social-media-feather 2.0.5 Admin+.Stored.Cross-Site.Scripting LOW" "slope-widgets 4.2.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "swatchly 1.4.1 1.4.0.-.Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Options.Update MEDIUM" "swatchly 1.2.1 Cross-Site.Request.Forgery MEDIUM" "supportbubble No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "supportbubble No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "security-malware-firewall 2.150 Unauthenticated.Arbitrary.File.Upload CRITICAL" "security-malware-firewall 2.145.1 Authorization.Bypass.via.Reverse.DNS.Spoofing.to.Unauthenticated.SQL.Injection HIGH" "security-malware-firewall 2.121 IP.Spoofing MEDIUM" "security-malware-firewall 2.51 Security.Nonce.Leak.leading.to.Unauthorised.AJAX.call HIGH" "search-exclude 2.5.0 Missing.Authorization.to.Unauthenticated.Plugin.Settings.Modification MEDIUM" "search-exclude 1.2.7 Author+.Stored.Cross-Site.Scripting MEDIUM" "search-exclude 1.2.4 Arbitrary.Settings.Change HIGH" "simple-link-directory 8.4.6 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "simple-link-directory 7.7.2 Unauthenticated.SQL.injection HIGH" "simple-link-directory 7.3.5 Cross-Site.Scripting.(XSS) MEDIUM" "seraphinite-discount-for-woocommerce 2.4.7 Reflected.Cross-Site.Scripting MEDIUM" "simplified No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "sky-login-redirect 3.7.3 Reflected.Cross-Site.Scripting MEDIUM" "sky-login-redirect 3.6.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simpleschema-free No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "smtp-mailing-queue 1.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "smtp-mailing-queue 2.0.1 Admin+.Stored.XSS LOW" "software-license-manager 4.5.1 Arbitrary.Domain.Deletion.via.CSRF HIGH" "software-license-manager 4.5.0 Admin+.Stored.Cross-Site.Scripting LOW" "software-license-manager 4.4.8 Reflected.Cross-Site.Scripting HIGH" "software-license-manager 4.4.6 CSRF.to.Stored.XSS HIGH" "site-editor No.known.fix Local.File.Inclusion.(LFI) HIGH" "smart-agenda-prise-de-rendez-vous-en-ligne 4.8 Stored.XSS.via.CSRF HIGH" "smart-agenda-prise-de-rendez-vous-en-ligne 4.8 Stored.XSS.via.CSRF HIGH" "smart-agenda-prise-de-rendez-vous-en-ligne 4.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shapepress-dsgvo 3.1.33 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "shapepress-dsgvo 3.1.24 Unauthenticated.Arbitrary.Post.Deletion HIGH" "shapepress-dsgvo 3.1.24 Unauthenticated.Plugin's.Settings.Update.to.Stored.Cross-Site.Scripting HIGH" "shapepress-dsgvo 2.2.19 Authenticated.Reflected.XSS MEDIUM" "seo-dashboard-by-gutewebsites-de No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "safe-svg 2.2.6 Author+.SVG.Sanitisation.Bypass MEDIUM" "safe-svg 1.9.10 SVG.Sanitisation.Bypass MEDIUM" "safe-svg 1.9.6 XSS.Protection.Bypass HIGH" "slicko-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-woocommerce-csv-loader No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "string-locator 2.6.7 Unauthenticated.PHP.Object.Injection HIGH" "string-locator 2.6.6 Reflected.Cross-Site.Scripting MEDIUM" "string-locator 2.6.0 Authenticated.PHAR.Deserialization MEDIUM" "string-locator 2.5.0 Admin+.Arbitrary.File.Read LOW" "spacer No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Information.Disclosure LOW" "spacer 3.0.7 Admin+.Stored.XSS LOW" "slivery-extender No.known.fix Authenticated(Contributor+).Remote.Code.Execution.via.shortcode HIGH" "simple-buttons-creator No.known.fix Aribtrary.Button.Deletion.via.CSRF MEDIUM" "simple-buttons-creator No.known.fix Unauthenticated.Stored.XSS HIGH" "sw-contact-form No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "supersaas-appointment-scheduling 2.1.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.after.Parameter MEDIUM" "supersaas-appointment-scheduling 2.1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-real-estate-pack-4 No.known.fix Admin+.Stored.Cross.Site.Scripting LOW" "slider-responsive-slideshow 1.4.2 Missing.Authorization MEDIUM" "slider-responsive-slideshow 1.4.0 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "spoki 2.15.16 Contributor+.Stored.XSS MEDIUM" "social-proof-testimonials-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.spslider-block.Shortcode MEDIUM" "social-proof-testimonials-slider 2.2.4 Admin+.Stored.XSS LOW" "stylist No.known.fix Cross-Site.Request.Forgery MEDIUM" "stop-spammer-registrations-plugin 2024.5 Cross-Site.Request.Forgery.(CSRF).via.sfs_process MEDIUM" "stop-spammer-registrations-plugin 2023 Reflected.XSS HIGH" "stop-spammer-registrations-plugin 2023 Admin+.Stored.XSS LOW" "stop-spammer-registrations-plugin 2022.6 Unauthenticated.PHP.Object.Injection MEDIUM" "stop-spammer-registrations-plugin 2021.18 Authenticated.Stored.XSS LOW" "stop-spammer-registrations-plugin 2021.9 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "simple-form 2.12.2 Admin+.Stored.XSS LOW" "shortpixel-critical-css 1.0.3 Missing.Authorization MEDIUM" "seo-landing-page-generator 1.66.3 Reflected.Cross-Site.Scripting MEDIUM" "seo-landing-page-generator 1.62.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "smart-cookie-kit 2.3.2 Contributor+.Stored.XSS MEDIUM" "share-on-diaspora 0.7.2 XSS MEDIUM" "smartarget-contact-us No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "simple-cart-solution No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-cart-solution 1.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "social-gallery-lite No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "social-gallery-lite No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "shuffle No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "s2member 250424 Administrator+.Local.File.Inclusion MEDIUM" "s2member 250214 Reflected.Cross-Site.Scripting MEDIUM" "s2member 250214 Reflected.Cross-Site.Scripting MEDIUM" "s2member 241216 Authenticated.(Contributor+).Sensitive.Information.Exposure HIGH" "s2member 241216 Unauthenticated.Remote.Code.Execution HIGH" "s2member 240325 Limited.Privilege.Escalation MEDIUM" "s2member 240315 Information.Exposure MEDIUM" "simple-payment 2.3.8 Reflected.Cross-Site.Scripting MEDIUM" "show-all-comments-in-one-page 7.0.1 Reflected.XSS HIGH" "salert 1.2.2 Reflected.XSS HIGH" "salert 1.2.2 Subscriber+.Missing.Authorization MEDIUM" "support-svg 1.1.1 .Authenticated.(Author+).Stored.Cross-site.Scripting.via.SVG.File.Upload MEDIUM" "support-svg 1.1.0 Stored.XSS.via.SVG.Upload MEDIUM" "special-feed-items No.known.fix Stored.XSS.via.CSRF HIGH" "shortcode-ninja No.known.fix Unauthenticated.Reflected.XSS MEDIUM" "sonawp-simple-payment-block 1.0.1 Reflected.Cross-Site.Scripting MEDIUM" "sheet2site No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "seguro-viagem 3.0.0 Stored.XSS.via.CSRF HIGH" "salesmanago 3.2.5 Log.Injection.via.Weak.Authentication.Token MEDIUM" "solace-extra 1.3.2 Subscriber+.Arbitrary.File.Upload HIGH" "solace-extra 1.3.1 Subscriber+.Arbitrary.File.Upload HIGH" "standard-box-sizes 1.6.14 Missing.Authorization MEDIUM" "secure-downloads 1.2.3 Admin+.Arbitrary.File.Download MEDIUM" "simply-exclude No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-sitemap No.known.fix Missing.Authorization MEDIUM" "simple-sitemap 3.5.14 Cross-Site.Request.Forgery.via.admin_notices MEDIUM" "simple-sitemap 3.5.10 Reflected.Cross-Site.Scripting MEDIUM" "simple-sitemap 3.5.8 Contributor+.Stored.XSS MEDIUM" "simple-sitemap 3.5.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "shortcode-cleaner-lite No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Export MEDIUM" "simple-rating No.known.fix Cross-Site.Request.Forgery MEDIUM" "social-network-tabs No.known.fix Social.Media.API.Key.Leakage CRITICAL" "sola-testimonials No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.alignment.Parameter MEDIUM" "sola-testimonials No.known.fix Cross-Site.Request.Forgery MEDIUM" "simply-show-hooks No.known.fix Injected.Backdoor CRITICAL" "sfwd-lms 4.20.0.3 Missing.Authorization MEDIUM" "sfwd-lms 4.10.2 Sensitive.Information.Exposure.via.API MEDIUM" "sfwd-lms 4.10.3 Sensitive.Information.Exposure.via.API MEDIUM" "sfwd-lms 4.10.2 Sensitive.Information.Exposure.via.assignments MEDIUM" "sfwd-lms 4.5.3.1 SQL.Injection MEDIUM" "sfwd-lms 4.6.0.1 User.Account.Takeover.via.Insecure.Direct.Object.References HIGH" "sfwd-lms 3.1.6 Unauthenticated.SQL.Injection CRITICAL" "sfwd-lms 3.1.2 Reflected.Cross.Site.Scripting.(XSS).issue.on.the.[ld_profile].search.field. MEDIUM" "sfwd-lms 2.5.4 Unauthenticated.Arbitrary.File.Upload CRITICAL" "stock-exporter-for-woocommerce 1.2.0 Reflected.XSS HIGH" "simple-e-commerce-shopping-cart No.known.fix Sell.products.through.Paypal.<=.3.1.2.-.Reflected.Cross-Site.Scripting.via.monthly_sales_current_year.Parameter MEDIUM" "simple-e-commerce-shopping-cart No.known.fix Sell.products.through.Paypal.<=.3.1.2.-.Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update./.Data.Access MEDIUM" "simple-e-commerce-shopping-cart No.known.fix Arbitrary.File.Upload CRITICAL" "social-warfare 4.5.6 Contributor+.Stored.XSS MEDIUM" "social-warfare 4.4.7.3 Injected.Backdoor CRITICAL" "social-warfare 4.4.6 Cross-Site.Request.Forgery MEDIUM" "social-warfare 4.4.6.2 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "social-warfare 4.4.4 Social.Warfare.<.4.4.4.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "social-warfare 4.4.0 Post.Meta.Deletion.via.CSRF MEDIUM" "social-warfare 4.3.1 Subscriber+.Post.Meta.Deletion MEDIUM" "social-warfare 3.5.3 Unauthenticated.Remote.Code.Execution.(RCE) MEDIUM" "sitemap-index No.known.fix Admin+.XSS LOW" "seo-nutrition-and-print-for-recipes-by-edamam No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "stock-sync-with-google-sheet-for-woocommerce 3.13.2 Authenticated.(Administrator+).SQL.Injection MEDIUM" "sync-post-with-other-site 1.7 Missing.Authorization.to.Authenticated.(Subscriber+).Post.Creation.and.Update MEDIUM" "sync-post-with-other-site 1.5.2 Cross-Site.Request.Forgery MEDIUM" "seo-help No.known.fix Admin+.SSRF MEDIUM" "seo-help No.known.fix Missing.Authorization MEDIUM" "seo-help 6.1.4 Reflected.Cross-Site.Scripting MEDIUM" "store-locator-le No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "store-locator-le 5.9 Authenticated.Privilege.Escalation CRITICAL" "store-locator-le 5.9 Unauthenticated.Stored.XSS HIGH" "svg-vector-icon-plugin No.known.fix Admin+.Remote.Code.Execution.(RCE) MEDIUM" "svg-vector-icon-plugin 3.2.3 Cross-Site.Request.Forgery.(CSRF).leading.to.RCE HIGH" "slick-engagement 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.slick-grid.Shortcode MEDIUM" "story-chief 1.0.31 Reflected.Cross-Site.Scripting.(XSS) HIGH" "story-chief 1.0.31 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "simple-local-avatars 2.8.0 Missing.Authorization.to.Authenticated.(Subscriber+).User.Cache.Clearing MEDIUM" "simple-local-avatars 2.7.11 Cross-Site.Request.Forgery.via.save_default_avatar_file_id() MEDIUM" "sopa-blackout No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "simple-add-pages-or-posts No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "simple-add-pages-or-posts No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "simple-add-pages-or-posts 1.7 CSRF MEDIUM" "simple-urls 121 Arbitrary.Actions.via.CSRF MEDIUM" "simple-urls 118 Reflected.XSS HIGH" "simple-urls 115 Subscriber+.SQLi HIGH" "simple-urls 115 Multiple.Reflected.XSS HIGH" "specific-content-for-mobile 0.5.4 Missing.Authorization MEDIUM" "specific-content-for-mobile 0.1.9.6 Reflected.Cross-Site.Scripting MEDIUM" "search-filter-pro 2.5.20 Missing.Authorization.to.Authenticated.(Subscriber+).Post.Meta.Exposure MEDIUM" "search-filter-pro 2.5.18 Admin+.Stored.XSS LOW" "skt-skill-bar 2.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "skt-skill-bar 2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "strong-testimonials 3.2.4 Missing.Authorization MEDIUM" "strong-testimonials 3.1.17 Missing.Authorization MEDIUM" "strong-testimonials 3.1.13 Authenticated(Contributor+).Improper.Authorization.to.Views.Modification MEDIUM" "strong-testimonials 3.1.12 Contributor+.Stored.XSS MEDIUM" "strong-testimonials 3.1.11 Settings.Update.via.CSRF MEDIUM" "strong-testimonials 3.0.3 Contributor+.Stored.XSS MEDIUM" "strong-testimonials 3.0.3 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "strong-testimonials 2.51.3 Unauthorised.AJAX.Call MEDIUM" "strong-testimonials 2.40.1 Stored.Cross.Site.Scripting.(XSS) MEDIUM" "social-share-and-social-locker-arsocial No.known.fix Unauthenticated.SQL.Injection HIGH" "social-share-and-social-locker-arsocial No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "social-share-and-social-locker-arsocial 1.4.2 Admin+.Stored.XSS LOW" "social-media-widget 4.0.9 Admin+.Stored.XSS LOW" "simple-download-counter 2.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-download-counter 2.1 Authenticated.(Author+).Arbitrary.File.Read MEDIUM" "simple-download-counter 1.6.1 Contributor+.Stored.XSS MEDIUM" "shopp No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "steam-group-viewer No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "sitetweet-tweets-user-behaviors-on-your-site-on-twitter No.known.fix Stored.XSS.via.CSRF HIGH" "setsail-membership 1.1 Authentication.Bypass CRITICAL" "spreadshirt-rss-3d-cube-flash-gallery No.known.fix Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "simpleform No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "syndication-links 1.0.2.1 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "subway No.known.fix Improper.Access.Control.to.Sensitive.Information.Exposure.via.REST.API MEDIUM" "simple-page-transition No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "soliloquy-lite 2.7.7 Missing.Authorization.to.Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "soliloquy-lite 2.7.3 Subscriber+.Slider.Data.Access MEDIUM" "sleekplan No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "spider-event-calendar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "spider-event-calendar 1.5.52 Admin+.SQL.injection MEDIUM" "spider-event-calendar 1.5.52 Authenticated.Blind.SQL.Injection CRITICAL" "spider-event-calendar 1.4.14 Unauthenticated.SQL.Injection HIGH" "siteguard 1.7.7 Login.Page.Disclosure MEDIUM" "streak-crm-for-gmail-integration-for-contact-form-7 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "streak-crm-for-gmail-integration-for-contact-form-7 No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "site-mailer 1.2.4 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "send-emails-with-mandrill 1.4.2 Missing.Authorization MEDIUM" "starter-templates No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.Plugin.Installation MEDIUM" "starter-templates No.known.fix Unauthenticated.Blind.Server-Side.Request.Forgery MEDIUM" "simple-spoiler No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-spoiler 1.4 1.3.-.Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "simple-spoiler 1.3 Admin+.Stored.XSS LOW" "skt-builder 4.8 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "skt-builder 4.2 Missing.Authorization.to.Authenticated(Subscriber+).Content.Injection MEDIUM" "shortcode-variables 4.1.7 Authenticated.(Subscriber+).Shortcode.Deletion MEDIUM" "shortcode-variables 4.1.5 Cross-Site.Request.Forgery MEDIUM" "simple-blueprint-installer 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "simple-charts No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sendsms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "svg-block 1.1.25 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "svg-block 1.1.20 Author+.Stored.XSS.via.SVG.File.Upload MEDIUM" "simple-content-construction-kit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sell-digital-downloads No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "scw-seat-reservation 3.4 Unauthenticated.SQL.Injection HIGH" "shopready-elementor-addon No.known.fix Contributor+.Local.File.Inclusion MEDIUM" "spider-elements No.known.fix Missing.Authorization MEDIUM" "spider-elements No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "spotify-play-button-for-wordpress 2.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.spotifyplaybutton.Shortcode MEDIUM" "spotify-play-button-for-wordpress 2.11 Settings.Update.via.CSRF MEDIUM" "spotify-play-button-for-wordpress 2.08 Admin+.Stored.XSS LOW" "spotify-play-button-for-wordpress 2.06 Contributor+.Stored.XSS MEDIUM" "simple-al-slider No.known.fix Reflected.XSS HIGH" "smtp-sendgrid 1.5 Unauthenticated.Stored.Cross-Site.Scripting.via.Email.Logs HIGH" "sb-child-list No.known.fix Settings.Update.via.CSRF MEDIUM" "simply-featured-video No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "social-photo-gallery No.known.fix Remote.Code.Execution.(RCE) HIGH" "svs-pricing-tables No.known.fix Cross-Site.Request.Forgery.to.Pricing.Table.Edit/Creation MEDIUM" "svs-pricing-tables No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "svs-pricing-tables No.known.fix Cross-Site.Request.Forgery.to.Pricing.Table.Deletion MEDIUM" "swifty-page-manager No.known.fix Page.Creation/Deletion.via.CSRF MEDIUM" "swifty-page-manager No.known.fix Admin+.Stored.XSS LOW" "simple-certain-time-to-show-content 1.3.1 Reflected.XSS HIGH" "sparkle-demo-importer 1.4.8 Missing.Authorization.to.Authorized(Subscriber+).Post/Pages/Attachements.Deletion.and.Demo.Data.Import MEDIUM" "symbiostock No.known.fix Authenticated.(Shop.Manager+).Arbitrary.File.Upload HIGH" "simple-baseball-scoreboard No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "stylish-internal-links No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "spider-faq No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "slazzer-background-changer No.known.fix Missing.Authorization MEDIUM" "slicknav-mobile-menu 1.9.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "seo-redirection 9.1 Multiple.CSRF MEDIUM" "seo-redirection 9.1 404.Error.&.History.Deletion.via.CSRF MEDIUM" "seo-redirection 8.2 Subscriber+.SQL.Injection HIGH" "seo-redirection 7.9 Arbitrary.Redirect.Deletion.via.CSRF MEDIUM" "seo-redirection 7.4 Reflected.Cross-Site.Scripting HIGH" "seo-redirection 7.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "seo-redirection 6.4 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "seo-redirection 4.3 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "seo-redirection 2.9 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "seo-redirection 2.3 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "social-links No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "social-links No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "stylish-price-list 7.1.12 Contributor+.Stored.XSS MEDIUM" "stylish-price-list 7.1.8 Contributor+.Stored.XSS MEDIUM" "stylish-price-list 7.0.18 Missing.Authorization MEDIUM" "stylish-price-list 6.9.1 Subscriber+.Arbitrary.Image.Upload MEDIUM" "stylish-price-list 6.9.0 Unauthenticated.Arbitrary.Image.Upload MEDIUM" "sg-helper No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "services-section 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "slideonline No.known.fix Contributor+.Stored.XSS MEDIUM" "searchie No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "social-pug-author-box No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "stock-market-charts-from-finviz 1.0.2 Admin+.Stored.XSS LOW" "smdp-affiliate-platform No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "supra-csv-parser No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "scroll-to-top-builder No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "single-post-exporter No.known.fix Plugin's.Settings.Update.via.CSRF MEDIUM" "simple-user-listing 1.9.3 Reflected.XSS HIGH" "sociable No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "secupress-pro 2.0 Unauthenticated.Arbitrary.IP.Ban MEDIUM" "spice-starter-sites No.known.fix Missing.Authorization.to.Unauthenticated.Demo.Content.Import MEDIUM" "spice-starter-sites No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "spice-starter-sites 1.1 Reflected.Cross-Site.Scripting MEDIUM" "simple-gallery-odihost No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-gallery-odihost No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "smart-grid-gallery 1.1.5 Vimeo.and.YouTube.Gallery.<.1.1.5.-.Admin+.Stored.Cross-Site.Scripting LOW" "simple-google-maps-short-code 1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "sticky-add-to-cart-woo No.known.fix Missing.Authorization MEDIUM" "superfly-menu 5.0.30 Cross-Site.Request.Forgery.to.Arbitrary.File.Deletion HIGH" "superfly-menu No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "smooth-gallery-replacement No.known.fix CSRF.to.Stored.XSS HIGH" "starterblocks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "starterblocks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "section-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "section-slider No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "section-slider No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "selar-co-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sticky-banner 1.3.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "smart-dofollow No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "spotlightr 0.1.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "show-hidecollapse-expand 1.3.0 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "show-hidecollapse-expand No.known.fix Subscriber+.Settings.Update MEDIUM" "sayfa-sayac No.known.fix Unauthenticated.SQL.Injection CRITICAL" "sayfa-sayac No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "smart-admin-menu-filter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "smart-admin-menu-filter No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "speakout 4.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "speakout 2.14.15.1 Unauthenticated.SQLi HIGH" "speakout 2.13.3 Reflected.Cross-Site.Scripting HIGH" "securimage-wp-fixed No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "smart-donations No.known.fix Cross-Site.Request.Forgery MEDIUM" "smart-donations No.known.fix Smart.Donations.<=.4.0.12.-.Stored.XSS.via.CSRF HIGH" "smart-donations No.known.fix Smart.Donations.<=.4.0.12.-.Admin+.SQLi MEDIUM" "smart-donations No.known.fix Smart.Donations.<=.4.0.12.-.Reflected.XSS HIGH" "searchiq 4.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "searchiq 4.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "searchiq 4.7 Cross-Site.Request.Forgery MEDIUM" "searchiq 4.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "searchiq 4.6 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "searchiq 4.5 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "searchiq 3.9 Unauthenticated.Stored.XSS HIGH" "service-updates-for-customers No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "schreikasten No.known.fix Author+.SQL.Injections HIGH" "social-analytics No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "sweepwidget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "stars-smtp-mailer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "stars-smtp-mailer No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "simply-rets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simply-rets No.known.fix Cross-Site.Request.Forgery MEDIUM" "simply-rets 3.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "synved-shortcodes No.known.fix Contributor+.Stored.XSS MEDIUM" "social-web-suite 4.1.12 Directory.Traversal.to.Arbitrary.File.Download HIGH" "simple-side-tab 2.2.0 Admin+.Stored.XSS LOW" "slider-comparison-image-before-and-after No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "smart-slider-3 3.5.1.23 Contributor+.Stored.XSS.via.SVG.Upload MEDIUM" "smart-slider-3 3.5.1.14 Contributor+.Stored.XSS MEDIUM" "smart-slider-3 3.5.1.11 Contributor+.Stored.XSS MEDIUM" "smart-slider-3 3.5.1.11 PHP.Object.Injection MEDIUM" "smart-slider-3 3.5.0.9 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "staticpress No.known.fix Missing.Authorization MEDIUM" "site-mode No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "simple-facebook-plugin 1.5.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "simple-facebook-plugin 1.5.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "sb-elementor-contact-form-db 1.8.0 Reflected.Cross-Site.Scripting MEDIUM" "sb-elementor-contact-form-db 1.6 Plugin.Settings.Cross-Site.Request.Forgery MEDIUM" "sb-elementor-contact-form-db 1.6 Unauthenticated.&.Unauthorised.Form.Submissions.Export HIGH" "sp-rental-manager No.known.fix Unauthenticated.SQL.Injection HIGH" "sis-handball No.known.fix Settings.Update.via.CSRF MEDIUM" "send-pdf-for-contact-form-7 1.0.2.4 Missing.Authorization MEDIUM" "send-pdf-for-contact-form-7 0.9.9.2 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "seatreg 1.56.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "salt-shaker 1.4.2 Reflected.Cross-Site.Scripting MEDIUM" "static-html-output-plugin 6.0 Reflected.Cross-Site.Scripting MEDIUM" "simple-popup No.known.fix Admin+.Stored.XSS LOW" "simple-audioplayer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sell-media No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sell-media 2.5.7.3 CSRF.Bypass MEDIUM" "sell-media 2.4.2 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "syncee-global-dropshipping 1.0.10 Global.Dropshipping.<.1.0.10.-.Authentication.Token.Disclosure HIGH" "simple-post-meta-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "shopelement 2.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "safety-exit 1.7.1 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "smart-google-code-inserter 3.5 Unauthenticated.SQL.Injection CRITICAL" "smart-google-code-inserter 3.5 Unauthenticated.Cross-Site.Scripting.(XSS) CRITICAL" "simplemap No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "site-reviews 7.2.5 Unauthenticated.Stored.XSS HIGH" "site-reviews 7.0.0 IP.Spoofing MEDIUM" "site-reviews 6.11.7 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "site-reviews 6.11.7 Authenticated(Subscriber+).Stored.Cross-Site.Scripting.via.display.name MEDIUM" "site-reviews 6.10.3 Missing.Authorization MEDIUM" "site-reviews 6.7.1 Admin+.Stored.XSS LOW" "site-reviews 6.6.0 Contributor+.Stored.XSS MEDIUM" "site-reviews 6.6.0 Contributor+.Stored.XSS MEDIUM" "site-reviews 6.4.0 Unauthenticated.CSV.Injection MEDIUM" "site-reviews 5.17.3 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "site-reviews 5.13.1 Admin+.Stored.XSS LOW" "site-reviews 2.15.3 Cross-Site.Scripting.(XSS) MEDIUM" "simple-tags 3.30.0 Admin+.Stored.XSS LOW" "simple-tags 3.20.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "simple-tags 3.6.5 Editor+.Stored.XSS LOW" "simple-tags 3.4.5 Reflected.Cross-Site.Scripting MEDIUM" "simple-tags 3.0.7.2 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "simple-mail-address-encoder 1.7 Reflected.Authenticated.XSS MEDIUM" "scoutnet-kalender No.known.fix Stored.Cross-Site.Scripting.(XSS) MEDIUM" "ssquiz No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "sh-slideshow No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "snow-monkey-forms 5.0.7 Unauthenticated.Path.Traversal MEDIUM" "smart-blocks 2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sv-provenexpert 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "sv-provenexpert 1.8.01 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "seo-automatic-seo-tools No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "seo-automatic-seo-tools No.known.fix Reflected.XSS HIGH" "spiritual-gifts-survey No.known.fix Unauthenticated.CSRF.to.XSS MEDIUM" "spiritual-gifts-survey No.known.fix Unauthenticated.CSRF.to.XSS MEDIUM" "stop-registration-spam No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "stop-registration-spam 1.24 Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "simple-behace-portfolio No.known.fix Reflected.Cross-Site.Scripting HIGH" "simple-behace-portfolio No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "smart-email-alerts No.known.fix Reflected.Cross-Site.Scripting HIGH" "simple-facebook-twitter-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-facebook-twitter-widget No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-youtube-gdpr No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-youtube-gdpr No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "swift-performance-lite 2.3.7.2 Unauthenticated.Local.PHP.File.Inclusion.via.'ajaxify' HIGH" "swift-performance-lite 2.3.6.21 Cross-Site.Request.Forgery MEDIUM" "swift-performance-lite 2.3.6.19 Subscriber+.Settings.Update MEDIUM" "swift-performance-lite 2.3.6.15 Unauthenticated.Configuration.Export MEDIUM" "seo-by-rank-math 1.0.236 Contributor+.Arbitrary.Schema.Deletion LOW" "seo-by-rank-math 1.0.236 Contributor+.Stored.XSS.via.Rank.Math.API MEDIUM" "seo-by-rank-math 1.0.232 Admin+.Remote.Code.Execution MEDIUM" "seo-by-rank-math 1.0.229 Admin+.PHP.Object.Injection MEDIUM" "seo-by-rank-math 1.0.229 Unauthenticated.User.and.Term.Metadata.Insert/Update/Deletion MEDIUM" "seo-by-rank-math 1.0.219 Authenticated.Stored.XSS LOW" "seo-by-rank-math 1.0.219-beta Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "seo-by-rank-math 1.0.218 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "seo-by-rank-math 1.0.217 Contributor+.Stored.Cross-Site.Scripting.via.'titleWrapper' MEDIUM" "seo-by-rank-math 1.0.215 Contributor+.Stored.XSS MEDIUM" "seo-by-rank-math 1.0.119.1 Contributor+.Stored.XSS MEDIUM" "seo-by-rank-math 1.0.107.3 Contributor+.LFI MEDIUM" "seo-by-rank-math 1.0.95.1 Unauthenticated.SSRF MEDIUM" "seo-by-rank-math 1.0.42.2 Authenticated.Missing.Access.Controls.to.Disable.Competitor.Plugins MEDIUM" "seo-by-rank-math 1.0.41 Rank.Math.<.1.0.41.-.Privilege.Escalation.via.Unprotected.REST.API.Endpoint CRITICAL" "seo-by-rank-math 1.0.41 Rank.Math.<.1.0.41.-.Redirect.Creation.via.Unprotected.REST.API.Endpoint MEDIUM" "seo-by-rank-math 1.0.27.1 Authenticated.Settings.Reset MEDIUM" "sb-chart-block 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.className.Parameter MEDIUM" "school-management-system 4.2 Admin+.SQLi MEDIUM" "snapshot-backup No.known.fix Stored.XSS.via.CSRF HIGH" "statpresscn No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "smart-custom-fields No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "smart-custom-fields 5.0.0 Missing.Authorization.to.Authenticated.(Subscriber+).Post.Content.Disclosure MEDIUM" "sms-ovh No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simplelender-by-umatidocs-com No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "support-genix-lite 1.4.12 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "support-genix-lite 1.2.4 Missing.Authorization MEDIUM" "social-connect No.known.fix Authentication.Bypass CRITICAL" "sql-chart-builder No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "safe-editor 1.2 Unauthenticated.CSS/JS-injection MEDIUM" "social-media-shortcodes 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "serped-net No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "serped-net 4.6 Authenticated.(Contributor+).SQL.Injection MEDIUM" "sunshine-photo-cart 3.4.11 Unauthenticated.PHP.Object.Injection CRITICAL" "sunshine-photo-cart 3.2.11 Open.Redirect MEDIUM" "sunshine-photo-cart 3.2.10 Missing.Authorization MEDIUM" "sunshine-photo-cart 3.2.9 Missing.Authorization MEDIUM" "sunshine-photo-cart 3.2.10 Missing.Authorization MEDIUM" "sunshine-photo-cart 3.2.6 Reflected.Cross-Site.Scripting MEDIUM" "sunshine-photo-cart 3.2.2 Missing.Authorization MEDIUM" "sunshine-photo-cart 3.1.2 Unauthenticated.PHP.Object.Injection CRITICAL" "sunshine-photo-cart 3.1.2 Reflected.Cross-Site.Scripting MEDIUM" "sunshine-photo-cart 3.1 Unauthenticated.Sensitive.Information.Exposure.via.Invoice MEDIUM" "sunshine-photo-cart 3.0 Insecure.Direct.Object.Reference.to.Order.Manipulation MEDIUM" "sunshine-photo-cart 2.9.15 Reflected.XSS HIGH" "sunshine-photo-cart 2.9.14 Image.Location.Update.via.CSRF MEDIUM" "sunshine-photo-cart 2.8.29 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "service No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "spotbot No.known.fix Reflected.XSS HIGH" "squirrly-seo-pack No.known.fix Advanced.Pack.<=.2.3.8.-.Authenticated(Administrator+).SQL.Injection MEDIUM" "stockists-manager No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "save-as-image-by-pdfcrowd 3.2.2 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "save-as-image-by-pdfcrowd 3.2.2 Admin+.Stored.XSS LOW" "save-as-image-by-pdfcrowd 2.16.1 Admin+.Stored.XSS LOW" "scripts-n-styles 3.5.8 Admin+.Stored.XSS LOW" "shipping-labels-for-woo 2.3.9 Authenticated.(Shop.Manager+).Stored.Cross-Site.Scripting LOW" "sidebar-content-from-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shmapper-by-teplitsa 1.5.1 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "shmapper-by-teplitsa 1.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sprout-clients 3.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sprout-clients No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sprout-clients 3.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sprout-clients 3.2 Subscriber+.Arbitrary.Option.Update CRITICAL" "smtp-sendinblue 1.3 Unauthenticated.Stored.Cross-Site.Scripting.via.Email.Logs HIGH" "squirrly-seo 12.4.06 Authenticated.(Contributor+).SQL.Injection MEDIUM" "squirrly-seo 12.4.06 Authenticated.(Subscriber+).SQL.Injection.via.search.Parameter MEDIUM" "squirrly-seo 12.4.08 Missing.Authorization MEDIUM" "squirrly-seo 12.3.21 Editor+.Stored.XSS LOW" "squirrly-seo 12.3.20 Contributor+.SQL.Injection.via.url.Parameter MEDIUM" "squirrly-seo 12.3.17 Reflected.Cross-Site.Scripting HIGH" "squirrly-seo 12.3.16 Admin+.Stored.XSS LOW" "squirrly-seo 12.1.21 Reflected.Cross-Site.Scripting HIGH" "squirrly-seo 12.1.21 Missing.Authorization MEDIUM" "squirrly-seo 12.1.11 Contributor+.Arbitrary.File.Upload CRITICAL" "squirrly-seo 11.1.12 Reflected.Cross-Site.Scripting MEDIUM" "shortpixel-image-optimiser 5.6.4 Missing.Authorization MEDIUM" "shortpixel-image-optimiser 5.6.4 Authenticated.(Editor+).SQL.Injection MEDIUM" "shortpixel-image-optimiser 5.4.2 Authenticated(Editor+).PHP.Object.Injection MEDIUM" "shortpixel-image-optimiser 4.22.10 Reflected.Cross-Site.Scripting MEDIUM" "staggs 2.1.0 Reflected.Cross-Site.Scripting MEDIUM" "staggs 1.4.2 Reflected.Cross-Site.Scripting MEDIUM" "sign-up-sheets 2.3.1 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "sign-up-sheets 2.2.13 Reflected.XSS HIGH" "sign-up-sheets 2.2.13 Missing.Authorization MEDIUM" "sign-up-sheets 2.2.12 Cross-Site.Request.Forgery MEDIUM" "sign-up-sheets 2.2.9 Settings.Update/Reset.via.CSRF MEDIUM" "sign-up-sheets 1.0.14 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "sign-up-sheets 1.0.14 Authenticated.CSV.Injection MEDIUM" "so-widgets-bundle 1.64.1 Missing.Authorization LOW" "so-widgets-bundle 1.62.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.in.Image.Grid.widget MEDIUM" "so-widgets-bundle 1.62.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.SiteOrigin.Blog.Widget MEDIUM" "so-widgets-bundle 1.61.0 Contributor+.Stored.XSS.via.siteorigin_widget.Shortcode MEDIUM" "so-widgets-bundle 1.58.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "so-widgets-bundle 1.58.4 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "so-widgets-bundle 1.58.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "so-widgets-bundle 1.58.2 Contributor+.Stored.XSS MEDIUM" "so-widgets-bundle 1.51.0 Admin+.Local.File.Inclusion MEDIUM" "slider-video 1.4.8 Slider.Carousel.<.1.4.8.-.Admin+.Stored.Cross-Site.Scripting LOW" "skype-online-status No.known.fix Contributor+.Stored.XSS MEDIUM" "sp-announcement 2.0.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "seo-by-10web No.known.fix Reflected.XSS HIGH" "seo-by-10web 1.2.7 Admin+.Stored.XSS LOW" "seraphinite-accelerator 2.22.16 Authenticated.(Subscriber+).Information.Exposure MEDIUM" "seraphinite-accelerator 2.21 Authenticated.(Subscriber+).Server-Side.Request.Forgery.in.OnAdminApi_HtmlCheck MEDIUM" "seraphinite-accelerator 2.20.48 Unauthenticated.Sensitive.Information.Exposure.via.Log.File MEDIUM" "seraphinite-accelerator 2.20.29 Reflected.Cross-Site.Scripting.via.rt MEDIUM" "seraphinite-accelerator 2.20.32 Unauthorised.Settings.Reset/Import MEDIUM" "seraphinite-accelerator 2.2.29 Authenticated.Arbitrary.Redirect MEDIUM" "seraphinite-accelerator 2.2.29 Reflected.XSS HIGH" "shortcode-bootstrap-visuals No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sassy-social-share 3.3.74 Open.Redirect MEDIUM" "sassy-social-share 3.3.70 Reflected.Cross-Site.Scripting.via.heateor_mastodon_share.Parameter MEDIUM" "sassy-social-share 3.3.63 Sassy.social.share.<.3,3,63.Admin+.Stored.Cross-Site.scripting LOW" "sassy-social-share 3.3.61 Contributor+.Stored.XSS MEDIUM" "sassy-social-share 3.3.59 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "sassy-social-share 3.3.57 Contributor+.Stored.XSS MEDIUM" "sassy-social-share 3.3.45 Contributor+.Stored.XSS MEDIUM" "sassy-social-share 3.3.40 Reflected.Cross-Site.Scripting MEDIUM" "sassy-social-share 3.3.24 Missing.Access.Controls.to.PHP.Object.Injection MEDIUM" "semalt No.known.fix Admin+.Stored.XSS LOW" "social-testimonials-and-reviews-widget 5.22 Missing.Authorization MEDIUM" "social-testimonials-and-reviews-widget 5.21 Authenticated.(Contributor+).Stored.Cross-Site.Scripting HIGH" "social-testimonials-and-reviews-widget 5.00 Missing.Authorization MEDIUM" "social-testimonials-and-reviews-widget 5.02 CSRF MEDIUM" "slider-wd 1.2.62 Contributor+.Stored.XSS MEDIUM" "slider-wd 1.2.62 Admin+.Stored.XSS.via.Widget LOW" "slider-wd 1.2.59 Admin+.Stored.XSS LOW" "slider-wd 1.2.58 Authenticated.(Contributor+).SQL.Injection.via.id.Parameter HIGH" "slider-wd 1.2.57 Editor+.Stored.XSS LOW" "slider-wd 1.2.56 Editor+.Stored.XSS LOW" "slider-wd 1.2.55 Reflected.Cross-Site.Scripting MEDIUM" "slider-wd 1.2.53 Admin+.Stored.XSS LOW" "slider-wd 1.2.52 Admin+.Stored.Cross-Site.Scripting LOW" "slider-wd 1.2.36 Multiple.Authenticated.SQL.Injection HIGH" "smart-wishlist-for-more-convert 1.9.0 Authenticated.(Administrator+).SQL.Injection MEDIUM" "smart-wishlist-for-more-convert 1.8.8 Unauthenticated.Wishlist.Disclosure.via.download_pdf_file.Function HIGH" "smart-wishlist-for-more-convert 1.7.9 Missing.Authorization MEDIUM" "smart-wishlist-for-more-convert 1.7.3 Missing.Authorization MEDIUM" "stax-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-social-share No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ship-per-product No.known.fix Missing.Authorization MEDIUM" "shopwarden 1.0.12 Cross-Site.Request.Forgery.to.Arbitrary.Options.Update HIGH" "seo-automated-link-building 2.5.3 Missing.Authorization MEDIUM" "seo-automated-link-building 2.1.1 Multiple.Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "sort-searchresult-by-title 11.0 CSRF MEDIUM" "simple-video-embedder No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "smart-youtube No.known.fix Cross-Site.Request.Forgery MEDIUM" "send-e-mail No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sina-extension-for-elementor 3.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Fancy.Text,.Countdown.Widget,.and.Login.Form.Shortcodes MEDIUM" "sina-extension-for-elementor 3.6.0 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.Sina.Image.Differ MEDIUM" "sina-extension-for-elementor 3.5.8 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Sina.Modal.Box.Widget.Elementor.Template MEDIUM" "sina-extension-for-elementor 3.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.read_more_text.Parameter MEDIUM" "sina-extension-for-elementor 3.5.5 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "sina-extension-for-elementor 3.5.4 Authenticated.(Contributor+).Stored.Cross-site.Scriping.via.'Sina.Particle.Layer' MEDIUM" "sina-extension-for-elementor 3.5.4 Authenticated.(Contributor+).DOM-Based.Cross-Site.Scripting MEDIUM" "sina-extension-for-elementor 3.5.2 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "sina-extension-for-elementor 3.5.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Sina.Fancy.Text.Widget MEDIUM" "sina-extension-for-elementor 3.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sina-extension-for-elementor 3.3.12 Contributor+.Stored.XSS MEDIUM" "sina-extension-for-elementor 2.2.1 LFI HIGH" "sangar-slider-lite No.known.fix Cross-Site.Request.Forgery MEDIUM" "scrollsequence 1.5.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "scrollsequence 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "scrollsequence 1.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "szechenyi-2020-logo No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "simple-download-button-shortcode No.known.fix Sensitive.Data.Disclosure MEDIUM" "smpl-shortcodes No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "scratch-win-giveaways-for-website-facebook 2.9.0 Missing.Authorization.to.Unauthenticated.Coupon.Creation MEDIUM" "scratch-win-giveaways-for-website-facebook 2.8.0 Cross-Site.Request.Forgery.via.reset_installation.Function MEDIUM" "scratch-win-giveaways-for-website-facebook 2.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-bitcoin-faucets No.known.fix Unauthorised.AJAX.Call.to.Stored.XSS MEDIUM" "spotify-play-button No.known.fix Contributor+.Stored.XSS MEDIUM" "sku-for-woocommerce 1.6.3 Reflected.Cross-Site.Scripting MEDIUM" "sku-for-woocommerce 1.6.3 Reflected.Cross-Site.Scripting MEDIUM" "sermon-browser No.known.fix Arbitrary.File.Upload.via.CSRF MEDIUM" "sermon-browser 0.45.16 Multiple.XSS MEDIUM" "seriously-simple-stats 1.7.0 Reflected.Cross-Site.Scripting MEDIUM" "seriously-simple-stats 1.5.2 Reflected.XSS HIGH" "seriously-simple-stats 1.5.1 Podcast.Manager+.SQLi HIGH" "simple-table-manager 1.6.1 Admin+.Stored.Cross-Site.Scripting LOW" "stedb-forms No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "slider-blocks 2.7.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shockingly-big-ie6-warning No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "sv-columns-manager 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "sv-columns-manager 1.8.02 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "shortcodes-for-amp-web-stories-and-elementor-widget 1.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "surveys No.known.fix Authenticated.SQL.Injection CRITICAL" "slingblocks 1.6.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "slingblocks 1.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "site-notify No.known.fix Missing.Authorization MEDIUM" "split-test-for-elementor No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "split-test-for-elementor No.known.fix Authenticated.(Editor+).SQL.Injection MEDIUM" "split-test-for-elementor 1.7.0 Cross-Site.Request.Forgery MEDIUM" "seo-for-woocommerce 1.6.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "stagtools 2.3.8 Reflected.XSS HIGH" "stagtools 2.3.7 Contributor+.Stored.XSS MEDIUM" "simple-amazon-affiliate No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "share-print-pdf-woocommerce 2.8.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "stock-sync-for-woocommerce 2.4.1 Reflected.XSS HIGH" "startklar-elmentor-forms-extwidgets No.known.fix Unauthenticated.Path.Traversal.to.Arbitrary.Directory.Deletion CRITICAL" "startklar-elmentor-forms-extwidgets 1.7.14 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "startklar-elmentor-forms-extwidgets 1.7.14 Unauthenticated.Arbitrary.File.Upload CRITICAL" "simple-goods No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "star-cloudprnt-for-woocommerce 2.0.4 Reflected.XSS HIGH" "star-cloudprnt-for-woocommerce No.known.fix Reflected.XSS HIGH" "stm-megamenu 2.3.13 Unauthenticated.Local.File.Inclusion CRITICAL" "spoontalk-social-media-icons-widget No.known.fix Cross-Site.Request.Forgery MEDIUM" "swifty-bar 1.2.11 Admin+.Stored.XSS LOW" "simple-mobile-url-redirect No.known.fix Cross-Site.Request.Forgery MEDIUM" "slidedeck-lite-for-wordpress No.known.fix Reflected.XSS HIGH" "shopkeeper-extender 3.7 Contributor+.Stored.XSS MEDIUM" "seo-booster 3.8.10 Cross-Site.Request.Forgery MEDIUM" "seo-booster 3.8.9 Reflected.Cross-Site.Scripting MEDIUM" "seo-booster 3.8.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "seo-booster 3.8 Admin+.SQL.Injection MEDIUM" "simple-signup-form No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "socialdriver-framework 2024.04.30 Contributor+.Stored.XSS MEDIUM" "socialdriver-framework 2024.04.30 Reflected.XSS HIGH" "socialdriver-framework 2024.04.30 Admin+.Stored.XSS.via.Settings LOW" "socialdriver-framework 2024.0.0 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "stylish-cost-calculator-premium 7.9.0 Unauthenticated.Stored.XSS HIGH" "smartarget-popup No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "simple-select-all-text-box No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "securimage-wp No.known.fix Cross-Site.Request.Forgery MEDIUM" "slideshow-se 2.5.18 Authenticated.(Author+).Limited.Local.File.Inclusion HIGH" "slideshow-se No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "slideshow-se 2.5.6 Author+.Stored.XSS MEDIUM" "slideshow-se 2.5.6 Subscriber+.Stored.XSS HIGH" "sh-email-alert No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "small-package-quotes-purolator-edition 3.6.5 Unauthenticated.SQL.Injection HIGH" "simple-testimonials-showcase No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "simple-testimonials-showcase No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-testimonials-showcase No.known.fix Cross-Site.Request.Forgery MEDIUM" "seo-slider 1.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "super-video-player 1.6.13 Reflected.Cross-Site.Scripting MEDIUM" "super-video-player 1.6.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "srs-player No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sheetdb No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sola-newsletters No.known.fix CSRF.to.Stored.XSS HIGH" "seo-local-rank 2.2.4 Unauthenticated.Arbitrary.File.Access.via.Path.Traversal HIGH" "send-email-only-on-reply-to-my-comment No.known.fix Reflected.XSS HIGH" "send-email-only-on-reply-to-my-comment No.known.fix Stored.XSS.via.CSRF HIGH" "simple-posts-ticker 1.1.6 Contributor+.Stored.XSS MEDIUM" "simple-posts-ticker 1.1.6 Admin+.Stored.XSS LOW" "sema-api 5.30 Reflected.Cross-Site.Scripting.via.catid.Parameter MEDIUM" "sema-api 4.02 Unauthenticated.SQLi HIGH" "simple-locator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-locator 2.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "semantic-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "skaut-bazar 1.3.3 Reflected.Cross-Site.Scripting HIGH" "simple-custom-admin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-sponsorships No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-sponsorships 1.8.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "stream 4.1.0 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "stream 4.0.2 Cross-Site.Request.Forgery.to.Arbitrary.Options.Update HIGH" "stream 3.9.3 Missing.Authorization.via.load_alerts_settings MEDIUM" "stream 3.9.3 CSRF MEDIUM" "stream 3.9.2 Subscriber+.Alert.Creation MEDIUM" "stream 3.8.2 Admin+.SQL.Injection MEDIUM" "site-favicon 0.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "social-link-pages No.known.fix Missing.Authorization.to.Arbitrary.Page.Creation.and.Cross-Site.Scripting HIGH" "simple-student-result 1.7.5 Stored.Cross.Site.Scripting.via.CSRF MEDIUM" "simple-student-result 1.8.0 Unauthorised.REST.Calls MEDIUM" "simple-student-result 1.6.4 Auth.Bypass CRITICAL" "super-progressive-web-apps 2.2.22 Missing.Authorization MEDIUM" "super-progressive-web-apps 2.1.13 Authenticated.(High.Privileged).Arbitrary.File.Upload.to.RCE HIGH" "super-progressive-web-apps 2.1.12 Authenticated.(Low.Privileged).Arbitrary.File.Upload.to.RCE HIGH" "shipping-manager-for-woocommerce 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "shipping-manager-for-woocommerce 1.3.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "subscribe-to-category No.known.fix Unauthenticated.SQLi HIGH" "simple-wp-events No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "simple-wp-events No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "simple-wp-events No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "smm-api No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "seo-301-meta No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "secure-captcha No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "sync-qcloud-cos 2.0.1 Admin+.Stored.Cross-Site.Scripting LOW" "sensei-lms 4.24.5 Missing.Authorization MEDIUM" "sensei-lms 4.24.4 Unauthenticated.sensei_email/sensei_message.Disclosure MEDIUM" "sensei-lms 4.24.2 Unauthenticated.Email.Template.Leak MEDIUM" "sensei-lms 4.24.0 Unauthenticated.Rewrite.Rules.Flushing MEDIUM" "sensei-lms 4.18.0 Contributor+.Stored.XSS MEDIUM" "sensei-lms 4.20.0 Teacher+.Users.Email.Address.Disclosure MEDIUM" "sensei-lms 4.5.0 Unauthenticated.Private.Messages.Disclosure.via.Rest.API MEDIUM" "sensei-lms 4.5.2 Arbitrary.Private.Message.Sending.via.IDOR LOW" "simple-media-directory 1.4.4 Contributor+.Stored.XSS MEDIUM" "simple-media-directory 1.4.3 Unauthenticated.SQLi HIGH" "social-login-lite-for-woocommerce No.known.fix Authentication.Bypass CRITICAL" "shiny-buttons No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "site-is-offline-plugin No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "similar-posts No.known.fix Admin+.Stored.XSS LOW" "similar-posts 3.1.6 Admin+.Arbitrary.PHP.Code.Execution HIGH" "screenshot-machine-shortcode 3.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "secure-ip-logins No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "secure-ip-logins No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "storefront-footer-text No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "smoothness-slider-shortcode No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "sticky-menu-block 1.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "smart-tools-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "smart-tools-for-woocommerce 1.0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "search-and-replace 3.2.3 Unauthenticated.PHP.Object.Injection MEDIUM" "search-and-replace 3.2.2 Administrator+.SQL.injection LOW" "search-and-replace 3.2.2 Admin+.SQL.injection MEDIUM" "sv-posts 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "sv-posts 1.8.03 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sip-reviews-shortcode-woocommerce No.known.fix Authenticated.(Contributor+).Cross-Site.Scripting MEDIUM" "sip-reviews-shortcode-woocommerce No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "stockholm-core 2.4.2 Reflected.Cross-Site.Scripting MEDIUM" "stockholm-core 2.4.2 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "ssl-zen 4.6.0 Unauthenticated.Private.Keys.Access MEDIUM" "ssl-zen 4.5.2 Reflected.Cross-Site.Scripting MEDIUM" "ssl-zen 4.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "saan-world-clock No.known.fix Contributor+.Stored.XSS MEDIUM" "sticky-add-to-cart-for-woo No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "shipworks-e-commerce-bridge 5.2.6 Cross-Site.Request.Forgery.to.Service.Password/Username.Update MEDIUM" "speed-booster-pack 4.3.3.1 Admin+.SQL.Injection MEDIUM" "speed-booster-pack 4.2.0 Authenticated.(admin+).RCE CRITICAL" "simple-owl-carousel No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shopello No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "slider-factory 1.3.6 Subscriber+.Arbitrary.Post.Access MEDIUM" "slider-factory 1.3.2 Slider.Clone/Save/Delete.via.CSRF MEDIUM" "sticky-ad-bar No.known.fix Admin+.Stored.XSS LOW" "slick-social-share-buttons No.known.fix Authenticated.(Subscriber+).Arbitrary.Option.Update HIGH" "simple-image-popup 2.5.3 Admin+.Stored.XSS LOW" "simple-image-popup 2.0.0 Admin+.Stored.XSS LOW" "simple-custom-post-order 2.5.8 Missing.Authorization MEDIUM" "spice-blocks No.known.fix Missing.Authorization MEDIUM" "spice-blocks 1.3 Reflected.Cross-Site.Scripting MEDIUM" "squeeze 1.6.1 Authenticated.(Admin+).Full.Path.Disclosure LOW" "squeeze 1.6.1 Authenticated.(Admin+).Arbitrary.File.Upload HIGH" "squeeze 1.4.1 Authenticated.(Admin+).Arbitrary.File.Upload CRITICAL" "site-offline 1.5.7 Admin+.Stored.XSS LOW" "site-offline 1.5.3 Access.Bypass MEDIUM" "site-offline 1.4.4 Multiple.Cross-Site.Request.Forgery MEDIUM" "sprout-invoices 20.8.2 Missing.Authorization MEDIUM" "sprout-invoices 20.8.1 Insecure.Direct.Object.Reference MEDIUM" "sprout-invoices 20.5.4 Sensitive.Information.Exposure MEDIUM" "sprout-invoices 19.0.1 Reflected.Cross-Site.Scripting MEDIUM" "sprout-invoices 19.9.7 Admin+.Stored.Cross-Site.Scripting LOW" "script-planner No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "script-planner No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "super-static-cache No.known.fix Cross-Site.Request.Forgery MEDIUM" "showeblogin-facebook-page-like-box No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "smart-id 4.7 Reflected.Cross-Site.Scripting MEDIUM" "swoop-password-free-authentication No.known.fix Authentication.Bypass CRITICAL" "shortcode-to-display-post-and-user-data 1.3.0 Insecure.Direct.Object.Reference.to.Authenticated.(Contributor+).Post.Meta.Disclosure MEDIUM" "shortcode-to-display-post-and-user-data 1.3.0 Authenticated.(Contributor+).Code.Injection HIGH" "shortcode-to-display-post-and-user-data 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.vg_display_data MEDIUM" "searchwp-live-ajax-search 1.6.3 Unauthenticated.Local.File.Inclusion MEDIUM" "searchwp-live-ajax-search 1.6.2 Unauthenticated.Arbitrary.Post.Title.Disclosure MEDIUM" "surbma-gdpr-proof-google-analytics 17.8.2 Reflected.Cross-Site.Scripting MEDIUM" "surbma-gdpr-proof-google-analytics 17.6.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "surbma-gdpr-proof-google-analytics 17.5.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "small-package-quotes-fedex-edition 4.3.2 Unauthenticated.SQL.Injection HIGH" "sip-calculator No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "simple-photo-feed 1.4.1 Missing.Authorization MEDIUM" "superb-slideshow-gallery 13.2 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "simple-feature-requests 2.2.5 Reflected.Cross-Site.Scripting MEDIUM" "simple-feature-requests 2.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "shipyaari-shipping-managment No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "sidebar-adder No.known.fix Reflected.Cross-Site.Scripting HIGH" "simple-downloads-list 1.4.3 Authenticated.(Contributor+).SQL.Injection MEDIUM" "store-credit-for-woocommerce 1.0.49.47 Reflected.Cross-Site.Scripting MEDIUM" "surecart 2.29.4 Reflected.Cross-Site.Scripting MEDIUM" "surecart 2.5.1 Admin+.Stored.XSS LOW" "slp-gravity-forms-locations No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "slp-gravity-forms-locations 5.9.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "signup-page No.known.fix Unauthenticated.Arbitrary.Options.Update CRITICAL" "syncfields No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "shopping-pages No.known.fix Stored.XSS.via.CSRF HIGH" "shoutcast-and-icecast-html5-web-radio-player-by-yesstreaming-com No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "snow-storm 1.4.7 Reflected.Cross-Site.Scripting MEDIUM" "superstorefinder-wp 7.5 Unauthenticated.SQL.Injection HIGH" "superstorefinder-wp 7.1 Unauthenticated.SQL.Injection.to.Stored.Cross-Site.Scripting HIGH" "superstorefinder-wp 6.9.8 Unauthenticated.SQL.Injection CRITICAL" "superstorefinder-wp 6.9.8 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "superstorefinder-wp 6.9.8 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "superstorefinder-wp 6.9.4 Unauthenticated.Email.Creation/Sending MEDIUM" "superstorefinder-wp 6.5 Unauthenticated.SQL.Injections CRITICAL" "superstorefinder-wp 6.2 Unauthenticated.Arbitrary.File.Upload CRITICAL" "style-tweaker No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "spotlight-social-photo-feeds 1.7.2 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "spotlight-social-photo-feeds 1.6.11 Cross-Site.Request.Forgery MEDIUM" "spotlight-social-photo-feeds 1.6.1 Reflected.Cross-Site.Scripting MEDIUM" "spotlight-social-photo-feeds 1.4.3 Contributor+.Stored.XSS MEDIUM" "spotlight-social-photo-feeds 0.10.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "surveyjs 1.12.33 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "surveyjs No.known.fix Missing.Authorization MEDIUM" "surveyjs No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "surveyjs 1.12.18 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Deletion.via.SurveyJS_DeleteFile HIGH" "surveyjs 1.12.4 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "shortcodes-ultimate-pro 7.2.1 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate-pro 7.1.5 Contributor+.Stored.Cross-Site.Scripting.XSS MEDIUM" "supportcandy 3.3.1 Support.Ticket.Attachments.Download.via.IDOR MEDIUM" "supportcandy 3.2.4 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "supportcandy 3.1.7 Subscriber+.SQLi HIGH" "supportcandy 3.1.7 Admin+.SQLi MEDIUM" "supportcandy 3.1.5 Unauthenticated.SQLi HIGH" "supportcandy 2.2.7 Arbitrary.Ticket.Deletion.via.CSRF HIGH" "supportcandy 2.2.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "supportcandy 2.2.7 Reflected.Cross-Site.Scripting MEDIUM" "supportcandy 2.2.5 Unauthenticated.Arbitrary.Ticket.Deletion HIGH" "supportcandy 2.2.7 CSRF.to.Cross-Site.Scripting MEDIUM" "supportcandy 2.0.1 Arbitrary.File.Upload CRITICAL" "smart-maintenance-mode 1.5.3 Reflected.Cross-Site.Scripting.via.setstatus.Parameter MEDIUM" "smart-maintenance-mode 1.5.2 Admin+.Stored.XSS LOW" "smart-maintenance-mode 1.5.2 Admin+.Stored.XSS LOW" "smart-maintenance-mode No.known.fix Cross-Site.Request.Forgery MEDIUM" "svg-captcha No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "slider-slideshow No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "slider-slideshow No.known.fix Contributor+.Stored.XSS MEDIUM" "slider-slideshow No.known.fix Cross-Site.Request.Forgery HIGH" "shortpixel-adaptive-images 3.10.1 Missing.Authorization MEDIUM" "shortpixel-adaptive-images 3.8.4 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "shortpixel-adaptive-images 3.8.4 Cross-Site.Request.Forgery MEDIUM" "shortpixel-adaptive-images 3.8.3 Missing.Authorization.in.activate_ai_handler.and.deactivate_ai_handler MEDIUM" "shortpixel-adaptive-images 3.7.2 Settings.Update.via.CSRF MEDIUM" "shortpixel-adaptive-images 3.6.3 Reflected.XSS HIGH" "shortpixel-adaptive-images 3.4.0 Subscriber+.Arbitrary.Settings.Update MEDIUM" "softtemplates-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "splashscreen No.known.fix Settings.Update.via.CSRF MEDIUM" "stafflist No.known.fix Missing.Authorization MEDIUM" "stafflist No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "stafflist 3.2.4 Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "stafflist 3.1.7 Reflected.Cross-Site.Scripting MEDIUM" "stafflist 3.1.6 Reflected.Cross-Site.Scripting MEDIUM" "stafflist 3.1.5 Admin+.SQLi MEDIUM" "stafflist 3.1.6 Arbitrary.Staff.Deletion.via.CSRF MEDIUM" "share-woocommerce-email No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "social-icons-widget-by-wpzoom 4.2.18 Admin+.Stored.XSS LOW" "social-icons-widget-by-wpzoom 4.2.16 Missing.Authorization MEDIUM" "sidebar-manager-light No.known.fix Cross-Site.Request.Forgery MEDIUM" "soisy-pagamento-rateale No.known.fix Missing.Authorization.to.Sensitive.Information.Exposure HIGH" "simple-history 3.4.0 Improper.Neutralization.of.Formula.Elements.in.a.CSV.File MEDIUM" "simple-responsive-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sermonaudio-widgets No.known.fix Authenticated.(Contributor+).SQL.Injection HIGH" "simple-slug-translate 2.7.3 Admin+.Stored.XSS LOW" "simple-post No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "salon-booking-plugin-pro 7.6.3 Customer+.Bookings/Customers.Data.Disclosure HIGH" "salon-booking-plugin-pro 7.6.3 Unauthenticated.Sensitive.Data.Disclosure MEDIUM" "scroll-post-excerpt No.known.fix Admin+.Stored.XSS LOW" "sureforms 1.4.4 Admin+.Stored.XSS LOW" "sureforms 1.4.4 Admin+.Stored.XSS LOW" "sureforms 1.4.4 Contributor+.Settings.Update MEDIUM" "sureforms 1.2.3 Missing.Authorization.to.Unauthenticated.Protected.Post.Disclosure MEDIUM" "s3bubble-amazon-web-services-oembed-media-streaming-support No.known.fix Reflected.XSS HIGH" "seosamba-webmasters 1.0.6 Access.Key.Update.via.CSRF MEDIUM" "sogrid 1.5.7 Unauthenticated.Local.File.Inclusion CRITICAL" "sogrid 1.5.5 Cross-Site.Request.Forgery.to.Arbitrary.Options.Update HIGH" "sogrid 1.5.7 Authenticated.(Admin+).Local.File.Inclusion HIGH" "simple-user-profile No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "style-manager No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "smart-shopify-product No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Content.Deletion MEDIUM" "scottcart No.known.fix Unauthenticated.Remote.Code.Execution CRITICAL" "save-grab No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "save-grab No.known.fix Cross-Site.Request.Forgery MEDIUM" "seamless-donations 5.1.9 Arbitrary.Settings.Update.via.CSRF MEDIUM" "send-users-email 1.5.2 Unauthenticated.Information.Exposure MEDIUM" "send-users-email 1.4.4 Sensitive.Information.Exposure.via.Error.Logs MEDIUM" "send-users-email 1.4.1 Reflected.Cross-Site.Scripting MEDIUM" "ssl-wireless-sms-notification 3.6.0 Unauthenticated.SQL.Injection HIGH" "ssl-wireless-sms-notification 3.7.0 Unauthenticated.Privilege.Escalation CRITICAL" "simple-portfolio-gallery No.known.fix Admin+.Stored.XSS MEDIUM" "stop-user-enumeration 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "stop-user-enumeration 1.3.20 Subscriber+.Arbitrary.Option.Update CRITICAL" "stop-user-enumeration 1.3.9 REST.API.Bypass MEDIUM" "stop-user-enumeration 1.3.8 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "sikshya 0.0.22 Reflected.Cross-Site.Scripting MEDIUM" "sikshya 0.0.22 Reflected.Cross-Site.Scripting.via.page.Parameter MEDIUM" "salat-times 3.2.2 Admin+.Stored.Cross-Site.Scripting LOW" "smart-phone-field-for-gravity-forms 2.1 Reflected.Cross-Site.Scripting MEDIUM" "simple-popup-newsletter No.known.fix Reflected.Cross-Site.Scripting HIGH" "snapwidget-wp-instagram-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "social-sharing-toolkit No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "slide-anything 2.4.9 Author+.Stored.XSS MEDIUM" "slide-anything 2.3.47 Author+.Cross.Site.Scripting.in.slide.title MEDIUM" "slide-anything 2.3.44 Editor+.Stored.Cross-Site.Scripting LOW" "slide-anything 2.3.41 Contributor+.SQLi HIGH" "stray-quotes No.known.fix Reflected.XSS HIGH" "stray-quotes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "shortcode-support-for-elementor-templates No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-sortsearch No.known.fix Ccontributor+.Stored.XSS MEDIUM" "simple-responsive-image-gallery No.known.fix Reflected.Cross-Site.Scripting HIGH" "share-this-image 2.02 Reflected.Cross-Site.Scripting MEDIUM" "share-this-image 2.04 Open.Redirect.via.link.Parameter HIGH" "share-this-image 2.03 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.STI.Buttons.Shortcode MEDIUM" "share-this-image 2.02 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.alignment.Parameter MEDIUM" "share-this-image 1.99 Open.Redirect MEDIUM" "share-this-image 1.81 Reflected.Cross-Site.Scripting MEDIUM" "share-this-image 1.67 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "share-this-image 1.20 Stored.XSS MEDIUM" "slider-bws 1.1.1 Authenticated.(Administrator+).SQL.Injection MEDIUM" "soundy-audio-playlist No.known.fix XSS MEDIUM" "simple-quotation No.known.fix Subscriber+.SQL.injection HIGH" "simple-quotation No.known.fix Quote.Creation/Edition.via.CSRF.to.Stored.Cross-Site.Scripting MEDIUM" "sellsy 2.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-file-list 6.1.13 Reflected.Cross-Site.Scripting HIGH" "simple-file-list 6.1.10 Admin+.Stored.XSS LOW" "simple-file-list 6.1.10 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "simple-file-list 6.0.10 Admin+.Stored.XSS LOW" "simple-file-list 4.4.13 Page.Creation.via.CSRF MEDIUM" "simple-file-list 4.4.12 Admin+.Stored.Cross-Site.Scripting LOW" "simple-file-list 4.4.12 Reflected.Cross-Site.Scripting MEDIUM" "simple-file-list 4.2.8 Authenticated.Arbitrary.File.Deletion HIGH" "simple-file-list 4.2.3 Unauthenticated.Arbitrary.File.Upload.RCE CRITICAL" "simple-file-list 3.2.8 Unauthenticated.Arbitrary.File.Download HIGH" "site-table-of-contents No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "smartsupp-live-chat 3.7 Cross-Site.Request.Forgery MEDIUM" "super-testimonial 4.0.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "super-testimonial 3.0.9 Reflected.Cross-Site.Scripting MEDIUM" "super-testimonial 3.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "super-testimonial 3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "super-testimonial 2.7 Admin+.Stored.Cross-Site.Scripting LOW" "super-testimonial 2.7 Admin+.Stored.Cross-Site.Scripting LOW" "simple-yearly-archive 2.1.9 Admin+.Stored.XSS LOW" "social-login-bws 0.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "subscriber 1.3.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "shortcut-macros No.known.fix Subscriber+.Arbitrary.Settings.Update MEDIUM" "simple-author-box 2.52 Contributor+.Arbitrary.User.Information.Disclosure.via.IDOR LOW" "simple-author-box 2.4 Reflected.Cross-Site.Scripting MEDIUM" "stock-locations-for-woocommerce 2.6.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "snipe-nginx-cache No.known.fix Missing.Authorization MEDIUM" "sideblog No.known.fix Arbitrary.Settings.Update.via.CSRF.to.Stored.XSS MEDIUM" "stylish-cost-calculator 7.0.4 Subscriber+.Unauthorised.AJAX.Calls.to.Stored.XSS HIGH" "shiptimize-for-woocommerce No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "shiptimize-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "stock-in No.known.fix Authenticated.SQL.Injection MEDIUM" "stock-in No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "sv100-companion No.known.fix Missing.Authorization.to.Unuathenticated.Arbitrary.Options.Update CRITICAL" "sv100-companion 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "sv100-companion 1.8.12 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-post-gallery No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "subscribe-sidebar No.known.fix Authenticated.Reflected.Cross-Site.Scripting CRITICAL" "smooth-streaming-player No.known.fix Cross-Site.Request.Forgery MEDIUM" "swiss-toolkit-for-wp No.known.fix Missing.Authorization MEDIUM" "swiss-toolkit-for-wp No.known.fix Missing.Authorization MEDIUM" "swiss-toolkit-for-wp 1.0.8 Contributor+.Authentication.Bypass HIGH" "secondary-title 2.1.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "sidebar-manager 1.1.4 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "sidebar-manager 1.1.5 Cross-Site.Request.Forgery MEDIUM" "sponsors-carousel No.known.fix Admin+.Stored.XSS LOW" "scroll-top-advanced No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "simpel-reserveren No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "spider-facebook No.known.fix Cross-Site.Request.Forgery MEDIUM" "spider-facebook No.known.fix Reflected.XSS HIGH" "sensly-online-presence No.known.fix Admin+.Stored.XSS LOW" "shopsite-plugin 1.5.11 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "showhide-shortcode 1.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sourceplay-navermap No.known.fix Missing.Authorization MEDIUM" "shortcodes-finder 1.5.5 Reflected.Cross-Site.Scripting MEDIUM" "shortcodes-finder 1.5.4 Reflected.XSS HIGH" "simple-pdf-viewer No.known.fix Contributor+.XSS MEDIUM" "subscribers-com 1.5.4 Free.Web.Push.Notifications.<.1.5.4.-.Admin+.Stored.XSS LOW" "sticky-buttons 4.1.2 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "sticky-buttons 3.2.4 Button.Deletion.via.CSRF MEDIUM" "sticky-buttons 3.2.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "sticky-buttons 3.1.1 Reflected.XSS MEDIUM" "shabbos-and-yom-tov No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "smoove-elementor 4.2.0 Reflected.Cross-Site.Scripting MEDIUM" "surbma-salesautopilot-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sheets-to-wp-table-live-sync 3.7.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "single-user-chat No.known.fix Authenticated.(Subscriber+).Limited.Options.Update HIGH" "sync-wc-google 9.0 Unauthenticated.SQL.Injection HIGH" "sync-wc-google 9.0 Cross-Site.Request.Forgery MEDIUM" "scss-wp-editor No.known.fix Cross-Site.Request.Forgery MEDIUM" "shortcode-elementor 1.0.5 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "stratum 1.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.Vulnerability.via.Image.Hotspot.Widget MEDIUM" "stratum 1.4.5 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Elementor.Templates MEDIUM" "stratum 1.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Widget MEDIUM" "stratum 1.3.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "slideshow-jquery-image-gallery No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "slideshow-jquery-image-gallery No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "slideshow-jquery-image-gallery 2.2.22 Option.Value.Disclosure HIGH" "super-transactional-emails-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "super-transactional-emails-for-woocommerce 1.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sitewide-notice-wp 2.3 Admin+.Stored.XSS LOW" "sitemap-by-click5 1.0.36 Unauthenticated.Arbitrary.Options.Update CRITICAL" "smart-logo-showcase-lite No.known.fix Contributor+.Stored.XSS MEDIUM" "smart-logo-showcase-lite 1.1.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "scan-external-links No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simplegmaps No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "social-media-builder No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "supportflow 0.7 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "seo-free No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "sliderpro 4.8.7 Missing.Authorization.via.AJAX.actions MEDIUM" "simple-ajax-chat 20240412 Admin+.Stored.XSS LOW" "simple-ajax-chat 20240223 .Unauthenticated.Stored.Cross-Site.Scripting HIGH" "simple-ajax-chat 20240216 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "simple-ajax-chat 20240223 Unauthenticated.Stored.XSS HIGH" "simple-ajax-chat 20220216 Log.Clearing.&.Arbitrary.Chat.Message.Deletion.via.CSRF MEDIUM" "simple-ajax-chat 20220216 Sensitive.Information.Disclosure MEDIUM" "simple-ajax-chat 20220216 Unauthenticated.Stored.XSS MEDIUM" "stripe-manager No.known.fix Authenticated.(Administrator+).SQL.Injection HIGH" "scroll-top 1.4.1 Admin+.Stored.Cross-Site.Scripting LOW" "social-media-buttons-toolbar No.known.fix Admin+.Stored.XSS MEDIUM" "seekxl-snapr No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "svg-shortcode No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.Upload MEDIUM" "saphali-woocommerce-lite 1.9.0 Settings.Update/Reset.via.CSRF MEDIUM" "solid-affiliate No.known.fix Sensitive.Information.Exposure MEDIUM" "starcat-review No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "starcat-review 0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "subscribers-text-counter 1.7.1 Settings.Update.via.CSRF.to.Stored.XSS HIGH" "social-pixel No.known.fix Admin+.Stored.XSS LOW" "sheet-to-wp-table-for-google-sheet 1.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.STWT_Sheet_Table.Shortcode MEDIUM" "setup-default-feature-image 1.3 Missing.Authorization MEDIUM" "shortcode-for-redirection No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "social-media-engine No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sv-forms No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sv-forms 2.0.2 Reflected.Cross-Site.Scripting MEDIUM" "sv-forms 1.8.10 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "streamweasels-twitch-integration 1.8.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sw-twitch-embed.Shortcode MEDIUM" "streamweasels-twitch-integration 1.8.0 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "streamweasels-twitch-integration 1.7.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "streamweasels-twitch-integration 1.3.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "saksh-escrow-system No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "slick-popup 1.7.15 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "slick-popup 1.7.2 Privilege.Escalation HIGH" "smart-countdown-fx No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "scand-multi-mailer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "scand-multi-mailer No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "shortcode-for-current-date 2.1.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "salon-booking-system No.known.fix Missing.Authorization MEDIUM" "salon-booking-system 10.15 Authenticated.Privilege.Escalation HIGH" "salon-booking-system 10.9.1 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "salon-booking-system 1.9.4 Admin+.Stored.XSS LOW" "salon-booking-system 10.9 Unauthenticated.Open.Redirect MEDIUM" "salon-booking-system 10.8 Authenticated.(Administrator+).SQL.Injection CRITICAL" "salon-booking-system 10.3 Unauthenticated.Arbitrary.File.Upload CRITICAL" "salon-booking-system 10.0 Missing.Authorization MEDIUM" "salon-booking-system 10.0 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "salon-booking-system 9.6.6 Editor+.Stored.XSS LOW" "salon-booking-system 9.6.6 Editor+.Stored.XSS.via.Email.Settings LOW" "salon-booking-system 9.6.6 Settings.Update.via.CSRF MEDIUM" "salon-booking-system 9.5.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "salon-booking-system 9.6.3 Unauthenticated.Stored.XSS HIGH" "salon-booking-system 9.6.3 Unauthenticated.Stored.XSS HIGH" "salon-booking-system 8.7 Authenticated.(Editor+).Privilege.Escalation HIGH" "salon-booking-system 8.4.9 Reflected.Cross-Site.Scripting MEDIUM" "salon-booking-system 8.4.8 User.Role.change.via.CSRF MEDIUM" "salon-booking-system 7.9.4 Reflected.Cross-Site.Scripting MEDIUM" "salon-booking-system 7.6.3 Unauthenticated.Sensitive.Data.Disclosure MEDIUM" "salon-booking-system 7.6.3 Customer+.Bookings/Customers.Data.Disclosure HIGH" "salon-booking-system 7.6.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "salon-booking-system 6.3.1 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "search-meter 2.13.3 CSV.Injection MEDIUM" "scheduled-announcements-widget 1.0 Contributor+.Stored.XSS MEDIUM" "simple-custom-website-data No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-image-popup-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "s2member-pro 250419 Authenticated.(Contributor+).Local.File.Inclusion.to.Remote.Code.Execution.via.Shortcode HIGH" "s2member-pro 250214 Unauthenticated.PHP.Object.Injection CRITICAL" "school-management No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "school-management 93.0.0 Authenticated.(Student+).SQL.Injection.via.'view-attendance' MEDIUM" "school-management 93.0.0 Authenticated.(Subscriber+).SQL.Injection.via.'mj_smgt_show_event_task' MEDIUM" "school-management No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "school-management No.known.fix Student+.Account.Takeover.and.Privilege.Escalation HIGH" "school-management 92.0.0 Authenticated.(Student+).Arbitrary.File.Upload HIGH" "school-management 92.0.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "smartsoftbutton-widget-de-botones-de-chat No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF HIGH" "schedulicity-online-appointment-booking No.known.fix Easy.Online.Scheduling.<=.2.21.-.Contributor+.Stored.XSS MEDIUM" "social-pug 1.34.4 Admin+.Stored.XSS LOW" "social-pug 1.33.2 PHP.Object.Injection HIGH" "social-pug 1.33.1 Unauthenticated.Password.Protected.Posts.Access MEDIUM" "social-pug 1.32.0 Admin+.Stored.XSS LOW" "social-pug 1.30.1 Missing.Authorization.via.multiple.admin_init.actions MEDIUM" "social-pug 1.19.0 Reflected.Cross-Site.Scripting MEDIUM" "social-pug 1.2.6 Social.Pug.<=.1.2.5.-.Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "sync-ecommerce-neo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sync-ecommerce-neo No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "set-admin-colour-on-staging-and-dev No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "set-admin-colour-on-staging-and-dev No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "slider-hero 8.7.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "slider-hero 8.4.4 Admin+.Stored.Cross-Site.Scripting LOW" "slider-hero 8.2.7 Contributor+.SQL.Injection CRITICAL" "slider-hero 8.2.1 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "social-locker No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "social-locker 4.2.5 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "spoiler-block No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "shortcode-imdb No.known.fix Cross-Site.Request.Forgery MEDIUM" "shortcode-imdb No.known.fix Admin+.SQLi MEDIUM" "show-posts 1.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "stageshow 10.0 Reflected.Cross-Site.Scripting MEDIUM" "skyword-plugin 2.5.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "selection-lite 1.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "selection-lite 1.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sirv 7.5.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sirv 7.3.1 Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.Option.Deletion HIGH" "sirv 7.3.0 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "sirv 7.2.8 Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "sirv 7.2.8 Authenticated(Subscriber+).Missing.Authorization.to.Plugin.Settings.Update MEDIUM" "sirv 7.2.7 Authenticated.(Contributor+).Arbitrary.File.Upload CRITICAL" "sirv 7.2.3 Missing.Authorization.to.Arbitrary.Options.Update CRITICAL" "sirv 7.2.1 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "sirv 7.2.1 Missing.Authorization MEDIUM" "sirv 7.1.3 Missing.Authorization.via.sirv_disconnect MEDIUM" "sirv 6.8.1 Admin+.Stored.XSS LOW" "sirv 1.3.2 Authenticated.SQL.Injection HIGH" "speedycache 1.1.9 Cross-Site.Request.Forgery MEDIUM" "speedycache 1.1.4 Missing.Authorization.to.Plugin.Options.Update MEDIUM" "speedycache 1.1.3 .Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "smtp-mail 1.3.21 Cross.Site.Request.Forgery MEDIUM" "smtp-mail No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "smtp-mail 1.2 Reflected.Cross-Site.Scripting.(XSS) HIGH" "smtp-mail 1.2.2 Authenticated.SQL.Injections MEDIUM" "smart-marketing-for-wp 5.0.5 Missing.Authorization MEDIUM" "smart-marketing-for-wp 2.0.0 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "social-stickers No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "seed-social 2.0.4 Admin+.Stored.XSS LOW" "slotti-ajanvaraus 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "slotti-ajanvaraus 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "scrollbar-by-webxapp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "stetic 1.0.9 CSRF.to.Stored.Cross-Site.Scripting HIGH" "simple-pricing-table No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "smartlink-dinamic-urls 1.1.1 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "silvasoft-boekhouden No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "silvasoft-boekhouden No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "ssl-atlas-free-ssl-certificate-https-redirect 1.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "shopengine 4.1.2 CSRF MEDIUM" "spiffy-calendar 4.9.14 Reflected.Cross-Site.Scripting MEDIUM" "spiffy-calendar 4.9.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "spiffy-calendar 4.9.13 Authenticated.(Admin+).SQL.Injection MEDIUM" "spiffy-calendar 4.9.12 Authenticated.(Administrator+).SQL.Injection CRITICAL" "spiffy-calendar 4.9.11 Missing.Authorization MEDIUM" "spiffy-calendar 4.9.10 Reflected.Cross-Site.Scripting MEDIUM" "spiffy-calendar 4.9.9 Broken.Access.Control LOW" "spiffy-calendar 4.9.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "spiffy-calendar 4.9.4 Reflected.XSS MEDIUM" "spiffy-calendar 4.9.2 SQL.Injection HIGH" "spiffy-calendar 4.9.1 Arbitrary.Event.Deletion.via.CSRF MEDIUM" "spiffy-calendar 4.9.1 Subscriber+.Arbitrary.Event.Edition/Deletion.via.IDOR MEDIUM" "spiffy-calendar 3.3.0 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "sugar-calendar-lite 3.4.0 Reflected.Cross-Site.Scripting MEDIUM" "social-button No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "seo-title-tag No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "svgator 1.3.3 Stored.XSS.via.SVG.Upload MEDIUM" "svgator 1.2.5 API.Token.Update/Deletion.&.Import.Projects.via.CSRF MEDIUM" "school-management-pro No.known.fix Authenticated.(School.Admin+).SQL.Injection CRITICAL" "school-management-pro 9.9.7 Unauthenticated.RCE.via.REST.api CRITICAL" "simple-youtube-responsive 3.0 Contributor+.Stored.XSS MEDIUM" "stars-testimonials-with-slider-and-masonry-grid 3.3.4 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "stars-testimonials-with-slider-and-masonry-grid 3.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.stars_testimonials.Shortcode MEDIUM" "scriptless-social-sharing No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "scriptless-social-sharing 3.2.2 Contributor+.Stored.XSS MEDIUM" "sequential-order-numbers-for-woocommerce No.known.fix Cross-Site.Request.Forgery MEDIUM" "stream-status-for-twitch 2.1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "social-share-boost No.known.fix Plugin.Settings.Update.via.CSRF MEDIUM" "social-share-boost 4.5 Admin+.Stored.XSS LOW" "social-share-boost 4.5 Contributor+.Stored.XSS MEDIUM" "sendit No.known.fix Authenticated.(admin+).SQL.Injection MEDIUM" "send-to-twitter No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "secure-file-manager No.known.fix Admin+.Arbitrary.File.Upload MEDIUM" "secure-file-manager No.known.fix Admin+.RCE MEDIUM" "secure-file-manager No.known.fix Admin+.RCE MEDIUM" "secure-file-manager 2.8.2 Authenticated.Remote.Code.Execution CRITICAL" "surbma-font-awesome 3.1 Contributor+.Stored.XSS MEDIUM" "simple-share-buttons-adder 8.5.1 Admin+.Stored.XSS LOW" "simple-share-buttons-adder 8.4.12 Authenticated(Administrator+).Stored.Cross-Site.Scripting.via.CSS.Settings MEDIUM" "simple-share-buttons-adder 8.5.1 CSRF MEDIUM" "simple-share-buttons-adder 6.0.1 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "sola-support-tickets 3.13 XSS.&.Configuration.Change MEDIUM" "simpul-events-by-esotech No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sitebuilder-dynamic-components No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "sitebuilder-dynamic-components No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "sermone-online-sermons-management No.known.fix Reflected.XSS HIGH" "sermone-online-sermons-management No.known.fix Contributor+.Stored.XSS MEDIUM" "sendpress No.known.fix Admin+.Stored.XSS.via.Form.Settings LOW" "sendpress No.known.fix Admin+.Stored.XSS.via.Settings LOW" "sendpress No.known.fix Reflected.XSS HIGH" "sendpress 1.23.11.6 Contributor+.Stored.XSS MEDIUM" "sendpress No.known.fix Admin+.Stored.XSS LOW" "sendpress No.known.fix CSRF MEDIUM" "sendpress 1.20.7.13 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "sendpress 1.2 Authenticated.SQL.Injection MEDIUM" "social-kit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "social-kit No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "seo-keywords No.known.fix Reflected.Cross-Site.Scripting.via.google_error.Parameter MEDIUM" "slide-banners No.known.fix Missing.Authorization MEDIUM" "stop-comment-spam 0.5.4 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "show-google-analytics-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-revisions-delete 1.5.4 Cross-Site.Request.Forgery MEDIUM" "srs-simple-hits-counter 1.1.1 Settings.Update.via.CSRF MEDIUM" "srs-simple-hits-counter 1.1.0 1.0.4.-.Unauthenticated.Blind.SQL.Injection CRITICAL" "socialmark 2.0.7 Reflected.Cross-Site.Scripting MEDIUM" "socialmark 2.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "server-info No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "server-info 0.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "subscribe-to-comments 2.3.1 Reflected.Cross-Site.Scripting MEDIUM" "subscribe-to-comments 2.3 Authenticated.Local.File.Inclusion MEDIUM" "snap-pixel No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "snap-pixel No.known.fix Admin+.Stored.XSS LOW" "sailthru-triggermail No.known.fix Subscriber+.Stored.XSS HIGH" "sailthru-triggermail No.known.fix Admin+.Stored.XSS LOW" "sailthru-triggermail No.known.fix Reflected.XSS HIGH" "solar-wizard-lite 1.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "suretriggers 1.0.83 Unauthenticated.Privilege.Escalation CRITICAL" "suretriggers 1.0.79 Unauthenticated.Admin.User.Creation HIGH" "suretriggers 1.0.48 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Trigger.Link.Shortcode MEDIUM" "suretriggers 1.0.24 Cross-Site.Request.Forgery MEDIUM" "sms-alert 3.8.0 Unauthenticated.Account.Takeover/Privilege.Escalation CRITICAL" "sms-alert 3.7.9 Unauthenticated.SQL.Injection HIGH" "sms-alert 3.7.9 Reflected.Cross-Site.Scripting MEDIUM" "sms-alert 3.7.7 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "sms-alert 3.7.6 WooCommerce.<.3.7.6.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sa_subscribe.Shortcode MEDIUM" "sms-alert 3.7.0 Cross-Site.Request.Forgery MEDIUM" "sms-alert 3.4.7 SMS.Alert.Order.Notifications.–.WooCommerce.<.3,4,7.Authenticated.Cross.Site.Scripting LOW" "simple-popup-manager No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "sight 1.1.3 Missing.Authorization.to.Sensitive.Information.Exposure.in.handler_post_title MEDIUM" "studiocart 2.5.20 Reflected.Cross-Site.Scripting MEDIUM" "studiocart 2.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-photo-gallery No.known.fix Admin+.SQLi MEDIUM" "sell-downloads 1.0.8 Insufficient.Restrictions.when.Brute-Force.Purchase.IDs HIGH" "simple-pricing-tables-vc-extension No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "super-testimonial-pro 1.0.8 Admin+.Stored.Cross-Site.Scripting LOW" "simple-staff-list 2.2.5 Missing.Authorization.via.ajax_flush_rewrite_rules.and.staff_member_export MEDIUM" "simple-staff-list 2.2.4 Editor+.Stored.XSS MEDIUM" "simple-staff-list 2.2.3 Contributor+.Stored.XSS MEDIUM" "simple-alert-boxes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Alert.Shortcode MEDIUM" "svg-support 2.5.9 Stored.Cross-Site.Scripting.via.Vulnerability.Dependency MEDIUM" "svg-support 2.5.11 Author+.Stored.XSS.via.SVG.File.Upload MEDIUM" "svg-support 2.5.8 Author+.Cross-Site.Scripting.via.SVG MEDIUM" "svg-support 2.5.2 Author+.Stored.XSS MEDIUM" "svg-support 2.5 Author+.Stored.Cross-Site.Scripting MEDIUM" "svg-support 2.3.20 Admin+.Stored.Cross-Site.Scripting LOW" "sliderspack-all-in-one-image-sliders No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "strx-magic-floating-sidebar-maker No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "simple-headline-rotator No.known.fix Stored.XSS.via.CSRF HIGH" "smart-seo-tool 3.0.6 Reflected.Cross-Site.Scripting MEDIUM" "social-lite 1.3.0 Reflected.Cross-Site.Scripting MEDIUM" "share-button 1.20 Reflected.Cross-Site.Scripting MEDIUM" "simple-dashboard No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "seo-checklist No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "seo-checklist No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sitepress-multilingual-cms 4.7.4 4.7.3.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpml_language_switcher.Shortcode MEDIUM" "sitepress-multilingual-cms 4.6.13 Contributor+.RCE.via.Twig.Server-Side.Template.Injection CRITICAL" "sitepress-multilingual-cms 4.6.1 Reflected.Cross-Site.Scripting HIGH" "sitepress-multilingual-cms 4.5.11 Subscriber+.Settings.Update MEDIUM" "sitepress-multilingual-cms 4.5.14 CSRF MEDIUM" "sitepress-multilingual-cms 4.5.11 Subscriber+.Translation.Job.Status.Update MEDIUM" "sitepress-multilingual-cms 4.3.7 Authenticated.Cross.Site.Request.Forgery.leading.to.Remote.Code.Execution HIGH" "sitepress-multilingual-cms 4.0 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "sitepress-multilingual-cms 3.2.7 Cross-Site.Scripting.(XSS).in.Accept-Language.Header MEDIUM" "simple-gallery-with-filter 2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "social-buttons-pack 1.1.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "siteorigin-panels 2.31.5 Contributor+.Stored.XSS MEDIUM" "siteorigin-panels 2.31.1 Contributor+.Stored.XSS.via.Row.Label.Parameter MEDIUM" "siteorigin-panels 2.29.16 Contributor+.Stored.XSS.via.siteorigin_widget.Shortcode MEDIUM" "siteorigin-panels 2.29.7 Contributor+.Stored.XSS MEDIUM" "siteorigin-panels 2.10.16 CSRF.to.Reflected.Cross-Site.Scripting.(XSS) HIGH" "sticky-menu-or-anything-on-scroll 2.21 CSRF.&.XSS LOW" "stars-menu No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "survey-maker No.known.fix Unauthenticated.Authorization.Bypass MEDIUM" "survey-maker 5.1.3.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "survey-maker 5.1.3.4 Authenticated.(Admin+).Stored.Cross-Site.Scripting.via.Survey.Question MEDIUM" "survey-maker 5.0.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "survey-maker 4.9.6 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "survey-maker 4.2.9 Admin+.Stored.XSS.via.Plugin.Settings LOW" "survey-maker 3.6.4 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "survey-maker 4.1.0 IP.Address.Spoofing MEDIUM" "survey-maker 4.0.7 Reflected.Cross-Site.Scripting MEDIUM" "survey-maker 4.0.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "survey-maker 3.4.7 Reflected.XSS HIGH" "survey-maker 3.1.2 Subscriber+.SQLi HIGH" "survey-maker 3.1.4 Unauthenticated.Stored.XSS HIGH" "survey-maker 2.0.7 Unauthenticated.Store.Cross-Site.Scripting MEDIUM" "survey-maker 1.5.6 Authenticated.Blind.SQL.Injections HIGH" "survey-maker 1.5.6 Reflected.Cross-Site.Scripting.(XSS) HIGH" "simple-lightbox-gallery No.known.fix Author+.Stored.XSS MEDIUM" "simple-lightbox-gallery 1.10.0 .Contributor+.PHP.Object.Injection MEDIUM" "swipehq-payment-gateway-wp-e-commerce No.known.fix Multiple.XSS.Issues MEDIUM" "secupress 2.3.10 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Plugin.Installation MEDIUM" "secupress 2.2.5.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "secupress 2.3 Missing.Authorization MEDIUM" "secupress 2.3 Contributor+.Stored.XSS MEDIUM" "secupress 2.2.5.2 Cross-Site.Request.Forgery.to.Banned.IP.Address MEDIUM" "secupress 2.0 Unauthenticated.Arbitrary.IP.Ban MEDIUM" "svgplus No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "soundy-background-music No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "spamreferrerblock No.known.fix Cross-Site.Request.Forgery MEDIUM" "spamreferrerblock No.known.fix Admin+.Stored.XSS LOW" "save-import-image-from-url No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tidekey No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "taxonomy-filter 2.2.10 Settings.Update.via.CSRF MEDIUM" "tcd-google-maps No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "tiempocom No.known.fix Shortcode.Deletion.via.CSRF MEDIUM" "tiempocom No.known.fix Stored.XSS.via.CSRF HIGH" "tiempocom No.known.fix Reflected.XSS HIGH" "todo-custom-field No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tedwp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tedwp 0.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "terminal-africa No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "top-comments No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "tier-pricing-table 3.5.1 Reflected.Cross-Site.Scripting MEDIUM" "tier-pricing-table 2.6.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "testimonial-slider 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "testimonial-slider 1.3.2 Stored.XSS.via.CSRF MEDIUM" "testimonial-slider 1.2.5 Authenticated.SQL.Injection HIGH" "testimonial-slider 1.3.2 Authenticated.Stored.Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "themify-builder 7.6.6 Reflected.Cross-Site.Scripting MEDIUM" "themify-builder 7.6.5 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "themify-builder 7.6.6 Contributor+.Stored.XSS MEDIUM" "themify-builder 7.6.3 Reflected.Cross-Site.Scripting MEDIUM" "themify-builder 7.6.2 Missing.Authorization.to.Authenticated.(Contributor+).Post.Duplication MEDIUM" "themify-builder 7.5.8 Open.Redirect MEDIUM" "themify-builder 7.0.6 Cross-Site.Request.Forgery MEDIUM" "themify-builder 5.3.2 Reflected.Cross-Site.Scripting HIGH" "theme-per-user 1.0.2 Unauthenticated.PHP.Object.Injection HIGH" "team 1.22.26 Reflected.Cross-Site.Scripting HIGH" "team 1.22.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "team 1.22.16 PHP.Object.Injection HIGH" "team 1.22.16 Authenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "tags-to-meta-keywords 1.0.2 Cross-Site.Request.Forgery.to.Stored.Cross-site.Scripting MEDIUM" "tinymce-annotate No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "tinymce-annotate No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "themify-icons 2.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tabbed-login No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "thrive-apprentice 2.3.9.4 Unauthenticated.Option.Update MEDIUM" "thinkific-uploader No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "themefuse-maintenance-mode No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "themedy-toolbox No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themedy-toolbox 1.0.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Shortcodes MEDIUM" "tutor-lms-elementor-addons 2.1.6 Missing.Authorization MEDIUM" "tutor-lms-elementor-addons 2.1.6 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Plugin.Installation MEDIUM" "tutor-lms-elementor-addons 2.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Course.Carousel.Widget MEDIUM" "tutor-lms-elementor-addons 2.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tgg-wp-optimizer No.known.fix Admin+.Stored.XSS LOW" "tarteaucitron-wp 0.3.0 Stored.XSS.via.CSRF HIGH" "tarteaucitron-wp 0.3.0 Author+.Stored.XSS MEDIUM" "twittee-text-tweet No.known.fix Reflected.XSS HIGH" "team-showcase-ultimate No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "total-gdpr-compliance-lite 1.0.5 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "the-logo-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "telephone-number-linker No.known.fix Contributor+.Stored.XSS MEDIUM" "text-hover 4.2 Admin+.Stored.Cross-Site.Scripting. LOW" "testimonial-slider-and-showcase 2.3.8 Admin+.Stored.XSS LOW" "testimonial-slider-and-showcase 2.3.7 Author+.Settings.Update LOW" "travel-light No.known.fix CSRF.Bypass MEDIUM" "tree-website-map 2.9 Arbitrary.Plugin.Installation/Activation.via.Low.Privilege.User CRITICAL" "tree-website-map 3.1 Arbitrary.Plugin.Installation/Activation.via.CSRF CRITICAL" "tagesteller No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "themify-ptb-search 1.4.0 Post.Type.Builder.Search.Addon.<.1.4.0.-.Reflected.Cross-Site.Scripting MEDIUM" "template-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "template-manager No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "themes4wp-youtube-external-subtitles No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "turbo-addons-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "track-the-click 0.3.12 Author+.Time-Based.Blind.SQL.Injection HIGH" "theasys No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "testimonials-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "testimonials-widget No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.testimonials.Shortcode MEDIUM" "testimonials-widget 4.0.0 Multiple.Authenticated.Stored.XSS MEDIUM" "trust-payments-hosted-payment-pages-integration No.known.fix Unauthenticated.SQL.Injection HIGH" "tcs3 No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "themify-event-post 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themify-event-post 1.3.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "themify-event-post 1.2.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "treepress 3.0.1 Reflected.Cross-Site.Scripting MEDIUM" "treepress 3.0.0 Admin+.Stored.Cross-Site.Scripting LOW" "treepress 2.0.21 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "throws-spam-away 3.3.1 Comment.Deletion.via.CSRF MEDIUM" "top-flash-embed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "thrive-ovation 2.4.5 Unauthenticated.Option.Update MEDIUM" "turbo-widgets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "turbo-widgets No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "turbo-widgets No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "threepress 1.7.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "taeggie-feed 0.1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tm-woocommerce-compare-wishlist No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "tec-subscriber-addons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tec-subscriber-addons 2.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "tito No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "th-variation-swatches 1.3.3 1.3.2.-.Cross-Site.Request.Forgery.to.Plugin.Settings.Reset MEDIUM" "telugu-bible-verse-daily No.known.fix CSRF.to.Stored.XSS HIGH" "teaser-maker-standard No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "task-scheduler No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "task-scheduler 1.6.1 Folders.Disclosure.via.Outdated.jQueryFileTree.Library MEDIUM" "tcbd-tooltip No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tutor-pro 2.7.3 Missing.Authorization.to.Authenticated.(Subscriber+).Insecure.Direct.Object.Reference HIGH" "tutor-pro 2.7.1 Missing.Authorization.to.Privilege.Escalation HIGH" "tutor-pro 2.7.1 Missing.Authorization.to.SQL.Injection HIGH" "tutor-pro 2.7.1 Missing.Authorization HIGH" "total-security 3.4.1 XSS.&.Settings.Change MEDIUM" "timeline-and-history-slider 2.4 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "theme-builder-for-elementor 1.2.3 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "the-moneytizer 10.0.1 Missing.Authorization.via.multiple.AJAX.actions HIGH" "the-moneytizer 10.0.1 Cross-Site.Request.Forgery.via.multiple.AJAX.actions HIGH" "the-moneytizer 9.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tabbed 1.3.2 Accordion,.FAQ.<.1.3.2.-.Unauthenticated.AJAX.Calls CRITICAL" "typebot 3.6.1 Contributor+.Stored.XSS MEDIUM" "typebot 1.4.3 Admin+.Stored.Cross.Site.Scripting LOW" "tax-rate-upload No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tax-rate-upload No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "twitter-follow 0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.username.Parameter MEDIUM" "top-10 3.2.5 Admin+.Stored.XSS LOW" "top-10 3.2.3 Contributor+.Stored.XSS MEDIUM" "top-10 2.9.5 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "tiny-carousel-horizontal-slider No.known.fix Admin+.Stored.XSS LOW" "templates-patterns-collection 1.2.3 Sensitive.Information.Exposure.via.Log.File MEDIUM" "teleport No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "twentytwenty No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tinycode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "taxonomy-chain-menu 2.0.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.pn_chain_menu.Shortcode MEDIUM" "team-showcase-supreme 7.5 Editor+.Local.File.Inclusion HIGH" "team-showcase-supreme 4.5 Editor+.Stored.Cross-Site.Scripting LOW" "tracking-code-manager 2.4.0 Contributor+.Stored.XSS MEDIUM" "tracking-code-manager 2.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tracking-code-manager 2.3.0 Admin+.Stored.Cross-Site.Scripting LOW" "tracking-code-manager 2.1.0 Tracking.Code.Manager.<.2,1,0.-Admin+.Stored.Cross-Site.Scripting MEDIUM" "tags-cloud-manager No.known.fix Reflected.XSS HIGH" "themesflat-addons-for-elementor 2.2.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themesflat-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themesflat-addons-for-elementor 2.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themesflat-addons-for-elementor 2.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themesflat-addons-for-elementor 2.2.2 Contributor+.Stored.XSS MEDIUM" "themesflat-addons-for-elementor 2.2.2 Contributor+.Stored.XSS MEDIUM" "themesflat-addons-for-elementor 2.2.2 Contributor+.Information.Exposure LOW" "themesflat-addons-for-elementor 2.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Widget.Tags MEDIUM" "themesflat-addons-for-elementor 2.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.URLs MEDIUM" "themesflat-addons-for-elementor 2.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.in.Multiple.Widgets MEDIUM" "themesflat-addons-for-elementor 2.1.3 Contributor+.Stored.XSS.via.Widget.Titles MEDIUM" "twchat No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "twchat 3.1.5 Multiple.CSRF MEDIUM" "twchat 3.1.5 Admin+.Local.File.Inclusion LOW" "tabs-maker No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "trademe-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "truebooker-appointment-booking 1.0.3 Settings.Update.via.CSRF MEDIUM" "truebooker-appointment-booking 1.0.3 Multiple.Unauthenticated.SQLi HIGH" "timetics 1.0.30 Missing.Authorization MEDIUM" "timetics 1.0.28 AI-powered.Appointment.Booking.Calendar.and.Online.Scheduling.Plugin.<.1.0.28.-.Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.User.Deletion MEDIUM" "timetics 1.0.26 AI-powered.Appointment.Booking.Calendar.and.Online.Scheduling.Plugin.<.1.0.26.-.Insecure.Direct.Object.Reference.to.Unauthenticated.Arbitrary.User.Password/Email.Reset/Account.Takeover CRITICAL" "timetics 1.0.24 Authorization.Bypass MEDIUM" "timetics 1.0.22 AI-powered.Appointment.Booking.with.Visual.Seat.Plan.and.ultimate.Calendar.Scheduling.Plugin.<.1.0.22.-.Missing.Authorization.to.Limited.Privilege.Escalation HIGH" "tecslider 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "tecslider 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "targetfirst-wordpress-plugin 1.0 Unauthenticated.Stored.XSS.via.Licence.Key HIGH" "testimonial-rotator No.known.fix Authenticated.Stored.Cross-Site.Scripting HIGH" "testimonial-rotator 3.0.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "terms-descriptions 3.4.7 Reflected.Cross-Site.Scripting MEDIUM" "terms-descriptions 2.4.8 Admin+.Stored.XSS LOW" "terms-descriptions 3.4.5 Reflected.XSS HIGH" "the-plus-addons-for-block-editor 4.0.8 Missing.Authorization MEDIUM" "the-plus-addons-for-block-editor 4.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-plus-addons-for-block-editor 4.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-plus-addons-for-block-editor 3.2.6 Missing.Authorization MEDIUM" "the-plus-addons-for-block-editor 3.2.6 Reflected.Cross-Site.Scripting MEDIUM" "tripetto 8.0.10 Cross-Site.Request.Forgery.to.Arbitrary.Results.Deletion MEDIUM" "tripetto 8.0.10 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "tripetto 8.0.9 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "tripetto 8.0.7 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "tripetto No.known.fix Unauthentiated.Stored.Cross-Site.Scripting.via.Form.File.Upload HIGH" "tripetto 7.0.1 Reflected.Cross-Site.Scripting MEDIUM" "tripetto 5.2.0 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "tripetto 5.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "team-118group-agent No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Content.Deletion MEDIUM" "theme-my-login 7.1.8 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "theme-my-login 7.1.7 Missing.Authorization.to.Notice.Dismissal MEDIUM" "tinymce-extended-config No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "two-factor-authentication 1.3.13 Disable.Two.Factor.Authentication.CSRF HIGH" "two-factor-authentication 1.1.10 XSS MEDIUM" "telecash-ricaricaweb No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "thrive-dashboard 2.3.9.3 Unauthenticated.Option.Update MEDIUM" "truepush-free-web-push-notifications No.known.fix Missing.Authorization MEDIUM" "toolbar-extras No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "t-countdown No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "tinymce-advanced-qtranslate-fix-editor-problems No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "token-login No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "titan-labs-security-audit No.known.fix Admin+.Stored.Cross.Site.Scripting LOW" "timeline-awesome No.known.fix Author+.Stored.Cross-Site.Scripting LOW" "tawkto-live-chat 0.6.0 Subscriber+.Visitor.Monitoring.&.Chat.Removal HIGH" "theme-switcha 3.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "theme-switcha 3.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "timeline-designer No.known.fix Authenticated.(Admin+).SQL.Injection MEDIUM" "totalcontest-lite 2.9.0 Reflected.XSS HIGH" "totalpoll-lite 4.10.0 Missing.Authorization MEDIUM" "taketin-to-wp-membership No.known.fix Subscriber+.PHP.Object.Injection HIGH" "the-world No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "translator No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "traveler-layout-essential-for-elementor 1.4 Unauthenticated.Server-Side.Request.Forgery HIGH" "tatsu 3.3.12 Unauthenticated.RCE CRITICAL" "travelpayouts 1.1.17 Open.Redirect MEDIUM" "travelpayouts 1.1.13 Settings.Update.via.CSRF MEDIUM" "travelpayouts 1.1.14 Reflected.XSS HIGH" "travelpayouts 1.0.17 CSRF.Bypass.due.to.Outdated.Redux.Framework MEDIUM" "trust-form 2.0.1 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "tb-testimonials No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ticket-help-desk-system-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tx-onepager No.known.fix Admin+.SQLi MEDIUM" "theme-changer 1.5 Cross-Site.Request.Forgery MEDIUM" "tracked-tweets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tracked-tweets No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "turbosmtp 4.7 Reflected.Cross-Site.Scripting MEDIUM" "turbosmtp 4.7 Reflected.Cross-Site.Scripting.via.'page' MEDIUM" "task-manager-pro 3.6.34 Follower+.SQLi HIGH" "task-manager-pro 3.6.34 Multiple.Cross-Site.Scripting MEDIUM" "themify-portfolio-post 1.2.5 Editor+.Stored.XSS LOW" "themify-portfolio-post 1.2.2 Contributor+.Stored.XSS MEDIUM" "themify-portfolio-post 1.2.1 Contributor+.Stored.XSS MEDIUM" "themify-portfolio-post 1.1.7 Reflected.Cross-Site.Scripting MEDIUM" "themify-portfolio-post 1.1.6 Authenticated.Stored.Cross-Site.Scripting HIGH" "timed-content 2.73 Contributor+.Stored.XSS MEDIUM" "twitter-plugin 2.55 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "toggles-shortcode-and-widget No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "twitter-cards-meta 2.5.0 CSRF.and.XSS HIGH" "tcbd-auto-refresher No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "teamleader-form-integration 2.1.0 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "templines-helper-core 2.8 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "tabulate No.known.fix Reflected.XSS HIGH" "transportersio 2.1.2 Stored.XSS.via.CSRF HIGH" "templately 3.1.6 Missing.Authorization MEDIUM" "templately 3.1.6 Missing.Authorization.via.AJAX.actions MEDIUM" "templately 3.1.3 Missing.Authorization MEDIUM" "templately 2.2.6 Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "tribute-testimonial-gridslider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tp-gallery-slider No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "team-section 1.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "twispay No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "theatre No.known.fix Missing.Authorization MEDIUM" "theatre 0.18.7 Reflected.Cross-Site.Scripting MEDIUM" "theatre 0.18.4 Admin+.Stored.XSS LOW" "translit-it No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "taggator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tera-charts No.known.fix Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "typer-core No.known.fix Authenticated.(Contributor+).Post.Disclosure MEDIUM" "tripay-payment-gateway 3.2.8 Admin+.Stored.XSS LOW" "tidy-up No.known.fix Cross-Site.Request.Forgery MEDIUM" "templatesnext-onepager No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tori-ajax No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "timber-library 1.23.1 Authenticated.(Admin+).PHP.Object.Injection HIGH" "table-genie No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "table-genie No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "term-and-category-based-posts-widget 4.9.13 Admin+.Stored.XSS LOW" "tabs-for-visual-composer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "twitter-anywhere-plus No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "translation-exchange No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "timesheet 0.1.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "testimonials-carousel-elementor 10.2.3 Contributor+.Stored.XSS MEDIUM" "testimonials-carousel-elementor 10.2.1 Missing.Authorization.to.Limited.Setting.Update MEDIUM" "testimonials-carousel-elementor 10.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ttt-crop No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tutor 3.4.1 Subscriber+.HTML.Injection MEDIUM" "tutor 2.7.7 Unauthenticated.SQL.Injection.via.rating_filter HIGH" "tutor 2.7.7 User.Registration.Setting.Bypass.to.Unauthorized.User.Registration MEDIUM" "tutor 2.7.5 Cross-Site.Request.Forgery.via.'addon_enable_disable' MEDIUM" "tutor 2.7.3 Authenticated.(Administrator+).SQL.Injection HIGH" "tutor 2.7.4 Authenticated.(Instructor+).Stored.Cross-Site.Scripting MEDIUM" "tutor 2.7.4 Missing.Authorization MEDIUM" "tutor 2.7.3 Cross-Site.Request.Forgery MEDIUM" "tutor 2.7.3 Authenticated.(Tutor.Instructor+).Stored.Cross-Site.Scripting MEDIUM" "tutor 2.7.2 Authenticated.(Admin+).Path.Traversal LOW" "tutor 2.7.2 Tutor.LMS.–.eLearning.and.online.course.solution.<.2,7,2.-Authenticated.(Administrator+).SQL.Injection HIGH" "tutor 2.7.2 Authenticated.(Instructor+).Insecure.Direct.Object.Reference.to.Arbitrary.Quiz.Attempt.Deletion MEDIUM" "tutor 2.7.1 Authenticated.(Instructor+).Insecure.Direct.Object.Reference.to.Arbitrary.Course.Deletion MEDIUM" "tutor 2.7.1 Missing.Authorization CRITICAL" "tutor 2.7.1 Authenticated.(Instructor+).SQL.Injection HIGH" "tutor 2.7.0 Missing.Authorization.to.Unauthenticated.Limited.Options.Update MEDIUM" "tutor 2.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'tutor_instructor_list'.Shortcode MEDIUM" "tutor 2.6.2 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Deletion MEDIUM" "tutor 2.6.2 Cross-Site.Request.Forgery.to.Plugin.Deactivation.and.Data.Erase MEDIUM" "tutor 2.6.2 Authenticated.(Subscriber+).SQL.Injection HIGH" "tutor 2.6.1 Student+.HTML.Injection.via.Q&A MEDIUM" "tutor 2.6.1 Missing.Authorization MEDIUM" "tutor 2.3.0 Admin+.Stored.XSS LOW" "tutor 2.3.0 Subscriber+.Stored.Cross-Site.Scripting HIGH" "tutor 2.2.1 Unauthenticated.Access.to.Tutor.LMS.Lesson.Resources.via.REST.API MEDIUM" "tutor 2.2.0 Unauthenticate.SQL.Injection HIGH" "tutor 2.2.1 Student+.SQL.Injection HIGH" "tutor 2.2.0 Instructor+.SQL.Injection MEDIUM" "tutor 2.0.10 Reflected.Cross-Site.Scripting HIGH" "tutor 2.0.10 Admin+.Stored.Cross-Site.Scripting LOW" "tutor 2.0.9 Reflected.Cross-Site.Scripting MEDIUM" "tutor 1.9.13 Reflected.Cross-Site.Scripting MEDIUM" "tutor 1.9.12 Subscriber+.Stored.Cross-Site.Scripting HIGH" "tutor 1.9.12 Reflected.Cross-Site.Scripting HIGH" "tutor 1.9.11 Reflected.Cross-Site.Scripting MEDIUM" "tutor 1.9.9 Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "tutor 1.9.6 Reflected.Cross-Site.Scripting HIGH" "tutor 1.9.2 Authenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "tutor 1.8.8 Authenticated.Local.File.Inclusion MEDIUM" "tutor 1.7.7 SQL.Injection.via.tutor_place_rating MEDIUM" "tutor 1.8.3 SQL.Injection.via.tutor_quiz_builder_get_answers_by_question MEDIUM" "tutor 1.7.7 Unprotected.AJAX.including.Privilege.Escalation HIGH" "tutor 1.8.3 SQL.Injection.via.tutor_answering_quiz_question/get_answer_by_id MEDIUM" "tutor 1.7.7 SQL.Injection.via.tutor_mark_answer_as_correct MEDIUM" "tutor 1.8.3 SQL.Injection.via.tutor_quiz_builder_get_question_form MEDIUM" "tutor 1.5.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "tournamatch No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tournamatch 4.6.1 Subscriber+.Stored.XSS HIGH" "tournamatch 4.6.1 Admin+.Stored.XSS.via.Ladders LOW" "twitter-shortcode No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "tagregator No.known.fix Stored.XSS MEDIUM" "thirstyaffiliates 3.10.5 Subscriber+.unauthorized.image.upload.+.CSRF LOW" "thirstyaffiliates 3.10.5 Subscriber+.Arbitrary.Affiliate.Links.Creation LOW" "thirstyaffiliates 3.9.3 Authenticated.Stored.XSS MEDIUM" "timeline-block-block 1.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tickera-event-ticketing-system 3.5.5.3 Missing.Authorization MEDIUM" "tickera-event-ticketing-system 3.5.4.9 Unauthenticated.Customer.Data.Exposure MEDIUM" "tickera-event-ticketing-system 3.5.4.6 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "tickera-event-ticketing-system 3.5.2.9 Missing.Authorization.to.Authenticated.(Susbcriber+).Ticket.Deletion MEDIUM" "tickera-event-ticketing-system 3.5.2.7 Missing.Authorization MEDIUM" "tickera-event-ticketing-system 3.5.2.5 Ticket.leakage.through.IDOR MEDIUM" "tickera-event-ticketing-system 3.5.1.0 Plugin.Data.Deletion.via.CSRF LOW" "tickera-event-ticketing-system 3.4.9.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "tickera-event-ticketing-system 3.4.8.3 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "tickera-event-ticketing-system 3.4.6.9 Unauthenticated.Sensitive.Data.Exposure HIGH" "tailpress No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "team-rosters No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "team-rosters No.known.fix Reflected.Cross-Site.Scripting.via.'tab' MEDIUM" "team-rosters No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "ti-woocommerce-wishlist-premium 1.40.1 Unauthenticated.Blind.SQL.Injection HIGH" "ti-woocommerce-wishlist-premium 1.21.5 Authenticated.WP.Options.Change HIGH" "ts-tree No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Content.Deletion MEDIUM" "theme-file-duplicator No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "theme-file-duplicator No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Download MEDIUM" "taobaoke No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "text-advertisements No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "toggle-the-title No.known.fix XSS MEDIUM" "team-builder-for-wpbakery-page-builder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "team-builder-for-wpbakery-page-builder No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "telegram-bot No.known.fix Cross-Site.Request.Forgery MEDIUM" "telegram-bot 3.6.3 Admin+.Stored.XSS LOW" "tabgarb No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "typing-text No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "typing-text 1.2.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-permalinker 1.9.0 Contributor+.Stored.XSS MEDIUM" "td-subscription 1.7.1 Authenticated.(Subscriber+).SQL.Injection.via.subscriptionCouponId.Parameter MEDIUM" "td-subscription 1.5 Authenticated.(Admin+).SQL.Injection HIGH" "td-subscription 1.5 Authenticated.(Admin+).SQL.Injection HIGH" "tf-numbers-number-counter-animaton 2.0.1 Subscriber+.Arbitrary.Option.Update HIGH" "tag-groups 2.0.5 Reflected.Cross-Site.Scripting MEDIUM" "tag-groups 2.0.4 Missing.Authorization.to.Information.Exposure MEDIUM" "tag-groups 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "tag-groups 1.43.10.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "themehunk-megamenu-plus 1.1.1 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "themehunk-megamenu-plus 1.1.0 .Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Updates MEDIUM" "the-events-calendar-pro 6.4.0.1 Contributor+.Missing.Authorization.to.Authenticated.Arbitrary.Events.Access MEDIUM" "team-members-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tabs-shortcode-and-widget No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "team-members 5.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "team-members 5.3.2 Author+.Stored.XSS MEDIUM" "team-members 5.2.1 Editor+.Stored.XSS LOW" "team-members 5.1.1 Admin+.Stored.Cross-Site.Scripting LOW" "team-members 5.0.4 Authenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "thesis-openhook 4.3.1 Subscriber+.Remote.Code.Execution CRITICAL" "textme-sms-integration No.known.fix Missing.Authorization MEDIUM" "textme-sms-integration 1.9.1 Subscriber+.Settings.Update MEDIUM" "textme-sms-integration 1.8.9 Authenticated.Stored.XSS LOW" "timthumb-vulnerability-scanner No.known.fix Scan.Initialisation.via.CSRF MEDIUM" "total-team-lite 1.1.2 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "tayori No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tiny-contact-form No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "theme-editor 2.9 Authenticated.(Admin+).PHAR.Deserialization HIGH" "theme-editor 2.8 Admin+.Arbitrary.File.Upload HIGH" "theme-editor 2.6 Authenticated.Arbitrary.File.Download MEDIUM" "theme-editor 2.2 Multiple.Vulnerabilities CRITICAL" "testimonial 2.0.14 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "testimonial 2.3.8 Admin+.Stored.Cross-Site.Scripting LOW" "twenty20 No.known.fix Contributor+.Stored.XSS MEDIUM" "theme-demo-import 1.1.1 Admin+.Arbitrary.File.Upload MEDIUM" "testimonial-widgets 1.4.4 Authenticated.(Contributor+).SQL.Injection HIGH" "testimonial-widgets 1.4.3 Widget.Deletion.via.CSRF MEDIUM" "the-very-simple-vimeo-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "tabs-with-posts No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tabs-with-posts No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "tlp-portfolio 2.8.11 WordPress.Portfolio.<.2.8.11.-.Contributor+.Stored.XSS MEDIUM" "twigify No.known.fix Vulnerable.Twig.Package MEDIUM" "twb-woocommerce-reviews 1.7.8 Cross-Site.Request.Forgery MEDIUM" "twb-woocommerce-reviews 1.7.6 Admin+.Stored.XSS LOW" "time-clock 1.2.3 Unauthenticated.(Limited).Remote.Code.Execution HIGH" "thrive-visual-editor 2.6.7.4 Unauthenticated.Option.Update MEDIUM" "terms-of-use-2 No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "textboxes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "transients-manager 2.0.7 Cross-Site.Request.Forgery MEDIUM" "the-plus-addons-for-elementor-page-builder 6.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "the-plus-addons-for-elementor-page-builder 6.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-plus-addons-for-elementor-page-builder 6.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-plus-addons-for-elementor-page-builder 6.0.4 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Elementor.Templates MEDIUM" "the-plus-addons-for-elementor-page-builder 5.6.12 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.content_template MEDIUM" "the-plus-addons-for-elementor-page-builder 5.6.3 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "the-plus-addons-for-elementor-page-builder 5.6.3 Missing.Authorization MEDIUM" "the-plus-addons-for-elementor-page-builder 5.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Testimonials.Widget.Settings MEDIUM" "the-plus-addons-for-elementor-page-builder 5.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Video.Widget MEDIUM" "the-plus-addons-for-elementor-page-builder 5.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.TP.Page.Scroll.Widget MEDIUM" "the-plus-addons-for-elementor-page-builder 5.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Widget MEDIUM" "the-plus-addons-for-elementor-page-builder 5.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-plus-addons-for-elementor-page-builder 5.5.3 Contributor+.Stored.XSS MEDIUM" "the-plus-addons-for-elementor-page-builder 5.5.5 Contributor+.Stored.XSS.via.Hover.Card.Widget MEDIUM" "the-plus-addons-for-elementor-page-builder 5.5.3 Contributor+.Stored.XSS MEDIUM" "the-plus-addons-for-elementor-page-builder 5.5.5 Contributor+.Stored.XSS.in.Widgets MEDIUM" "the-plus-addons-for-elementor-page-builder 5.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Age.Gate MEDIUM" "the-plus-addons-for-elementor-page-builder 5.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-plus-addons-for-elementor-page-builder 5.5.0 Contributor+.Stored.Cross-Site.Scripting.via.Countdown.Widget MEDIUM" "the-plus-addons-for-elementor-page-builder 5.4.2 Contributor+.LFI MEDIUM" "the-plus-addons-for-elementor-page-builder 5.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.Header.Meta.Content.Widget MEDIUM" "the-plus-addons-for-elementor-page-builder 5.3.4 Contributor+.Stored.XSS MEDIUM" "the-plus-addons-for-elementor-page-builder 2.0.7 Contributor+.Privilege.Escalation HIGH" "the-plus-addons-for-elementor-page-builder 2.0.7 Contributor+.Arbitrary.File.Access MEDIUM" "the-plus-addons-for-elementor-page-builder 2.0.6 Contributor+.Stored.XSS MEDIUM" "tour-booking-manager 1.8.8 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "tour-booking-manager 1.8.8 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "tour-booking-manager 1.8.6 Missing.Authorization MEDIUM" "tour-booking-manager 1.7.8 Missing.Authorization MEDIUM" "tour-booking-manager 1.7.2 Missing.Authorization.via.ttbm_new_place_save MEDIUM" "tour-booking-manager 1.6.1 Cross-Site.Request.Forgery MEDIUM" "taggbox-widget No.known.fix Cross-Site.Request.Forgery MEDIUM" "taggbox-widget 3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "taggbox-widget 3.2 Unauthenticated.PHP.Object.Injection CRITICAL" "taggbox-widget No.known.fix Missing.Authorization MEDIUM" "taggbox-widget No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "taggbox-widget No.known.fix Cross-Site.Request.Forgery MEDIUM" "taskbuilder 4.0.2 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "taskbuilder 3.0.7 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "taskbuilder 3.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wppm_tasks.Shortcode MEDIUM" "taskbuilder 3.0.5 Admin+.SQL.Injection MEDIUM" "taskbuilder 3.0.9 Admin+.SQL.Injection MEDIUM" "taskbuilder 1.0.8 Subscriber+.Stored.XSS.via.SVG.file.upload MEDIUM" "text-selection-color No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "trusty-woo-products-filter No.known.fix Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "timeslot 1.3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "table-maker No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "tagmaker No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "typea-ftc-disclosure No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "typea-ftc-disclosure No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "themify-ptb 2.1.1 Reflected.Cross-Site.Scripting HIGH" "themify-ptb 2.1.4 Subscriber+.Arbitrary.Post/Page.Creation MEDIUM" "tcbd-popover No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tube-video-curator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "twitter-posts No.known.fix Settings.Update.via.CSRF MEDIUM" "themeegg-toolkit No.known.fix Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "twitterpost No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "target-notifications No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "timeline-widget-addon-for-elementor 1.5.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tubepressnet No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "travelers-map 2.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "timeline-calendar No.known.fix Authenticated.(admin+).SQL.Injection HIGH" "thrive-automator 1.17.1 Cross-Site.Request.Forgery MEDIUM" "trendy-restaurant-menu No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tradedoubler-affiliate-tracker 2.0.22 Unauthenticated.LFI HIGH" "tinymce-custom-styles 1.1.4 Admin+.Stored.Cross-Site.Scripting LOW" "tinymce-custom-styles 1.1.3 Admin+.Stored.XSS LOW" "thrive-leads 2.3.9.4 Unauthenticated.Option.Update MEDIUM" "theme-options-z No.known.fix Cross-Site.Request.Forgery MEDIUM" "tiny-compress-images 3.4.4 Cross-Site.Request.Forgery MEDIUM" "tiny-carousel-horizontal-slider-plus No.known.fix Admin+.Stored.XSS MEDIUM" "testimonial-add 3.5.8.5 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "transbank-webpay-plus-rest 1.6.7 Admin+.SQLi MEDIUM" "tubepress 1.6.5 XSS MEDIUM" "ttv-easy-embed-player 2.1.1 Admin+.Stored.XSS LOW" "tablesome 1.0.34 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "tablesome 1.0.26 Cross-Site.Request.Forgery MEDIUM" "tablesome 1.0.28 Reflected.Cross-Site.Scripting MEDIUM" "tablesome 1.0.15 Reflected.Cross-Site.Scripting MEDIUM" "tablesome 1.0.9 Reflected.XSS MEDIUM" "tablesome 0.6.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "timer-countdown No.known.fix Reflected.XSS HIGH" "tiger-form 2.1.0 Reflected.XSS HIGH" "tablesearch No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "tweet-old-custom-post No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "tune-library 1.5.5 SQL.Injection HIGH" "tm-islamic-helper No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "twitter-friends-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "template-kit-export 1.0.22 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "temporary-login-without-password 1.7.1 Subscriber+.Plugin's.Settings.Update MEDIUM" "the-holiday-calendar 1.11.3 Cross-Site.Scripting.(XSS) MEDIUM" "typofr No.known.fix Reflected.Cross-Site.Scripting HIGH" "theperfectweddingnl-widget 2.9 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting HIGH" "themeisle-companion 2.10.45 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themeisle-companion 2.10.44 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.title_tag.Parameter MEDIUM" "themeisle-companion 2.10.44 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Pricing.Table.Widget MEDIUM" "themeisle-companion 2.10.37 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "themeisle-companion 2.10.35 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Services.and.Post.Type.Grid.Widgets MEDIUM" "themeisle-companion 2.10.33 Authenticated.(Contributor+).Stored.Cross-Site.Scripiting.via.Registration.Form.Widget MEDIUM" "themeisle-companion 2.10.32 Contributor+.Stored.XSS.via.Post.Type.Grid.Widget MEDIUM" "themeisle-companion 2.10.31 Contributor+.Stored.XSS.via.Pricing.Table.Widget MEDIUM" "themeisle-companion 2.10.31 Contributor+.Stored.XSS.via.Form.Widget MEDIUM" "themeisle-companion 2.10.30 Connected.API.Keys.Update.via.CSRF MEDIUM" "themeisle-companion 2.10.29 Unauthenticated.Connected.API.Keys.Update MEDIUM" "themeisle-companion 2.10.28 Contributor+.Stored.XSS MEDIUM" "themeisle-companion 2.10.27 Contributor+.Stored.XSS MEDIUM" "themeisle-companion 2.10.24 Author+.Server-Side.Request.Forgery MEDIUM" "themeisle-companion 2.10.3 Authenticated.Stored.Cross.Site.Scripting MEDIUM" "themeisle-companion 2.10.3 Authenticated.Privilege.Escalation CRITICAL" "the-events-calendar 6.9.1 Contributor+.Stored.XSS MEDIUM" "the-events-calendar 6.8.2.1 Unauthenticated.Password.Protected.Event.Disclosure MEDIUM" "the-events-calendar 6.7.1 Trashed.Events.Restoration.via.CSRF MEDIUM" "the-events-calendar 6.6.4.1 Unauthenticated.SQL.Injection MEDIUM" "the-events-calendar 6.6.4 Admin+.Stored.XSS LOW" "the-events-calendar 6.5.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "the-events-calendar 6.5.1.5 Cross-Site.Request.Forgery.via.action_restore_events MEDIUM" "the-events-calendar 6.4.0.1 Contributor+.Missing.Authorization.to.Authenticated.Arbitrary.Events.Access MEDIUM" "the-events-calendar 6.4.0.1 Contributor+.Arbitrary.Events.Access LOW" "the-events-calendar 6.4.0.1 Reflected.XSS HIGH" "the-events-calendar 6.2.9 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "the-events-calendar 6.2.8.1 Unauthenticated.Arbitrary.Password.Protected.Post.Read MEDIUM" "the-events-calendar 6.1.0 Reflected.Cross-Site.Scripting MEDIUM" "the-events-calendar 5.14.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "the-events-calendar 5.14.0 Reflected.Cross-Site.Scripting MEDIUM" "the-events-calendar 4.8.2 XSS MEDIUM" "tk-event-weather No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tk-event-weather No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "terms-before-download No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "torro-forms No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "time-sheets 1.29.3 Admin+.Stored.XSS LOW" "time-sheets 1.5.2 Multiple.XSS MEDIUM" "thrive-clever-widgets 1.57.1 Unauthenticated.Option.Update MEDIUM" "theme-blvd-responsive-google-maps No.known.fix Contributor+.XSS MEDIUM" "trustmary 1.0.10 Contributor+.Stored.XSS MEDIUM" "twitter-real-time-search-scrolling No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "time-based-greeting No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "translation-pro No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tidio-gallery No.known.fix .Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "template-kit-import 1.0.15 Author+.Stored.XSS MEDIUM" "testimonials No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "the-buffer-button No.known.fix Authenticated.Stored.Cross.Site.Scripting.(XSS) MEDIUM" "tlp-team 5.0.0 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "tlp-team 4.4.2 Editor+.Stored.XSS LOW" "tlp-team 4.1.2 Subscriber+.Arbitrary.File.Read.and.Deletion CRITICAL" "travelfic-toolkit 1.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "theme-blvd-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "topbar-id-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tidyro No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tripplan 2.0.0 Contributor+.Stored.XSS MEDIUM" "thrive-ultimatum 2.3.9.4 Unauthenticated.Option.Update MEDIUM" "tableberg No.known.fix Contributor+.Stored.XSS MEDIUM" "timeline-pro 1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.[placeholder] MEDIUM" "themify-shortcodes 2.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themify-shortcodes 2.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themify-shortcodes 2.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.themify_button.Shortcode MEDIUM" "themify-shortcodes 2.0.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themify-shortcodes 2.0.8 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "trustist-reviewer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tourfic 2.15.4 Authenticated.(Admin+).Arbitrary.File.Upload HIGH" "tourfic 2.15.4 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "tourfic 2.11.21 Cross-Site.Request.Forgery.in.Multiple.Functions MEDIUM" "tourfic 2.11.8 Reflected.Cross-Site.Scripting MEDIUM" "tourfic 2.11.16 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "tourfic 2.11.19 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "tourfic 2.11.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "title-field-validation No.known.fix Unauthorised.AJAX.Calls HIGH" "tooltip-ck No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "tranzly No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tranzly 1.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "track-page-scroll No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "team-showcase 2.2 Contributor+.Stored.XSS MEDIUM" "toolbar-to-share No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "threewp-broadcast 51.02 Reflected.Cross-Site.Scripting MEDIUM" "theme-tweaker-lite No.known.fix Cross-Site.Request.Forgery MEDIUM" "tpg-get-posts No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "team-display No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "team-display No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "tc-custom-javascript 1.2.2 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "tippy No.known.fix Contributor+.Stored.XSS MEDIUM" "tt-custom-post-type-creator No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "the-sorter No.known.fix Authenticated.SQL.Injection MEDIUM" "tz-plus-gallery No.known.fix Cross-Site.Request.Forgery MEDIUM" "tourmaster 5.4.1 Reflected.Cross-Site.Scripting MEDIUM" "tourmaster 5.3.8 Tour.Booking,.Travel,.Hotel.<.5.3.8.-.Authenticated.(Subscriber+).SQL.Injection.via.review_id.Parameter MEDIUM" "tourmaster 5.3.5 Reflected.XSS HIGH" "tourmaster 5.3.4 Unauthenticated.Stored.XSS.via.Room.Booking HIGH" "tagembed-widget 5.9 Missing.Authorization MEDIUM" "tagembed-widget 4.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "traveler-code 3.1.2 Unauthenticated.Arbitrary.SQL.Injection HIGH" "traveler-code 3.1.2 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "turitop-booking-system No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "turitop-booking-system No.known.fix Missing.Authorization MEDIUM" "terraclassifieds No.known.fix Cross-Site.Request.Forgery HIGH" "terraclassifieds No.known.fix TerraClassifieds.<=.2,0,3.Unauthenticated.Arbitrary.File.Upload CRITICAL" "tweet-wheel 1.0.3.3 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "tumult-hype-animations 1.9.16 Authenticated.(Author+).Arbitrary.File.Upload.via.hypeanimations_panel.Function CRITICAL" "tumult-hype-animations 1.9.15 Missing.Authorization MEDIUM" "tumult-hype-animations 1.9.12 Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "tumult-hype-animations 1.9.13 Authenticated.(Author+).Arbitrary.File.Upload HIGH" "track-geolocation-of-users-using-contact-form-7 2.1 Admin+.Stored.XSS LOW" "time-clock-pro 1.1.5 Unauthenticated.(Limited).Remote.Code.Execution HIGH" "tweetscroll-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tr-easy-google-analytics No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "the-post-grid 7.7.18 Contributor+.Local.File.Inclusion HIGH" "the-post-grid 7.5.0 Editor+.Stored.XSS.via.Grid.Creation LOW" "the-post-grid 7.7.12 Authenticated.(Contributor+).Information.Disclosure MEDIUM" "the-post-grid 7.7.5 Missing.Authorization.via.save_block_css MEDIUM" "the-post-grid 7.7.5 Missing.Authorization.via.REST.API MEDIUM" "the-post-grid 7.7.5 Missing.Authorization.via.AJAX MEDIUM" "the-post-grid 7.7.2 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.section.title.tag MEDIUM" "the-post-grid 7.7.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-post-grid 7.7.0 Missing.Authorization MEDIUM" "the-post-grid 7.2.8 Block.CSS.Update.via.CSRF MEDIUM" "the-post-grid 5.0.5 Settings.Update.via.CSRF MEDIUM" "thrive-comments 1.4.15.3 Unauthenticated.Option.Update MEDIUM" "tsb-occasion-editor No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "truenorth-srcset No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "typekit No.known.fix Cross-Site.Request.Forgery MEDIUM" "tweet-old-post 9.0.11 PHP.Object.Injection LOW" "tabs-responsive 2.2.8 Editor+.Stored.Cross-Site.Scripting LOW" "ts-webfonts-for-conoha 2.0.4 Admin+.Stored.XSS LOW" "terms-and-conditions-per-product 1.2.16 Missing.Authorization MEDIUM" "terms-and-conditions-per-product 1.2.6 Reflected.Cross-Site.Scripting MEDIUM" "tabs-pro 1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "training No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "tenweb-speed-optimizer 2.24.18 Unauthenticated.Arbitrary.Option.Deletion HIGH" "transposh-translation-filter-for-wordpress No.known.fix Settings.Update.via.Authorization.Bypass MEDIUM" "transposh-translation-filter-for-wordpress No.known.fix Subscriber+.Unauthorised.Calls MEDIUM" "transposh-translation-filter-for-wordpress No.known.fix Admin+.SQL.Injection MEDIUM" "transposh-translation-filter-for-wordpress No.known.fix Usernames.Disclosure MEDIUM" "transposh-translation-filter-for-wordpress No.known.fix Unauthenticated.Settings.Change MEDIUM" "transposh-translation-filter-for-wordpress 1.0.8 Reflected.Cross-Site.Scripting MEDIUM" "transposh-translation-filter-for-wordpress 1.0.8 Stored.Cross-Site.Scripting MEDIUM" "transposh-translation-filter-for-wordpress 1.0.8 Admin+.RCE MEDIUM" "transposh-translation-filter-for-wordpress 1.0.8 CSRF.to.Stored.XSS HIGH" "tock-widget 1.2 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "transfinanz No.known.fix Reflected.XSS HIGH" "thoughtful-comments 0.3.6 Missing.Authorization LOW" "thrive-quiz-builder 2.3.9.4 Unauthenticated.Option.Update MEDIUM" "this-day-in-history No.known.fix Unauthenticated.Reflected.XSS HIGH" "tida-url-screenshot 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "ti-woocommerce-wishlist 2.9.2 Unauthenticated.Plugin.Setup.Wizard.Access HIGH" "ti-woocommerce-wishlist 2.9.1 Unauthenticated.SQL.Injection.via.lang.parameters HIGH" "ti-woocommerce-wishlist 2.9.0 Unauthenticated.SQL.Injection HIGH" "ti-woocommerce-wishlist 1.7.0 Reflected.Cross-Site.Scripting MEDIUM" "ti-woocommerce-wishlist 1.40.1 Unauthenticated.Blind.SQL.Injection HIGH" "ti-woocommerce-wishlist 1.21.12 Authenticated.WP.Options.Change HIGH" "thrive-headline-optimizer 1.3.7.3 Unauthenticated.Option.Update MEDIUM" "top-bar 3.0.4 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "top-bar 3.0.5 Admin+.Stored.XSS LOW" "top-bar 3.0.4 Admin+.Stored.Cross-Site.Scripting LOW" "telsender 1.14.12 Subscriber+.Settings.Update MEDIUM" "theme-duplicator No.known.fix Cross-Site.Request.Forgery MEDIUM" "thumbs-rating No.known.fix Unauthenticated.Insecure.Direct.Object.Reference MEDIUM" "td-composer 5.4 Reflected.Cross-Site.Scripting.via.'data' MEDIUM" "td-composer 5.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Shortcodes MEDIUM" "td-composer 5.4 Unauthenticated.Arbitrary.PHP.Object.Instantiation CRITICAL" "td-composer 5.4 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "td-composer 5.4 Reflected.Cross-Site.Scripting.via.'account_id'.and.'account_username' MEDIUM" "td-composer 5.1 Reflected.Cross-Site.Scripting.via.envato_code[] MEDIUM" "td-composer 5.1 Reflected.Cross-Site.Scripting.via.envato_code[] MEDIUM" "td-composer 4.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.button.Shortcode MEDIUM" "td-composer 4.9 Authenticated.(Contributor+).Local.File.Inclusion.via.Shortcode HIGH" "td-composer 4.9 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Attachment.Meta MEDIUM" "td-composer 4.2 Admin+.Stored.XSS LOW" "td-composer 4.2 Unauthenticated.Stored.XSS HIGH" "td-composer 4.0 Reflected.Cross-site.Scripting HIGH" "td-composer 3.5 Unauthenticated.Account.Takeover CRITICAL" "tour-operator 2.0.0 Author+.Stored.XSS.via.SVG.File.Upload MEDIUM" "trustmate-io-integration-for-woocommerce 1.7.1 Subscriber+.Arbitrary.Blog.Option.Update HIGH" "trustmate-io-integration-for-woocommerce 1.8.12 Subscriber+.Arbitrary.Plugin's.Settings.Update HIGH" "telefication No.known.fix Open.Relay.&.Server-Side.Request.Forgery MEDIUM" "ticketsource-events 3.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "thim-elementor-kit 1.2.9 Missing.Authorization MEDIUM" "thim-elementor-kit 1.2.9.1 Contributor+.Stored.XSS MEDIUM" "thim-elementor-kit 1.1.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "thim-elementor-kit 1.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tube-video-ads-lite No.known.fix Reflected.XSS HIGH" "themeshark-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tk-google-fonts 2.2.12 Missing.Authorization.to.Font.Deletion MEDIUM" "tk-google-fonts 2.2.11 Reflected.Cross-Site.Scripting MEDIUM" "tk-google-fonts 2.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "tarteaucitronjs 1.6.1 Cookies.legislation.&.GDPR.<.1.6.1.-.Admin.+.Stored.Cross-Site.Scripting LOW" "tarteaucitronjs 1.6 Cookies.legislation.&.GDPR.<.1.6.-.CSRF.to.Stored.Cross-Site.Scripting MEDIUM" "timely-booking-button No.known.fix Admin+.Stored.XSS LOW" "total-cost-input-for-woocommerce 1.0.1 Reflected.Cross-Site.Scripting MEDIUM" "track-logins No.known.fix Admin+.SQL.Injection MEDIUM" "tapfiliate 3.0.13 Admin+.Stored.XSS LOW" "tutor-lms-migration-tool No.known.fix Missing.Authorization.in.tutor_lp_export_xml MEDIUM" "tutor-lms-migration-tool No.known.fix Missing.Authorization.in.tutor_import_from_xml MEDIUM" "talkback-secure-linkback-protocol No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "triberr-wordpress-plugin 4.1.2 Admin+.Stored.XSS LOW" "theme-junkie-shortcodes No.known.fix Contributor+.Stored.XSS.via.Shortcodes MEDIUM" "twitter-bootstrap-collapse-aka-accordian-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "twitter-bootstrap-collapse-aka-accordian-shortcode No.known.fix Stored.XSS.via.Shortcode HIGH" "tp-education 4.5 Contributor+.Stored.XSS MEDIUM" "tajer No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "twitter-news-feed No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "thecartpress No.known.fix Unauthenticated.Arbitrary.Admin.Account.Creation CRITICAL" "thecartpress 1.3.9.3 Multiple.Vulnerabilities HIGH" "tweeple No.known.fix Reflected.XSS HIGH" "toocheke-companion 1.167 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "table-of-contents-plus 2411.1 Admin+.Stored.XSS LOW" "table-of-contents-plus 2411 Cross-Site.Request.Forgery MEDIUM" "table-of-contents-plus 2309 Settings.Update.via.CSRF MEDIUM" "table-of-contents-plus 2309 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "table-of-contents-plus 2212 Contributor+.Stored.XSS MEDIUM" "temp-mail 1.0.1 Reflected.Cross-Site.Scripting MEDIUM" "ticket-tailor 1.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "totop-link No.known.fix Unauthenticated.PHP.Object.Injection MEDIUM" "tainacan 0.21.13 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "tainacan 0.21.11 Reflected.Cross-Site.Scripting MEDIUM" "tainacan 0.21.9 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "tainacan 0.21.8 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Read MEDIUM" "tainacan 0.21.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tainacan 0.21.4 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "tainacan 0.20.8 Missing.Authorization MEDIUM" "tainacan 0.20.7 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "tainacan 0.20.5 Reflected.Cross-Site.Scripting MEDIUM" "teleadmin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "templatesnext-toolkit No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "templatesnext-toolkit No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "templatesnext-toolkit 3.2.9 Contributor+.Stored.XSS MEDIUM" "templatesnext-toolkit 3.2.8 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "templatesnext-toolkit 3.2.8 Contributor+.Stored.XSS MEDIUM" "turn-off-comments-for-all-posts No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tiny-bar 2.1 Reflected.Cross-Site.Scripting MEDIUM" "tablepress 3.1 Author+.Stored.XSS MEDIUM" "tablepress 2.4.3 Author+.Stored.XSS MEDIUM" "tablepress 2.4.3 XXE.Injection MEDIUM" "tablepress 2.3.2 Authenticated.(Author+).Server-Side.Request.Forgery.via.DNS.Rebind MEDIUM" "tablepress 2.2.5 Authenticated(Author+).Server.Side.Request.Forgery(SSRF).via._get_import_files MEDIUM" "tablepress 2.1.5 Reflected.Cross-Site.Scripting MEDIUM" "tablepress 1.8.1 Authenticated.XML.External.Entity.(XXE) MEDIUM" "tamara-checkout 1.9.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tidio-form No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "the-loops No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tinymce-and-tinymce-advanced-professsional-formats-and-styles No.known.fix Cross-Site.Request.Forgery.via.bb_taps_backend_page MEDIUM" "tochat-be 1.3.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "theme-my-ontraport-smartform No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "tax-report-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "titan-framework No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "titan-framework 1.6 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "transcoder 1.3.6 Cross-Site.Request.Forgery MEDIUM" "tabs-shortcode No.known.fix Contributor+.XSS.via.Shortcode MEDIUM" "tml-2fa 1.2 .Lack.of.Rate.Limiting MEDIUM" "tlp-food-menu 5.2.0 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "td-cloud-library 2.7 Unauthenticated.Arbitrary.User.Metadata.Update.to.Privilege.Escalation CRITICAL" "template-events-calendar 2.3.2 Authenticated.(Contributor+).SQL.Injection.via.shortcode HIGH" "template-events-calendar 2.0 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "template-events-calendar 1.7.2 Reflected.Cross-Site.Scripting.(XSS) HIGH" "trackserver 5.1.1 Contributor+.Stored.XSS MEDIUM" "trackserver 5.0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tigris-flexplatform No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themereps-helper No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "totalprocessing-card-payments No.known.fix Authenticated.(Shop.Manager+).Arbitrary.File.Download MEDIUM" "totalprocessing-card-payments 7.1.7 Reflected.Cross-Site.Scripting MEDIUM" "totalprocessing-card-payments 7.1.6 Authenticated.(Subscriber+).Arbitrary.File.Download HIGH" "tipsacarrier 1.5.0.5 Unauthenticated.Orders.Disclosure MEDIUM" "tipsacarrier 1.5.0.5 Unauthenticated.SQLi HIGH" "templatespare 2.4.3 Missing.Authorization.to.Authenticated.(Subscriber+).Theme.Update MEDIUM" "terms-dictionary No.known.fix Reflected.Cross-Site.Scripting HIGH" "tc-ecommerce No.known.fix Unauthenticated.SQLi HIGH" "tc-ecommerce No.known.fix Password.Change/Account.Takeover/Privilege.Escalation CRITICAL" "translatepress-multilingual 2.9.7 Admin+.PHP.Object.Injection MEDIUM" "translatepress-multilingual 2.3.3 Admin+.SQLi MEDIUM" "translatepress-multilingual 2.0.9 Authenticated.Stored.Cross-Site.Scripting LOW" "transition-slider-lite No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "taxonomy-discounts-woocommerce 5.2 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "total-sales-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "the-visitor-counter No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "tradetracker-store 4.6.60 Admin+.SQL.Injection MEDIUM" "timeline-event-history No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "timeline-event-history 3.2 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "timeline-for-beaver-builder 1.1.4 Editor+.Stored.XSS LOW" "tilda-publishing 0.3.24 Subscriber+.Unauthorised.Action MEDIUM" "tin-canny-learndash-reporting 4.3.0.8 Reflected.Cross-Site.Scripting MEDIUM" "twitter-card-generator No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "testimonial-slider-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "testimonial-slider-shortcode 1.1.9 Contributor+.Stored.XSS MEDIUM" "texteller No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "table-of-contents No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "twentyfourth-wp-scraper No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "twentyfourth-wp-scraper No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "teachpress No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "teachpress No.known.fix Cross-Site.Request.Forgery.to.Import.Delete MEDIUM" "teachpress 9.0.8 Authenticated.(Contributor+).SQL.Injection MEDIUM" "teachpress 9.0.6 Cross-Site.Request.Forgery.via.delete_database() MEDIUM" "teachpress 9.0.5 Cross-Site.Request.Forgery MEDIUM" "teachpress 9.0.3 Reflected.Cross-Site.Scripting HIGH" "teachpress 8.1.9 Reflected.Cross-Site.Scripting HIGH" "taboola 2.0.2 CSRF MEDIUM" "total-donations No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "total-donations No.known.fix Update.Arbitrary.WordPress.Option.Values CRITICAL" "testimonial-free 3.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "testimonial-free 2.6.0 Contributor+.Stored.XSS MEDIUM" "testimonial-free 2.1.7 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "thumbnail-grid No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "top-25-social-icons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "th23-social No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "third-party-cookie-eraser No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "thesography No.known.fix Admin+.Stored.XSS LOW" "testimonial-slider-showcase-pro No.known.fix Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "testimonial-slider-showcase-pro No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "thrive-ab-page-testing 1.4.13.3 Unauthenticated.Option.Update MEDIUM" "tuxedo-big-file-uploads 2.1.3 Authenticated.(Author+).Full.Path.Disclosure MEDIUM" "tuxedo-big-file-uploads 2.1.2 Cross-Site.Request.Forgery.via.actions MEDIUM" "traffic-manager No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "traffic-manager No.known.fix Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "tockify-events-calendar 2.3.0 Contributor+.Stored.XSS MEDIUM" "two-factor-login-telegram 3.1 Authenticated.(Subscriber+).Authentication.Bypass HIGH" "two-factor-login-telegram 3.1 Two-Factor.Authentication.Bypass MEDIUM" "turisbook-booking-system No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tailored-tools No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "to-top 2.3 Unauthorised.Plugin's.Setting.Change MEDIUM" "themify-store-locator 1.2.0 Cross-Site.Request.Forgery MEDIUM" "torod 1.8 Missing.Authorization.to.Unauthenticated.Plugin.Settings.Update MEDIUM" "trackship-for-woocommerce 1.7.6 Missing.Authorization MEDIUM" "toast-stick-anything No.known.fix Missing.Authorization HIGH" "toast-stick-anything No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "tax-switch-for-woocommerce 1.4.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.class-name.Parameter MEDIUM" "ts-comfort-database No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "termin-kalender 1.00.04 Missing.Authorization.to.Authenticated.(Subscriber+) MEDIUM" "table-addons-for-elementor 2.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via._id.Parameter MEDIUM" "thank-me-later No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "themify-audio-dock 2.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tk-smugmug-slideshow-shortcode No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tk-smugmug-slideshow-shortcode No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ts-webfonts-for-sakura 3.1.3 Font.Settings.Change.via.CSRF MEDIUM" "ts-webfonts-for-sakura 3.1.1 Admin+.Stored.Cross-Site.Scripting LOW" "ts-webfonts-for-sakura 3.1.3 Font.Type.Settings.Change.via.CSRF MEDIUM" "thinktwit 1.7.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "testimonial-builder 1.6.2 Editor+.Stored.Cross-Site.Scripting LOW" "testimonial-builder 1.6.0 Admin+.Stored.Cross-Site.Scripting LOW" "tangible-loops-and-logic 4.1.5 Reflected.Cross-Site.Scripting MEDIUM" "trash-duplicate-and-301-redirect No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Deletion HIGH" "toggle-box No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tab-my-content No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "themify-wc-product-filter 1.5.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "themify-wc-product-filter 1.5.0 WooCommerce.Product.Filter.<.1.5.0.-.Unauthenticated.SQL.Injection.via.conditions.Parameter CRITICAL" "themify-wc-product-filter 1.4.4 Reflected.XSS HIGH" "themify-wc-product-filter 1.4.4 Filter.Deletion.via.CSRF MEDIUM" "themify-wc-product-filter 1.4.4 Admin+.Stored.XSS LOW" "themify-wc-product-filter 1.3.8 WooCommerce.Product.Filter.<.1.3.8.-.Reflected.Cross-Site.Scripting MEDIUM" "the-pack-addon No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-pack-addon 2.1.2 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "the-pack-addon 2.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-pack-addon 2.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-pack-addon 2.1.0 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "the-pack-addon 2.0.9 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "the-pack-addon 2.0.8.7 Authenticated.(contributor+).Local.File.Inclusion HIGH" "the-pack-addon 2.0.8.4 Reflected.Cross-Site.Scripting MEDIUM" "the-pack-addon 2.0.8.3 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "ucat-next-story No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "user-registration-pro 5.2.0 Cross-Site.Request.Forgery.to.User.Deletion MEDIUM" "user-registration-pro 5.1.3 Authentication.Bypass HIGH" "user-registration-pro 5.1.2 Unauthenticated.Privilege.Escalation HIGH" "user-meta-shortcodes No.known.fix Contributor+.Unauthorized.Arbitrary.User.Metadata.Access HIGH" "ultimate-blocks 3.2.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-blocks 3.2.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.content.Parameter MEDIUM" "ultimate-blocks 3.2.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-blocks 3.2.4 Contributor+.Stored.XSS MEDIUM" "ultimate-blocks 3.2.2 Contributor+.Stored.XSS MEDIUM" "ultimate-blocks 3.2.0 Contributor+.Stored.XSS MEDIUM" "ultimate-blocks 3.2.0 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Blocks MEDIUM" "ultimate-blocks 3.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.title.tag.attribute MEDIUM" "ultimate-blocks 3.1.9 Contributor+.Stored.XSS MEDIUM" "ultimate-blocks 3.1.1 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.metabox MEDIUM" "ultimate-blocks 3.1.7 Contributor+.Stored.XSS MEDIUM" "ultimate-blocks 3.0.1 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-blocks 2.4.13 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ut-shortcodes 5.1.7 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "ut-shortcodes 5.0.5 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-downloadable-products-for-woocommerce 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "user-toolkit 1.2.4 Authenticated.(Subscriber+).Authentication.Bypass HIGH" "upload-scanner No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ultimate-noindex-nofollow-tool No.known.fix Settings.Update.via.CSRF MEDIUM" "uix-shortcodes 2.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "uix-shortcodes 2.0.4 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "uix-shortcodes 2.0.0 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "user-export-with-their-meta-data No.known.fix Subscriber+.CSV.Injection LOW" "user-export-with-their-meta-data 0.6.5 Admin+.SQLi MEDIUM" "ultimate-accordion No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "urbango-membership 1.1 Unauthenticated.Privilege.Escalation CRITICAL" "ultimate-reviews 3.2.9 Unauthenticated.stored.Cross-Site.Scripting.via.reviews MEDIUM" "ultimate-reviews 3.0.16 Admin+.Stored.Cross-Site.Scripting LOW" "ultimate-reviews 2.1.33 Unauthenticated.PHP.Object.Injection MEDIUM" "umich-oidc-login No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "user-messages No.known.fix Reflected.XSS HIGH" "uw-freelancer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ungallery No.known.fix Stored.XSS.via.CSRF HIGH" "user-activity No.known.fix IP.Spoofing MEDIUM" "ultimate-push-notifications No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ultimate-push-notifications No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "ultimate-social-media-plus 3.6.3 Missing.Authorization.to.Notice.Dismissal MEDIUM" "ultimate-social-media-plus 3.5.8 Subscriber+.Plugin.Installation MEDIUM" "ultimate-social-media-plus 3.5.8 Plugin.Installation.via.CSRF MEDIUM" "ultimate-social-media-plus 3.2.8 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-social-media-plus 3.0.4 Subscriber+.Arbitrary.Option.Update CRITICAL" "underconstruction 1.22 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "underconstruction 1.21 Admin+.Stored.Cross-Site.Scripting LOW" "underconstruction 1.20 Construction.Mode.Deactivation.via.CSRF MEDIUM" "underconstruction 1.19 Reflected.Cross-Site.Scripting HIGH" "ultimate-infinite-scroll 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-tinymce No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-shortcodes-creator No.known.fix Reflected.Cross-Site.Scripting.via.'page' MEDIUM" "ultimate-shortcodes-creator No.known.fix Reflected.Cross-Site.Scripting.via._wpnonce MEDIUM" "ultimate-shortcodes-creator 2.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "useragent-spy No.known.fix Admin+.Stored.XSS LOW" "user-role-editor 4.64.4 Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "unlimited-page-sidebars 0.2.7 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "use-any-font 6.3.09 Cross-Site.Request.Forgery MEDIUM" "use-any-font 6.2.1 API.Key.Deactivation.via.CSRF MEDIUM" "use-any-font 6.2.1 Unauthenticated.Arbitrary.CSS.Appending HIGH" "uptodown-apk-download-widget 0.1.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "uptime-robot No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "urdu-formatter-shamil No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "user-profile 2.0.21 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "unlimited-addon-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-flipbox-addon-for-elementor 1.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-addons-for-contact-form-7 3.2.1 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-addons-for-contact-form-7 3.2.11 Missing.Authorization MEDIUM" "ultimate-addons-for-contact-form-7 3.2.1 Reflected.XSS HIGH" "ultimate-addons-for-contact-form-7 3.1.29 Admin+.Stored.XSS LOW" "ultimate-addons-for-contact-form-7 3.1.29 Reflected.XSS HIGH" "ultimate-addons-for-contact-form-7 3.1.24 Subscriber+.SQL.Injection HIGH" "ultimate-addons-for-contact-form-7 3.1.24 Subscriber+.SQLi HIGH" "ultimate-addons-for-contact-form-7 3.1.24 Unauthenticated.SQLi HIGH" "upfiv-complete-all-in-one-seo-wizard No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "upfiv-complete-all-in-one-seo-wizard No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "userback 1.0.14 Arbitrary.Settings.Update.via.CSRF MEDIUM" "upqode-google-maps No.known.fix Contributor+.Stored.XSS MEDIUM" "uploading-svgwebp-and-ico-files No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "uploading-svgwebp-and-ico-files No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "uploading-svgwebp-and-ico-files No.known.fix Admin+.Arbitrary.File.Upload MEDIUM" "user-drop-down-roles-in-registration No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "ultimate-gutenberg No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ultimate-gutenberg No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "uncanny-learndash-toolkit 3.7.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "uncanny-learndash-toolkit 3.6.4.2 Cross-Site.Request.Forgery.(CSRF) HIGH" "ua-marketplace No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ua-marketplace 1.4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "usc-e-shop 2.11.10 Unauthenticated.Stored.Cross-Site.Scripting.via.name.Parameter HIGH" "usc-e-shop 2.11.2 Authenticated.(Admin+).SQL.Injection MEDIUM" "usc-e-shop 2.10.0 Missing.Authorization MEDIUM" "usc-e-shop 2.9.4 Authenticated(Editor+).SQL.Injection HIGH" "usc-e-shop 2.9.7 Authenticated.(Administrator+).Directory.Traversal MEDIUM" "usc-e-shop 2.9.6 Admin+.PHP.Object.Injection HIGH" "usc-e-shop 2.9.5 Cross-Site.Request.Forgery HIGH" "usc-e-shop 2.9.5 Unauthenticated.PHP.Object.Injection HIGH" "usc-e-shop 2.9.5 Subscriber+.Arbitrary.File.Upload HIGH" "usc-e-shop 2.9.5 Reflected.XSS HIGH" "usc-e-shop 2.8.22 Editor+.Arbitrary.File.Upload LOW" "usc-e-shop 2.8.22 Author+.SQL.Injection MEDIUM" "usc-e-shop 2.8.22 Author+.Path.Traversal MEDIUM" "usc-e-shop 2.8.22 Editor+.SQL.Injection MEDIUM" "usc-e-shop 2.8.22 Multiple.XSS MEDIUM" "usc-e-shop 2.8.11 Reflected.XSS HIGH" "usc-e-shop 2.8.9 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "usc-e-shop 2.8.6 Subscriber+.PHAR.Deserialisation HIGH" "usc-e-shop 2.8.5 Subscriber+.Arbitrary.File.Access HIGH" "usc-e-shop 2.8.5 Unauthenticated.Arbitrary.File.Access HIGH" "usc-e-shop 2.8.4 Subscriber+.Arbitrary.Shipping.Method.Creation/Update/Deletion MEDIUM" "usc-e-shop 2.8.4 Multiple.Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "usc-e-shop 2.7.8 Unauthenticated.Arbitrary.File.Access HIGH" "usc-e-shop 2.2.8 Unauthenticated.Information.Disclosure HIGH" "usc-e-shop 2.2.8 Authenticated.System.Information.Disclosure MEDIUM" "usc-e-shop 2.2.4 Cross-Site.Scripting.(XSS) MEDIUM" "usc-e-shop 2.1.1 Authenticated.SQL.Injection MEDIUM" "usc-e-shop 1.9.36 Authenticated.PHP.Object.Injection HIGH" "usc-e-shop 1.8.3 Cross-Site.Scripting.(XSS) MEDIUM" "usc-e-shop 1.8.3 PHP.Object.Injection MEDIUM" "usc-e-shop 1.8.3 Session.Management MEDIUM" "usc-e-shop 1.5.3 SQL.Injection MEDIUM" "usc-e-shop 1.4.18 Multiple.Vulnerabilities LOW" "usc-e-shop 1.5 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "usc-e-shop 1.5 SQL.Injection CRITICAL" "usc-e-shop 1.5 purchase_limit.Parameter.DOM-based.XSS MEDIUM" "ultraaddons-elementor-lite No.known.fix Cross-Site.Request.Forgery MEDIUM" "ultraaddons-elementor-lite 1.1.9 Insecure.Direct.Object.Reference.to.Sensitive.Information.Exposure.via.UA_Template.Shortcode MEDIUM" "ultraaddons-elementor-lite No.known.fix Author+.Stored.XSS MEDIUM" "ultraaddons-elementor-lite 1.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "ultraaddons-elementor-lite 1.1.0 Reflected.Cross-Site.Scripting MEDIUM" "ut-elementor-addons-lite 1.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ut-elementor-addons-lite 1.1.9 Authenticated.(Contributor+).Restricted.Post.Disclosure MEDIUM" "unlimited-addons-for-wpbakery-page-builder No.known.fix Authenticated.(Editor+).Arbitrary.File.Upload HIGH" "uploadcare 3.1.0 Cross-Site.Request.Forgery MEDIUM" "ultimate-author-box-lite 1.1.3 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "updraftplus 1.25.1 Backup/Restore.<.1.25.1.-.Reflected.XSS HIGH" "updraftplus 1.24.12 Unauthenticated.PHP.Object.Injection HIGH" "updraftplus 1.23.11 Google.Drive.Storage.Update.via.CSRF MEDIUM" "updraftplus 1.23.4 CSRF MEDIUM" "updraftplus 1.22.9 Reflected.Cross-Site.Scripting MEDIUM" "updraftplus 1.22.3 Subscriber+.Backup.Download HIGH" "updraftplus 1.16.69 Reflected.Cross-Site.Scripting HIGH" "updraftplus 1.16.66 Reflected.Cross-Site.Scripting HIGH" "updraftplus 1.16.59 Admin+.Local.File.Inclusion MEDIUM" "updraftplus 1.6.59 Admin+.Stored.Cross-Site.Scripting LOW" "updraftplus 1.13.5 XSS MEDIUM" "updraftplus 1.9.64 XSS MEDIUM" "uix-page-builder 1.7.5 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-addons-for-elementor 1.9 Missing.Authorization MEDIUM" "uncanny-toolkit-pro 4.1.4.1 Missing.Authorization.to.Arbitrary.Page/Post.Duplication MEDIUM" "uncanny-toolkit-pro 4.1.4.1 Reflected.Cross-Site.Scripting MEDIUM" "uncanny-toolkit-pro 4.1.4.1 Cross-Site.Request.Forgery MEDIUM" "url-shortify No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "url-shortify 1.7.9.1 Admin+.Stored.XSS LOW" "url-shortify 1.7.6 Unauthenticated.Stored.XSS.via.referer.header CRITICAL" "url-shortify 1.7.3 Reflected.Cross-Site.Scripting MEDIUM" "url-shortify 1.7.0 Admin+.Cross.Site.Scripting LOW" "url-shortify 1.5.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "url-shortify 1.5.1 Arbitrary.Link/Group.Deletion.via.CSRF MEDIUM" "ultra-companion 1.2.0 Contributor+.Stored.XSS MEDIUM" "user-submitted-posts 20250327 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "user-submitted-posts 20240516 Admin+.Stored.XSS LOW" "user-submitted-posts 20230914 Unauthenticated.Arbitrary.File.Upload CRITICAL" "user-submitted-posts 20230902 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "user-submitted-posts 20230901 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "user-submitted-posts 20230811 Unauthenticated.Stored.XSS HIGH" "user-submitted-posts 20190501 Arbitrary.File.Upload MEDIUM" "universam-demo 8.59 Reflected.Cross-Site.Scripting MEDIUM" "unlimited-timeline 1.6.1 Missing.Authorization MEDIUM" "user-menus 1.3.2 Reflected.Cross-Site.Scripting MEDIUM" "user-menus 1.2.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "user-activation-email No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "unlock-addons-for-elementor No.known.fix Contributor+.Stored.XSS MEDIUM" "user-login-history 1.6 Cross-Site.Scripting.(XSS) MEDIUM" "unique-ux No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ultimate-dashboard 3.8.6 Admin+.Stored.XSS LOW" "ultimate-dashboard 3.8.6 Admin+.Stored.XSS LOW" "ultimate-dashboard 3.8.6 Admin+.Stored.XSS LOW" "ultimate-dashboard 3.8.8 Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Modules.Activation/Deactivation MEDIUM" "ultimate-dashboard 3.7.12 Admin+.Stored.XSS LOW" "ultimate-dashboard 3.7.11 Login.Page.Disclosure.on.Multi-site MEDIUM" "ultimate-dashboard 3.7.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.plugin.settings MEDIUM" "ultimate-dashboard 3.7.6 Admin+.Stored.XSS LOW" "ultimate-carousel-for-elementor No.known.fix Contributor+.Stored.XSS MEDIUM" "ultimate-category-excluder 1.2 Cross-Site.Request.Forgery MEDIUM" "ukuupeople-the-simple-crm No.known.fix Unauthorised.Favourite.Addition/Deletion MEDIUM" "university-quizzes-online No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "userheat 1.1.11 Settings.Update.via.CSRF MEDIUM" "uber-grid No.known.fix Missing.Authorization.to.Unauthenticated.Portfolio.Update MEDIUM" "uber-grid No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "uber-grid No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "uber-grid No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "user-avatar 1.4.12 Reflected.XSS HIGH" "users-control No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "ultra-elementor-addons No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ultimate-instagram-feed No.known.fix Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "utilitify 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "utilitify 1.0.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ultimate-form-builder-lite 1.5.1 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "ultimate-form-builder-lite 1.3.8 Multiple.Vulnerabilities CRITICAL" "user-management No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "user-management 1.2 Subscriber+.Arbitrary.File.Upload HIGH" "ukrainian-currency No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "utubevideo-gallery 2.0.8 Contributor+.Stored.XSS MEDIUM" "user-session-synchronizer No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ultimate-maps-by-supsystic 1.2.17 Cross-Site.Request.Forgery MEDIUM" "ultimate-maps-by-supsystic 1.2.16 .Admin+.Stored.XSS LOW" "ultimate-maps-by-supsystic 1.2.5 Reflected.Cross-Site.scripting.(XSS) HIGH" "ultimate-maps-by-supsystic 1.1.17 Authenticated.SQL.Injections CRITICAL" "ultimate-wp-mail No.known.fix Open.Redirect MEDIUM" "universal-star-rating No.known.fix CSRF MEDIUM" "utech-spinning-earth No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "user-roles No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-wp-query-search-filter No.known.fix Contributor+.XSS MEDIUM" "user-files No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "upc-ean-barcode-generator No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "user-access-manager 2.2.18 IP.Spoofing LOW" "user-access-manager 2.0.9 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "universal-analytics 1.3.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "user-registration 4.2.2 Insecure.Direct.Object.Reference.to.Unauthenticated.Limited.User.Deletion MEDIUM" "user-registration 4.2.0 Reflected.Cross-Site.Scripting MEDIUM" "user-registration 4.1.4 Insecure.Direct.Object.Reference.to.Authenticated.(Subscriber+).User.Password.Update MEDIUM" "user-registration 4.1.4 Insecure.Direct.Object.Reference.to.Unauthenticated.Membership.Modification MEDIUM" "user-registration 4.1.3 Authentication.Bypass HIGH" "user-registration 4.0.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "user-registration 4.1.2 Unauthenticated.Privilege.Escalation HIGH" "user-registration 4.1.0 Reflected.Cross-Site.Scripting MEDIUM" "user-registration 3.2.1 Missing.Authorization.to.Privilege.Escalation HIGH" "user-registration 3.2.0 Missing.Authorization.to.Authenticated.(Subscriber+).Privilege.Escalation HIGH" "user-registration 3.2.0 Missing.Authorization.to.Unauthenticated.Media.Deletion MEDIUM" "user-registration 3.1.5 Unauthenticated.Stored.Self-Based.Cross-Site.Scripting MEDIUM" "user-registration 3.0.4.2 Admin+.Stored.XSS LOW" "user-registration 3.0.2.1 Subscriber+.Arbitrary.File.Upload.Leading.to.RCE CRITICAL" "user-registration 3.0.2.1 Subscriber+.Arbitrary.File.Upload CRITICAL" "user-registration 3.0.2 Subscriber+.PHP.Object.Injection HIGH" "user-registration 2.3.3 Subscriber+.PHP.Object.Injection HIGH" "user-registration 2.3.1 Admin+.Stored.XSS LOW" "user-registration 2.2.4.1 Subscriber+.Arbitrary.File.Upload CRITICAL" "user-registration 2.0.2 Low.Privilege.Stored.Cross-Site.Scripting MEDIUM" "upload-fields-for-wpforms No.known.fix Missing.Authorization MEDIUM" "update-alt-attribute No.known.fix Reflected.XSS HIGH" "update-alt-attribute No.known.fix Cross-Site.Request.Forgery MEDIUM" "user-domain-whitelist 1.5 .user-domain-whitelist.php.Domain.Whitelisting.Manipulation.CSRF HIGH" "ultimate-410 1.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "under-construction-maintenance-mode 1.1.2 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "under-construction-maintenance-mode 1.1.2 Server.Side.Request.Forgery.(SSRF) MEDIUM" "uji-countdown 2.3.1 Admin+.Stored.XSS LOW" "uji-countdown 2.0.7 Cross-Site.Scripting.(XSS) MEDIUM" "unusedcss 2.4.5 Missing.Authorization MEDIUM" "unusedcss 2.4.5 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Setting.Reset MEDIUM" "unusedcss 2.4.3 Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Settings.Modification.and.SQL.Injection HIGH" "unusedcss 2.2.12 Unauthenticated.Server-Side.Request.Forgery HIGH" "unusedcss 1.7.2 Multiple.Subscriber+.Unauthorised.AJAX.Calls MEDIUM" "unusedcss 1.7.2 Unauthorised.AJAX.Calls MEDIUM" "unusedcss 1.6.36 Subscriber+.SQLi HIGH" "ultimate-bootstrap-elements-for-elementor 1.5.0 Unauthenticated.Local.File.Inclusion CRITICAL" "ultimate-bootstrap-elements-for-elementor 1.4.7 Authenticated.(Contributor+).Sensitive.Information.Exposure MEDIUM" "ultimate-bootstrap-elements-for-elementor 1.4.5 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "ultimate-bootstrap-elements-for-elementor 1.4.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "ultimate-bootstrap-elements-for-elementor 1.3.7 Contributor+.Stored.XSS MEDIUM" "utech-world-time-for-wp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-custom-scrollbar 1.2 Reflected.Cross-Site.Scripting MEDIUM" "update-theme-and-plugins-from-zip-file No.known.fix CSRF MEDIUM" "ultimate-social-media-icons 2.9.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-social-media-icons 2.9.1 Admin+.Stored.XSS LOW" "ultimate-social-media-icons 2.8.9 Admin+.Stored.XSS.via.settings LOW" "ultimate-social-media-icons 2.8.6 Subscriber+.Sensitive.Information.Exposure MEDIUM" "ultimate-social-media-icons 2.8.6 Arbitrary.Settings.Update.via.CSRF MEDIUM" "ultimate-social-media-icons 2.8.4 Reflected.XSS HIGH" "ultimate-social-media-icons 2.8.2 Plugin.Installation.via.CSRF MEDIUM" "ultimate-social-media-icons 2.8.2 Subscriber+.Plugin.Installation MEDIUM" "ultimate-social-media-icons 2.8.2 Admin+.Stored.XSS LOW" "user-ip-and-location 2.2.1 Contributor+.Stored.XSS MEDIUM" "updraft No.known.fix Reflected.XSS HIGH" "ultimate-facebook-comments No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "users-ultra No.known.fix Unauthenticated.SQL.Injection HIGH" "users-ultra 1.5.63 Authenticated.Stored.Cross-Site.Scripting.(XSS).&.CSRF HIGH" "users-ultra 1.5.64 Authenticated.Blind.SQL.Injection HIGH" "users-ultra 1.5.59 Unrestricted.File.Upload HIGH" "ultimatewoo No.known.fix PHP.Object.Injection MEDIUM" "unyson 2.7.31 Cross-Site.Request.Forgery MEDIUM" "unyson No.known.fix Missing.Authorization MEDIUM" "unyson 2.7.27 Reflected.Cross-Site.Scripting MEDIUM" "ulisting No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "ulisting No.known.fix Admin+.SQL.Injection MEDIUM" "ulisting No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Meta.Update.and.PHP.Object.Injection HIGH" "ulisting No.known.fix Subscriber+.Privilege.Escalation HIGH" "ulisting 2.1.7 Unauthenticated.SQL.Injection HIGH" "ulisting 2.1.7 Authenticated.(Contributor+).SQL.Injection MEDIUM" "ulisting 2.1.6 Unauthenticated.Information.Exposure MEDIUM" "ulisting 2.0.9 Arbitrary.Blog.Option.Update.via.CSRF HIGH" "ulisting 2.0.6 Authenticated.IDOR MEDIUM" "ulisting 2.0.6 Multiple.CSRF MEDIUM" "ulisting 2.0.6 Settings.Update.via.CSRF MEDIUM" "ulisting 2.0.6 Reflected.Cross-Site.Scripting MEDIUM" "ulisting 2.0.6 Modify.User.Roles.via.CSRF MEDIUM" "ulisting 2.0.6 Unauthenticated.Privilege.Escalation MEDIUM" "ulisting 2.0.4 Unauthenticated.SQL.Injection HIGH" "ulisting 1.7 Unauthenticated.Arbitrary.Account.Change HIGH" "ulisting 1.7 Unauthenticated.Information.Disclosure HIGH" "ulisting 1.7 Unauthenticated.SQL.Injections CRITICAL" "ulisting 1.7 Unauthenticated.Arbitrary.Account.Creation CRITICAL" "ulisting 1.7 Unauthenticated.WordPress.Options.Change CRITICAL" "ulisting 1.7 Unauthenticated.Arbitrary.Roles.and.Capabilities.Creation/Deletion MEDIUM" "ulisting 1.7 Unauthenticated.Arbitrary.Post/Page.Deletion HIGH" "ulisting 1.7 Missing.Access.Controls CRITICAL" "user-verification 1.0.94 Authentication.Bypass CRITICAL" "ultimate-bar No.known.fix Missing.Authorization MEDIUM" "unsafe-mimetypes No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ultimate-under-construction 1.9.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "user-avatar-reloaded 1.2.2 Reloaded.<.1.2.2.-.Contributor+.Stored.XSS MEDIUM" "userpro-messaging No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "userpro-messaging No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "user-role 1.6.7 Privilege.Escalation.via.CSRF HIGH" "user-role 1.5.6 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "uninstall No.known.fix WordPress.Deletion.via.CSRF HIGH" "ultimate-auction 4.3.0 Contributor+.Arbitrary.Post.Deletion MEDIUM" "ultimate-auction 4.2.8 Missing.Authorization.to.Unauthenticated.Email.Creation MEDIUM" "ultimate-auction 4.2.6 Cross-Site.Request.Forgery MEDIUM" "ultimate-gallery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "update-urls 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "under-construction-page 3.97 Multiple.CSRF MEDIUM" "under-construction-page 3.86 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "upsell-order-bump-offer-for-woocommerce 3.0.1 Unauthenticated.Order.Manipulation MEDIUM" "update-notifications No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "user-registration-using-contact-form-7 No.known.fix Cross-Site.Request.Forgery MEDIUM" "ultimate-addons-for-beaver-builder-lite 1.5.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-addons-for-beaver-builder-lite 1.5.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Separator.Widget MEDIUM" "ultimate-addons-for-beaver-builder-lite 1.5.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Info.Table.Widget MEDIUM" "ultimate-addons-for-beaver-builder-lite 1.5.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Heading.Widget MEDIUM" "ultimate-addons-for-beaver-builder-lite 1.5.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Widget MEDIUM" "ultimate-addons-for-beaver-builder-lite 1.5.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Advanced.Icons.Widget MEDIUM" "ultimate-sms-notifications 1.9.9.6 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-sms-notifications 1.8.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ultimate-sms-notifications 1.4.2 CSV.Injection MEDIUM" "ultimate-posts-widget 2.3.1 Admin+.Stored.XSS LOW" "ultimate-posts-widget 2.2.5 Subscriber+.Plugin.Installation MEDIUM" "ultimate-posts-widget 2.2.5 Plugin.Installation.via.CSRF MEDIUM" "useful-banner-manager No.known.fix Modify.banners.via.CSRF MEDIUM" "usermaven 1.2.2 Cross-Site.Request.Forgery MEDIUM" "ultimate-member 2.10.1 Unauthenticated.SQLi HIGH" "ultimate-member 2.10.0 Authenticated.SQL.Injection MEDIUM" "ultimate-member 2.9.2 Information.Exposure MEDIUM" "ultimate-member 2.9.2 Unauthenticated.SQL.Injection HIGH" "ultimate-member 2.9.0 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.User.Profile.Picture.Update MEDIUM" "ultimate-member 2.8.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-member 2.8.7 Cross-Site.Request.Forgery.to.Membership.Status.Change MEDIUM" "ultimate-member 2.8.4 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "ultimate-member 2.8.3 2.8.2.-.Unauthenticated.SQL.Injection MEDIUM" "ultimate-member 2.6.7 Unauthenticated.Privilege.Escalation CRITICAL" "ultimate-member 2.6.1 Form.Duplication.via.CSRF MEDIUM" "ultimate-member 2.5.1 Admin+.RCE MEDIUM" "ultimate-member 2.5.1 Subscriber+.RCE HIGH" "ultimate-member 2.5.1 Contributor+.LFI.via.Traversal MEDIUM" "ultimate-member 2.5.1 Admin+.LFI.via.Traversal LOW" "ultimate-member 2.4.0 Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "ultimate-member 2.3.2 Open.Redirect MEDIUM" "ultimate-member 2.1.20 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-member 2.1.12 Unauthenticated.Privilege.Escalation.via.User.Roles CRITICAL" "ultimate-member 2.1.12 Unauthenticated.Privilege.Escalation.via.User.Meta CRITICAL" "ultimate-member 2.1.12 Authenticated.Privilege.Escalation.via.Profile.Update CRITICAL" "ultimate-member 2.1.7 Unauthenticated.Open.Redirect MEDIUM" "ultimate-member 2.1.3 Insecure.Direct.Object.Reference.(IDOR) MEDIUM" "ultimate-member 2.0.54 Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-member 2.0.52 CSRF.and.Stored.XSS.issues MEDIUM" "ultimate-member 2.0.46 Multiple.Vulnerabilities HIGH" "ultimate-member 2.0.40 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "ultimate-member 2.0.33 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "ultimate-member 2.0.28 Multiple.XSS MEDIUM" "ultimate-member 2.0.22 Authenticated.Cross-Site.Scripting.(XSS) HIGH" "ultimate-member 2.0.22 Unauthenticated.Arbitrary.File.Upload HIGH" "ultimate-member 2.0.18 Authenticated.Cross-Site.Scripting.(XSS) HIGH" "ultimate-member 2.0.4 Multiple.Issues HIGH" "ultimate-member 2.0.7 Multiple.Cross-Site.Request.Forgery.Issues HIGH" "ultimate-member 2.0.4 Multiple.XSS MEDIUM" "ultimate-member 1.3.76 Unauthenticated.Change.Passwords HIGH" "ultimate-member 1.3.65 Local.File.Inclusion MEDIUM" "ultimate-member 1.3.40 Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-member 1.3.29 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-member 1.3.18 Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-member 1.2.995 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-member 1.0.84 Multiple.Vulnerabilities HIGH" "ultimate-youtube-video-player No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Setting.Exposure MEDIUM" "ultimate-youtube-video-player No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Playlist/Video.Deletion MEDIUM" "user-activity-log-pro No.known.fix Missing.Authorization MEDIUM" "user-activity-log-pro No.known.fix Authenticated.(Subscriber+).SQL.Injection CRITICAL" "user-activity-log-pro 2.3.4 Unauthenticated.Stored.Cross-Site.Scripting.via.User.Agent HIGH" "user-activity-log-pro 2.3.4 IP.Spoofing MEDIUM" "ultimate-carousel-for-divi 4.5.1 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-carousel-for-divi 4.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "user-location-and-ip No.known.fix Contributor+.Stored.XSS MEDIUM" "ultimate-coming-soon 1.1.0 Cross-Site.Request.Forgery MEDIUM" "ultimate-coming-soon 1.1.0 Subscriber+.Template.Name.Update MEDIUM" "ultimate-coming-soon 1.1.0 Unauthenticated.Template.Activation MEDIUM" "ultimate-tables No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ultimate-post-kit 3.11.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Social.Count.(Static).Widget MEDIUM" "ultimate-post-kit 3.6.4 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-post-kit 2.9.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "uncomplicated-seo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "unlimited-blocks No.known.fix Contributor+.Stored.XSS MEDIUM" "utm-tracker No.known.fix Admin+.Stored.XSS LOW" "user-magic No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "universal-analytics-injector No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "utilities-for-mtg No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-weather-plugin No.known.fix Unauthenticated.Reflected.XSS MEDIUM" "upcasted-s3-offload 3.0.4 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "upcasted-s3-offload 3.0.3 Reflected.Cross-Site.Scripting MEDIUM" "upcasted-s3-offload 3.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "usersnap 4.17 Admin+.Stored.XSS LOW" "userpro-mediamanager No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Options.Update CRITICAL" "userpro-mediamanager No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "ucontext No.known.fix Stored.Cross-Site.Scripting.via.CSRF HIGH" "uncode-core 2.9.1.7 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution.in.uncode_get_medias MEDIUM" "uncode-core 2.8.7 Reflected.Cross-Site.Scripting MEDIUM" "uncode-core 2.8.9 Privilege.Escalation HIGH" "uncode-core 2.8.9 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "url-params 2.5 Contributor+.Stored.XSS MEDIUM" "ultimate-popup-creator No.known.fix Unauthenticated.SQL.Injection HIGH" "ultimate-popup-creator No.known.fix Missing.Authorization.to.Unauthenticated.DB.Table.Truncation MEDIUM" "unitimetable No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "use-memcached No.known.fix Settings.Update.via.CSRF MEDIUM" "updownupdown-postcomment-voting No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "unlimited-theme-addons 1.2.3 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "unlimited-theme-addons 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "user-meta No.known.fix Insecure.Direct.Object.Reference.to.Sensitive.Information.Exposure MEDIUM" "user-meta 3.1 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "user-meta 2.4.4 Subscriber+.Local.File.Enumeration.via.Path.Traversal LOW" "user-meta 2.4.3 Admin+.Stored.Cross-Site.Scripting LOW" "ultimate-product-catalogue 5.2.16 Cross-Site.Request.Forgery.via.reset_settings() MEDIUM" "ultimate-product-catalogue 5.2.6 Admin+.Stored.XSS LOW" "ultimate-product-catalogue 5.0.26 Subscriber+.Arbitrary.Product.Creation.&.Settings.Update MEDIUM" "ultimate-widgets-light No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ultimate-widgets-light No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ultimate-widgets-light No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "userlike 2.3 Admin+.Stored.Cross-Site.Scripting LOW" "uniconsent-cmp 1.4.4 Admin+.Stored.XSS LOW" "urvanov-syntax-highlighter 2.8.34 Highlighting.Blocks.Mgt.via.CSRF MEDIUM" "username-updater 1.0.5 Arbitrary.Username.Update.via.CSRF MEDIUM" "ultimate-carousel-for-visual-composer No.known.fix Contributor+.Stored.XSS MEDIUM" "ulp-duplicate-post-sql-timebased 3.9.1 Authenticated.(Administrator+).SQL.Injection.via.post_id.Parameter MEDIUM" "url-media-uploader 1.0.1 Authenticated.(Author+).Server-Side.Request.Forgery.via.DNS.Rebinding MEDIUM" "userswp 1.2.16 Missing.Authorization MEDIUM" "userswp 1.2.12 Users.Information.Disclosure MEDIUM" "userswp 1.2.11 Unauthenticated.SQL.Injection.via.'uwp_sort_by' CRITICAL" "userswp 1.2.6 Cross-Site.Request.Forgery MEDIUM" "userswp 1.2.7 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "userswp 1.2.3.23 Profile.Picture.Deletion.via.CSRF MEDIUM" "userswp 1.2.3.1 Subscriber+.User.Avatar.Override MEDIUM" "userswp 1.2.2.29 Reflected.Cross-Site.Scripting MEDIUM" "user-list No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ultimate-faqs 2.1.2 Subscriber+.Arbitrary.FAQ.Creation MEDIUM" "ultimate-faqs 1.8.30 Unauthenticated.Reflected.XSS MEDIUM" "ultimate-faqs 1.8.25 Unauthenticated.Options.Import/Export HIGH" "ultimate-faqs 1.8.22 Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-addons-for-gutenberg 2.19.1 Contributor+.Stored.XSS MEDIUM" "ultimate-addons-for-gutenberg 2.16.3 Contributor+.Stored.XSS.via.Team.Widget MEDIUM" "ultimate-addons-for-gutenberg 2.15.1 Authenticated.(Contributor+).Stored.Cross-site.Scripting MEDIUM" "ultimate-addons-for-gutenberg 2.13.8 Missing.Authorization.via.generate_ai_content MEDIUM" "ultimate-addons-for-gutenberg 2.13.1 Author+.Stored.XSS MEDIUM" "ultimate-addons-for-gutenberg 2.12.9 Contributor+.Stored.XSS.via.Testimonial.Block MEDIUM" "ultimate-addons-for-gutenberg 2.12.9 Contributor+.Stored.XSS.via.Image.Gallery.Block MEDIUM" "ultimate-addons-for-gutenberg 2.12.7 Contributor+.Path.Traversal MEDIUM" "ultimate-addons-for-gutenberg 2.10.4 Authenticated(Contributor+).Cross-Site.Scripting.via.Custom.CSS MEDIUM" "ultimate-addons-for-gutenberg 2.7.10 Contributor+.Stored.XSS MEDIUM" "ultimate-addons-for-gutenberg 1.15.0 Contributor+.Stored.Cross-Side.Scripting MEDIUM" "ultimate-addons-for-gutenberg 1.25.6 Reflected.Cross-Site.Scripting MEDIUM" "upunzipper No.known.fix Authenticated.(Admin+).Arbitrary.File.Deletion MEDIUM" "ultimate-live-cricket-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-elementor 1.36.32 Authenticated.(Contributor+).Privilege.Escalation HIGH" "ultimate-elementor 1.30.0 Contributor+.Stored.XSS MEDIUM" "ultimate-elementor 1.24.2 Registration.Bypass HIGH" "ultimate-elementor 1.20.1 Authentication.Bypass CRITICAL" "updater 1.35 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "ux-flat 4.5 Contributor+.Stored.XSS MEDIUM" "ux-sniff No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ultimate-bulk-seo-noindex-nofollow No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ubermenu 3.8.4 Cross-Site.Request.Forgery.to.Settings.Reset HIGH" "ubermenu 3.8.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Shortcodes MEDIUM" "ultimate-events No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "unlimited-popups No.known.fix Author+.SQL.Injection HIGH" "user-meta-manager No.known.fix Reflected.XSS HIGH" "user-meta-manager No.known.fix CSRF MEDIUM" "ut-demo-importer No.known.fix Cross-Site.Request.Forgery.to.Remote.Code.Execution HIGH" "use-your-drive 1.18.3 Reflected.Cross-Site.Scripting MEDIUM" "upload-media-by-url 1.0.8 Stored.XSS.via.CSRF MEDIUM" "userfeedback-lite 1.0.16 Unauthenticated.Stored.Cross-Site.Scripting.via.Name.Parameter HIGH" "userfeedback-lite 1.0.14 Unauthenticated.Stored.XSS MEDIUM" "userfeedback-lite 1.0.10 Unauthenticated.Stored.XSS HIGH" "userfeedback-lite 1.0.8 Unauthenticated.Stored.XSS HIGH" "useinfluence No.known.fix Cross-Site.Request.Forgery MEDIUM" "uipress-lite 3.5.05 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "uipress-lite 3.4.07 Authenticated.(Administrator+).SQL.Injection CRITICAL" "udraw 3.3.3 Unauthenticated.Arbitrary.File.Access HIGH" "ultimate-taxonomy-manager No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "ultimate-taxonomy-manager No.known.fix Reflected.XSS HIGH" "uncanny-automator 6.4.0 Subscriber+.Privilege.Escalation HIGH" "uncanny-automator 6.3 Authenticated.(Admin+).Server-Side.Request.Forgery.via.Webhook MEDIUM" "uncanny-automator 5.1.0.3 Sensitive.Information.Exposure.via.Log.File MEDIUM" "uleak-security-dashboard No.known.fix Subscriber+.Stored.Cross-Site.Scripting HIGH" "unite-gallery-lite No.known.fix Authenticated.(Contributor+).SQL.Injection CRITICAL" "unite-gallery-lite 1.7.62 Admin+.Stored.XSS LOW" "unite-gallery-lite 1.7.60 Admin+.Local.File.Inclusion MEDIUM" "unite-gallery-lite 1.5 CSRF.&.Authenticated.SQL.Injection HIGH" "upload-quota-per-user No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "unlimited-elements-for-elementor 1.5.143 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "unlimited-elements-for-elementor 1.5.141 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Transparent.Split.Hero.Widget MEDIUM" "unlimited-elements-for-elementor 1.5.136 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "unlimited-elements-for-elementor 1.5.127 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "unlimited-elements-for-elementor 1.5.122 Authenticated.(Editor+).Remote.Code.Execution HIGH" "unlimited-elements-for-elementor 1.5.122 Reflected.Cross-Site.Scripting MEDIUM" "unlimited-elements-for-elementor 1.5.113 IP.Address.Spoofing.to.Antispam.Bypass MEDIUM" "unlimited-elements-for-elementor 1.5.113 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'email' MEDIUM" "unlimited-elements-for-elementor 1.5.113 Authenticated.(Contributor+).Time-Based.SQL.Injection HIGH" "unlimited-elements-for-elementor 1.5.113 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'username' MEDIUM" "unlimited-elements-for-elementor 1.5.110 Authenticated.(Contributor+).Blind.SQL.Injection.via.data[addonID].Parameter HIGH" "unlimited-elements-for-elementor 1.5.110 Authenticated.(Contributor+).Information.Exposure MEDIUM" "unlimited-elements-for-elementor 1.5.108 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Text.Field MEDIUM" "unlimited-elements-for-elementor 1.5.91 Contributor+.Remote.Code.Execution.via.template.import HIGH" "unlimited-elements-for-elementor 1.5.108 Contributor+.SQLi MEDIUM" "unlimited-elements-for-elementor 1.5.105 Contributor+.SQL.Injection HIGH" "unlimited-elements-for-elementor 1.5.103 Admin+.Command.Injection MEDIUM" "unlimited-elements-for-elementor 1.5.103 Reflected.Cross-Site.Scripting MEDIUM" "unlimited-elements-for-elementor 1.5.97 Contributor+.Stored.XSS MEDIUM" "unlimited-elements-for-elementor 1.5.94 Reflected.Cross-Site.Scripting HIGH" "unlimited-elements-for-elementor 1.5.75 Reflected.Cross-Site.Scripting MEDIUM" "unlimited-elements-for-elementor 1.5.67 Contributor+.Arbitrary.File.Upload HIGH" "unlimited-elements-for-elementor 1.5.49 Admin+.Stored.XSS LOW" "unlimited-elements-for-elementor 1.5.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "userpro No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "userpro No.known.fix Missing.Authorization MEDIUM" "userpro No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "userpro No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "userpro 5.1.9 Unauthenticated.Account.Takeover.to.Privilege.Escalation CRITICAL" "userpro 5.1.7 Disabled.Membership.Registration.Bypass MEDIUM" "userpro 5.1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "userpro 5.1.2 Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "userpro 5.1.1 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting.via.userpro_save_userdata MEDIUM" "userpro 5.1.2 Insecure.Password.Reset.Mechanism CRITICAL" "userpro 5.1.2 Cross-Site.Request.Forgery.to.Sensitive.Information.Exposure MEDIUM" "userpro 5.1.2 Cross-Site.Request.Forgery.via.multiple.functions MEDIUM" "userpro 5.1.2 Missing.Authorization.via.multiple.functions HIGH" "userpro 5.1.5 Missing.Authorization.to.Arbitrary.Shortcode.Execution.via.userpro_shortcode_template MEDIUM" "userpro 5.1.2 Authentication.Bypass.to.Administrator CRITICAL" "userpro 5.1.5 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "userpro 5.1.2 Sensitive.Information.Disclosure.via.Shortcode MEDIUM" "userpro 5.1.1 Cross-Site.Request.Forgery.to.PHP.Object.Injection HIGH" "userpro 4.9.35.1 Unauthenticated.Reflected.XSS MEDIUM" "userpro 4.9.28 User.Registration.With.Administrator.Role MEDIUM" "userpro 4.9.24 Unauthenticated.Cross-Site.Scripting.(XSS) CRITICAL" "users-customers-import-export-for-wp-woocommerce 2.6.3 Directory.Traversal.to.Authenticated.(Administrator+).Limited.Arbitrary.File.Read.via.download_file.Function MEDIUM" "users-customers-import-export-for-wp-woocommerce 2.6.3 Directory.Traversal.to.Authenticated.(Administrator+).Limited.Arbitrary.File.Deletion.via.admin_log_page.Function LOW" "users-customers-import-export-for-wp-woocommerce 2.6.3 Authenticated.(Admin+).PHP.Object.Injection.via.form_data.Parameter HIGH" "users-customers-import-export-for-wp-woocommerce 2.6.3 Authenticated.(Administrator+).Server-Side.Request.Forgery.via.validate_file.Function HIGH" "users-customers-import-export-for-wp-woocommerce 2.5.4 Authenticated.(Admin+).PHP.Object.Injection HIGH" "users-customers-import-export-for-wp-woocommerce 2.5.3 Authenticated.(Shop.Manager+).Path.Traversal LOW" "users-customers-import-export-for-wp-woocommerce 2.4.9 Shop.Manager+.Arbitrary.File.Upload HIGH" "users-customers-import-export-for-wp-woocommerce 2.4.2 Shop.Manager+.Privilege.Escalation HIGH" "users-customers-import-export-for-wp-woocommerce 1.3.9 Authenticated.Arbitrary.User.Creation HIGH" "users-customers-import-export-for-wp-woocommerce 1.3.2 CSV.Injection HIGH" "uni-woo-custom-product-options 4.9.27 Reflected.Cross-Site.Scripting MEDIUM" "uni-woo-custom-product-options 4.9.14 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "uncanny-learndash-groups 6.1.1 Missing.Authorization.to.Authenticated.(Group.Leader+).User.Group.Add LOW" "uncanny-learndash-groups 6.1.1 Authenticated.(Group.Leader+).Privilege.Escalation HIGH" "ultraembed-advanced-iframe No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ubigeo-peru 3.6.4 Unauthenticated.SQLi HIGH" "ultimate-noindex-nofollow-tool-ii 1.3.6 Admin+.Stored.XSS LOW" "ultimate-noindex-nofollow-tool-ii 1.3.4 Settings.Update.via.CSRF MEDIUM" "userplus No.known.fix Privilege.Escalation CRITICAL" "userplus No.known.fix Missing.Authorization.via.Multiple.Functions MEDIUM" "userplus No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "userplus No.known.fix Editor+.Registration.Form.Update.to.Privilege.Escalation HIGH" "userplus No.known.fix Stored.XSS.via.CSRF HIGH" "ultimate-appointment-scheduling 1.1.10 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "uix-slideshow 1.6.6 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "user-referral-free No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "user-activity-log 2.0 Admin+.SQL.Injection MEDIUM" "user-activity-log 1.6.7 IP.Spoofing MEDIUM" "user-activity-log 1.6.6 Subscriber+.Log.Export MEDIUM" "user-activity-log 1.6.5 Unauthenticated.SQLi HIGH" "user-activity-log 1.6.3 Admin+.SQLi MEDIUM" "user-activity-log 1.6.3 Admin+.SQL.Injection MEDIUM" "user-activity-log 1.4.7 Reflected.Cross.Site.Scripting.via.Query.String MEDIUM" "user-activity-log 1.4.7 Reflected.Cross-Site.Scripting HIGH" "uk-cookie-consent 3.2.1 Missing.Authorization.via.handle_consent_toggle() MEDIUM" "uk-cookie-consent 2.3.10 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-responsive-image-slider 3.5.12 Ultimate.Responsive.Image.Slider.<.3.5.12.-.Subscriber+.Arbitrary.Post.Access MEDIUM" "userbase-access-control No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "user-activity-tracking-and-log 4.1.4 IP.Spoofing MEDIUM" "user-activity-tracking-and-log 4.0.9 License.Update/Deactivation.via.CSRF MEDIUM" "uicore-elements 1.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "ultimate-classified-listings 1.5 Ultimate.Classified.Listings.<.1,5.Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Title.Parameter MEDIUM" "ultimate-classified-listings 1.6 Cross-Site.Request.Forgery.to.Account.Takeover HIGH" "ultimate-classified-listings No.known.fix Subscriber+.Stored.XSS HIGH" "ultimate-classified-listings No.known.fix Contributor+.Local.File.Inclusion HIGH" "ultimate-classified-listings 1.4 Reflected.XSS HIGH" "ultimate-classified-listings 1.3 Unauthenticated.LFI HIGH" "ultimate-classified-listings 1.3 Reflected.XSS HIGH" "ucontext-for-amazon No.known.fix Stored.Cross-Site.Scripting.via.CSRF HIGH" "upload-file-type-settings-plugin No.known.fix Admin+.Stored.XSS LOW" "user-password-reset No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "user-spam-remover 1.1 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "user-private-files 2.1.4 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "user-private-files 2.1.1 Insecure.Direct.Object.Reference.to.Authenticated.(Subscriber+).Private.File.Access MEDIUM" "user-private-files 2.0.5 Subscriber+.Sensitive.Data.and.Files.Exposure.via.IDOR MEDIUM" "user-private-files 2.0.4 Admin+.Stored.XSS MEDIUM" "user-private-files 1.1.3 Subscriber+.Arbitrary.File.Upload CRITICAL" "ultimeter 2.8.3 Reflected.Cross-Site.Scripting MEDIUM" "ultimeter 2.7.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ultimeter 1.9.3 Subscriber+.Arbitrary.Option.Update CRITICAL" "ultimate-security-checker No.known.fix Cross-Site.Request.Forgery MEDIUM" "uncanny-automator-pro 5.3.0.1 Reflected.Cross-Site.Scripting MEDIUM" "uncanny-automator-pro 5.3.0.1 Cross-Site.Request.Forgery.to.License.Setting.Reset MEDIUM" "uncanny-automator-pro 5.3.0.1 Missing.Authorization.to.Unauthenticated.License.Setting.Reset MEDIUM" "up-down-image-slideshow-gallery 12.1 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "uji-popup No.known.fix Contributor+.Stored.XSS MEDIUM" "uptime-robot-monitor No.known.fix Cross-Site.Request.Forgery MEDIUM" "uptime-robot-monitor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "uptime-robot-monitor No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "user-rights-access-manager No.known.fix Missing.Authorization MEDIUM" "user-rights-access-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "user-rights-access-manager 1.0.8 Access.Restriction.Bypass MEDIUM" "user-rights-access-manager 1.0.4 Improper.Access.Controls MEDIUM" "ultimate-post 4.1.26 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-post 4.1.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-post 4.1.17 Missing.Authorization.to.Arbitrary.Plugin.Installation/Activation HIGH" "ultimate-post 4.1.16 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-post 4.1.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-post 4.1.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-post 4.1.3 Missing.Authorization.to.Arbitrary.Options.Update HIGH" "ultimate-post 4.1.0 Authenticated.(Contributor+).Stored.Cross=Site.Scripting MEDIUM" "ultimate-post 4.1.0 Contributor+.Stored.XSS MEDIUM" "ultimate-post 4.0.2 Contributor+.Stored.XSS MEDIUM" "ultimate-post 4.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-post 3.2.4 Incorrect.Authorization MEDIUM" "ultimate-post 3.0.6 Gutenberg.Post.Grid.Blocks.<.3.0.6.-.Reflected.Cross-Site.Scripting HIGH" "ultimate-post 2.9.10 Gutenberg.Blocks.for.Post.Grid.<.2.9.10.-.Reflected.Cross-Site.Scripting HIGH" "ultimate-post 2.4.10 Private.Content.Disclosure MEDIUM" "ultimate-post 2.4.10 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "ultimate-post 2.4.10 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "ultimate-post 2.4.10 Missing.Access.Controls MEDIUM" "ultimate-store-kit 2.5.0 Cross-Site.Request.Forgery.to.Limited.User.Meta.Update MEDIUM" "ultimate-store-kit 2.4.1 Unauthenticated.PHP.Object.Injection CRITICAL" "ultimate-store-kit No.known.fix Contributor+.Stored.XSS MEDIUM" "ultimate-store-kit 2.3.1 Missing.Authorization MEDIUM" "ultimate-store-kit 2.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-store-kit 2.0.4 Unauthenticated.PHP.Object.Injection CRITICAL" "ultimate-store-kit 2.0.0 Unauthenticated.PHP.Object.Injection CRITICAL" "ultimate-store-kit 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-store-kit 2.0.4 Unauthenticated.PHP.Object.Injection MEDIUM" "ultimate-store-kit 1.6.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-image-hover-effects No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "user-shortcodes-plus No.known.fix Insecure.Direct.Object.Reference.to.Authenticated.(Contributor+).Sensitive.Information.Disclosure.via.user_meta.Shortcode MEDIUM" "universal-email-preference-center No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ultimate-subscribe No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "unilevel-mlm-plan No.known.fix Reflected.Cross-Site.Scripting.via.'page' MEDIUM" "ui-slider-filter-by-price No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ui-slider-filter-by-price No.known.fix Cross-Site.Request.Forgery MEDIUM" "vospari-forms 1.4 Cross-Site.Scripting.(XSS) MEDIUM" "vegas-fullscreen-background-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "video-embed-optimizer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "vcos No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "vikrestaurants 1.4 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "video-conferencing-with-zoom-api 4.4.5 Open.Redirect MEDIUM" "video-conferencing-with-zoom-api 4.4.6 Sensitive.Information.Exposure MEDIUM" "video-conferencing-with-zoom-api 4.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "video-conferencing-with-zoom-api 4.3.0 Sensitive.Data.Disclosure LOW" "video-conferencing-with-zoom-api 4.0.10 Contributor+.Stored.XSS MEDIUM" "video-conferencing-with-zoom-api 3.9.3 Reflected.Cross-Site.Scripting MEDIUM" "video-conferencing-with-zoom-api 3.8.17 E-mail.Address.Disclosure MEDIUM" "video-conferencing-with-zoom-api 3.8.16 Reflected.Cross-Site.Scripting HIGH" "vendor 1.1.1 Unauthenticated.Information.Disclosure MEDIUM" "viral-loops-wp-integration No.known.fix Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "v-form 3.1.15 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "v-form 3.1.10 Reflected.Cross-Site.Scripting MEDIUM" "v-form 3.0.7 Missing.Authorization MEDIUM" "v-form 3.0.1 Reflected.Cross-Site.Scripting MEDIUM" "v-form 2.1.6 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "verge3d 4.9.3 Cross-Site.Request.Forgery MEDIUM" "verge3d 4.8.3 Cross-Site.Request.Forgery MEDIUM" "verge3d 4.8.1 Reflected.Cross-Site.Scripting MEDIUM" "verge3d 4.5.3 Subscriber+.Arbitrary.File.Upload HIGH" "varnish-wp No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "vrm360 No.known.fix Contributor+.Arbitrary.File.Upload.Leading.to.RCE HIGH" "vrm360 No.known.fix Full.Path.Disclosure MEDIUM" "video-contest No.known.fix Cross-Site.Request.Forgery MEDIUM" "video-contest No.known.fix Admin+.Stored.XSS LOW" "visitors-app No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "voting-record No.known.fix Settings.Update.to.Stored.XSS.via.CSRF HIGH" "voting-record No.known.fix Subscriber+.Stored.XSS HIGH" "video-sidebar-widgets No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "verbalize-wp No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "vertical-carousel-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "vasaio-qr-code No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "video-embedder 1.8 Stored.XSS.via.CSRF HIGH" "videojs-hls-player No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "visualizer 3.11.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Import.Data.From.File MEDIUM" "visualizer 3.11.2 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "visualizer 3.11.0 Missing.Authorization.to.Arbitrary.SQL.Execution HIGH" "visualizer 3.10.6 Reflected.Cross-Site.Scripting MEDIUM" "visualizer 3.9.5 Contributor+.Stored.XSS MEDIUM" "visualizer 3.9.2 Contributor+.Stored.XSS MEDIUM" "visualizer 3.7.10 Contributor+.PHAR.Deserialization HIGH" "visualizer 3.7.7 Reflected.Cross-Site.Scripting MEDIUM" "visualizer 3.3.1 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "visualizer 3.3.1 Blind.Server-Side.Request.Forgery.(SSRF) CRITICAL" "vrview No.known.fix Outdated.VRView.Library.Used,.Leading.to.Reflected.XSS HIGH" "visual-portfolio 3.3.10 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "visual-portfolio 3.3.3 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.title_tag.Parameter MEDIUM" "visual-portfolio 2.19.0 Contributor+.CSS.Injection MEDIUM" "visual-portfolio 2.18.0 Unauthenticated.CSS.Injection MEDIUM" "vikrentcar 1.4.3 Cross-Site.Request.Forgery.to.Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "vikrentcar 1.4.1 Unauthenticated.SQL.Injection CRITICAL" "vikrentcar 1.3.2 Cross.Site.Request.Forgery MEDIUM" "vikrentcar 1.3.3 Information.Exposure MEDIUM" "vikrentcar 1.3.1 Admin+.Stored.XSS MEDIUM" "vikrentcar 1.1.10 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "vikrentcar 1.1.7 CSRF.to.Stored.XSS HIGH" "vagonic-sortable No.known.fix Missing.Authorization MEDIUM" "vk-blocks 1.95.0.3 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "vk-blocks 1.64.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Block MEDIUM" "vk-blocks 1.57.1.0 Contributor+.Settings.Update.via.REST.API MEDIUM" "vk-blocks 1.58.0.0 Contributor+.Settings.Update.via.REST.API MEDIUM" "vk-blocks 1.54.0 Multiple.Stored.XSS MEDIUM" "vehica-core 1.0.98 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "variable-inspector No.known.fix Missing.Authorization MEDIUM" "variable-inspector 2.6.3 Reflected.Cross-Site.Scripting MEDIUM" "variable-inspector 2.4.0 Reflected.Cross-Site.Scripting MEDIUM" "video-synchro-pdf No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "video-synchro-pdf No.known.fix Unauthenticated.LFI MEDIUM" "vslider No.known.fix Cross-Site.Request.Forgery MEDIUM" "vslider No.known.fix Contributor+.Stored.XSS MEDIUM" "vikinghammer-tweet No.known.fix Stored.XSS.via.CSRF HIGH" "very-simple-contact-form 14.8 CAPTCHA.Bypass MEDIUM" "very-simple-contact-form 14.0 Missing.Authorization MEDIUM" "very-simple-contact-form 11.6 Captcha.bypass MEDIUM" "visual-form-builder 3.0.8 Entries.Deletion/Restoration.via.CSRF MEDIUM" "visual-form-builder 3.0.7 Admin+.Stored.Cross-Site.Scripting LOW" "visual-form-builder 3.0.6 CSV.Injection LOW" "visual-form-builder 3.0.6 Unauthenticated.Information.Disclosure MEDIUM" "visual-form-builder 3.0.4 Admin+.Stored.Cross-Site.Scripting LOW" "vdz-call-back 1.1.4.6 Authenticated.Stored.XSS MEDIUM" "visitor-info No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "visitor-info No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "video-playlist-for-youtube No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "video-playlist-for-youtube 6.2 CSRF MEDIUM" "void-elementor-whmcs-elements 2.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "views-for-wpforms-lite 3.2.3 Missing.Authorization.via.get_form_fields MEDIUM" "views-for-wpforms-lite 3.2.3 Missing.Authorization.via.save_view MEDIUM" "views-for-wpforms-lite 3.2.3 Cross-Site.Request.Forgery.via.save_view MEDIUM" "views-for-wpforms-lite 3.2.3 Cross-Site.Request.Forgery.via.create_view MEDIUM" "views-for-wpforms-lite 3.2.3 Missing.Authorization.via.create_view MEDIUM" "visitors-details No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "vidseo 1.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "video-embed-privacy 1.3 Reflected.Cross-Site.Scripting MEDIUM" "video-share-vod No.known.fix Reflected.Cross-Site.Scripting HIGH" "video-share-vod 2.6.32 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "video-share-vod 2.6.31 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "video-reviews 1.3.5 Reflected.Cross-Site.Scripting MEDIUM" "video-reviews 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "vr-views No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "video-wc-gallery 1.32 Missing.Authorization.to.Unauthenticated.Limited.File.Deletion MEDIUM" "very-simple-breadcrumb No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "viral-signup No.known.fix Unauthenticated.SQLi HIGH" "viral-signup No.known.fix Admin+.Stored.XSS LOW" "variable-product-swatches No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "variable-product-swatches 1.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "vkontakte-cross-post No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "venture-event-manager 3.2.5 Reflected.Cross-Site.Scripting.(XSS) HIGH" "video-sidebar-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "visit-site-link-enhanced No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "very-simple-google-maps 2.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "very-simple-google-maps 2.9 Contributor+.Stored.XSS MEDIUM" "vkontakte-wall-post No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "visualcomposer 45.11.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "visualcomposer 45.9.0 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "visualcomposer 45.7.0 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "visualcomposer 45.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "visualcomposer 45.0.1 Authenticated.Stored.XSS.via.Title MEDIUM" "visualcomposer 45.0.1 Authenticated.Stored.XSS.via.Text.Block MEDIUM" "visualcomposer 27.0 Multiple.Authenticated.Cross-Site.Scripting.Issues HIGH" "vit-website-reviews No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "vo-locator-the-wp-store-locator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "vo-locator-the-wp-store-locator No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "video-player-for-wpbakery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "video-grid 1.22 Reflected.XSS HIGH" "visitors-traffic-real-time-statistics 7.3 Missing.Authorization.via.multiple.AJAX.actions MEDIUM" "visitors-traffic-real-time-statistics 3.9 Subscriber+.SQL.Injection HIGH" "visitors-traffic-real-time-statistics 2.13 Arbitrary.Plugin.Installation/Activation.via.CSRF CRITICAL" "visitors-traffic-real-time-statistics 2.12 Arbitrary.Plugin.Installation/Activation.via.Low.Privilege.User CRITICAL" "visitors-traffic-real-time-statistics 1.13 CSRF.to.Stored.XSS/SQLi HIGH" "vm-backups No.known.fix CSRF.to.Database.Backup.Download MEDIUM" "vm-backups No.known.fix CSRF.to.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "vanguard No.known.fix Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "vayu-blocks 1.2.2 1.2.1.-.Missing.Authorization.to.Unauthenticated.Limited.Arbitrary.Options.Update MEDIUM" "vayu-blocks No.known.fix Contributor+.Stored.XSS MEDIUM" "vayu-blocks 1.2.0 Missing.Authorization.to.Unauthenticated.Arbitrary.Plugin.Installation/Activation CRITICAL" "void-elementor-post-grid-addon-for-elementor-page-builder 2.4 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "very-simple-quiz No.known.fix Multiple.Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "visual-text-editor No.known.fix Authenticated.(Contributor+).Remote.Code.Execution HIGH" "visualmodo-elements No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "vk-all-in-one-expansion-unit 9.99.2.0 Contributor+.Stored.XSS MEDIUM" "vk-all-in-one-expansion-unit 9.96.0.0 Unauthenticated.Password.Protected.Content.Access MEDIUM" "vk-all-in-one-expansion-unit 9.97.0.0 Contributor+.Stored.XSS MEDIUM" "vk-all-in-one-expansion-unit 9.88.2 Multiple.Stored.XSS MEDIUM" "vk-all-in-one-expansion-unit 9.87.1.0 Reflected.XSS MEDIUM" "vk-all-in-one-expansion-unit 9.86.0.0 Contributor+.Stored.XSS MEDIUM" "viewmedica No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "viewmedica No.known.fix Cross-Site.Request.Forgery.to.SQL.Injection MEDIUM" "viewmedica No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "video-popup 1.1.4 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "viet-affiliate-link No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "vk-blocks-pro 1.54.0 Multiple.Stored.XSS MEDIUM" "viperbar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "validar-certificados-de-cursos 1.6.2 Cross-Site.Request.Forgery MEDIUM" "video-analytics-for-cloudflare-stream 1.2 Reflected.Cross-Site.Scripting MEDIUM" "vimeography 2.4.5 Sensitive.Information.Exposure MEDIUM" "vimeography 2.4.2 Cross-Site.Request.Forgery MEDIUM" "vimeography 2.3.3 Contributor+.PHP.Object.Injection HIGH" "vignete-ads No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "video-embed-thumbnail-generator 4.8.11 Reflected.Cross-Site.Scripting MEDIUM" "video-embed-thumbnail-generator 4.7.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "vg-woocarousel No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "vertical-scroll-recent-post No.known.fix Cross-Site.Request.Forgery.via.vsrp_admin_options MEDIUM" "vertical-scroll-recent-post No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "vertical-scroll-recent-post 14.0 Reflected.Cross-Site.Scripting MEDIUM" "variation-swatches-and-gallery 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "video-widget No.known.fix Admin+.Stored.XSS.via.Widget LOW" "vr-calendar-sync 2.4.5 Unauthenticated.Local.File.Inclusion CRITICAL" "vr-calendar-sync 2.3.4 Calendar.Deletion/Update.&.Settings.Update.via.CSRF MEDIUM" "vr-calendar-sync 2.4.5 LFI.via.CSRF HIGH" "vr-calendar-sync 2.3.1 Reflected.Cross-Site.Scripting MEDIUM" "vr-calendar-sync 2.3.2 Unauthenticated.Arbitrary.Function.Call HIGH" "vikbooking 1.7.3 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "vikbooking 1.7.3 Cross-Site.Request.Forgery.to.Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "vikbooking 1.7.2 Admin+.Stored.XSS MEDIUM" "vikbooking 1.6.8 Broken.Access.Control LOW" "vikbooking 1.6.8 Insecure.Direct.Object.References MEDIUM" "vikbooking 1.6.8 Reflected.Cross-Site.Scripting MEDIUM" "vikbooking 1.6.0 Multiple.CSRF LOW" "vikbooking 1.5.12 Admin+.Stored.XSS MEDIUM" "vikbooking 1.5.9 Reflected.Cross-Site.Scripting MEDIUM" "vikbooking 1.5.8 Admin+.PHP.File.Upload LOW" "vikbooking 1.5.8 Admin+.Stored.Cross-Site.Scripting MEDIUM" "vikbooking 1.5.7 Stored.Cross-Site.Scripting.via.CSRF CRITICAL" "vikbooking 1.5.4 Unauthenticated.Arbitrary.File.Upload MEDIUM" "vite-coupon No.known.fix Remote.Code.Execution.via.CSRF HIGH" "vp-sitemap No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "vstemplate-creator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "video-background 2.7.5 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "variation-swatches-for-woocommerce 2.1.2 Subscriber+.Stored.Cross-Site.Scripting HIGH" "vod-infomaniak 1.5.10 Missing.Authorization MEDIUM" "vod-infomaniak 1.5.8 Cross-Site.Request.Forgery MEDIUM" "vod-infomaniak 1.5.7 Reflected.Cross-Site.Scripting HIGH" "vimeo-video-autoplay-automute No.known.fix Contributor+.Stored.XSS MEDIUM" "vdocipher 1.30 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "visibility-logic-elementor 2.3.5 Cross-Site.Request.Forgery MEDIUM" "verowa-connect 3.0.5 Reflected.Cross-Site.Scripting MEDIUM" "verowa-connect No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "verowa-connect 3.0.2 Unauthenticated.SQL.Injection HIGH" "vitepos-lite 3.1.8 Missing.Authorization MEDIUM" "vitepos-lite 3.1.5 Missing.Authorization MEDIUM" "vitepos-lite 3.1.4 Missing.Authorization MEDIUM" "vitepos-lite 3.0.2 Missing.Authorization MEDIUM" "vrpconnector No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "vertical-news-scroller 1.17 Authenticated.Reflected.Cross-Site.Scripting.(XSS) CRITICAL" "vc-tabs No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "vc-tabs 3.7.2 Admin+.Stored.Cross-Site.Scripting LOW" "vc-tabs 3.6.0 Unauthenticated.Arbitrary.Option.Update CRITICAL" "vc-tabs 3.7.0 Authenticated.Arbitrary.Options.Update MEDIUM" "videojs-html5-player 1.1.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.videojs_video.Shortcode MEDIUM" "videojs-html5-player 1.1.9 Contributor+.Stored.XSS MEDIUM" "videowhisper-live-streaming-integration 6.2.1 Unauthenticated.Arbitrary.File.Read HIGH" "videowhisper-live-streaming-integration 6.2.1 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "videowhisper-live-streaming-integration 6.1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "videowhisper-live-streaming-integration 4.27.4 Cross-Site.Scripting.(XSS) MEDIUM" "videowhisper-live-streaming-integration 4.29.5 Multiple.Vulnerabilities CRITICAL" "videowhisper-live-streaming-integration 4.29.10 videowhisper_streaming.php.Multiple.Parameter.XSS HIGH" "videowhisper-live-streaming-integration 4.67.17 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "video-comments-webcam-recorder 1.92 Unauthenticated.Reflected.XSS MEDIUM" "visual-sound No.known.fix Settings.Update.via.CSRF MEDIUM" "visual-sound No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "vikappointments 1.2.17 Cross-Site.Request.Forgery MEDIUM" "virtual-hdm-for-taxservice-am No.known.fix Unauthenticated.SQL.Injection HIGH" "vr-frases No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "vr-frases No.known.fix Authenticated.(Admin+).SQL.Injection MEDIUM" "vr-frases No.known.fix Reflected.XSS HIGH" "visual-link-preview 2.2.3 Unauthorised.AJAX.Calls MEDIUM" "visual-sound-widget-for-soundcloud-and-artistplugme-visualdreams No.known.fix Settings.Update.via.CSRF MEDIUM" "vdz-verification 1.4 Authenticated.Stored.XSS MEDIUM" "videos No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "vg-postcarousel No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "visitor-analytics-io 1.3.0 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "verification-sms-targetsms No.known.fix Unauthenticated.Limited.Remote.Code.Execution HIGH" "video-embed-box No.known.fix Authenticated.(subscriber+).SQL.Injection CRITICAL" "vice-versa No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "vmax-project-manager No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "videowhisper-video-presentation No.known.fix Remote.File.Upload CRITICAL" "visual-recent-posts No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "visucom-smart-sections No.known.fix WPBakery.Page.Builder.Addon.<=.1.7.8.-.Unauthenticated.PHP.Object.Injection CRITICAL" "virtual-bot No.known.fix Unauthenticated.SQL.Injection HIGH" "virtual-bot No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "vbsso-lite No.known.fix Missing.Authorization.to.Privilege.Escalation CRITICAL" "video-list-manager No.known.fix Admin+.SQL.Injection MEDIUM" "videojs-html5-video-player-for-wordpress No.known.fix HTML5.Video.Player.for.WordPress.<=.4.5.0.-.Contributor+.Stored.XSS.via.Shortcode MEDIUM" "visitors-online 1.0.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "visitors-online 0.4 SQL.Injection CRITICAL" "vigilantor 1.3.11 Admin+.Stored.XSS LOW" "vdz-google-analytics 1.6.0 Authenticated.Stored.XSS LOW" "vdz-google-analytics 1.4.9 Authenticated.Stored.XSS LOW" "vertical-marquee-plugin 7.2 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "vertical-marquee-plugin No.known.fix Admin+.Stored.XSS LOW" "video-posts-webcam-recorder 3.2.4 Authenticated.Reflected.XSS MEDIUM" "video-posts-webcam-recorder 1.55.5 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "void-visual-whmcs-element 1.0.4.1 Contributor+.Stored.XSS MEDIUM" "vc-addons-by-bit14 No.known.fix Editor+.Stored.XSS LOW" "vc-addons-by-bit14 1.4.6 Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Settings.Modification MEDIUM" "visual-footer-credit-remover 1.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "video-thumbnails No.known.fix Admin+.Stored.XSS LOW" "vision 1.7.2 Missing.Authorization MEDIUM" "vision 1.5.4 Contributor+.Stored.XSS MEDIUM" "vision 1.5.2 Reflected.Cross-Site.Scripting HIGH" "viet-nam-affiliate No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "videowhisper-video-conference-integration No.known.fix Remote.File.Upload CRITICAL" "vibebp 1.9.9.5.1 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "vibebp 1.9.9.5 Unauthenticated.Privilege.Escalation CRITICAL" "vibebp 1.9.9.7.7 Unauthenticated.SQL.Injection HIGH" "video-slider-with-thumbnails 1.0.11 Reflected.XSS HIGH" "vampire-character No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "verse-o-matic No.known.fix CSRF.to.Stored.XSS HIGH" "vk-poster-group No.known.fix Reflected.Cross-Site.Scripting.via.vkp_repost MEDIUM" "video-central No.known.fix Contributor+.Stored.XSS MEDIUM" "virim No.known.fix Unauthenticated.Object.Injection CRITICAL" "vidorev-extensions 2.9.9.9.9.9.6 Missing.Authorization.to.Unauthenticated.Youtube.Video.Import MEDIUM" "vk-filter-search No.known.fix Contributor+.Stored.XSS MEDIUM" "vk-filter-search 2.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "vision-pro 1.5.2 Reflected.Cross-Site.Scripting HIGH" "vertical-diamond-flipbook-flash No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "video-playlist-and-gallery-plugin 1.160 Settings.Update.via.CSRF MEDIUM" "vk-block-patterns 1.31.1.1 Missing.Authorization MEDIUM" "vk-block-patterns 1.31.2.0 Cross-Site.Request.Forgery MEDIUM" "wp-find-your-nearest No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-find-your-nearest No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-fade-in-text-news 12.1 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "wp-repost No.known.fix Admin+.Stored.XSS LOW" "woocommerce-social-media-share-buttons No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "wp-better-emails No.known.fix Admin+.Stored.XSS LOW" "wpsso 18.18.2 Missing.Authorization MEDIUM" "wc-ja-ja-pagamentos-multicaixa-express No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "widgets-controller No.known.fix Unauthenticated.Cross-Site.Scripting MEDIUM" "widgets-for-sourceforge-reviews 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "wp-experiments-free No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-experiments-free No.known.fix Missing.Authorization MEDIUM" "wp-experiments-free 9.0.1 Unauthenticated.SQLi HIGH" "wp-stripe-express 1.12.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-stripe-express 1.7.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-webinarsystem No.known.fix Open.Redirect MEDIUM" "wp-webinarsystem No.known.fix Missing.Authorization MEDIUM" "wp-webinarsystem No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-webinarsystem 1.33.25 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Creation HIGH" "wp-webinarsystem 1.33.25 Missing.Authorization.to.Authenticated.(Subscriber+).Webinar.Updates HIGH" "wp-webinarsystem 1.33.21 Cross-Site.Request.Forgery MEDIUM" "wp-webinarsystem 1.33.21 Cross-Site.Request.Forgery MEDIUM" "wp-webinarsystem 1.33.10 Reflected.Cross-Site.Scripting MEDIUM" "wp-custom-fields-search No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpcfs-preset.Shortcode MEDIUM" "wp-custom-fields-search 1.2.35 Admin+.Stored.XSS LOW" "wp-custom-fields-search 1.0 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-mail-log 1.1.3 Contributor+.Arbitrary.File.Upload HIGH" "wp-mail-log 1.1.3 WP.Mail.Log.<.1,1,3.–.Contributor+.SQL.Injection.in.wml_logs.endpoint MEDIUM" "wp-mail-log 1.1.3 WP.Mail.Log.<.1,1,3.–.Contributor+.LFI.in.wml_logs/send_mail.endpoint MEDIUM" "wp-mail-log 1.1.3 WP.Mail.Log.<.1,1,3.–.Incorrect.Authorization.in.REST.API.Endpoints LOW" "wp-mail-log 1.1.3 WP.Mail.Log.<.1,1,3.–.Contributor+.SQL.Injection.in.wml_logs/send_mail.endpoint MEDIUM" "wp-mail-log 1.1.3 WP.Mail.Log.<.1,1,3.–.Contributor+.Arbitrary.File.Upload.to.RCE CRITICAL" "wp-mail-log 1.1.3 Editor+.SQL.Injection.via.id HIGH" "wp-mail-log 1.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-mail-log 1.1.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "woo-codice-fiscale No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wordpress-users No.known.fix Settings.Update.via.CSRF MEDIUM" "wpforo 2.4.4 Subscriber+.Privilege.Escalation HIGH" "wpforo 2.4.2 Subscriber+.Arbitrary.File.Read MEDIUM" "wpforo 2.3.5 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "wpforo 2.3.5 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "wpforo 2.3.4 Authenticated.(Contributor+).SQL.Injection CRITICAL" "wpforo 2.2.4 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wpforo 2.2.6 Subscriber+.Content.Injection MEDIUM" "wpforo 2.1.9 Reflected.Cross-Site.Scripting HIGH" "wpforo 2.1.8 Subscriber+.Arbitrary.File.Read,.Author+.PHAR.Deserialization,.and.Subscriber+.Server-Side.Request.Forgery.via.file_get_contents HIGH" "wpforo 2.0.6 Subscriber+.Forum.Post.Set.as.Private/Public.via.IDOR MEDIUM" "wpforo 2.1.0 Arbitrary.User.Deletion.via.CSRF HIGH" "wpforo 2.1.0 Subscriber+.Arbitrary.File.Upload CRITICAL" "wpforo 2.0.6 Subscriber+.Forum.Post.Set.as.Solved/Unsolved.via.IDOR MEDIUM" "wpforo 2.0.6 Topic.Deletion.via.CSRF MEDIUM" "wpforo 2.0.6 Cross-Site.Request.Forgery MEDIUM" "wpforo 1.9.7 Open.Redirect MEDIUM" "wpforo 1.7.0 New.Users.Set.as.Admin.via.CSRF HIGH" "wpforo 1.7.0 Reflected.Cross-Site.Scripting.(XSS).via.langid.Parameter HIGH" "wpforo 1.7.0 Reflected.Cross-Site.Scripting.(XSS).via.s.Parameter HIGH" "wpforo 1.7.0 Reflected.Cross-Site.Scripting.(XSS).via.User.Agent MEDIUM" "wpforo 1.5.2 Privilege.Escalation CRITICAL" "wpforo 1.4.12 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wpforo 1.4.11 Unauthenticated.SQL.Injection CRITICAL" "woo-advanced-shipment-tracking 3.5.3 CSRF MEDIUM" "woo-advanced-shipment-tracking 3.2.7 Authenticated.Options.Change CRITICAL" "wp-links-page 4.9.6 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Image.Update MEDIUM" "wp-links-page 4.9.5 Cross-Site.Request.Forgery.via.wplf_ajax_update_screenshots MEDIUM" "wp-links-page 4.9.4 Contributor+.Stored.XSS MEDIUM" "widget-for-eventbrite-api 5.3.1 Reflected.Cross-Site.Scripting MEDIUM" "widget-for-eventbrite-api 4.4.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wc-shipos-delivery 2.2.0 Reflected.Cross-Site.Scripting MEDIUM" "wc-shipos-delivery No.known.fix Reflected.Cross-Site.Scripting.via.dvsfw_bulk_label_url.Parameter MEDIUM" "woocommerce-catalog-enquiry 5.0.6 Cross-Site.Request.Forgery.via.REST.API MEDIUM" "woocommerce-catalog-enquiry 5.0.3 Unauthenticated.Stored.XSS.via.Arbitrary.Setting.Update HIGH" "woocommerce-catalog-enquiry 5.0.3 Unauthenticated.Inquiry.Saving.&.Sensitive.Information.Disclosure MEDIUM" "woocommerce-catalog-enquiry 3.1.0 Arbitrary.File.Upload HIGH" "wp-comment-designer-lite 2.0.4 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wp-graphql-woocommerce 0.12.4 Unauthenticated.Coupon.Codes.Disclosure MEDIUM" "wp-ses 1.4.5 Stored.Cross-Site.Scripting.(XSS) HIGH" "widget-detector-elementor 1.2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wplegalpages 3.2.8 Cross-Site.Request.Forgery MEDIUM" "wplegalpages 2.9.3 Contributor+.Stored.XSS MEDIUM" "wplegalpages 2.7.1 Subscriber+.Arbitrary.Settings.Update.to.Stored.XSS MEDIUM" "wplegalpages 1.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "woo-billing-with-invoicexpress 3.0.3 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-editor 1.2.9.2 Authenticated.(Administrator+).Directory.Traversal.to.Arbitrary.File.Read MEDIUM" "wp-editor 1.2.9.2 Authenticated.(Administrator+).Directory.Traversal.to.Arbitrary.File.Update HIGH" "wp-editor 1.2.9.1 Authenticated.(Admin+).PHAR.Deserialization HIGH" "wp-editor 1.2.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-editor 1.2.8 Sensitive.Information.Exposure.via.log.file MEDIUM" "wp-editor 1.2.7 Authenticated.SQL.injection CRITICAL" "wp-editor 1.2.6.3 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "wp-editor 1.2.6 CSRF.&.Incorrect.Permissions CRITICAL" "wp-remote-thumbnail No.known.fix Contributor+.Arbitrary.File.Upload HIGH" "wpdm-premium-packages 5.9.7 Authenticated.(Administrator+).SQL.Injection MEDIUM" "wpdm-premium-packages 5.9.4 Reflected.Cross-Site.Scripting.via.add_query_arg MEDIUM" "wpdm-premium-packages 5.9.4 Sell.Digital.Products.Securely.<.5.9.4.-.Contributor+.Stored.Cross-Site.Scripting.via.wpdmpp_pay_link.Shortcode MEDIUM" "wpdm-premium-packages No.known.fix Admin+.SQL.Injection MEDIUM" "wpdm-premium-packages 5.9.2 Cross-Site.Request.Forgery MEDIUM" "wpdm-premium-packages 5.8.3 Reflected.Cross-Site.Scripting MEDIUM" "wpdm-premium-packages 5.7.5 Sell.Digital.Products.Securely.<.5.7.5.-.Subscriber+.Privilege.Escalation HIGH" "wte-elementor-widgets 1.3.8 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-supersized No.known.fix Cross-Site.Request.Forgery MEDIUM" "woocommerce-google-dynamic-retargeting-tag 1.7.17 Reflected.Cross-Site.Scripting MEDIUM" "wp-coming-soon-booster 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "widget-for-contact-form-7 No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-awesome-faq No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-awesome-faq 4.1.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wesecur-security No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "wphrm 1.1 Authenticated.SQL.Injection HIGH" "wpgt-google-translate No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpgt-google-translate No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-smart-quick-view 4.1.2 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "woo-smart-quick-view 4.0.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wc-quantity-plus-minus-button 1.2.0 Quantity.Plus.Minus.Button.for.WooCommerce.by.CodeAstrology.<.1,2,0.Settings.Update.via.CSRF MEDIUM" "woo-one-click-upsell-funnel 3.4.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wps_wocuf_pro_yes.Shortcode MEDIUM" "woocommerce-store-toolkit 2.3.9 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-store-toolkit 2.3.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-store-toolkit 2.3.2 Reflected.Cross-Site.Scripting HIGH" "woocommerce-store-toolkit 1.5.8 Privilege.Escalation CRITICAL" "woocommerce-store-toolkit 1.5.7 Store.Toolkit.Plugin.<=.1.5.6.-.Privilege.Escalation CRITICAL" "wholesale-pricing-woocommerce No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wholesale-pricing-woocommerce 3.8.1 Reflected.Cross-Site.Scripting MEDIUM" "woo-events 4.1.3 Unauthenticated.Arbitrary.File.Overwrite CRITICAL" "woo-products-widgets-for-elementor No.known.fix Contributor+.Local.File.Inclusion HIGH" "woo-products-widgets-for-elementor 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "woo-products-widgets-for-elementor 1.0.8 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "woo-products-widgets-for-elementor 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-ecommerce-quickpay No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-woocommerce-quickbooks 1.3.2 Cross-Site.Request.Forgery MEDIUM" "wp-woocommerce-quickbooks 1.1.9 Reflected.Cross-Site.Scripting HIGH" "wp-inject No.known.fix Admin+.Stored.XSS LOW" "wp-inject 1.16 Stored.XSS.&.CSRF HIGH" "wp-taxonomy-import No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-gateway-gocardless 2.5.7 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "wp-stripe-checkout 1.2.2.42 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-stripe-checkout 1.2.2.38 Sensitive.Information.Exposure.via.Debug.Log HIGH" "wp-stripe-checkout 1.2.2.21 Contributor+.Stored.XSS MEDIUM" "wp-time-slots-booking-form 1.2.11 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-time-slots-booking-form 1.2.12 Missing.Authorization MEDIUM" "wp-time-slots-booking-form 1.2.07 Unauthenticated.Price.Manipulation MEDIUM" "wp-time-slots-booking-form 1.1.82 Admin+.Stored.XSS LOW" "wp-time-slots-booking-form 1.1.63 Admin+.Stored.Cross-Site.Scripting LOW" "woocommerce-product-importer No.known.fix Product.Importer.<=.1.5.2.-.Reflected.Cross-Site.Scripting MEDIUM" "wordpress-data-guards No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-coder 3.6.1 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-coder 3.5.1 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "wp-coder 2.5.6 Reflected.XSS MEDIUM" "wp-coder 2.5.4 Admin+.SQLi MEDIUM" "wp-coder 2.5.3 Code.Deletion.via.CSRF MEDIUM" "wp-coder 2.5.2 RFI.leading.to.RCE.via.CSRF HIGH" "wp-user-avatar 4.15.20 Admin+.Stored.XSS LOW" "wp-user-avatar 4.15.20 Admin+.Stored.XSS LOW" "wp-user-avatar 4.15.20 Admin+.Stored.XSS LOW" "wp-user-avatar 4.15.19 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "wp-user-avatar 4.15.15 Admin+.Stored.XSS LOW" "wp-user-avatar 4.15.15 Admin+.Stored.XSS LOW" "wp-user-avatar 4.15.9 Contributor+.Stored.XSS MEDIUM" "wp-user-avatar 4.15.5 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wp-user-avatar 4.15.6 Contributor+.Stored.Cross-Site.Scripting.via.'reg-single-checkbox' MEDIUM" "wp-user-avatar 4.15.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wp-user-avatar 4.15.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.profilepress-edit-profile.Shortcode MEDIUM" "wp-user-avatar 4.15.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.[reg-select-role].Shortcode MEDIUM" "wp-user-avatar 4.15.0 Unauthenticated.Stored.XSS MEDIUM" "wp-user-avatar 4.15.0 Contributor+.Stored.XSS MEDIUM" "wp-user-avatar 4.15.0 Contributor+.Stored.XSS MEDIUM" "wp-user-avatar 4.14.4 Contributor+.Stored.XSS MEDIUM" "wp-user-avatar 4.13.3 Information.Disclosure.via.Debug.Log MEDIUM" "wp-user-avatar 4.13.2 ProfilePress.<.4,13,2.Cross-Site.Request.Forgery.via.'admin_notice' MEDIUM" "wp-user-avatar 4.13.2 Limited.Privilege.Escalation.via.'acceptable_defined_roles' HIGH" "wp-user-avatar 4.5.5 Reflected.XSS HIGH" "wp-user-avatar 4.5.5 Reflected.XSS HIGH" "wp-user-avatar 4.5.5 Contributor+.Stored.XSS MEDIUM" "wp-user-avatar 4.5.4 Admin+.Stored.XSS LOW" "wp-user-avatar 4.5.1 Admin+.Stored.Cross-Site.Scripting LOW" "wp-user-avatar 4.5.1 Admin+.Stored.Cross-Site.Scripting.via.Form.Settings LOW" "wp-user-avatar 3.2.3 Reflected.Cross-Site.Scripting HIGH" "wp-user-avatar 3.2.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-user-avatar 3.1.11 Unauthenticated.Cross-Site.Scripting.(XSS).in.tabbed.login/register.widget MEDIUM" "wp-user-avatar 3.1.11 Multiple.Vulnerabilities CRITICAL" "wp-user-avatar 3.1.4 3.1.3.-.Unauthenticated.Privilege.Escalation CRITICAL" "wp-user-avatar 3.1.4 3.1.3.-.Arbitrary.File.Upload.in.Image.Uploader.Component MEDIUM" "wp-user-avatar 3.1.8 Authenticated.Stored.XSS CRITICAL" "wp-user-avatar 3.1.4 3.1.3.-.Authenticated.Privilege.Escalation CRITICAL" "wp-smart-export No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-smart-export No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-tbc-payment-gateway No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-bannerize-pro 1.9.1 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "wp-bannerize-pro 1.7.0 Reflected.XSS HIGH" "wp-infusionsoft-woocommerce 1.0.9 Reflected.Cross-Site.Scripting HIGH" "woo-tipdonation No.known.fix Shop.Manager+.Stored.XSS MEDIUM" "woo-order-status-per-product No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-order-status-per-product No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "widget-google-reviews 3.2 Contributor+.Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "widget-google-reviews 2.2.4 Subscriber+.SQLi HIGH" "widget-google-reviews 2.2.3 Subscriber+.Widget.Creation MEDIUM" "wc-basic-slider 2.1.0 CSRF.Bypass MEDIUM" "wp-phpmyadmin-extension 5.2.0.4 Reflected.Cross-Site.Scripting MEDIUM" "wp-phpmyadmin-extension 5.2.0.4 Admin+.Stored.Cross-Site.Scripting LOW" "wp-social-sharing No.known.fix Admin+.Stored.XSS LOW" "wp-persistent-login 2.0.15 Reflected.Cross-Site.Scripting MEDIUM" "wp-persistent-login 2.0.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-powerplaygallery No.known.fix Arbitrary.File.Upload.&.SQL.Injection HIGH" "wordpress-mobile-pack No.known.fix Cross-Site.Request.Forgery MEDIUM" "wordpress-mobile-pack 2.1.3 Information.Disclosure HIGH" "widget-options 4.1.1 Contributor+.Remote.Code.Execution HIGH" "widget-options 4.0.9 Missing.Authorization.to.Notice.Dismissal MEDIUM" "widget-options 4.0.8 Missing.Authorization MEDIUM" "widget-options 4.0.8 Contributor+.Remote.Code.Execution CRITICAL" "widget-options 4.0.2 Extended.<=.5.1.0.&..Widget.Options.<=.4.0.1.-.Authenticated.(Subscriber+).Information.Disclosure MEDIUM" "wpspx No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "woostify-sites-library 1.4.8 Subscriber+.Arbitrary.Options.Update.to.DoS HIGH" "wp-job-manager-resumes 2.2.0 Resume.Manager.<.2.2.0.-.Missing.Authorization MEDIUM" "wp-job-manager-resumes 2.2.0 Resume.Manager.<.2.2.0.-.Cross-Site.Request.Forgery MEDIUM" "wp-feature-box No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-structured-data-schema 4.0.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-structured-data-schema 4.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-helper-lite 4.6.2 Missing.Authorization.in.whp_smtp_send_mail_test MEDIUM" "wp-helper-lite 4.6.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-helper-lite 4.5.2 Cross-Site.Request.Forgery.via.whp_fields MEDIUM" "wp-helper-lite 4.3 Reflected.Cross-Site.Scripting HIGH" "woocommerce-extra-charges-to-payment-gateways No.known.fix Unauthorised.Arbitrary.Plugin.Settings.Change.to.Stored.XSS CRITICAL" "woocommerce-jetpack 7.2.5 7.2.4.-.Unauthenticated.Stored.Cross-Site.Scripting HIGH" "woocommerce-jetpack 7.2.5 7.2.4.-.Unauthenticated.Arbitrary.File.Upload HIGH" "woocommerce-jetpack 7.2.5 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "woocommerce-jetpack 7.2.4 Authenticated.(ShopManager+).Stored.Cross-Site.Scripting.via.wcj_product_meta.Shortcode MEDIUM" "woocommerce-jetpack 7.2.4 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-jetpack 7.1.9 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "woocommerce-jetpack 7.1.8 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-jetpack 7.1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortocde MEDIUM" "woocommerce-jetpack 7.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-jetpack 7.1.3 Missing.Authorization.to.Product.Creation/Modification MEDIUM" "woocommerce-jetpack 7.1.2 Missing.Authorization.to.Authenticated.(Subscriber+).Order.Information.Disclosure MEDIUM" "woocommerce-jetpack 7.1.3 Contributor+.Stored.XSS MEDIUM" "woocommerce-jetpack 7.1.2 Authenticated.(Subscriber+).Information.Disclosure.via.Shortcode MEDIUM" "woocommerce-jetpack 7.1.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "woocommerce-jetpack 7.1.1 Subscriber+.Sensitive.Information.Disclosure MEDIUM" "woocommerce-jetpack 7.1.0 Shop.Manager+.Missing.Authorization.to.Arbitrary.Options.Update MEDIUM" "woocommerce-jetpack 6.0.1 Multiple.CSRF MEDIUM" "woocommerce-jetpack 5.6.3 Reflected.Cross-Site.Scripting HIGH" "woocommerce-jetpack 5.6.7 Custom.Role.Creation/Deletion.via.CSRF MEDIUM" "woocommerce-jetpack 5.6.7 Checkout.Files.Deletion.via.CSRF LOW" "woocommerce-jetpack 5.6.7 ShopManager+.Arbitrary.File.Download MEDIUM" "woocommerce-jetpack 5.6.7 Settings.Reset.via.CSRF MEDIUM" "woocommerce-jetpack 5.6.3 Subscriber+.Order.Status.Update MEDIUM" "woocommerce-jetpack 5.6.2 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-jetpack 5.4.9 Reflected.Cross-Site.Scripting.in.Product.XML.Feeds.Module HIGH" "woocommerce-jetpack 5.4.9 Reflected.Cross-Site.Scripting.in.General.Module HIGH" "woocommerce-jetpack 5.4.9 Reflected.Cross-Site.Scripting.in.PDF.Invoicing.Module HIGH" "woocommerce-jetpack 5.4.4 Authentication.Bypass CRITICAL" "woocommerce-jetpack 3.8.0 XSS MEDIUM" "wp-admin-logo-changer No.known.fix Plugin's.Settings.Update.via.CSRF MEDIUM" "wp-dashboard-notes 1.0.12 Subscriber+.Stored.XSS HIGH" "wp-dashboard-notes 1.0.11 Contributor+.Arbitrary.Private.Notes.Update.via.IDOR LOW" "wp-dashboard-notes 1.0.11 Unauthorised.Deletion.of.Private.Notes LOW" "wp-ical-availability No.known.fix Missing.Authorization MEDIUM" "wp-ical-availability No.known.fix Settings.Update.via.CSRF MEDIUM" "wpjqp-datepicker No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-editor-bootstrap-blocks 2.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-user-profiles No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "windsor-strava-club No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-user-switch No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "wp-user-switch 1.0.3 Subscriber+.Authentication.Bypass HIGH" "wp-job-manager-colors No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-jitsi-shortcodes No.known.fix Admin+.Stored.XSS LOW" "wp-jitsi-shortcodes No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-bannerize No.known.fix 4.0.2.-.Authenticated.SQL.Injection HIGH" "wp-post-category-notifications No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-slide-categorywise No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-total-branding 1.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.title.Parameter MEDIUM" "wc-affiliate 2.6 Missing.Authorization.to.Authenticated.(Subscriber+).Sensitive.Information.Exposure.via.wf-export-all MEDIUM" "wc-affiliate 2.5 Reflected.Cross-Site.Scripting MEDIUM" "wc-affiliate 2.4 Reflected.XSS HIGH" "wp-custom-countdown No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-hashtags No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "website-file-changes-monitor 2.1.1 Authenticated.SQL.Injection MEDIUM" "website-file-changes-monitor 2.1.0 Admin+.Authenticated.SQL.Injection MEDIUM" "website-file-changes-monitor 1.8.3 Admin+.SQLi MEDIUM" "woocommerce-gateway-stripe 7.6.2 Unauthenticated.Order.Deletion.via.IDOR LOW" "woocommerce-gateway-stripe 7.6.1 Cross-Site.Request.Forgery MEDIUM" "woocommerce-gateway-stripe 7.4.1 Subscriber+.Order.Intent.Update MEDIUM" "woocommerce-gateway-stripe 7.4.1 Unauthenticated.PII.Disclosure.via.IDOR HIGH" "website-toolbox-forums 2.0.2 Reflected.Cross-Site.Scripting.via.websitetoolbox_username MEDIUM" "wp-scribd-list No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-sendgrid-mailer No.known.fix Missing.Authorization MEDIUM" "wp-sendgrid-mailer No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Log.Deletion MEDIUM" "wp-sendgrid-mailer No.known.fix Unauthenticated.SQL.Injection CRITICAL" "wp-ticket-ultra No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "wpbrutalai 2.06 Admin+.Stored.XSS LOW" "wpbrutalai 2.0.0 SQL.Injection.via.CSRF HIGH" "wpbrutalai 2.0.1 Admin+.Reflected.XSS HIGH" "wp-comment-fields 5.1 Cross-Site.Request.Forgery MEDIUM" "wp-comment-fields 5.1 Missing.Authorization MEDIUM" "wp-comment-fields 4.1 Admin+.Stored.Cross-Site.Scripting LOW" "wp-job-board-pro No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "wordpress-notification-bar No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-nice-loader No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "woocommerce-multi-currency 2.3.7 WooCommerce.Multi.Currency.-.Currency.Switcher.<.2.3.7.-.Unauthenticated.SQL.Injection HIGH" "woocommerce-multi-currency 2.1.18 Authenticated.Product.Price.Change MEDIUM" "wpzoom-portfolio 1.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.align.Attribute MEDIUM" "wpzoom-portfolio 1.2.2 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-travel 10.1.4 Author+.SQL.Injection MEDIUM" "wp-travel No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "wp-travel 9.7.0 Missing.Authorization MEDIUM" "wp-travel 9.4.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-travel 7.8.1 Unauthenticated.AJAX.Calls MEDIUM" "wp-travel 4.2.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-travel 4.4.7 CSRF.Nonce.Bypasses MEDIUM" "wp-travel 4.4.7 Cross-Site.Request.Forgery MEDIUM" "woo-product-attachment 2.2.0 Checkout.Attachements.Update.via.CSRF MEDIUM" "woo-product-attachment 2.1.8 Reflected.Cross-Site.Scripting MEDIUM" "woo-product-attachment 2.1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "world-travel-information No.known.fix Reflected.Cross-Site.Scripting HIGH" "wp-commentnavi 1.12.2 Admin+.Stored.XSS LOW" "winning-portfolio No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-custom-google-search No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-ride-booking No.known.fix Cross-Site.Request.Forgery MEDIUM" "wplr-sync 6.4.1 Missing.Authorization MEDIUM" "wplr-sync 6.3.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-sendinblue-newsletter-subscription 4.0.18 Authenticated.(Editor+).Arbitrary.File.Download.and.Deletion HIGH" "woocommerce-checkout-manager 7.3.1 Missing.Authorization MEDIUM" "woocommerce-checkout-manager 5.5.7 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-checkout-manager 4.3 Arbitrary.File.Upload HIGH" "woo-wallet 1.5.7 Subscriber+.Funds.Creation MEDIUM" "woo-wallet 1.5.5 Authenticated.(Subscriber+).SQL.Injection.via.'search[value]' HIGH" "woo-wallet 1.5.1 Authenticated.(Shop.Manager+).Stored.Cross-Site.Scripting MEDIUM" "woo-wallet 1.4.11 Missing.Authorization.to.Authenticated.(Subscriber+).User.Email.Export MEDIUM" "woo-wallet 1.4.4 For.WooCommerce.<.1.4.4.-.Subscriber+.Arbitrary.Wallet.Lock/Unlock.via.IDOR MEDIUM" "woo-wallet 1.4.0 Settings.Update.via.CSRF MEDIUM" "wp-mlm No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-mlm No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "wpsyncsheets-wpforms 1.6.1 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Reset MEDIUM" "woocommerce-product-category-selection-widget No.known.fix Reflected.XSS HIGH" "woocommerce-predictive-search 6.1.0 Reflected.Cross-Site.Scripting MEDIUM" "webbricks-addons 1.1.11 Contributor+.Stored.XSS MEDIUM" "wp-custom-author-url 1.0.5 Admin+.Stored.XSS LOW" "wp-d3 No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-d3 2.4.1 Cross-Site.Request.Forgery.(CSRF) HIGH" "wpkoi-templates-for-elementor 3.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpkoi-templates-for-elementor 3.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpkoi-templates-for-elementor 2.5.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Parameters MEDIUM" "wpkoi-templates-for-elementor 2.5.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Advanced.Heading.Widget MEDIUM" "wc-recently-viewed-products No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-variation-gallery 1.1.29 Authenticated.Stored.XSS MEDIUM" "wp-simpleweather No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woo-shipping-dpd-baltic 1.2.84 Reflected.Cross-Site.Scripting HIGH" "woo-shipping-dpd-baltic 1.2.57 DPD.baltic.<.1.2.57.-.Subscriber+.Arbitrary.Options.Deletion HIGH" "woo-shipping-dpd-baltic 1.2.11 DPD.baltic.<.1.2.11.-.Admin+.Stored.XSS MEDIUM" "wp2syslog No.known.fix Admin+.Stored.XSS LOW" "wp-facebook-review-showcase-lite 1.0.9 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wp-auto-affiliate-links 6.4.7 Admin+.SQL.Injection MEDIUM" "wp-auto-affiliate-links 6.4.4 Authenticated.(Editor+).SQL.Injection CRITICAL" "wp-auto-affiliate-links 6.4.3.1 Missing.Authorization.via.aalAddLink MEDIUM" "wp-auto-affiliate-links 6.4.2.8 Cross-Site.Request.Forgery MEDIUM" "wp-auto-affiliate-links 6.4.2.6 Cross-Site.Request.Forgery MEDIUM" "wp-auto-affiliate-links 6.4.2.5 Settings.Update.to.Stored.XSS.via.CSRF HIGH" "wp-auto-affiliate-links 6.3.0.3 Settings.Update.via.CSRF MEDIUM" "woo-edit-templates No.known.fix Reflected.Cross-Site.Scripting.via.page MEDIUM" "woo-edit-templates 1.1.2 Reflected.XSS HIGH" "wired-impact-volunteer-management 2.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-postratings 1.91.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-postratings 1.90 Ratings.Tempering.via.Race.Condition MEDIUM" "wp-postratings 1.86.1 Admin+.Stored.Cross-Site.Scripting LOW" "wp-postratings 1.62 Authenticated.SQL.Injection CRITICAL" "wp-codemirror-block 2.0.0 Contributor+.Stored.XSS MEDIUM" "wp-smushit 3.17.1 Admin+.Directory.Traversal LOW" "wp-smushit 3.16.5 Subscriber+.Resmush.List.Deletion MEDIUM" "wp-smushit 3.9.9 Admin+.Reflected.Cross-Site.Scripting LOW" "wp-smushit 3.0.0 Authenticated.Phar.Deserialization MEDIUM" "wp-smushit 2.7.6 File.Transversal HIGH" "woocommerce-hss-extension-for-streaming-video No.known.fix Reflected.Cross-Site.Scripting.via.videolink.Parameter MEDIUM" "wpmm-memory-meter 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "wplistcal No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "wp-chgfontsize No.known.fix Arbitrary.Settings.Update.via.CSRF.to.Stored.XSS MEDIUM" "wp-piwik 1.0.29 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-piwik 1.0.28 Admin+.Stored.XSS LOW" "wp-piwik 1.0.27 Plugin.Settings.Reset.via.CSRF MEDIUM" "wp-piwik 1.0.10 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-pipes 1.4.2 Reflected.Cross-Site.Scripting.via.x1.Parameter MEDIUM" "wp-pipes 1.4.1 CSRF MEDIUM" "wp-pipes 1.4.0 Admin+.SQLi MEDIUM" "wp-support-plus-responsive-ticket-system 9.1.2 Stored.XSS MEDIUM" "wp-support-plus-responsive-ticket-system 9.0.3 Multiple.Authenticated.SQL.Injection CRITICAL" "wp-support-plus-responsive-ticket-system 8.0.8 Remote.Code.Execution CRITICAL" "wp-support-plus-responsive-ticket-system 8.0.8 Remote.Code.Execution.(RCE) CRITICAL" "wp-support-plus-responsive-ticket-system 8.0.0 Privilege.Escalation CRITICAL" "wp-support-plus-responsive-ticket-system 8.0.0 WP.Support.Plus.Responsive.Ticket.System.<.8,0,0.–.Authenticated.SQL.Injection MEDIUM" "wp-film-studio 1.3.5 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "wonderplugin-pdf-embed 1.7 Contributor+.Stored.XSS MEDIUM" "wp-buddha-free-adwords No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-buddha-free-adwords No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-google-map-plugin 4.7.2 Admin+.Stored.XSS LOW" "wp-google-map-plugin 4.7.2 Admin+.Stored.XSS LOW" "wp-google-map-plugin 4.7.2 Admin+.Stored.XSS LOW" "wp-google-map-plugin 4.6.2 Authenticated.(Contributor+).SQL.Injection HIGH" "wp-google-map-plugin 4.4.0 Editor+.Stored.XSS LOW" "wp-google-map-plugin 4.4.3 Category/Location/Map.Deletion.via.CSRF MEDIUM" "wp-google-map-plugin 4.2.4 Marker.Category/Map.Deletion.via.CSRF MEDIUM" "wp-google-map-plugin 4.1.5 Authenticated.SQL.Injection MEDIUM" "wp-google-map-plugin 4.1.0 CSRF.to.Unauthenticated.PHP.Object.Injection HIGH" "wp-google-map-plugin 4.0.4 XSS MEDIUM" "wp-google-map-plugin 3.1.2 XSS MEDIUM" "wp-google-map-plugin 2.3.10 Multiple.CSRF MEDIUM" "wp-google-map-plugin 3.0.0 CSRF.to.Authenticated.Cross-Site.Scripting.(XSS) HIGH" "wp-google-map-plugin 2.3.7 XSS MEDIUM" "woozap No.known.fix Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "wp-product-review 3.7.6 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "woocommerce-simple-registration 1.5.7 Unauthenticated.Privilege.Escalation CRITICAL" "wp-google-places-review-slider 16.1 Cross-Site.Request.Forgery.to.SQL.Injection MEDIUM" "wp-google-places-review-slider 15.6 Admin+.Stored.XSS LOW" "wp-google-places-review-slider 13.6 Admin+.Stored.XSS LOW" "wp-google-places-review-slider 12.6 Reflected.Cross-Site.Scripting MEDIUM" "wp-google-places-review-slider 11.8 Subscriber+.SQLi HIGH" "wp-google-places-review-slider 11.6 Admin+.Stored.XSS LOW" "wp-content-copy-protector 3.6.1 Cross-Site.Request.Forgery MEDIUM" "wp-content-copy-protector 3.5.6 Admin+.Stored.XSS LOW" "wp-content-copy-protector 3.4.5 Settings.Update.via.CSRF MEDIUM" "wp-content-copy-protector 3.1.5 Arbitrary.Plugin.Installation/Activation.via.Low.Privilege.User CRITICAL" "wp-content-copy-protector 3.4 Arbitrary.Plugin.Installation/Activation.via.CSRF CRITICAL" "woo-pensopay 6.3.2 Reflected.XSS HIGH" "woo-paylate 1.5 Reflected.Cross-Site.Scripting MEDIUM" "woo-paylate 1.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-munich-blocks 0.10.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-munich-blocks 0.11.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-munich-blocks 0.7.3 Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-members 3.4.9.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpmem_loginout.Shortcode MEDIUM" "wp-members 3.4.9.6 Reflected.Cross-Site.Scripting MEDIUM" "wp-members 3.4.9.4 Unprotected.Storage.of.Potentially.Sensitive.Files MEDIUM" "wp-members 3.4.9.3 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-members 3.4.9.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-members 3.4.9 Contributor+.Sensitive.Information.Exposure MEDIUM" "wp-members 3.4.8 Subscriber+.Unauthorized.Plugin.Settings.Update MEDIUM" "wp-members 3.2.8.1 Cross-Site.Request.Forgery.(CSRF) HIGH" "wp-members 3.1.8 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "wp-wc-affiliate-program 8.5.0 Authentication.Bypass.to.Account.Takeover.and.Privilege.Escalation CRITICAL" "wp-survey-and-poll No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "wp-survey-and-poll No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-smtp 1.2.7 1.2.6.-.Authenticated.(Admin+).SQL.Injection HIGH" "wizhi-multi-filters No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "woo-coupons-bulk-editor 1.3.40 Reflected.Cross-Site.Scripting MEDIUM" "woo-coupons-bulk-editor 1.3.28 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-conversion-tracking 2.0.12 Subscriber+.Addon.Installation MEDIUM" "woocommerce-conversion-tracking 2.0.12 Subscriber+.happy-elementor-addons.Installation.&.Activation MEDIUM" "woo-cart-count-shortcode 1.1.0 Contributor+.XSS MEDIUM" "woo-cart-count-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-sexylightbox No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-ogp No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-google-analytics-events 2.8.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-useronline 2.88.3 Unauthenticated.Stored.XSS HIGH" "wp-useronline 2.88.1 Admin+.Stored.Cross-Site.Scripting LOW" "wp-useronline 2.88.0 Admin+.Stored.Cross-Site.Scripting LOW" "wp-front-end-login-and-register No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-ultimate-gift-card No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "woocommerce-ultimate-gift-card 2.9.1 Create,.Sell.and.Manage.Gift.Cards.with.Customized.Email.Templates.<.2.9.1.-.Reflected.Cross-Site.Scripting MEDIUM" "woo-custom-emails No.known.fix Reflected.XSS HIGH" "woo-custom-emails No.known.fix Reflected.XSS HIGH" "woo-custom-emails No.known.fix Unauthenticated.Email.Settings.Update MEDIUM" "wp-accessibility-helper 0.6.2.9 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Settings.Update MEDIUM" "wp-accessibility-helper 0.6.3 Missing.Authorization MEDIUM" "wp-accessibility-helper 0.6.2.6 Missing.Authorization MEDIUM" "wp-accessibility-helper 0.6.2.5 Missing.Authorization.via.AJAX.action MEDIUM" "wp-accessibility-helper 0.6.0.7 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "weaver-themes-shortcode-compatibility No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wallet-system-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wallet-system-for-woocommerce 2.6.3 Cross-Site.Request.Forgery MEDIUM" "wallet-system-for-woocommerce 2.6.3 Missing.Authorization MEDIUM" "wallet-system-for-woocommerce 2.5.14 Information.Exposure.via.Log.Files MEDIUM" "wallet-system-for-woocommerce 2.5.10 Cross-Site.Request.Forgery MEDIUM" "wpzoom-elementor-addons 1.1.39 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Team.Members.Widget MEDIUM" "wpzoom-elementor-addons 1.1.38 Unauthenticated.Local.File.Inclusion CRITICAL" "wpzoom-elementor-addons 1.1.37 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Box.Widget MEDIUM" "wpzoom-elementor-addons 1.1.36 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woo-custom-checkout-fields No.known.fix Reflected.Cross-Site.Scripting HIGH" "wp-facebook-feed No.known.fix Reflected.XSS HIGH" "wp-facebook-feed No.known.fix Contributor+.Stored.XSS MEDIUM" "woo-customers-manager 1.1.14 Reflected.Cross-Site.Scripting MEDIUM" "woo-customers-manager 1.1.13 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-1-slider 1.3.0 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "woocommerce-discounts-plus 3.4.5 Reflected.Cross-Site.Scripting HIGH" "wp-lister-for-ebay 3.6.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-lister-for-ebay 3.6.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-lister-for-ebay 3.6.0 Authenticated.(Shop.Manager+).Arbitrary.File.Upload HIGH" "wp-lister-for-ebay 3.6.0 Authenticated.(Shop.Manager+).Stored.Cross-Site.Scripting MEDIUM" "wp-lister-for-ebay 3.5.8 Reflected.Cross-Site.Scripting.via.'s' MEDIUM" "wp-basics No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wplingo No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Content.Deletion MEDIUM" "wp-signals 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-photo-effects 1.2.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-photo-effects 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-photo-effects 1.2.3 Subscriber+.Arbitrary.Option.Update CRITICAL" "web-directory-free 1.7.9 Reflected.Cross-Site.Scripting MEDIUM" "web-directory-free 1.7.8 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "web-directory-free 1.7.7 Unauthenticated.SQL.Injection HIGH" "web-directory-free 1.7.4 Reflected.Cross-Site.Scripting MEDIUM" "web-directory-free 1.7.3 Unauthenticated.LFI HIGH" "web-directory-free 1.7.2 Reflected.XSS HIGH" "web-directory-free 1.7.0 Unauthenticated.SQL.Injection HIGH" "wp-business-intelligence 1.6.3 SQL.Injection CRITICAL" "wpappninja 11.57 Open.Redirect.via.'redirect'.Parameter HIGH" "wpappninja 11.53 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "wpappninja 11.51 Reflected.Cross-Site.Scripting MEDIUM" "wpappninja 11.49 Reflected.Cross-Site.Scripting MEDIUM" "wpappninja 11.42 Reflected.Cross-Site.Scripting MEDIUM" "wpappninja 11.21 Admin+.Stored.XSS LOW" "wpappninja 11.19 Admin+.Stored.XSS LOW" "wpappninja 11.14 Contributor+.Stored.XSS MEDIUM" "wp-geshi-highlight No.known.fix Author+.ReDoS LOW" "wp-category-meta No.known.fix CSRF MEDIUM" "wordpress-admin-bar-improved No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-event-solution 4.0.27 Unauthenticated.Arbitrary.File.Read HIGH" "wp-event-solution 4.0.26 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-event-solution 4.0.25 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-event-solution 4.0.25 Missing.Authorization.to.Unauthenticated.Payment.Status.Update MEDIUM" "wp-event-solution 4.0.21 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-event-solution 4.0.9 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-event-solution 4.0.9 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-event-solution 4.0.6 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "wp-event-solution 4.0.5 Missing.Authorization.to.Authenticated.(Contributor+).Event.Data.Import MEDIUM" "wp-event-solution 4.0.0 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "wp-event-solution 3.3.51 Missing.Authorization.to.Unauthenticated.Events.Export MEDIUM" "wordpress-filter No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-simple-maintenance-mode 1.5.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-search-filter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-search-filter No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "webmaster-tools No.known.fix Admin+.Stored.XSS LOW" "webmaster-tools No.known.fix Settings.Update.to.Stored.XSS.via.CSRF HIGH" "wpsimpletools-log-viewer No.known.fix Cross-Site.Request.Forgery.via.wpst_lw_viewer MEDIUM" "wp-easycart 5.7.9 Missing.Authorization.to.Order.Updates MEDIUM" "wp-easycart 5.7.3 Authenticated.(Contributor+).SQL.Injection.via.model_number.Parameter HIGH" "wp-easycart 5.6.0 Missing.Authorization MEDIUM" "wp-easycart 5.6.5 Sensitive.Information.Exposure MEDIUM" "wp-easycart 5.6.0 Cross-Site.Request.Forgery MEDIUM" "wp-easycart 5.6.4 Contributor+.SQL.Injection MEDIUM" "wp-easycart 5.4.11 Administrator+.Time-based.SQL.Injection HIGH" "wp-easycart 5.4.9 Product.Deletion.via.CSRF MEDIUM" "wp-easycart 5.4.9 Multiple.CSRFs MEDIUM" "wp-easycart 5.4.3 Admin+.LFI MEDIUM" "wp-easycart 5.2.5 Arbitrary.Design.Settings.Update.via.CSRF MEDIUM" "wp-easycart 5.1.1 CSRF.to.Stored.Cross-Site.Scripting HIGH" "wp-easycart 3.0.21 3.0.20.-.Privilege.Escalation HIGH" "wdesignkit 1.2.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wdesignkit 1.1.0 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "word-freshener No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "woo-currency 1.6.6 Admin+.Stored.XSS LOW" "wp-expert-agent-xml-feed No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-courses 3.2.22 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.User.Meta.Update HIGH" "wp-courses 3.2.4 Subscriber+.Arbitrary.Options.Update HIGH" "wp-courses 3.2.4 Cross-Site.Request.Forgery MEDIUM" "wp-courses 3.2.4 Missing.Authorization MEDIUM" "wp-courses 2.0.44 Reflected.Cross-Site.Scripting HIGH" "wp-courses 2.0.44 Authenticated.Stored.XSS.via.Video.Embed.Code LOW" "wp-courses 2.0.29 Broken.Access.Controls.leading.to.Courses.Content.Disclosure HIGH" "wp-eis No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "wp-private-content-plus 3.6.2 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "wp-private-content-plus 3.6.1 Unauthenticated.Protected.Post.Access MEDIUM" "wp-private-content-plus 3.2 Cross-Site.Request.Forgery HIGH" "wp-private-content-plus 3.2 CSRF.Nonce.Bypass HIGH" "wp-private-content-plus 2.0 Unauthenticated.Options.Change HIGH" "wp-featured-screenshot No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpml-string-translation 3.2.6 Admin+.SQLi MEDIUM" "wm-zoom No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-structuring-markup No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wpaudio-mp3-player No.known.fix Contributor+.Stored.XSS MEDIUM" "wholesale-market 2.2.1 Unauthenticated.Arbitrary.File.Download HIGH" "wholesale-market 2.2.2 Settings.Update.via.CSRF MEDIUM" "wp-admin-style No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "wp-registration 6.0 Missing.Authorization.to.User.Deletion CRITICAL" "wp-registration No.known.fix Unauthenticated.Account.Takeover CRITICAL" "wp-best-quiz No.known.fix Author+.Stored.XSS MEDIUM" "wp-access-areas 1.5.20 Reflected.Cross-Site.Scripting MEDIUM" "wp-user-extra-fields 16.7 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "wp-user-extra-fields 16.7 Missing.Authorization.to.Authenticated.(Subscriber+).Privilege.Escalation HIGH" "wp-user-extra-fields 16.6 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-posts-carousel 1.3.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-posts-carousel 1.3.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-posts-carousel 1.3.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-posts-carousel 1.3.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.auto_play_timeout.Parameter MEDIUM" "wp-joomag No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-google-maps-pro 8.1.12 Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "wp-menu-image 2.3 Unauthenticated.Menu.Image.Deletion MEDIUM" "wp-menu-image 2.3 Missing.Authorization.to.Unauthenticated.Menu.Image.Deletion MEDIUM" "wprequal 8.3.1 Cross-Site.Request.Forgery.to.Settings.Reset MEDIUM" "wp-design-maps-places No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wc-bulk-assign-linked-products No.known.fix Missing.Authorization MEDIUM" "woo-login-redirect No.known.fix Cross-Site.Request.Forgery MEDIUM" "woo-login-redirect No.known.fix CSRF MEDIUM" "wp-free-ssl No.known.fix Missing.Authorization MEDIUM" "wp-free-ssl 1.2.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-social-bookmark-menu No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-ultra-simple-paypal-shopping-cart 4.5 Cross-Site.Request.Forgery.(CSRF) HIGH" "wp-crm No.known.fix CSV.Injection LOW" "wp-spacecontent No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "woo-pdf-invoice-builder 1.2.137 Reflected.Cross-Site.Scripting MEDIUM" "woo-pdf-invoice-builder 1.2.102 Cross-Site.Request.Forgery MEDIUM" "woo-pdf-invoice-builder 1.2.104 Reflected.XSS HIGH" "woo-pdf-invoice-builder 1.2.91 Admin+.Stored.XSS LOW" "woo-pdf-invoice-builder 1.2.92 Subscriber+.Arbitrary.Invoice.Access MEDIUM" "woo-pdf-invoice-builder 1.2.91 Invoice.Fields.Creation.via.CSRF MEDIUM" "woo-pdf-invoice-builder 1.2.90 Subscriber+.SQLi HIGH" "woo-pdf-invoice-builder 1.2.91 Invoice.Update.via.CSRF MEDIUM" "wp-born-babies No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "woocommerce-booking 6.10.0 Subscriber+.Arbitrary.Option.Update HIGH" "wcfm-marketplace-rest-api 1.6.3 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "wcfm-marketplace-rest-api 1.6.0 Subscriber+.Arbitrary.Orders.Item.And.Notes.Update MEDIUM" "wp-fsqm-pro 4.19 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-staging 3.5.0 Admin+.Arbitrary.File.Upload MEDIUM" "wp-staging 3.5.0 Admin+.SSRF MEDIUM" "wp-staging 3.5.0 Sensitive.Information.Exposure.via.Log.File MEDIUM" "wp-staging 3.4.0 Admin+.Stored.XSS LOW" "wp-staging 3.2.0 Unauthorized.Sensitive.Data.Exposure HIGH" "wp-staging 3.1.3 Unauthenticated.Backup.Download HIGH" "wp-staging 2.9.18 Admin+.Stored.Cross-Site.Scripting LOW" "wp-multisite-content-copier 2.0.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-raptor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woothemes-sensei 4.24.0.1.24.0 Unauthenticated.Rewrite.Rules.Flushing MEDIUM" "woothemes-sensei 4.24.0.1.24.0 Authenticated.(Student+).Stored.Cross-Site.Scripting MEDIUM" "wplike2get No.known.fix Unauthenticated.Information.Exposure MEDIUM" "wp-plotly 1.0.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-download-codes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wha-crossword No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wha-crossword No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-post-author 3.8.3 Authenticated.(Administrator+).SQL.Injection MEDIUM" "wp-post-author 3.8.2 Authenticated.(Administrator+).SQL.Injection HIGH" "wp-post-author 3.6.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-post-author 3.6.5 Subscriber+.Rating.Manipulation MEDIUM" "wp-post-author 3.7.5 Missing.Authorization MEDIUM" "wpshopgermany-it-recht-kanzlei 2.1 Cross-Site.Request.Forgery MEDIUM" "wpshopgermany-it-recht-kanzlei 1.8 Admin+.Stored.XSS LOW" "wp-seo-tdk No.known.fix Unauthenticated.Setting.Update.to.Stored.XSS HIGH" "wp-force-ssl 1.67 Missing.Authorization.to.Settings.Update MEDIUM" "website-article-monetization-by-magenet 1.0.12 Unauthenticated.Stored.XSS HIGH" "wp-spreadplugin No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "webhotelier 1.6.1 Reflected.Cross-Site.Scripting.(XSS) HIGH" "wpcleaner No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-warranty 2.3.0 Missing.Authorization MEDIUM" "woocommerce-warranty 2.3.0 Missing.Authorization MEDIUM" "woocommerce-warranty 2.1.7 Reflected.XSS HIGH" "wp-secure-maintainance 1.7 Admin+.Stored.XSS LOW" "wp-auto-top No.known.fix Cross-Site.Request.Forgery MEDIUM" "woocommerce-dropshipping No.known.fix Unauthenticated.Arbitrary.Email.Send MEDIUM" "woocommerce-dropshipping 4.4 Unauthenticated.SQLi HIGH" "wp-youtube-live 1.8.3 Admin+.Stored.Cross.Site.Scripting LOW" "wp-youtube-live 1.7.22 Authenticated.Reflected.Cross-Site.Scripting MEDIUM" "wp-curriculo-vitae No.known.fix Unauthenticated.Arbitrary.File.Upload.to.RCE CRITICAL" "wp-baidu-submit No.known.fix Admin+.Stored.XSS LOW" "wordpress-custom-sidebar No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "wp-mail-smtp 4.1.0 Admin+.SMTP.Password.Exposure LOW" "woo-better-customer-list No.known.fix Reflected.Cross-Site.Scripting HIGH" "webinar-ignition 3.06.0 Cross-Site.Request.Forgery MEDIUM" "webinar-ignition 3.05.1 Unauthenticated.SQL.Injection CRITICAL" "webinar-ignition 3.05.1 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "webinar-ignition 3.05.1 Missing.Authorization.to.Unauthenticated.Privilege.Escalation CRITICAL" "webinar-ignition 3.1.2 Reflected.Cross-Site.Scripting MEDIUM" "webinar-ignition 2.14.3 Admin+.Stored.XSS LOW" "webinar-ignition 2.8.12 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wc-sales-notification 1.2.3 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "wp-gdpr-compliance No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-gdpr-compliance 2.0.23 Subscriber+.Arbitrary.Options.Update HIGH" "wp-gdpr-compliance 2.0.8 Reflected.Cross-Site.Scripting MEDIUM" "wp-gdpr-compliance 1.5.6 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "wp-gdpr-compliance 1.4.3 Unauthenticated.Call.Any.Action.or.Update.Any.Option CRITICAL" "wp-splashing-images 2.1.1 Cross-Site.Scripting.(XSS) MEDIUM" "wp-splashing-images 2.1.1 Authenticated.PHP.Object.Injection HIGH" "wp-blocks-hub No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "weblibrarian No.known.fix Reflected.XSS HIGH" "weblibrarian 3.5.5 SQL.Injection MEDIUM" "weblibrarian 3.4.8.6 XSS MEDIUM" "weblibrarian 3.4.8.7 XSS MEDIUM" "woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers 2.1.6 Settings.Update.via.CSRF MEDIUM" "woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers 2.1.4.1 Reflected.Cross-Site.Scripting MEDIUM" "woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers 2.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-line-notify 1.4.5 Reflected.XSS HIGH" "woo-update-variations-in-cart No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wp-paytm-pay No.known.fix Donation.Plugin.<=.1.3.2.-.Authenticated.(admin+).SQL.Injection MEDIUM" "wpbulky-wp-bulk-edit-post-types 1.0.10 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wp-sort-order 1.3.2 Missing.Authorization MEDIUM" "wp-monalisa 6.5 Cross-Site.Request.Forgery MEDIUM" "woocommerce-superfaktura 1.40.4 Authenticated.(Subscriber+).Blind.Server-Side.Request.Forgery MEDIUM" "wedevs-project-manager 2.6.23 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "wedevs-project-manager 2.6.23 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "wedevs-project-manager No.known.fix Cross-Site.Request.Forgery MEDIUM" "wedevs-project-manager 2.6.18 Authenticated.(Subscriber+).SQL.Injection.via.orderby.Parameter MEDIUM" "wedevs-project-manager 2.6.18 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Arbitrary.Options.Update MEDIUM" "wedevs-project-manager 2.6.23 Admin+.Stored.XSS LOW" "wedevs-project-manager 2.6.17 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "wedevs-project-manager 2.6.16 Authenticated.(Subscriber+).Sensitive.Information.Exposure.via.Project.Task.List.REST.API MEDIUM" "wedevs-project-manager No.known.fix Authenticated.(Project.Manager+).SQL.Injection MEDIUM" "wedevs-project-manager 2.6.15 Missing.Authorization.to.Project.Milestone.and.Task.Creation/Deletion MEDIUM" "wedevs-project-manager 2.6.14 Insecure.Direct.Object.Reference.to.Unauthenticated.Authorization.Bypass HIGH" "wedevs-project-manager 2.6.8 Missing.Authorization MEDIUM" "wedevs-project-manager 2.6.9 Subscriber+.Stored.XSS HIGH" "wedevs-project-manager 2.6.1 Subscriber+.SQLi HIGH" "wedevs-project-manager 2.6.5 Subscriber+.Privilege.Escalation HIGH" "wedevs-project-manager 2.4.14 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "wedevs-project-manager 2.4.10 CSRF.Nonce.Bypasses MEDIUM" "wedevs-project-manager 2.4.1 Cross-Site.Request.Forgery MEDIUM" "wedevs-project-manager 2.4.1 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wp-job-manager 2.3.0 Unauthenticated.Information.Exposure MEDIUM" "wp-job-manager 2.1.0 Unauthenticated.Job.Status.Update MEDIUM" "wp-job-manager 2.1.0 Cross-Site.Request.Forgery MEDIUM" "wp-job-manager 1.31.3 Phar.Deserialization MEDIUM" "wp-job-manager 1.29.3 Unauthenticated.Object.Injection CRITICAL" "wp-job-manager 1.26.2 Unauthenticated.Arbitrary.File.Upload HIGH" "widgets-for-alibaba-reviews 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "wp-donate No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "wp-donate 1.5 Unauthenticated.SQL.Injection HIGH" "wpdevart-vertical-menu 1.5.9 Theme.Deletion.via.CSRF MEDIUM" "wpdevart-vertical-menu 1.5.9 Admin+.Stored.XSS LOW" "wp-compare-tables No.known.fix Cross-Site.Request.Forgery MEDIUM" "webcamconsult 1.6.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "we-client-logo-carousel No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-add-to-cart-custom-redirect 1.2.14 Authenticated(Contributor+).Missing.Authorization.to.Limited.Arbitrary.Options.Update HIGH" "wp-all-import-pro 4.9.8 Cross-Site.Request.Forgery.to.Imported.Content.Deletion MEDIUM" "wp-all-import-pro 4.9.8 Authenticated.(Administrator+).PHP.Object.Injection.via.Import.File HIGH" "wp-all-import-pro 4.9.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "wp-all-import-pro 4.9.4 Authenticated.(Administrator+).Server-Side.Request.Forgery.via.File.Import HIGH" "wp-all-import-pro 4.1.2 Multiple.Vulnerabilities CRITICAL" "wp-all-import-pro 4.1.1 RCE HIGH" "widget-logic 5.10.3 CSRF.and.Lack.of.Authorisation HIGH" "widget-logic 5.10.2 CSRF.to.RCE HIGH" "web3-authentication 3.0.0 Authentication.Bypass HIGH" "web3-authentication 2.7.0 Authentication.Bypass CRITICAL" "wp-upload-restriction 2.2.5 Missing.Access.Control.in.deleteCustomType MEDIUM" "wp-upload-restriction No.known.fix Authenticated.Stored.XSS MEDIUM" "wp-upload-restriction 2.2.5 Missing.Access.Control.in.getSelectedMimeTypesByRole MEDIUM" "woo-coupon-usage 6.3.1 Reflected.Cross-Site.Scripting.via.'commission_summary'.Parameter MEDIUM" "woo-coupon-usage 5.16.7.2 Unauthenticated.Arbitrary.Shortcode.Execution.and.Reflected.Cross-Site.Scripting MEDIUM" "woo-coupon-usage 5.12.8 Reflected.Cross-Site.Scripting MEDIUM" "woo-coupon-usage 5.5.1.3 Reflected.Cross-Site.Scripting MEDIUM" "woo-coupon-usage 5.4.4 Unauthenticated.Reflected.XSS HIGH" "woo-coupon-usage 5.4.6 Reflected.XSS HIGH" "woo-coupon-usage 4.16.4.5 Unauthenticated.Stored.XSS HIGH" "woo-coupon-usage 4.16.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-coupon-usage 4.11.3.4 Arbitrary.Referral.Visits.Deletion.via.CSRF MEDIUM" "woo-coupon-usage 4.11.0.2 Reflected.Cross-Site.Scripting HIGH" "wp-keyword-monitor No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-2fa 2.6.4 Unauthenticated.Information.Exposure.via.Log.File MEDIUM" "wp-2fa 2.6.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-2fa 2.6.0 Subscriber+.Arbitrary.Email.Sending MEDIUM" "wp-2fa 2.6.0 Arbitrary.Email.Sending.via.CSRF MEDIUM" "wp-2fa 2.3.0 Time-Based.Side-Channel.Attack MEDIUM" "wp-2fa 2.2.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-2fa 2.2.0 Arbitrary.2FA.Disabling.via.IDOR MEDIUM" "wp-gmappity-easy-google-maps No.known.fix Subscriber+.SQL.Injection HIGH" "workscout-core 1.3.4 Authenticated.Stored.XSS.&.XFS HIGH" "wp-login-with-ajax No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-prayer No.known.fix Arbitrary.Prayer.Deletion.via.CSRF MEDIUM" "wp-prayer No.known.fix Email.Settings.Update.via.CSRF MEDIUM" "wp-prayer No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-prayer 1.9.7 Admin+.Stored.XSS LOW" "wp-prayer 1.5.5 Unauthorised.AJAX.call.via.CSRF MEDIUM" "wp-prayer 1.6.6 Cross-Site.Request.Forgery MEDIUM" "wp-prayer 1.6.7 Arbitrary.Plugin.Settings.Update.via.CSRF MEDIUM" "wp-prayer 1.6.2 Authenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "wc-pre-order No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-jobsearch No.known.fix Authentication.Bypass.via.Social.Logins HIGH" "wp-jobsearch 2.6.8 Unauthenticated.Privilege.Escalation CRITICAL" "wp-jobsearch 2.6.8 Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "wp-jobsearch 2.6.8 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-jobsearch 2.6.1 Unauthenticated.PHP.Object.Injection CRITICAL" "wp-jobsearch 2.6.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-jobsearch 2.5.6 Missing.Authorization MEDIUM" "wp-jobsearch 2.5.6 Missing.Authorization MEDIUM" "wp-jobsearch 2.5.4 Cross-Site.Request.Forgery MEDIUM" "wp-jobsearch 2.5.4 Unauthenticated.PHP.Object.Injection CRITICAL" "wp-jobsearch No.known.fix Authentication.Bypass.to.Account.Takeover CRITICAL" "wp-jobsearch 2.3.4 Arbitrary.File.Upload.to.RCE CRITICAL" "wp-jobsearch 2.3.4 Authentication.Bypass CRITICAL" "wp-jobsearch 1.8.2 Subscriber+.Arbitrary.Blog.Options.Update HIGH" "wp-jobsearch 1.8.2 Subscriber+.Add/Update.Schedule.Calls MEDIUM" "wp-jobsearch 1.8.2 Unauthenticated.Plugin's.Settings.Update MEDIUM" "wp-jobsearch 1.7.4 Authenticated.Stored.XSS MEDIUM" "wp-jobsearch 1.5.6 Unauthenticated.Reflected.XSS MEDIUM" "wp-jobsearch 1.5.5 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "wp-jobsearch 1.5.3 Multiple.Cross-Site.Scripting.Issues MEDIUM" "wp-jobsearch 1.5.1 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "wordable 3.1.2 Plugin's.Authentication.Bypass HIGH" "wp-product-gallery-lite 1.1.3 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "woocommerce-pay-per-post 3.1.11 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-pay-per-post 3.0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-invoice No.known.fix Arbitrary.Settings.Update.via.CSRF HIGH" "wp-invoice No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "wp-invoice 4.1.1 Multiple.Vulnerabilities MEDIUM" "we-testimonial-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpjournal No.known.fix Missing.Authorization MEDIUM" "wp-time-capsule 1.22.22 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-time-capsule 1.22.22 Authenticated.(Administrator+).PHP.Object.Injection HIGH" "wp-time-capsule 1.22.22 Authenticated.(Contributor+).SQL.Injection MEDIUM" "wp-time-capsule 1.22.21 Authentication.Bypass.to.Account.Takeover CRITICAL" "wp-time-capsule 1.22.7 Reflected.Cross-Site.Scripting HIGH" "wp-time-capsule 1.21.16 Authentication.Bypass CRITICAL" "wp-seo-redirect-301 2.3.2 Redirect.Deletion.via.CSRF MEDIUM" "wpc-admin-columns 2.1.1 2.1.0.-.Authenticated.(Subscriber+).Privilege.Escalation.via.User.Meta.Update HIGH" "wp-logo-showcase 1.3.37 Editor.Plugin's.Settings.Update LOW" "wp-easy-booking 2.4.5 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "wp-discourse 2.5.2 Missing.Authorization MEDIUM" "wp-video-lightbox 1.9.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.width.Parameter MEDIUM" "wp-video-lightbox 1.9.7 Contributor+.Stored.XSS MEDIUM" "wp-video-lightbox 1.9.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-video-lightbox 1.9.6 Admin+.Stored.Cross-Site.Scripting LOW" "wp-video-lightbox 1.9.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wp-datepicker 2.1.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-datepicker 2.1.2 Missing.Authorization MEDIUM" "wp-datepicker 2.1.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-datepicker 2.1.1 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "wp-setup-wizard 1.0.8.2 Authenticated.(Subscriber+).Full.Database.Download MEDIUM" "waymark 1.5.3 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "waymark 1.5.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "waymark 1.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "waymark 1.4.2 Reflected.Cross-Site.Scripting.via.'content' MEDIUM" "wordlift No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "wordlift 3.37.2 Admin+.Stored.Cross-Site.Scripting LOW" "wishlist-member-x No.known.fix Missing.Authorization.to.Stored.Cross-Site.Scripting HIGH" "wishlist-member-x No.known.fix Missing.Authorization.to.Information.Disclosure MEDIUM" "wishlist-member-x No.known.fix Unauthenticated.Arbitrary.SQL.Execution CRITICAL" "wishlist-member-x No.known.fix Unauthenticated.Information.Exposure MEDIUM" "wishlist-member-x No.known.fix Authenticated.(Subscriber+).Remote.Code.Execution CRITICAL" "wishlist-member-x No.known.fix Subscriber+.Privilege.Escalation HIGH" "wishlist-member-x No.known.fix Unauthenticated.Denial.of.Service MEDIUM" "wishlist-member-x No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "woo-product-table No.known.fix Reflected.XSS HIGH" "woo-product-table 3.5.2 Information.Exposure MEDIUM" "woo-product-table 3.1.2 Unauthenticated.Arbitrary.Function.Call CRITICAL" "wp-tarteaucitron-js-self-hosted No.known.fix Running.a.Vulnerable.Dependency MEDIUM" "wp-contest No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-contest No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "wen-responsive-columns 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-awesome-login No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "wp-security-audit-log-premium 4.6.4.1 Authenticated.(Subscriber+).SQL.Injection HIGH" "wp-programmmanager No.known.fix Reflected.XSS HIGH" "wp-programmmanager No.known.fix Admin+.SQL.Injection MEDIUM" "wp-programmmanager No.known.fix Category.Deletion.via.CSRF MEDIUM" "wp-upg No.known.fix Unauthenticated.RCE CRITICAL" "wp-email 2.69.1 Admin+.Stored.Cross-Site.Scripting LOW" "wp-email 2.69.0 Anti-Spam.Protection.Bypass.via.IP.Spoofing MEDIUM" "wp-email 2.69.0 Log.Deletion.via.CSRF MEDIUM" "wp-dev-powers-acf-color-coded-field-types No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-refund-and-exchange-lite 4.4.6 Unauthenticated.Sensitive.Information.Exposure.Through.Unprotected.Directory MEDIUM" "woo-refund-and-exchange-lite 4.4.6 Subscriber+.IDOR MEDIUM" "woo-refund-and-exchange-lite 4.0.9 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wordpress-importer 0.8.4 Admin+.PHP.Object.Injection MEDIUM" "wordpress-easy-paypal-payment-or-donation-accept-plugin 5.0 Missing.Authorization MEDIUM" "wordpress-easy-paypal-payment-or-donation-accept-plugin 4.9.10 Contributor+.Stored.XSS MEDIUM" "wpyog-documents No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-notcaptcha No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-reroute-email 1.4.8 Improper.Neutralization.of.Special.Elements.used.in.an.SQL.Command.('SQL.Injection') MEDIUM" "wp-reroute-email 1.4.8 Cross-Site.Request.Forgery HIGH" "wp-stripe-global-payments 3.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-stripe-global-payments 3.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "walker-core 1.3.6 Reflected.Cross-Site.Scripting MEDIUM" "walker-core 1.1.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpcs-content-scheduler No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpcs-content-scheduler 1.2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "while-it-is-loading No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-fevents-book No.known.fix Subscriber+.Arbitrary.Booking.Manipulation.via.IDOR MEDIUM" "wp-fevents-book No.known.fix Subscriber+.Stored.XSS HIGH" "woocommerce-checkout-cielo No.known.fix Insufficient.Verification.of.Data.Authenticity.to.Order.Payment.Status.Update MEDIUM" "wp-ad-management No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-news-magazine 1.2.0 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "wc-sms 2.8.1.1 Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "wc-sms 2.7 Reflected.Cross-Site.Scripting MEDIUM" "wp-mailing-group 3.0.5 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "wp-mailing-group 3.0.0 Reflected.Cross-Site.Scripting HIGH" "wp-mailing-group 3.0.0 Admin+.SQL.Injection MEDIUM" "woo-product-tables 2.1.5 Reflected.Cross-Site.Scripting MEDIUM" "woo-product-tables 2.1.3 Unuthenticated.SQL.Injection HIGH" "woo-product-tables 2.0.2 Unauthenticated.Remote.Code.Execution CRITICAL" "woo-product-tables 1.8.7 Cross-Site.Request.Forgery.via.saveGroup MEDIUM" "wp-realestate-manager No.known.fix Authentication.Bypass CRITICAL" "wp-ticket 5.10.4 Admin+.Stored.Cross-Site.Scripting LOW" "wp-ticket 5.6.0 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-live-chat-support-pro 8.0.32 File.Upload.Bypass CRITICAL" "wp-live-chat-support-pro 8.0.0.7 Unauthenticated.RCE CRITICAL" "wp-linkedin-auto-publish 8.12 Missing.Authorization MEDIUM" "woopra 1.4.3.2 Unauthenticated.Arbitrary.File.Upload CRITICAL" "woorewards 5.3.1 Missing.Authorization MEDIUM" "wp-header-images 2.0.1 Reflected.Cross-Site.Scripting HIGH" "wp-ptviewer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-dbmanager 2.80.8 Admin+.Remote.Command.Execution MEDIUM" "wp-dbmanager 2.79.2 Arbitrary.File.Delete HIGH" "woocommerce-aweber-newsletter-subscription 4.0.3 Missing.Authorization.to.Access.Token.Modification MEDIUM" "wp-client-logo-carousel No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-scrippets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-bulk-delete 1.3.2 Reflected.Cross-Site.Scripting MEDIUM" "wp-hubspot-woocommerce 1.0.5 Reflected.Cross-Site.Scripting HIGH" "wp-recipe-maker 9.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-recipe-maker 9.7.0 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.'tooltip' MEDIUM" "wp-recipe-maker 9.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'group_tag' MEDIUM" "wp-recipe-maker 9.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wprm-recipe-roundup-item.Shortcode MEDIUM" "wp-recipe-maker 9.3.0 Authenticated.Stored.Cross-Site.Scripting.via.Video.Embed MEDIUM" "wp-recipe-maker 9.2.0 Missing.Authorization.to.Authenticated.(Subscriber+).SQL.Injecton HIGH" "wp-recipe-maker 9.1.1 Reflected.Cross-Site.Scripting.via.Referer MEDIUM" "wp-recipe-maker 9.1.1 Contributor+.Stored.Cross-Site.Scripting.via.icon_color MEDIUM" "wp-recipe-maker 9.1.1 Contributor+.Stored.Cross-Site.Scripting.via.'tag' MEDIUM" "wp-recipe-maker 9.1.1 Contributor+.Stored.Cross-Site.Scripting.via.header_tag MEDIUM" "wp-recipe-maker 9.1.1 Directory.Traversal MEDIUM" "wp-recipe-maker 9.1.1 Contributor+.Stored.Cross-Site.Scripting.via.Recipe.Notes MEDIUM" "wp-recipe-maker 9.1.1 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-recipe-maker 8.6.1 Contributor+.Stored.XSS MEDIUM" "woo-multi-currency 2.2.6 Unauthenticated.Arbitrary.Shortcode.Execution.via.get_products_price.Function HIGH" "woo-multi-currency 2.2.4 Reflected.Cross-Site.Scripting MEDIUM" "woo-multi-currency 2.1.18 Reflected.Cross-Site.Scripting MEDIUM" "wp-instance-rename No.known.fix Arbitrary.File.Download MEDIUM" "wp-dark-mode 5.0.5 Missing.Authorization MEDIUM" "wp-dark-mode 4.0.8 Subscriber+.Local.File.Inclusion MEDIUM" "wp-dark-mode 4.0.0 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "woo-order-notes 1.5.3 Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "wp-dispensary No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woo-vipps 1.14.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-maintenance-mode-site-under-construction 1.8.2 Arbitrary.Plugin.Installation/Activation.via.Low.Privilege.User CRITICAL" "wp-maintenance-mode-site-under-construction 1.9 Arbitrary.Plugin.Installation/Activation.via.CSRF CRITICAL" "wp-xintaoke No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-youtube-lyte 1.7.16 Authenticated.Stored.XSS MEDIUM" "woo-binary-mlm No.known.fix Reflected.Cross-Site.Scripting.via.'page' MEDIUM" "woo-binary-mlm No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "word-replacer-ultra No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Content.Update MEDIUM" "word-replacer-ultra No.known.fix Missing.Authorization MEDIUM" "wp-planet No.known.fix Unauthenticated.Reflected.XSS MEDIUM" "wgauge No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wgauge No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "wps-hide-login 1.9.16.4 Hidden.Login.Page.Disclosure LOW" "wps-hide-login 1.9.16 Login.Page.Disclosure MEDIUM" "wps-hide-login 1.9.12 Hidden.Login.Page.Location.Disclosure LOW" "wps-hide-login 1.9.1 Protection.Bypass.with.Referer-Header MEDIUM" "wps-hide-login 1.5.5 Secret.Login.Page.Disclosure CRITICAL" "wps-hide-login 1.5.3 Multiples.Issues HIGH" "wordpress-23-related-posts-plugin No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wordpress-23-related-posts-plugin 2.7.2 Cross-Site.Request.Forgery MEDIUM" "woocommerce-gateway-nab-dp 2.1.2 NAB.Transact.<.2.1.2.-.Payment.Bypass HIGH" "wc-product-author 1.0.8 Cross-Site.Request.Forgery MEDIUM" "wc-product-author 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "wc-product-author 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "we-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpjam-basic 6.2.1.1 Contributor+.Stored.XSS MEDIUM" "whatshelp-chat-button 1.8.10 Admin+.Stored.XSS LOW" "wp-mail-logging 1.11.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-mail-logging 1.10.0 Outdated.Redux.Framework MEDIUM" "wphelpful No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wc-gsheetconnector 1.3.12 Missing.Authorization MEDIUM" "wc-gsheetconnector 1.3.5 Reflected.Cross-Site.Scripting MEDIUM" "wc-gsheetconnector 1.3.6 Access.Code.Update.via.CSRF MEDIUM" "wc-gsheetconnector 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-tweet-walls 1.0.4 Cross-Site.Request.Forgery MEDIUM" "wp-live-tv No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-live-tv No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpmandrill No.known.fix Missing.Authorization.via.getAjaxStats MEDIUM" "wp-pro-counter No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-pro-counter No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-svg-upload No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "wp-update-mail-notification 1.2.0 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "wp-custom-post-template No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-favorite-posts No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-favorite-posts 1.6.6 Cross-Site.Scripting.(XSS) MEDIUM" "woo-quick-view 1.1.3 Unauthenticated.Information.Disclosure MEDIUM" "webcam-2way-videochat 5.2.8 Reflected.Cross-Site.Scripting HIGH" "webcam-2way-videochat 4.41.2 Cross-Site.Scripting.(XSS) MEDIUM" "wp-whois-domain No.known.fix Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "woo-conditional-product-fees-for-checkout 3.9.3.2 Reflected.Cross-Site.Scripting MEDIUM" "woo-conditional-product-fees-for-checkout 3.8.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-bulk-sms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-music-player No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "wc-zelle 3.1.1 Reflected.Cross-Site.Scripting MEDIUM" "wc-zelle 2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-log-action 0.52 Reflected.XSS HIGH" "wp-mediatagger No.known.fix Reflected.XSS HIGH" "wp-mediatagger No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-imageflow2 5.2.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-imageflow2 5.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-system-log No.known.fix Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "wp-mylinks 1.0.7 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-woocart-popup-lite No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-mailster 1.8.21.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-mailster 1.8.18.0 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "wp-mailster 1.8.18.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-mailster 1.8.18.0 Cross-Site.Request.Forgery MEDIUM" "wp-mailster 1.8.17.0 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "wp-mailster 1.8.18.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-mailster 1.8.17.0 Authenticated.(Contributor+).SQL.Injection.via.orderby HIGH" "wp-mailster 1.8.17.0 Missing.Authorization MEDIUM" "wp-mailster 1.8.17.0 Unauthenticated.Information.Exposure MEDIUM" "wp-mailster 1.8.17.0 Missing.Authorization HIGH" "wp-mailster 1.8.16.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-mailster 1.8.17.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-mailster 1.5.5 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "wp-desklite No.known.fix Reflected.XSS HIGH" "wp-airbnb-review-slider 4.0 Authenticated.(Administrator+).SQL.Injection MEDIUM" "wp-airbnb-review-slider 3.3 Subscriber+.SQLi HIGH" "wp-airbnb-review-slider 3.3 CSRF MEDIUM" "woofunnels-aero-checkout 3.11.0 Subscriber+.Settings.Update MEDIUM" "woofunnels-aero-checkout 3.11.0 Subscriber+.Arbitrary.Plugin.Activation MEDIUM" "woofunnels-aero-checkout 3.11.0 Unauthenticated.Arbitrary.Content.Deletion MEDIUM" "w3speedster-wp No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "w3speedster-wp 7.27 Cross-Site.Request.Forgery MEDIUM" "w3speedster-wp 7.27 Admin+.RCE MEDIUM" "w3speedster-wp 7.20 Settings.Update.via.CSRF MEDIUM" "wpfront-notification-bar 3.4 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "wpfront-notification-bar 3.4 Admin+.Stored.XSS MEDIUM" "wpfront-notification-bar 2.1.0.08087 Authenticated.Stored.XSS LOW" "wpfront-notification-bar 2.0.0.07176 Authenticated.Stored.XSS MEDIUM" "wp-secure-by-sitesecuritymonitorcom No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "widgets-for-ebay-reviews 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "wpdirectorykit 1.3.6 Reflected.Cross-Site.Scripting MEDIUM" "wpdirectorykit 1.3.1 Authenticated.(Subscriber+).SQL.Injection HIGH" "wpdirectorykit 1.3.0 Reflected.Cross-Site.Scripting MEDIUM" "wpdirectorykit 1.2.7 Missing.Authorization MEDIUM" "wpdirectorykit 1.2.4 Missing.Authorization.for.Plugin.Settings.Update MEDIUM" "wpdirectorykit 1.2.4 Reflected.Cross-Site.Scripting.via.search.parameter MEDIUM" "wpdirectorykit 1.2.0 Unauthenticated.Local.File.Inclusion HIGH" "wpdirectorykit 1.2.3 Unauthenticated.Arbitrary.Settings.Update MEDIUM" "wpdirectorykit 1.2.0 Cross-Site.Request.Forgery MEDIUM" "wpdirectorykit 1.2.2 Cross-Site.Request.Forgery.to.Plugin.Settings.Update MEDIUM" "wpdirectorykit 1.2.0 Open.Redirect MEDIUM" "wicked-folders 2.18.17 Subscriber+.Folder.Structure.Update MEDIUM" "wicked-folders 2.18.17 Folder.Structure.Update.via.CSRF MEDIUM" "wicked-folders 2.8.10 Subscriber+.SQL.Injection HIGH" "wpstickybar-sticky-bar-sticky-header No.known.fix Unauthenticated.SQLi HIGH" "wpstickybar-sticky-bar-sticky-header No.known.fix Reflected.XSS HIGH" "woocommerce-brands 1.6.50 Cross-Site.Request.Forgery MEDIUM" "woocommerce-brands 1.6.46 Contributor+.Stored.XSS MEDIUM" "wp-to-hootsuite 1.6.0 Cross-Site.Request.Forgery MEDIUM" "wp-to-hootsuite 1.3.9 Reflected.Cross-Site.Scripting HIGH" "wordapp No.known.fix Authorization.Bypass.via.Insufficiently.Unique.Cryptographic.Signature CRITICAL" "wp-facebook-reviews 12.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-facebook-reviews 13.0 Admin+.Stored.XSS LOW" "wp-facebook-reviews 3.6 Reflected.Cross-Site.Scripting MEDIUM" "wp-facebook-reviews 12.2 Subscriber+.SQLi HIGH" "wp-facebook-reviews 11.0 Admin+.SQL.Injection MEDIUM" "wp-sheet-editor-edd-downloads 1.0.61 Reflected.Cross-Site.Scripting MEDIUM" "wp-sheet-editor-edd-downloads 1.0.49 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-contacts-manager No.known.fix Unauthenticated.SQLi CRITICAL" "wp-stats 2.52 CSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "wp-shop-original No.known.fix Unauthenticated.Settings.Update MEDIUM" "wp-show-more No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.show_more.Shortcode MEDIUM" "wp-expand-tabs-free 2.2.7 Admin+.Stored.XSS LOW" "wp-expand-tabs-free 2.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-expand-tabs-free 2.1.17 Contributor+.Stored.XSS MEDIUM" "wp-expand-tabs-free 2.1.15 Multiple.CSRF MEDIUM" "wp-strava No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-header-notification No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wpoptin No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "wpoptin 2.0.2 Unauthenticated.Local.File.Inclusion HIGH" "wpoptin 1.2.7 Reflected.Cross-Site.Scripting MEDIUM" "wpoptin 1.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-dialog No.known.fix Authenticated.Stored.Cross-Site.Scripting LOW" "wp-import-export 3.9.16 Unauthenticated.Sensitive.Data.Disclosure HIGH" "wp-automedic No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-automedic 1.5.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-sticky-social 1.0.2 Stored.XSS.via.CSRF HIGH" "wf-cookie-consent 1.1.4 Authenticated.Persistent.Cross-Site.Scripting.(XSS) MEDIUM" "woo-bought-together 7.2.0 Missing.Authorization MEDIUM" "woo-bought-together 7.0.4 Missing.Authorization MEDIUM" "wp-fancybox 1.0.2 Authenticated.Stored.Cross-Site.Scripting LOW" "wp-armour-extended 1.32 Reflected.Cross-Site.Scripting MEDIUM" "wp-armour-extended 1.32 Cross-Site.Request.Forgery MEDIUM" "wp-show-login-form No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wc-builder 1.0.19 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wordpress-simple-paypal-shopping-cart 5.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wordpress-simple-paypal-shopping-cart 5.1.4 Insecure.Direct.Object.Reference.via.'quantity' MEDIUM" "wordpress-simple-paypal-shopping-cart 5.1.4 Insecure.Direct.Object.Reference MEDIUM" "wordpress-simple-paypal-shopping-cart 5.1.3 Unauthenticated.Information.Exposure.via.file_url.Parameter HIGH" "wordpress-simple-paypal-shopping-cart 5.1.3 Unauthenticated.Product.Price.Manipulation HIGH" "wordpress-simple-paypal-shopping-cart 5.0.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wordpress-simple-paypal-shopping-cart 4.7.2 Authenticated(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wordpress-simple-paypal-shopping-cart 4.6.4 Unauthenticated.PII.Disclosure MEDIUM" "wordpress-simple-paypal-shopping-cart 4.6.2 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wptf-image-gallery No.known.fix Remote.File.Download HIGH" "woo-stripe-payment 3.3.10 3.3.9.-.Missing.Authorization.Controls.to.Financial.Account.Hijacking MEDIUM" "wc-sudan-payment-gateway No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-limits No.known.fix Plugin's.Settings.Update.via.CSRF MEDIUM" "wp-automatic 3.95.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.autoplay.Parameter MEDIUM" "wp-automatic 3.93.0 WordPress.Automatic.Plugin.<.3,93,0.Cross-Site.Request.Forgery MEDIUM" "wp-automatic 3.92.1 Unauthenticated.Arbitrary.File.Download.and.Server-Side.Request.Forgery CRITICAL" "wp-automatic 3.92.1 Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "wp-automatic 3.92.1 Unauthenticated.SQL.Injection CRITICAL" "wp-automatic 3.53.3 Unauthenticated.Arbitrary.Options.Update CRITICAL" "wp-openagenda 1.9.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-dream-carousel No.known.fix Reflected.XSS HIGH" "wordpress-countdown-widget 3.1.9.3 Admin+.Stored.XSS LOW" "woocommerce-ajax-filters 1.6.8.2 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-ajax-filters 1.5.4.7 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "wp-gravity-forms-spreadsheets 1.1.1 Reflected.Cross-Site.Scripting HIGH" "wp-paginate 2.1.9 Admin+.Stored.Cross-Site.Scripting LOW" "wp-paginate 2.1.4 Admin+.Stored.Cross-Site.Scripting LOW" "wck-custom-fields-and-custom-post-types-creator 2.3.3 Admin+.Stored.XSS LOW" "woo-rfq-for-woocommerce 1.9.180 Insecure.Direct.Object.Reference.to.Unauthenticated.Sensitive.Information.Disclosure HIGH" "wp-businessdirectory 3.1.3 Reflected.Cross-Site.Scripting HIGH" "wp-businessdirectory 3.1.3 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "wp-twilio-core 1.5.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-twilio-core 1.3.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-custom-product-tabs-lite 1.9.1 Authenticated.(Shop.Manager+).PHP.Object.Injection HIGH" "wp-image-zoooom 1.47 Local.File.Inclusion MEDIUM" "wp-blog-post-layouts 1.1.4 Authenticated.(Contributor+).Local.File.Inlcusion HIGH" "wp-disable-sitemap 1.1.6.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-disable-sitemap 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-compress-mainwp 6.30.06 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "wp-downloadmanager 1.68.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-downloadmanager 1.68.7 Admin+.Stored.Cross-Site.Scripting LOW" "wp-downloadmanager 1.68.7 Reflected.Cross-Site.Scripting MEDIUM" "wp-downloadmanager 1.68.5 Server-Side.Request.Forgery.(SSRF) MEDIUM" "wordpress-logging-service No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-topbar No.known.fix CSRF MEDIUM" "wp-topbar No.known.fix Admin+.SQLi MEDIUM" "wp-azure-offload No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wc-customer-source 1.3.2 Authenticated.(Shop.Manager+).Stored.Cross-Site.Scripting MEDIUM" "wibstats-statistics-for-wordpress-mu No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-hide-post No.known.fix Arbitrary.Post.Hiding.via.CSRF MEDIUM" "wp-intercom-slack No.known.fix Slack.Access.Token.Disclosure HIGH" "wp-discord-post No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-product-enquiry No.known.fix Unauthenticated.Stored.XSS HIGH" "wp-logs-book No.known.fix Log.Clearing.via.CSRF MEDIUM" "wp-logs-book No.known.fix Disable.Logging.via.CSRF MEDIUM" "wp-logs-book No.known.fix Unauthenticated.Stored.XSS HIGH" "wpdevtool No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-statistics 14.13.4 Subscriber+.Arbitrary.Plugin.Settings.Update MEDIUM" "wp-statistics 14.5.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-statistics 14.0 Authenticated.SQLi HIGH" "wp-statistics 13.2.11 Subscriber+.SQLi HIGH" "wp-statistics 13.2.9 Authenticated.SQLi HIGH" "wp-statistics 13.2.2 Admin+.Stored.Cross-Site.Scripting LOW" "wp-statistics 13.2.2 Reflected.Cross-Site.Scripting LOW" "wp-statistics 13.1.6 Multiple.Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-statistics 13.1.6 Unauthenticated.Blind.SQL.Injection.via.IP CRITICAL" "wp-statistics 13.1.6 Unauthenticated.Blind.SQL.Injection.via.current_page_type CRITICAL" "wp-statistics 13.1.6 Reflected.Cross-Site.Scripting MEDIUM" "wp-statistics 13.1.6 Unauthenticated.Blind.SQL.Injection.via.current_page_id CRITICAL" "wp-statistics 13.1.5 Unauthenticated.Blind.SQL.Injection CRITICAL" "wp-statistics 13.1.2 Arbitrary.Plugin.Activation/Deactivation.via.CSRF MEDIUM" "wp-statistics 13.1 Reflected.Cross-Site.Scripting.(XSS) HIGH" "wp-statistics 13.0.8 Unauthenticated.SQL.Injection HIGH" "wp-statistics 12.6.7 Unauthenticated.Stored.XSS.Under.Certain.Configurations CRITICAL" "wp-statistics 12.6.7 Unauthenticated.Blind.SQL.Injection MEDIUM" "wp-statistics 12.6.6.1 Authenticated.Stored.XSS MEDIUM" "wp-statistics 12.6.4 Referer.Cross-Site.Scripting.(XSS) MEDIUM" "wp-statistics 12.0.10 Authenticated.Cross-Site.Scripting.(XSS) CRITICAL" "wp-statistics 12.0.9 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wc-ciudades-y-regiones-de-chile No.known.fix Cross-Site.Request.Forgery.via.multiple.functions MEDIUM" "woo-add-to-quote 1.5.0 Reflected.Cross-Site.Scripting MEDIUM" "woo-add-to-quote 1.4.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-database-error-manager No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-stacker No.known.fix Stored.XSS.via.CSRF HIGH" "wp-responsive-menu 3.1.7.1 Subscriber+.Settings.Update.to.Stored.XSS HIGH" "wpschoolpress No.known.fix Missing.Authorization.to.Arbitrary.User.Deletion MEDIUM" "wpschoolpress No.known.fix Authenticated.(Parent+).SQL.Injection MEDIUM" "wpschoolpress No.known.fix Missing.Authorization.to.Privilege.Escalation.via.Account.Takeover HIGH" "wpschoolpress No.known.fix Authenticated.(Teacher+).SQL.Injection MEDIUM" "wpschoolpress No.known.fix Authenticated.(Student/Parent+).SQL.Injection MEDIUM" "wpschoolpress 2.2.11 Insecure.Direct.Object.Reference.to.Authenticated.(Teacher+).Account.Takeover/Privilege.Escalation HIGH" "wpschoolpress 2.2.5 Teacher+.SQLi MEDIUM" "wpschoolpress 2.2.5 Cross-Site.Request.Forgery MEDIUM" "wpschoolpress 2.1.10 Reflected.Cross-Site.Scripting HIGH" "wpschoolpress 2.1.17 Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "wpschoolpress 2.1.10 Multiple.Authenticated.SQL.Injections HIGH" "wb-custom-product-tabs-for-woocommerce 1.2.5 Authenticated.(Shop.Manager+).PHP.Object.Injection HIGH" "wooreviews-importer No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "wezido-elementor-addon-based-on-easy-digital-downloads No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-csv-to-database No.known.fix CSRF LOW" "wpcom-member 1.7.8 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wpcom-member 1.7.7 Unauthenticated.Time-Based.SQL.Injection HIGH" "wpcom-member 1.7.6 Authentication.Bypass.via.'user_phone' CRITICAL" "wpcom-member 1.5.4.1 Reflected.Cross-Site.Scripting MEDIUM" "wpcom-member 1.5.3 Unauthenticated.Privilege.Escalation.via.User.Meta CRITICAL" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.6 Authenticated.(Contributor+).SQL.Injection MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.5 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.4 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.4 Authenticated.(Contributor+).SQL.Injection CRITICAL" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.3 Unauthenticated.Arbitrary.Shortcode.Execution CRITICAL" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.1 Missing.Authorization MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.2 Cross-Site.Request.Forgery MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.1 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.1 Reflected.XSS HIGH" "wp-meta-data-filter-and-taxonomy-filter 1.2.8 Arbitrary.Settings.Update.via.CSRF MEDIUM" "wp-relevant-ads No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-relevant-ads No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-relevant-ads No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "woocommerce-google-adwords-conversion-tracking-tag 1.43.4 Use.of.Polyfill.io MEDIUM" "woocommerce-google-adwords-conversion-tracking-tag 1.32.3 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-google-adwords-conversion-tracking-tag 1.14.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woozone 14.1.0 Missing.Authorization MEDIUM" "woozone 14.1.0 Reflected.Cross-Site.Scripting HIGH" "woozone No.known.fix Subscriber+.SQL.Injection HIGH" "woozone 14.1.0 Subscriber+.Privilege.Escalation HIGH" "woozone 14.1.0 Missing.Authorization MEDIUM" "woozone 14.0.31 Unauthenticated.SQL.Injection HIGH" "wp-image-uploader No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-image-uploader No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "wp-image-uploader No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Deletion HIGH" "wassup No.known.fix Unauthenticated.Stored.XSS HIGH" "wassup 1.9.1 Cross.Site.Scripting MEDIUM" "wp-greet 6.3 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-photo-sphere No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpsolr-free 24.0.1 Privilege.Escalation.via.CSRF HIGH" "wpadcenter 2.5.9 Contributor+.Stored.XSS MEDIUM" "wpadcenter 2.5.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpadcenter_ad.Shortcode MEDIUM" "wpadcenter 2.5.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.ad_alignment.Attribute MEDIUM" "wpfrom-email 1.8.9 Admin+.Stored.XSS LOW" "woocommerce-abandoned-cart 5.16.2 Multiple.CSRF MEDIUM" "woocommerce-abandoned-cart 5.16.2 Missing.Authorization.via.multiple.AJAX.functions MEDIUM" "woocommerce-abandoned-cart 5.16.1 Improper.Authorization.via.wcal_preview_emails LOW" "woocommerce-abandoned-cart 5.16.1 Improper.Authorization.via.wcal_delete_expired_used_coupon_code LOW" "woocommerce-abandoned-cart 5.16.0 Admin+.Stored.XSS LOW" "woocommerce-abandoned-cart 5.15.0 Authentication.Bypass CRITICAL" "woocommerce-abandoned-cart 5.8.6 CSRF.Nonce.Bypasses MEDIUM" "woocommerce-abandoned-cart 5.8.3 Unauthenticated.SQL.Injection CRITICAL" "woocommerce-abandoned-cart 5.2.0 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "woocommerce-abandoned-cart 1.9 Authenticated.Blind.SQL.Injection CRITICAL" "webparex No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ws-contact-form 1.3.8 Admin+.Stored.XSS LOW" "wp-custom-post-rss-feed No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "webinar-and-video-conference-with-jitsi-meet 2.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-email-users No.known.fix Subscriber+.SQL.Injection HIGH" "wpdm-gutenberg-blocks 2.1.9 Contributor+.XSS MEDIUM" "wp-word-count No.known.fix Missing.Authorization.via.calculate_statistics MEDIUM" "wp-word-count 3.2.4 Admin+.Stored.Cross-Site.Scripting LOW" "wp-shamsi No.known.fix Subscriber+.Attachment.Deletion MEDIUM" "wp-shamsi 4.1.1 Unauthenticated.Arbitrary.Plugin.Deactivation MEDIUM" "wp-shamsi 4.2.0 Subscriber+.Settings.Update MEDIUM" "wp-login-customizer No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-to-twitter 3.3.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-to-twitter 3.3.0 Subscriber+.Arbitrary.Option.Update CRITICAL" "whatsapp No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-agenda No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wapppress-builds-android-app-for-website 6.0.5 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wapppress-builds-android-app-for-website 6.0.5 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "wapppress-builds-android-app-for-website 6.0.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-whatsapp 3.6.9 Missing.Authorization.to.Authenticated.(Subscriber+).Filebird.Plugin.Installation MEDIUM" "wp-whatsapp 3.6.5 Admin+.Stored.XSS LOW" "wp-whatsapp 3.6.4 Admin+.Stored.XSS LOW" "wp-whatsapp 3.6.3 Contributor+.Stored.XSS MEDIUM" "wp-whatsapp 3.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Block.Attributes MEDIUM" "wp-whatsapp 3.4.5 Admin+.Stored.XSS LOW" "wip-woocarousel-lite 1.1.8 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wip-woocarousel-lite 1.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpdatatables 6.3.2 Tables.&.Table.Charts.(Premium).<.6.3.2.-.Unauthenticated.SQL.Injection CRITICAL" "wpdatatables 6.4 Tables.&.Table.Charts.(Premium).<.6.4.-.Missing.Authorization.to.DataTable.Access.&.Modification HIGH" "wpdatatables 3.4.2.14 Unauthenticated.Stored.Cross-Site.Scripting.via.CSV.Import MEDIUM" "wpdatatables 3.4.2.5 Reflected.Cross-Site.Scripting. MEDIUM" "wpdatatables 2.1.66 Admin+.PHP.Object.Injection MEDIUM" "wpdatatables 2.1.50 Contributor+.Stored.XSS MEDIUM" "wpdatatables 2.1.28 Admin+.Stored.Cross-Site.Scripting LOW" "wpdatatables 2.1.28 Admin+.Stored.Cross-Site.Scripting LOW" "wpdatatables 3.4.2 Improper.Access.Control.leading.to.Table.Permission.Takeover HIGH" "wpdatatables 3.4.2 Blind.SQL.Injection.via.start.Parameter CRITICAL" "wpdatatables 3.4.2 Improper.Access.Control.leading.to.Table.Data.Deletion MEDIUM" "wpdatatables 3.4.2 Blind.SQL.Injection.via.length.Parameter CRITICAL" "wpdatatables 3.4.1 Unauthenticated.SQL.Injection CRITICAL" "wpdatatables 2.0.12 Cross-Site.Scripting.(XSS).&.SQL.Injection HIGH" "wpdatatables 1.5.4 Unauthenticated.SQL.Injection CRITICAL" "wpdatatables 1.5.4 Unauthenticated.Shell.Upload CRITICAL" "woocommerce-bulk-order-form 3.6.0 Shop.Manager+.Stored.XSS MEDIUM" "woo-related-products-refresh-on-reload 3.3.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "woo-gutenberg-products-block 11.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Featured.Image.alt.Attribute MEDIUM" "woo-gutenberg-products-block 5.5.1 Unauthenticated.SQL.Injection CRITICAL" "woo-gutenberg-products-block 3.7.1 Guest.Account.Creation MEDIUM" "wp-offers No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-offers 1.1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woc-open-close 4.9.2 Missing.Authorization MEDIUM" "wpstream 4.5.5 Local.Event.Settings.Update.via.CSRF MEDIUM" "wpstream 4.4.10.6 Settings.Update.via.CSRF MEDIUM" "watupro 5.5.3.7 SQL.Injection CRITICAL" "watupro 4.9.0.8 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wordpress-flash-uploader 3.1.3 Arbitrary.Comm&.Execution CRITICAL" "wp-syntax No.known.fix Author+.Potential.ReDoS LOW" "wep-demo-import 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "wp-additional-logins No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wooexim No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "wooexim No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "wooexim No.known.fix CSRF.to.Reflected.XSS MEDIUM" "wp-mapit 3.0.0 Contributor+.Stored.XSS MEDIUM" "wp-eventpress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpmailer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-affiliate-links No.known.fix Reflected.XSS HIGH" "writer-helper No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wp-flipkart-importer No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wpview No.known.fix Admin+.Stored.XSS LOW" "wp-affiliate-disclosure 1.2.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.$id MEDIUM" "wp-affiliate-disclosure 1.2.7 Cross-Site.Request.Forgery.via.check_capability MEDIUM" "wp-affiliate-disclosure 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-affiliate-disclosure 1.1.4 Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-catalogue No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "wp-glossary No.known.fix Missing.Authorization MEDIUM" "wp-glossary No.known.fix Contributor+.Stored.XSS MEDIUM" "wpmastertoolkit 2.6.0 Authenticated.(Administrator+).to.Arbitrary.File.Read.and.Write HIGH" "wpmastertoolkit 1.14.0 Authenticated.(Admin+).Arbitrary.File.Download MEDIUM" "wpmastertoolkit 1.14.0 Authenticated.(Admin+).Arbitrary.File.Upload HIGH" "wordpress-toolbar No.known.fix Open.Redirect MEDIUM" "woocommerce-wholesale-pricing 2.3.1 Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "woocommerce-wholesale-pricing 2.3.1 Unauthenticated.Information.Exposure MEDIUM" "wp-frontend-submit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "weforms 1.6.24 Use.of.Polyfill.io MEDIUM" "weforms 1.6.21 Missing.Authorization MEDIUM" "weforms 1.6.22 Unauthenticated.Stored.Cross-Site.Scripting.via.Referer HIGH" "weforms 1.6.19 Missing.Authorization.via.export_form_entries MEDIUM" "weforms 1.6.18 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "weforms 1.6.14 Admin+.Stored.Cross-Site.Scripting LOW" "weforms 1.6.4 CSV.Injection MEDIUM" "woo-product-slider-and-carousel-with-category 2.8 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-eMember 10.7.0 Stored.XSS.via.CSRF HIGH" "wp-eMember 10.6.7 Reflected.XSS.via.Member.Edit HIGH" "wp-eMember 10.6.7 Unauthenticated.Stored.XSS.via.Member.Registration HIGH" "wp-eMember 10.6.6 Reflected.XSS HIGH" "wp-eMember 10.6.6 Stored.XSS.in.Blacklist.via.CSRF HIGH" "wp-eMember 10.6.7 Reflected.XSS MEDIUM" "wp-eMember 10.6.6 Admin+.Arbitrary.File.Upload MEDIUM" "wp-eMember 10.6.6 Reflected.XSS HIGH" "wp-eMember 10.6.6 Bulk.Delete.via.CSRF MEDIUM" "wp-eMember 10.3.9 Reflected.XSS HIGH" "wp-eMember 10.3.9 Reflected.Cross-Site.Scripting MEDIUM" "wpgetapi 2.25.1 Authenticated.(Administrator+).Server-Side.Request.Forgery MEDIUM" "wpgetapi 2.2.2 2.2.1.-.Authenticated.(Subscriber+).Arbitrary.Options.Update MEDIUM" "wp-touch-slider No.known.fix Reflected.XSS HIGH" "wp-shapes No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "wp-twitter-mega-fan-box No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "webful-simple-grocery-shop No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-orders-tracking 1.2.11 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "woo-orders-tracking 1.2.6 Admin+.Arbitrary.File.Access/Read MEDIUM" "woo-orders-tracking 1.1.10 Reflected.Cross-Site.Scripting HIGH" "webmaster-tools-verification No.known.fix Unauthenticated.Arbitrary.Plugin.Deactivation HIGH" "wpgateway No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "wp-simple-booking-calendar 2.0.14 Missing.Authorization MEDIUM" "wp-simple-booking-calendar 2.0.11 Reflected.Cross-Site.Scripting MEDIUM" "wp-simple-booking-calendar 2.0.8.5 Cross-Site.Request.Forgery MEDIUM" "wp-simple-booking-calendar 2.0.6 Authenticated.SQL.Injection MEDIUM" "workbox-video-from-vimeo-youtube-plugin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-full-stripe-free 7.0.18 Settings.Update.via.CSRF MEDIUM" "wp-full-stripe-free 7.0.6 Admin+.Stored.XSS LOW" "wp-full-stripe-free 7.0.6 Admin+.Stored.Cross-Site.Scripting MEDIUM" "wp-subtitle 3.4.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wp-flipclock No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-flipclock 1.8 Contributor+.Stored.XSS MEDIUM" "wp-popup-banners No.known.fix Subscriber+.SQLi HIGH" "wp-popup-banners No.known.fix Subscriber+.SQLi HIGH" "wp-popup-banners 1.2.4 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wp-chinese-conversion No.known.fix Reflected.XSS HIGH" "woo-social-login No.known.fix Cross-Site.Request.Forgery MEDIUM" "woo-social-login 2.7.8 WordPress./.WooCommerce.Plugin.<.2.7.8.-.Authentication.Bypass HIGH" "woo-social-login 2.7.6 Social.Login.<.2.7.6.-.Authentication.Bypass.to.Account.Takeover CRITICAL" "woo-social-login 2.7.4 Social.Login.<.2.7.4.-.Missing.Authorization.to.Unauthenticated.Privilege.Escalation CRITICAL" "woo-social-login 2.7.4 Social.Login.<.2.7.4.-.Unauthenticated.Privilege.Escalation.via.One-Time.Password HIGH" "woo-social-login 2.7.4 Social.Login.<.2.7.4.-.Unauthenticated.Authentication.Bypass HIGH" "woo-social-login 2.7.0 Unauthenticated.PHP.Object.Injection CRITICAL" "woo-social-login 2.6.3 Social.Login.<.2.6.3.-.Email.Verification.due.to.Insufficient.Randomness MEDIUM" "woo-social-login 2.6.3 Social.Login.<.2.6.3.-.Unauthenticated.PHP.Object.Injection CRITICAL" "wisdm-reports-for-learndash 1.8.2.2 Reports.Free.<.1.8.2.2.-.Missing.Authorization.to.Plugin.Settings.Update MEDIUM" "wp-easy-gallery No.known.fix Authenticated.(Contributor+).SQL.Injection.via.key.Parameter HIGH" "wp-easy-gallery No.known.fix Authenticated.(Subscriber+).SQL.Injection CRITICAL" "wp-easy-gallery No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Gallery.Manipulation MEDIUM" "woocommerce-frontend-shop-manager 4.7.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "word-balloon 4.22.0 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "word-balloon 4.20.3 Avatar.Removal.via.CSRF MEDIUM" "word-balloon 4.19.3 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wordpress-backup-to-dropbox 4.1 Reflected.XSS MEDIUM" "wp-seo-tags No.known.fix Reflected.Cross-Site.Scripting HIGH" "wp-worthy 1.7.0-0cde1c2 Cross-Site.Request.Forgery MEDIUM" "wp-meteor 3.4.4 Unauthenticated.Full.Path.Disclosure MEDIUM" "woocommerce-checkout-field-editor-pro 3.6.3 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "web-stories 1.38.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "web-stories 1.32 Author+.Auth.Bypass LOW" "web-stories 1.25.0 Subscriber+.Server.Side.Request.Forgery MEDIUM" "wp-cards No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "whizzy No.known.fix Missing.Authorization MEDIUM" "whizzy No.known.fix Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "wp-turnstile-cloudflare-captcha No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wordpress-popular-posts 7.2.0 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "wordpress-popular-posts 6.3.3 Contributor+.Stored.XSS MEDIUM" "wordpress-popular-posts 6.1.0 Unauthenticated.Views.Manipulation MEDIUM" "wordpress-popular-posts 6.0.0 Reflected.Cross-Site.Scripting MEDIUM" "wordpress-popular-posts 5.3.4 Admin+.Stored.Cross-Site.Scripting LOW" "wordpress-popular-posts 5.3.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wordpress-popular-posts 5.3.3 Authenticated.Code.Injection HIGH" "wd-image-magnifier-xoss No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "weekly-schedule 3.4.3 Authenticated.Stored.XSS MEDIUM" "wow-carousel-for-divi-lite 2.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Carousel.and.Logo.Carousel.Widgets MEDIUM" "wow-carousel-for-divi-lite 1.2.12 Reflected.Cross-Site.Scripting MEDIUM" "wp-enable-svg No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "wp-tools-gravity-forms-divi-module 7.1.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-tools-gravity-forms-divi-module 6.6.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "workreap 3.2.6 Unauthenticated.Privilege.Escalation CRITICAL" "wp-video-gallery-free No.known.fix Unauthenticated.SQLi HIGH" "wp-captcha No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-captcha No.known.fix Captcha.Bypass MEDIUM" "wppdf No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-config-file-editor No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "woocommerce-follow-up-emails 4.9.50 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "woocommerce-follow-up-emails 4.9.50 Unauthenticated.Reflected.XSS HIGH" "wp-cleanfix 5.7.0 Subscriber+.Post/Comment/Post.Meta.Content.Replacement MEDIUM" "wp-cleanfix 3.0.2 Remote.Comm&.Execution,.CSRF.&.XSS HIGH" "which-template-file 5.1.0 Reflected.XSS HIGH" "which-template-file 4.9 Arbitrary.Settings.Update.via.CSRF MEDIUM" "w3swoozoho 1.3.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-options-editor No.known.fix Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "wp-front-end-profile 1.3.2 Unauthenticated.Privilege.Escalation CRITICAL" "wp-front-end-profile 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-front-end-profile 1.2.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-front-end-profile 1.2.2 CSRF.Check.Incorrectly.Implemented LOW" "wp-front-end-profile 0.2.2 Privilege.Escalation.&.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "woo-simple-frontend-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-simple-frontend-manager 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-video-robot No.known.fix The.Ultimate.Video.Importer.<=.1.20.0.-.Reflected.Cross-Site.Scripting MEDIUM" "wp-video-robot No.known.fix .Authenticated.(Subscriber+).Privilege.Escalation.via.User.Meta.Update HIGH" "wp-video-robot No.known.fix The.Ultimate.Video.Importer.<=.1.20.0.-.Unauthenticated.SQL.Injection HIGH" "wc-estimate-and-quote No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-shipping-gateway-per-product 2.3.3 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-shipping-gateway-per-product 2.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpextended 3.0.15 Reflected.Cross-Site.Scripting MEDIUM" "wpextended 3.0.14 Missing.Authorization.to.Unauthenticated.Post.Order.Manipulation MEDIUM" "wpextended 3.0.13 Unauthenticated.SQL.Injection.via.Login.Attempts.Module HIGH" "wpextended 3.0.12 Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting HIGH" "wpextended 3.0.12 Missing.Authorization.to.Authenticated.(Subscriber+).Remote.Code.Execution HIGH" "wpextended 3.0.10 Reflected.Cross-Site.Scripting MEDIUM" "wpextended 3.0.9 Reflected.Cross-Site.Scripting MEDIUM" "wpextended 3.0.9 Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "wpextended 3.0.9 Insecure.Direct.Object.Reference MEDIUM" "wpextended 3.0.9 Reflected.Cross-Site.Scripting.via.selected_option MEDIUM" "wpextended 3.0.9 Reflected.Cross-Site.Scripting.via.page MEDIUM" "wpextended 3.0.9 Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "wpextended 3.0.9 Missing.Authorization.to.Admin.Username.Change MEDIUM" "wpextended 3.0.9 Directory.Traversal.to.Authenticated.(Subscriber+).Arbitrary.File.Download HIGH" "wpextended 3.0.0 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "wpcasa-mail-alert 3.3.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-maximum-upload-file-size 1.1.4 Authenticated.(Author+).Full.Path.Disclosure MEDIUM" "white-page-publication No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "wpshop No.known.fix 2.6.0.-.Authenticated.(Subscriber+).Privilege.Escalation.via.Account.Takeover HIGH" "wpshop No.known.fix 2.6.0.-.Insecure.Direct.Object.Reference.to.Authenticated.(Subscriber+).Arbitrary.User.Key.Generation MEDIUM" "wpshop No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "wp-tripadvisor-review-slider 12.7 Authenticated.(Administrator+).SQL.Injection CRITICAL" "wp-tripadvisor-review-slider 11.9 Admin+.Stored.XSS LOW" "wp-tripadvisor-review-slider 11.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-tripadvisor-review-slider 10.8 Subscriber+.SQLi HIGH" "woocommerce-menu-bar-cart 2.12.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-special-textboxes 6.2.5 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "wp-special-textboxes 5.9.110 Admin+.Stored.Cross-Site.Scripting LOW" "wp-plugin-manager 1.1.8 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "wp-pagseguro-payments No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woo-product-finder 1.4.2 Reflected.Cross-Site.Scripting MEDIUM" "woo-bookings-calendar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woo-cart-abandonment-recovery 1.2.27 Templates/Abandoned.Orders.Deletion.via.CSRF MEDIUM" "wp-facebook-group No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-facebook-group No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wordpressplugin-upgrade-time-out-plugin No.known.fix Stored.XSS.via.CSRF HIGH" "wp-photo-text-slider-50 No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-photo-text-slider-50 8.1 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "woocommerce-products-slider 1.13.51 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-products-slider 1.13.42 Contributor+.Stored.XSS MEDIUM" "woocommerce-products-slider 1.13.22 Reflected.Cross-Site.Scripting.(XSS) HIGH" "wsify-widget No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wordpress-database-reset 3.23 Cross-Site.Request.Forgery.to.WP.Reset.Plugin.Installation MEDIUM" "wordpress-database-reset 3.15 Privilege.Escalation HIGH" "wordpress-database-reset 3.15 Unauthenticated.Database.Reset CRITICAL" "wp-forms-puzzle-captcha No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "wp-forms-puzzle-captcha No.known.fix Captcha.Bypass MEDIUM" "wp-forms-puzzle-captcha No.known.fix CSRF MEDIUM" "woo-easy-duplicate-product 0.3.0.8 Missing.Authorization.via.wedp_duplicate_product_action MEDIUM" "woo-easy-duplicate-product 0.3.0.1 Reflected.XSS HIGH" "wp-lead-stream No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-lead-stream No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpvivid-backup-mainwp 0.9.34 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wpvivid-backup-mainwp 0.9.33 Reflected.Cross-Site.Scripting MEDIUM" "wp-shieldon 1.6.4 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "wd-instagram-feed 1.4.29 Reflected.Cross-Site.Scripting.(XSS) HIGH" "wd-instagram-feed 1.3.1 XSS MEDIUM" "wp-cookies-enabler No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "wp-simple-firewall 20.0.6 Reflected.XSS HIGH" "wp-simple-firewall 19.1.11 Cross-Site.Request.Forgery MEDIUM" "wp-simple-firewall 18.5.10 Unauthenticated.Local.File.Inclusion CRITICAL" "wp-simple-firewall 18.5.8 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-simple-firewall 17.0.18 Unauthenticated.Stored.XSS HIGH" "wp-simple-firewall 17.0.18 Subscriber+.Arbitrary.Log.Entry.Creation MEDIUM" "wp-simple-firewall 13.0.6 Admin+.Stored.Cross-Site.Scripting LOW" "wpm-news-api No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-google-tag-manager No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "woo-razorpay 4.5.7 Subscriber+.Transfers.Manipulation MEDIUM" "woo-razorpay 4.5.7 Transfers.Manipulation.via.CSRF MEDIUM" "wp-table-builder 2.0.6 Reflected.Cross-Site.Scripting HIGH" "wp-table-builder 1.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-table-builder 1.6.0 Admin+.Stored.XSS LOW" "wp-table-builder 1.4.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-table-builder 1.4.10 Reflected.Cross-Site.Scripting MEDIUM" "wp-table-builder 1.4.7 Admin+.Stored.XSS MEDIUM" "wp-table-builder 1.3.16 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-table-builder 1.3.10 Reflected.Cross-Site.Scripting HIGH" "wp-olivecart No.known.fix Admin+.Stored.XSS LOW" "webp-converter-for-media 4.0.3 Unauthenticated.Open.redirect MEDIUM" "webp-converter-for-media 1.0.3 Cross-Site.Request.Forgery.(CSRF) HIGH" "woocommerce-country-based-payments 1.4.4 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-country-based-payments 1.4.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-exfood 3.3.3 Restaurant.Menu.&.Food.ordering.<.3.3.3.-.Unauthenticated.Arbitrary.Shortcode.Execution.via.ids HIGH" "wp-all-export 1.4.1 Remote.Code.Execution.via.CSRF CRITICAL" "wp-all-export 1.4.1 Author+.PHAR.Deserialization.via.CSRF HIGH" "wp-all-export 1.4.0 Admin+.RCE MEDIUM" "wp-all-export 1.3.6 Reflected.Cross-Site.Scripting MEDIUM" "wp-all-export 1.3.5 Admin+.SQL.Injection MEDIUM" "wp-all-export 1.3.1 Admin+.Stored.Cross-Site.Scripting LOW" "welcome-popup No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "widgets-on-pages-and-posts No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "widgets-on-pages-and-posts No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "wc-product-table-lite 3.9.6 Missing.Authorization MEDIUM" "wc-product-table-lite 3.9.5 Unauthenticated.Arbitrary.Shortcode.Execution.&.Reflected.Cross-Site.Scripting HIGH" "wc-product-table-lite 3.9.0 Missing.Authorization MEDIUM" "wc-product-table-lite 3.8.7 Unauthenticated.Arbitrary.Shortcode.Execution.&.Reflected.Cross-Site.Scripting HIGH" "wc-product-table-lite 3.8.6 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "wc-product-table-lite 3.8.6 Missing.Authorization.to.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wc-product-table-lite 3.1.0 CSRF MEDIUM" "wc-product-table-lite 2.4.0 Reflected.Cross-Site.Scripting MEDIUM" "wpfavicon No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting LOW" "wp-ultimate-search No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpmozo-addons-lite-for-elementor 1.1.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wpmozo-addons-lite-for-elementor 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-church-center No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp125 1.5.5 Arbitrary.Ad.Deletion.via.CSRF MEDIUM" "wpantiddos No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "widget-settings-importexport No.known.fix Authenticated.Stored.XSS HIGH" "woo-remove-cart-and-query-button No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-remove-cart-and-query-button No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-dev-powers-display-screen-dimensions-to-admin No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-test-email 1.1.9 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-test-email 1.1.8 Reflected.Cross-Site.Scripting MEDIUM" "wp-multisite-content-copier-pro 2.1.2 Reflected.Cross-Site.Scripting MEDIUM" "wp-multisite-content-copier-pro 2.1.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-bing-search 2.6.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-bing-search 2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-education 1.2.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.text_html_tag MEDIUM" "wp-education 1.2.7 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "wp-jquery-datatable 4.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-jquery-datatable 4.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "web-stat 1.4.1 API.Key.Disclosure HIGH" "wp-dtree-30 No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-dtree-30 No.known.fix Reflected.XSS HIGH" "wp-dtree-30 No.known.fix Admin+.Stored.XSS LOW" "wp-orphanage-extended 1.3 Cross-Site.Request.Forgery.to.Orphan.Account.Privilege.Escalation HIGH" "wp-cookiechoise No.known.fix CSRF.to.Stored.Cross-Site.Scripting HIGH" "wp-image-slideshow 12.1 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "woocommerce-product-vendors 2.2.3 Missing.Authorization MEDIUM" "woocommerce-product-vendors 2.2.2 Missing.Authorization MEDIUM" "woocommerce-product-vendors 2.1.77 Vendor.Admin+.SQLi MEDIUM" "woocommerce-product-vendors 2.1.77 Reflected.XSS HIGH" "woocommerce-product-vendors 2.1.79 ShopManager+.SQLi MEDIUM" "woocommerce-product-vendors 2.1.77 Unauthenticated.Reflected.XSS HIGH" "woocommerce-product-vendors 2.1.69 Vendor.Commission.Percentage.Update.via.IDOR MEDIUM" "woocommerce-product-vendors 2.1.66 Unauthenticated.Blind.SQLi HIGH" "woocommerce-product-vendors 2.1.66 Note.Creation.via.IDOR LOW" "woo-admin-product-notes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-admin-product-notes No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-admin-product-notes No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "woocommerce-currency-switcher 1.4.2.3 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "woocommerce-currency-switcher 1.4.2.2 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "woocommerce-currency-switcher 1.4.2.1 Missing.Authorization MEDIUM" "woocommerce-currency-switcher 1.4.1.9 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "woocommerce-currency-switcher 1.4.1.8 Cross-Site.Request.Forgery MEDIUM" "woocommerce-currency-switcher 1.4.1.7 Subscriber+.Stored.XSS MEDIUM" "woocommerce-currency-switcher 1.4.1.5 Cross-Site.Request.Forgery.via.delete_profiles_data MEDIUM" "woocommerce-currency-switcher 1.3.9.3 Contributor+.Stored.XSS MEDIUM" "woocommerce-currency-switcher 1.3.9.4 Contributor+.Stored.XSS MEDIUM" "woocommerce-currency-switcher 1.3.7.5 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-currency-switcher 1.3.7.3 Reflected.Cross-Site.Scripting HIGH" "woocommerce-currency-switcher 1.3.7.1 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-currency-switcher 1.3.7 Authenticated.(Low.Privilege).Local.File.Inclusion CRITICAL" "wp-whatsapp-chat 6.0.5 Admin+.Stored.Cross-Site.Scripting LOW" "wpb-show-core 2.7 Reflected.XSS HIGH" "wpb-show-core 2.7 Reflected.XSS HIGH" "wpb-show-core 2.6 Reflected.XSS HIGH" "wpb-show-core No.known.fix Unauthenticated.Server.Side.Request.Forgery MEDIUM" "wpb-show-core No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "wpb-show-core No.known.fix Reflected.Cross-Site.Scripting HIGH" "wp-smart-contracts No.known.fix Unauthenticated.SQL.Injection HIGH" "wp-smart-contracts 1.3.12 Author+.SQLi MEDIUM" "wp-compress-image-optimizer 6.30.16 Authenticated.(Subscriber+).Missing.Authorization.via.Multiple.Functions HIGH" "wp-compress-image-optimizer 6.30.16 Unauthenticated.Server-Side.Request.Forgery.via.init.Function MEDIUM" "wp-compress-image-optimizer 6.30.04 Reflected.Cross-Site.Scripting.via.custom_server.Parameter MEDIUM" "wp-compress-image-optimizer 6.21.01 Reflected.Cross-Site.Scripting MEDIUM" "wp-compress-image-optimizer 6.20.02 Open.Redirect.via.css MEDIUM" "wp-compress-image-optimizer 6.20.02 Missing.Authorization MEDIUM" "wp-compress-image-optimizer 6.11.01 Cross-Site.Request.Forgery MEDIUM" "wp-compress-image-optimizer 6.11.11 Missing.Authorization.to.Unauthenticated.CDN.Modification HIGH" "wp-compress-image-optimizer 6.10.34 Unauthenticated.Arbitrary.File.Read HIGH" "wp-better-permalinks 3.0.5 CSRF.allowing.Option.Update HIGH" "wp-login-attempt-log No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-conditional-payment-gateways 1.16.0 Reflected.Cross-Site.Scripting MEDIUM" "woo-conditional-payment-gateways 1.13.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wechat-subscribers-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-poll No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.via.form_data.Parameter HIGH" "wp-poll 3.3.78 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-poll 3.3.77 Information.Exposure MEDIUM" "weblizar-pinterest-feeds 1.1.2 Authenticated.XSS.&.CSRF HIGH" "wpc-smart-messages 4.2.2 Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "wpc-smart-messages 4.2.2 Missing.Authorization.to.Authenticated.(Subscriber+).Message.Activation/Deactivation MEDIUM" "wp-mpdf 3.8 Reflected.Cross-Site.Scripting MEDIUM" "wp-mpdf 3.5.2 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "woo-additional-fees-on-checkout-wordpress 1.4.8 Reflected.Cross-Site.Scripting.via.'number' MEDIUM" "woocommerce-ninjaforms-product-addons 1.7.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wowpth No.known.fix Reflected.XSS HIGH" "wowpth No.known.fix Reflected.XSS HIGH" "woorocks-magic-content No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woorocks-magic-content No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "woo-product-variation-swatches 2.3.8 Reflected.Cross-Site.Scripting HIGH" "wpb-elementor-addons 1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpb-elementor-addons 1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.url.Parameter MEDIUM" "wpb-elementor-addons 1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "where-did-they-go-from-here 3.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "where-did-they-go-from-here 2.1.0 Reflected.Cross-Site.Scripting MEDIUM" "weaverx-theme-support 6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.div.Shortcode MEDIUM" "weaverx-theme-support 6.3.1 Admin+.PHP.Object.Injection LOW" "weaverx-theme-support 6.2.7 Contributor+.Stored.XSS MEDIUM" "weight-based-shipping-for-woocommerce 5.5.0 Settings.Update.via.CSRF MEDIUM" "wp-google-map-gold 5.8.5 Missing.Authorization MEDIUM" "wc-product-customer-list 3.1.5 Reflected.Cross-Site.Scripting MEDIUM" "wc-product-customer-list 3.0.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-hotjar No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wphelpkit 1.1 Reflected.Cross-Site.Scripting MEDIUM" "wphelpkit 1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-realestate 1.6.27 Authentication.Bypass.via.'process_register' CRITICAL" "wp-featherlight No.known.fix Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.Featherlight.js.JavaScript.Library MEDIUM" "wp-elegant-testimonial No.known.fix Multiple.Authenticated.Stored.Cross-Site.Scripting LOW" "wp-voting-contest 3.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-facebook-messenger No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "woocommerce-display-products-by-tags No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpforms-lite 1.9.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.fieldHTML.Parameter MEDIUM" "wpforms-lite 1.9.2.3 Contributor+.Custom.Form.Theme.Creation LOW" "wpforms-lite 1.9.2.2 1.9.2.1.-.Missing.Authorization.to.Authenticated.(Subscriber+).Payment.Refund.and.Subscription.Cancellation HIGH" "wpforms-lite 1.9.2.3 Admin+.Stored.XSS LOW" "wpforms-lite 1.9.2.1 Cross-Site.Request.Forgery.(CSRF).to.Plugin's.Log.Deletion MEDIUM" "wpforms-lite 1.9.1.6 Admin+.Stored.XSS LOW" "wpforms-lite 1.8.8.2 Unauthenticated.Price.Manipulation MEDIUM" "wpforms-lite 1.8.1.3 Reflected.XSS MEDIUM" "wpforms-lite 1.7.5.5 Admin+.Arbitrary.File.Access MEDIUM" "wpforms-lite 1.6.0.2 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wpforms-lite 1.5.9 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "wpforms-lite 1.4.8.1 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "wpforms-lite 1.4.8 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wpbookit 1.0.3 Insecure.Direct.Object.Reference.to.Unauthenticated.Privilege.Escalation.via.Email.Update CRITICAL" "wpbookit 1.0.3 Insecure.Direct.Object.Reference.to.Unauthenticated.Privilege.Escalation.via.Account.Takeover CRITICAL" "wpbookit No.known.fix Missing.Authorization MEDIUM" "wpbookit 1.0.2 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wpbookit 1.6.10 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wpbookit 1.6.6 Unauthenticated.Arbitrary.User.Password.Change CRITICAL" "wpbookit No.known.fix Unauthenticated.SQL.Injection HIGH" "wp-politic 2.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-politic 2.3.8 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "wp-editormd No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-editormd 10.0.4 Cross-Site.Scripting.(XSS) MEDIUM" "wpbricks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpbricks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-championship 9.3 Multiple.CSRF MEDIUM" "wp-register-profile-with-shortcode 3.6.0 Cross-Site.Request.Forgery.to.User.Password.Reset HIGH" "wp-register-profile-with-shortcode 3.5.9 Admin+.Stored.XSS LOW" "wp-inquiries No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "wp-yelp-review-slider 8.2 Authenticated.(Administrator+).SQL.Injection MEDIUM" "wp-yelp-review-slider 7.1 Subscriber+.SQLi HIGH" "woo-country-restrictions-advanced 1.14.3 Reflected.Cross-Site.Scripting MEDIUM" "woo-country-restrictions-advanced 1.13.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-shipping-multiple-addresses 3.8.10 Missing.Authorization MEDIUM" "woocommerce-shipping-multiple-addresses 3.8.6 Cross-Site.Request.Forgery MEDIUM" "woocommerce-shipping-multiple-addresses 3.8.6 Customer+.Shipping.Address.Update MEDIUM" "woocommerce-shipping-multiple-addresses 3.8.6 Reflected.Cross-Site.Scripting HIGH" "woocommerce-shipping-multiple-addresses 3.8.6 Billing.Address.Update.via.CSRF MEDIUM" "woocommerce-shipping-multiple-addresses 3.8.4 Subscriber+.Shipping.Address.Disclosure.via.IDOR MEDIUM" "woocommerce-shipping-multiple-addresses 3.7.2 Reflected.Cross-Site.Scripting HIGH" "woocommerce-shipping-multiple-addresses 3.7.2 Address.Creation/Update/Deletion.via.CSRF MEDIUM" "woocommerce-2checkout-payment No.known.fix Missing.Authorization.via.sniff_ins MEDIUM" "wp-default-feature-image No.known.fix Admin+.Stored.XSS LOW" "weather-layer No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-lightbox-2 3.0.6.7 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "wp-lightbox-2 No.known.fix Admin+.Stored.XSS LOW" "wp-easy-poll-afo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-ultimate-reviews-free No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-copysafe-web 4.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-copysafe-web 3.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-copysafe-web 3.14 Unauthenticated.Reflected.XSS HIGH" "wp-copysafe-web 2.6 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wp-cirrus No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "ws-force-login-page No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-awesome-buttons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.btn2.Shortcode MEDIUM" "woo-shipping-display-mode 3.7.7 Reflected.Cross-Site.Scripting MEDIUM" "woo-shipping-display-mode 3.7.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wise-chat 2.8.4 CSV.Injection HIGH" "wise-chat 2.7 Reverse.Tabnabbing MEDIUM" "wpdoodlez No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "wp-inventory-manager 2.3.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-inventory-manager 2.1.0.14 Inventory.Items.Deletion.via.CSRF MEDIUM" "wp-inventory-manager 2.1.0.13 Reflected.Cross-Site.Scripting HIGH" "wp-inventory-manager 2.1.0.12 Reflected.XSS HIGH" "woo-salesforce-plugin-crm-perks 1.5.9 Reflected.Cross-Site.Scripting HIGH" "wp-knowledgebase No.known.fix CSRF MEDIUM" "wp-rss-by-publishers No.known.fix Admin+.SQLi MEDIUM" "wp-rss-by-publishers No.known.fix Admin+.SQLi MEDIUM" "wp-rss-by-publishers No.known.fix Admin+.SQLi MEDIUM" "wp-map-block 1.2.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "white-label 2.9.1 Cross-Site.Request.Forgery.via.white_label_reset_wl_admins MEDIUM" "wp-crontrol 1.16.2 Remote.Code.Execution MEDIUM" "wp-attest No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-attest No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-file-manager 7.2.8 Missing.Authorization MEDIUM" "wp-file-manager 7.2.6 Authenticated.(Administrator+).Directory.Traversal MEDIUM" "wp-file-manager 7.2.5 Cross-Site.Request.Forgery.to.Local.JS.File.Inclusion HIGH" "wp-file-manager 7.2.2 Directory.Traversal CRITICAL" "wp-file-manager 7.2.2 Sensitive.Information.Exposure.via.Backup.Filenames HIGH" "wp-file-manager 7.1 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-file-manager 6.9 Unauthenticated.Arbitrary.File.Upload.leading.to.RCE CRITICAL" "wp-file-manager 6.5 Backup.File.Directory.Listing MEDIUM" "wp-file-manager 5.2 Multiple.Vulnerabilities HIGH" "wp-file-manager 3.1 CSRF.to.Stored.Cross-Site.Scripting MEDIUM" "wp-file-manager 3.0 Authenticated.Reflected.Cross-Site.Scripting.(XSS) CRITICAL" "wp-user-frontend 4.0.8 Authenticated.(Administrator+).SQL.Injection CRITICAL" "wp-user-frontend 4.0.8 Use.of.Polyfill.io MEDIUM" "wp-user-frontend 3.6.6 Authenticated.(Author+).Privilege.Escalation HIGH" "wp-user-frontend 3.6.9 Missing.Authorization.via.AJAX.actions MEDIUM" "wp-user-frontend 3.5.29 Obscure.Registration.as.Admin MEDIUM" "wp-user-frontend 3.5.26 SQL.Injection.to.Reflected.Cross-Site.Scripting HIGH" "wp-user-frontend 3.5.25 Admin+.SQL.Injection MEDIUM" "wiseagentleadform 3.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-noexternallinks 4.3 Backdoored MEDIUM" "wip-custom-login 1.3.0 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wp-smart-import 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-smart-import 1.1.0 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "wp-smart-import 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-smart-import 1.0.3 Reflected.Cross-Ste.Scripting MEDIUM" "wp-smart-import 1.0.1 Auhenticated.Server-side.Request.Forgery MEDIUM" "wp-booking-system 2.0.19.11 Missing.Authorization.via.wpbs_refresh_calendar_editor MEDIUM" "wp-booking-system 2.0.19.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-booking-system 2.0.19.3 Missing.Authorization MEDIUM" "wp-booking-system 2.0.18.1 Admin+.Stored.XSS LOW" "wp-booking-system 2.0.15 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-booking-system 1.5.2 CSRF.to.Authenticated.SQL.Injection HIGH" "wp-booking-system 1.4 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-copyprotect No.known.fix Settings.Update.via.CSRF MEDIUM" "woocommerce-payplug No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-payplug No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-backitup No.known.fix Cross-Site.Request.Forgery.to.Backup.Trigger MEDIUM" "wp-backitup No.known.fix Missing.Authorization MEDIUM" "wp-backitup No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-backitup No.known.fix Missing.Authorization MEDIUM" "wp-backitup 1.50 Unauthenticated.Sensitive.Data.Exposure HIGH" "w3s-cf7-zoho No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "w3s-cf7-zoho 2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "w3s-cf7-zoho 2.1.0 Reflected.Cross-Site.Scripting.(XSS) HIGH" "wp-colorful-tag-cloud No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-cookies-alert No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-file-checker No.known.fix Authenticated.(Admin+).Arbitrary.File.Deletion MEDIUM" "wp-condition No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-last-modified No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wc-place-order-without-payment 2.6.8 Unauthenticated.Local.File.Inclusion CRITICAL" "wc-place-order-without-payment 2.5 Reflected.Cross-Site.Scripting MEDIUM" "wc-place-order-without-payment 2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-eggdrop No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "wp-eggdrop No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-abstracts-manuscripts-manager No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-abstracts-manuscripts-manager 2.7.4 Cross-Site.Request.Forgery.to.Arbitrary.Account.Deletion HIGH" "wp-abstracts-manuscripts-manager 2.7.3 Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "wp-abstracts-manuscripts-manager 2.7.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-abstracts-manuscripts-manager 2.7.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-abstracts-manuscripts-manager 2.6.4 Admin+.Stored.XSS LOW" "wp-abstracts-manuscripts-manager 2.6.3 Cross-Site.Request.Forgery MEDIUM" "wp-abstracts-manuscripts-manager 2.6.4 Reflected.XSS HIGH" "wp-tiles No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-tiles No.known.fix Subscriber+.Draft/Private.Post.Title.Disclosure MEDIUM" "wp-tiles No.known.fix Contributor+.Stored.XSS HIGH" "wp-media-category-management 2.4.0 2.3.3.-.Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "wp-media-category-management 2.3.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-media-category-management 2.1.3 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-amazon-affiliates-light-version No.known.fix Lite.<=.3.1.-.CSRF MEDIUM" "wp-testimonial-widget No.known.fix Authenticated.(Admin+).SQL.Injection CRITICAL" "wp-testimonial-widget No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-testimonial-widget No.known.fix Missing.Authorization MEDIUM" "woocommerce-stock-manager 2.11.0 Cross-Site.Request.Forgery MEDIUM" "woocommerce-stock-manager 2.6.0 CSRF.to.Arbitrary.File.Upload HIGH" "wp-all-import 3.7.3 Admin+.Arbitrary.File.Upload.to.RCE MEDIUM" "wp-all-import 3.6.9 Admin+.Directory.traversal.via.file.upload MEDIUM" "wp-all-import 3.6.9 Admin+.Arbitrary.File.Upload.to.RCE MEDIUM" "wp-all-import 3.6.8 Admin+.Arbitrary.File.Upload MEDIUM" "wp-all-import 3.6.8 Admin+.Arbitrary.Code.Execution MEDIUM" "wp-all-import 3.6.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-all-import 3.6.3 Admin+.Stored.Cross-Site.Scripting LOW" "wp-all-import 3.4.7 Cross-Site.Scripting.(XSS) MEDIUM" "wp-all-import 3.4.6 Cross-Site.Scripting.(XSS) MEDIUM" "wp-all-import 3.4.6 Cross-Site.Scripting.(XSS) MEDIUM" "wp-all-import 3.2.5 Multiple.Vulnerabilities CRITICAL" "wp-all-import 3.2.4 RCE HIGH" "web2application No.known.fix Reflected.Cross-Site.Scripting HIGH" "wp-custom-admin-interface 7.32 Missing.Authorization.via.wpcai_pro_notice_disable MEDIUM" "wp-custom-admin-interface 7.33 Missing.Authorization.to.Transients.Deletion MEDIUM" "wp-custom-admin-interface 7.29 Admin+.PHP.Object.Injection MEDIUM" "wp-limit-failed-login-attempts 5.6 Unauthenticated.SQL.Injeciton HIGH" "wp-limit-failed-login-attempts 5.4 IP.Address.Spoofing.to.Protection.Mechanism.Bypass MEDIUM" "wp-limit-failed-login-attempts 5.1 Unauthenticated.SQLi HIGH" "wp-limit-failed-login-attempts 2.9 Arbitrary.Plugin.Installation/Activation.via.Low.Privilege.User CRITICAL" "wp-limit-failed-login-attempts 3.1 Arbitrary.Plugin.Installation/Activation.via.CSRF CRITICAL" "wp-bulk-post-duplicator No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-query-creator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-ulike No.known.fix Missing.Authorization.to.Unauthenticated.Content.Spoofing MEDIUM" "wp-ulike 4.7.7 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-ulike 4.7.6 Admin+.Stored.XSS LOW" "wp-ulike 4.7.5 Admin+.Stored.XSS.via.Widgets LOW" "wp-ulike 4.7.5 Cross-Site.Request.Forgery.to.Statistic.Deletion MEDIUM" "wp-ulike 4.7.4 Admin+.Stored.XSS LOW" "wp-ulike 4.7.2.1 Subscriber+.Stored-XSS HIGH" "wp-ulike 4.7.1 Admin+.Stored.XSS LOW" "wp-ulike 2.7.0 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wp-ulike 4.7.0 Authenticated.(Contributor+).SQL.Injection.via.Shortcodes HIGH" "wp-ulike 4.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-ulike 4.6.9 Contributor+.Stored.Cross.Site.Scripting.via.Shortcode MEDIUM" "wp-ulike 4.6.5 Unauthenticated.Rating.Tampering.via.Race.Condition LOW" "widgets-for-zillow-reviews 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "wordpress-tooltips 9.5.3 Cross-Site.Request.Forgery MEDIUM" "wordpress-tooltips 9.4.5 Authenticated.(Contributor+).SQL.Injection CRITICAL" "wooemailreport No.known.fix Reflected.XSS HIGH" "wpf-ultimate-carousel No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-simple-post-view 2.0.1 Post.View.Data.Reset.via.CSRF MEDIUM" "wp-pexels-free-stock-photos No.known.fix Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "wp-pexels-free-stock-photos No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-smart-editor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-cyr-cho No.known.fix Cross-Site.Request.Forgery MEDIUM" "webriti-companion 1.9.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-shoutbox-live-chat No.known.fix Unauthenticated.SQLi HIGH" "wp-shoutbox-live-chat No.known.fix Unauthenticated.Stored.XSS HIGH" "woo-tuner No.known.fix Missing.Authorization MEDIUM" "wpagecontact No.known.fix Authenticated.(editor+).SQL.Injection HIGH" "wp-guppy 1.3 Sensitive.Information.Disclosure HIGH" "wp-maintenance-mode 2.6.9 Subscriber+.Page.design.Update MEDIUM" "wp-maintenance-mode 2.4.5 Subscribed.Users.Deletion.via.CSRF MEDIUM" "wp-maintenance-mode 2.0.7 Authenticated.Multisite.Remote.Code.Execution HIGH" "wp-maintenance-mode 2.0.7 Missing.Settings.Authorization MEDIUM" "wp-maintenance-mode 2.0.7 Subscriber.Information.Disclosure MEDIUM" "woocommerce-cloak-affiliate-links 1.0.36 Cross-Site.Request.Forgery MEDIUM" "woocommerce-cloak-affiliate-links 1.0.34 Missing.Authorization.to.Unauthenticated.Permalink.Modification HIGH" "wp-vk 1.3.4 Cross-Site.Request.Forgery.via.AJAX.actions MEDIUM" "wppageflip No.known.fix index.php.pageflipbook_language.Parameter.Traversal.Local.File.Inclusion CRITICAL" "wp-fullcalendar 1.6 Contributor+.Stored.XSS MEDIUM" "wp-fullcalendar 1.5 Unauthenticated.Arbitrary.Post.Access HIGH" "wpupper-share-buttons 3.52 Cross-Site.Request.Forgery.to.Custom.CSS.Update MEDIUM" "wpupper-share-buttons 3.50 Missing.Authorization MEDIUM" "wpupper-share-buttons 3.43 Admin+.Stored.XSS LOW" "wp-hide-pages No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-migration-duplicator 1.4.9 Missing.Authorization.to.Directory.Traversal MEDIUM" "wp-migration-duplicator 1.4.8 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "wp-migration-duplicator 1.4.4 Subscriber+.Plugin.Settings.Update MEDIUM" "wp-migration-duplicator 1.4.5 Subscriber+.Stored.XSS HIGH" "wp-migration-duplicator 1.4.2 Missing.Authorization.to.Settings.and.Schedule.Modification MEDIUM" "wp-security-questions No.known.fix Cross-Site.Request.Forgery HIGH" "wp-security-questions No.known.fix CSRF.Bypass MEDIUM" "wp-visual-adverts No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "website-monetization-by-magenet 1.0.29.2 Cross-Site.Request.Forgery MEDIUM" "wp-ajax-contact-form No.known.fix Reflected.Cross-Site.Scripting HIGH" "wp-ajax-contact-form No.known.fix Arbitrary.Email.Deletion.via.CSRF MEDIUM" "wsm-downloader No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "wsm-downloader No.known.fix Domain.Name.Restriction.Bypass LOW" "wp-smart-tv 2.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-concours No.known.fix Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "woo-quick-reports No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-quick-reports No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-users-disable No.known.fix Unauthenticated.Settings.Update MEDIUM" "wise-forms No.known.fix Unauthenticated.Stored.XSS HIGH" "wordpress-sql-backup No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "woocommerce-paypal-payments 2.0.5 Merchant.ID.Details.Update.via.CSRF MEDIUM" "woo-point-of-sale 6.2.0 Insecure.Direct.Object.Reference.to.Privilege.Escalation.via.Arbitrary.User.Email.Change CRITICAL" "web-instant-messenger No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "wp-smart-tool-tip No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wpcal 0.9.5.9 Cross-Site.Request.Forgery MEDIUM" "wp-magazine-modules-lite 1.1.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-bugbot No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-bugbot No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wptelegram-widget 2.1.28 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wootrello 3.2.6 Reflected.Cross-Site.Scripting MEDIUM" "wootrello 2.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-product-addon 33.0.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-product-addon 32.0.21 Unauthenticated.Content.Injection.Vulnerability MEDIUM" "woocommerce-product-addon 32.0.19 Unauthenticated.Arbitrary.File.Upload.via.ppom_upload_file CRITICAL" "woocommerce-product-addon 32.0.7 Reflected.Cross-Site.Scripting HIGH" "woocommerce-product-addon 32.0.6 Admin+.Stored.Cross-Site.Scripting LOW" "woocommerce-product-addon 24.0 Subscriber+.Settings.Update.to.Stored.XSS MEDIUM" "woocommerce-product-addon 18.4 Authenticated.Stored.XSS MEDIUM" "weekly-class-schedule No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-school-calendar-lite 3.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-quiz No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpdb-to-sql No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "wp-wiki-tooltip No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-reviews-plugin-for-google 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "wp-reviews-plugin-for-google 10.9.1 Arbitrary.Settings.Update.via.CSRF MEDIUM" "wp-reviews-plugin-for-google 9.8 Contributor+.Stored.XSS MEDIUM" "wp-board No.known.fix Unauthenticated.SQL.Injection CRITICAL" "wp-timelines 3.6.8 Reflected.Cross-Site.Scripting MEDIUM" "wp-timelines 3.6.8 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-timelines 3.6.8 Unauthenticated.Local.File.Inclusion CRITICAL" "wp-quick-shop 1.3.2 Reflected.Cross-Site.Scripting MEDIUM" "woo-pricing-table 1.1.0 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-panoramio No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "woo-giftcards No.known.fix Missing.Authorization MEDIUM" "wptouch 4.3.45 Admin+.PHP.Object.Injection MEDIUM" "wptouch 4.3.45 Admin+.Arbitrary.File.Upload MEDIUM" "wptouch 4.3.44 Reflected.Cross-Site.Scripting MEDIUM" "wp-meta-and-date-remover 2.3.1 Cross-Site.Request.Forgery.via.updateSettings MEDIUM" "wp-meta-and-date-remover 2.2.0 Subscriber+.Stored.XSS HIGH" "wp-meta-and-date-remover 1.9.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "web3-token-gate 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-users-media No.known.fix Missing.Authorization.via.wpusme_save_settings MEDIUM" "wp-users-media No.known.fix Cross-Site.Request.Forgery.in.wpusme_save_settings MEDIUM" "wp-content-filter 3.1.0 Admin+.Stored.Cross.Site.Scripting LOW" "widget-manager-light No.known.fix Missing.Authorization MEDIUM" "wp-e-commerce-style-email No.known.fix Cross-Site.Request.Forgery.to.Remote.Code.Execution HIGH" "wp-e-commerce-style-email No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wheel-of-life 1.1.9 Missing.Authorization MEDIUM" "wheel-of-life 1.1.8 Missing.Authorization.on.Several.AJAX.Endpoints MEDIUM" "woocommerce-anti-fraud 3.9 Unauthenticated.Order.Status.Manipulation MEDIUM" "wp-directorybox-manager No.known.fix Authentication.Bypass CRITICAL" "wp-directorybox-manager No.known.fix Authentication.Bypass CRITICAL" "wp-finance No.known.fix Stored.XSS.via.CSRF HIGH" "wp-finance No.known.fix Reflected.XSS HIGH" "wp-html-mail 3.4.2 Test.Email.Sending.via.CSRF MEDIUM" "wp-html-mail 3.1.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-html-mail 3.1 Unprotected.REST-API.Endpoint MEDIUM" "wp-html-mail 3.0.8 CSRF.to.XSS MEDIUM" "wplyrics No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wpzoom-addons-for-beaver-builder 1.3.6 Authenticated.(Editor+).Local.File.Inclusion HIGH" "wpzoom-addons-for-beaver-builder 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Box.Widget MEDIUM" "wpzoom-addons-for-beaver-builder 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Team.Members.Widget MEDIUM" "wpzoom-addons-for-beaver-builder 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Testimonials.Widget MEDIUM" "wpzoom-addons-for-beaver-builder 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Widget MEDIUM" "wpzoom-addons-for-beaver-builder 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Heading.Widget MEDIUM" "wp-cookie-consent No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-next-post-navi No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "weglot 4.2.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Block.Attributes MEDIUM" "weglot 1.9.3 Reflected.Cross-Site.Scripting MEDIUM" "woo-thank-you-page-customizer 1.1.3 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "woo-thank-you-page-customizer 1.1.3 Missing.Authorization.to.Authenticated.(Subscriber+).Data.Export MEDIUM" "woo-thank-you-page-customizer 1.0.14 CSRF MEDIUM" "wooms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-lister-for-amazon 2.6.17 Reflected.Cross-Site.Scripting MEDIUM" "wp-lister-for-amazon 2.6.12 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-lister-for-amazon 2.6.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-lister-for-amazon 2.4.4 Reflected.XSS HIGH" "wc-dynamic-pricing-and-discounts 2.4.2 Unauthenticated.Settings.Import.to.Stored.XSS HIGH" "wc-dynamic-pricing-and-discounts 2.4.2 Unauthenticated.Settings.Export MEDIUM" "woolook No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "wc-support-system No.known.fix Unauthenticated.Ticket.Deletion/Update,.Settings.Update.etc MEDIUM" "wc-support-system 1.2.2 Admin+.SQLi MEDIUM" "woocommerce-es 2.1 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-es 2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-gallery-metabox No.known.fix Settings.Update.via.CSRF MEDIUM" "wordpress-nextgen-galleryview No.known.fix Reflected.XSS HIGH" "wordpress-nextgen-galleryview No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-show-posts 1.1.6 Improper.Authorization.to.Information.Exposure MEDIUM" "wp-show-posts 1.1.5 Information.Exposure MEDIUM" "wp-show-posts 1.1.4 Contributor+.Stored.XSS MEDIUM" "wookit No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-click-info No.known.fix Reflected.XSS HIGH" "wwm-social-share-on-image-hover No.known.fix Admin+.Stored.XSS LOW" "wish-list-for-woocommerce 3.1.8 Cross-Site.Request.Forgery.to.Cross-Site.Scriping.via.Wishlist.Name MEDIUM" "wish-list-for-woocommerce 3.1.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-nerd-toolkit No.known.fix Unauthenticated.Information.Exposure MEDIUM" "wp-custom-widget-area No.known.fix Subscriber+.Menus.Creation/Deletion/Update MEDIUM" "wp-custom-widget-area No.known.fix Missing.Authorization MEDIUM" "woocommerce-warranties-and-returns 5.3.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "wp-hr-gdpr No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-hr-gdpr 0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-emember 10.6.6 Authenticated.(Admin+).Arbitrary.File.Upload MEDIUM" "woo-addon-uploads 1.7.2 Unauthenticated.Sensitive.Information.Exposure.Through.Unprotected.Directory HIGH" "wp-security-hardening 1.2.7 Unauthenticated.Security.Feature.Bypass.to.Username.Enumeration MEDIUM" "wp-security-hardening 1.2.2 Reflected.XSS.via.URI MEDIUM" "wp-security-hardening 1.2.2 Reflected.XSS.via.historyvalue HIGH" "wp-super-popup No.known.fix Admin+.Stored.XSS LOW" "woo-discount-rules 2.6.6 Reflected.Cross-Site.Scripting MEDIUM" "woo-discount-rules 2.4.2 Reflected.Cross-Site.Scripting MEDIUM" "woo-discount-rules 2.2.1 Multiple.Authorization.Bypass HIGH" "woo-discount-rules 2.1.0 Multiple.Vulnerabilities CRITICAL" "wp-church-donation No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-church-donation No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "woocommerce-loyal-customer No.known.fix Missing.Authorization MEDIUM" "wp-sitemap No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "woocommerce-pdf-invoices-packing-slips 3.8.7 Missing.Authorization MEDIUM" "woocommerce-pdf-invoices-packing-slips 3.8.1 Unauthenticated.Server-Side.Request.Forgery MEDIUM" "woocommerce-pdf-invoices-packing-slips 3.8.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "woocommerce-pdf-invoices-packing-slips 3.7.6 Shop.Manager+.SQL.Injection HIGH" "woocommerce-pdf-invoices-packing-slips 3.0.1 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-pdf-invoices-packing-slips 2.16.0 Reflected.Cross-Site.Scripting LOW" "woocommerce-pdf-invoices-packing-slips 2.15.0 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-pdf-invoices-packing-slips 2.10.5 Reflected.Cross-Site.Scripting HIGH" "woocommerce-pdf-invoices-packing-slips 2.0.13 XSS MEDIUM" "wp-social-bookmarking-light No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wp-social-bookmarking-light 1.7.10 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-tooltip No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wptobe-signinup No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-smart-preloader 1.15.1 Admin+.Stored.XSS LOW" "watu 3.4.4 Authenticated.(Administrator+).SQL.Injection MEDIUM" "watu 3.4.3 Reflected.Cross-Site.Scripting MEDIUM" "watu 3.4.1.3 Authenticated.(Contributor+).SQL.Injection MEDIUM" "watu 3.4.1.2 Author+.Stored.XSS MEDIUM" "watu 3.4.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "watu 3.4.1.1 Sensitive.Information.Disclosure MEDIUM" "watu 3.3.9.3 Reflected.XSS HIGH" "watu 3.3.9.1 Reflected.XSS HIGH" "watu 3.3.8.1 Admin+.Stored.XSS LOW" "watu 3.3.8.3 Admin+.Stored.XSS LOW" "watu 3.3.8.2 Reflected.XSS HIGH" "watu 3.1.2.6 Reflected.XSS.via.question-form.html.php HIGH" "wp-gotowebinar 15.8 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-gotowebinar 15.7 Missing.Authorization MEDIUM" "wp-gotowebinar 15.8 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wp-gotowebinar 15.1 Missing.Authorization MEDIUM" "wp-gotowebinar 14.46 Admin+.Stored.XSS LOW" "weebotlite No.known.fix Admin+.Stored.XSS LOW" "wp-automatic-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-event-manager No.known.fix Missing.Authorization MEDIUM" "wp-event-manager 3.1.44 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'events'.Shortcode MEDIUM" "wp-event-manager 3.1.42 Reflected.Cross-Site.Scripting.via.plugin MEDIUM" "wp-event-manager 3.1.42 Editor+.Stored.XSS LOW" "wp-event-manager 3.1.43 Reflected.XSS HIGH" "wp-event-manager 3.1.38 Admin+.Stored.XSS MEDIUM" "wp-event-manager 3.1.28 Reflected.Cross-Site.Scripting MEDIUM" "wp-event-manager 3.1.23 Admin+.Stored.Cross-Site.Scripting LOW" "wp-plugin-contact-form-7 No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-product-sort-and-display 2.4.2 Missing.Authorization MEDIUM" "woocommerce-products-without-featured-images No.known.fix Cross-Site.Request.Forgery MEDIUM" "woo-viet 1.5.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-webauthn 1.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-webauthn 1.3.4 Contributor+.Stored.XSS.via.wwa_login_form.Shortcode MEDIUM" "woocommerce-inventory-management No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-meetup No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "wufoo-shortcode 1.52 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wdes-responsive-mobile-menu No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "woo-bulk-editor 1.1.4.5 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "woo-bulk-editor 1.1.4.2 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "woo-bulk-editor 1.1.4.4 Missing.Authorization MEDIUM" "woo-bulk-editor 1.1.4.3 Reflected.Cross-Site.Scripting MEDIUM" "woo-bulk-editor 1.1.4.1 Missing.Authorization.via.Several.Functions MEDIUM" "woo-bulk-editor 1.1.4.1 Authenticated.(Shop.manager+).Stored.Cross-Site.Scripting.via.Plugin.Options MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.3.2 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wpg-videos No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-store-mode No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wordpress-meta-robots No.known.fix Authenticated.Blind.SQL.Injection HIGH" "wp-cufon No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-no-bot-question No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-spell-check No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-spell-check 9.18 Cross-Site.Request.Forgery MEDIUM" "wp-spell-check 9.13 Admin+.Stored.Cross-Site.Scripting LOW" "wp-spell-check 9.13 Ignored.Word.Deletion.via.CSRF MEDIUM" "wp-spell-check 9.3 Reflected.Cross-Site.Scripting HIGH" "wp-spell-check 7.1.10 Cross-Site.Request.Forgery.(CSRF) HIGH" "wp-listings-pro No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-beta-tester 2.2.4 Admin+.SQLi MEDIUM" "wp-post-styling 1.3.1 Multiple.CSRF MEDIUM" "whmcs-bridge 6.4b Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "whmcs-bridge 6.3 Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "world-cup-predictor No.known.fix Reflected.Cross-Site.Scripting HIGH" "woo-inpost No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.File.Read.and.Delete CRITICAL" "wp-user-merger 1.5.3 Admin+.SQLi.via.ID MEDIUM" "wp-user-merger 1.5.3 Admin+.SQLi.via.user_id MEDIUM" "wp-user-merger 1.5.3 Admin+.SQLi.via.wpsu_user_id MEDIUM" "wp-cafe 2.2.33 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-cafe 2.2.32 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-cafe 2.2.29 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-cafe 2.2.28 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-cafe 2.2.26 Authenticated.(Contributor+).File.inclusion.via.Shortcode HIGH" "wp-cafe 2.2.26 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Reservation.Form.Shortcode MEDIUM" "wp-cafe 2.2.24 Unauthenticated.Blind.Server-Side.Request.Forgery MEDIUM" "wp-cafe 2.2.23 Missing.Authorization MEDIUM" "woo-quote-calculator-order No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "woo-quote-calculator-order No.known.fix Unauthenticated.SQL.Injection HIGH" "wp-fb-messenger-button-lite 2.0.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wp-link-bio No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-link-bio No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-less-compiler No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "woocustomizer 2.3.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-responsive-photo-gallery 1.0.16 Authenticated.(Subscriber+).Limited.Server-Side.Request.Forgery MEDIUM" "wp-responsive-photo-gallery 1.0.4 Authenticated.(Admin+).SQL.Injection MEDIUM" "wp-responsive-photo-gallery 1.0.14 Reflected.XSS HIGH" "wp-responsive-photo-gallery 1.0.14 Reflected.Cross-Site.Scripting MEDIUM" "wp-multi-store-locator No.known.fix Unauthenticated.SQL.Injection HIGH" "wp-multi-store-locator No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-multi-store-locator 2.5.2 Unauthenticated.SQL.Injection HIGH" "wp-multi-store-locator 2.5.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-multi-store-locator 2.4.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-multi-store-locator 2.5.1 Contributor+.Stored.XSS MEDIUM" "wp-jquery-lightbox 2.3.4 Contributor+.Stored.XSS MEDIUM" "wp-jquery-lightbox 1.5.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.title.Attribute MEDIUM" "wpjobboard 5.11.1 Cross-Site.Request.Forgery.to.Remote.Code.Execution HIGH" "wpjobboard 5.11.1 Authenticated.(Subscriber+).Path.Traversal MEDIUM" "wpjobboard 5.11.1 Cross-Site.Request.Forgery MEDIUM" "wpjobboard 5.11.1 Reflected.Cross-Site.Scripting MEDIUM" "wpjobboard 5.7.0 Unauthenticated.SQL.Injection CRITICAL" "wpjobboard 5.7.0 Unauthenticated.Reflected.XSS.&.XFS MEDIUM" "wpjobboard 5.6.0 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wpjobboard 4.5 Multiple.SQL.Injections HIGH" "wpjobboard 5.0 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "wp-import-export-lite 3.9.28 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "wp-import-export-lite 3.9.27 Authenticated.(Administrator+).PHP.Object.Injection HIGH" "wp-import-export-lite 3.9.16 Unauthenticated.Sensitive.Data.Disclosure HIGH" "wp-import-export-lite 3.9.5 Subscriber+.Extensions.Update MEDIUM" "wp-import-export-lite 3.9.5 Subscriber+.Arbitrary.Blog.Options.Update HIGH" "wordsurvey No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.sounding_title.Parameter MEDIUM" "wc-multi-currency 1.5.6 Missing.Authorization MEDIUM" "wc-multi-currency 1.5.6 Cross-Site.Request.Forgery MEDIUM" "woo-min-max-quantity-step-control-single 4.6 Reflected.XSS HIGH" "weather-in-any-city-widget 1.1.41 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-able-player No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wc-checkout-getnet 1.8.0 Reflected.Cross-Site.Scripting MEDIUM" "wc-checkout-getnet 1.8.1 Admin+.Stored.XSS LOW" "wc-checkout-getnet 1.8.1 Reflected.XSS MEDIUM" "world-prayer-time No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "wp-file-manager-pro 8.3.10 Unauthenticated.Backup.File.Download.and.Upload HIGH" "wp-file-manager-pro 8.3.10 Unauthenticated.Limited.JavaScript.File.Upload HIGH" "wp-file-manager-pro 8.3.10 Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "wp-file-manager-pro 8.3.8 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wp-file-manager-pro 8.3.5 Directory.Traversal CRITICAL" "wp-file-manager-pro 8.3.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-file-manager-pro 8.3.5 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wp-table-manager 4.1.4 Missing.Authorization.to.Authenticated.(Subscriber+).Directory.Traversal.to.Folder/File.Name.Disclosure MEDIUM" "wp-table-manager 3.5.3 Contributor+.Stored.XSS MEDIUM" "wp-rocket 2.10.4 Local.File.Inclusion.(LFI) HIGH" "woo-zoho 1.2.4 Reflected.Cross-Site.Scripting HIGH" "wp-social-stream No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-customize-login-page No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-customize-login-page No.known.fix Missing.Authorization MEDIUM" "wh-cache-and-security No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-rest-filter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-rest-filter No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-githuber-md No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-githuber-md 1.16.3 Authenticated.(Author+).Arbitrary.File.Upload HIGH" "woo-payment-gateway-for-piraeus-bank 1.7.0 Unauthenticated.SQL.Injection CRITICAL" "wordpress-ping-optimizer No.known.fix Log.Clearing.via.CSRF MEDIUM" "wordpress-ping-optimizer 2.35.1.3.0 Arbitrary.Settings.Update.via.CSRF MEDIUM" "wpperformancetester No.known.fix Cross-Site.Request.Forgery MEDIUM" "wplite No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-product-gallery-slider 2.2.9 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wp-flickr-press No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-extra-cost No.known.fix CSRF.Bypass MEDIUM" "wp-order-by No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpglobus 1.9.7 Stored.XSS.&.CSRF HIGH" "wp-asset-clean-up 1.3.9.9 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "wp-asset-clean-up 1.3.9.4 Missing.Authorization MEDIUM" "wp-asset-clean-up 1.3.5.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-asset-clean-up 1.3.8.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-asset-clean-up 1.3.8.5 Reflected.Cross-Site.Scripting.via.AJAX.Action HIGH" "wp-asset-clean-up 1.3.8.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-asset-clean-up 1.3.6.7 CSRF.&.XSS LOW" "wp-responsive-tabs 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wah-forms No.known.fix Missing.Authorization MEDIUM" "wordprezi 0.9 Contributor+.Strored.XSS MEDIUM" "wp-health 2.17.1 Unauthenticated.Local.File.Inclusion CRITICAL" "wp-user No.known.fix Unauthenticated.SQLi HIGH" "wp-user No.known.fix Admin+.Stored.XSS LOW" "wp-user 7.0 Reflected.Cross-Site.Scripting MEDIUM" "wpgsi-professional 3.6.0 Reflected.Cross-Site.Scripting HIGH" "wpgsi-professional 3.6.0 CSRF.Bypass MEDIUM" "wp-get-personal-lite No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-charts No.known.fix Contributor+.Stored.XSS MEDIUM" "wccp-pro 15.3 Admin+.Stored.XSS LOW" "wccp-pro 15.3 Open.Redirect MEDIUM" "wp-quicklatex 3.8.8 Admin+.Stored.XSS LOW" "wp-quicklatex 3.8.7 Admin+.Stored.XSS.in.Background.Color.field LOW" "wp-page-widget 4.0 Settings.Update.via.CSRF MEDIUM" "wp-insurance 2.1.4 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "webpushr-web-push-notifications 4.36.0 Reflected.Cross-Site.Scripting MEDIUM" "webpushr-web-push-notifications 4.35.0 Unauthenticated.Stored.XSS HIGH" "webpushr-web-push-notifications 4.35.0 LFI.via.CSRF MEDIUM" "wp-sticky-side-buttons No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-calameo 2.1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-mail-catcher 2.1.10 Reflected.Cross-Site.Scripting MEDIUM" "wp-mail-catcher 2.1.7 Cross-Site.Request.Forgery MEDIUM" "wp-mail-catcher 2.1.4 WP.Mail.Catcher.<.2.1.4.-.Admin+.SQLi MEDIUM" "wp-mail-catcher 2.1.3 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "ws-bootstrap-vc No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wc-cashapp 6.0.3 Reflected.Cross-Site.Scripting MEDIUM" "wc-cashapp 5.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-reset 2.03 Missing.Authorization.to.License.Key.Modification MEDIUM" "wp-reset 2.0 Sensitive.Information.Exposure.due.to.Insufficient.Randomness MEDIUM" "wp-reset 5.99 Subscriber+.Database.Reset CRITICAL" "wp-reset 5.99 Database.Reset.via.CSRF CRITICAL" "wp-reset 1.90 Authenticated.Stored.XSS MEDIUM" "wp-log-viewer No.known.fix Missing.Authorization MEDIUM" "wp-contact-slider 2.4.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-contact-slider 2.4.8 Admin+.Stored.Cross-Site.Scripting LOW" "wp-contact-slider 2.4.7 Editor+.Stored.Cross-Site.Scripting LOW" "wp-contact-slider 2.4.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-club-manager 2.2.12 Missing.Authorization MEDIUM" "wp-club-manager 2.2.12 Authenticated.(Player+).Stored.Cross-Site.Scripting MEDIUM" "wp-club-manager 2.2.11 Missing.Authorization.to.Unauthenticated.Event.Permalink.Update MEDIUM" "webp-svg-support No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "woocommerce-delivery-notes 5.5.0 Unauthenticated.Sensitive.Information.Exposure.Through.Unprotected.Directory MEDIUM" "woocommerce-delivery-notes 5.4.1 Missing.Authorization.to.Authenticated.(Subscriber+).Logo.Deletion MEDIUM" "woocommerce-delivery-notes 4.9.0 Missing.Authorization.to.Notice.Dismissal MEDIUM" "woocommerce-delivery-notes 4.7.2 Reflected.XSS HIGH" "wp-manutencao 1.0.7 IP.Spoofing.to.Maintenance.Mode.Bypass MEDIUM" "wp-survey-plus No.known.fix Subscriber+.AJAX.Calls HIGH" "white-label-cms 2.7.5 Reflected.Cross-Site.Scripting MEDIUM" "white-label-cms 2.7.4 Missing.Authorization.to.Plugin.Settings.Reset MEDIUM" "white-label-cms 2.5 Admin+.PHP.Object.Injection LOW" "white-label-cms 2.2.9 Reflected.Cross-Site.Scripting MEDIUM" "writersblok-ai 1.3.20 Reflected.Cross-Site.Scripting MEDIUM" "wpb-advanced-faq No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-custom-field-for-gutenberg-editor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-custom-field-for-gutenberg-editor No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-roadmap 1.0.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-custom-taxonomy-image No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "wp-connect No.known.fix Stored.XSS.via.CSRF HIGH" "wpb-popup-for-contact-form-7 1.7.6 Unauthenticated.Arbitrary.Shortcode.Execution.via.wpb_pcf_fire_contact_form HIGH" "wp-my-admin-bar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-my-admin-bar No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-letsencrypt-ssl 7.1.0 Sensitive.Information.Exposure.via.insufficiently.protected.files HIGH" "wp-letsencrypt-ssl 6.3.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-letsencrypt-ssl 5.7.10 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-producttables-pro 1.9.5 Unauthenticated.Arbitrary.SQL.Execution CRITICAL" "wc-multishipping 2.3.8 Subscriber+.Arbitrary.Account.Credentials.Test MEDIUM" "wc-multishipping 2.3.6 Missing.Authorization.to.Log.Export MEDIUM" "wp-users-masquerade No.known.fix Authentication.Bypass HIGH" "wp-t-wap No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-migrate-db-pro 2.6.11 Unauthenticated.PHP.Object.Injection CRITICAL" "wovax-idx No.known.fix Missing.Authorization.to.Privilege.Escalation HIGH" "wp-super-cache 1.9 Unauthenticated.Cache.Poisoning MEDIUM" "wp-super-cache 1.7.3 Authenticated.Remote.Code.Execution HIGH" "wp-super-cache 1.7.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-super-cache 1.7.2 Authenticated.Remote.Code.Execution.(RCE) HIGH" "wp-super-cache 1.4.9 Cross-Site.Scripting.(XSS) MEDIUM" "wp-super-cache 1.4.5 PHP.Object.Injection HIGH" "wp-super-cache 1.4.3 Stored.Cross-Site.Scripting.(XSS) HIGH" "wp-super-cache 1.3.1 trunk/plugins/domain-mapping.php.URI.XSS MEDIUM" "wp-super-cache 1.3.1 trunk/plugins/awaitingmoderation.php.URI.XSS MEDIUM" "wp-super-cache 1.3.1 trunk/plugins/badbehaviour.php.URI.XSS MEDIUM" "wp-super-cache 1.3.1 trunk/wp-cache.php.wp_nonce_url.Function.URI.XSS MEDIUM" "wp-super-cache 1.3.1 trunk/plugins/searchengine.php.URI.XSS MEDIUM" "wp-super-cache 1.3.1 trunk/plugins/wptouch.php.URI.XSS MEDIUM" "wp-super-cache 1.3.2 Remote.Code.Execution HIGH" "wp-management-controller No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-stats-manager 7.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-stats-manager 7.6 Missing.Authorization MEDIUM" "wp-stats-manager 6.9.5 Sensitive.Information.Exposure.via.Log.File MEDIUM" "wp-stats-manager 6.9 Unauthenticated.SQLi HIGH" "wp-stats-manager 6.5 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-stats-manager 5.8 Unauthenticated.SQLi HIGH" "wp-stats-manager 5.6 .Subscriber+.SQL.Injection HIGH" "wp-stats-manager 5.5 Arbitrary.IP.Address.Exclusion.to.Stored.XSS HIGH" "wp-stats-manager 4.8 Subscriber+.SQL.Injection HIGH" "widgets-reset No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-terms-popup 2.6.1 Admin+.Stored.XSS LOW" "wp-spotlight-search No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-load-gallery No.known.fix Authenticated.(Author+).Arbitrary.File.Upload HIGH" "wppizza 3.19.5 Reflected.Cross-Site.Scripting MEDIUM" "wppizza 3.18.14 Reflected.Cross-Site.Scripting MEDIUM" "wppizza 3.18.11 Missing.Authorization MEDIUM" "wppizza 3.18.3 Reflected.XSS HIGH" "wppizza 3.17.2 Reflected.XSS HIGH" "wpformify No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpformify 1.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-icommerce No.known.fix Authenticated.(contributor+).SQL.Injection HIGH" "wordfence 7.6.1 Admin+.Stored.Cross-Site.Scripting LOW" "wordfence 7.1.14 Username.Enumeration.Prevention.Bypass MEDIUM" "wordfence 5.1.5 Cross-Site.Scripting.(XSS) MEDIUM" "wp-like-button No.known.fix Missing.Authorization.via.crublabFBLBAjax LOW" "wp-like-button No.known.fix Button.Settings.Update.via.CSRF MEDIUM" "wp-like-button 1.6.4 Auth.Bypass MEDIUM" "wp-svg No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-login-and-logout-redirect 2.0 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wordpress-gallery-transformation No.known.fix Blind.SQL.Injection CRITICAL" "wp-seopress 8.2 Missing.Authorization MEDIUM" "wp-seopress 8.2 Missing.Authorization MEDIUM" "wp-seopress 8.2 Missing.Authorization MEDIUM" "wp-seopress 8.2 Reflected.Cross-Site.Scripting MEDIUM" "wp-seopress 7.9.1 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Social.Image.URL MEDIUM" "wp-seopress 7.9 Unauthenticated.Object.Injection HIGH" "wp-seopress 7.8 Contributor+.Stored.XSS MEDIUM" "wp-seopress 7.8 Contributor+.Open.Redirect LOW" "wp-seopress 7.6 Contributor+.Stored.XSS MEDIUM" "wp-seopress 7.7 Information.Exposure MEDIUM" "wp-seopress 7.6 Author+.Stored.Cross-Site.Scripting MEDIUM" "wp-seopress 7.3 Admin+.Stored.XSS LOW" "wp-seopress 6.5.0.3 Admin+.PHP.Object.Injection MEDIUM" "wp-seopress 5.0.4 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "wp-login-security-and-history No.known.fix CSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "wpexperts-square-for-give 1.3.2 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "wpexperts-square-for-give 1.3.2 Subscriber+.SQL.Injection HIGH" "wp-radio No.known.fix Missing.Authorization.via.multiple.AJAX.actions MEDIUM" "wp-radio No.known.fix Authenticated(Subscriber+).Stored.Cross-Site.Scripting.via.Settings MEDIUM" "wp-radio No.known.fix CSRF MEDIUM" "wp-radio No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-radio 3.1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-chrono No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "webflow-pages 1.1.0 Missing.Authorization MEDIUM" "wptools-masonry-gallery-posts-for-divi 3.5.1 Reflected.Cross-Site.Scripting MEDIUM" "wptools-masonry-gallery-posts-for-divi 3.1.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-video-playlist No.known.fix Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "woo-altcoin-payment-gateway No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-altcoin-payment-gateway No.known.fix Unauthenticated.SQL.Injection HIGH" "woo-altcoin-payment-gateway 1.7.3 Unauthenticated.SQLi HIGH" "woo-altcoin-payment-gateway 1.6.1 Reflected.Cross-Site.Scripting HIGH" "wordpress-form-manager 1.7.3 Authenticated.Remote.Command.Execution.(RCE) CRITICAL" "wordpress-activity-o-meter No.known.fix Reflected.XSS HIGH" "woocommerce-chained-products 2.12.0 Unauthenticated.Arbitrary.Options.Update.to.'no' MEDIUM" "wp-publications No.known.fix Admin+.Stored.XSS LOW" "wp-publications No.known.fix Local.File.Inclusion HIGH" "wp-login-box No.known.fix Admin+.Stored.XSS LOW" "wechat-reward No.known.fix CSRF.to.Stored.Cross-Site.Scripting HIGH" "wp-quick-setup No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Plugin/Theme.Installation HIGH" "wp-multitasking No.known.fix Permalink.Suffix.Update.via.CSRF MEDIUM" "wp-multitasking No.known.fix Header/Footer/Body.Script.Update.via.CSRF MEDIUM" "wp-multitasking 0.1.18 WP.Utilities.<.0.1.18.-.Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-multitasking No.known.fix Reflected.XSS.via.Shortcode MEDIUM" "wp-multitasking No.known.fix SMTP.Settings.Update.via.CSRF MEDIUM" "wp-multitasking No.known.fix Exit.Popup.Update.via.CSRF MEDIUM" "wp-multitasking No.known.fix Welcome.Popup.Update.via.CSRF MEDIUM" "wp-multitasking No.known.fix Settings.Update.via.CSRF MEDIUM" "what-would-seth-godin-do 2.1.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "www-xml-sitemap-generator-org 2.0.4 Reflected.Cross-Site.Scripting MEDIUM" "wp-seo-keyword-optimizer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-seo-keyword-optimizer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-seo-keyword-optimizer 2.1.9.8 Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-listings No.known.fix Missing.Authorization MEDIUM" "wp-listings No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-listings 2.0.2 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "woo-enviopack No.known.fix Reflected.Cross-Site.Scripting HIGH" "woo-customers-order-history No.known.fix Missing.Authorization MEDIUM" "woo-customers-order-history 5.2.2 Reflected.Cross-Site.Scripting MEDIUM" "woo-customers-order-history 5.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wc-price-history 2.1.5 Authenticated.(Shop.manager+).PHP.Object.Injection HIGH" "wc-price-history 2.1.4 Missing.Authorization MEDIUM" "wp-copy-media-url No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-ultimate-review 2.3.0 Unauthenticated.Review.Restriction.Bypass MEDIUM" "wp-ultimate-review 2.3.0 Missing.Authorization MEDIUM" "wp-ultimate-review 2.3.0 Unauthenticated.Insecure.Direct.Object.Reference MEDIUM" "wp-ultimate-review No.known.fix IP.Spoofing MEDIUM" "wp-ultimate-review 2.3.1 Settings.Update.via.CSRF MEDIUM" "wp-ultimate-review 2.1.0 Admin+.Stored.XSS LOW" "wp-ultimate-review 2.1.0 Settings.Update.via.CSRF MEDIUM" "woocommerce-digital-content-delivery-with-drm-flickrocket No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-abandoned-cart-pro 5.2.0 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "wp-proposals No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "wpslacksync 1.8.6 Slack.Access.Token.Disclosure HIGH" "wp-recall 16.26.12 Admin+.Stored.XSS LOW" "wp-recall 16.26.12 Unauthenticated.SQL.Injection HIGH" "wp-recall 16.26.12 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Shortcode.Exeuction MEDIUM" "wp-recall 16.26.12 Authenticated.(Contributor+).Protected.Post.Disclosure MEDIUM" "wp-recall 16.26.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-recall 16.26.12 Admin+.SQL.Injection MEDIUM" "wp-recall 16.26.9 Insecure.Direct.Object.Reference.to.Unauthenticated.Arbitrary.Password.Update CRITICAL" "wp-recall 16.26.7 Unauthenticated.Payment.Deletion.via.delete_payment MEDIUM" "wp-recall 16.26.7 Cross-Site.Request.Forgery MEDIUM" "wp-recall 16.26.6 Unauthenticated.SQL.Injection CRITICAL" "wp-recall 16.26.6 Authenticated.(Contributor+).SQL.Injection CRITICAL" "wp-recall 16.26.6 Insecure.Direct.Object.Reference MEDIUM" "wp-recall 16.24.48 Reflected.Cross-Site.Scripting HIGH" "wp-ad-guru No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wordpress-video No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-recaptcha-integration 1.2.6 Reflected.Cross-Site.Scripting MEDIUM" "wp-recaptcha-integration No.known.fix Admin+.Stored.XSS LOW" "woocommerce-product-addons 6.2.0 Cross-Site.Request.Forgery MEDIUM" "woocommerce-product-addons 6.2.0 Shop.Manager+.PHP.Object.Injection HIGH" "wp-business-intelligence-lite 1.6.3 SQL.Injection CRITICAL" "wp-bulletin-board No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-performance-pack No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-performance-pack 2.5.4 Missing.Authorization MEDIUM" "wp-rest-api-authentication 3.6.4 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Options.Update MEDIUM" "wp-rest-api-authentication 2.4.1 Settings.Update.via.CSRF MEDIUM" "wc-multivendor-marketplace 3.6.12 Reflected.Cross-Site.Scripting MEDIUM" "wc-multivendor-marketplace 3.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wc-multivendor-marketplace 3.4.12 Subscriber+.Unauthorised.AJAX.Calls HIGH" "wc-multivendor-marketplace 3.5.0 Multiple.CSRF MEDIUM" "wc-multivendor-marketplace 3.4.12 WooCommerce.Multivendor.Marketplace.<.3.4.12.-.Unauthenticated.SQL.Injection HIGH" "woostagram-connect No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "wc-wallet No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Content.Deletion MEDIUM" "wp-original-media-path 2.4.1 Admin+.Stored.XSS LOW" "wp-responsive-thumbnail-slider 1.0.5 Authenticated.(Admin+).SQL.Injection MEDIUM" "wp-responsive-thumbnail-slider 1.0.1 Cross-Site.Request.Forgery.to.Mass.Slider.Deletion MEDIUM" "wp-responsive-thumbnail-slider 1.1.10 Reflected.XSS HIGH" "wp-responsive-thumbnail-slider 1.0.1 Authenticated.Shell.Upload.&.CSRF HIGH" "wp-responsive-thumbnail-slider 1.0.1 Stored.Cross-Site.Scripting.(XSS).&.CSRF HIGH" "wp-polls 2.77.3 Unauthenticated.SQL.Injection.to.Stored.Cross-Site.Scripting MEDIUM" "wp-polls 2.76.0 IP.Validation.Bypass MEDIUM" "wp-polls 2.77.0 Subscriber+.Race.Condition MEDIUM" "wp-polls 2.73.1 Authenticated.Reflected.Cross-Site.Scripting.(XSS) CRITICAL" "wp-polls 2.72 SQL.Injection CRITICAL" "wp-simple-anchors-links No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpanchor.Shortcode MEDIUM" "wordpress-gdpr 2.0.3 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wordpress-gdpr 2.0.3 Missing.Authorization.to.Unauthenticated.Arbitrary.User.Deletion MEDIUM" "wordpress-gdpr 1.9.26 Authenticated.Reflected.Cross-Site.Scripting MEDIUM" "wordpress-gdpr 1.9.27 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "wc-gallery No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-simple-events No.known.fix Admin+.Cross.Site.Scripting MEDIUM" "woo-whatsapp-request-quote No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "wps-telegram-chat No.known.fix Missing.Authorization.to.Information.Exposure MEDIUM" "wps-telegram-chat No.known.fix Authenticated.(Subscriber+).Unauthorized.Access.to.Telegram.Bot.API MEDIUM" "wp-etracker No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-shipping-canada-post 2.8.4 Unauthenticated.Unauthorised.Action MEDIUM" "woocommerce-shipping-canada-post 2.8.4 Cross-Site.Request.Forgery MEDIUM" "wp-schema-pro 2.7.16 Contributor+.Custom.Field.Access LOW" "wp-responsive-video-gallery-with-lightbox 1.0.7 Authenticated.(Admin+).SQL.Injection MEDIUM" "wp-responsive-video-gallery-with-lightbox 1.0.1 Cross-Site.Request.Forgery MEDIUM" "wp-responsive-video-gallery-with-lightbox 1.0.23 Reflected.XSS HIGH" "wp-social-feed No.known.fix Reflected.XSS HIGH" "wordpress-access-control No.known.fix Improper.Access.Control.to.Sensitive.Information.Exposure.via.REST.API MEDIUM" "wp-jobhunt No.known.fix Authentication.Bypass.to.Candidate HIGH" "wp-jobhunt No.known.fix Unauthenticated.Privilege.Escalation.via.Email.Update/Account.Takeover CRITICAL" "wp-jobhunt No.known.fix Authentication.Bypass CRITICAL" "wp-jobhunt No.known.fix Unauthenticated.Privilege.Escalation.via.Password.Reset/Account.Takeover CRITICAL" "wp-jobhunt 2.4 User.enumeration.&.Reset.password CRITICAL" "woo-category-slider-grid 1.4.16 Missing.Authorization.via.notice.dismissal.functionality MEDIUM" "woo-fattureincloud 2.6.8 Reflected.Cross-Site.Scripting MEDIUM" "wp-category-dropdown 1.9 Contributor+.Stored.XSS MEDIUM" "wp-mobile-themes No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-cloud-server 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "wowhead-tooltips No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-social-bookmarking No.known.fix Cross-Site.Request.Forgery MEDIUM" "wip-incoming-lite 1.1.2 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wc-peach-payments-gateway 3.2.0 Missing.Authorization.via.peach_core_version_rollback() MEDIUM" "wpc-composite-products 7.2.8 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wp-ultimate-exporter 2.14 Unauthenticated.PHP.Object.Injection CRITICAL" "wp-ultimate-exporter 2.10 Information.Disclosure.Through.Unprotected.Directory HIGH" "wp-ultimate-exporter 2.9.1 Authenticated.(Admin+).Arbitrary.File.Read MEDIUM" "wp-ultimate-exporter 2.9.2 Authenticated.(Admin+).Remote.Code.Execution MEDIUM" "wp-ultimate-exporter 2.4.2 Unauthenticated.Information.Disclosure MEDIUM" "wp-ultimate-exporter 1.4.2 CSRF HIGH" "wp-ultimate-exporter 1.2 Unauthenticated.SQL.Injection CRITICAL" "woo-mailerlite 2.0.9 Cross-Site.Request.Forgery.via.Multiple.AJAX.Functions MEDIUM" "woo-mailerlite 2.0.9 Missing.Authorization.via.Multiple.Functions MEDIUM" "woocommerce-upcoming-product No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-upcoming-product No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-file-get-contents 2.7.1 Contributor+.SSRF MEDIUM" "wp-crowdfunding No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-crowdfunding 2.1.15 Missing.Authorization.to.Authenticated.(Subscriber+).Post.Content.Download MEDIUM" "wp-crowdfunding 2.1.13 Missing.Authorization.to.Authenticated.(Subscriber+).WooCommerce.Installation MEDIUM" "wp-crowdfunding 2.1.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-crowdfunding 2.1.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpcf_donate.Shortcode MEDIUM" "wp-crowdfunding 2.1.11 Missing.Authorization.to.Authenticated.(Subscriber+).to.Enable/Disable.Addons MEDIUM" "wp-crowdfunding 2.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-crowdfunding 2.1.10 Admin+.Stored.XSS LOW" "wp-crowdfunding 2.1.9 Reflected.XSS HIGH" "wp-crowdfunding 2.1.8 Admin+.Stored.XSS LOW" "wp-crowdfunding 2.1.7 Reflected.XSS HIGH" "wp-crowdfunding 2.1.6 Cross-Site.Request.Forgery MEDIUM" "wp-crowdfunding 2.1.5 Missing.Authorization.via.settings_reset MEDIUM" "wpachievements-free No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-e-commerce No.known.fix Unauthenticated.SQL.Injection CRITICAL" "wp-e-commerce No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Creation MEDIUM" "wpmarketplace No.known.fix Arbitrary.File.Upload HIGH" "wp-membership 1.6.3 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-membership 1.5.7 Subscriber+.Privilege.Escalation CRITICAL" "wp-membership No.known.fix Multiple.Vulnerabilities MEDIUM" "wp-shortcode 1.4.17 CSRF MEDIUM" "woocommerce-order-barcodes 1.6.5 Cross-Site.Request.Forgery MEDIUM" "wp-awesome-import-export No.known.fix Import.&.Export.WordPress.Data.<=.4.1.1.-.Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.SQL.Execution/Privilege.Escalation HIGH" "woo-tranzila-gateway No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "website-testimonials 6.1.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-geonames 1.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-geonames 1.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-auctions No.known.fix Authenticated.(Editor+).SQL.Injection MEDIUM" "wp-auctions No.known.fix Editor+.SQL.Injection MEDIUM" "wp-auctions No.known.fix Editor+.Stored.XSS LOW" "wp-auctions No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "wp-auctions No.known.fix Unauthenticated.SQL.Injection HIGH" "wpc-smart-upsell-funnel 3.0.5 Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "woo-checkout-field-editor-pro 2.0.4 Reflected.Cross-Site.Scripting.via.render_review_request_notice MEDIUM" "woo-checkout-field-editor-pro 1.8.0 Admin+.PHP.Object.Injection MEDIUM" "wp-translate No.known.fix Missing.Authorization MEDIUM" "wpforms 1.8.5.4 Unauthenticated.Stored.Cross-Site.Scripting.via.Form.Submission HIGH" "wpforms 1.7.7 CSV.Injection MEDIUM" "wp-svg-images 4.3 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG MEDIUM" "wp-svg-images 3.4 Authenticated.(author+).Stored.XSS.via.SVG MEDIUM" "woocommerce-admin 2.6.4 Analytics.Report.Leaks MEDIUM" "wpsolr-search-engine 8.7 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-analytify 6.0.0 Missing.Authorization.to.Authenticated.(Subscriber+).Minor.Settings.Update MEDIUM" "wp-analytify 5.5.1 Missing.Authorization MEDIUM" "wp-analytify 5.5.0 Missing.Authorization MEDIUM" "wp-analytify 5.4.0 Cross-Site.Request.Forgery.to.Opt-out MEDIUM" "wp-analytify 5.2.4 Cross-Site.Request.Forgery MEDIUM" "wp-analytify 5.2.4 Missing.Authorization MEDIUM" "wp-analytify 5.2.4 Missing.Authorization.to.Unauthenticated.Google.Analytics.Tracking.ID.Modification MEDIUM" "wp-analytify 5.2.0 Cross-Site.Request.Forgery MEDIUM" "wp-analytify 5.1.1 Missing.Authorization.to.Opt-In MEDIUM" "wp-analytify 4.2.3 Cache.Deletion.via.CSRF MEDIUM" "wp-analytify 4.2.1 Reflected.Cross-Site.Scripting MEDIUM" "woosquare 4.3 Reflected.Cross-Site.Scripting MEDIUM" "woosquare 4.2.9 Reflected.Cross-Site.Scripting MEDIUM" "woosquare 4.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-basic-elements 5.3.0 Settings.Update.via.CSRF MEDIUM" "wp-tools-divi-product-carousel 1.5.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-tools-divi-product-carousel 1.5.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "word-count-analysis No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-clean-up No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wp-hotel-booking 2.1.7 Missing.Authorization.to.Authenticated.(Subscriber+).User.Email.Retrieval MEDIUM" "wp-hotel-booking 2.1.6 Missing.Authorization MEDIUM" "wp-hotel-booking No.known.fix Contributor+.Local.File.Inclusion HIGH" "wp-hotel-booking 2.1.3 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wp-hotel-booking 2.1.1 Unauthenticated.SQL.Injection CRITICAL" "wp-hotel-booking 2.0.9.3 Missing.Authorization MEDIUM" "wp-hotel-booking 2.0.9.3 Improper.Authorization.on.Multiple.REST.API.Routes MEDIUM" "wp-hotel-booking 2.0.8 Subscriber+.Arbitrary.Post.Deletion MEDIUM" "wp-hotel-booking 2.0.8 Unauthenticated.SQLi HIGH" "wp-hotel-booking 2.0.9 Contributor+.Arbitrary.Post.Deletion MEDIUM" "wp-hotel-booking 2.0.1 Unauthenticated.Arbitrary.Settings.Update HIGH" "wp-hotel-booking 1.10.6 CSRF MEDIUM" "wp-hotel-booking 1.10.4 Unauthenticated.PHP.Object.Injection HIGH" "wp-hotel-booking 1.10.2 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wp-parsidate 5.1.2 Reflected.Cross-Site.Scripting.via.add_query_arg.Parameter MEDIUM" "wp-parsidate 4.0.2 Reflected.Cross-Site.Scripting MEDIUM" "wpfunnels 3.5.6 Reflected.Cross-Site.Scripting MEDIUM" "wpfunnels 3.0.7 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wpfunnels 2.7.17 Reflected.Cross-Site.Scripting HIGH" "wpfunnels 2.6.9 Contributor+.Stored.XSS MEDIUM" "wp-file-download-light No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "wp-fb-autoconnect 4.6.3 Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "wp-fb-autoconnect 4.6.2 Cross-Site.Request.Forgery MEDIUM" "wp-live-chat-software-for-wordpress 4.5.16 Cross-Site.Request.Forgery MEDIUM" "windsor-strava-athlete No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "windsor-strava-athlete No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpify-woo 4.0.11 Reflected.Cross-Site.Scripting MEDIUM" "wpify-woo 4.0.9 Missing.Authorization MEDIUM" "wpify-woo 3.5.7 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-foodbakery No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "wp-foodbakery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-foodbakery No.known.fix Authentication.Bypass CRITICAL" "wp-foodbakery 4.8 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-foodbakery 4.8 Unauthenticated.Privilege.Escalation.in.foodbakery_registration_validation CRITICAL" "wp-foodbakery 2.2 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-lijit-wijit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-support-ticket-system 17.9 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Deletion.and.Information.Exposure MEDIUM" "woocommerce-support-ticket-system 17.8 Unauthenticated.Arbitrary.File.Upload CRITICAL" "woocommerce-support-ticket-system 17.8 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "woocommerce-support-ticket-system 17.8 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "woo-floating-cart-lite 2.8.3 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "woo-floating-cart-lite 2.7.4 Reflected.Cross-Site.Scripting MEDIUM" "woo-floating-cart-lite 2.6.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-multiple-customer-addresses 21.7 Arbitrary.Address.Creation/Deletion/Access/Update.via.IDOR HIGH" "wp-cart-for-digital-products 8.5.6 Reflected.XSS.in.Product.Editing HIGH" "wp-cart-for-digital-products 8.5.6 Reflected.XSS.in.Customer.Search HIGH" "wp-cart-for-digital-products 8.5.6 Settings.Reset.via.CSRF MEDIUM" "wp-cart-for-digital-products 8.5.5 Reflected.XSS.via.$_SERVER['REQUEST_URI'] MEDIUM" "wp-cart-for-digital-products 8.5.5 Reflected.XSS.in.Customer.Editing HIGH" "wp-cart-for-digital-products 8.5.5 Reflected.XSS.in.Category.Editing HIGH" "wp-cart-for-digital-products 8.5.5 Reflected.XSS.in.Discount.Editing HIGH" "wp-cart-for-digital-products 8.5.5 Coupon.Deletion.via.CSRF MEDIUM" "woo-checkout-regsiter-field-editor 2.1.9 Cross-Site.Request.Forgery MEDIUM" "wp-blogs-planetarium No.known.fix Settings.Update.via.CSRF MEDIUM" "woocommerce-exporter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-exporter 2.7.3 Reflected.Cross-Site.Scripting HIGH" "woocommerce-exporter 2.7.2.1 Store.Exporter.<.2.7.2.1.-.Reflected.XSS HIGH" "woocommerce-exporter 2.7.1 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "woocommerce-exporter 2.4 Store.Exporter.<.2.4.-.CSV.Injection CRITICAL" "wordpress-twitterbot No.known.fix Settings.Update.to.Stored.XSS.via.CSRF HIGH" "woolementor No.known.fix Author+.Stored.XSS MEDIUM" "woolementor 4.5 Unauthenticated.PHP.Object.Injection CRITICAL" "woolementor 4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "wemanage-app-worker 1.2.3 Subscriber+.Arbitrary.File.Upload HIGH" "wp-revive-adserver No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-revive-adserver No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-asambleas No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "wp-asambleas No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wa11y No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-popup-lite No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wpeventplus No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "widgets-on-pages 1.8.0 Reflected.Cross-Site.Scripting MEDIUM" "widgets-on-pages 1.8.0 Contributor+.Stored.XSS MEDIUM" "widgets-on-pages 1.6.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-advance-comment No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-advance-comment No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-advance-comment No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-headmaster No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-symposium No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-with-spritz No.known.fix Unauthenticated.File.Inclusion CRITICAL" "web3-coin-gate No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-advance-search No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-advance-search No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-advance-search 1.1 Multiple.XSS MEDIUM" "wpguppy-lite 1.1.4 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "wpguppy-lite 1.1.1 Authorization.Bypass MEDIUM" "wpguppy-lite 1.1.1 Unauthenticated.PHP.Object.Injection CRITICAL" "wpguppy-lite 1.1.1 Subscriber+.Privilege.Escalation HIGH" "widget-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "wc-planzer-shipping 1.0.26 Reflected.Cross-Site.Scripting.via.processed-ids MEDIUM" "woocommerce-maintenance-mode No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-cloudy 4.4.9 Admin+.SQL.Injection MEDIUM" "wp-action-network No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "wp-action-network 1.4.4 Admin+.SQLi MEDIUM" "wp-action-network 1.4.3 Reflected.Cross-Site.Scripting.via.'search' MEDIUM" "woocommerce-bookings 2.2.5 Unauthenticated.Bookings.Products.Data.and.Metadata.Disclosure.via.REST.API MEDIUM" "woocommerce-bookings 2.0.4 Cross-Site.Request.Forgery MEDIUM" "wp-imagezoom No.known.fix Reflected.XSS HIGH" "wp-travel-engine 6.3.6 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-travel-engine 6.3.6 Unauthenticated.Local.File.Inclusion CRITICAL" "wp-travel-engine 6.2.2 Missing.Authorization.to.Authenticated.(Contributor+).Plugin.Settings.Update MEDIUM" "wp-travel-engine 5.9.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-travel-engine 5.8.1 Unauthenticated.Price.Manipulation MEDIUM" "wp-travel-engine 5.8.0 Unauthenticated.SQL.Injection CRITICAL" "wp-travel-engine 5.8.0 Authenticated.(Administrator+).SQL.Injection CRITICAL" "wp-travel-engine 5.7.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-travel-engine 5.3.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-travel-engine 5.3.1 Editor+.Stored.Cross-Site.Scripting LOW" "woc-order-alert 3.2.2 Unauthenticated.SQLi HIGH" "wp-books-gallery 4.5.4 Reflected.Cross-Site.Scripting MEDIUM" "wp-books-gallery 4.4.9 CSRF MEDIUM" "wp-books-gallery 3.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wptables No.known.fix Reflected.XSS HIGH" "wa-chatbox-manager 1.2.3 Missing.Authorization MEDIUM" "woo-merchantx No.known.fix CSRF.Bypass MEDIUM" "ws-facebook-likebox No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-food No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "wp-yadisk-files No.known.fix Admin+.Stored.XSS LOW" "wp-yadisk-files No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "weixin-robot-advanced No.known.fix Reflected.XSS HIGH" "wp-featured-entries No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "wp-cloudflare-page-cache 4.7.6 Cross-Site.Request.Forgery MEDIUM" "wp-hide-categories No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-visual-slidebox-builder No.known.fix Subscriber+.SQLi HIGH" "wp-delete-user-accounts 1.2.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-baidu-map No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-hr-manager 3.2.0 Reflected.XSS HIGH" "wp-hr-manager 3.0.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-hr-manager 3.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-pricing-table No.known.fix Reflected.XSS HIGH" "wp-gpx-map 1.1.23 Arbitrary.File.Upload CRITICAL" "wp-s3-smart-upload 1.5.1 Missing.Authorization MEDIUM" "wp-contact-form No.known.fix Cross-Site.Request.Forgery.via.wpcf_adminpage MEDIUM" "wp-flybox No.known.fix CSRF MEDIUM" "woo-confirmation-email No.known.fix Reflected.XSS HIGH" "woo-confirmation-email No.known.fix Authentication.bypass.via.weak.token.generation HIGH" "woo-confirmation-email 3.4.0 CSRF.leading.to.Option.Update CRITICAL" "woocommerce-myparcel 4.24.2 Reflected.Cross-Site.Scripting MEDIUM" "wp-meta-seo 4.5.14 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-meta-seo 4.5.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-meta-seo 4.5.13 Unauthenticated.Password.Protected.Content.Access MEDIUM" "wp-meta-seo 4.5.13 Unauthenticated.Stored.Cross-Site.Scripting.via.Referer.header HIGH" "wp-meta-seo 4.5.5 Author+.PHAR.Deserialization HIGH" "wp-meta-seo 4.5.3 Subscriber+.Improper.Authorization.causing.Arbitrary.Redirect MEDIUM" "wp-meta-seo 4.5.3 Subscriber+.SQLi HIGH" "wp-meta-seo 4.5.4 Subscriber+.SiteMap.Settings.Update MEDIUM" "wp-meta-seo 4.5.4 Subscriber+.Google.Analytics.Settings.Update MEDIUM" "wp-meta-seo 4.4.9 Social.Settings.Update.via.CSRF MEDIUM" "wp-meta-seo 4.4.7 Admin+.Stored.Cross-Site.Scripting.via.breadcrumbs LOW" "wp-blog-and-widgets 2.3.1 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-font-awesome No.known.fix Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-font-awesome 1.7.9 Contributor+.Stored.XSS MEDIUM" "wp-from-email No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-jobs 1.7 XSS MEDIUM" "wp-jobs 1.5 Authenticated.SQL.Injection HIGH" "wp-db-table-editor No.known.fix Missing.Authorization.to.Authenticated(Contributor+).Database.Access HIGH" "widgets-for-siteorigin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "widgets-for-siteorigin No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "widgets-for-siteorigin 1.4.3 Subscriber+.Arbitrary.Option.Update CRITICAL" "wc-vendors 2.4.7.1 Authenticated.(Shop.manager+).SQL.Injection.via.search.dates HIGH" "wc-vendors 2.4.5 Contributor+.Stored.XSS MEDIUM" "wp-ecards-invites 1.3.905 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woo-bulk-price-update 2.2.2 Reflected.XSS HIGH" "wp-counter-up 3.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-counter-up 2.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wow-moodboard-lite No.known.fix Open.Redirect MEDIUM" "wp-course-manager No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-weixin-robot No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-clap No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wordpress-social-login No.known.fix Contributor+.Stored.XSS MEDIUM" "wordpress-social-login No.known.fix Admin+.Stored.XSS LOW" "wordpress-social-login No.known.fix Reflected.XSS HIGH" "wp-github No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-cookie-user-info 1.0.9 Admin+.SQL.Injection MEDIUM" "wp-cookie-user-info 1.0.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "woocommerce-composite-products 8.7.6 Reflected.XSS MEDIUM" "wp-stripe-donation 3.2.4 Missing.Authorization MEDIUM" "wp-stripe-donation 3.2.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-stripe-donation 3.1.6 AidWP.<.3.1.6.-.CSRF MEDIUM" "wp-stripe-donation 2.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpfront-user-role-editor 4.2.2 Cross-Site.Request.Forgery.to.Privilege.Escalation.via.whitelist_options.Function HIGH" "wpfront-user-role-editor 4.1.0 Limited.Information.Exposure MEDIUM" "wpfront-user-role-editor 3.2.1.11184 Reflected.Cross-Site.Scripting MEDIUM" "wp-gratify No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-emoji-one No.known.fix Settings.Update.via.CSRF MEDIUM" "woo-inquiry No.known.fix Unauthenticated.SQL.Injection CRITICAL" "wp-propagator No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-search-keyword-redirect No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-easy-pay 4.2.4 Missing.Authorization.to.Unauthenticated.Service.Disconnection MEDIUM" "wp-easy-pay 4.2b1 Reflected.Cross-Site.Scripting MEDIUM" "wp-easy-pay 4.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-easy-pay 4.1 CSRF MEDIUM" "wp-easy-pay 4.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-easy-pay 3.2.1 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "wp-easy-pay 3.2.3 Cross-Site.Request.Forgery MEDIUM" "woo-billingo-plus 4.4.5.4 Multiple.CSRF MEDIUM" "wpheka-request-for-quote 1.3 CSRF.Bypass MEDIUM" "wp-custom-taxonomy-meta No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "wp-custom-taxonomy-meta No.known.fix Cross-Site.Request.Forgery.to.Taxonomy.Meta.Add/Delete MEDIUM" "wp-custom-taxonomy-meta No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-responsive-slab-text 0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-woo-commerce-sync-for-g-sheet No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-code-highlightjs No.known.fix Undisclosed.Cross-Site.Scripting.(XSS) MEDIUM" "wp-code-highlightjs 0.6.3 CSRF.to.Stored.XSS MEDIUM" "wadi-addons-for-elementor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-pinterest-automatic 4.14.4 Unauthenticated.Arbitrary.Options.Update CRITICAL" "wc-cross-seller No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wc-cross-seller No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-ean-payment-gateway 6.1.0 Missing.Authorization.to.Authenticated.(Contributor+).EAN.Update MEDIUM" "wp-user-control No.known.fix Unauthenticated.password.reset MEDIUM" "wpc-grouped-product 4.4.3 Missing.Authorization MEDIUM" "woocommerce-pdf-vouchers 4.9.9 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-pdf-vouchers 4.9.9 Authentication.Bypass CRITICAL" "woocommerce-pdf-vouchers 4.9.5 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "woocommerce-pdf-vouchers 4.9.5 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-pdf-vouchers 4.9.5 Missing.Authorization MEDIUM" "woocommerce-pdf-vouchers 4.9.4 PDF.Vouchers.<.4.9.4.-.Authentication.Bypass.to.Voucher.Vendor HIGH" "woocommerce-for-japan 2.6.5 Missing.Authorization MEDIUM" "woocommerce-for-japan 2.5.8 Reflected.XSS MEDIUM" "woocommerce-for-japan 2.5.5 Reflected.XSS HIGH" "webtoffee-gdpr-cookie-consent 2.6.1 Bulk.Delete.via.CSRF MEDIUM" "webtoffee-gdpr-cookie-consent 2.6.1 Unauthenticated.Stored.XSS HIGH" "wp-parallax-content-slider No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wpseo-local 15.0 Contributor+.Stored.XSS MEDIUM" "wpseo-local 15.0 Contributor+.Stored.XSS MEDIUM" "wpseo-local 14.9 Reflected.XSS HIGH" "wpseo-local 14.9 CSRF MEDIUM" "woo-product-filter 2.8.0 Unauthenticated.SQL.Injection.via.filtersDataBackend.Parameter HIGH" "woo-product-filter 2.7.1 Authenticated.(Administrator+).SQL.Injection MEDIUM" "woo-product-filter 2.5.1 Subscriber+.Table.Data.Access MEDIUM" "wp-appbox 4.5.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.appbox.Shortcode MEDIUM" "wp-appbox 4.5.4 Reflected.Cross-Site.Scripting MEDIUM" "wp-appbox 4.4.0 Admin+.Stored.Cross-Site.Scripting LOW" "wp-appbox 4.3.18 Authenticated.Local.File.Inclusion LOW" "wiser-notify 2.6 Missing.Authorization MEDIUM" "woocommerce-payments 6.7.0 Unauthenticated.Order.Deletion.via.IDOR LOW" "woocommerce-payments 5.9.1 Shop.Manager+.SQLi MEDIUM" "woocommerce-payments 6.5.0 Contributor+.Cross-Site.Scripting MEDIUM" "woocommerce-payments 4.9.0 Subscription.Suspension/Activation.via.CSRF MEDIUM" "woocommerce-payments 4.5.1 Intent.Parameter.Tampering HIGH" "woocommerce-payments 5.6.2 Unauthenticated.Privilege.Escalation CRITICAL" "wp-jump-menu No.known.fix Admin+.Stored.XSS LOW" "wp-pdf-generator 1.2.3 Cross-Site.Request.Forgery MEDIUM" "wpc-shop-as-customer 1.2.9 Authentication.Bypass.Due.to.Insufficiently.Unique.Key HIGH" "wpc-shop-as-customer 1.2.7 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "wp-popup-builder 1.3.6 Unauthenticated.Arbitrary.Shortcode.Execution.via.wp_ajax_nopriv_shortcode_Api_Add HIGH" "wp-popup-builder 1.2.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-popup-builder 1.3.0 Subscriber+.Arbitrary.Popup.Deletion MEDIUM" "wp-post-modal No.known.fix Admin+.Stored.XSS LOW" "woo-custom-cart-button No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-contact-form-iii No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-food-manager 1.0.4 Admin+.Stored.XSS LOW" "woocommerce-products-designer No.known.fix CSRF MEDIUM" "wp-js-impress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-product-variation-gallery 2.3.4 Reflected.Cross-Site.Scripting HIGH" "wc-multivendor-membership 2.11.0 Unauthenticated.Arbitrary.Password.Update.via.IDOR CRITICAL" "wc-multivendor-membership 2.10.1 Unauthenticated.Privilege.Escalation CRITICAL" "wc-multivendor-membership 2.10.0 Multiple.CSRF MEDIUM" "wc-multivendor-membership 2.10.1 Unauthenticated.AJAX.Calls HIGH" "wp-express-checkout 2.3.8 Unauthenticated.Price.Manipulation MEDIUM" "wp-express-checkout 2.2.9 Admin+.Stored.XSS LOW" "woocommerce-cvr-payment-gateway 6.1.0 Missing.Authorization.to.Authenticated.(Contributor+).CVR.Update MEDIUM" "wp-crm-system 3.4.0 Unauthenticated.Duplicate.Contact.Settings.Update MEDIUM" "wp-crm-system 3.2.9.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wordapp-mobile-app No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wordapp-mobile-app No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-user-manager 2.9.12 Missing.Authorization.to.Carbon.Fields.Custom.Sidebar.Addition/Removal MEDIUM" "wp-user-manager 2.9.12 Missing.Authorization.to.Authenticated.(Subscriber+).User.Meta.Key.Enumeration MEDIUM" "wp-user-manager 2.9.11 Cross-Site.Request.Forgery MEDIUM" "wp-user-manager 2.6.3 Arbitrary.User.Password.Reset.to.Account.Compromise HIGH" "wpcs-wp-custom-search No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-mailto-links 3.1.4 Contributor+.Stored.XSS MEDIUM" "wptemplata 1.0.8 Reflected.Cross-Site.Scripting MEDIUM" "wp-show-stats No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-sheet-editor-bulk-spreadsheet-editor-for-posts-and-pages 2.25.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-sheet-editor-bulk-spreadsheet-editor-for-posts-and-pages 2.24.13 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ws-form 1.10.36 Missing.Authorization.to.Unauthenticated.Sensitive.Information.Exposure MEDIUM" "ws-form 1.10.14 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "ws-form 1.9.245 Reflected.Cross-Site.Scripting.via.URL MEDIUM" "ws-form 1.9.244 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "ws-form 1.9.218 Unauthenticated.CSV.Injection MEDIUM" "ws-form 1.9.171 Authenticated(Administrator+).SQL.Injection MEDIUM" "ws-form 1.8.176 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "ws-form 1.8.176 Admin+.Stored.Cross-Site.Scripting LOW" "wp-masquerade No.known.fix Subscriber+.Account.Takeover HIGH" "wordpress-file-upload-pro 4.16.3 Contributor+.Path.Traversal.to.RCE CRITICAL" "wordpress-file-upload-pro 4.16.3 Contributor+.Stored.Cross-Site.Scripting.via.Malicious.SVG MEDIUM" "wordpress-file-upload-pro 4.16.3 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-client-reports 1.0.23 Cross-Site.Request.Forgery MEDIUM" "wp-stats-dashboard No.known.fix Authenticated.Blind.SQL.Injection HIGH" "wps-child-theme-generator 1.2 Path.Traversal CRITICAL" "wp-vertical-image-slider 1.2.17 .Reflected.XSS HIGH" "wp-vertical-image-slider 1.2.17 Reflected.Cross-Site.Scripting MEDIUM" "wp-vertical-image-slider 1.2 Cross-Site.Scripting.&.CSRF CRITICAL" "wp-conditional-post-restrictions 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "wp-conditional-post-restrictions 1.2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wps-team No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wps-team No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "wps-team 2.8.0 Reflected.Cross-Site.Scripting MEDIUM" "woo-smart-wishlist 4.7.2 Add/Remove.Wishlist.Items.via.CSRF MEDIUM" "woo-smart-wishlist 2.9.9 Reflected.Cross-Site.Scripting MEDIUM" "woo-smart-wishlist 2.9.4 Reflected.Cross-Site.Scripting MEDIUM" "wp-social 3.1.1 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "wp-social 3.0.8 Authentication.Bypass CRITICAL" "wp-social 3.0.1 Missing.Authorization.to.Unauthenticated.Social.Login/Share.Status.Update MEDIUM" "wp-backgrounds-lite No.known.fix CSRF.Bypass MEDIUM" "wp-mail-bank 3.0.13 Reflected.Cross-Site.Scripting MEDIUM" "wp-backpack No.known.fix Admin+.Stored.XSS LOW" "wp-estimation-form 10.1.76 Reflected.Cross-Site.Scripting MEDIUM" "wp-estimation-form 10.1.77 Missing.Authorization MEDIUM" "wp-estimation-form 10.1.76 Authenticated.(Contributor+).SQL.Injection CRITICAL" "wcsm-search-merchandising No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wcsm-search-merchandising No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-skitter-slideshow No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-vipergb 1.6.2 Cross-Site.Request.Forgery MEDIUM" "wp-vipergb 1.13.16 XSS MEDIUM" "wp-csv-exporter 1.3.7 CSV.Injection LOW" "wp-csv-exporter 1.3.7 Admin+.SQLi MEDIUM" "wpgsi 3.8.3 Cross-Site.Request.Forgery.to.Arbitrary.Post.Publish MEDIUM" "wpgsi 3.8.1 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "wpgsi 3.7.9 Reflected.Cross-Site.Scripting MEDIUM" "wpgsi 3.6.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpgsi 3.6.0 Reflected.Cross-Site.Scripting HIGH" "wpgsi 3.6.0 CSRF.Bypass MEDIUM" "woocommerce-html5-video No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-headers-and-footers 3.1.2 Arbitrary.Options.Update.via.CSRF HIGH" "weather-effect 1.3.4 CSRF.to.Stored.Cross-Site.Scripting HIGH" "weather-effect 1.3.6 Admin+.Stored.Cross-Site.Scripting LOW" "wp-ispconfig3 No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-power-stats No.known.fix CSRF MEDIUM" "wp-modal-popup-with-cookie-integration No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-disable 1.5.17 Reflected.Cross-Site.Scripting MEDIUM" "wbcom-designs-buddypress-search No.known.fix Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "wp-cookie No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wens-responsive-column-layout-shortcodes No.known.fix Contributor+.Stored.XSS MEDIUM" "woo-save-abandoned-carts 8.2.1 Cross-Site.Request.Forgery MEDIUM" "woocommerce-payu-paisa No.known.fix Price.Tampering MEDIUM" "woo-product-design No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "woo-product-design No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "woo-product-design No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-remote-users-sync 1.2.13 Subscriber+.SSRF HIGH" "wp-remote-users-sync 1.2.12 Subscriber+.Log.Access MEDIUM" "wishlist-and-compare 1.0.5 Unauthorised.AJAX.call HIGH" "wpc-badge-management 2.4.1 Missing.Authorization MEDIUM" "wpzon No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "woocommerce-checkout-field-editor 1.7.5 Cross-Site.Request.Forgery MEDIUM" "woocommerce-checkout-field-editor 1.7.5 Checkout.Fields.Update.via.CSRF MEDIUM" "woocommerce-checkout-field-editor 1.7.5 Cross-Site.Request.Forgery.to.Checkout.Fields.Update MEDIUM" "wpworx-faq No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpworx-faq No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-map No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wp-rest-user No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-rest-user No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-odoo-form-integrator No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wechat-broadcast No.known.fix Local/Remote.File.Inclusion CRITICAL" "wp-table-editor 1.6.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woo-swatches-manager No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-conference-schedule 1.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-manage-fraud-orders No.known.fix Unauthenticated.Information.Exposure.via.Log.Files MEDIUM" "woo-manage-fraud-orders No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woodiscuz-woocommerce-comments No.known.fix Cross-Site.Request.Forgery MEDIUM" "woodiscuz-woocommerce-comments No.known.fix Admin+.Stored.XSS LOW" "wp-sitemap-page 1.7.0 Admin+.Stored.Cross.Site.Scripting LOW" "wpo365-login 28.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.pintra.Shortcode MEDIUM" "wpo365-login 15.4 Unauthenticated.Stored.Cross-Site.Scripting CRITICAL" "wpo365-login 11.7 JWT.Signature.Verification.Bypass HIGH" "woo-gift-cards-lite 3.0.7 Missing.Authorization.to.Infinite.Money.Glitch HIGH" "woo-gift-cards-lite 2.6.7 Missing.Authorization.to.Unauthenticated.Information.Exposure MEDIUM" "woo-gift-cards-lite 2.1.2 Cross-Site.Request.Forgery MEDIUM" "woo-gift-cards-lite 2.1.2 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "wp-ultimate-post-grid 4.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpupg-grid-with-filters.Shortcode MEDIUM" "wp-ultimate-post-grid 3.9.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpupg-text.Shortcode MEDIUM" "wp-stateless 3.4.1 Missing.Authorization.to.Limited.Arbitrary.Options.Update HIGH" "wp-megamenu No.known.fix Authenticated.(Administrator+).PHP.Object.Injection HIGH" "wp-megamenu 1.4.1 Subscriber+.Arbitrary.Post.Access MEDIUM" "wp-megamenu 1.4.0 Unauthenticated.Arbitrary.Post.Access HIGH" "wp-megamenu 1.4.1 Reflected.Cross-Site.Scripting MEDIUM" "wpvivid-backuprestore 0.9.113 Admin+.Arbitrary.File.Upload HIGH" "wpvivid-backuprestore 0.9.107 Missing.Authorization MEDIUM" "wpvivid-backuprestore 0.9.108 Unauthenticated.PHP.Object.Injection HIGH" "wpvivid-backuprestore 0.9.106 Unauthenticated.Sensitive.Data.Exposure HIGH" "wpvivid-backuprestore 0.9.100 Admin+.PHAR.Deserialization HIGH" "wpvivid-backuprestore 0.9.69 Unauthenticated.SQLi.&.DoS HIGH" "wpvivid-backuprestore 0.9.95 Missing.Authorization MEDIUM" "wpvivid-backuprestore 0.9.92 WPvivid.<.0.9.92.-.Unauthenticated.Sensitive.Information.Exposure HIGH" "wpvivid-backuprestore 0.9.90 Admin+.Stored.XSS MEDIUM" "wpvivid-backuprestore 0.9.90 Admin+.Arbitrary.Directory.Deletion.via.Path.Traversal HIGH" "wpvivid-backuprestore 0.9.90 Admin+.Stored.XSS MEDIUM" "wpvivid-backuprestore 0.9.91 Missing.Authorization.via.'start_staging'.and.'get_staging_progress' HIGH" "wpvivid-backuprestore 0.9.77 Admin+.Arbitrary.File.Deletion MEDIUM" "wpvivid-backuprestore 0.9.76 Admin+.Arbitrary.File.Read MEDIUM" "wpvivid-backuprestore 0.9.75 Admin+.PHAR.Deserialization MEDIUM" "wpvivid-backuprestore 0.9.71 Admin+.Arbitrary.File.Download LOW" "wpvivid-backuprestore 0.9.70 Reflected.Cross-Site.Scripting MEDIUM" "wpvivid-backuprestore 0.9.69 Unauthenticated.Stored.Cross-Site.Scripting CRITICAL" "wpvivid-backuprestore 0.9.56 Reflected.Cross-Site.Scripting HIGH" "wordpress-gallery-plugin No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wpdeepl 2.4.1.2 Log.Pruning.via.CSRF MEDIUM" "wpdeepl 1.7.5 API.Key.Disclosure MEDIUM" "wp-aparat 2.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wolfnet-idx-for-wordpress No.known.fix Admin+.Stored.XSS LOW" "wp-job-portal 2.2.9 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-job-portal 2.2.9 Insecure.Direct.Object.Reference.to.Authenticated.(Subscriber+).User.Photo.Disconnection MEDIUM" "wp-job-portal 2.2.7 Insecure.Direct.Object.Reference.to.Authenticated.(Employer+).Arbitrary.Job.Deletion MEDIUM" "wp-job-portal 2.2.7 Insecure.Direct.Object.Reference.to.Unauthenticated.Company.Logo.Deletion MEDIUM" "wp-job-portal 2.2.7 Insecure.Direct.Object.Reference.to.Unauthenticated.Arbitrary.Resume.Download MEDIUM" "wp-job-portal 2.2.7 Insecure.Direct.Object.Reference.to.Authenticated.(Employer+).Arbitrary.Company.Deletion MEDIUM" "wp-job-portal 2.2.7 Missing.Authorization.to.Unauthenticated.Arbitrary.Email.Sending MEDIUM" "wp-job-portal 2.2.6 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "wp-job-portal 2.2.5 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "wp-job-portal 2.2.3 Authenticated.(Admin+).SQL.Injection.via.wpjobportal_deactivate() MEDIUM" "wp-job-portal 2.2.3 Unauthenticated.SQL.Injection HIGH" "wp-job-portal 2.2.3 Missing.Authorization.to.Unauthenticated.Arbitrary.Resume.Download MEDIUM" "wp-job-portal 2.2.3 Missing.Authorization.to.Limited.Privilege.Escalation MEDIUM" "wp-job-portal 2.2.3 Authenticated.(Admin+).SQL.Injection.via.getFieldsForVisibleCombobox() MEDIUM" "wp-job-portal 2.2.3 Authenticated.(Admin+).SQL.Injection MEDIUM" "wp-job-portal 2.2.1 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wp-job-portal 2.1.7 Missing.Authorization.to.Unauthenticated.Local.File.Inclusion,.Arbitrary.Settings.Update,.and.User.Creation CRITICAL" "wp-job-portal 2.1.9 Subscriber+.Insecure.Direct.Object.Reference MEDIUM" "wp-job-portal 2.1.4 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-job-portal 2.1.4 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-job-portal 2.0.7 Cross-Site.Request.Forgery MEDIUM" "wp-job-portal 2.0.6 Unauthenticated.SQLi HIGH" "wp-job-portal 2.0.2 Unauthenticated.Settings.Update MEDIUM" "wp-job-portal 2.0.6 Subscriber+.Stored.XSS HIGH" "wp-floating-menu 1.4.5 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wp-floating-menu 1.4.1 Authenticated.Reflected.Cross-Site.Scripting CRITICAL" "w4-post-list 2.4.6 Subscriber+.Password.Protected.Post.Content.Disclosure MEDIUM" "w4-post-list 2.4.6 Reflected.XSS HIGH" "w4-post-list 2.4.6 Contributor+.Stored.XSS MEDIUM" "w4-post-list 2.4.5 Contributor+.Stored.XSS MEDIUM" "wp-limit-login-attempts No.known.fix IP.Spoofing MEDIUM" "wp-post-columns No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wish-list-for-woocommerce-pro 3.1.3 3.1.2.-.Reflected.Cross-Site.Scripting.via.wtab.Parameter MEDIUM" "woocommerce-bulk-stock-management 2.2.34 Reflected.XSS HIGH" "whats-new-genarator No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-filter-post-categories No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "websand-subscription-form No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wonderplugin-slider-lite 14.0 Reflected.Cross-Site.Scripting.via.'page' MEDIUM" "woo-ecommerce-tracking-for-google-and-facebook 3.7.2 CSRF MEDIUM" "woo-ecommerce-tracking-for-google-and-facebook 3.7.1 Reflected.Cross-Site.Scripting MEDIUM" "woo-ecommerce-tracking-for-google-and-facebook 3.6.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-thank-you-page-nextmove-lite 2.20.0 Missing.Authorization.to.Authenticated.(Subscriber+).Deactivation.Reason.Submission MEDIUM" "woo-thank-you-page-nextmove-lite 2.18.2 Cross-Site.Request.Forgery MEDIUM" "woo-thank-you-page-nextmove-lite 2.18.1 Missing.Authorization.to.Unauthenticated.System.Information.Disclosure MEDIUM" "woo-thank-you-page-nextmove-lite 2.18.0 Subscriber+.Arbitrary.Plugin.Installation/Activation HIGH" "woo-tumblog No.known.fix Missing.Authorization.to.Unauthenticated.Content.Injection MEDIUM" "wpfront-scroll-top 2.0.6.07225 Admin+.Stored.XSS MEDIUM" "widget-extend-builtin-query 1.06 Reflected.Cross-Site.Scripting MEDIUM" "woowgallery 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "woowgallery 1.1.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wc-tabs No.known.fix Authentiated.(Shop.Manager+).PHP.Object.Injection.in.product_has_custom_tabs HIGH" "wp-athletics No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-athletics No.known.fix Subscriber+.Stored.Cross-Site.Scripting HIGH" "wp-data-access 5.5.37 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-data-access 5.5.23 Unauthenticated.SQL.Injection HIGH" "wp-data-access 5.5.9 Cross-Site.Request.Forgery MEDIUM" "wp-data-access 5.3.11 Reflected.Cross-Site.Scripting MEDIUM" "wp-data-access 5.3.8 Subscriber+.Privilege.Escalation HIGH" "wp-data-access 5.1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-data-access 5.0.0 Admin+.SQL.Injection HIGH" "woocommerce-order-searching No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-mobile-detector 3.6 Unauthenticated.Arbitrary.File.Upload CRITICAL" "webo-facto-connector 1.41 Unauthenticated.Privilege.Escalation CRITICAL" "wp-video-posts No.known.fix Cross-Site.Request.Forgery.to.Remote.Code.Execution HIGH" "wp-video-posts No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-htpasswd No.known.fix Admin+.Stored.XSS LOW" "woo-availability-date No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "wp-ultimate-csv-importer 7.20.1 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wp-ultimate-csv-importer 7.19.1 Subscriber+.Arbitrary.File.Deletion HIGH" "wp-ultimate-csv-importer 7.9.9 Imported.Files.Disclosure MEDIUM" "wp-ultimate-csv-importer 7.9.9 Author+.Privilege.Escalation MEDIUM" "wp-ultimate-csv-importer 7.9.9 Author+.RCE MEDIUM" "wp-ultimate-csv-importer 6.5.8 Missing.Authorisation LOW" "wp-ultimate-csv-importer 6.5.8 Admin+.SQLi MEDIUM" "wp-ultimate-csv-importer 6.5.3 Admin+.Blind.SSRF MEDIUM" "wp-ultimate-csv-importer 6.4.3 Admin+.Stored.Cross-Site.Scripting LOW" "wp-ultimate-csv-importer 6.4.2 Subscriber+.Arbitrary.Option.Deletion HIGH" "wp-ultimate-csv-importer 6.4.1 Subscriber+.Arbitrary.File.Upload CRITICAL" "wp-ultimate-csv-importer 5.6.1 CSRF HIGH" "wp-ultimate-csv-importer 3.8.8 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-ultimate-csv-importer 3.8.1 XSS MEDIUM" "wpbits-addons-for-elementor 1.6 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "wpbits-addons-for-elementor 1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpbits-addons-for-elementor 1.6 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "wpbits-addons-for-elementor 1.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "wpbits-addons-for-elementor 1.5 Contributor+.Stored.XSS MEDIUM" "wpbits-addons-for-elementor 1.3.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wc-payment-gateway-per-category No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-product-reviews-shortcode 1.01.6 Missing.Authorization MEDIUM" "woo-product-reviews-shortcode 1.01.4 Cross-Site.Request.Forgery MEDIUM" "woo-product-reviews-shortcode 1.0.21 Reflected.Cross-Site.Scripting MEDIUM" "woo-product-reviews-shortcode 1.0.17 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpsol No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wonderplugin-video-embed 2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wonderplugin-video-embed 1.8 Contributor+.Stored.XSS MEDIUM" "wp-cors 0.2.2 Admin+.Stored.XSS LOW" "wp-autokeyword No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-autokeyword No.known.fix Missing.Authorization.to.Arbitrary.Content.Deletion MEDIUM" "wp-autokeyword No.known.fix Unauthenticated.SQL.Injection HIGH" "wp-security-pro 4.2.1 Admin+.Stored.Cross-Site.Scripting LOW" "wppricing-builder-lite-responsive-pricing-table-builder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-bibtex No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-bibtex 3.0.2 Cross-Site.Request.Forgery.to.Stored.and.Reflected.Cross-Site.Scripting MEDIUM" "wp-mapa-politico-spain 3.7.0 Authenticated.Stored.Cross-Site.Scripting LOW" "wpt-whatsapp No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "wc-j-upsellator 2.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "w3-total-cache 2.8.2 Information.Exposure.via.Log.Files LOW" "w3-total-cache 2.8.2 Subscriber+.Server-Side.Request.Forgery HIGH" "w3-total-cache 2.8.2 Unauthenticated.Plugin.Deactivation.and.Extensions.Activation/Deactivation MEDIUM" "w3-total-cache 2.7.6 Sensitive.Credentials.Stored.in.Plaintext LOW" "w3-total-cache 2.1.5 Reflected.XSS.in.Extensions.Page.(JS.Context) HIGH" "w3-total-cache 2.1.4 Reflected.XSS.in.Extensions.Page.(Attribute.Context) CRITICAL" "w3-total-cache 2.1.3 Authenticated.Stored.XSS MEDIUM" "w3-total-cache 0.9.7.4 Blind.SSRF.and.RCE.via.phar HIGH" "w3-total-cache 0.9.7.4 Cross-Site.Scripting.(XSS) HIGH" "w3-total-cache 0.9.7.4 Cryptographic.Signature.Bypass HIGH" "w3-total-cache 0.9.5 Weak.Validation.of.Amazon.SNS.Push.Messages CRITICAL" "widget-countdown 2.7.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpforms-user-registration 2.1.2 Missing.Authorization.to.Authenticated.(Contributor+).Privilege.Escalation HIGH" "wp-server-stats 1.7.8 Injected.Backdoor CRITICAL" "wp-server-stats 1.7.4 Cross-Site.Request.Forgery MEDIUM" "wp-server-stats 1.7.0 Admin+.Stored.Cross-Site.Scripting LOW" "webriti-custom-login-page No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "wp-table-reloaded No.known.fix Contributor+.Stored.XSS MEDIUM" "woo-product-slider 2.6.4 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "woo-product-slider 2.5.7 Subscriber+.Arbitrary.Options.Deletion HIGH" "wp-post-corrector No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-viewstl No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-docs 2.2.7 Missing.Authorization MEDIUM" "wp-docs 2.2.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-docs 2.2.1 Authenticated.(Subscriber+).Time-Based.SQL.Injection.via.'dir_id' MEDIUM" "wp-docs 2.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-docs 2.1.4 Reflected.Cross-Site.Scripting MEDIUM" "wp-docs 2.0.0 Reflected.XSS HIGH" "wp-js No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-reactions-lite 1.3.9 CSRF LOW" "wp-add-active-class-to-menu-item No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp2leads 3.4.7 Reflected.Cross-Site.Scripting MEDIUM" "wp2leads 3.4.3 Reflected.Cross-Site.Scripting MEDIUM" "wp2leads 3.3.4 Reflected.Cross-Site.Scripting MEDIUM" "wp2leads 3.2.8 Missing.Authorization MEDIUM" "wp-imap-authentication No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-twitter-button No.known.fix Cross-Site.Request.Forgery MEDIUM" "wsecure No.known.fix Admin+.Stored.XSS LOW" "wsecure 2.4 Remote.Code.Execution.(RCE) HIGH" "wptools 5.19 Cross-Site.Request.Forgery.to.Arbitrary.File.Renaming MEDIUM" "wptools 3.43 Subscriber+.Arbitrary.Plugin.Installation HIGH" "widgets-for-thumbtack-reviews 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "weather-atlas No.known.fix Unauthenticated.Cross-Site.Scripting MEDIUM" "weather-atlas 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-ds-blog-map No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "wp-donottrack No.known.fix Authenticated.(admin+).Stored.XSS MEDIUM" "wp-w3all-phpbb-integration No.known.fix Stored.XSS.via.CSRF HIGH" "wp-w3all-phpbb-integration No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp2appir No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-fastest-cache 1.2.7 Admin+.Arbitrary.File.Deletion MEDIUM" "wp-fastest-cache 1.2.2 Unauthenticated.SQL.Injection HIGH" "wp-fastest-cache 1.1.5 Blind.SSRF.via.CSRF LOW" "wp-fastest-cache 1.1.3 Multiple.CSRF LOW" "wp-fastest-cache 0.9.5 Subscriber+.SQL.Injection HIGH" "wp-fastest-cache 0.9.5 CSRF.to.Stored.Cross-Site.Scripting HIGH" "wp-fastest-cache 0.9.1.7 Authenticated.Arbitrary.File.Deletion.via.Path.Traversal LOW" "wp-fastest-cache 0.9.0.3 Cross-Site.Request.Forgery.(CSRF).Arbitrary.File.Deletion CRITICAL" "wp-fastest-cache 0.8.9.6 Directory.Traversal MEDIUM" "wp-fastest-cache 0.8.9.1 Unauthenticated.Arbitrary.File.Deletion HIGH" "wp-fastest-cache 0.8.8.6 CSRF.and.multiple.XSS CRITICAL" "wp-fastest-cache 0.8.7.5 Blind.SQL.Injection HIGH" "webappick-product-feed-for-woocommerce 6.5.7 Shop.Manager+.Arbitrary.Options.Update HIGH" "webappick-product-feed-for-woocommerce 3.1.15 Authenticated.Reflected.XSS MEDIUM" "wp-graphql 1.14.6 Editor+.SSRF MEDIUM" "wp-graphql 1.3.6 Denial.of.Service HIGH" "wp-graphql 0.3.5 Improper.Access.Control MEDIUM" "wp-graphql 0.3.0 Multiple.Vulnerabilities CRITICAL" "wp-social-buttons No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "wp-cfm 1.7.9 Cross-Site.Request.Forgery.via.multiple.AJAX.functions MEDIUM" "wp-triggers-lite No.known.fix Admin+.SQL.Injection MEDIUM" "wp-triggers-lite No.known.fix Reflected.XSS HIGH" "wc-remove-tabs-and-fields 1.68 Reflected.Cross-Site.Scripting MEDIUM" "wp-tools-divi-blog-carousel 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-tools-divi-blog-carousel 1.3.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-image-seo No.known.fix Cross-Site.Request.Forgery MEDIUM" "woo-parcel-pro 1.9.0 Reflected.Cross-Site.Scripting MEDIUM" "woo-parcel-pro 1.6.12 Cross-Site.Request.Forgery MEDIUM" "woo-parcel-pro 1.6.12 Open.Redirect MEDIUM" "woo-abandoned-cart-recovery 1.0.4.1 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "woo-abandoned-cart-recovery 1.0.4.1 Cross-Site.Request.Forgery MEDIUM" "wp-fountain No.known.fix Reflected.Cross-Site.Scripting HIGH" "wc-order-limit-lite 3.0.3 Missing.Authorization MEDIUM" "wc-order-limit-lite 2.0.1 Missing.Authorization MEDIUM" "wp-newsletter-subscription No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "wp-broken-images No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-image-carousel No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-cookie-law-info No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-ecommerce-shop-styling No.known.fix Unauthenticated.Dompdf.Local.File.Inclusion.(LFI) HIGH" "wp-job-manager-companies 1.8 Reflected.Cross-Site.Scripting MEDIUM" "wp-ultimate-recipe 3.12.7 Authenticated.Stored.XSS MEDIUM" "wp-autosearch No.known.fix Unauthenticated.SQLi HIGH" "wp-job-openings 3.4.3 Sensitive.Data.Exposure.via.Directory.Listing MEDIUM" "woo-advanced-extra-fees-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-404-auto-redirect-to-similar-post 1.0.5 Reflected.Cross-Site.Scripting.via.Debug.Mode.URI MEDIUM" "wp-404-auto-redirect-to-similar-post 1.0.4 Reflected.Cross-Site.Scripting.via.request MEDIUM" "wp-404-auto-redirect-to-similar-post 1.0.4 Admin+.Stored.XSS LOW" "wbounce No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-role-pricing No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-email-newsletter No.known.fix Reflected.XSS HIGH" "wc-venipak-shipping 1.19.6 Reflected.Cross-Site.Scripting.via.'venipak_labels_link' MEDIUM" "wp-plugin-info-card 5.3.1 Contributor+.Stored.XSS MEDIUM" "widgets-for-aliexpress-reviews 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "wp-admin-ui-customize 1.5.14 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-admin-ui-customize 1.5.13 Admin+.Stored.XSS LOW" "woo-customers-spreadsheet-bulk-edit 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "woo-customers-spreadsheet-bulk-edit 1.0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpo365-msgraphmailer 3.3 Open.Redirect.via.'redirect_to'.Parameter MEDIUM" "wp-paypal 1.2.3.36 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woo-wholesale-pricing 1.6.5 Reflected.Cross-Site.Scripting MEDIUM" "woo-wholesale-pricing 1.6.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-attachments No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "wp-attachments 5.0.6 Admin+.Stored.XSS LOW" "wp-attachments 5.0.5 Admin+.Stored.Cross-Site.Scripting LOW" "wp-html-author-bio-by-ahmad-awais No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "woo-recargo-de-equivalencia No.known.fix Cross-Site.Request.Forgery MEDIUM" "wh-testimonials No.known.fix Unauthenticated.Stored.XSS HIGH" "wechat-social-login No.known.fix Authentication.Bypass CRITICAL" "wechat-social-login No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-share-buttons-analytics-by-getsocial No.known.fix Missing.Authorization MEDIUM" "wp-share-buttons-analytics-by-getsocial 4.4 Admin+.Stored.XSS LOW" "wappointment 2.6.1 Admin+.SSRF MEDIUM" "wappointment 2.2.5 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wibiya No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wpcomplete 2.9.5 Reflected.Cross-Site.Scripting HIGH" "wp-testing No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wp-tell-a-friend-popup-form No.known.fix Admin+.Stored.XSS LOW" "wp-tell-a-friend-popup-form No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-postratings-cheater No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-child-theme-generator 1.1.2 Missing.Authorization.to.Unauthenticated.Child.Theme.Creation/Activation MEDIUM" "wp-child-theme-generator 1.1.3 Admin+.Arbitrary.File.Upload MEDIUM" "wupo-group-attributes 2.3.3 Reflected.Cross-Site.Scripting MEDIUM" "wupo-group-attributes 2.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wordpress-feed-statistics No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "wordpress-feed-statistics 4.0 Open.Redirect MEDIUM" "wpgform No.known.fix Admin+.Stored.XSS LOW" "wpgform 0.94 Eval.Injection HIGH" "wp-fpo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-quick-front-end-editor No.known.fix Authenticated.Content.Injection MEDIUM" "wp-quick-front-end-editor No.known.fix Authenticated.Settings.Change.leading.to.Stored.XSS CRITICAL" "wpbot-pro 13.5.6 Missing.Authorization.to.Authenticated.(Subscriber+).Simple.Text.Response.Creation MEDIUM" "wpbot-pro 13.5.6 Unauthenticated.Arbitrary.File.Upload CRITICAL" "ws-form-pro 1.9.218 Unauthenticated.CSV.Injection MEDIUM" "ws-form-pro 1.8.176 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "ws-form-pro 1.8.176 Admin+.Stored.Cross-Site.Scripting LOW" "wp-extended-search 2.1.2 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wishsuite 1.4.5 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wishsuite 1.3.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wishsuite 1.3.5 Admin+.Stored.XSS LOW" "wishsuite 1.3.4 Cross-Site.Request.Forgery MEDIUM" "woo-product-bundle 7.3.2 Cross-Site.Request.Forgery MEDIUM" "wp-change-email-sender 2.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-gateway-certification-de-facture-et-gestion-de-pdf-kiwiz No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "woo-advanced-product-size-chart 2.4.6 Missing.Authorization MEDIUM" "woo-advanced-product-size-chart 2.4.3.1 Reflected.Cross-Site.Scripting MEDIUM" "woo-advanced-product-size-chart 2.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpr-admin-amplify No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-replicate-post 4.1 Contributor+.SQL.Injection MEDIUM" "wp-post-disclaimer 1.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-amazon-shop No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "woo-permalink-manager 2.3.11 Unauthenticated.Local.File.Inclusion CRITICAL" "woo-permalink-manager 2.3.9 Reflected.Cross-Site.Scripting MEDIUM" "woo-permalink-manager 2.3.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-posturl No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "wpematico 2.6.12 Admin+.Stored.Cross-Site.Scripting LOW" "wp-top-news 2.3.7 Reflected.Cross-Site.Scripting MEDIUM" "wp-top-news 2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpglobus-translate-options No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wpglobus-translate-options 2.2.0 Reflected.XSS HIGH" "woo-document-preview 1.4.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "widget-post-slider 1.3.6 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-event-partners No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-event-partners No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-ecommerce-paypal 1.9.1 Unauthenticated.Open.Redirect HIGH" "wp-ecommerce-paypal 1.9 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "wp-ecommerce-paypal 1.8.2 Cross-Site.Request.Forgery MEDIUM" "wp-ecommerce-paypal 1.7.4 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "wp-ecommerce-paypal 1.7.3 CSRF.to.Stored.Cross-Site.Scripting HIGH" "wp-fail2ban 5.1.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-fail2ban 4.4.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-fail2ban 4.0.5 Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-media-manager-lite 1.1.3 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wp-discord-invite 2.5.2 Admin+.Stored.Cross.Site.Scripting LOW" "wp-discord-invite 2.5.1 Arbitrary.Settings.Update.via.CSRF HIGH" "wp-discord-invite 2.5.1 Reflected.Cross-Site.Scripting.via.webhook MEDIUM" "woolentor-addons 3.1.3 Unauthenticated.Server-Side.Request.Forgery.via.URL.Parameter MEDIUM" "woolentor-addons 3.1.1 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.Flash.Sale.Countdown.Module MEDIUM" "woolentor-addons 2.9.9 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.WL:.FAQ.Widget.Elementor.Template MEDIUM" "woolentor-addons 2.9.8 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "woolentor-addons 2.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.WL.Product.Horizontal.Filter.Widget MEDIUM" "woolentor-addons 2.8.9 Authenticated.Option.Update MEDIUM" "woolentor-addons 2.8.9 Contributor+.Stored.XSS.via.woolentorsearch.Shortcode MEDIUM" "woolentor-addons 2.8.8 Contributor+.Stored.XSS MEDIUM" "woolentor-addons 2.8.8 Missing.Authorization MEDIUM" "woolentor-addons 2.8.8 Contributor+.Stored.XSS MEDIUM" "woolentor-addons 2.8.2 Contributor+.Stored.XSS MEDIUM" "woolentor-addons 2.8.2 Contributor+.Template.Reset LOW" "woolentor-addons 2.8.5 Authenticated.(Contributor+).Stored.Cross-site.Scripting.via.QR.Code.Widget MEDIUM" "woolentor-addons 2.8.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.WL.Universal.Product.Layout MEDIUM" "woolentor-addons 2.8.2 Contributor+.Stored.Cross-Site.Scripting.via.Banner.Link MEDIUM" "woolentor-addons 2.6.3 Settings.Update.via.CSRF MEDIUM" "woolentor-addons 2.5.2 Settings.Update.via.CSRF MEDIUM" "woolentor-addons 2.5.4 PHP.Object.Injection MEDIUM" "woolentor-addons 2.5.4 Contributor+.Stored.XSS MEDIUM" "woolentor-addons 1.8.6 WooCommerce.Elementor.Addons.+.Builder.<.1.8.6.-.Contributor+.Stored.XSS MEDIUM" "wowrestro 1.1 CSRF.Bypass MEDIUM" "wp-meta-keywords-meta-description No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "white-label-branding-elementor No.known.fix Admin+.Stored.XSS LOW" "wp-heyloyalty No.known.fix Unauthenticated.RCE.via.PHPUnit CRITICAL" "wp-opening-hours No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "woffice-core 5.4.22 Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "woffice-core 5.4.22 Cross-Site.Request.Forgery.to.User.Registration.Approval MEDIUM" "woffice-core 5.4.9 Reflected.Cross-Site.Scripting MEDIUM" "woffice-core 5.4.9 Missing.Authorization MEDIUM" "wp-private-message 1.0.6 Private.Message.Disclosure.via.IDOR MEDIUM" "wp-custom-cms-block No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wholesalex 1.3.3 Unauthenticated.Privilege.Escalation MEDIUM" "wholesalex 1.3.2 Sensitive.Information.Exposure.via.export_users MEDIUM" "wholesalex 1.3.3 Unauthenticated.PHP.Object.Injection CRITICAL" "wholesalex 1.3.2 Authenticated(Subscriber+).Missing.Authorization.via.multiple.AJAX.actions MEDIUM" "woo-audio-preview 1.4.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "wp-transactions 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-pocket-urls 1.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-pocket-urls 1.0.3 Reflected.Cross-Site.Scripting HIGH" "wp-blackcheck No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-hide-backed-notices 1.3.1 Missing.Authorization.to.Authenticated(Contributor+).Plugin.Settings.Modification MEDIUM" "wp-hide-backed-notices 1.3 Cross-Site.Request.Forgery MEDIUM" "wp-post-to-pdf-enhanced No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "webd-woocommerce-advanced-reporting-statistics No.known.fix Unauthenticated.SQL.Injection HIGH" "wp-central No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-central 1.5.1 Improper.Access.Control.to.Privilege.Escalation HIGH" "wp-gdpr-core No.known.fix Multiple.Unauthenticated.Issues HIGH" "wp-travel-blocks 3.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-travel-blocks 3.6.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-admin-custom-page No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-events-manager 2.2.0 Authenticated.(Subscriber+).Time-Based.SQL.Injection HIGH" "wordpress-multisite-user-sync 2.1.2 Reflected.Cross-Site.Scripting MEDIUM" "wp-carousel-free 2.7.4 Admin+.Stored.XSS LOW" "wp-carousel-free 2.6.9 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "wp-carousel-free 2.6.4 Authenticated.(Admin+).PHP.Object.Injection HIGH" "wp-carousel-free 2.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'sp_wp_carousel_shortcode' MEDIUM" "wp-carousel-free 2.6.9 Editor+.Stored.XSS LOW" "wp-carousel-free 2.5.3 Contributor+.Stored.XSS MEDIUM" "wp-currency-exchange-rates 1.3.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-mini-program No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wc-payphone-gateway 3.2.1 Reflected.Cross-Site.Scripting MEDIUM" "woo-recent-purchases No.known.fix Authenticated.(Admin+).Local.File.Inclusion HIGH" "wp-plugin-lister No.known.fix Settings.Update.to.Stored.XSS.via.CSRF HIGH" "whmpress 6.3-revision-1 Unauthenticated.Local.File.Inclusion.to.Arbitrary.Options.Update CRITICAL" "whmpress No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "whmpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-remote-site-search 1.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wn-flipbox-pro 2.1 Reflected.Cross-Site.Scripting MEDIUM" "waiting No.known.fix Subscriber+.Stored.XSS HIGH" "waiting No.known.fix Subscriber+.SQLi HIGH" "waiting No.known.fix Missing.Authorization MEDIUM" "waiting No.known.fix Admin+.Cross-Site.Scripting LOW" "waiting No.known.fix Cross-Site.Request.Forgery MEDIUM" "webico-slider-flatsome-addons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wbc_image.Shortcode MEDIUM" "wp-reply-notify No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-songbook No.known.fix Reflected.Cross-Site.Scripting HIGH" "wp-media-optimizer-webp No.known.fix Reflected.Cross-Site.Scripting.via.wpmowebp-css-resources.and.wpmowebp-js-resources.Parameters MEDIUM" "wp-online-users-stats No.known.fix Unauthenticated.SQL.Injection HIGH" "wp-extra 6.5 Cross-Site.Request.Forgery.ToolImport MEDIUM" "wp-extra 6.3 Missing.Authorization.to.Arbitrary.Email.Sending MEDIUM" "wp-extra 6.3 Subscriber+..htaccess.File.Modification HIGH" "wp-extra 6.3 Missing.Authorization.to.Export.Settings MEDIUM" "woo-ukrposhta 1.18.0 Reflected.Cross-Site.Scripting.via.order,.post,.and.idd.Parameters MEDIUM" "woo-ukrposhta 1.17.0 Reflected.Cross-Site.Scripting MEDIUM" "woo-ukrposhta 1.6.18 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-galleria No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-easy-guide No.known.fix Unauthenticated.SQL.Injection HIGH" "watermark-reloaded No.known.fix Cross-Site.Request.Forgery.via.optionsPage HIGH" "wpcargo No.known.fix Authenticated.(Contributor+).Insecure.Direct.Object.Reference MEDIUM" "wpcargo No.known.fix Missing.authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "wpcargo No.known.fix Unauthenticated.SQL.Injection HIGH" "wpcargo 6.9.5 Admin+.Stored.Cross.Site.Scripting LOW" "wpcargo 6.9.5 Reflected.Cross.Site.Scripting MEDIUM" "wpcargo 6.9.0 Unauthenticated.RCE CRITICAL" "wp-opensearch No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "welcome-email-editor 5.0.7 Cross-Site.Request.Forgery MEDIUM" "welcome-email-editor 5.0.7 Subscriber+.Email.Sending MEDIUM" "wp-last-modified-info 1.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.lmt-post-modified-info.Shortcode MEDIUM" "woo-seo-content-randomizer-addon 1.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wc-pickupp No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "wp-native-articles 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "widgetkit-for-elementor No.known.fix Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Elementor.Templates MEDIUM" "widgetkit-for-elementor 2.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "widgetkit-for-elementor 2.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "widgetkit-for-elementor 2.5.5 Missing.Authorization.to.Notice.Dismissal NONE" "widgetkit-for-elementor No.known.fix Contributor+.Stored.XSS MEDIUM" "widgetkit-for-elementor 2.4.4 WidgetKit.<.2.4.4.-.Admin+.Stored.XSS LOW" "widgetkit-for-elementor 2.3.10 WidgetKit.<.2.3.10.-.Contributor+.Stored.XSS MEDIUM" "websimon-tables No.known.fix Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-extra-fields No.known.fix Reflected.XSS HIGH" "wp-blog-manager-lite 1.1.2 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "web-invoice No.known.fix Authenticated.SQLi HIGH" "web-invoice No.known.fix Authenticated.SQLi HIGH" "woo-conditional-discount-rules-for-checkout 2.4.1 CSRF MEDIUM" "woo-conditional-discount-rules-for-checkout 2.3.3.1 Reflected.Cross-Site.Scripting MEDIUM" "woo-conditional-discount-rules-for-checkout 2.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-wholesale-prices 2.2.0 Missing.Authorization MEDIUM" "woocommerce-wholesale-prices 2.1.5.1 Cross-Site.Request.Forgery MEDIUM" "woocommerce-wholesale-prices 2.1.5.1 Subscriber+.Missing.Authorization.for.Plugin.Settings.Change MEDIUM" "woocommerce-wholesale-prices 2.1.5.1 Subscriber+.Stored.Cross-Site.Scripting HIGH" "woocommerce-alidropship 1.1.1 Unauthenticated.Sensitive.Data.Exposure HIGH" "wp-hide-that No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-post-block No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "windows-live-writer No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-fundraising-donation 1.7.1 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "wp-fundraising-donation 1.7.0 Missing.Authorization MEDIUM" "wp-fundraising-donation 1.5.0 Unauthenticated.SQLi HIGH" "wp-html-page-sitemap No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting HIGH" "wp-to-buffer 3.7.5 Reflected.Cross-Site.Scripting HIGH" "woo-authorize-net-gateway-aim 6.0.4 Reflected.Cross-Site.Scripting MEDIUM" "woo-authorize-net-gateway-aim 5.1.27 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-order-status-change-notifier No.known.fix Subscriber+.Arbitrary.Order.Status.Update MEDIUM" "wiredminds-leadlab No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-dropbox-dropins No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-hrm-lite-human-resource-management-system No.known.fix Unauthenticated.SQL.Injection HIGH" "woo-product-feed-pro 13.3.2 Sensitive.Information.Exposure.via.Log.Files MEDIUM" "woo-product-feed-pro 13.2.6 Reflected.Cross-Site.Scripting MEDIUM" "woo-product-feed-pro 12.4.5 Multiple.CSRF MEDIUM" "woo-product-feed-pro 11.2.3 Reflected.Cross-Site.Scripting MEDIUM" "woo-product-feed-pro 11.0.7 Subscriber+.Settings.Update.to.Stored.XSS HIGH" "wp-categories-widget 2.3 Reflected.XSS HIGH" "wp-custom-cursors No.known.fix Admin+.Stored.XSS LOW" "wp-custom-cursors 3.2 Admin+.SQLi MEDIUM" "wp-custom-cursors 3.0.1 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "wp-custom-cursors 3.0.1 Arbitrary.Cursor.Deletion.via.CSRF MEDIUM" "wp-custom-cursors 3.2 Admin+.SQLi MEDIUM" "wphobby-demo-import No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "webd-woocommerce-product-excel-importer-bulk-edit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-forecast 9.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-forecast 7.6 Admin+.Stored.Cross-Site.Scripting LOW" "wp-social-widget 2.2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-social-widget 2.2.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "wp-social-widget 2.2.4 Contributor+.Stored.XSS MEDIUM" "web-push No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wpmu-prefill-post No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "wt-woocommerce-wishlist 2.1.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "woo-checkout-for-digital-goods 3.7.1 Reflected.Cross-Site.Scripting MEDIUM" "woo-checkout-for-digital-goods 3.6.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-checkout-for-digital-goods 2.2 CSRF.to.Settings.Change MEDIUM" "wpsitemap No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpsynchro 1.11.3 Cross-Site.Request.Forgery MEDIUM" "wpsynchro 1.10.0 Settings.Update.via.CSRF MEDIUM" "wow-entrance-effects-wee No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpcasa 1.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpcasa 1.3.0 Insecure.Direct.Object.Reference MEDIUM" "wp-htaccess-control No.known.fix Admin+.Stored.XSS LOW" "wp-back-button No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-cassify 2.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpide 3.5.0 Unauthenticated.Full.Path.Dislcosure MEDIUM" "wpide 3.4.7 Reflected.Cross-Site.Scripting MEDIUM" "wpide 3.0 Admin+.Arbitrary.File.Edit.&.Upload MEDIUM" "wpide 3.0 Admin+.Arbitrary.File.Read MEDIUM" "wpide 3.0 Admin+.Local.File.Inclusion LOW" "woocommerce-gateway-amazon-payments-advanced 2.0.1 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-basic-ordernumbers No.known.fix Missing.Authorization MEDIUM" "wp-bootscraper 4.0.0 Unauthenticated.Local.File.Inclusion CRITICAL" "wp-not-login-hide-wpnlh No.known.fix Admin+.Stored.XSS LOW" "wp-foft-loader 2.1.29 Reflected.Cross-Site.Scripting MEDIUM" "wp-foft-loader 2.1.21 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpop-elementor-addons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wordpress-tabs-slides No.known.fix CSRF MEDIUM" "wp-domain-redirect No.known.fix Authenticated.SQL.Injection MEDIUM" "wha-puzzle No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-database-optimizer No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-database-optimizer No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-map-route-planner No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-responsive-slider-with-lightbox 1.0.1 Arbitrary.File.Upload.via.CSRF HIGH" "wp-responsive-slider-with-lightbox 1.0.1 Admin+.Stored.XSS MEDIUM" "wp-responsive-slider-with-lightbox 1.0.1 Image.Lightboxes.via.CSRF MEDIUM" "wp-google-fonts 3.1.5 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-photo-reviews 1.3.14 Authentication.Bypass.to.Account.Takeover.and.Privilege.Escalation CRITICAL" "wp-mailer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-rollback 1.2.3 Cross-Site.Scripting.(XSS).&.CSRF HIGH" "wp-email-capture 3.11 Unauthenticated.Email.Capture.Download MEDIUM" "wp-email-capture 3.10 Email.Captures.Update.via.CSRF MEDIUM" "wp-email-capture 3.10 Admin+.Stored.XSS LOW" "wp-cron-status-checker 1.2.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-cron-status-checker 1.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-delivery-date No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpp-customization No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-s3 1.6 Reflected.XSS HIGH" "weaver-for-bbpress 1.7.1 Reflected.Cross-Site.Scripting.via._wpnonce.Parameter MEDIUM" "wc-thanks-redirect 3.1 Reflected.Cross-Site.Scripting MEDIUM" "wc-thanks-redirect 3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-prayers-request No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-prayers-request No.known.fix Email.Settings.Update.via.CSRF MEDIUM" "wpzoom-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.box.Shortcode MEDIUM" "wpzoom-shortcodes 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "wp-scrive 1.2.4 Reflected.Cross-Site.Scripting MEDIUM" "wp-scrive 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-simple-galleries No.known.fix Contributor+.PHP.Object.Injection HIGH" "wp-team-manager 2.2.0 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-team-manager 2.1.13 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-team-manager 2.0.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wp-db-backup 2.5.2 Arbitrary.Schedule.Settings.Update.via.CSRF MEDIUM" "wp-db-backup 2.5.1 Admin+.SQL.Injection MEDIUM" "wp-db-backup 2.4 Authenticated.Persistent.Cross-Site.Scripting.(XSS) MEDIUM" "wp-db-backup 2.3.0 Backup.Filename.Brute.Forcing HIGH" "wp-data-logger 2.2.1 Missing.Authorization MEDIUM" "wr-price-list-for-woocommerce No.known.fix Missing.Authorization.to.Arbitrary.Content.Deletion MEDIUM" "wr-price-list-for-woocommerce No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wrc-pricing-tables 2.3.8 Missing.Authorization MEDIUM" "wrc-pricing-tables 2.3.9 Admin+.Stored.XSS LOW" "wp-player No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-sms 6.9.4 Missing.Authorization MEDIUM" "wp-sms 6.5.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-sms 6.6.3 Cross-Site.Request.Forgery MEDIUM" "wp-sms 6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-sms 6.5.3 Reflected.Cross-Site.Scripting.via.'page' MEDIUM" "wp-sms 6.5.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wp-sms 6.5.1 Cross-Site.Request.Forgery.to.Subscriber.Deletion MEDIUM" "wp-sms 6.5.1 Contributor+.SQLi.to.Reflected.XSS HIGH" "wp-sms 6.2.0 User.Unsubscribe.via.CSRF MEDIUM" "wp-sms 6.1.5 Reflected.XSS HIGH" "wp-sms 6.0.4.1 Information.Disclosure.via.REST.API MEDIUM" "wp-sms 5.4.13 Authenticated.Stored.Cross-Site.Scripting LOW" "wp-sms 5.4.9.1 Reflected.Cross-Site.Scripting.(XSS) HIGH" "wp-link-preview No.known.fix Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "woosms-sms-module-for-woocommerce 3.0.3 Missing.Authorization.via.Multiple.AJAX.Actions MEDIUM" "woocommerce-multilingual 5.3.9 Missing.Authorization MEDIUM" "woocommerce-multilingual 5.3.8 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-multilingual 5.3.7 Missing.Authorization MEDIUM" "woocommerce-multilingual 5.3.4 Shop.Manager+.SQL.Injection MEDIUM" "woocommerce-multilingual 5.3.4 Shop.Manager+.SQL.Injection MEDIUM" "woocommerce-multilingual 5.3.4 Shop.Manager+.SQL.Injection MEDIUM" "woocommerce-multilingual 5.3.4 Shop.Manager+.SQL.Injection MEDIUM" "woocommerce-multilingual 5.3.5 Missing.Authorization MEDIUM" "web-application-firewall 2.1.3 IP.Address.Spoofing.to.Protection.Mechanism.Bypass MEDIUM" "web-application-firewall 2.1.2 Unauthenticated.Privilege.Escalation CRITICAL" "woo-moneybird No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wc4bp-groups 1.1.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-users-exporter No.known.fix CSV.Injection MEDIUM" "wp-gcalendar No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "woocommerce-help-scout 2.9.1 Unauthenticated.Arbitrary.File.Upload.leading.to.RCE CRITICAL" "woocommerce-pos 1.4.12 Insufficient.Verification.of.Data.Authenticity.to.Authenticated.(Customer+).Information.Disclosure MEDIUM" "wp-extra-file-types 0.5.1 CSRF.to.Stored.Cross-Site.Scripting HIGH" "woocommerce-mercadopago 7.6.2 7.6.1.-.Authenticated.(Subscriber+).Arbitrary.File.Download MEDIUM" "woocommerce-mercadopago 6.4.0 CSRF MEDIUM" "wp-block-pack No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wooCommerce-order-proposal 2.0.6 Authenticated.(Shop.Manager+).Privilege.Escalation.via.Order.Proposal HIGH" "wp-e-customers No.known.fix Reflected.XSS HIGH" "wp01 No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Download MEDIUM" "wp-customer-reviews 3.7.1 Malicious.Redirect.via.HTTP-EQUIV.Injection LOW" "wp-customer-reviews 3.6.7 Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "wp-customer-reviews 3.6.7 Admin+.Stored.XSS MEDIUM" "wp-customer-reviews 3.5.6 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-customer-reviews 3.4.3 Multiple.Unauthenticated.and.Low.Priv.Authenticated.Stored.XSS CRITICAL" "wp-customer-reviews 3.0.9 CSRF.&.XSS HIGH" "wp-translitera No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-hide No.known.fix Unauthenticated.Settings.Update MEDIUM" "wholesale-market-for-woocommerce 2.0.0 Admin+.Arbitrary.Log.Download MEDIUM" "wholesale-market-for-woocommerce 2.0.1 Settings.Update.via.CSRF MEDIUM" "wholesale-market-for-woocommerce 1.0.8 Admin+.Arbitrary.File.Download MEDIUM" "wholesale-market-for-woocommerce 1.0.7 Unauthenticated.Arbitrary.File.Download HIGH" "wp-pano No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-report-post No.known.fix Reflected.XSS HIGH" "wp-security-audit-log 5.3.3 Authenticated.(Admin+).PHP.Object.Injection MEDIUM" "wp-security-audit-log 5.3.0 Unauthenticated.Stored.XSS HIGH" "wp-security-audit-log 5.2.2 Unauthenticated.Stored.Cross-Site.Scripting.via.User_id.Parameter HIGH" "wp-security-audit-log 4.6.2 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "wp-security-audit-log 4.4.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-security-audit-log 4.5.2 Subscriber+.Information.Leak MEDIUM" "wp-security-audit-log 4.4.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-security-audit-log 4.1.5 SQL.Injection.in.External.Database.Module HIGH" "wp-security-audit-log 4.0.2 Broken.Access.Control.in.First-Time.Install.Wizard CRITICAL" "wp-security-audit-log 3.3.1.2 Subscriber+.Arbitrary.Option.Update MEDIUM" "wp-open-street-map 1.30 Arbitrary.Settings.Update.via.CSRF MEDIUM" "wp-fiddle No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wplms-plugin 1.9.9.5.3 Unauthenticated.SQL.Injection HIGH" "webp-express 0.14.8 Authenticated.Stored.XSS MEDIUM" "webp-express 0.14.11 Multiple.Issues HIGH" "woo-advanced-product-information 1.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-cleanup-and-basic-functions No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "woo-qiwi-payment-gateway No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "worpit-admin-dashboard-plugin 4.5.0 Unauthenticated.PHP.Object.Injection CRITICAL" "webriti-smtp-mail No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "wpremote 4.65 Reflected.Cross-Site.Scripting MEDIUM" "wp-advanced-search No.known.fix Authenticated.(Admin+).Arbitrary.File.Upload HIGH" "wp-advanced-search 3.3.9.3 Admin+.Stored.XSS LOW" "wp-advanced-search 3.3.9.2 Unauthenticated.SQL.Injection HIGH" "wp-advanced-search 3.3.9 Settings.Update.via.CSRF MEDIUM" "wp-advanced-search 3.3.7 Authenticated.SQL.Injection HIGH" "wux-blog-editor No.known.fix Authentication.Bypass.to.Administrator CRITICAL" "wux-blog-editor No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-media-folder 5.7.3 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wp-media-folder 5.7.3 Missing.Authorization.to.Authenticated(Subscriber+).Plugin.settings.change MEDIUM" "wp-media-folder 5.7.3 Missing.Authorization.to.Authenticated(Subscriber+).Title.Modification MEDIUM" "wp-nssuser-register No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "wp-csv No.known.fix Reflected.XSS.via.CSV.Import MEDIUM" "wp-subscription-forms 1.2.4 Missing.Authorization MEDIUM" "wp-subscription-forms 1.2.5 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-subscription-forms 1.2.4 Authenticated.(Contributor+).SQL.Injection MEDIUM" "wp-total-hacks No.known.fix Subscriber+.Arbitrary.Options.Update.to.Stored.XSS HIGH" "wp-memory 2.46 Subscriber+.Arbitrary.Plugin.Installation HIGH" "wd-google-analytics No.known.fix Missing.Authorization.via.gawd_wd_bp_install_notice_status MEDIUM" "wd-google-analytics 1.2.9 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wp-ever-accounting 2.1.6 Cross-Site.Request.Forgery MEDIUM" "wpmovielibrary No.known.fix Reflected.XSS HIGH" "wp-recaptcha-bp No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "watchtowerhq 3.10.4 Authentication.Bypass.to.Administrator.due.to.Missing.Empty.Value.Check CRITICAL" "watchtowerhq 3.6.16 Unauthenticated.Arbitrary.File.Access HIGH" "watchtowerhq 3.6.16 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "wp-bookmarks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-phone-message No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-phone-message No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wha-wordsearch No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "wha-wordsearch No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-mermaid No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woo-seo-addon 2.1.6 Reflected.Cross-Site.Scripting MEDIUM" "woo-seo-addon 2.1.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-query-console No.known.fix Unauthenticated.Remote.Code.Execution CRITICAL" "woocommerce-products-filter 1.3.6.5 Subscriber+.Local.File.Inclusion HIGH" "woocommerce-products-filter 1.3.6.6 Unauthenticated.Local.File.Inclusion CRITICAL" "woocommerce-products-filter 1.3.6.4 Reflected.Cross-Site.Scripting.via.really_curr_tax.Parameter MEDIUM" "woocommerce-products-filter 1.3.6.2 Insecure.Direct.Object.Reference.to.Unsubscribe MEDIUM" "woocommerce-products-filter 1.3.6.2 Authenticated.(Shop.Manager+).Arbitrary.Options.Update HIGH" "woocommerce-products-filter 1.3.6.1 Products.Filter.Professional.for.WooCommerce.<.1.3.6.1.-.Unauthenticated.Time-Based.SQL.Injection CRITICAL" "woocommerce-products-filter 1.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "woocommerce-products-filter 1.3.5.3 Subscriber+..Remote.Code.Execution CRITICAL" "woocommerce-products-filter 1.3.5.2 Cross-Site.Request.Forgery MEDIUM" "woocommerce-products-filter 1.3.5.3 Admin+.Local.File.Inclusion MEDIUM" "woocommerce-products-filter 1.3.5.2 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "woocommerce-products-filter 1.3.5.3 Contributor+.SQL.Injection HIGH" "woocommerce-products-filter 1.3.4.4 Multiple.Connections/Stats.CSRF MEDIUM" "woocommerce-products-filter 1.3.4.3 Unauthenticated.SQL.Injection.via.search.terms CRITICAL" "woocommerce-products-filter 1.3.4.3 Missing.Authorization.via.woof_meta_get_keys() MEDIUM" "woocommerce-products-filter 1.3.2 Products.Filter.for.WooCommerce.<.1.3.2.-.Admin+.PHP.Object.Injection LOW" "woocommerce-products-filter 1.2.6.3 Products.Filter.for.WooCommerce.<.1.2.6.3.-.Reflected.Cross-Site.Scripting HIGH" "woocommerce-products-filter 1.2.0 Multiple.Issues CRITICAL" "wp-debugging 2.11.7 Subscriber+.Arbitrary.Plugin.Activation MEDIUM" "wp-debugging 2.11.7 Arbitrary.Plugin.Installation.from.Dependency.via.CSRF LOW" "wp-debugging 2.11.0 Unauthenticated.Plugin's.Settings.Update MEDIUM" "wp-content-pilot 1.3.4 Authenticated.(Contributor+).Content.Injection MEDIUM" "wp-sentry No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "woo-aliexpress-dropshipping 2.1.2 Unauthenticated.Arbitrary.Content.Deletion MEDIUM" "woo-aliexpress-dropshipping No.known.fix Missing.Authorization MEDIUM" "widgetize-pages-light No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "widgetize-pages-light No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-hijri No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-hijri 1.5.2 Reflected.XSS HIGH" "wp-display-users No.known.fix Authenticated.SQL.Injection MEDIUM" "wp-sendfox No.known.fix Unauthenticated.Information.Disclosure MEDIUM" "wp-sendfox 1.3.1 Missing.Authorization MEDIUM" "woocommerce-to-google-merchant-center No.known.fix Missing.Authorization MEDIUM" "wp-custom-login-page No.known.fix Admin+.Stored.XSS LOW" "wooshark-aliexpress-importer 2.2.5 Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "wooshark-aliexpress-importer 2.2.5 Unauthenticated.Settings.&.Products.Update MEDIUM" "wp-swimteam 1.45 Local.File.Inclusion MEDIUM" "wordpress-plugin-for-simple-google-adsense-insertion 2.1 Inject.ads.and.javascript.via.CSRF MEDIUM" "woocommerce-pre-orders 2.0.3 Arbitrary.Pre-Order.Canceling.via.CSRF MEDIUM" "woocommerce-pre-orders 2.0.3 Unauthorised.Actions.via.CSRF MEDIUM" "woocommerce-pre-orders 2.0.2 Reflected.XSS HIGH" "woocommerce-pre-orders 2.0.1 Contributor+.Stored.XSS MEDIUM" "woocommerce-pre-orders 2.0.0 Reflected.XSS HIGH" "wp-auto-republish 1.5.6.1 Subscriber+.Settings.Update/Access MEDIUM" "wp-auto-republish 1.5.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-auto-republish 1.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-product-carousel-slider-and-grid-ultimate 1.10.1 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "woo-product-carousel-slider-and-grid-ultimate 1.10.0 Authenticated.(Contributor+).Local.File.Inclusion.via.'theme' HIGH" "woo-product-carousel-slider-and-grid-ultimate 1.10.0 Contributor+.Local.File.Inclusion HIGH" "woo-product-carousel-slider-and-grid-ultimate 1.9.8 Authenticated(Contributor+).PHP.Object.Injection HIGH" "woo-auto-coupons 3.0.15 Reflected.Cross-Site.Scripting MEDIUM" "woo-custom-profile-picture No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "woo-esto 2.23.2 Settings.Update.via.CSRF MEDIUM" "wishlist No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "wishlist No.known.fix Cross-Site.Request.Forgery MEDIUM" "wishlist 1.0.44 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wishlist 1.0.42 Authenticated.(Contributor+).SQL.Injection MEDIUM" "woo-ups-pickup No.known.fix Missing.Authorization MEDIUM" "woo-ups-pickup 2.6.6 Reflected.XSS HIGH" "wc-captcha No.known.fix Admin+.Stored.XSS LOW" "wp-tradingview No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-google-my-business-auto-publish 3.8 Multiple.CSRF MEDIUM" "wp-google-my-business-auto-publish 3.4 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-google-maps 9.0.41 Cross-Site.Request.Forgery MEDIUM" "wp-google-maps 9.0.39 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-google-maps 9.0.37 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-google-maps 9.0.30 Reflected.Cross-Site.Scripting HIGH" "wp-google-maps 9.0.35 Information.Exposure.to.Potential.Denial.of.Service MEDIUM" "wp-google-maps 9.0.33 Admin+.Stored.Cross-Site.Scripting MEDIUM" "wp-google-maps 9.0.33 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-google-maps 9.0.29 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "wp-google-maps 9.0.28 Unauthenticated.Stored.XSS HIGH" "wp-google-maps 9.0.16 Admin+.Path.Traversal LOW" "wp-google-maps 8.1.13 Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "wp-google-maps 8.1.12 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-google-maps 7.11.35 CSRF.to.Stored.XSS MEDIUM" "wp-google-maps 7.11.28 Admin.Settings.CSRF CRITICAL" "wp-google-maps 7.11.18 Unauthenticated.SQL.Injection MEDIUM" "wp-login-control No.known.fix Reflected.XSS HIGH" "wp-dev-powers-element-selector-jquery-powers No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-responsive-testimonials-slider-and-widget No.known.fix Contributor+.Stored.XSS MEDIUM" "woocommerce-subscriptions 5.8.0 Missing.Authorization MEDIUM" "woocommerce-subscriptions 4.6.0 Subscription.Suspension/Activation.via.CSRF MEDIUM" "woocommerce-subscriptions 4.6.0 Cross-Site.Request.Forgery MEDIUM" "woocommerce-subscriptions 2.6.3 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "woocommerce-subscriptions 3.0.3 CSRF.to.Cancel/Re-Activate.Subscription LOW" "wc4bp 3.4.25 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Settings.Update MEDIUM" "wc4bp 3.4.26 Cross-Site.Request.Forgery.to.Limited.Settings.Update MEDIUM" "wc4bp 3.4.20 Missing.Authorization MEDIUM" "wc4bp 3.4.21 Authenticated.(Subscriber+).PHP.Object.Injection.in.get_simple_request HIGH" "wc4bp 3.4.16 Reflected.Cross-Site.Scripting MEDIUM" "wc4bp 3.4.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wc4bp 3.2.6 Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-datatable 0.2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "wsb-brands 1.2 Admin+.Stored.XSS LOW" "wp-soononline-page No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-time-machine No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-social-broadcast No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "webtexttool 3.6.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "webtexttool 3.6.2 Missing.Authorization MEDIUM" "wp-coupons-and-deals 3.1.19 Reflected.Cross-Site.Scripting MEDIUM" "wp-coupons-and-deals 3.1.12 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-bitly No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "wp-bitly 2.7.3 Missing.Authorization MEDIUM" "wp-bitly 2.7.2 Contributor+.Stored.XSS MEDIUM" "woo-product-category-discount 4.13 Missing.Authorization.via.wpcd_save_discount() MEDIUM" "woo-clover-gateway-by-zaytech 1.3.2 Missing.Authorization.via.callback_handler MEDIUM" "woo-custom-and-sequential-order-number No.known.fix Cross-Site.Request.Forgery MEDIUM" "woocommerce-compare-products No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-compare-products No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "wemail 1.14.6 Reflected.Cross-Site.Scripting MEDIUM" "wemail 1.14.3 Missing.Authorization.to.Notice.Dismissal MEDIUM" "wpdiscuz 7.6.25 Authentication.Bypass CRITICAL" "wpdiscuz 7.6.22 Unauthenticated.HTML.Injection MEDIUM" "wpdiscuz 7.6.19 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpdiscuz 7.6.16 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Uploaded.Image.Alternative.Text MEDIUM" "wpdiscuz 7.6.13 Admin+.Stored.XSS LOW" "wpdiscuz 7.6.12 Cross-Site.Request.Forgery MEDIUM" "wpdiscuz 7.6.12 Unauthenticated.Stored.XSS HIGH" "wpdiscuz 7.6.4 Author+.IDOR LOW" "wpdiscuz 7.6.11 Unauthenticated.Content.Injection MEDIUM" "wpdiscuz 7.6.11 Insufficient.Authorization.to.Comment.Submission.on.Deleted.Posts MEDIUM" "wpdiscuz 7.6.12 Missing.Authorization.in.AJAX.Actions MEDIUM" "wpdiscuz 7.6.6 Unauthenticated.SQL.Injection HIGH" "wpdiscuz 7.6.6 Unauthenticated.SQL.Injection HIGH" "wpdiscuz 7.6.4 Post.Rating.Increase/Decrease.iva.IDOR MEDIUM" "wpdiscuz 7.6.4 Unauthenticated.Data.Modification.via.IDOR MEDIUM" "wpdiscuz 7.5 wpDiscuz.7.4.2.-.Subscriber+.IDOR MEDIUM" "wpdiscuz 7.3.12 Sensitive.Information.Disclosure LOW" "wpdiscuz 7.3.4 Arbitrary.Comment.Addition/Edition/Deletion.via.CSRF MEDIUM" "wpdiscuz 7.3.2 wpDiscuz.<.7.3.2.-.Admin+.Stored.Cross-Site.Scripting LOW" "wpdiscuz 7.0.5 wpDiscuz.7.0.0.-.7.0.4.-.Unauthenticated.Arbitrary.File.Upload CRITICAL" "wpdiscuz 5.3.6 Unauthenticated.SQL.Injection CRITICAL" "wp-visited-countries-reloaded 3.1.1 Reflected.Cross-Site.Scripting HIGH" "widget4call No.known.fix Reflected.XSS HIGH" "widget4call No.known.fix Reflected.XSS HIGH" "wp-calendar No.known.fix Contributor+.Stored.XSS MEDIUM" "woomotiv 3.6.3 Unauthenticated.SQL.Injection HIGH" "woomotiv 3.5.0 Review.Count.Reset.via.CSRF MEDIUM" "woomotiv 3.4.0 Reflected.Cross-Site.Scripting MEDIUM" "wm-options-import-export No.known.fix Unauthenticated.Information.Exposure MEDIUM" "wp-hide-security-enhancer 2.5.2 Missing.Authorization.to.Unauthenticated.Arbitrary.File.Contents.Deletion HIGH" "wp-hide-security-enhancer 1.8 Reflected.Cross-Site.Scripting MEDIUM" "wp-social-seo-booster No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-image-compression No.known.fix Cross-Site.Request.Forgery MEDIUM" "wpeform-lite 1.6.5 Reflected.Cross-Site.Scripting MEDIUM" "wpeform-lite 1.6.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-mis-report No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-pdf-invoices-bulk-download No.known.fix Reflected.Cross-Site.Scripting.via.PHPRelativePath.Library HIGH" "waitlist-woocommerce 2.7.6 Reflected.Cross-Site.Scripting MEDIUM" "waitlist-woocommerce 2.6.1 Missing.Authorization MEDIUM" "waitlist-woocommerce 2.5.3 Settings.Reset.via.CSRF MEDIUM" "waitlist-woocommerce 2.5.1 Various.Versions.CSRF.to.Arbitrary.Options.Update HIGH" "wp-social-links No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-youtube-gallery 2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "wp-edit-username 1.0.6 Admin+.Stored.XSS LOW" "wp-edit-username 1.0.6 Admin+.Stored.XSS LOW" "webling No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wpadverts 2.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpadverts 2.1.8 Reflected.Cross-Site.Scripting MEDIUM" "wpadverts 2.1.7 Unauthenticated.Stored.Cross-Site.Scripting.via.adverts_add.Shortcode HIGH" "wpadverts 2.1.3 Cross-Site.Request.Forgery MEDIUM" "wordpress-signature No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wpsite-follow-us-badges No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpsite-follow-us-badges 3.1.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpsite_follow_us_badges.Shortcode MEDIUM" "wp-contact-form7-email-spam-blocker No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpradio No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "winterlock 1.2.5 Cross-Site.Request.Forgery MEDIUM" "winterlock 1.0.23 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "winterlock 1.0.21 Unauthenticated.Stored.Cross-Site.Scripting CRITICAL" "wp-performance-score-booster 2.1 Settings.Change.via.CSRF MEDIUM" "woocommerce-product-payments 3.5.9 Missing.Authorization MEDIUM" "woocommerce-product-payments 3.2.8 Reflected.XSS HIGH" "woocommerce-product-payments 3.2.7 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-product-payments 3.1.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-service-payment-form-with-authorizenet No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "wp-service-payment-form-with-authorizenet No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-order-export-lite 3.5.6 Unauthenticated.PHP.Object.Injection.via.Order.Details HIGH" "woo-order-export-lite 3.4.5 Shop.Manager+.Remote.Code.Execution CRITICAL" "woo-order-export-lite 3.3.3 Export.Files.via.CSRF MEDIUM" "woo-order-export-lite 3.3.2 Reflected.Cross-Site.Scripting MEDIUM" "woo-order-export-lite 3.1.8 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "woo-order-export-lite 3.1.4 Authenticated.Cross-Site.Scripting.(XSS) LOW" "woo-order-export-lite 1.5.5 CSV.Injection HIGH" "wp-product-feed-manager 2.9.0 Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.Feed.Actions MEDIUM" "wp-product-feed-manager 2.6.0 Authenticated.(Admin+).SQL.Injection.to.Reflected.Cross-Site.Scripting HIGH" "wp-product-feed-manager 2.3.0 Authenticated.(Shop.manager+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-order-address-print No.known.fix Reflected.XSS HIGH" "woo-bulk-edit-products 1.8.3 Reflected.Cross-Site.Scripting MEDIUM" "woo-bulk-edit-products 1.7.13 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-google-street-view 1.1.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-google-street-view 1.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-google-street-view 1.0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpcalc No.known.fix Authenticated.SQL.Injection MEDIUM" "wysija-newsletters 2.8.2 Spam.Vulnerability MEDIUM" "wayne-audio-player No.known.fix Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "wp-insert 2.5.1 Admin+.Stored.XSS MEDIUM" "wp-academic-people No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpc-smart-linked-products 1.3.6 Contributor+.Privilege.Escalation HIGH" "wordpress-mu-secure-invites No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-about-author No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-fixtag No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ws-audio-player No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wpgenealogy No.known.fix Missing.Authorization MEDIUM" "wpgenealogy 0.1.5 Reflected.Cross-Site.Scripting MEDIUM" "wpgenealogy 0.1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-amaps No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-todo No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting.via.Task.Comments MEDIUM" "wp-todo No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-todo No.known.fix Cross-Site.Request.Forgery.via.wptodo_addcomment MEDIUM" "wp-todo No.known.fix Cross-Site.Request.Forgery.via.wptodo_manage() MEDIUM" "wp-todo No.known.fix Cross-Site.Request.Forgery.via.wptodo_settings MEDIUM" "wp-todo No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting.via.Settings MEDIUM" "wp-todo 1.2.9 Contributor+.Stored.XSS MEDIUM" "wetterwarner 2.8 Admin+.Stored.XSS LOW" "wp-hide-admin-bar No.known.fix Cross-Site.Request.Forgery MEDIUM" "wpbenchmark 1.3.7 Cross-Site.Request.Forgery.via.execute_plugin() MEDIUM" "wordpress-seo-premium 11.6 Authenticated.Stored.XSS CRITICAL" "wp-payment-form 4.2.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-payment-form 4.2.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wpshare247-elementor-addons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-post-list-table 1.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-optimize 3.2.13 Cross-Site.Scripting.From.Third-party.Library HIGH" "woo-myghpay-payment-gateway No.known.fix Reflected.Cross-Site.Scripting HIGH" "wp-humanstxt No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "wp-simple-html-sitemap No.known.fix Missing.Authorization MEDIUM" "wp-simple-html-sitemap 3.2 Authenticated.(Admin+).SQL.Injection CRITICAL" "wp-simple-html-sitemap 2.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-simple-html-sitemap 2.8 Missing.Authorization MEDIUM" "wp-simple-html-sitemap 2.3 Reflected.XSS HIGH" "wp-simple-html-sitemap 2.6 Contributor+.Stored.XSS MEDIUM" "wpcf7-redirect 3.0.0 Missing.Authorization MEDIUM" "wpcf7-redirect 2.9.0 Reflected.Cross-Site.Scripting MEDIUM" "wpcf7-redirect 2.6.0 Unauthenticated.Options.Update.to.Stored.XSS HIGH" "wpcf7-redirect 2.5.0 Reflected.Cross-Site.Scripting MEDIUM" "wpcf7-redirect 2.5.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpcf7-redirect 2.3.4 Unprotected.AJAX.Actions MEDIUM" "wpcf7-redirect 2.3.4 Authenticated.Arbitrary.Plugin.Installation MEDIUM" "wpcf7-redirect 2.3.4 Authenticated.Arbitrary.Post.Deletion MEDIUM" "wpcf7-redirect 2.3.4 Unauthenticated.Arbitrary.Nonce.Generation MEDIUM" "wpcf7-redirect 2.3.4 Authenticated.PHP.Object.Injection HIGH" "web-stories-enhancer 1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-perfect-plugin 1.8.6 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-ban-user No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "wp-rss-images No.known.fix Cross-Site.Request.Forgery MEDIUM" "wt-display-breeze 1.2.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.cal_size.Parameter MEDIUM" "wp-less No.known.fix Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "wp-easy-menu No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "woo-address-book 1.6.0 CSRF HIGH" "wpcodefactory-helper 1.7.1 .Reflected.Cross-Site.Scripting MEDIUM" "wpcodefactory-helper 1.5.3 Reflected.Cross-Site.Scripting HIGH" "where-i-was-where-i-will-be No.known.fix Unauthenticated.Remote.File.Inclusion CRITICAL" "woorousell 1.1.1 Contributor+.Stored.XSS MEDIUM" "woorousell 1.0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-private-media No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-private-media No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-private-media No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "wa-sticky-button 1.4.1 Unauthenticated.Arbitrary.Settings.Update.to.Stored.XSS HIGH" "wp-simple-slideshow No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-lister-ebay 2.0.21 jQueryFileTree.-.Unauthenticated.Path.Traversal MEDIUM" "wc1c-main No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-mail-smtp-pro 3.8.1 Unauthenticated.Email.Address.Disclosure MEDIUM" "wp24-domain-check 1.10.15 Reflected.Cross-Site.Scripting MEDIUM" "wp24-domain-check 1.6.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wc-serial-numbers 2.1.1 Missing.Authorization MEDIUM" "wc-serial-numbers 1.6.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "wcp-openweather No.known.fix Cross-Site.Request.Forgery MEDIUM" "wcp-openweather No.known.fix Reflected.XSS HIGH" "woo-direct-checkout-button No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-product-recommendations 2.3.0 CSRF MEDIUM" "wp-clone-by-wp-academy 2.4.7 Unauthenticated.PHP.Object.Injection.via.'recursive_unserialized_replace' HIGH" "wp-clone-by-wp-academy 2.4.6 Missing.Authorization MEDIUM" "wp-clone-by-wp-academy 2.4.4 Subscriber+.Unauthorised.Action.Calls MEDIUM" "wp-clone-by-wp-academy 2.4.3 Unauthenticated.Backup.Download HIGH" "wp-clone-by-wp-academy 2.3.8 Subscriber+.Plugin.Installation MEDIUM" "wp-clone-by-wp-academy 2.3.8 Plugin.Installation.via.CSRF MEDIUM" "wp-easy-contact 3.8 Admin+.Stored.Cross-Site.Scripting LOW" "woocommerce-openpos 7.0.1 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "woocommerce-openpos 7.0.1 Unauthenticated.SQL.Injection HIGH" "woocommerce-openpos 7.0.2 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "wp-website-creator No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-super-minify 1.6 Settings.Update.via.CSRF MEDIUM" "wp-category-posts-list No.known.fix Cross-Site.Request.Forgery.via.gen_set_page MEDIUM" "wp-category-posts-list No.known.fix Contributor+.Stored.XSS MEDIUM" "wxsync 2.8.1 Contributor+.Stored.XSS MEDIUM" "wati-chat-and-notification 1.1.5 Stored.XSS.via.CSRF HIGH" "wp-smart-crm-invoices-free No.known.fix Authenticated.Stored.Cross-Site.Scripting MEDIUM" "wp-inimat No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "widget-or-sidebar-per-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-download-mirror-counter No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "wp-easy-recipe No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpmbytplayer No.known.fix Missing.Authorization MEDIUM" "wp-optin-wheel 1.4.8 Admin+.SSRF MEDIUM" "wp-optin-wheel 1.4.3 Sensitive.Information.Exposure.via.Log.File MEDIUM" "wp-affiliate-platform 6.5.2 Affiliate.Deletion.via.CSRF MEDIUM" "wp-affiliate-platform 6.5.1 Reflected.XSS.via.Banner.Editing HIGH" "wp-affiliate-platform 6.5.1 Reflected.XSS.via.Registration.Form HIGH" "wp-affiliate-platform 6.5.1 Stored.XSS.via.CSRF HIGH" "wp-affiliate-platform 6.5.1 POST.Reflected.XSS MEDIUM" "wp-affiliate-platform 6.5.1 Reflected.XSS.via.Affiliate.Editing HIGH" "wp-affiliate-platform 6.5.1 Reflected.XSS.via.Lead.Editing HIGH" "wp-affiliate-platform 6.5.1 Profile.Update.via.CSRF MEDIUM" "wp-affiliate-platform 6.4.0 Admin+.Stored.XSS LOW" "wp-affiliate-platform 6.4.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-affiliate-platform 6.4.0 Affiliate.Record.Deletion.via.CSRF MEDIUM" "woocommerce-collections 1.7.0 Missing.Authorization.to.Unauthenticated.Arbitrary.Post/Page.Deletion MEDIUM" "woocommerce-collections 1.7.0 Unauthenticated.SQL.Injection CRITICAL" "wp-system No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wpdbspringclean No.known.fix Reflected.XSS HIGH" "wp-colorbox 1.1.5 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wordpress-seo 22.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wordpress-seo 22.6 Reflected.Cross-Site.Scripting MEDIUM" "wordpress-seo 21.1 Authenticated.(Seo.Manager+).Stored.Cross-Site.Scripting MEDIUM" "wordpress-seo 17.3 Unauthenticated.Full.Path.Disclosure NONE" "wordpress-seo 11.6 Authenticated.Stored.XSS CRITICAL" "wordpress-seo 9.2 Authenticated.Race.Condition MEDIUM" "wordpress-seo 5.8 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "wordpress-seo 3.4.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wcs-qr-code-generator No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "w2s-migrate-woo-to-shopify 1.3.0 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Read MEDIUM" "wp-media-library-categories 2.0.1 Admin+.Stored.XSS LOW" "wp-media-library-categories 2.0.0 Admin+.Stored.XSS LOW" "wp-font-awesome-share-icons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "webapp-builder No.known.fix Unauthenticated.File.Upload CRITICAL" "woocommerce-upload-files 84.4 Unauthenticated.Arbitrary.File.Upload CRITICAL" "woocommerce-upload-files 59.4 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wpdtol-database-table-overview-logs 1.1.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-retina-2x 6.4.6 Sensitive.Information.Exposure MEDIUM" "wp-retina-2x 5.2.3 Cross-Site.Scripting.(XSS) MEDIUM" "wp-page-post-widget-clone No.known.fix Missing.Authorization MEDIUM" "wpshopgermany-protectedshops 2.1 Admin+.Stored.XSS LOW" "wpvn-username-changer No.known.fix Cross-Site.Request.Forgery MEDIUM" "wordpress-theme-demo-bar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-donimedia-carousel No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wp-slimstat 5.2.7 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-slimstat 5.1.4 Subscriber+.Stored.XSS HIGH" "wp-slimstat 5.0.10 Contributor+.SQL.Injection MEDIUM" "wp-slimstat 5.0.9 Admin+.Stored.XSS LOW" "wp-slimstat 5.0.10 Contributor+.Stored.XSS MEDIUM" "wp-slimstat 5.0.5 Admin+.SQLi MEDIUM" "wp-slimstat 5.0.5 Reflected.XSS HIGH" "wp-slimstat 4.9.4 Subscriber+.SQL.Injection HIGH" "wp-slimstat 4.9.3.3 Subscriber+.SQL.Injection HIGH" "wp-slimstat 4.9.3 Unauthenticated.Stored.XSS HIGH" "wp-slimstat 4.8.4 CSRF.to.Stored.XSS.and.Setting.Updates MEDIUM" "wp-slimstat 4.8.1 Unauthenticated.Stored.XSS.from.Visitors MEDIUM" "wd-facebook-feed No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wd-facebook-feed 1.2.9 Reflected.XSS MEDIUM" "wd-facebook-feed 1.1.27 Authenticated.SQL.Injection MEDIUM" "webwinkelkeur 3.25 Cross-Site.Request.Forgery MEDIUM" "wp-latest-posts 5.0.8 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "wp-latest-posts 3.7.5 XSS MEDIUM" "woocommerce-shipping-per-product 2.5.5 Missing.Authorization MEDIUM" "woo-order-splitter 5.3.1 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "wc-qr-codes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-check-pincode-zipcode-for-shipping No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "wp-pro-quiz No.known.fix Arbitrary.Quiz.Deletion.via.CSRF MEDIUM" "wp-lister-amazon 0.9.6.36 jQueryFileTree.-.Unauthenticated.Path.Traversal MEDIUM" "wp-showhide 1.05 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-tithely No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "web-testimonials No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-rss-aggregator 4.23.13 Missing.Authorization MEDIUM" "wp-rss-aggregator 4.23.12 Missing.Authorization.to.Authenticated.(Subscriber+).Feed.State.Update MEDIUM" "wp-rss-aggregator 4.23.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-rss-aggregator 4.23.6 Authenticated.(Admin+).Server-Side.Request.Forgery.via.RSS.Feed.Source LOW" "wp-rss-aggregator 4.23.5 Admin+.Stored.XSS MEDIUM" "wp-rss-aggregator 4.20 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-rss-aggregator 4.19.3 Subscriber+.Stored.Cross-Site.Scripting HIGH" "wp-rss-aggregator 4.19.2 Admin+.Stored.Cross-Site.Scripting LOW" "wd-google-maps No.known.fix Authenticated.(Administrator+).SQL.Injection CRITICAL" "wd-google-maps 1.0.74 Missing.Authorization.to.Notice.Dismissal MEDIUM" "wd-google-maps 1.0.74 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "wd-google-maps 1.0.73 Unauthenticated.SQLi HIGH" "wd-google-maps 1.0.72 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wd-google-maps 1.0.70 Authenticated.Stored.XSS MEDIUM" "wp-pagebuilder No.known.fix Admin+.Stored.Cross-Site LOW" "wp-pagebuilder 1.2.7 Author+.Stored.XSS MEDIUM" "wp-pagebuilder 1.2.4 Multiple.Stored.Cross-Site.scripting.(XSS) MEDIUM" "wp-pagebuilder 1.2.4 Insecure.default.configuration.Allows.Subscribers.Editing.Access.to.Posts MEDIUM" "wp-embed-facebook No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-embed-facebook 3.1.2 Contributor+.Stored.XSS.via.shortcode MEDIUM" "wp-ban 1.69.1 Admin+.Stored.XSS LOW" "wonderm00ns-simple-facebook-open-graph-tags 2.2.4.2 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "wp2android-turn-wp-site-into-android-app No.known.fix Unauthenticated.File.Upload CRITICAL" "wcp-contact-form No.known.fix Reflected.XSS HIGH" "wp-gpx-maps No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sgpx.Shortcode MEDIUM" "wp-gpx-maps 1.7.06 Missing.Authorization MEDIUM" "wpeventticketing No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wrapper-link-elementor 1.0.5 Injected.Backdoor CRITICAL" "woo-variation-swatches 1.0.62 Reflected.XSS MEDIUM" "wp-krpano No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woo-total-sales No.known.fix Missing.Authorization.to.Unauthenticated.Sales.Report.Retrieval MEDIUM" "wp-socializer 7.3 Admin+.Stored.Cross-Site.Scripting LOW" "wp-page-duplicator No.known.fix Missing.Authorization.to.Unauthenticated.Post/Page.Duplication MEDIUM" "wp-photo-album-plus 8.9.01.001 Unauthenticated.Arbitrary.Shortcode.Execution.via.getshortcodedrenderedfenodelay HIGH" "wp-photo-album-plus 8.8.07.004 Reflected.Cross-Site.Scripting MEDIUM" "wp-photo-album-plus 8.8.02.003 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wp-photo-album-plus 8.8.00.003 Reflected.Cross-Site.Scripting MEDIUM" "wp-photo-album-plus 8.7.00.004 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "wp-photo-album-plus 8.7.01.002 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-photo-album-plus 8.6.03.005 Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "wp-photo-album-plus 8.6.01.003 Insecure.Direct.Object.Reference MEDIUM" "wp-photo-album-plus 8.6.01.005 .Cross-Site.Scripting MEDIUM" "wp-photo-album-plus 8.6.01.005 IP.Spoofing MEDIUM" "wp-photo-album-plus 8.0.10 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-staging-pro 6.1.3 Unauthenticated.Information.Exposure.via.getOutdatedPluginsRequest.Function MEDIUM" "wp-staging-pro 5.6.1 Backup.Duplicator.&.Migration.<.5.6.1.-.Cross-Site.Request.Forgery.to.Limited.Local.File.Inclusion HIGH" "wp-staging-pro 5.5.0 Sensitive.Information.Exposure.via.Log.File MEDIUM" "wp-staging-pro 5.4.0 Admin+.Stored.XSS LOW" "wp-staging-pro 5.1.3 Unauthenticated.Backup.Download HIGH" "wp-notification-bell 1.3.13 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-badge-designer-lite 1.1.1 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wp-testimonials No.known.fix Authenticated.SQL.Injection HIGH" "wp-admin-notification-center 2.3.3 Settings.Update.via.CSRF MEDIUM" "wp-downgrade 1.2.3 Admin+.Stored.Cross-Site.Scripting LOW" "wp-scheduled-posts 5.1.4 Unauthenticated.Full.Path.Disclosure MEDIUM" "wp-scheduled-posts 5.0.9 Missing.Authorization MEDIUM" "wp-scheduled-posts 5.0.5 Contributor+.Arbitrary.Post.Update/Deletion LOW" "wp-anything-slider 9.2 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "wp-widget-bundle No.known.fix Unauthencated.Reflected.XSS MEDIUM" "wp-widget-bundle No.known.fix Widget.Disable/Enable.via.CSRF MEDIUM" "wp-widget-bundle No.known.fix Admin+.Stored.XSS LOW" "wp-post-page-clone 1.2 Unauthorised.Post.Access MEDIUM" "wp-post-page-clone 1.1 SQL.Injections.due.to.Duplicated.Snippets HIGH" "wats 1.0.64 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "wot-elementor-widgets No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-announcements No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-marketing-automations 3.5.2 Open.Redirect HIGH" "wp-marketing-automations 3.5.2 Unauthenticated.SQL.Injection.via.'automationId' HIGH" "wp-marketing-automations 3.3.0 Unauthenticated.SQLi HIGH" "wp-marketing-automations 3.2.0 Authenticated.(Administrator+).SQL.Injection MEDIUM" "wp-marketing-automations 2.8.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-marketing-automations 2.7.0 Authenticated(Administrator+).SQL.Injection MEDIUM" "wp-marketing-automations 2.1.2 Subscriber+.Automation.Creation MEDIUM" "wp-database-admin No.known.fix Unauthenticated.SQL.Injection HIGH" "wp-dummy-content-generator 3.3.0 Unauthenticated.Code.Injection CRITICAL" "wp-dummy-content-generator 3.1.3 Missing.Authorization MEDIUM" "wp-dummy-content-generator 3.0.0 Cross-Site.Request.Forgery MEDIUM" "woocommerce-customers-manager 31.4 Missing.Authorization.to.Authenticated.(Subscriber+).Privilege.Escalation HIGH" "woocommerce-customers-manager 30.1 User.Deletion.via.CSRF LOW" "woocommerce-customers-manager 30.2 Subscriber+.Stored.XSS HIGH" "woocommerce-customers-manager 30.1 Bulk.Action.via.CSRF MEDIUM" "woocommerce-customers-manager 29.8 Reflected.XSS HIGH" "woocommerce-customers-manager 29.8 Subscriber+.Email.Disclosure MEDIUM" "woocommerce-customers-manager 29.7 Subscriber+.SQL.Injection HIGH" "woocommerce-customers-manager 26.6 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "woocommerce-customers-manager 26.6 Arbitrary.Account.Creation/Update.via.CSRF HIGH" "woocommerce-customers-manager 26.5 Arbitrary.Account.Creation/Update.by.Low.Privilege.Users HIGH" "wp-edit-menu 1.5.0 Unauthenticated.Arbitrary.Post.Deletion HIGH" "wp-edit-menu No.known.fix Arbitrary.Post.Deletion.via.CSRF MEDIUM" "wp-date-and-time-shortcode 2.6.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-planification No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "woocommerce-multiple-free-gift No.known.fix Insufficient.Server-Side.Validation.to.Arbitrary.Gift.Adding MEDIUM" "wp-popups-lite 2.2.0.2 Unauthenticated.Full.Path.Disclosure MEDIUM" "wp-popups-lite 2.1.5.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-popups-lite 2.1.5.1 Contributor+.Stored.XSS MEDIUM" "wp-popups-lite 2.1.4.9 Contributor+.Stored.XSS MEDIUM" "wp-popups-lite 2.1.4.8 Contributor+.Stored.XSS MEDIUM" "woocommerce-eu-vat-assistant 2.1.2.230718 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-eu-vat-assistant 2.0.28.220224 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wizshop No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "woocommerce-menu-extension No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-backup-manager No.known.fix Reflected.XSS HIGH" "wp-sponsors No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-sponsors No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-mmenu-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-dynamic-keywords-injector 2.3.22 Reflected.Cross-Site.Scripting MEDIUM" "wp-dynamic-keywords-injector 2.3.16 Settings.Update.via.CSRF MEDIUM" "wumii-related-posts No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "woorocks-magic-content-for-siteorigins-pagebuilder No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woorocks-magic-content-for-siteorigins-pagebuilder No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "wc-fields-factory 4.1.7 ShopManager+.SQLi MEDIUM" "wpfilesearch No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-identicon No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-intro-js-tours No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wedesin-html-sitemap No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wedesin-html-sitemap No.known.fix Reflected.Cross-Site.Scripting.via.'channel' MEDIUM" "wp-browser-update 4.6 Admin+.Stored.XSS LOW" "wp-browser-update 4.5 Settings.Update.via.CSRF MEDIUM" "whizz 1.1.1 Cross-Site.Request.Forgery.(CSRF) HIGH" "whizz 1.0.8 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wr-age-verification No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "wr-age-verification No.known.fix Unauthenticated.SQL.Injection HIGH" "wr-age-verification 2.0.0 Reflected.Cross-Site.Scripting.(XSS) HIGH" "wtyczka-seopilot-dla-wp No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-live-chat-support 8.2.0 Authenticated.Stored.Cross-Site.Scripting LOW" "wp-live-chat-support 8.0.33 Missing.Permission.Checks.on.some.REST.API.Calls CRITICAL" "wp-live-chat-support 8.0.27 Unauthenticated.Stored.XSS MEDIUM" "wp-live-chat-support 8.0.18 Cross-Site.Scripting.(XSS) MEDIUM" "wp-live-chat-support 8.0.08 Cross-Site.Scripting.(XSS) MEDIUM" "wp-live-chat-support 8.0.06 Unauthenticated.Stored.XSS MEDIUM" "wp-live-chat-support 7.1.05 Cross-Site.Scripting.(XSS) MEDIUM" "wp-live-chat-support 1.7.03 XSS MEDIUM" "wp-live-chat-support 7.0.07 Cross-Site.Scripting.(XSS) MEDIUM" "wp-live-chat-support 6.2.04 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-live-chat-support 6.2.02 Stored.Cross-Site.Scripting MEDIUM" "wp-home-page-menu 3.1 Admin+.Stored.Cross-Site.Scripting LOW" "wpdash-notes No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "woo-add-to-cart-text-change 2.1 Add.to.cart.Text.Update.via.CSRF MEDIUM" "wp-leads-builder-any-crm 3.1 Authenticated.(Contributor+).SQL.Injection MEDIUM" "wp-site-protector No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-subscribe 1.2.13 Admin+.Stored.Cross-Site.Scripting LOW" "wp-cerber 9.5 IP.Protection.Bypass MEDIUM" "wp-cerber 9.2 Unauthenticated.Stored.XSS HIGH" "wp-cerber 9.3.3 User.Enumeration.Bypass.via.Rest.API LOW" "wp-cerber 9.1 Username.Enumeration.Bypass MEDIUM" "wp-cerber 8.9.6 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-cerber 8.9.3 Rest-API.Protection.Bypass MEDIUM" "wp-cerber 8.9.3 2FA.Authentication.Bypass MEDIUM" "wp-cerber 2.7 Unauthenticated.Stored.XSS MEDIUM" "woo-nmi-three-step No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-nmi-three-step No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-nmi-three-step No.known.fix CSRF.Bypass MEDIUM" "woo-vietnam-checkout 2.0.8 Authenticated.(Shop.manager+).Stored.Cross-Site.Scripting MEDIUM" "woo-vietnam-checkout 2.0.8 Admin+.Stored.Cross-Site.Scripting MEDIUM" "woo-vietnam-checkout 2.0.6 Unauthenticated.Stored.XSS HIGH" "woo-vietnam-checkout 2.0.5 Reflected.XSS HIGH" "w-dalil No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "wp2speed No.known.fix Unauthenticated.Information.Exposure MEDIUM" "wp2speed No.known.fix Improper.Authorization.due.to.use.of.Hardcoded.Credentials MEDIUM" "wcc-seo-keyword-research No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wcc-seo-keyword-research No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpgenious-job-listing No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "woo-preview-emails 2.2.2 Reflected.Cross-Site.Scripting MEDIUM" "woo-preview-emails 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "wpvr 8.5.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpvr 8.5.6 Missing.Authorization MEDIUM" "wpvr 8.5.5 Missing.Authorization MEDIUM" "wpvr 8.3.15 Unauthenticated.Plugin.Downgrade.leading.to.XSS HIGH" "wpvr 8.3.5 Reflected.XSS HIGH" "wpvr 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "wpvr 8.3.0 Subscriber+.Arbitrary.Tour.Update MEDIUM" "wpvr 8.2.9 Reflected.XSS HIGH" "wpvr 8.2.8 Subscriber+.Settings.Update MEDIUM" "wpvr 8.2.7 Contributor+.Stored.XSS MEDIUM" "wp-migrate-2-aws 5.2.2 Reflected.Cross-Site.Scripting MEDIUM" "wp-spid-italia 2.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-spid-italia 2.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-spid-italia 2.3.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-user-profile-avatar 1.0.6 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "wp-user-profile-avatar 1.0.2 Contributor+.Stored.XSS MEDIUM" "wp-user-profile-avatar 1.0.1 Author+.Avatar.Deletion/Update.via.IDOR LOW" "wp-user-profile-avatar 1.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wc-rest-payment No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wc-rest-payment No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-duplicate-page 1.3 Admin+.Stored.Cross.Site.Scripting LOW" "wp-ada-compliance-check-basic 3.1.4 Cross-Site.Request.Forgery MEDIUM" "wp-simple-sitemap No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wordpress-gallery No.known.fix "load".Remote.File.Inclusion CRITICAL" "wp-gallery-exporter No.known.fix Authenticated.(Administrator+).Arbitrary.File.Download LOW" "wpsection 1.3.9 Authenticated.(Contributor+).Local.File.Inlcusion HIGH" "wbcom-designs-buddypress-ads 1.3.1 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "wp-table-pixie 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "woo-fiscalita-italiana No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-fiscalita-italiana 1.3.23 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-html-sitemap No.known.fix wp-html-sitemap.html.Sitemap.Deletion.CSRF MEDIUM" "wp-hosting-performance-check No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-extra-flat-rate 4.2.0 Reflected.Cross-Site.Scripting MEDIUM" "woo-extra-flat-rate 4.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-nested-pages 3.2.13 Contributor+.Stored.XSS MEDIUM" "wp-nested-pages 3.2.10 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-nested-pages 3.2.9 Editor+.Stored.XSS LOW" "wp-nested-pages 3.2.8 Cross-Site.Request.Forgery.to.Local.File.Inclusion HIGH" "wp-nested-pages 3.2.7 Admin+.Stored.XSS LOW" "wp-nested-pages 3.2.4 Editor+.Plugin.Settings.Reset LOW" "wp-nested-pages 3.1.21 Admin+.Stored.Cross.Site.Scripting LOW" "wp-nested-pages 3.1.16 Open.Redirect MEDIUM" "wp-nested-pages 3.1.16 CSRF.to.Arbitrary.Post.Deletion.and.Modification HIGH" "wp-vr-view No.known.fix Outdated.VRView.Library.Used,.Leading.to.Reflected.XSS HIGH" "woo-tools 1.2.10 Missing.Authorization.to.Authenticated.(Subscriber+)..Plugin.Module.Deactivation MEDIUM" "who-hit-the-page-hit-counter No.known.fix Authenticated.(Administrator+).SQL.Injection HIGH" "who-hit-the-page-hit-counter No.known.fix CSRF MEDIUM" "who-hit-the-page-hit-counter No.known.fix Hit.Counter.<=.1.4.14.3.-.Reflected.XSS HIGH" "wp-maintenance 6.1.9.3 IP.Spoofing.to.Maintenance.Mode.Bypass MEDIUM" "wp-maintenance 6.1.7 Information.Exposure MEDIUM" "wp-maintenance 6.1.4 IP.Restriction.Bypass MEDIUM" "wp-maintenance 6.0.8 Admin+.Stored.Cross-Site.Scripting LOW" "wp-maintenance 6.0.6 Admin+.Stored.Cross-Site.Scripting LOW" "wp-maintenance 5.0.7 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting HIGH" "wp-base-booking-of-appointments-services-and-events 5.0.0 Reflected.XSS HIGH" "wp-base-booking-of-appointments-services-and-events 5.1.0 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-base-booking-of-appointments-services-and-events 5.0.0 Missing.Authorization.to.Authenticated.(Subscriber+).Sensitive.Information.Exposure.via.app_export_db MEDIUM" "wp-base-booking-of-appointments-services-and-events 4.9.2 Reflected.Cross-Site.Scripting.via.status.Parameter MEDIUM" "wp-clone-any-post-type No.known.fix Missing.Authorization MEDIUM" "wp-clone-any-post-type No.known.fix Open.Redirect MEDIUM" "woo-oscommerce-sync No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "wp-scraper 5.8.1 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "wp-scraper 5.8 Missing.Authorization.to.Arbitrary.Page/Post.Creation MEDIUM" "wp-fusion-lite 3.43.0 Information.Exposure MEDIUM" "wp-fusion-lite 3.42.10 Authenticated.(Contributor+).Remote.Code.Execution HIGH" "wp-fusion-lite 3.37.31 Reflected.Cross-Site.Scripting.(XSS) HIGH" "wp-fusion-lite 3.37.30 CSRF.to.Data.Deletion MEDIUM" "wp-fusion-lite 3.37.30 Reflected.Cross-Site.Scripting.(XSS) HIGH" "wti-like-post No.known.fix IP.Spoofing MEDIUM" "wti-like-post 1.4.6 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "wti-like-post 1.4.3 Unauthenticated.Blind.SQL.Injection CRITICAL" "wp2wb No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-projects-portfolio No.known.fix Stored.XSS.via.CSRF HIGH" "wp-projects-portfolio No.known.fix Reflected.XSS HIGH" "wp-opt-in No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "wordpress-popup 7.8.6 Missing.Authorization.to.Unauthorized.Form.Submission MEDIUM" "wordpress-popup 7.8.6 Missing.Authorization.to.Unpublished.Form.Exposure MEDIUM" "wordpress-popup 7.8.5 Admin+.Stored.XSS LOW" "wordpress-popup 6.0.8.1 Unauthenticated.CSV.Injection HIGH" "wedocs 2.1.5 Missing.Authorization MEDIUM" "widget-twitter No.known.fix Contributor+.SQLi MEDIUM" "wp-profitshare No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-profitshare No.known.fix Authenticated.(Editor+).SQL.Injection MEDIUM" "woocommerce-box-office 1.2.3 Missing.Authorization MEDIUM" "woocommerce-box-office 1.1.52 Unauthenticated.Ticket.Barcode.Update MEDIUM" "woocommerce-box-office 1.1.51 Contributor+.Stored.XSS MEDIUM" "wpqa 6.1.1 Contributor+.Stored.XSS MEDIUM" "wpqa 6.1.1 Arbitrary.Category.and.Tag.Follow/Unfollow.via.CSRF MEDIUM" "wpqa 5.9.3 Missing.validation.lead.to.functionality.abuse LOW" "wpqa 5.9 Follow/Unfollow.via.CSRF MEDIUM" "wpqa 5.7 Subscriber+.Private.Message.Disclosure.via.IDOR MEDIUM" "wpqa 5.5 Unauthenticated.Private.Message.Disclosure MEDIUM" "wpqa 5.4 Reflected.Cross-Site.Scripting MEDIUM" "wpqa 5.2 Subscriber+.Private.Message.Disclosure.via.IDOR MEDIUM" "wpqa 5.2 Subscriber+.Stored.Cross-Site.Scripting.via.Profile.fields MEDIUM" "wpqa 5.2 Subscriber+.Arbitrary.Profile.Picture.Deletion.via.IDOR MEDIUM" "wp-event-aggregator 1.8.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-event-aggregator 1.8.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-event-aggregator 1.7.7 Cross-Site.Request.Forgery.via.wpea_deauthorize_user() MEDIUM" "web-disrupt-funnelmentals No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "web-disrupt-funnelmentals No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "web-disrupt-funnelmentals No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-database-backup 7.4 Unauthenticated.Database.Back-Up.Exposure HIGH" "wp-database-backup 5.9 Admin+.Stored.Cross-Site.Scripting LOW" "wp-database-backup 5.2 Unauthenticated.OS.Command.Injection MEDIUM" "wp-database-backup 5.1.2 XSS HIGH" "wp-database-backup 4.3.6 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wp-file-upload 4.25.3 Cross-Site.Request.Forgery.in.wfu_file_details MEDIUM" "wp-file-upload 4.24.14 Unuathenticated.Remote.Code.Execution CRITICAL" "wp-file-upload 4.25.0 Unauthenticated.Remote.Code.Execution,.Arbitrary.File.Read,.and.Arbitrary.File.Deletion CRITICAL" "wp-file-upload 4.24.14 Unauthenticated.Path.Traversal.to.Arbitrary.File.Read.in.wfu_file_downloader.php HIGH" "wp-file-upload 4.25.0 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Path.Traversal MEDIUM" "wp-file-upload 4.24.12 Unauthenticated.Path.Traversal.to.Arbitrary.File.Read.and.Deletion.in.wfu_file_downloader.php CRITICAL" "wp-file-upload 4.24.9 Unauthenticated.Stored.Cross-Site.Scripting.via.SVG.File.Upload HIGH" "wp-file-upload 4.24.8 Missing.Authorization MEDIUM" "wp-file-upload 4.24.8 Unauthenticated.Stored.XSS HIGH" "wp-file-upload 4.24.8 Reflected.XSS HIGH" "wp-file-upload 4.24.8 Authenticated.(Contributor+).Directory.Traversal MEDIUM" "wp-file-upload 4.24.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-file-upload 4.24.1 Cross-Site.Request.Forgery MEDIUM" "wp-file-upload 4.23.3 Author+.Stored.Cross-Site.Scripting LOW" "wp-file-upload 4.19.2 Admin+.Stored.Cross-Site.Scripting MEDIUM" "wp-file-upload 4.19.2 Admin+.Path.Traversal MEDIUM" "wp-file-upload 4.16.3 Contributor+.Path.Traversal.to.RCE CRITICAL" "wp-file-upload 4.16.3 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-file-upload 4.16.3 Contributor+.Stored.Cross-Site.Scripting.via.Malicious.SVG MEDIUM" "wp-file-upload 4.13.0 Directory.Traversal.to.RCE CRITICAL" "wp-file-upload 4.3.4 Cross-Site.Scripting.(XSS) MEDIUM" "wp-file-upload 4.3.3 Security.Issue.in.Shortcodes MEDIUM" "wp-file-upload 3.9.0 Insufficient.File.Extension.Blacklisting HIGH" "wp-file-upload 3.4.1 Unauthenticated.Malicious.File.Upload HIGH" "wp-file-upload 3.0.0 Multiple.Vulnerabilities HIGH" "wp-file-upload 2.7.1 JS.File.Upload HIGH" "wc-return-warrranty No.known.fix Reflected.Cross-Site.Scripting HIGH" "wp-news-sliders No.known.fix Missing.Authorization MEDIUM" "woo-quick-cart-for-multiple-variations No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-quick-cart-for-multiple-variations No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-store-locator-extenders 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-store-locator-extenders 1.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpsimpletools-upload-limit No.known.fix Reflected.XSS HIGH" "wooswipe 3.0.0 Subscriber+.Settings.Update MEDIUM" "wadi-survey No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wadi-survey No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wonder-fontawesome No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "woocommerce 9.7.1 Shop.Manager+.Stored.XSS.via.New.Product.Form MEDIUM" "woocommerce 9.4.3 Reflected.XSS HIGH" "woocommerce 9.4.3 Unauthenticated.Order.Creation MEDIUM" "woocommerce 9.1.0 Unauthenticated.HTML.Injection MEDIUM" "woocommerce 9.2 Contributor+.Stored.XSS MEDIUM" "woocommerce 9.1.4 Stored.XSS LOW" "woocommerce 9.0.0 Shop.Manager+.Content.Injection LOW" "woocommerce 8.9.3 8.9.2.-.Reflected.XSS HIGH" "woocommerce 8.6.0 Cross-Site.Request.Forgery MEDIUM" "woocommerce 8.6 Contributor+.Private/Draft.Products.Access LOW" "woocommerce 8.4.0 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce 8.3.0 Cross-Site.Request.Forgery MEDIUM" "woocommerce 8.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Featured.Image.alt.Attribute MEDIUM" "woocommerce 7.9 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "woocommerce 7.9.0 Sensitive.Information.Exposure MEDIUM" "woocommerce 7.0.1 Authenticated(Shop.Manager+).Sensitive.Information.Exposure MEDIUM" "woocommerce 8.1.1 Shop.Manager+.User.Metadata.Disclosure MEDIUM" "woocommerce 6.6.0 Admin+.Stored.HTML.Injection LOW" "woocommerce 6.3.1 Orders.Marked.as.Paid.(via.PayPal.Standard.Gateway) LOW" "woocommerce 6.2.1 Path.Traversal.via.Importers MEDIUM" "woocommerce 6.2.1 Subscriber+.Arbitrary.Comment.Deletion MEDIUM" "woocommerce 5.7.0 Analytics.Report.Leaks MEDIUM" "woocommerce 5.5.1 Authenticated.Blind.SQL.Injection HIGH" "woocommerce 5.2.0 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "woocommerce 4.7.0 Arbitrary.Order.Status.Disclosure.via.IDOR MEDIUM" "woocommerce 4.6.2 Guest.Account.Creation MEDIUM" "woocommerce 4.2.1 Potential.Cross-Site.Scripting.(XSS).via.SelectWoo MEDIUM" "woocommerce 4.1.0 Unescaped.Metadata.when.Duplicating.Products LOW" "woocommerce 3.6.5 Cross-Site.Request.Forgery.(CSRF).&.File.Type.Check MEDIUM" "woocommerce 3.5.5 Stored.Cross-Site.Scripting.(XSS) HIGH" "woocommerce 3.5.1 Authenticated.Stored.XSS HIGH" "woocommerce 3.4.6 Authenticated.Phar.Deserialization MEDIUM" "woocommerce 3.4.6 Authenticated.Stored.XSS MEDIUM" "wp-attachment-export 0.2.4 Unauthenticated.Posts.Download HIGH" "woocommerce-germanized 3.9.5 Reflected.Cross-Site.Scripting MEDIUM" "wc-frontend-manager 6.7.13 Insecure.Direct.Object.Reference.to.Account.Takeover/Privilege.Escalation HIGH" "wc-frontend-manager 6.7.9 Authenticated.(Shop.manager+).Stored.Cross-Site.Scripting MEDIUM" "wc-frontend-manager 6.6.0 Multiple.CSRF MEDIUM" "wc-frontend-manager 6.6.1 Subscriber+.Unauthorised.AJAX.Calls MEDIUM" "wc-frontend-manager 6.5.12 Frontend.Manager.for.WooCommerce.<.6.5.12.-.Customer/Subscriber+.SQL.Injection HIGH" "wpex-replace No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpsyncsheets-woocommerce 1.9 Missing.Authorization MEDIUM" "wordlive-livecall-addon-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wordpress-country-selector 1.6.6 Reflected.Cross-Site.Scripting MEDIUM" "wp-zillow-review-slider 2.4 Admin+.Stored.Cross-Site.Scripting LOW" "wp-background-tile No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "woosaleskit-bar No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "wp-mathjax-plus No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-payeezy-pay 2.98 Local.File.Inclusion CRITICAL" "wp-all-export-pro 1.9.2 Authenticated.(ShopManager+).Arbtirary.Options.Update MEDIUM" "wp-all-export-pro 1.9.2 Unauthenticated.Remote.Code.Execution.via.Custom.Export.Fields HIGH" "wp-all-export-pro 1.8.6 Author+.PHAR.Deserialization.via.CSRF HIGH" "wp-all-export-pro 1.8.6 Admin+.RCE MEDIUM" "wp-all-export-pro 1.8.6 Remote.Code.Execution.via.CSRF CRITICAL" "wp-all-export-pro 1.7.9 Authenticated.Code.Injection CRITICAL" "wp-all-export-pro 1.7.9 Authenticated.SQLi MEDIUM" "webba-booking-lite 5.0.50 Missing.Authorization.to.Authenticated.(Subscriber+).CSS.Settings.Update MEDIUM" "webba-booking-lite 5.0 Cross-Site.Request.Forgery MEDIUM" "webba-booking-lite 4.5.31 Reflected.Cross-Site.Scripting MEDIUM" "webba-booking-lite 4.2.22 Admin+.Stored.Cross-Site.Scripting LOW" "webba-booking-lite 4.2.18 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "xili-language 2.21.3 Reflected.Cross-Site.Scripting MEDIUM" "xpd-reduce-image-filesize No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "xpert-tab No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "xt-woo-points-rewards 1.6.6 Reflected.Cross-Site.Scripting MEDIUM" "xt-woo-points-rewards 1.4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "xili-dictionary 2.12.5.1 Reflected.Cross-Site.Scripting MEDIUM" "xt-woo-variation-swatches 1.8.8 Reflected.Cross-Site.Scripting MEDIUM" "xt-woo-variation-swatches 1.8.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "xtremelocator No.known.fix Xtreme.Locator.Dealer.Locator.Plugin.1,5.–.Authenticated.SQL.Injection HIGH" "xv-random-quotes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "xv-random-quotes No.known.fix Unauthenticated.SQL.Injection HIGH" "xv-random-quotes No.known.fix Reflected.XSS HIGH" "xv-random-quotes No.known.fix Settings.Reset.via.CSRF MEDIUM" "xt-woo-quick-view-lite 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "xt-woo-quick-view-lite 1.9.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "xcloner-backup-and-restore 4.7.4 Unauthenticated.Full.Path.Disclosure MEDIUM" "xcloner-backup-and-restore 4.3.6 Plugin.Settings.Reset MEDIUM" "xcloner-backup-and-restore 4.2.153 Cross-Site.Request.Forgery CRITICAL" "xcloner-backup-and-restore 4.2.13 4.2.12.-.Unprotected.AJAX.Action CRITICAL" "xcloner-backup-and-restore 3.1.5 Backup.and.Restore.<.3.1.5.-.Authenticated.Path.Traversal MEDIUM" "xcloner-backup-and-restore 3.1.3 Backup.and.Restore.3.1.2.-.XSS.&.Command.Execution MEDIUM" "xcloner-backup-and-restore 3.1.2 Backup.and.Restore.<.3.1.2.-.Multiple.Vulnerabilities.(RCE.&.LFI) HIGH" "xcloner-backup-and-restore 3.1.1 Backup.and.Restore.<.3.1.1.-.Multiple.Actions.CSRF HIGH" "xpro-elementor-addons 1.4.11 Contributor+.Stored.XSS MEDIUM" "xpro-elementor-addons 1.4.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'Site.Title'.widget MEDIUM" "xpro-elementor-addons 1.4.6.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "xpro-elementor-addons 1.4.6.3 Authenticated.(Contributor+).Post.Disclosure.via.Post.Duplication MEDIUM" "xpro-elementor-addons 1.4.6.6 Contributor+.Stored.XSS MEDIUM" "xpro-elementor-addons 1.4.6.1 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Elementor.Template MEDIUM" "xpro-elementor-addons 1.4.4.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.Grid.Widget MEDIUM" "xpro-elementor-addons 1.4.4.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "xpro-elementor-addons 1.4.3.2 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "xpro-elementor-addons 1.4.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "xpro-elementor-addons 1.4.3.1 Authenticated.(Admin+).Cross.Site.Scripting MEDIUM" "xpro-elementor-addons 1.4.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "xqueue-maileon 2.16.1 Admin+.Stored.XSS LOW" "xserver-typesquare-webfonts 2.0.8 Missing.Authorization.via.typesquare_admin_init() MEDIUM" "x-forms-express No.known.fix Stored.Cross-Site.Scripting.(XSS) MEDIUM" "xola-bookings-for-tours-activities No.known.fix Missing.Authorization MEDIUM" "xo-security 1.5.3 XSS MEDIUM" "xl-tab 1.5 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "xl-tab 1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "xpro-theme-builder 1.2.8.5 Missing.Authorization MEDIUM" "xlsx-viewer No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "xo-liteslider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "xo-liteslider 3.3.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "xili-tidy-tags 1.12.05 Reflected.Cross-Site.Scripting MEDIUM" "xili-tidy-tags 1.12.04 Cross-Site.Request.Forgery MEDIUM" "xc-woo-google-cloud-print No.known.fix Insecure.Direct.Object.Reference.to.Authenticated.(Subscriber+).Order.Information.Disclosure MEDIUM" "xorbin-digital-flash-clock No.known.fix Flash-based.XSS MEDIUM" "xllentech-english-islamic-calendar 2.6.8 Authenticated.SQL.Injection MEDIUM" "xagio-seo 7.0.0.21 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "xforwoocommerce No.known.fix Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "xforwoocommerce 1.7.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "xserver-migrator 1.6.2.1 Arbitrary.File.Upload.via.CSRF HIGH" "xo-event-calendar 2.3.7 Reflected.Cross-Site.Scripting HIGH" "xt-woo-ajax-add-to-cart 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "xt-woo-ajax-add-to-cart 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "xt-woo-ajax-add-to-cart 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "xpinner-lite No.known.fix Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "xml-for-google-merchant-center 3.0.12 Reflected.Cross-Site.Scripting MEDIUM" "xml-for-google-merchant-center 3.0.2 Reflected.XSS HIGH" "xatkit-chatbot-connector 2.1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "xpresslane-integration-for-woocommerce No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "xml-multilanguage-sitemap-generator No.known.fix Missing.Authorization MEDIUM" "xorbin-analog-flash-clock No.known.fix Flash-based.XSS MEDIUM" "xml-for-avito 2.5.3 Reflected.Cross-Site.Scripting MEDIUM" "xtra-settings No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "xelion-webchat 9.2.0 Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "xelion-webchat 9.2.0 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "xml-sitemap-feed 5.4.9 Unauthenticated.Local.File.Inclusion HIGH" "xml-sitemaps-for-videos No.known.fix CSRF MEDIUM" "xpro-elementor-addons-pro 1.4.10 Pro.<.1.4.10.-.Authenticated.(Contributor+).Remote.Code.Execution HIGH" "yabp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "yml-for-yandex-market 4.7.3 Reflected.Cross-Site.Scripting MEDIUM" "yml-for-yandex-market 4.2.4 Reflected.Cross-Site.Scripting MEDIUM" "yml-for-yandex-market 3.10.8 Reflected.XSS HIGH" "yikes-inc-easy-mailchimp-extender No.known.fix Missing.Authorization MEDIUM" "yikes-inc-easy-mailchimp-extender No.known.fix Sensitive.Information.Exposure.via.logfile HIGH" "yikes-inc-easy-mailchimp-extender 6.9.0 Admin+.Stored.Cross-Site.Scripting LOW" "yikes-inc-easy-mailchimp-extender 6.8.9 Reflected.XSS MEDIUM" "yikes-inc-easy-mailchimp-extender 6.8.8 Reflected.XSS HIGH" "yikes-inc-easy-mailchimp-extender 6.8.7 Contributor+.Stored.XSS MEDIUM" "yikes-inc-easy-mailchimp-extender 6.8.9 Admin+.Stored.XSS LOW" "yikes-inc-easy-mailchimp-extender 6.8.6 Reflected.Cross-Site.Scripting MEDIUM" "yikes-inc-easy-mailchimp-extender 6.6.3 Authenticated.Cross-Site.Scripting.(XSS) CRITICAL" "youmax-channel-embeds-for-youtube-businesses No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "youmax-channel-embeds-for-youtube-businesses No.known.fix Cross-Site.Request.Forgery MEDIUM" "yayextra 1.5.3 Missing.Authorization MEDIUM" "yayextra 1.3.8 Unauthenticated.Arbitrary.File.Upload.via.handle_upload_file.Function CRITICAL" "yellow-pencil-visual-theme-customizer 7.6.5 Reflected.Cross-Site.Scripting MEDIUM" "yellow-pencil-visual-theme-customizer 7.6.4 Reflected.Cross-Site.Scripting MEDIUM" "yellow-pencil-visual-theme-customizer 7.5.9 Admin+.Stored.XSS LOW" "yellow-pencil-visual-theme-customizer 7.5.4 Reflected.Cross-Site.Scripting HIGH" "yellow-pencil-visual-theme-customizer 7.2.1 Unauthenticated.Arbitrary.Options.Updates HIGH" "yandexnews-feed-by-teplitsa No.known.fix Admin+.Stored.XSS LOW" "youtube-playlist-player 4.6.8 Contributor+.Stored.XSS MEDIUM" "youtube-playlist-player 4.6.5 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "yith-woocommerce-brands-add-on 1.3.7 Subscriber+.Settings.Update MEDIUM" "yt-player 1.5.3 Reflected.Cross-Site.Scripting MEDIUM" "yt-player 1.5.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "yt-player 1.4 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "yith-woocommerce-product-add-ons 4.14.2 Reflected.Cross-Site.Scripting MEDIUM" "yith-woocommerce-product-add-ons 4.13.1 Reflected.Cross-Site.Scripting MEDIUM" "yith-woocommerce-product-add-ons 4.9.3 Unauthenticated.Content.Injection MEDIUM" "yith-woocommerce-product-add-ons 4.6.0 Unuathenticated.Cross-Site.Scripting MEDIUM" "yith-woocommerce-product-add-ons 4.3.1 Authenticated(Shop.Manager+).PHP.Object.Injection MEDIUM" "yith-woocommerce-product-add-ons 4.2.1 Missing.Authorization MEDIUM" "yith-woocommerce-product-add-ons 2.1.0 Reflected.Cross-Site.Scripting HIGH" "yith-woocommerce-product-add-ons 2.1.0 Authenticated.Local.File.Inclusion MEDIUM" "yith-woocommerce-product-add-ons 1.5.23 Subscriber+.Settings.Update MEDIUM" "yellow-yard 2.8.12 Contributor+.Stored.XSS MEDIUM" "yellow-yard 2.8.12 Reflected.Cross-Site.Scripting HIGH" "yith-woocommerce-request-a-quote 1.6.4 Unauthorised.AJAX.call.via.CSRF MEDIUM" "yith-woocommerce-request-a-quote 1.4.9 Subscriber+.Settings.Update MEDIUM" "yotpo-reviews-for-woocommerce No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "ymc-smart-filter 2.9.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "ymc-smart-filter 2.8.34 Cross-Site.Request.Forgery MEDIUM" "ymc-smart-filter 2.8.33 Unauthenticated.LFI CRITICAL" "youtube-video-player 2.6.4 Admin+.Stored.XSS LOW" "youtube-video-player 2.3.9 Contributor+.Stored.XSS MEDIUM" "youtube-feeder No.known.fix CSRF.to.Stored.XSS HIGH" "your-simple-svg-support 1.0.2 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "yith-woocommerce-waiting-list 1.3.11 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-multi-step-checkout 1.7.5 Subscriber+.Settings.Update MEDIUM" "yatra 2.1.15 Admin+.Stored.XSS LOW" "yith-custom-thank-you-page-for-woocommerce 1.1.8 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-authorizenet-payment-gateway 1.1.13 Subscriber+.Settings.Update MEDIUM" "yith-custom-login 1.7.4 Reflected.Cross-Site.Scripting MEDIUM" "yith-custom-login 1.7.1 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "yith-woocommerce-wishlist 3.33.0 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "yith-woocommerce-wishlist 3.15.0 Cross-Site.Scripting.via.shortcode.ajax MEDIUM" "yith-woocommerce-wishlist 2.2.14 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-recover-abandoned-cart 1.3.4 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-frequently-bought-together 1.2.11 Subscriber+.Settings.Update MEDIUM" "youtube-channel 3.23.0 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "youtube-channel 3.23.0 Admin+.Stored.XSS LOW" "yith-woocommerce-subscription 1.3.6 Subscriber+.Settings.Update MEDIUM" "yookassa 2.3.1 Subscriber+.Arbitrary.Settings.Update MEDIUM" "yookassa 2.3.1 Arbitrary.Settings.Update.via.CSRF MEDIUM" "yr-activity-link 1.2.4 Contributor+.Stored.XSS MEDIUM" "yith-woocommerce-points-and-rewards 1.3.6 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-pdf-invoice 1.2.13 Subscriber+.Settings.Update MEDIUM" "youtube-simplegallery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "you-shang No.known.fix Authenticated.Stored.Cross-Site.Scripting LOW" "youtube-showcase 3.4.0 Missing.Authorization.to.Arbitrary.Post/Page.Creation MEDIUM" "youtube-showcase 3.3.6 Settings.Update.via.CSRF MEDIUM" "yith-maintenance-mode 1.4.0 Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "yith-maintenance-mode 1.3.8 Admin+.Stored.Cross-Site.Scripting LOW" "yith-maintenance-mode 1.2.0 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "youzify 1.3.4 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Options.Update.(save_addon_key_license) MEDIUM" "youzify 1.3.5 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Options.Update MEDIUM" "youzify 1.3.3 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Review.Deletion MEDIUM" "youzify 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.youzify_media.Shortcode MEDIUM" "youzify 1.3.1 Subscriber+.Arbitrary.Attachment.Deletion MEDIUM" "youzify 1.2.8 Missing.Authorization MEDIUM" "youzify 1.2.6 Authenticated.(Contributor+).SQL.Injection CRITICAL" "youzify 1.2.6 Authenticated.(Contributor+).SQL.Injection CRITICAL" "youzify 1.2.3 Insecure.Direct.Object.Reference MEDIUM" "youzify 1.2.2 Contributor+.Stored.XSS MEDIUM" "youzify 1.2.0 Unauthenticated.SQLi HIGH" "youzify 1.0.7 Stored.Cross-Site.Scripting.via.Biography HIGH" "youneeq-panel No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "yesno 1.0.12 Authenticated.(contributor+).Blind.SQL.Injection HIGH" "youtube-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "yith-woocommerce-bulk-product-editing 1.2.15 Subscriber+.Settings.Update MEDIUM" "yet-another-related-posts-plugin 5.30.11 Missing.Authorization MEDIUM" "yet-another-related-posts-plugin 5.30.10 Authenticated(Administrator+).Cross-Site.Scripting MEDIUM" "yet-another-related-posts-plugin 5.30.10 Admin+.Stored.XSS LOW" "yet-another-related-posts-plugin 5.30.4 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "yet-another-related-posts-plugin 5.30.3 Yet.Another.Related.Posts.Plugin.<.5.30.3.-.Subscriber+.SQLi HIGH" "yet-another-related-posts-plugin 5.30.5 Yet.Another.Related.Posts.Plugin.<.5.30.5.-.Subscriber+.LFI HIGH" "yet-another-related-posts-plugin 5.30.3 Yet.Another.Related.Posts.Plugin.<.5.30.3.-.Contributor+.Stored.XSS MEDIUM" "yith-woocommerce-product-vendors 3.8.1 Reflected.Cross-Site.Scripting HIGH" "yith-woocommerce-product-vendors 3.4.1 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-quick-view 1.21.1 Cross-Site.Scripting.via.shortcode.ajax MEDIUM" "yith-woocommerce-quick-view 1.3.15 Subscriber+.Settings.Update MEDIUM" "youtube-speedload No.known.fix Cross-Site.Request.Forgery MEDIUM" "yith-woocommerce-account-funds-premium 1.34.0 Missing.Authorization MEDIUM" "yith-woocommerce-social-login 1.3.6 Subscriber+.Settings.Update MEDIUM" "yandex-money-button No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "yandex-money-button No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "yandex-money-button 2.4.0 Reflected.Cross-Site.Scripting.(XSS) HIGH" "yith-woocommerce-zoom-magnifier 1.3.12 Subscriber+.Settings.Update MEDIUM" "yith-essential-kit-for-woocommerce-1 2.35.0 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Plugin.Install,.Activation,.and.Deactivation MEDIUM" "yith-essential-kit-for-woocommerce-1 2.14.0 Cross-Site.Scripting.via.shortcode.ajax MEDIUM" "yith-woocommerce-ajax-navigation 5.2.0 Reflected.Cross-Site.Scripting MEDIUM" "yith-woocommerce-ajax-navigation 3.11.1 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "ycyclista No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "yawave No.known.fix Unauthenticated.SQL.Injection HIGH" "yame-linkinbio No.known.fix Unauthenticated.Information.Exposure MEDIUM" "yumpu-epaper-publishing 3.0.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "yumpu-epaper-publishing 3.0.0 Missing.Authorization.to.PDF.Upload,.Publishing,.and.API.Key.Modification MEDIUM" "yith-woocommerce-affiliates 1.6.3 Subscriber+.Settings.Update MEDIUM" "yaysmtp 2.6.4 2.6.3.-.Unauthenticated.Stored.Cross-Site.Scripting HIGH" "yaysmtp 2.4.6 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "yaysmtp 2.2.1 Subscriber+.Stored.Cross-Site.Scripting HIGH" "yaysmtp 2.2.2 Admin+.Stored.Cross-Site.Scripting LOW" "yaysmtp 2.2.1 Subscriber+.SMTP.Credentials.Leak MEDIUM" "yaysmtp 2.2.1 Subscriber+.Logs.Disclosure MEDIUM" "yamaps No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "yamaps 0.6.30 Contributor+.Stored.XSS MEDIUM" "yamaps 0.6.26 Contributor+.Stored.XSS MEDIUM" "yith-woocommerce-ajax-search 2.8.1 Unauthenticated.SQL.Injection HIGH" "yith-woocommerce-ajax-search 2.7.1 Contributor+.Stored.XSS MEDIUM" "yith-woocommerce-ajax-search 2.4.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "yith-woocommerce-ajax-search 1.7.1 Subscriber+.Settings.Update MEDIUM" "yith-advanced-refund-system-for-woocommerce 1.0.12 Subscriber+.Settings.Update MEDIUM" "yotpo-social-reviews-for-woocommerce 1.7.10 Reflected.Cross-Site.Scripting MEDIUM" "yayforms 1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "yith-desktop-notifications-for-woocommerce 1.2.8 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-mailchimp 2.1.4 Subscriber+.Settings.Update MEDIUM" "yatri-tools No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "yatri-tools 1.1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ydn-download No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "yahoo-boss No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ymc-states-map No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "yikes-inc-easy-custom-woocommerce-product-tabs No.known.fix Shop.Manager+.PHP.Object.Injection MEDIUM" "yikes-inc-easy-custom-woocommerce-product-tabs 1.8.0 Admin+.Stored.XSS LOW" "yikes-inc-easy-custom-woocommerce-product-tabs 1.7.8 Unauthenticated.Toggle.Content.Setting.Update MEDIUM" "youram-youtube-embed No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "years-since No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "yummly-rich-recipes No.known.fix Cross-Site.Request.Forgery MEDIUM" "yet-another-stars-rating 3.4.4 Missing.Authorization.via.init MEDIUM" "yet-another-stars-rating 3.4.2 Reflected.Cross-Site.Scripting MEDIUM" "yet-another-stars-rating 3.1.3 Subscriber+.Stored.XSS HIGH" "yet-another-stars-rating 3.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "yet-another-stars-rating 3.0.0 Reflected.Cross-Site.Scripting MEDIUM" "yet-another-stars-rating 1.8.7 PHP.Object.Injection HIGH" "yith-woocommerce-stripe 2.0.2 Subscriber+.Settings.Update MEDIUM" "your-lightbox No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "yacp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "yt-cookie-nonsense No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "youtube-channel-gallery No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "yahoo-media-player No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "yop-poll 6.5.27 Unauthenticated.Vote.Manipulation.via.Race.Condition MEDIUM" "yop-poll 6.5.29 Reusable.Captcha.via.validateImage MEDIUM" "yop-poll 6.4.3 IP.Spoofing MEDIUM" "yop-poll 6.3.5 Author+.Stored.Cross-Site.Scripting MEDIUM" "yop-poll 6.3.1 Author+.Stored.Cross-Site.Scripting.via.Options.Module MEDIUM" "yop-poll 6.3.1 Author+.Stored.Cross-Site.Scripting.via.Preview.Module MEDIUM" "yop-poll 6.2.8 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "yop-poll 6.1.5 Authenticated.Stored.XSS LOW" "yop-poll 6.1.2 Reflected.Cross-Site.Scripting HIGH" "yop-poll 6.0.3 Cross-Site.Scripting.(XSS) MEDIUM" "yop-poll 5.8.1 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "yith-pre-order-for-woocommerce 1.2.1 Subscriber+.Settings.Update MEDIUM" "yith-paypal-express-checkout-for-woocommerce 1.2.6 Subscriber+.Settings.Update MEDIUM" "yds-support-ticket-system No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "yds-support-ticket-system No.known.fix Cross-Site.Request.Forgery MEDIUM" "yith-woocommerce-advanced-reviews 1.4.0 Subscriber+.Settings.Update MEDIUM" "yuzo-related-post 5.12.94 Unauthenticated.Call.Any.Action.or.Update.Any.Option MEDIUM" "yoo-bar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "yith-woocommerce-catalog-mode 2.16.1 Cross-Site.Scripting.via.shortcode.ajax MEDIUM" "yogo-booking 1.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "yith-woocommerce-order-tracking 2.8.0 Cross-Site.Scripting.via.shortcode.ajax MEDIUM" "yith-woocommerce-order-tracking 1.2.11 Subscriber+.Settings.Update MEDIUM" "yoo-slider 2.2.0 Reflected.Cross-Site.Scripting HIGH" "yoo-slider 2.1.0 Arbitrary.Template.Import.via.CSRF MEDIUM" "yoo-slider 2.1.0 Arbitrary.Slider.Creation/Edition.via.CSRF MEDIUM" "yoo-slider 2.1.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "yoo-slider 2.1.0 Arbitrary.Slider.Duplication/Deletion.via.CSRF MEDIUM" "yith-woocommerce-product-bundles 1.1.17 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-tab-manager 1.35.1 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "yith-woocommerce-gift-cards-premium 3.20.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "yith-woocommerce-gift-cards-premium 3.3.1 RCE.via.Arbitrary.File.Upload CRITICAL" "yith-woocommerce-questions-and-answers 1.2.0 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-badges-management 1.3.21 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-compare 2.38.0 Cross-Site.Request.Forgery MEDIUM" "yith-woocommerce-compare 2.20.1 Cross-Site.Scripting.via.shortcode.ajax MEDIUM" "yith-woocommerce-compare 2.3.15 Subscriber+.Settings.Update MEDIUM" "yotuwp-easy-youtube-embed 1.3.14 Unauthenticated.Local.File.Inclusion CRITICAL" "yotuwp-easy-youtube-embed 1.3.14 Authenticated.(Contributor+).Arbitrary.File.Inclusion.via.Shortcode MEDIUM" "yotuwp-easy-youtube-embed 1.3.13 Admin+.Stored.XSS LOW" "yith-infinite-scrolling 1.8.0 Cross-Site.Scripting.via.shortcode.ajax MEDIUM" "youtube-embed 5.4 Admin+.Stored.XSS LOW" "youtube-embed 5.2.2 Contributor+.Stored.XSS MEDIUM" "youtube-embed 3.3.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "youtube-video-inserter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "yummy-recipes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "youtube-widget-responsive 1.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "youforms-free-for-copecart No.known.fix Authenticated.Stored.Cross-Site.Scripting LOW" "yottie-lite No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "yith-woocommerce-cart-messages 1.4.5 Subscriber+.Settings.Update MEDIUM" "yeemail 2.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "yith-woocommerce-gift-cards 4.13.0 Missing.Authorization.to.Unauthenticated.WooCommerce.Settings.Update MEDIUM" "yith-woocommerce-gift-cards 1.3.8 Subscriber+.Settings.Update MEDIUM" "youzify-moderation No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "yith-woocommerce-best-sellers 1.1.13 Subscriber+.Settings.Update MEDIUM" "yourchannel 1.2.4 Unauthenticated.Settings.Reset MEDIUM" "yourchannel 1.2.5 Multiple.CSRF MEDIUM" "yourchannel 1.2.6 Admin+.Stored.XSS LOW" "yourchannel 1.2.2 Subscriber+.Stored.XSS HIGH" "yourchannel 1.2.3 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "yphplista No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "yphplista No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "yith-color-and-label-variations-for-woocommerce 1.8.13 Subscriber+.Settings.Update MEDIUM" "yaad-sarig-payment-gateway-for-wc 2.2.5 Subscriber+.Log.Read/Deletion MEDIUM" "yawpp No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "youtube-embed-plus 11.8.2 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "yith-product-size-charts-for-woocommerce 1.1.13 Subscriber+.Settings.Update MEDIUM" "yada-wiki 3.4.1 Contributor+.Stored.XSS MEDIUM" "yith-woocommerce-added-to-cart-popup 1.3.13 Subscriber+.Settings.Update MEDIUM" "ziplist-recipe-plugin No.known.fix Cross-Site.Request.Forgery MEDIUM" "zynith-seo No.known.fix Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "zynith-seo No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Option.Deletion CRITICAL" "zynith-seo No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "zstore-manager-basic No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Cache.Clearing MEDIUM" "zendesk-help-center 1.0.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "zd-scribd-ipaper No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "zionbuilder No.known.fix Contributor+.Stored.XSS MEDIUM" "zionbuilder 3.6.10 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "z-companion 1.1.2 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "z-companion 1.1.0 Missing.Authorization MEDIUM" "zeno-font-resizer 1.8.0 Admin+.Stored.XSS LOW" "ziteboard-online-whiteboard 3.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.ziteboard.Shortcode MEDIUM" "zij-kart No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "zippy 1.6.10 Authenticated.(Editor+).Arbitrary.File.Upload HIGH" "zarinpal-paid-downloads No.known.fix Admin+.Arbitrary.File.Upload MEDIUM" "zarinpal-paid-downloads No.known.fix Reflected.XSS HIGH" "zarinpal-paid-downloads No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "zigaform-form-builder-lite 7.4.3 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "zigaform-form-builder-lite 7.4.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ziggeo 3.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "zartis-job-plugin No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "zielke-design-project-gallery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "zoho-forms 4.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "zoho-forms 3.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "zoho-forms 3.0.1 Contributor+.Stored.XSS MEDIUM" "zlick-paywall 2.2.2 CSRF.Bypasses LOW" "zip-codes-redirect 5.1.2 Reflected.Cross-Site.Scripting MEDIUM" "zip-codes-redirect 4.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "zoho-marketinghub 1.2.8 Authenticated.(Contributor+).SQL.Injection CRITICAL" "zhina-twitter-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "zephyr-modern-admin-theme 1.5.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "znajdz-prace-z-pracapl No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "zalo-live-chat No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "zoho-crm-forms 1.7.9.8 Contributor+.SQL.Injection MEDIUM" "zoho-crm-forms 1.7.8.9 Reflected.Cross-Site.Scripting MEDIUM" "zoho-crm-forms 1.7.6.2 Subscriber+.Arbitrary.Options.Update HIGH" "zoho-crm-forms 1.7.2.9 Admin+.Stored.Cross-Site.Scripting LOW" "zoho-crm-forms 1.6.9.2 Authenticated.Cross.Site.Scripting.(XSS) MEDIUM" "zero-bs-crm 5.5.1 CRM.Admin+.XSS LOW" "zero-bs-crm 5.5.1 Client+.XSS MEDIUM" "zero-bs-crm 5.4.0 PHAR.Deserialisation.via.CSRF HIGH" "zero-bs-crm 5.5.0 Admin+.Stored.XSS LOW" "zero-bs-crm 5.5 Contributor+.Stored.XSS MEDIUM" "zero-bs-crm 5.4.3 Admin+.Cross-Site.Scripting LOW" "zero-bs-crm 4.2.4 Unauthorized.Invoice.Disclosure LOW" "zx-csv-upload No.known.fix ZX_CSV.Upload.1.–.Authenticated.SQL.Injection HIGH" "zm-ajax-login-register No.known.fix Unauthenticated.Authentication.Bypass CRITICAL" "zip-attachments 1.5 Arbitrary.File.Download HIGH" "zm-gallery No.known.fix ZM.Gallery.1,0.–.Authenticated.Blind.SQL.Injection HIGH" "zohocreator No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "zmseo No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "z-url-preview 2.0.0 Cross-Site.Scripting.(XSS) MEDIUM" "zoho-subscriptions 4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "zenphotopress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "zoho-salesiq 1.0.9 XSS.&.CSRF HIGH" "zapier 1.5.2 Authenticated.(Subscriber+).Blind.Server-Side.Request.Forgery.via.updated_user.Function MEDIUM" "zephyr-project-manager 3.3.201 Missing.Authorization MEDIUM" "zephyr-project-manager 3.3.102 Reflected.Cross-Site.Scripting MEDIUM" "zephyr-project-manager 3.3.103 Missing.Authorization.to.Authenticated.(Subscriber+).Status.Updates MEDIUM" "zephyr-project-manager 3.3.103 Reflected.Cross-Site.Scripting MEDIUM" "zephyr-project-manager 3.3.101 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "zephyr-project-manager 3.3.102 Authenticated.(Subscriber+).Limited.Privilege.Escalation HIGH" "zephyr-project-manager 3.3.101 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.filename.Parameter MEDIUM" "zephyr-project-manager 3.3.100 Unauthenticated.Information.Exposure MEDIUM" "zephyr-project-manager 3.3.99 Editor+.XSS LOW" "zephyr-project-manager 3.3.99 Authenticated.(Subscriber+).Privilege.Escalation.via.User.Meta.Update HIGH" "zephyr-project-manager 3.3.94 Plugin.Data.Deletion.via.CSRF MEDIUM" "zephyr-project-manager 3.2.55 Unauthorised.AJAX.Calls.To.Stored.XSS HIGH" "zephyr-project-manager 3.2.5 Multiple.Unauthenticated.SQLi CRITICAL" "zephyr-project-manager 3.2.5 Unauthorised.REST.Calls.to.Stored.XSS HIGH" "zephyr-project-manager 3.2.5 Reflected.Cross-Site.Scripting MEDIUM" "zephyr-project-manager 3.2.41 Reflected.Cross-Site.Scripting MEDIUM" "zooom No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "zalomeni No.known.fix Admin+.Stored.XSS LOW" "zemanta No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Attachment.Upload.and.Set.Post.Featured.Image MEDIUM" "zoorum-comments No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "zox-news 3.17.1 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Modification HIGH" "z-downloads 1.11.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "z-downloads 1.11.6 Unauthenticated.Stored.XSS HIGH" "z-downloads 1.11.5 Admin+.Arbitrary.File.Upload MEDIUM" "z-downloads 1.11.7 Admin+.Stored.XSS.via.SVG.Upload LOW" "z-downloads 1.11.4 Authenticated.(Admin+).Arbitrary.File.Upload CRITICAL" "zigaform-calculator-cost-estimation-form-builder-lite 7.4.3 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "zigaform-calculator-cost-estimation-form-builder-lite 7.4.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "zerobounce 1.0.12 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "zero-spam 5.5.7 Spam.Protection.Bypass MEDIUM" "zero-spam 5.4.5 Admin+.SQL.Injection MEDIUM" "zero-spam 5.2.11 Admin+.SQL.Injection MEDIUM" "zotpress 7.3.13 Missing.Authorization MEDIUM" "zotpress 7.3.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "zotpress 7.3.10 Authenticated.(Contributor+).Cross-Site.Scripting MEDIUM" "zotpress 7.3.8 Authenticated.(Contributor+).SQL.Injection CRITICAL" "zotpress 7.3.5 Reflected.XSS HIGH" "zotpress 7.3.4 Unauthenticated.Reflected.XSS HIGH" "zotpress 6.1.3 SQL.Injection CRITICAL" "zita-site-library 1.6.4 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "zita-site-library 1.6.2 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "zita-site-library 1.6.3 Missing.Authorization.to.Page.Creation.and.Options.Modification MEDIUM" "zoho-campaigns 2.1.0 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "zoho-campaigns 2.0.8 Cross-Site.Request.Forgery.via.zcwc_optin_save MEDIUM" "zoho-campaigns 2.0.8 Cross-Site.Request.Forgery.via.zcwc_integration_disconnect MEDIUM" "zoho-campaigns 2.0.7 Authenticated.(Contributor+).SQL.Injection CRITICAL" "zajax-ajax-navigation No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "zen-mobile-app-native No.known.fix Remote.File.Upload HIGH" "z-inventory-manager No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "z-inventory-manager 3.1.7 Unauthenticated.PHP.Object.Injection CRITICAL" "zd-youtube-flv-player No.known.fix Server-Side.Request.Forgery HIGH" "zip-recipes No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "zip-recipes 8.1.1 Authenticated(Contributor+).SQL.Injection HIGH" "zip-recipes 8.0.8 Cross-Site.Request.Forgery MEDIUM" "zip-recipes 8.0.8 Multiple.CSRF MEDIUM" "zip-recipes 8.0.7 Reflected.XSS HIGH" "zoho-flow 2.13.4 Missing.Authorization MEDIUM" "zoho-flow 2.8.1 Authenticated.(Administrator+).SQL.Injection MEDIUM" "zalo-official-live-chat No.known.fix Cross-Site.Request.Forgery MEDIUM") + releases_plugins=("012-ps-multi-languages 1.6" "4stats 2.0.9" "404-to-301 3.1.4" "5-stars-rating-funnel 1.4.01" "automatic-youtube-video-posts 5.2.2" "apk-downloader 1.0.0" "advanced-facebook-twitter-widget 1.7" "apimo 2.6.3.1" "acf-blocks 2.6.11" "ap-mega-menu 3.0.9" "bilingual-linker 2.4.1" "base64-encoderdecoder 0.9.2" "bin-stripe-donation 1.2.5" "bootstrap-collapse 1.0.4" "clickdesk-live-support-chat-plugin 4.4" "craw-data 1.0.0" "displayproduct 1.0.4" "dwnldr 1.031" "demon-image-annotation 5.4" "external-media-upload 0.4" "easy-hide-login 1.5" "easy-event-calendar 1.0" "fix-my-feed-rss-repair 1.4" "futurio-extra 2.0.18" "gd-star-rating 1.9.22" "ga-universal 1.0.1" "happiness-reports-for-help-scout 2.0.3" "hurrytimer 2.13.1" "integrate-automate 1.0.1" "image-magnify 1.1" "icegram 3.1.34" "jf3-maintenance-mode 2.1.1" "kush-micro-news 1.6.7" "ksher-payment 1.1.10" "learning-management-system 1.18.1" "lgpd-framework 2.0.2" "mp-restaurant-menu 2.4.6" "menu-ordering-reservations 2.4.4" "md-custom-content 1.0" "meks-easy-social-share 1.3" "notifications-center 1.5.2" "notice-faq 2.2.1" "oi-yamaps 3.2.7" "order-status-rules-for-woocommerce 3.7.2" "promotion-slider 3.3.4" "portfolleo 1.2" "quick-count 3.00" "quote-comments 3.0.0" "rss-filter 1.2" "responsive-tabs 4.0.11" "simpleform-contact-form-submissions 2.1.0" "simple-cod-fee-for-woocommerce 2.1" "scan-external-links 1.0" "simple-responsive-menu 2.1" "tax-report-for-woocommerce 2.2" "ultimate-flipbox-addon-for-elementor 2.0.3" "users-customers-import-export-for-wp-woocommerce 2.6.4" "viral-loops-wp-integration 3.8.1" "vk-all-in-one-expansion-unit 9.109.0.1" "woocommerce-extra-charges-to-payment-gateways 2.0.2.1" "wp-maintenance-mode-site-under-construction 4.4" "wpschoolpress 2.2.22" "wc-wallet 2.2.0" "wp2speed 1.0.1" "wp-automedic 1.5.6" "xagio-seo 7.1.0.20" "xpinner-lite 2.2" "yogo-booking 1.6.6" "yolink-search 2.6" "zedity 8.0.5" "z-inventory-manager 3.1.9") + vulns_plugins=("360-product-rotation No.known.fix Reflected.XSS MEDIUM" "360-product-rotation 1.4.8 Reflected.XSS MEDIUM" "4stats No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "012-ps-multi-languages No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "2mb-autocode 1.2.5 Reflected.Cross-Site.Scripting MEDIUM" "3dprint 3.5.6.9 Arbitrary.File.and.Directory.Deletion.via.CSRF HIGH" "3dprint 3.5.6.9 CSRF.to.arbitrary.file.downlad HIGH" "4ecps-webforms No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "4ecps-webforms No.known.fix Admin+.Stored.XSS LOW" "99robots-header-footer-code-manager-pro 1.0.17 Reflected.Cross-Site.Scripting.via.message MEDIUM" "404-error-monitor No.known.fix Cross-Site.Request.Forgery.to.Plugin.Settings.Update.via.updatePluginSettings.Function MEDIUM" "2kb-amazon-affiliates-store No.known.fix Reflected.XSS MEDIUM" "2kb-amazon-affiliates-store 2.1.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "404-to-301 3.0.6 Reflected.Cross-Site.Scripting MEDIUM" "404-to-301 3.1.2 Reflected.Cross-Site.Scripting MEDIUM" "404-to-301 3.0.9 Logs.Deletion.via.CSRF MEDIUM" "404-to-301 3.0.8 Broken.Access.Control MEDIUM" "404-to-301 3.0.2 Subscriber+.Arbitrary.Option.Update CRITICAL" "404-to-301 2.3.1 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "1-click-backup-restore-database-by-sunbytes No.known.fix Missing.Authorization MEDIUM" "8-degree-notification-bar No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "3xsocializer No.known.fix Subscriber+.SQLi MEDIUM" "99fy-core 1.2.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "99fy-core 1.2.8 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "1-click-migration No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "1-click-migration No.known.fix Unauthenticated.Information.Disclsoure MEDIUM" "1-click-migration No.known.fix Cross-Site.Request.Forgery.to.Backup.Process.Cancellation MEDIUM" "1-click-migration No.known.fix Unauthenticated.Sensitive.Information.Exposure.via.Database.Backup.in.class-ocm-backup.php MEDIUM" "1003-mortgage-application No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "1003-mortgage-application No.known.fix Missing.Authorization MEDIUM" "1003-mortgage-application No.known.fix Missing.Authorization MEDIUM" "404-to-start No.known.fix Admin+.Stored.XSS LOW" "5-sterrenspecialist No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "3-word-address-validation-field 4.0.16 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "3-word-address-validation-field 4.0.0 Admin+.Sensitive.Information.Disclosure LOW" "1-jquery-photo-gallery-slideshow-flash No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "3com-asesor-de-cookies No.known.fix Admin+.Stored.XSS LOW" "4-author-cheer-up-donate No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "3d-avatar-user-profile No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "3dprint-lite 2.1.3.7 Authenticated.(Admin+).SQL.Injection.via.'material_text' MEDIUM" "3dprint-lite 2.1.3.7 Authenticated.(Admin+).SQL.Injection.via.'coating_text' MEDIUM" "3dprint-lite 2.1.3.7 Authenticated.(Admin+).SQL.Injection.via.'infill_text' MEDIUM" "3dprint-lite 2.1.3.7 Authenticated.(Admin+).SQL.Injection.via.'printer_text' MEDIUM" "3dprint-lite 2.1.3.6 Cross-Site.Request.Forgery MEDIUM" "3dprint-lite 2.1 Settings.Update.via.CSRF MEDIUM" "3dprint-lite 1.9.1.6 Reflected.Cross-Site.Scripting HIGH" "3dprint-lite 1.9.1.5 Unauthenticated.Arbitrary.File.Upload CRITICAL" "1app-business-forms No.known.fix Author+.Stored.XSS MEDIUM" "404-redirection-manager No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "404-redirection-manager No.known.fix CSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "3d-cover-carousel No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "4k-icon-fonts-for-visual-composer No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "5centscdn No.known.fix Reflected.Cross-Site.Scripting HIGH" "360deg-javascript-viewer 1.7.30 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "360deg-javascript-viewer 1.7.13 Missing.Authorization.to.Plugin.Settings.Update MEDIUM" "360deg-javascript-viewer 1.7.12 Unauthenticated.Settings.Update MEDIUM" "360deg-javascript-viewer 1.5.3 Reflected.Cross-Site.Scripting MEDIUM" "404-page 1.0.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "10to8-online-booking 1.1.0 Contributor+.Stored.XSS MEDIUM" "5-anker-connect 1.2.7 Reflected.Cross-Site.Scripting MEDIUM" "17track No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "3dady-real-time-web-stats No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "12-step-meeting-list 3.16.6 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "12-step-meeting-list 3.16.6 Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.Content.Deletion MEDIUM" "12-step-meeting-list 3.14.34 Reflected.Cross-Site.Scripting MEDIUM" "12-step-meeting-list 3.14.29 Subscriber+.CSV.Download MEDIUM" "12-step-meeting-list 3.14.25 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "10centmail-subscription-management-and-analytics No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "360-view No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "404-solution 2.35.20 Reflected.Cross-Site.Scripting MEDIUM" "404-solution 2.35.18 Missing.Authentication.to.Sensitive.Information.Exposure MEDIUM" "404-solution 2.35.8 Admin+.SQL.Injection MEDIUM" "404-solution 2.33.1 Sensitive.Information.Exposure.via.Log.File MEDIUM" "404-solution 2.35.0 Admin+.SQLi MEDIUM" "404-solution 2.33.1 Sensitive.Information.Exposure MEDIUM" "3dvieweronline-wp 2.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "1-decembrie-1918 No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "6storage-rentals No.known.fix Missing.Authorization MEDIUM" "6storage-rentals No.known.fix Missing.Authorization MEDIUM" "6storage-rentals No.known.fix Missing.Authorization MEDIUM" "123contactform-for-wordpress No.known.fix Validation.Bypass.via.Plugin.Verification MEDIUM" "123contactform-for-wordpress No.known.fix Unauthenticated.Arbitrary.File.Upload HIGH" "123contactform-for-wordpress No.known.fix Unauthenticated.Arbitrary.Post.Creation HIGH" "3d-flipbook-dflip-lite 2.3.53 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "3d-flipbook-dflip-lite 2.3.42 Reflected.Cross-Site.Scripting MEDIUM" "3d-flipbook-dflip-lite 2.2.27 Contributor+.Stored.XSS MEDIUM" "3d-flipbook-dflip-lite 2.2.27 Contributor+.Stored.XSS MEDIUM" "3d-flipbook-dflip-lite 1.7.10 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "2d-tag-cloud-widget-by-sujin No.known.fix Reflected.Cross-Site.Scripting.via.add_query_arg.Parameter MEDIUM" "3d-presentation No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "404s 3.5.1 Admin+.Stored.Cross-Site.Scripting LOW" "5-stars-rating-funnel No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "5-stars-rating-funnel 1.3.02 Missing.Authorization MEDIUM" "5-stars-rating-funnel 1.3.02 Missing.Authorization MEDIUM" "5-stars-rating-funnel 1.2.63 Reflected.Cross-Site.Scripting MEDIUM" "5-stars-rating-funnel 1.2.53 Unauthenticated.SQLi HIGH" "5-stars-rating-funnel 1.2.54 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "404page 11.4.8 Reflected.Cross-Site.Scripting MEDIUM" "1-click-close-store No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "123-chat-videochat No.known.fix Video.Chat.<=.1.3.1.-.Unauthenticated.Stored.Cross-Site.Scripting HIGH" "123-chat-videochat 1.3.1 Admin+.Stored.XSS LOW" "5280-bootstrap-modal-contact-form No.known.fix Cross-Site.Request.Forgery.to.Bulk.Delete.Messages MEDIUM" "2j-slideshow No.known.fix Reflected.Cross-Site.Scripting.via.'post' MEDIUM" "2j-slideshow No.known.fix Contributor+.Stored.XSS MEDIUM" "2j-slideshow No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "59sec-lite-contact-form-7-push-notifications-on-ios-and-android No.known.fix Unauthenticated.Settings.Update MEDIUM" "3d-photo-gallery No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "3d-viewer 1.3.4 Reflected.Cross-Site.Scripting MEDIUM" "3d-viewer 1.2.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "0mk-shortener No.known.fix Stored.XSS.via.CSRF HIGH" "0mk-shortener No.known.fix Admin+.Stored.XSS LOW" "apimo No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "automatic-youtube-video-posts No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "ai-image-alt-text-generator-for-wp No.known.fix Subscriber+.Sensitive.Information.Exposure MEDIUM" "ai-image-alt-text-generator-for-wp 1.1.2 Missing.Authorization MEDIUM" "ai-image-alt-text-generator-for-wp 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "apk-downloader No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross.Site.Scripting MEDIUM" "advanced-facebook-twitter-widget No.known.fix Admin+.Stored.XSS LOW" "ak-menu-icons-lite 1.0.9 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "appointment-calendar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "appointment-calendar No.known.fix CSRF MEDIUM" "admin-bookmarks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "art-decoration-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "addify-checkout-fields-manager 1.0.2 Multiple.CSRF MEDIUM" "ali2woo-lite 3.5.4 Open.Redirect HIGH" "ali2woo-lite 3.3.7 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "ali2woo-lite 3.4.4 PHP.Object.Injection.via.CSRF HIGH" "ali2woo-lite 3.3.7 Reflected.Cross-Site.Scripting MEDIUM" "ali2woo-lite 3.4.7 Stored.XSS.via.CSRF HIGH" "ali2woo-lite 3.3.6 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "ali2woo-lite 3.3.7 Missing.Authorization.via.Several.Functions MEDIUM" "auto-more-tag No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "all-in-one-schemaorg-rich-snippets 1.6.6 All.In.One.Schema.Rich.Snippets.<.1.6.6.-.Multiple.CSRF MEDIUM" "all-in-one-schemaorg-rich-snippets 1.5.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "abcbiz-addons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "azonbox No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "aspose-doc-exporter No.known.fix Missing.Authorization MEDIUM" "aspose-doc-exporter 2.0 Unauthenticated.Arbitrary.File.Download HIGH" "allow-rel-and-html-in-author-bios No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "a-staff No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "a-staff No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "a-staff No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "addify-price-calculator-for-woocommerce No.known.fix Multiple.CSRF MEDIUM" "acf-yandex-maps-field No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "amcharts-charts-and-maps 1.4.5 Reflected.Cross-Site.Scripting.via.Cross-Site.Request.Forgery MEDIUM" "amcharts-charts-and-maps 1.4.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "all-custom-fields-groups 1.05 Reflected.Cross-Site.Scripting MEDIUM" "advanced-local-pickup-for-woocommerce 1.6.2 Missing.Authorization.to.Notice.Dismissal MEDIUM" "advanced-local-pickup-for-woocommerce 1.6.3 Missing.Authorization MEDIUM" "advanced-local-pickup-for-woocommerce 1.6.0 Authenticated.(Administrator+).SQL.Injection HIGH" "artibot No.known.fix Authenticated.(Admin+).Cross-Site.Scripting MEDIUM" "artibot No.known.fix Missing.Authorization.to.Settings.Update MEDIUM" "age-verification-screen-for-woocommerce 1.1.0 Reflected.Cross-Site.Scripting MEDIUM" "age-verification-screen-for-woocommerce 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "alfred-click-collect No.known.fix Admin+.Stored.XSS LOW" "acf-on-the-go No.known.fix .Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Content.Update MEDIUM" "add-to-header No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "awesome-wp-image-gallery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "acl-floating-cart-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "a-team-showcase No.known.fix Missing.Authorization MEDIUM" "as-create-pinterest-pinboard-pages No.known.fix Subscriber+.Settings.Update.to.Stored.XSS MEDIUM" "automatic-domain-changer 2.0.3 Reflected.Cross-Site.Scripting MEDIUM" "alpine-photo-tile-for-instagram No.known.fix Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "alpha-price-table-for-elementor No.known.fix Contributor+.Stored.XSS MEDIUM" "apa-banner-slider No.known.fix Cross-Site.Request.Forgery.to.SLQ.Injection HIGH" "awesome-support 6.3.2 Unauthenticated.Sensitive.Information.Exposure.Through.Unprotected.Directory HIGH" "awesome-support 6.3.2 Missing.Authorization MEDIUM" "awesome-support 6.1.8 Missing.Authorization MEDIUM" "awesome-support 6.1.7 Insufficient.Authorization.via.wpas_can_delete_attachments() MEDIUM" "awesome-support 6.1.8 Missing.Authorization.via.wpas_get_users() MEDIUM" "awesome-support 6.1.8 Authenticated.(Subscriber+).SQL.Injection HIGH" "awesome-support 6.1.8 Missing.Authorization.via.editor_html() MEDIUM" "awesome-support 6.1.6 Missing.Authorization.via.wpas_load_reply_history MEDIUM" "awesome-support 6.1.6 Cross-Site.Request.Forgery MEDIUM" "awesome-support 6.1.8 Missing.Authorization MEDIUM" "awesome-support 6.1.11 Missing.Authorization MEDIUM" "awesome-support 6.1.5 Missing.Authorization.via.wpas_edit_reply_ajax() MEDIUM" "awesome-support 6.1.5 Cross-Site.Request.Forgery.via.wpas_edit_reply_ajax() MEDIUM" "awesome-support 6.1.5 Insufficient.permission.check.in.wpas_edit_reply MEDIUM" "awesome-support 6.1.5 Submitter+.Arbitrary.File.Deletion CRITICAL" "awesome-support 6.1.5 Reflected.Cross-Site.Scripting HIGH" "awesome-support 6.1.2 Subscriber+.Arbitrary.Exported.Tickets.Download MEDIUM" "awesome-support 6.0.8 Authenticated.Stored.XSS MEDIUM" "awesome-support 6.0.7 Reflected.Cross-Site.Scripting HIGH" "awesome-support 6.0.11 Reflected.Cross-Site.Scripting.(XSS) HIGH" "awesome-support 6.0.0 Stored.XSS.via.Ticket.Title MEDIUM" "awesome-support 3.1.7 XSS.&.Shortcodes.Allowed.in.Replies HIGH" "acf-blocks 2.6.10 Reflected.Cross-Site.Scripting MEDIUM" "acf-blocks 2.6.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "addendio No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "addendio No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "admin-management-xtended 2.4.7 Contributor+.Stored.XSS MEDIUM" "admin-management-xtended 2.4.5 Post.Visibility/Date/Comment.Status.Update.via.CSRF MEDIUM" "admin-management-xtended 2.4.5 Multiple.CSRF MEDIUM" "admin-management-xtended 2.4.0.1 Privilege.Escalation MEDIUM" "adminify 4.0.1.7 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "adminify 3.1.7 Authenticated(Administrator+).SQL.Injection MEDIUM" "adminify 3.1.6 Admin+.Stored.XSS LOW" "adminify 3.1.6 Admin+.Stored.XSS LOW" "adminify 3.1.4 Reflected.Cross-Site.Scripting MEDIUM" "adminify 2.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ai-image 1.5.3 Unauthenticated.Arbitrary.File.Upload CRITICAL" "anywhere-flash-embed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "all-push-notification No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "all-push-notification No.known.fix Cross-Site.Request.Forgery.to.SQL.Injection MEDIUM" "all-push-notification No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "archive-page 1.0.3 Contributor+.Stored.XSS MEDIUM" "awesome-gallery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ai-postpix 1.1.8.1 Subscriber+.Arbitrary.File.Upload HIGH" "accordions-wp 2.7 Authenticated.(Editor+).Stored.Cross-Site.Scripting.via.accordion.settings MEDIUM" "accordions-wp 2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "auto-featured-image-auto-generated 1.6.0 Reflected.Cross-Site.Scripting MEDIUM" "absolute-privacy No.known.fix User.Email/Password.Change.via.Cross-Site.Request.Forgery HIGH" "affiliator-lite No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "adsense-click-fraud-monitoring No.known.fix XSS MEDIUM" "advanced-forms-pro 1.6.9 Subscriber+.Arbitrary.User.Email.Address.Update.via.IDOR HIGH" "arforms No.known.fix Directory.Traversal.to.Authenticated.(Subscriber+).Arbitrary.File.Read HIGH" "arforms No.known.fix Missing.Authorization.to.Plugin.Settings.Change MEDIUM" "arforms 6.4.1 Reflected.XSS HIGH" "arforms 6.6 Admin+.Stored.XSS LOW" "arforms 6.6 Unauthenticated.RCE CRITICAL" "arforms 6.4.1 Authenticated.(Subscriber+).SQL.Injection HIGH" "arforms 6.4.1 Missing.Authorization.to.Arbitrary.Plugin.Activation/Deactivation MEDIUM" "arforms 6.4.1 Missing.Authorization.to.Arbitrary.Option.Deletion MEDIUM" "arforms 6.4.1 Reflected.Cross-Site.Scripting MEDIUM" "arforms 6.4.1 Missing.Authorization.to.Arbitrary.File.Deletion HIGH" "arforms 4.0 Unauthenticated.Arbitrary.File.Deletion.via.Traversal HIGH" "arforms 3.5.2 Unauthenticated.Arbitrary.File.Deletion HIGH" "add-to-feedly No.known.fix Admin+.Stored.XSS LOW" "athemes-addons-for-elementor-lite No.known.fix Contributor+.Local.File.Inclusion HIGH" "athemes-addons-for-elementor-lite 1.0.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "athemes-addons-for-elementor-lite 1.0.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "athemes-addons-for-elementor-lite 1.0.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "all-in-one-seo-pack 4.8.2 Contributor+.Stored.XSS.via.Post.Meta.Description.and.Canonical.URL MEDIUM" "all-in-one-seo-pack 4.6.1.1 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "all-in-one-seo-pack 4.6.1.1 Contributor+.Stored.XSS MEDIUM" "all-in-one-seo-pack 4.3.0 Contributor+.Stored.XSS MEDIUM" "all-in-one-seo-pack 4.3.0 Admin+.Stored.XSS LOW" "all-in-one-seo-pack 4.2.4 Multiple.CSRF MEDIUM" "all-in-one-seo-pack 4.1.5.3 Authenticated.Privilege.Escalation CRITICAL" "all-in-one-seo-pack 4.1.5.3 Authenticated.SQL.Injection HIGH" "all-in-one-seo-pack 4.1.0.2 Admin.RCE.via.unserialize MEDIUM" "all-in-one-seo-pack 3.6.2 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "all-in-one-seo-pack 3.2.7 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "all-in-one-seo-pack 2.10 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "ai-for-seo 1.2.10 Missing.Authorization MEDIUM" "assistant 1.5.1.1 Authenticated.(Editor+).PHP.Object.Injection HIGH" "assistant 1.4.9.2 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "assistant 1.4.4 Editor+.SSRF MEDIUM" "advanced-wp-columns No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "activity-link-preview-for-buddypress 1.6.0 Activity.Link.Preview.For.BuddyPress.<.1.6.0.-.Unauthenticated.Server-Side.Request.Forgery HIGH" "antihacker 4.52 Missing.Authorization.to.Unauthenticated.IP.Address.Whitelist MEDIUM" "antihacker 4.53 Missing.Authorization.to.Authenticated.(Subscriber+).Table.Truncation MEDIUM" "antihacker 4.35 Cross-Site.Request.Forgery.via.antihacker_ajax_scan MEDIUM" "antihacker 4.20 Subscriber+.Arbitrary.Plugin.Installation HIGH" "azurecurve-shortcodes-in-comments No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "advanced-exchange-rates No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "advanced-exchange-rates No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "admin-word-count-column No.known.fix Unauthenticated.Arbitrary.File.Read MEDIUM" "ads-txt-admin No.known.fix Cross-Site.Request.Forgery MEDIUM" "anti-spam 7.3.8 Missing.Authorization MEDIUM" "anti-spam 7.3.1 Protection.Bypass.due.to.IP.Spoofing MEDIUM" "acf-images-search-and-insert No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "autopilot 1.0.21 Reflected.Cross-Site.Scripting MEDIUM" "ai-image-generator-lab No.known.fix Cross-Site.Request.Forgery.to.API.Key.Update MEDIUM" "accesspress-social-share 4.5.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "automatic-youtube-gallery 2.3.5 Missing.Authorization.via.AJAX.actions MEDIUM" "automatic-youtube-gallery 2.3.3 Reflected.Cross-Site.Scripting MEDIUM" "automatic-youtube-gallery 1.6.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "analogwp-templates 1.8.1 CSRF.Nonce.Bypasses MEDIUM" "analogwp-templates 1.8.1 Cross-Site.Request.Forgery HIGH" "adstxt No.known.fix Settings.Update.via.CSRF MEDIUM" "amazon-product-in-a-post-plugin No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "amazon-product-in-a-post-plugin 3.5.3 Unauthenticated.SQL.Injection CRITICAL" "announcer 6.0.1 Missing.Authorization MEDIUM" "adwork-media-ez-content-locker No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ads-by-datafeedrcom No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ads-by-datafeedrcom 1.2.0 Unauthenticated.Remote.Code.Execution CRITICAL" "aoa-downloadable No.known.fix Unauthenticated.SSRF HIGH" "aoa-downloadable No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "archivist-custom-archive-templates 1.7.6 Reflected.Cross-Site.Scripting MEDIUM" "archivist-custom-archive-templates No.known.fix Reflected.XSS HIGH" "archivist-custom-archive-templates 1.7.5 Custom.Archive.Templates.<.1.7.5.-.Admin+.Stored.XSS LOW" "archivist-custom-archive-templates 1.7.5 Custom.Archive.Templates.<.1.7.5.-.Stored.XSS.via.CSRF HIGH" "ai-mojo 0.2.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ai-preloader No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "anchor-episodes-index 2.1.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.anchor_episodes.Shortcode MEDIUM" "anchor-episodes-index 2.1.8 Admin+.Stored.XSS LOW" "adicons No.known.fix Admin+.SQL.Injection MEDIUM" "appointmind 4.1.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "altra-side-menu No.known.fix Admin+.SQL.Injection MEDIUM" "altra-side-menu No.known.fix Abitrary.Menu.Deletion.via.CSRF MEDIUM" "add-infos-to-the-events-calendar 1.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "animated-number-counters 2.2 Editor+.Local.File.Inclusion HIGH" "animated-number-counters 1.7 Editor+.Stored.XSS MEDIUM" "advanced-pdf-generator No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "auto-terms-of-service-and-privacy-policy 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "awesome-filterable-portfolio No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "awesome-filterable-portfolio No.known.fix Unauthenticated.Settings.Update MEDIUM" "awesome-filterable-portfolio 1.9 Authenticated.Blind.SQL.Injection HIGH" "analytics-insights 6.3 Open.Redirect MEDIUM" "acf-google-font-selector-field No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "add-edit-delete-listing-for-member-module No.known.fix SQL.Injection HIGH" "admire-extra 1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-post-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-classifieds-and-directory-pro 3.2.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "advanced-classifieds-and-directory-pro 3.1.2 Missing.Authorization.to.Arbitrary.Attachment.Deletion MEDIUM" "advanced-classifieds-and-directory-pro 2.1.2 Reflected.Cross-Site.Scripting MEDIUM" "advanced-classifieds-and-directory-pro 1.8.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advanced-classifieds-and-directory-pro 1.6.3 Subscriber+.Arbitrary.Option.Update CRITICAL" "activecampaign-for-woocommerce 1.9.8 Subscriber+.Error.Log.Cleanup MEDIUM" "advertising-management No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "auto-poster No.known.fix Authenticated.(Administrator+).Arbitrary.File.Upload CRITICAL" "activecampaign-subscription-forms 8.1.17 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "activecampaign-subscription-forms 8.1.15 Authenticated.(Administrator+).Server-Side.Request.Forgery MEDIUM" "activecampaign-subscription-forms 8.1.12 Contributor+.Stored.XSS MEDIUM" "activecampaign-subscription-forms 8.0.2 Cross-Site.Request.Forgery.in.Settings HIGH" "appsero-helper No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "appsero-helper 1.3.3 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "algori-pdf-viewer 1.0.8 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "aqua-svg-sprite No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "addressbook No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "abwp-simple-counter No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "add-rss No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "alter No.known.fix Cross-Site.Request.Forgery MEDIUM" "automatic-ban-ip No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "abbs-bing-search No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "add-admin-javascript No.known.fix Unauthenticated.Full.Path.Dislcosure MEDIUM" "authorizenet-payment-gateway-for-woocommerce No.known.fix Insufficient.Verification.of.Data.Authenticity.to.Unauthenticated.Payment.Bypass MEDIUM" "all-404-redirect-to-homepage 2.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "all-404-redirect-to-homepage 1.21 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "advanced-post-block 1.13.5 Unauthenticated.Arbitrary.Post.Access MEDIUM" "attachment-file-icons No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "atlas-knowledge-base No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "atlas-knowledge-base No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advanced-video-player-with-analytics No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ajax-load-more-anything 3.3.4 Subscriber+.Settings.Update MEDIUM" "ashe-extra 1.3 Missing.Authorization MEDIUM" "ashe-extra 1.2.92 Subscriber+.Companion.Plugin.Activation.&.Content.Import MEDIUM" "advanced-image-sitemap No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ait-csv-import-export No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "aoi-tori No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "affiliate-solution No.known.fix Admin+.Stored.XSS LOW" "aco-woo-dynamic-pricing 4.5.9 Authenticated.(Shop.manager+).SQL.Injection MEDIUM" "as-english-admin No.known.fix Open.Redirection MEDIUM" "add-custom-body-class No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "adif-log-search-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ap-google-maps No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "amadiscount No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "asgaros-forum No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "asgaros-forum 3.1.0 Subscriber+.Authorization.Bypass MEDIUM" "asgaros-forum 2.9.0 Cross-Site.Request.Forgery MEDIUM" "asgaros-forum 2.8.0 Unauthenticated.PHP.Object.Injection.in.prepare_unread_status CRITICAL" "asgaros-forum 2.7.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "asgaros-forum 2.2.0 Cross-Site.Request.Forgery MEDIUM" "asgaros-forum 2.0.0 Subscriber+.Blind.SQL.Injection HIGH" "asgaros-forum 1.15.15 Admin+.SQL.Injection.via.forum_id MEDIUM" "asgaros-forum 1.15.14 Admin+.Stored.Cross-Site.Scripting LOW" "asgaros-forum 1.15.13 Unauthenticated.SQL.Injection HIGH" "availability-calendar No.known.fix Cross-Site.Request.Forgery.via.add_availability_calendar_create_admin_page() MEDIUM" "availability-calendar 1.2.1 Authenticated.SQL.Injection HIGH" "availability-calendar 1.2.2 Authenticated.Stored.Cross-Site.Scripting LOW" "acf-to-rest-api 3.3.0 Unauthenticated.Arbitrary.wp_options.Disclosure MEDIUM" "animated-al-list No.known.fix Reflected.XSS HIGH" "allow-php-in-posts-and-pages No.known.fix Authenticated.Remote.Code.Execution.(RCE) CRITICAL" "adsanity 1.8.2 Contributor.Arbitrary.File.Upload CRITICAL" "advance-search No.known.fix Admin+.SQL.Injection MEDIUM" "advance-search No.known.fix Shortcode.Deletion.via.CSRF MEDIUM" "advance-search 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "advanced-dynamic-pricing-for-woocommerce 4.9.5 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "advanced-dynamic-pricing-for-woocommerce 4.9.1 Reflected.Cross-Site.Scripting MEDIUM" "advanced-dynamic-pricing-for-woocommerce 4.1.6 Settings.Import.via.CSRF MEDIUM" "advanced-dynamic-pricing-for-woocommerce 4.1.6 Rule.Type.Migration.via.CSRF MEDIUM" "advanced-dynamic-pricing-for-woocommerce 4.1.4 Settings.Update.via.CSRF MEDIUM" "ark-core No.known.fix Unauthenticated.Remote.Code.Execution CRITICAL" "autosave-net No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "autosave-net No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "add-tabs-xforwc 1.5.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "add2fav No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "affiliate-links No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "affiliate-links 3.1.0 Missing.Authorization.to.Unauthenticated.Import/Export.and.PHP.Object.Injection HIGH" "affiliate-links 2.7 Contributor+.Stored.XSS MEDIUM" "admin-menu-post-list No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "animated-fullscreen-menu 2.2.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "akismet 3.1.5 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "add-to-cart-button-labels-for-woocommerce 2.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "add-linked-images-to-gallery-v01 No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "advanced-cron-manager 2.5.10 Missing.Authorization MEDIUM" "advanced-cron-manager 2.5.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "advanced-cron-manager 2.5.7 Admin+.Stored.XSS LOW" "advanced-cron-manager 2.4.2 Subscriber+.Arbitrary.Events/Schedules.Creation/Deletion MEDIUM" "attendance-manager No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "attendance-manager 0.5.7 CSRF.&.XSS HIGH" "ai-quiz No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "ai-quiz No.known.fix Missing.Authorization MEDIUM" "addify-custom-fields-for-woocommerce 1.0.4 Multiple.CSRF MEDIUM" "aggregator-advanced-settings No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "advanced-forms 1.9.3.3 Missing.Authorization.to.Unauthenticated.Form.Settings.Export MEDIUM" "advanced-forms 1.6.9 Subscriber+.Arbitrary.User.Email.Address.Update.via.IDOR HIGH" "auxin-portfolio 2.3.5 Contributor+.Stored.XSS MEDIUM" "auxin-portfolio 2.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'.Grid.Portfolios' MEDIUM" "auxin-portfolio 2.3.2 Unauthenticated.Local.File.Inclusion CRITICAL" "awesome-fitness-testimonials No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ai-content-pipelines No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "affiliate-power 2.3.0 Reflected.Cross-Site.Scripting HIGH" "ap-mega-menu 3.0.8 Reflected.Cross-Site.Scripting MEDIUM" "ap-mega-menu 3.0.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "ahmeti-wp-guzel-sozler No.known.fix Cross-Site.Request.Forgery MEDIUM" "all-in-one-login No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "admin-bar-dashboard-control 1.2.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "acf-onyx-poll 1.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.class.Parameter MEDIUM" "acurax-social-media-widget 3.2.6 Stored.XSS.&.CSRF HIGH" "accredible-certificates 1.5.0 Authenticated.(Administrator+).SQL.Injection.via.orderby.Parameter MEDIUM" "accredible-certificates 1.4.9 Admin+.Stored.XSS LOW" "ays-popup-box 4.9.8 Missing.Authorization.to.Unauthenticated.Limited.Options.Update MEDIUM" "ays-popup-box 4.7.8 Admin+.Stored.XSS LOW" "ays-popup-box 4.5.2 Missing.Authorization MEDIUM" "ays-popup-box 4.1.3 Cross-Site.Request.Forgery MEDIUM" "ays-popup-box 4.3.7 Missing.Authorization.to.Information.Exposure MEDIUM" "ays-popup-box 20.9.0 Admin+.Stored.XSS LOW" "ays-popup-box 7.9.0 Admin+.Stored.XSS LOW" "ays-popup-box 3.8.6 Admin+.Stored.XSS.in.Categories LOW" "ays-popup-box 3.8.6 Admin+.Stored.XSS.in.Popup.Settings LOW" "ays-popup-box 3.7.9 Admin+.Stored.XSS LOW" "ays-popup-box 3.7.2 Admin+.Stored.Cross-Site.Scripting LOW" "ays-popup-box 3.4.5 Reflected.XSS HIGH" "ays-popup-box 2.3.4 Reflected.Cross-Site.Scripting.(XSS) HIGH" "ays-popup-box 2.3.4 Authenticated.Blind.SQL.Injections HIGH" "advanced-youtube-channel-pagination No.known.fix Reflected.XSS HIGH" "attribute-stock-for-woocommerce 1.3.0 Reflected.Cross-Site.Scripting MEDIUM" "audio-text No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "adminquickbar 1.9.2 Reflected.Cross-Site.Scripting MEDIUM" "ajax-search-for-woocommerce 1.25.0b3 Reflected.Cross-Site.Scripting MEDIUM" "ajax-search-for-woocommerce 1.24.0 AJAX.Search.for.WooCommerce.<.1.24.0.-.Admin+.Stored.Cross-Site.Scripting MEDIUM" "ajax-search-for-woocommerce 1.18.0 Admin+.Stored.Cross-Site.Scripting LOW" "ajax-search-for-woocommerce 1.17.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "auto-tag-creator No.known.fix Missing.Authorization.via.tag_save_settings_callback MEDIUM" "ajax-wp-query-search-filter No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "add-link-to-facebook No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "academy 2.0.5 Missing.Authorization LOW" "academy 2.0.11 Open.Redirect MEDIUM" "academy 1.9.26 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "academy 1.9.17 Missing.Authorization MEDIUM" "academy 1.9.17 Missing.Authorization MEDIUM" "academy 1.9.20 .Authenticated.(Subscriber+).Privilege.Escalation HIGH" "auction-nudge 7.2.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ays-facebook-popup-likebox 3.7.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ays-facebook-popup-likebox 3.6.1 Reflected.Cross-Site.Scripting MEDIUM" "ays-facebook-popup-likebox 3.5.3 Page.Plugin.<.3.5.3.-.Authenticated.Blind.SQL.Injections HIGH" "ays-facebook-popup-likebox 3.5.3 Reflected.Cross-Site.Scripting.(XSS) HIGH" "add-posts-to-pages No.known.fix Contributor+.Stored.XSS MEDIUM" "an-gradebook No.known.fix Subscriber+.SQLi HIGH" "an-gradebook No.known.fix Admin+.XSS LOW" "api-info-themes-plugins-wp-org 1.05 Reflected.Cross-Site.Scripting MEDIUM" "amz-configurator-core No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "advanced-category-and-custom-taxonomy-image 1.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.ad_tax_image.Shortcode MEDIUM" "ad-widget No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "amin-chat-button 1.4.2 Stored.XSS.via.CSRF HIGH" "advanced-recent-posts No.known.fix Contributor+.Stored.XSS MEDIUM" "audio-video-download-buttons-for-youtube 1.04 Reflected.Cross-Site.Scripting MEDIUM" "ab-categories-search-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "adsense-plugin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "adsense-plugin 1.44 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "anthologize No.known.fix Cross-Site.Request.Forgery MEDIUM" "anthologize 0.8.3 Cross-Site.Request.Forgery MEDIUM" "anthologize 0.8.1 Admin+.Stored.XSS LOW" "are-you-robot-recaptcha No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "admin-site-enhancements 7.6.10 Password.Protection.Bypass MEDIUM" "admin-site-enhancements 7.6.10 Limit.Login.Attempt.Bypass.via.IP.Spoofing MEDIUM" "admin-site-enhancements 7.6.3 Subscriber+.Privilege.Escalation HIGH" "admin-site-enhancements 7.6.3 Missing.Authorization LOW" "admin-site-enhancements 7.5.2 Authenticated.Stored.Cross-Site.Scripting.via.SVG MEDIUM" "admin-site-enhancements 5.8.0 Password.Protection.Mode.Security.Feature.Bypass HIGH" "alert-box-block 1.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Alert.Box.Block MEDIUM" "alert-box-block 1.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "avectra-netforum-single-sign-on No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "avectra-netforum-single-sign-on 1.3.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "add-multiple-marker No.known.fix Unauthenticated.Settings.Update MEDIUM" "add-multiple-marker No.known.fix Settings.Update.via.CSRF MEDIUM" "ai-content-writing-assistant 1.1.7 CSRF MEDIUM" "ab-rankings-testing-tool No.known.fix Settings.Update.via.CSRF MEDIUM" "author-bio-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ads-invalid-click-protection No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "another-events-calendar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "amazonjs No.known.fix Contributor+.Stored.XSS MEDIUM" "add-admin-css 2.5 Unauthenticated.Full.Path.Dislcosure MEDIUM" "accesspress-custom-post-type 1.0.9 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "advanced-angular-contact-form No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "aa-calculator No.known.fix Reflected.Cross-Site.Scripting.via.invoice MEDIUM" "async-javascript 2.21.06.29 Authenticated.(admin+).Stored.XSS MEDIUM" "advanced-control-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "advanced-control-manager No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "az-content-finder No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "any-hostname No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "alt-monitoring No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "amr-users 4.59.4 Admin+.Stored.Cross-Site.Scripting LOW" "advanced-database-replacer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "advanced-database-replacer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "auto-advance-for-gravity-forms 4.5.4 Reflected.Cross-Site.Scripting MEDIUM" "auto-advance-for-gravity-forms 4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "admin-cleanup No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "appmysite 3.11.1 Unauthenticated.Information.Disclsoure MEDIUM" "all-in-one-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "analyticswp 2.1.5 Unauthenticated.SQL.Injection HIGH" "analyticswp No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "analyticswp No.known.fix Missing.Authorization MEDIUM" "analyticswp 2.1.0 Unauthenticated.SQL.Injection HIGH" "alo-easymail 2.9.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "activity-log-mainwp 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "activity-log-mainwp 1.7.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advanced-iframe 2025.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Host.Header MEDIUM" "advanced-iframe 2025.0 Unauthenticated.Settings.Update MEDIUM" "advanced-iframe 2025.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-iframe 2024.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-iframe 2024.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "advanced-iframe 2024.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-iframe 2024.0 Contributor+.Stored.XSS MEDIUM" "advanced-iframe 2023.9 Contributor+.Stored.XSS MEDIUM" "advanced-iframe 2022 Reflected.Cross-Site.Scripting MEDIUM" "ajax-search-lite 4.12.5 Admin+.Stored.XSS LOW" "ajax-search-lite 4.12.4 Admin+.Stored.XSS LOW" "ajax-search-lite 4.12.3 Admin+.Stored.XSS LOW" "ajax-search-lite 4.12.1 Admin+.Stored.XSS LOW" "ajax-search-lite 4.11.5 Reflected.Cross-Site.Scripting HIGH" "ajax-search-lite 4.11.1 Reflected.Cross-Site.Scripting HIGH" "ajax-search-lite 4.11.1 Subscriber+.Sensitive.Data.Disclosure MEDIUM" "adventure-bucket-list No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "azindex No.known.fix Stored.XSS.via.CSRF HIGH" "azindex No.known.fix Index.Deletion.via.CSRF MEDIUM" "apply-online 2.6.7.2 Missing.Authorization MEDIUM" "apply-online 2.6.3 Unauthenticated.Application.File.Access MEDIUM" "apply-online 2.6.3 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "apply-online 2.5.4 Missing.Authorization LOW" "apply-online 2.5.3 Reflected.XSS HIGH" "apply-online 2.5.6 Admin+.Stored.XSS LOW" "ajax-filter-posts No.known.fix Missing.Authorization MEDIUM" "ajax-filter-posts 3.4.13 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "ajax-filter-posts No.known.fix Missing.Authorization.to.Unauthenticated.Local.PHP.File.Inclusion CRITICAL" "ajax-filter-posts 3.4.11 Reflected.Cross-Site.Scripting MEDIUM" "ajax-filter-posts 3.4.12 Contributor+.Stored.XSS MEDIUM" "ajax-filter-posts 3.4.8 Missing.Authorization MEDIUM" "auxin-shop No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "add-to-calendar-button 1.5.1 Contributor+.Stored.XSS MEDIUM" "auto-refresh-single-page No.known.fix .Authenticated.(Contributor+).PHP.Object.Injection HIGH" "allpost-contactform No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "adsensei-b30 No.known.fix Reflected.Cross-Site.Scripting HIGH" "adsensei-b30 3.1.3 Reflected.Cross-Site.Scripting HIGH" "about-author 1.6.3 Reflected.Cross-Site.Scripting MEDIUM" "artplacer-widget 2.21.2 Stored.XSS.via.CSRF HIGH" "artplacer-widget 2.21.2 Subscriber+.Arbitrary.Widget.Deletion MEDIUM" "artplacer-widget 2.20.7 Editor+.SQLi MEDIUM" "affiliate-coupons 1.7.4 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "admin-menu-manager No.known.fix Cross-Site.Request.Forgery MEDIUM" "affiliates-manager 2.9.35 Cross-Site.Request.Forgery MEDIUM" "affiliates-manager 2.9.31 Sensitive.Information.Exposure.via.Log.File MEDIUM" "affiliates-manager 2.9.32 Cross-Site.Request.Forgery.via.multiple.AJAX.actions MEDIUM" "affiliates-manager 2.9.21 Cross-Site.Request.Forgery MEDIUM" "affiliates-manager 2.9.14 Arbitrary.Affiliates.&.Creatives.Deletion.via.CSRF MEDIUM" "affiliates-manager 2.9.14 Affiliate.CSV.Injection MEDIUM" "affiliates-manager 2.9.14 Reflected.Cross-Site.Scripting MEDIUM" "affiliates-manager 2.9.14 Admin+.Stored.Cross-Site.Scripting LOW" "affiliates-manager 2.9.0 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "affiliates-manager 2.8.7 Admin+.SQL.injection MEDIUM" "affiliates-manager 2.7.8 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "affiliates-manager 2.6.6 CRSF.Issues MEDIUM" "accessibility-task-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "advanced-database-cleaner-pro 3.2.11 Authenticated.(Subscriber+).Limited.Path.Traversal MEDIUM" "amazon-product-price No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "ai-content 1.0.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "alt-report No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "add-fields-to-checkout-page-woocommerce 1.3.2 Missing.Authorization MEDIUM" "add-fields-to-checkout-page-woocommerce 1.3.1 Cross-Site.Request.Forgery MEDIUM" "add-fields-to-checkout-page-woocommerce 1.3.2 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "add-fields-to-checkout-page-woocommerce 1.3.0 Reflected.Cross-Site.Scripting MEDIUM" "add-fields-to-checkout-page-woocommerce 1.2.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "article-directory No.known.fix Admin+.Stored.XSS LOW" "april-framework No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "april-framework No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "april-framework No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Updates MEDIUM" "ad-buttons 2.3.2 CSRF.&.XSS MEDIUM" "add-any-extension-to-pages 1.5 Cross-Site.Request.Forgery.via.aaetp_options_page MEDIUM" "auto-delete-posts No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "add-custom-page-template No.known.fix Authenticated.(Administrator+).PHP.Code.Injection.to.Remote.Code.Execution HIGH" "axeptio-sdk-integration 2.5.5 Unauthenticated.Local.File.Inclusion CRITICAL" "advanced-visual-elements 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "addify-custom-order-number 1.2.0 Multiple.CSRF MEDIUM" "alley-elementor-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-admin-search 1.1.6 Reflected.Cross-Site.Scripting MEDIUM" "access-category-password No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "auto-post-after-image-upload No.known.fix Missing.Authorization MEDIUM" "addify-abandoned-cart-recovery 1.2.5 Multiple.CSRF MEDIUM" "adl-team No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "a1post-bg-shipping-for-woocommerce 1.5.1 Privilege.Escalation.via.CSRF HIGH" "adfoxly No.known.fix Missing.Authorization.to.Unauthenticated.Ad.Status.Update MEDIUM" "adfoxly No.known.fix Missing.Authorization.to.Unauthenticated.Ad.Status.Update MEDIUM" "adfoxly No.known.fix Cross-Site.Request.Forgery MEDIUM" "adfoxly No.known.fix Reflected.XSS HIGH" "adfoxly 1.7.91 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "apppresser 4.4.11 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "apppresser 4.4.7 Unauthenticated.Privilege.Escalation.via.Password.Reset CRITICAL" "apppresser 4.4.5 Privilege.Escalation.and.Account.Takeover.via.Weak.OTP HIGH" "apppresser 4.4.0 Improper.Missing.Encryption.Exception.Handling.to.Authentication.Bypass HIGH" "apppresser 4.3.1 Missing.Authorization MEDIUM" "apppresser 4.3.1 Cross-Site.Request.Forgery.via.force_logging_off() MEDIUM" "apppresser 4.3.1 Cross-Site.Request.Forgery.via.toggle_logging_callback() MEDIUM" "apppresser 4.3.0 Insecure.Password.Reset.Mechanism HIGH" "awesome-logos No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "awesome-logos No.known.fix Cross-Site.Request.Forgery.to.SQL.Injection MEDIUM" "ableplayer 1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.preload.Parameter MEDIUM" "ableplayer 1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "adirectory 2.3.5 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Deletion MEDIUM" "adirectory 1.9 Unauthenticated.PHP.Object.Injection HIGH" "adirectory 1.3.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "auto-scroll-for-reading No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ai-mortgage-calculator No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "animated-headline No.known.fix Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "apperr 0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "affieasy 1.1.7 Cross-Site.Request.Forgery.to.Various.Actions MEDIUM" "affieasy 1.1.6 Cross-Site.Request.Forgery MEDIUM" "affieasy 1.1.4 Reflected.Cross-Site.Scripting MEDIUM" "affieasy 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "auto-listings 2.6.6 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "appbanners No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "astra-pro-sites 3.2.5 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "astra-pro-sites 3.2.6 Incorrect.Authorization MEDIUM" "advanced-quiz 1.0.3 Admin+.Stored.XSS LOW" "advanced-quiz No.known.fix Admin+.Stored.XSS.in.Quiz.Overview LOW" "advanced-wp-table No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "advanced-wp-table 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "all-in-one-facebook-like-widget 2.2.8 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "ahmeti-wp-timeline No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "autolinks No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "adblock-notify-by-bweb No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "adblock-notify-by-bweb No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "adblock-notify-by-bweb No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "apa-register-newsletter-form No.known.fix Cross-Site.Request.Forgery.to.SQL.Injection HIGH" "access-demo-importer 1.0.8 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "access-demo-importer 1.0.8 Data.Reset.via.CSRF HIGH" "access-demo-importer 1.0.7 Subscriber+.Arbitrary.File.Upload HIGH" "awin-data-feed 1.8 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "awin-data-feed 1.8 Reflected.Cross-Site.Scripting MEDIUM" "albumreviewer No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "awesome-logo-carousel-block 2.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sliderId.Parameter MEDIUM" "admin-menu-restriction No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "animate No.known.fix Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "addonskit-for-elementor 1.1.7 Contributor+.Stored.XSS MEDIUM" "amazing-service-box-visual-composer-addons No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "autoptimize 3.1.7 Admin+.Stored.Cross-Site.Scripting.via.Settings.Import LOW" "autoptimize 3.1.0 Sensitive.Data.Disclosure MEDIUM" "autoptimize 3.1.1 Admin+.Stored.Cross.Site.Scripting LOW" "autoptimize 2.8.4 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "autoptimize 2.7.8 Arbitrary.File.Upload.via."Import.Settings" CRITICAL" "autoptimize 2.7.8 Authenticated.Stored.XSS.via.File.Upload MEDIUM" "autoptimize 2.7.8 Race.Condition.leading.to.RCE CRITICAL" "autoptimize 2.7.7 Authenticated.Arbitrary.File.Upload MEDIUM" "aceide No.known.fix Authenticated.(admin+).Arbitrary.File.Access MEDIUM" "affiliatebooster-blocks 3.0.6 Blocks.Enabling/Disabling.via.CSRF MEDIUM" "arrow-twitter-feed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "affiliate-for-woocommerce 4.8.0 Subscriber+.Paypal.Email.Update.via.IDOR MEDIUM" "affiliate-for-woocommerce 4.8.0 Subscriber+.Unauthorised.Actions MEDIUM" "amr-shortcodes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "aumenu No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "awsa-shipping No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "amp-extensions No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "advanced-woo-search 3.29 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.aws_search_terms.Shortcode MEDIUM" "advanced-woo-search 2.97 Reflected.Cross-Site.Scripting MEDIUM" "advanced-woo-search 2.78 Admin+.Stored.Cross-Site.Scripting MEDIUM" "advanced-woo-search 2.00 SQL.query.leak.in.ajax.search NONE" "advanced-wp-reset 1.6 Reflected.Cross-Site.Scripting MEDIUM" "ai-seo-translator 1.6.3 Cross-Site.Request.Forgery.via.update_integration_option MEDIUM" "allada-tshirt-designer-for-woocommerce No.known.fix Missing.Authorization MEDIUM" "advanced-search-by-my-solr-server No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ajax-live-search No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ajax-live-search No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "awin-advertiser-tracking 2.0.1 Product.Feed.Generation.via.CSRF MEDIUM" "adminpad 2.2 Note.Update.via.CSRF MEDIUM" "advanced-post-list No.known.fix Cross-Site.Request.Forgery MEDIUM" "advanced-post-list No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "amen No.known.fix Admin+.Stored.XSS LOW" "aa-audio-player No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "all-users-messenger No.known.fix Subscriber+.Message.Deletion.via.IDOR MEDIUM" "accordion-image-menu No.known.fix Stored.XSS.via.CSRF HIGH" "author-slug No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ays-chatgpt-assistant 2.1.0 Unauthenticated.AJAX.Calls MEDIUM" "ays-chatgpt-assistant 2.1.0 Unauthenticated.OpenAI.Key.Disclosure HIGH" "alphaomega-captcha-anti-spam No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "admin-page-framework 3.9.0 Folders.Disclosure.via.Outdated.jQueryFileTree.Library MEDIUM" "aio-time-clock-lite 1.3.326 Cross-Site.Request.Forgery MEDIUM" "aio-time-clock-lite 1.3.321 Admin+.Stored.XSS LOW" "acf-link-picker-field No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "advanced-woo-labels 2.16 Contributor+.Stored.XSS MEDIUM" "advanced-woo-labels 2.02 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-woo-labels 1.94 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-flamingo No.known.fix Cross-Site.Request.Forgery MEDIUM" "add-custom-google-tag-manager No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ars-affiliate-page 2.0.4 Reflected.Cross-Site.Scripting MEDIUM" "adthrive-ads 3.7.4 Reflected.Cross-Site.Scripting HIGH" "adthrive-ads 3.7.1 Reflected.Cross-Site.Scripting MEDIUM" "adthrive-ads 3.7.1 Missing.Authorization.to.Unauthenticated.Data/Settings.Reset MEDIUM" "all-in-one-favicon 4.7 Multiple.Stored.Authenticated.XSS MEDIUM" "alert-me No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "animated-svg 2.1.0 Reflected.Cross-Site.Scripting MEDIUM" "adrotate 5.13.3 Admin+.Double.Extension.Arbitrary.File.Upload MEDIUM" "adrotate 5.9.1 Password.Change.via.CSRF MEDIUM" "adrotate 5.8.23 Admin+.XSS.via.Group.Name LOW" "adrotate 5.8.23 Admin+.XSS.via.Advert.Name LOW" "adrotate 5.8.22 Admin+.SQL.Injection MEDIUM" "adrotate 5.8.4 Authenticated.SQL.Injection MEDIUM" "adrotate 5.3 Authenticated.SQL.Injection HIGH" "addons-for-visual-composer 3.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addons-for-visual-composer 3.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "addons-for-visual-composer 3.8.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "addons-for-visual-composer 3.6 Contributor+.Stored.XSS MEDIUM" "addons-for-visual-composer 3.3 Reflected.Cross-Site.Scripting MEDIUM" "addons-for-visual-composer 2.9.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "administrator-z 2025.03.30 Authenticated.(Admin+).Directory.Traversal LOW" "administrator-z No.known.fix Contributor+.Stored.XSS MEDIUM" "administrator-z No.known.fix Cross-Site.Request.Forgery MEDIUM" "administrator-z 2025.03.27 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "administrator-z 2024.10.21 Subscriber+.SQL.Injection HIGH" "ampedsense-adsense-split-tester 4.69 Reflected.XSS HIGH" "allow-php-execute No.known.fix Authenticated.(Editor+).PHP.Code.Injection HIGH" "author-box-with-different-description No.known.fix Cross-Site.Request.Forgery MEDIUM" "armember-membership 4.0.52 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "armember-membership 4.0.38 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "armember-membership 4.0.31 Open.Redirect MEDIUM" "armember-membership 4.0.29 Missing.Authorization MEDIUM" "armember-membership 4.0.28 Directory.Traversal.via.X-FILENAME MEDIUM" "armember-membership 4.0.27 Unauthenticated.PHP.Object.Injection CRITICAL" "armember-membership 4.0.27 Authenticated.(Contributor+).PHP.Object.Injection CRITICAL" "armember-membership 4.0.24 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "armember-membership 4.0.25 Improper.Access.Control.to.Sensitive.Information.Exposure.via.REST.API MEDIUM" "armember-membership 4.0.23 Cross-Site.Request.Forgery MEDIUM" "armember-membership 4.0.11 Subscriber+.Privilege.Escalation HIGH" "armember-membership 4.0.5 Admin+.Stored.Cross-Site.Scripting LOW" "armember-membership 4.0.17 Membership.<.4.0.17.-.Admin+.Stored.XSS MEDIUM" "armember-membership 4.0.6 ARMember.Cross-Site.Request.Forgery MEDIUM" "armember-membership 4.0.3 Admin+.Stored.XSS LOW" "armember-membership 4.0.2 Reflected.XSS HIGH" "armember-membership 4.0 Unauthenticated.SQLi HIGH" "armember-membership 3.4.8 Unauthenticated.Admin.Account.Takeover CRITICAL" "ap-pricing-tables-lite No.known.fix Admin+.SQLi MEDIUM" "ap-pricing-tables-lite 1.1.5 Reflected.Cross-Site.Scripting MEDIUM" "ap-pricing-tables-lite 1.1.3 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "arprice No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "arprice 4.2 Unauthenticated.SQL.Injection HIGH" "arprice 4.2 Subscriber+.SQLi HIGH" "arprice 4.2 Reflected.Cross-Site.Scripting HIGH" "arprice 4.2 Unauthenticated.PHP.Object.Injection HIGH" "arprice 4.2 Subscriber+.PHP.Object.Injection HIGH" "animate-everything No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "animate-everything No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "animate-everything No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "addthis 5.0.13 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "advanced-advertising-system No.known.fix Open.Redirect MEDIUM" "advanced-advertising-system No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "asmember No.known.fix Admin+.Stored.XSS LOW" "advanced-tag-list No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "affiliateimportereb No.known.fix Reflected.XSS.via.Search HIGH" "affiliateimportereb No.known.fix Reflected.XSS HIGH" "all-bootstrap-blocks 1.3.27 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "all-bootstrap-blocks 1.3.20 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "all-bootstrap-blocks 1.3.20 Contributor+.Stored.XSS MEDIUM" "all-bootstrap-blocks 1.3.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "all-bootstrap-blocks 1.3.7 Cross-Site.Request.Forgery MEDIUM" "aajoda-testimonials No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "aajoda-testimonials 2.2.2 Admin+.Stored.XSS LOW" "adbuddy-adblocker-detection No.known.fix Admin+.Stored.XSS LOW" "app-builder 5.3.8 Privilege.Escalation.and.Account.Takeover.via.Weak.OTP HIGH" "app-builder 4.3.4 Unauthenticated.Limited.SQL.Injection.via.app-builder-search MEDIUM" "app-builder 3.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode HIGH" "app-builder 3.8.8 Open.Redirection MEDIUM" "apus-framework No.known.fix Authenticated.(Subscriber+).Arbitrary.Options.Update.in.import_page_options HIGH" "admin-renamer-extended No.known.fix CSRF MEDIUM" "acf-city-selector No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "acf-city-selector 1.15.0 Authenticated.(Admin+).Arbitrary.File.Upload HIGH" "ablocks 1.9.3 Contributor+.Stored.XSS MEDIUM" "ablocks 1.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "alttext-ai 1.9.94 Missing.Authorization MEDIUM" "alttext-ai 1.5.0 Authenticated.(Subscriber+).SQL.Injection HIGH" "alttext-ai 1.3.5 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ach-for-stripe-plaid No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "automate-hub-free-by-sperse-io No.known.fix Cross-Site.Request.Forgery.to.Activation.Status.Update MEDIUM" "automate-hub-free-by-sperse-io No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "advanced-free-flat-shipping-woocommerce 1.6.4.6 Cross-Site.Request.Forgery MEDIUM" "aeropage-sync-for-airtable 3.3.0 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "aeropage-sync-for-airtable 3.3.0 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Deletion MEDIUM" "accesspress-facebook-auto-post 2.1.4 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "amilia-store No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "animated-buttons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "alma-gateway-for-woocommerce 5.2.1 Contributor+.Stored.XSS MEDIUM" "author-discussion No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "amr-ical-events-list No.known.fix Admin+.Stored.XSS LOW" "angwp 1.5.6 Unauthenticated.Arbitrary.File.Upload/Deletion CRITICAL" "advanced-fancybox No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "admin-user-search No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "advanced-category-template No.known.fix Cross-Site.Request.Forgery MEDIUM" "advanced-category-template No.known.fix Reflected.XSS HIGH" "allow-svg 1.2.0 Author+.Stored.XSS.via.SVG MEDIUM" "admission-appmanager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ays-slider 2.5.0 Reflected.Cross-Site.Scripting.(XSS) HIGH" "ays-slider 2.5.0 Responsive.Slider.and.Carousel.<.2.5.0.-.Authenticated.Blind.SQL.Injection HIGH" "active-user No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ayyash-studio No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "acf-options-importexport No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "amazon-showcase-wordpress-widget No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "admin-log No.known.fix CSRF MEDIUM" "appreview No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ai-content-creator No.known.fix Cross-Site.Request.Forgery MEDIUM" "agile-video-player No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "accessibility-widget 2.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "auto-seo 2.6.6 Stored.XSS.via.CSRF HIGH" "alley-business-toolkit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "alley-business-toolkit 2.0.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "auto-location-for-wp-job-manager 1.1 Admin+.Cross.Site.Scripting LOW" "advanced-data-table-for-elementor 1.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "affiliate-tools-viet-nam No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "advanced-booking-calendar No.known.fix Unauthenticated.SQLi HIGH" "advanced-booking-calendar No.known.fix CSRF MEDIUM" "advanced-booking-calendar 1.7.1 Reflected.Cross-Site.Scripting MEDIUM" "advanced-booking-calendar 1.7.1 Admin+.SQLi MEDIUM" "advanced-booking-calendar 1.7.0 Unauthenticated.SQL.Injection HIGH" "advanced-booking-calendar 1.6.8 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "advanced-booking-calendar 1.6.7 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "advanced-booking-calendar 1.6.2 Unauthenticated.SQL.Injection CRITICAL" "address-email-and-phone-validation No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "accessibe 2.6 Reflected.Cross-Site.Scripting MEDIUM" "accordions 2.3.12 Contributor+.PHP.Object.Injection MEDIUM" "accordions 2.2.100 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "accordions 2.2.97 Missing.Authorization.to.Authenticated(Contributor+).Post.Duplication MEDIUM" "accordions 2.2.30 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "accordions 2.2.9 Unprotected.AJAX.Action.to.Stored/Reflected.XSS MEDIUM" "adverts-click-tracker No.known.fix Missing.Authorization MEDIUM" "astra-bulk-edit 1.2.8 Missing.Authorization MEDIUM" "advanced-most-recent-posts-mod No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "age-gate 3.6.0 Missing.Authorization MEDIUM" "age-gate 3.5.4 Unauthenticated.Local.PHP.File.Inclusion.via.'lang' CRITICAL" "age-gate 2.17.1 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "age-gate 2.20.4 Reflected.Cross-Site.Scripting MEDIUM" "age-gate 2.17.1 Unauthenticated.Import.Settings CRITICAL" "age-gate 2.16.4 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "age-gate 2.13.5 Unauthenticated.Open.Redirect LOW" "all-in-one-performance-accelerator No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "all-in-one-performance-accelerator No.known.fix Missing.Authorization MEDIUM" "affiliates-manager-google-recaptcha-integration 1.0.7 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "amberlink No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "aawp 3.12.3 Unsafe.URL.Handling MEDIUM" "aawp 3.17.1 Reflected.Cross-Site.Scripting MEDIUM" "anti-plagiarism No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "archives-calendar-widget No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "add-categories-post-footer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "advanced-reorder-image-text-slider No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "advanced-event-manager No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ad-injection No.known.fix Admin+.Stored.Cross-Site.Scripting.&.RCE HIGH" "automatic-post-categories No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "automatic-post-categories No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "admin-block-country No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "agp-font-awesome-collection No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "agp-font-awesome-collection No.known.fix Reflected.XSS HIGH" "audio-comments No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "attributes-for-blocks 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.attributesForBlocks.Parameter MEDIUM" "addfunc-mobile-detect No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "auto-post-woocommerce-products No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advanced-testimonial-carousel-for-elementor 3.0.1 Missing.Authorization MEDIUM" "article-analytics No.known.fix Unauthenticated.SQL.injection HIGH" "ajax-extend No.known.fix Unauthenticated.Remote.Code.Execution CRITICAL" "anspress-question-answer 4.3.2 Editor+.Stored.XSS MEDIUM" "aec-kiosque 1.9.4 Reflected.Cross-Site.Scripting MEDIUM" "agenteasy-properties No.known.fix Admin+.Stored.XSS LOW" "accept-sagepay-payments-using-contact-form-7 2.1 Unauthenticated.Information.Exposure MEDIUM" "admin-post-navigation No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "anywhere-elementor 1.2.12 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "anywhere-elementor 1.2.8 Reflected.Cross-Site.Scripting MEDIUM" "anywhere-elementor 1.2.8 Freemius.API.Key.Disclosure MEDIUM" "anywhere-elementor 1.2.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "all-in-one-wp-security-and-firewall 5.2.7 Cross-Site.Request.Forgery.to.IP.Blocking MEDIUM" "all-in-one-wp-security-and-firewall 5.2.6 Reflected.Cross-Site.Scripting MEDIUM" "all-in-one-wp-security-and-firewall 5.2.5 Protection.Bypass.of.Renamed.Login.Page.via.URL.Encoding MEDIUM" "all-in-one-wp-security-and-firewall 5.2.0 Insecure.Storage.of.Password MEDIUM" "all-in-one-wp-security-and-firewall 5.1.5 Admin+.Arbitrary.File/Folder.Access.via.Traversal MEDIUM" "all-in-one-wp-security-and-firewall 5.1.5 Admin+.Stored.XSS LOW" "all-in-one-wp-security-and-firewall 5.1.3 Configuration.Leak MEDIUM" "all-in-one-wp-security-and-firewall 5.1.1 Bulk.Actions.via.CSRF MEDIUM" "all-in-one-wp-security-and-firewall 5.0.8 IP.Spoofing MEDIUM" "all-in-one-wp-security-and-firewall 4.4.11 Authenticated.Arbitrary.Redirect./.Reflected.XSS LOW" "all-in-one-wp-security-and-firewall 4.4.6 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "all-in-one-wp-security-and-firewall 4.4.4 CSRF.&.XSS LOW" "all-in-one-wp-security-and-firewall 4.4.2 Open.Redirect.&.Hidden.Login.Page.Exposure MEDIUM" "all-in-one-wp-security-and-firewall 4.2.2 Cross-Site.Scripting.(XSS) CRITICAL" "all-in-one-wp-security-and-firewall 4.2.0 Authenticated.Cross-Site.Scripting.(XSS) CRITICAL" "all-in-one-wp-security-and-firewall 4.1.3 Multiple.vulnerabilities.in.login.CAPTCHA MEDIUM" "all-in-one-wp-security-and-firewall 4.0.9 Multiple.SQL.Injections MEDIUM" "all-in-one-wp-security-and-firewall 4.0.7 Multiple.SQL.Injections MEDIUM" "all-in-one-wp-security-and-firewall 4.0.6 XSS MEDIUM" "all-in-one-wp-security-and-firewall 4.0.5 XSS CRITICAL" "acnoo-flutter-api No.known.fix Authentication.Bypass CRITICAL" "accordion-title-for-elementor 1.2.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "azz-anonim-posting No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "animated-typed-js-shortcode 2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "add-from-server No.known.fix Authenticated.Path.Traversal.to.Arbitrary.File.Access HIGH" "add-from-server 3.3.2 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "advanced-backgrounds No.known.fix Contributor+.Content.Injection LOW" "advanced-backgrounds 1.12.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.imageTag.Parameter MEDIUM" "avchat-3 No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "azan No.known.fix Stored.XSS.via.CSRF HIGH" "ai-post-generator No.known.fix Missing.Authorization.to.Authenticated.(Contributor+).Post/Page.Deletion MEDIUM" "ai-post-generator 3.4 Subscriber+.Posts.Read/Creation/Deletion MEDIUM" "appointy-appointment-scheduler No.known.fix Cross-Site.Request.Forgery.to.Settings.Change MEDIUM" "allaccessible 1.3.5 Subscriber+.Privilege.Escalation HIGH" "allaccessible 1.3.5 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Option.Update HIGH" "agile-store-locator 1.5.3 Authenticated.(Admin+).Arbitrary.File.Upload HIGH" "agile-store-locator 1.5.2 Authenticated.(Administrator+).SQL.Injection MEDIUM" "agile-store-locator 1.4.15 Admin+.Arbitrary.File.Deletion MEDIUM" "agile-store-locator 1.4.13 Reflected.XSS HIGH" "agile-store-locator 1.4.10 Editor+.Stored.XSS LOW" "agile-store-locator 1.4.9 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "agile-store-locator 1.4.6 Stored.XSS.via.CSRF MEDIUM" "audio-comparison-lite 3.5 Contributor+.Stored.XSS MEDIUM" "any-popup No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "any-popup No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "auto-youtube-importer 1.0.4 Settings.Update.via.CSRF MEDIUM" "ai-image-generator 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "awesome-hooks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "atarapay-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "astra-sites 4.4.10 Cross-Site.Request.Forgery MEDIUM" "astra-sites 4.4.1 Author+.Stored.XSS MEDIUM" "astra-sites 4.2.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "astra-sites 4.1.7 Contributor+.Server-Side.Request.Forgery MEDIUM" "astra-sites 3.2.5 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "astra-sites 3.2.6 Incorrect.Authorization MEDIUM" "astra-sites 3.1.21 Settings.Update.via.CSRF MEDIUM" "astra-sites 2.7.1 Contributor+.Block.Import.to.Stored.XSS HIGH" "asgard No.known.fix Reflected.XSS HIGH" "accessibility-help-button 1.1 Admin+.Stored.Cross.Site.Scripting LOW" "accessibility-help-button 1.1 Admin+.Stored.XSS LOW" "accessibility-help-button 1.2 Admin+.Stored.XSS LOW" "aicomments 1.4.2 Cross-Site.Request.Forgery MEDIUM" "auyautochat-for-wp No.known.fix Unauthenticated.Stored.XSS HIGH" "auto-robot 3.3.39 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "admin-quick-panel No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "admin-quick-panel 1.2.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "api-bearer-auth 20190908 Unauthenticated.Reflected.XSS MEDIUM" "advanced-floating-content-lite 1.2.6 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-floating-content-lite 1.2.2 Contributor+.XSS MEDIUM" "auto-post-thumbnail 4.1.3 Missing.Authorization MEDIUM" "auto-post-thumbnail No.known.fix Authenticated.(Author+).Server-Side.Request.Forgery MEDIUM" "auto-post-thumbnail 4.1.4 Author+.SSRF MEDIUM" "auto-post-thumbnail 3.9.16 Author+.Arbitrary.File.Upload CRITICAL" "auto-post-thumbnail 3.9.3 Reflected.Cross-Site.Scripting HIGH" "ajax-random-post No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "alemha-watermark No.known.fix Author+.Stored.XSS MEDIUM" "acymailing 9.11.1 Reflected.Cross-Site.Scripting MEDIUM" "acymailing 9.8.0 Authenticated.(Subscriber+).Arbitrary.File.Upload.via.acym_extractArchive.Function HIGH" "acymailing 8.6.3 Reflected.XSS HIGH" "acymailing 7.5.0 Open.Redirect MEDIUM" "accesspress-instagram-feed 4.0.4 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "awesome-ssl No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "awesome-ssl No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "add-whatsapp-button 2.1.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "acf-frontend-form-element 3.25.18 Reflected.Cross-Site.Scripting MEDIUM" "acf-frontend-form-element 3.25.2 Unauthenticated.SQL.Injection MEDIUM" "acf-frontend-form-element 3.25.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "acf-frontend-form-element 3.25.1 Unauthenticated.Privilege.Escalation HIGH" "acf-frontend-form-element 3.19.5 Improper.Missing.Encryption.Exception.Handling.to.Form.Manipulation CRITICAL" "acf-frontend-form-element 3.18.4 Unauthenticated.Arbitrary.File.Upload CRITICAL" "acf-frontend-form-element 3.8.0 Reflected.Cross-Site.Scripting MEDIUM" "acf-frontend-form-element 3.3.33 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "amp-plus No.known.fix Reflected.Cross.Site.Scripting HIGH" "autocomplete-address-and-location-picker-for-woocommerce 1.1.7 Reflected.Cross-Site.Scripting MEDIUM" "autocomplete-address-and-location-picker-for-woocommerce 1.0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "awesome-tool-tip No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advance-wp-query-search-filter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ari-stream-quiz 1.3.1 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "ari-stream-quiz 1.3.0 Cross-Site.Request.Forgery MEDIUM" "ari-stream-quiz 1.3.0 Cross-Site.Request.Forgery MEDIUM" "ari-stream-quiz 1.3.0 Contributor+.Stored.XSS MEDIUM" "ari-stream-quiz 1.3.3 Contributor+.Content.Injection LOW" "audio-player-with-playlist-ultimate 1.3 Contributor+.Stored.XSS MEDIUM" "ask-me-anything-anonymously No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ameliabooking 1.2.20 Unauthenticated.Full.Path.Disclosure MEDIUM" "ameliabooking 1.2.17 Unauthenticated.Insecure.Direct.Object.Reference MEDIUM" "ameliabooking 1.2.5 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "ameliabooking No.known.fix Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "ameliabooking 1.2.1 Unauthenticated.Full.Path.Disclosure MEDIUM" "ameliabooking 1.1.6 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "ameliabooking 1.0.96 Cross-Site.Request.Forgery MEDIUM" "ameliabooking 1.0.99 Reflected.Cross-Site.Scripting MEDIUM" "ameliabooking 1.0.94 Contributor+.Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "ameliabooking 1.0.99 Missing.Authorization MEDIUM" "ameliabooking 1.0.86 Contributor+.Stored.XSS MEDIUM" "ameliabooking 1.0.76 Reflected.XSS HIGH" "ameliabooking 1.0.49 Customer+.Arbitrary.Appointments.Status.Update MEDIUM" "ameliabooking 1.0.48 Customer+.SMS.Service.Abuse.and.Sensitive.Data.Disclosure MEDIUM" "ameliabooking 1.0.47 Unauthenticated.Stored.XSS.via.lastName HIGH" "ameliabooking 1.0.47 Customer+.Arbitrary.Appointments.Update.and.Sensitive.Data.Disclosure HIGH" "ameliabooking 1.0.46 Manager+.RCE MEDIUM" "ameliabooking 1.0.46 Reflected.Cross-Site.Scripting MEDIUM" "ameliabooking 1.0.46 Arbitrary.Customer.Deletion.via.CSRF MEDIUM" "admail No.known.fix Missing.Authorization MEDIUM" "autocompleter No.known.fix Cross-Site.Request.Forgery MEDIUM" "apex-notification-bar-lite 2.0.5 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "all-in-one-wp-migration-dropbox-extension 3.76 Unauthenticated.Access.Token.Update MEDIUM" "automatic-user-roles-switcher 1.1.2 Subscriber+.Privilege.Escalation HIGH" "appexperts 1.4.5 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "appexperts 1.4.5 Reflected.Cross-Site.Scripting MEDIUM" "appexperts 1.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advanced-ads 1.52.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Ad.Widget MEDIUM" "advanced-ads 1.52.2 Authenticated.(Admin+).PHP.Object.Injection HIGH" "advanced-ads 1.32.0 Admin+.Stored.XSS MEDIUM" "advanced-ads 1.17.4 Reflected.XSS.via.Admin.Dashboard MEDIUM" "ahathat No.known.fix Cross-Site.Request.Forgery.to.AHA.Page.Deletion MEDIUM" "ahathat No.known.fix Authenticated.(Administrator+).SQL.Injection.via.id.Parameter MEDIUM" "ahathat No.known.fix Reflected.XSS.via.REQUEST_URI MEDIUM" "ahathat No.known.fix Admin+.SQL.Injection MEDIUM" "awesome-studio No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "advanced-schedule-posts No.known.fix Reflected.XSS HIGH" "accessibility-checker 1.2.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "add-search-to-menu 5.5.10 Admin+.Stored.XSS LOW" "add-search-to-menu 5.5.7 Information.Exposure.via.AJAX.Search.Form MEDIUM" "add-search-to-menu 5.5.6 Subscriber+.Index.Creation MEDIUM" "add-search-to-menu 5.5.2 Reflected.Cross-Site.Scripting MEDIUM" "add-search-to-menu 5.4.7 Reflected.Cross-Site.Scripting MEDIUM" "add-search-to-menu 5.4.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "add-search-to-menu 5.4.1 Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "add-search-to-menu 4.8 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "add-search-to-menu 4.7 Reflected.Cross-Site.Scripting HIGH" "add-search-to-menu 4.6.1 Reflected.Cross.Site.Scripting.(XSS) MEDIUM" "add-search-to-menu 4.5.11 .Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "amocrm-webform No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "aweos-wp-lock 1.4.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "affiliate-pro No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "advanced-css3-related-posts-widget No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "aeroscroll-gallery No.known.fix Unauthenticated.Directory.Traversal MEDIUM" "all-in-one-cufon No.known.fix Cross-Site.Request.Forgery MEDIUM" "ari-cf7-connector 1.2.3 Cross-Site.Request.Forgery MEDIUM" "ari-cf7-connector 1.2.3 Reflected.XSS HIGH" "add-svg-support-for-media-uploader-inventivo No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "admin-site-enhancements-pro 7.6.3 Subscriber+.Privilege.Escalation HIGH" "admin-site-enhancements-pro 7.6.3 Missing.Authorization MEDIUM" "autotitle-for-wordpress No.known.fix Settings.Update.to.Stored.XSS.via.CSRF HIGH" "appizy-app-embed 2.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "appmaker-woocommerce-mobile-app-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ahime-image-printer No.known.fix Unauthenticated.Arbitrary.File.Download CRITICAL" "advanced-text-widget No.known.fix Admin+.Stored.XSS LOW" "af-tell-a-friend No.known.fix .Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "auto-attachments No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "alink-tap No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "agecheckernet No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "apply-with-linkedin-buttons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "apply-with-linkedin-buttons No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "advanced-blog-post-block No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "additional-product-fields-for-woocommerce 1.2.134 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "additional-product-fields-for-woocommerce 1.2.105 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "ajax-awesome-css No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "aio-contact No.known.fix Missing.Authorization MEDIUM" "aio-contact No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "avartan-slider-lite No.known.fix Reflected.XSS HIGH" "addify-product-stock-manager 1.0.5 Subscriber+.Unauthorised.AJAX.Calls HIGH" "article2pdf No.known.fix Multiple.Vulnerabilities CRITICAL" "advanced-notifications 1.2.8 Missing.Authorization MEDIUM" "ald-login-page 1.3 .Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "advanced-online-ordering-and-delivery-platform No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "admin-page-spider 3.32 Admin+.Stored.XSS LOW" "anyguide No.known.fix Cross-Site.Request.Forgery MEDIUM" "add-to-all 2.2.0 Contributor+.Stored.XSS MEDIUM" "article-directory-redux No.known.fix Admin+.Stored.XSS LOW" "absolute-links No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "admin-sms-alert No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross.Site.Scripting MEDIUM" "amr-shortcode-any-widget No.known.fix Contributor+.Stored.XSS MEDIUM" "aramex-shipping-woocommerce No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "athemes-starter-sites 1.0.54 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "add-instagram No.known.fix Admin+.Stored.XSS LOW" "ai-assistant-by-10web 1.0.19 Missing.Authorization.to.Arbitrary.Plugin.Installation MEDIUM" "amazon-associate-filter No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "advanced-custom-fields-pro 6.3.9 Admin+.Remote.Code.Execution MEDIUM" "advanced-custom-fields-pro 6.3.9 Admin+.Stored.XSS LOW" "advanced-custom-fields-pro 6.3.6 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "advanced-custom-fields-pro 6.3 Contributor+.Custom.Field.Access LOW" "advanced-custom-fields-pro 6.2.10 Authenticated.(Contributor+).Code.Injection CRITICAL" "advanced-custom-fields-pro 6.2.10 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "advanced-custom-fields-pro 6.2.5 Contributor+.Stored.Cross-Site.Scripting.via.Custom.Field MEDIUM" "advanced-custom-fields-pro 6.1.6 Reflected.XSS HIGH" "advanced-custom-fields-pro 6.1.0 Contributor+.PHP.Object.Injection MEDIUM" "advanced-custom-fields-pro 5.12.5 Contributor+.PHP.Object.Injection MEDIUM" "advanced-custom-fields-pro 5.12.3 Unauthenticated.File.Upload MEDIUM" "advanced-custom-fields-pro 5.12.1 Contributor+.Database.Information.Access MEDIUM" "advanced-custom-fields-pro 5.11 Subscriber+.Arbitrary.ACF.Data/Field.Groups.View.and.Fields.Move MEDIUM" "advanced-custom-fields-pro 5.9.1 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "all-in-one-video-gallery 3.8.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Video.Shortcode MEDIUM" "all-in-one-video-gallery 3.7.0 Authenticated.(Contributor+).Local.File.Inclusion.via.aiovg_search_form.Shortcode HIGH" "all-in-one-video-gallery 3.6.5 Contributor+.Arbitrary.File.Upload.via.featured.image HIGH" "all-in-one-video-gallery 3.6.0 Missing.Authorization MEDIUM" "all-in-one-video-gallery 3.4.3 Reflected.Cross-Site.Scripting MEDIUM" "all-in-one-video-gallery 2.6.1 2.6.0.-.Unauthenticated.Arbitrary.File.Download.&.SSRF HIGH" "all-in-one-video-gallery 2.5.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "all-in-one-video-gallery 2.5.0 Admin+.Local.File.Inclusion LOW" "abc-notation No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "abc-notation No.known.fix Authenticated.(Contributor+).Arbitrary.File.Read MEDIUM" "abc-notation No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "azurecurve-toggle-showhide No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "accesspress-social-login-lite 3.4.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "ad-inserter 2.8.1 Ad.Manager.and.AdSense.Ads..<.2.8.1.-.Reflected.Cross-Site.Scripting MEDIUM" "ad-inserter 2.7.38 Reflected.Cross-Site.Scripting MEDIUM" "ad-inserter 2.7.31 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "ad-inserter 2.7.31 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "ad-inserter 2.7.27 Admin+.PHP.Object.Injection LOW" "ad-inserter 2.7.12 Reflected.Cross-Site.Scripting LOW" "ad-inserter 2.7.11 Admin+.RCE./.Stored.XSS MEDIUM" "ad-inserter 2.7.10 Reflected.Cross-Site.Scripting MEDIUM" "ad-inserter 2.4.22 Authenticated.Remote.Code.Execution HIGH" "ad-inserter 2.4.20 Authenticated.Path.Traversal HIGH" "ad-inserter 1.5.6 Authenticated.Cross-Site.Scripting.(XSS) HIGH" "alphabetic-pagination 3.2.2 Reflected.Cross-Site.Scripting MEDIUM" "alphabetic-pagination 3.0.8 Unauthenticated.Arbitrary.Option.Update CRITICAL" "ai-moderator-for-buddypress-and-buddyboss No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "autolisticle-automatically-update-numbered-list-articles 1.2.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "aweber-wp 2.5.8 Reflected.Cross-Site.Scripting MEDIUM" "aweber-web-form-widget 7.3.21 Admin+.Stored.XSS LOW" "aweber-web-form-widget 7.3.15 Authenticated.(Admin+).SQL.Injection HIGH" "aweber-web-form-widget 7.3.10 Missing.Authorization.via.AJAX.actions MEDIUM" "admin-side-data-storage-for-contact-form-7 No.known.fix Authenticated.(Admin+).SQL.Injection HIGH" "admin-side-data-storage-for-contact-form-7 No.known.fix Missing.Authorization.to.Unauthenticated.Bookmark.Status.Alteration MEDIUM" "admin-side-data-storage-for-contact-form-7 No.known.fix Missing.Authorization.to.Unauthenticated.Read.Status.Update MEDIUM" "admin-side-data-storage-for-contact-form-7 No.known.fix Cross-Site.Request.Forgery MEDIUM" "admin-side-data-storage-for-contact-form-7 No.known.fix Unauthenticated.Reflected.XSS HIGH" "advanced-easy-shipping-for-wc-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "appointment-booking-calendar 1.3.93 Missing.Authorization MEDIUM" "appointment-booking-calendar 1.3.93 Cross-Site.Request.Forgery.to.SQL.Injection MEDIUM" "appointment-booking-calendar 1.3.83 CSRF.appointment.scheduling MEDIUM" "appointment-booking-calendar 1.3.70 Feedback.Submission.via.CSRF MEDIUM" "appointment-booking-calendar 1.3.35 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "appointment-booking-calendar 1.3.35 CSV.Injection MEDIUM" "appointment-booking-calendar 1.3.19 Unauthenticated.Stored.XSS MEDIUM" "appointment-booking-calendar 1.1.25 Unauthenticated.SQL.Injection CRITICAL" "appointment-booking-calendar 1.1.24 Unauthenticated.SQL.Injection CRITICAL" "appointment-booking-calendar 1.1.8 Multiple.Reflected.Cross-Site.Scripting.(XSS).and.SQL.Injection HIGH" "auto-login-when-resister No.known.fix Settings.Update.via.CSRF MEDIUM" "all-in-one-seo-pack-pro 4.2.6 Admin+.SSRF LOW" "awesome-event-booking 2.8.5 Reflected.Cross-Site.Scripting MEDIUM" "awesome-event-booking 2.8.0 Cross-Site.Request.Forgery MEDIUM" "awesome-event-booking 2.7.5 Missing.Authorization MEDIUM" "awesome-event-booking 2.7.2 Reflected.Cross-Site.Scripting MEDIUM" "accesspress-anonymous-post-pro 3.2.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "author-box-after-posts No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-what-should-we-write-about-next No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "advanced-what-should-we-write-about-next No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "abeta-punchout 1.0.0 Reflected.Cross-Site.Scripting MEDIUM" "abeta-punchout 1.0.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "admin-custom-login 3.2.8 CSRF.to.Stored.XSS HIGH" "accesspress-twitter-auto-post 1.4.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "advanced-typekit No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "apptha-slider-gallery No.known.fix Unauthenticated.Arbitrary.File.Read HIGH" "ap-plugin-scripteo No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "ap-plugin-scripteo No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ap-plugin-scripteo 4.89 Multi-Purpose.WordPress.Advertising.Manager.<.4.89.-.Unauthenticated.SQL.Injection HIGH" "add-image-to-post No.known.fix Cross-Site.Request.Forgery MEDIUM" "acf-vc-integrator 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "ajax-bootmodal-login No.known.fix Captcha.Reuse MEDIUM" "ai-site-builder No.known.fix Missing.Authorization.to.Arbitrary.Plugin.Installation CRITICAL" "affiliate-disclosure-statement No.known.fix Cross-Site.Request.Forgery MEDIUM" "automatic-internal-links-for-seo 1.2.2 Authenticated.(Administrator+).SQL.Injection.via.post_id.Parameter MEDIUM" "automatic-internal-links-for-seo 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "amazon-einzeltitellinks No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "arielbrailovsky-viralad No.known.fix Unauthenticated.SQL.Injection HIGH" "arielbrailovsky-viralad No.known.fix Unauthenticated.SQL.Injection HIGH" "avirato-calendar No.known.fix Subscriber+.SQLi HIGH" "addon-sweetalert-contact-form-7 1.0.8 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "add-google-plus-one-social-share-button No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "a4-barcode-generator 3.4.11 Missing.Authorization MEDIUM" "a4-barcode-generator 3.4.10 Missing.Authorization MEDIUM" "a4-barcode-generator 3.4.7 Subscriber+.Stored.XSS HIGH" "a4-barcode-generator 3.4.7 Subscriber+.Settings/Profiles.Update,.Templates/Barcodes.Access/Creation/Edition/Deletion MEDIUM" "ark-wysiwyg-comment-editor No.known.fix Iframe.Injection.via.Comment LOW" "aiify 0.1.0 Reflected.Cross-Site.Scripting MEDIUM" "awesome-shortcodes 1.7.3 Reflected.XSS HIGH" "augmented-reality No.known.fix Unauthenticated.PHP.File.Upload.leading.to.RCE CRITICAL" "alphabetical-list No.known.fix Settings.Update.via.CSRF MEDIUM" "awsom-news-announcement No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "apptivo-business-site No.known.fix Missing.Authorization.to.Arbitrary.Content.Deletion MEDIUM" "apptivo-business-site No.known.fix Cross-Site.Request.Forgery.to.IP.Address.Block MEDIUM" "apptivo-business-site 3.0.14 Admin+.Stored.XSS LOW" "avalex 3.0.9 Missing.Authorization MEDIUM" "avalex 3.0.4 Admin+.Stored.XSS LOW" "appointify No.known.fix Authenticated.(Admin+).Arbitrary.File.Upload HIGH" "amministrazione-trasparente 8.0.5 Admin+.Stored.XSS LOW" "amministrazione-trasparente 7.1.1 Cross-Site.Request.Forgery HIGH" "amministrazione-trasparente 7.1.1 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "arcadeready No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "alex-reservations 2.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "addons-for-elementor-builder 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "airpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "airpress No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "alloggio-membership 1.2 Authentication.Bypass CRITICAL" "autowp-ai-content-writer-rewriter 2.0.9 Cross-Site.Request.Forgery MEDIUM" "aprils-call-posts No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "animated-typing-effect 1.3.7 Contributor+.Stored.XSS MEDIUM" "arconix-shortcodes 2.1.18 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "arconix-shortcodes 2.1.17 Reflected.Cross-Site.Scripting MEDIUM" "arconix-shortcodes 2.1.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "arconix-shortcodes 2.1.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.box.Shortcode MEDIUM" "arconix-shortcodes 2.1.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "arconix-shortcodes 2.1.12 Missing.Authorization MEDIUM" "arconix-shortcodes 2.1.11 Missing.Authorization.to.Notice.Dismissal MEDIUM" "arconix-shortcodes 2.1.8 Contributor+.Stored.XSS MEDIUM" "add-expires-headers 2.8.0 Reflected.Cross-Site.Scripting MEDIUM" "add-expires-headers 2.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "aforms-eats 1.3.2 Unauthenticated.Full.Path.Disclosure MEDIUM" "about-me No.known.fix Subscriber+.Arbitrary.Network.Creation/Deletion MEDIUM" "aforms-form-builder-for-price-calculator-cost-estimation 2.2.7 Unauthenticated.Full.Path.Disclosure MEDIUM" "aiomatic-automatic-ai-content-writer 2.3.7 AI.Content.Writer,.Editor,.ChatBot.&.AI.Toolkit.<.2.3.7.-.Missing.Authorization.to.Authenticated.(Subscriber+).Multiple.Administrator.Actions MEDIUM" "aiomatic-automatic-ai-content-writer 2.3.9 AI.Content.Writer,.Editor,.ChatBot.&.AI.Toolkit.<.2.3.9.-.Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "aiomatic-automatic-ai-content-writer 2.0.6 Automatic.AI.Content.Writer.<.2.0.6.-.Unauthenticated.Arbitrary.Email.Sending MEDIUM" "aiomatic-automatic-ai-content-writer 1.9.4 Missing.Authorization MEDIUM" "avenirsoft-directdownload No.known.fix Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "aphorismus No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "admin-notices-for-team No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "admin-notices-for-team No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "admin-notices-for-team No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "advanced-access-manager 6.9.21 Reflected.XSS HIGH" "advanced-access-manager 6.9.21 Admin+.Stored.Cross-Site.Scripting MEDIUM" "advanced-access-manager 6.9.19 Open.Redirect MEDIUM" "advanced-access-manager 6.9.19 Contributor+.Stored.XSS MEDIUM" "advanced-access-manager 6.9.16 Contributor+.Stored.XSS MEDIUM" "advanced-access-manager 6.8.0 Admin+.Stored.Cross-Site.Scripting LOW" "advanced-access-manager 6.6.2 Authenticated.Information.Disclosure MEDIUM" "advanced-access-manager 6.6.2 Authenticated.Authorization.Bypass.and.Privilege.Escalation HIGH" "advanced-access-manager 5.9.9 Unauthenticated.Local.File.Inclusion CRITICAL" "advanced-access-manager 3.2.2 Privilege.Escalation HIGH" "additional-order-filters-for-woocommerce 1.22 Reflected.Cross-Site.Scripting MEDIUM" "additional-order-filters-for-woocommerce 1.12 Reflected.XSS HIGH" "amr-personalise No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "advanced-accordion-block 5.0.3 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "accounting-for-woocommerce 1.6.9 Unauthenticated.Local.File.Inclusion CRITICAL" "accounting-for-woocommerce 1.6.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "accounting-for-woocommerce 1.6.7 Reflected.Cross-Site.Scripting MEDIUM" "add-to-cart-direct-checkout-for-woocommerce 2.1.49 Admin+.Stored.XSS LOW" "auto-tag-links No.known.fix Cross-Site.Request.Forgery MEDIUM" "auto-hyperlink-urls No.known.fix Tab.Nabbing MEDIUM" "append-content No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "about-author-box 1.0.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "aparat No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addons-for-elementor 8.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.piechart_settings.Parameter MEDIUM" "addons-for-elementor 8.4.1 Authenticated.(Contributor+).Limited.Local.File.Inclusion.via.Widgets HIGH" "addons-for-elementor 8.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Marquee.Text.Widget,.Testimonials.Widget,.and.Testimonial.Slider.Widgets MEDIUM" "addons-for-elementor 8.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Various.Widgets MEDIUM" "addons-for-elementor 8.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Posts.Grid MEDIUM" "addons-for-elementor 8.3.7 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.widget._id.attribute MEDIUM" "addons-for-elementor 8.3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Display.Name MEDIUM" "addons-for-elementor 8.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Posts.Slider.Widget MEDIUM" "addons-for-elementor 8.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Team.Members.Widget MEDIUM" "addons-for-elementor 8.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Posts.Multislider.Widget MEDIUM" "addons-for-elementor 8.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Posts.Carousel.Widget MEDIUM" "addons-for-elementor 8.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Animated.Text.Widget MEDIUM" "addons-for-elementor 8.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.animated_text_class MEDIUM" "addons-for-elementor 8.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addons-for-elementor 8.3.2 Contributor+.Stored.XSS MEDIUM" "addons-for-elementor 7.9 Reflected.Cross-Site.Scripting MEDIUM" "addons-for-elementor 7.2.4 Admin+.Stored.XSS LOW" "addons-for-elementor 7.1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "addons-for-elementor 6.8 Contributor+.Stored.XSS MEDIUM" "addons-for-elementor 2.6 Subscriber+.Arbitrary.Option.Update CRITICAL" "all-404-pages-redirect-to-homepage 2.0 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "announce-from-the-dashboard 1.5.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "announce-from-the-dashboard 1.5.2 Admin+.Stored.XSS LOW" "admin-bar 1.0.23 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "ar-contactus 1.8.8 Authenticated.Stored.Cross-Site.Scripting CRITICAL" "advanced-product-labels-for-woocommerce 1.2.3.7 Reflected.Cross-Site.Scripting MEDIUM" "affs No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "affiliate-toolkit-starter 3.7.4 Cross-Site.Request.Forgery MEDIUM" "affiliate-toolkit-starter 3.7.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "affiliate-toolkit-starter 3.6.8 Reflected.Cross-Site.Scripting MEDIUM" "affiliate-toolkit-starter 3.6.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.atkp_product.Shortcode MEDIUM" "affiliate-toolkit-starter 3.6 Unauthenticated.Full.Path.Dislcosure MEDIUM" "affiliate-toolkit-starter 3.4.5 Unauthenticated.Sensitive.Information.Exposure.via.Logs MEDIUM" "affiliate-toolkit-starter 3.4.6 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.ratings MEDIUM" "affiliate-toolkit-starter 3.5.5 Missing.Authorization.via.atkp_import_product MEDIUM" "affiliate-toolkit-starter 3.5.5 Missing.Authorization.via.atkp_create_list MEDIUM" "affiliate-toolkit-starter 3.4.3 Unauthenticated.SSRF HIGH" "affiliate-toolkit-starter 3.4.4 Reflected.Cross-Site.Scripting.via.keyword MEDIUM" "affiliate-toolkit-starter 3.4.0 Open.Redirect.via.atkpout.php LOW" "affiliate-toolkit-starter 3.3.4 Editor+.Stored.XSS LOW" "advanced-uploader No.known.fix Subscriber+.Arbitrary.File.Upload CRITICAL" "ajax-domain-checker No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ajax-press No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "akismet-htaccess-writer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ai-contact-us No.known.fix Admin+.Stored.XSS LOW" "author-bio-box 3.4.0 Admin+.Stored.Cross-Site.Scripting LOW" "amazon-link No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "attach-gallery-posts No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "actionwear-products-sync No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "actionwear-products-sync 2.3.3 Unauthenticated.Full.Patch.Disclosure MEDIUM" "aawp-obfuscator No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "authenticator 1.3.1 Subscriber+.Denial.of.Service.via.Feed.Token.Disclosure MEDIUM" "ar-for-wordpress 7.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ar-for-wordpress 7.4 Missing.Authorization.to.Unauthenticated.Limited.File.Upload LOW" "ar-for-wordpress 7.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "auto-featured-image No.known.fix Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "affiliatex 1.2.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "alpine-photo-tile-for-pinterest No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "arena-liveblog-and-chat-tool No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "arena-liveblog-and-chat-tool No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.arena_embed_amp.Shortcode MEDIUM" "arena-liveblog-and-chat-tool 0.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "adifier-system 3.1.8 Unauthenticated.Arbitrary.Password.Reset CRITICAL" "auto-excerpt-everywhere No.known.fix Cross-Site.Request.Forgery MEDIUM" "animation-addons-for-elementor 1.1.7 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Content.Slider.and.Tabs.Widget.Elementor.Template MEDIUM" "advanced-google-recaptcha 1.30 Authenticated.(Subscriber+).Limited.SQL.Injection.via.'sSearch'.Parameter MEDIUM" "advanced-google-recaptcha 1.28 Built-in.Math.CAPTCHA.Bypass MEDIUM" "advanced-google-recaptcha 1.26 Brute.Force.Protection.IP.Unblock LOW" "acf-extended 0.8.9.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "acf-extended 0.8.8.7 Admin+.SQL.Injection MEDIUM" "astra-widgets 1.2.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "astra-widgets 1.2.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "affiliate-ads-builder-for-clickbank-products 1.7 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "auto-prune-posts 3.0.0 Admin+.Stored.XSS LOW" "auto-prune-posts 2.0.0 Post.Deletion.Settings.Update.via.CSRF MEDIUM" "add-comments No.known.fix Admin+.Stored.XSS LOW" "automatic-translation No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "analytics-cat 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "analytics-cat 1.1.0 Admin+.Stored.Cross-Site.Scripting MEDIUM" "analytics-cat 1.1.0 Settings.Update.via.CSRF MEDIUM" "albo-pretorio-on-line No.known.fix Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "albo-pretorio-on-line No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "albo-pretorio-on-line 4.6.4 Reflected.XSS HIGH" "albo-pretorio-on-line 4.6.2 Reflected.XSS HIGH" "albo-pretorio-on-line 4.6.1 Reflected.XSS HIGH" "author-avatars 2.1.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "author-avatars 2.1.22 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "author-avatars 2.1.19 Contributor+.Stored.XSS MEDIUM" "addon-elements-for-elementor-page-builder 1.14 Contributor+.Sensitive.Information.Disclosure LOW" "addon-elements-for-elementor-page-builder 1.13.9 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.table_saved_sections MEDIUM" "addon-elements-for-elementor-page-builder 1.13.7 Missing.Authorization MEDIUM" "addon-elements-for-elementor-page-builder 1.13.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addon-elements-for-elementor-page-builder 1.13.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "addon-elements-for-elementor-page-builder 1.13.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.and.eae_slider_animation.Parameters MEDIUM" "addon-elements-for-elementor-page-builder 1.13.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addon-elements-for-elementor-page-builder 1.13.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addon-elements-for-elementor-page-builder 1.13.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Twitter.Widget MEDIUM" "addon-elements-for-elementor-page-builder 1.13.4 Contributor+.Stored.XSS MEDIUM" "addon-elements-for-elementor-page-builder 1.13.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addon-elements-for-elementor-page-builder 1.13.2 Contributor+.Stored.XSS MEDIUM" "addon-elements-for-elementor-page-builder 1.13.3 Contributor+.DOM-Based.Stored.XSS MEDIUM" "addon-elements-for-elementor-page-builder 1.12.11 Contributor+.Stored.XSS MEDIUM" "addon-elements-for-elementor-page-builder 1.13 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Modal.Popup.effet MEDIUM" "addon-elements-for-elementor-page-builder 1.13 Contributor+.Stored.XSS MEDIUM" "addon-elements-for-elementor-page-builder 1.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Content.Switcher.Widget MEDIUM" "addon-elements-for-elementor-page-builder 1.13 Contributor+.to.LFI HIGH" "addon-elements-for-elementor-page-builder 1.13 Contributor+.Stored.XSS MEDIUM" "addon-elements-for-elementor-page-builder 1.12.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addon-elements-for-elementor-page-builder 1.12.8 Unauthenticated.Post.ID/Tile.Disclosure MEDIUM" "addon-elements-for-elementor-page-builder 1.12.8 Elementor.Addon.Element.Enabling/Disabling.via.CSRF MEDIUM" "addon-elements-for-elementor-page-builder 1.12.8 Admin+.Stored.XSS LOW" "addon-elements-for-elementor-page-builder 1.12.8 Settings.Update.via.CSRF MEDIUM" "addon-elements-for-elementor-page-builder 1.12 Reflected.Cross-Site.Scripting MEDIUM" "addon-elements-for-elementor-page-builder 1.11.14 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "addon-elements-for-elementor-page-builder 1.11.8 CSRF.Bypass LOW" "addon-elements-for-elementor-page-builder 1.11.2 Contributor+.Stored.XSS MEDIUM" "addon-elements-for-elementor-page-builder 1.6.4 CSRF.&.XSS LOW" "audio4-html5 No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "animate-it 2.4.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "animate-it 2.3.6 XSS HIGH" "admin-columns-pro 5.5.1 Admin+.Stored.XSS.in.Label LOW" "admin-columns-pro 5.5.2 Authenticated.Stored.Cross-Site.Scripting.(XSS).in.Custom.Field MEDIUM" "auto-thickbox-plus No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "autocomplete-location-field-contact-form-7 3.0 Admin+.Store.Cross-Site.Scripting LOW" "ari-fancy-lightbox 1.3.18 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "ari-fancy-lightbox 1.3.9 Reflected.Cross-Site.Scripting MEDIUM" "arconix-faq 1.9.7 Missing.Authorization MEDIUM" "arconix-faq 1.9.6 Reflected.Cross-Site.Scripting MEDIUM" "arconix-faq 1.9.5 Missing.Authorization MEDIUM" "arconix-faq 1.9.4 Missing.Authorization.to.Notice.Dismissal MEDIUM" "auto-date-year-month 2.0.2 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "auto-date-year-month 1.1.5 Reflected.Cross-Site.Scripting MEDIUM" "acf-front-end-editor No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Content.Update MEDIUM" "apartment-management No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "apartment-management No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "apartment-management No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "apartment-management No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "apartment-management No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "apartment-management No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "apartment-management No.known.fix Unauthenticated.SQL.Injection HIGH" "axle-demo-importer No.known.fix Author+.Arbitrary.File.Upload CRITICAL" "automatic-grid-image-listing No.known.fix Admin+.Arbitrary.File.Upload MEDIUM" "auto-featured-image-from-title 2.4 Reflected.Cross-Site.Scripting MEDIUM" "all-in-one-wp-migration-onedrive-extension 1.67 Unauthenticated.Access.Token.Update MEDIUM" "artificial-intelligence-auto-content-generator 3.0.0 Reflected.Cross-Site.Scripting MEDIUM" "all-in-one-redirection No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "all-in-one-redirection No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "all-in-one-redirection 2.2.0 Admin+.SQLi MEDIUM" "attesa-extra 1.4.3 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "attesa-extra 1.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "amazonify No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "amazonify No.known.fix Cross-Site.Request.Forgery.to.Amazon.Tracking.ID.Update MEDIUM" "ai-twitter-feeds No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-settings 3.0.2 Cross-Site.Request.Forgery MEDIUM" "admin-menu No.known.fix Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "automatically-hierarchic-categories-in-menu 2.0.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "automatically-hierarchic-categories-in-menu 2.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "appsplate No.known.fix Unauthenticated.SQL.Injection HIGH" "anytrack-affiliate-link-manager 1.5.5 Missing.Authorization MEDIUM" "awesome-gallery-singsys No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "auto-load-next-post No.known.fix Cross-Site.Request.Forgery MEDIUM" "aria-font No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "accesspress-custom-css 2.0.2 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "advanced-sermons 3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-sermons 3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-sermons 3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-sermons 3.2 Reflected.Cross-Site.Scripting.via.s MEDIUM" "advanced-sermons 3.3 Reflected.Cross-Site.Scripting MEDIUM" "arscode-ninja-popups No.known.fix Unauthenticated.Open.Redirect MEDIUM" "apollo13-framework-extensions 1.9.4 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "apollo13-framework-extensions 1.9.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "apollo13-framework-extensions 1.9.2 Cross-Site.Request.Forgery MEDIUM" "apollo13-framework-extensions 1.9.1 Contributor+.Stored.XSS MEDIUM" "apollo13-framework-extensions 1.9.0 Missing.Authorization MEDIUM" "aco-product-labels-for-woocommerce 1.5.11 Admin+.SQLi MEDIUM" "aco-product-labels-for-woocommerce 1.5.9 Admin+.SQLi MEDIUM" "aco-product-labels-for-woocommerce 1.5.9 Authenticated.(Administrator+).SQL.Injection MEDIUM" "aco-product-labels-for-woocommerce 1.5.4 Authenticated.(Shop.manager+).Stored.Cross-Site.Scripting MEDIUM" "acf-better-search 3.3.1 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "addonify-quick-view 1.2.17 Unauthenticated.Full.Path.Dislcosure MEDIUM" "azurecurve-floating-featured-image No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "add-custom-css-and-js No.known.fix Stored.XSS.via.CSRF HIGH" "ad-invalid-click-protector 1.2.11 Injected.Backdoor CRITICAL" "ad-invalid-click-protector 1.2.7 Reflected.Cross-Site.Scripting MEDIUM" "ad-invalid-click-protector 1.2.7 Arbitrary.Ban.Deletion.via.CSRF MEDIUM" "ad-invalid-click-protector 1.2.6 Authenticated.SQL.Injection MEDIUM" "am-hili-affiliate-manager-for-publishers No.known.fix Admin+.Stored.XSS LOW" "afterpay-gateway-for-woocommerce 3.5.1 Reflected.Cross-Site.Scripting MEDIUM" "afterpay-gateway-for-woocommerce 3.5.1 Reflected.Cross-Site.Scripting MEDIUM" "afterpay-gateway-for-woocommerce 3.2.1 Reflected.Cross-Site.Scripting HIGH" "adsense-privacy-policy No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "avif-support 1.1.1 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "avif-support 1.1.1 Author+.Stored.XSS.via.SVG.Uplaod MEDIUM" "aryo-activity-log 2.11.2 Unauthenticated.Stored.XSS.via.Event.Context HIGH" "aryo-activity-log 2.8.8 IP.Spoofing MEDIUM" "aryo-activity-log 2.8.4 CSV.Injection LOW" "aryo-activity-log 2.7.0 Authenticated.SQL.Injection MEDIUM" "aryo-activity-log 2.4.1 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "aryo-activity-log 2.3.3 Cross-Site.Scripting.(XSS).in.'page' MEDIUM" "aryo-activity-log 2.3.3 Cross-Site.Scripting.(XSS) MEDIUM" "album-and-image-gallery-plus-lightbox 2.1 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "adsplacer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "awesome-weather No.known.fix Contributor+.Stored.XSS MEDIUM" "awesome-weather No.known.fix Reflected.Cross-site.Scripting.(XSS) HIGH" "accesspress-anonymous-post No.known.fix Contributor+.Arbitrary.Redirect LOW" "accesspress-anonymous-post 2.8.1 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "aba-payway-woocommerce-payment-gateway No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "accept-stripe-payments-using-contact-form-7 2.6 Unauthenticated.Information.Exposure MEDIUM" "aws-cdn-by-wpadmin 3.0.0 Cross-Site.Request.Forgery MEDIUM" "at-internet No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "add-ribbon No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "art-picture-gallery No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "aio-shortcodes 1.3.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "apexchat 1.3.2 Admin+.Stored.XSS LOW" "avaibook No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "addfreestats 4.22 Missing.Authorization MEDIUM" "addfreestats No.known.fix Admin+.Stored.XSS LOW" "amazon-auto-links 5.4.3 Reflected.Cross-Site.Scripting MEDIUM" "amazon-auto-links 5.1.2 Contributor+.Stored.XSS MEDIUM" "amazon-auto-links 5.3.2 Contributor+.Stored.XSS MEDIUM" "amazon-auto-links 4.6.20 Reflected.Cross-Site.Scripting HIGH" "anymind-widget No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "addons-for-beaver-builder 3.7 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "addons-for-beaver-builder 3.3 Reflected.Cross-Site.Scripting MEDIUM" "addons-for-beaver-builder 2.8.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "access-code-feeder No.known.fix CSRF MEDIUM" "arforms-form-builder 1.7.2 HTML.Injection MEDIUM" "arforms-form-builder 1.7.1 Unauthenticated.Stored.XSS MEDIUM" "arforms-form-builder 1.6.8 Reflected.Cross-Site.Scripting MEDIUM" "arforms-form-builder 1.6.5 Missing.Authorization.to.Authenticated(Subscriber+).Arbitrary.Option.Deletion HIGH" "arforms-form-builder 1.6.2 Missing.Authorization MEDIUM" "arforms-form-builder 1.6.2 Cross-Site.Request.Forgery MEDIUM" "arforms-form-builder 1.5.9 Unauthenticated.Stored.XSS HIGH" "arforms-form-builder 1.5.7 Unauthenticated.Stored.XSS HIGH" "arforms-form-builder 1.5 Admin+.Stored.Cross.Site.Scripting LOW" "abundatrade-plugin No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "awsm-team 1.3.2 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "api2cart-bridge-connector 1.2.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "api2cart-bridge-connector 1.2.0 Unauthenticated.RCE CRITICAL" "addify-order-approval-woocommerce 1.1.0 Multiple.CSRF MEDIUM" "appmaps No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "animated-counters No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "animated-counters 1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "ai-wp-writer 3.8.4.5 Cross-Site.Request.Forgery MEDIUM" "ai-wp-writer 3.6.5.6 Missing.Authorization MEDIUM" "ai-responsive-gallery-album No.known.fix Missing.Authorization MEDIUM" "ai-responsive-gallery-album No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "addify-product-dynamic-pricing-and-discounts No.known.fix Multiple.CSRF MEDIUM" "advanced-speed-increaser No.known.fix Cross-Site.Request.Forgery MEDIUM" "awesome-social-icons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "awesome-social-icons No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "anac-xml-render No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "addify-custom-registration-forms-builder 1.0.2 Multiple.CSRF MEDIUM" "anything-popup No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "automatic-pages-for-privacy-policy-terms-about-and-contact 1.42 Reflected.Cross-Site.Scripting MEDIUM" "add-subtitle No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "awesome-timeline No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "advanced-post-search No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "activitypub 1.0.6 Unauthenticated.REST.API.Access MEDIUM" "activitypub 1.0.0 Subscriber+.Arbitrary.Post.Title.Disclosure MEDIUM" "activitypub 1.0.0 Contributor+.Stored.XSS MEDIUM" "activitypub 1.0.0 Subscriber+.Arbitrary.Post.Content.Disclosure MEDIUM" "activitypub 1.0.1 Contributor+.Stored.XSS MEDIUM" "ab-press-optimizer-lite No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "accessibility 1.0.7 Cross-Site.Request.Forgery MEDIUM" "accessibility 1.0.4 Admin+.Stored.XSS LOW" "aesop-story-engine No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ajax-rating-with-custom-login No.known.fix Unauthenticated.SQL.Injection HIGH" "advance-post-prefix No.known.fix Reflected.XSS HIGH" "advance-post-prefix No.known.fix Reflected.XSS HIGH" "advance-post-prefix No.known.fix Admin+.SQL.Injection MEDIUM" "awesome-shortcodes-for-genesis No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "abbie-expander No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "axima-payment-gateway No.known.fix Cross-Site.Request.Forgery MEDIUM" "all-images-ai 1.0.5 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "ach-invoice-app No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "acme-fix-images 2.0.0 Subscriber+.Image.Resizing MEDIUM" "abitgone-commentsafe No.known.fix Settings.Update.to.Stored.XSS.via.CSRF HIGH" "aikit-wordpress-ai-writing-assistant-using-gpt3 No.known.fix Authenticated.(Contributor+).SQL.Injection CRITICAL" "add-pinterest-conversion-tags 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "add-pinterest-conversion-tags 1.0.2 Subscriber+.Arbitrary.Option.Update CRITICAL" "alojapro-widget 1.1.16 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "ancient-world-linked-data-for-wordpress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "a-gateway-for-pasargad-bank-on-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "add-product-frontend-for-woocommerce No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Content.Deletion MEDIUM" "audio-and-video-player 1.2.0 Player.Deletion.and.Duplication.via.CSRF MEDIUM" "add-social-share-buttons 1.1 CSRF.to.Settings.Change MEDIUM" "accept-authorize-net-payments-using-contact-form-7 2.3 Unauthenticated.Information.Exposure MEDIUM" "acf-frontend-display No.known.fix Arbitrary.File.Upload CRITICAL" "admin-font-editor No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "auto-iframe 2.0 Contributor+.XSS.via.Shortcode MEDIUM" "auto-iframe 1.8 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.tag.Parameter MEDIUM" "addons-for-divi 4.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "addons-for-divi 4.0.0 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.Upload MEDIUM" "addons-for-divi 3.6.0 Reflected.Cross-Site.Scripting MEDIUM" "addons-for-divi 3.5.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "addify-product-labels-and-stickers 1.1.0 Multiple.CSRF MEDIUM" "auth0 4.6.1 Reflected.Cross-Site.Scripting.via.wle MEDIUM" "auth0 4.0.0 Multiple.Vulnerabilities CRITICAL" "auth0 3.11.3 Unauthenticated.Reflected.XSS.via.wle.Parameter MEDIUM" "astra-import-export 1.0.4 Cross-Site.Request.Forgery MEDIUM" "astra-import-export 1.0.4 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "arabic-webfonts No.known.fix Missing.Authorization MEDIUM" "another-wordpress-classifieds-plugin 4.3.2 Cross-Site.Request.Forgery MEDIUM" "another-wordpress-classifieds-plugin 4.3.2 Missing.Authorization MEDIUM" "another-wordpress-classifieds-plugin 4.3.1 Categories.Mgt.via.CSRF MEDIUM" "another-wordpress-classifieds-plugin 4.3 Unauthenticated.SQLi MEDIUM" "aruba-hispeed-cache 2.0.13 Missing.Authorization MEDIUM" "aruba-hispeed-cache 2.0.7 Unauthenticated.Log.File.Access MEDIUM" "animated-text-block 1.0.8 Missing.Authorization MEDIUM" "amo-team-showcase No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.amoteam_skills.Shortcode MEDIUM" "ajar-productions-in5-embed No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "ajar-productions-in5-embed 3.1.4 Unauthenticated.Arbitrary.File.Upload CRITICAL" "awesome-surveys No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "admin-trim-interface No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "altima-lookbook-free-for-woocommerce No.known.fix Refletced.Cross-Site.Scripting MEDIUM" "anual-archive No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "anual-archive No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "anual-archive 1.6.0 Contributor+.Stored.XSS MEDIUM" "all-in-one-invite-codes 1.0.13 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "audiocase No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-cron-manager-pro 2.5.3 Subscriber+.Arbitrary.Events/Schedules.Creation/Deletion MEDIUM" "ai-text-to-speech 3.0.4 Missing.Authorization MEDIUM" "aviary-image-editor-add-on-for-gravity-forms No.known.fix Unauthenticated.File.Upload CRITICAL" "accordion-slider 1.9.13 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "accordion-slider 1.9.12 Authenticted.(Contributor+).Stored.Cross-Site.Scripting.via.HTML.Attribute MEDIUM" "audio-album 1.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-ajax-page-loader No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "advanced-ajax-page-loader 2.7.7 Unauthenticated.Uploaded.File.Disclosure MEDIUM" "automated-editor No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "advanced-lazy-load No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "animategl No.known.fix Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "animategl 1.4.18 Reflected.Cross-Site.Scripting MEDIUM" "ajax-archive-calendar 2.6.8 Contributor+.Stored.XSS MEDIUM" "admin-notices-manager 1.5.0 Missing.Authorization.to.Authenticated.(Subscriber+).User.Email.Retrieval MEDIUM" "admin-menu-organizer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "analytics-for-wp No.known.fix Admin+.Stored.XSS LOW" "armember 6.7.1 Cross-Site.Request.Forgery.via.multiple.functions MEDIUM" "armember 5.6 Unauthenticated.Privilege.Escalation CRITICAL" "ajax-random-posts No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "add-actions-and-filters No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "add-actions-and-filters 2.10 Reflected.XSS HIGH" "add-actions-and-filters 2.10 Settings.Update.via.CSRF MEDIUM" "add-actions-and-filters No.known.fix Admin+.Stored.XSS MEDIUM" "abcapp-creator No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "activity-reactions-for-buddypress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "add-customer-for-woocommerce 1.7.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "all-in-one-b2b-for-woocommerce No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "all-in-one-b2b-for-woocommerce No.known.fix Multiple.CSRF MEDIUM" "auto-upload-images 3.3.1 CSRF MEDIUM" "auto-upload-images 3.3.1 Admin+.Stored.Cross-Site.Scripting LOW" "amministrazione-aperta 3.8 Admin+.LFI LOW" "automizy-gravity-forms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "automizy-gravity-forms No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "aklamator-infeed No.known.fix Admin+.Stored.XSS LOW" "aklamator-infeed No.known.fix Reflected.XSS HIGH" "authentication-via-otp-using-firebase No.known.fix Missing.Authorization.to.Privilege.Escalation CRITICAL" "amount-left-free-shipping-woocommerce 2.4.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "auto-limit-posts-reloaded No.known.fix Cross-Site.Request.Forgery MEDIUM" "all-in-one-wp-migration-gdrive-extension 2.80 Unauthenticated.Access.Token.Update MEDIUM" "analytics-tracker 1.1.1 XSS MEDIUM" "adapta-rgpd 1.3.3 Unauthorised.Consent.via.CSRF MEDIUM" "awesome-responsive-photo-gallery 1.2 Missing.Authorization MEDIUM" "awesome-responsive-photo-gallery 2.1 Reflected.Cross-Site.Scripting MEDIUM" "api-key-for-google-maps 1.2.2 Arbitrary.API.Key.Update.via.CSRF MEDIUM" "automail No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "automail 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "achilles-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ayecode-connect 1.3.9 Missing.Authorization MEDIUM" "absolute-addons No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "advanced-cf7-db 2.0.3 Missing.Authorization.to.Unauthenticated.Information.Disclosure MEDIUM" "advanced-cf7-db 2.0.3 Sensitive.Information.Exposure MEDIUM" "advanced-cf7-db 1.8.8 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "advanced-cf7-db 1.8.7 Subscriber+.Arbitrary.File.Deletion HIGH" "advanced-cf7-db 1.7.1 SQL.Injection CRITICAL" "amazonsimpleadmin 1.5.4 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "appointment-buddy-online-appointment-booking-by-accrete No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "advanced-database-cleaner 3.1.4 Administrator+.PHP.Object.Injection MEDIUM" "advanced-database-cleaner 3.1.3 Authenticated.(Administrator+).SQL.Injection MEDIUM" "advanced-database-cleaner 3.1.2 Settings.Update.via.CSRF MEDIUM" "advanced-database-cleaner 3.1.1 Reflected.Cross-Site.Scripting MEDIUM" "advanced-database-cleaner 3.0.4 Reflected.Cross-Site.Scripting MEDIUM" "advanced-database-cleaner 3.0.2 Authenticated.SQL.injection MEDIUM" "amazing-neo-icon-font-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "arprice-responsive-pricing-table 3.6.1 Unauthenticated.SQLi HIGH" "arprice-responsive-pricing-table 2.3 Cross-Site.Request.Forgery MEDIUM" "auxin-elements 2.17.5 Missing.Authorization MEDIUM" "auxin-elements 2.17.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Staff.Widget MEDIUM" "auxin-elements 2.17.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.aux_contact_box.and.aux_gmaps.Shortcodes MEDIUM" "auxin-elements 2.16.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Modern.Heading.and.Icon.Picker.Widgets MEDIUM" "auxin-elements 2.15.8 Contributor+.Stored.XSS.via.aux_gmaps.Shortcode MEDIUM" "auxin-elements 2.15.8 Contributor+.XSS.via.HTML.Element MEDIUM" "auxin-elements No.known.fix Subscriber+.PHP.Object.Injection HIGH" "auxin-elements 2.15.8 Contributor+.Stored.XSS.via.Custom.JS MEDIUM" "auxin-elements 2.15.8 Contributor+.Stored.XSS.via.title_tag MEDIUM" "auxin-elements 2.15.6 Contributor+.Stored.XSS.via.Accordion.Widget MEDIUM" "auxin-elements 2.15.8 Contributor+.Stored.XSS.via.aux_timeline.Shortcode MEDIUM" "auxin-elements 2.15.8 Subscriber+.Template.Import MEDIUM" "auxin-elements 2.15.5 Contributor+.Stored.XSS MEDIUM" "auxin-elements 2.15.0 Unauthenticated.Local.File.Inclusion CRITICAL" "auxin-elements 2.10.7 PHP.Objection.Injection MEDIUM" "auxin-elements 2.9.8 Reflected.Cross-Site-Scripting MEDIUM" "avcp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "avcp No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "avcp No.known.fix Cross-Site.Request.Forgery.via.settings.php MEDIUM" "ai-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ai-addons-for-elementor No.known.fix Authenticated.(Contributor+).Private.Templates.Content.Disclosure MEDIUM" "alkubot 3.0.0 Unauthorised.AJAX.call.via.CSRF MEDIUM" "add-widget-after-content 2.5 Admin+.Stored.XSS LOW" "authors-autocomplete-meta-box No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "avatar No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "avatar No.known.fix Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "accurate-form-data-real-time-form-validation No.known.fix Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "awesomepress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "accesspress-social-counter 1.9.2 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "auto-login-new-user-after-registration No.known.fix Stored.XSS.via.CSRF HIGH" "auto-login-new-user-after-registration No.known.fix CSRF MEDIUM" "armember-membership-premium No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "anac-xml-viewer No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "annie No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "annie No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ar-for-woocommerce 7.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "annasta-woocommerce-product-filters 1.6.5 Reflected.Cross-Site.Scripting MEDIUM" "annasta-woocommerce-product-filters 1.5.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ajax-search-pro 4.26.2 Reflected.Cross-Site.Scripting HIGH" "ajax-search-pro 4.26.2 Multiple.Reflected.Cross-Site.Scripting HIGH" "ajax-search-pro 4.19 Subscriber+.SQL.Injection HIGH" "ajax-search-pro 4.19 Stored.XSS.via.CSRF HIGH" "advanced-cf7-database No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "accommodation-system No.known.fix Subscriber+.Unauthorised.Actions MEDIUM" "ad-blocking-detector No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "add-local-avatar No.known.fix Cross-Site.Request.Forgery.via.manage_avatar_cache MEDIUM" "author-work-in-progress-bar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "aw-woocommerce-kode-pembayaran No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "advanced-menu-widget No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "advanced-nocaptcha-recaptcha 7.0.6 Reflected.Cross-Site.Scripting MEDIUM" "advanced-nocaptcha-recaptcha 7.1.0 .Local.File.Inclusion.via.CSRF HIGH" "advanced-nocaptcha-recaptcha 7.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "all-in-one-wp-migration-box-extension 1.54 Unauthenticated.Access.Token.Update MEDIUM" "a2-optimized-wp 3.0.5 Data.Collection.Toggle.via.CSRF MEDIUM" "anonymize-links No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "affiliate-advantage No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "all-in-one-video-downloader No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "all-in-one-video-downloader No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advance-wc-analytics 3.4.0 Reflected.Cross-Site.Scripting MEDIUM" "advance-wc-analytics 3.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "accordion-slider-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ab-google-map-travel No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "analyse-uploads No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "arkhe-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "arkhe-blocks 2.27.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.block.attributes MEDIUM" "arkhe-blocks 2.27.0 Contributor+.Stored.XSS MEDIUM" "arkhe-blocks 2.23.0 Contributor+.Stored.XSS MEDIUM" "advanced-import 1.3.8 Arbitrary.Plugin.Installation.&.Activation.via.CSRF HIGH" "add-twitter-pixel 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "add-custom-content-after-post No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "atelier-create-cv No.known.fix Settings.Update.via.CSRF MEDIUM" "accordion-shortcodes No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "ads-for-wp 1.9.29 Cross-Site.Request.Forgery MEDIUM" "appten-image-rotator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "adsmiddle No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "admin-speedo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "admin-and-client-message-after-order-for-woocommerce 13.3 Authenticated.(Subscriber+).Limited.File.Upload.to.Cross-Site.Scripting MEDIUM" "admin-and-client-message-after-order-for-woocommerce 12.5 Missing.Authorization.to.Arbitrary.File.Upload CRITICAL" "alipay No.known.fix Authenticated.SQL.Injection MEDIUM" "ad-inserter-pro 2.8.0 Reflected.Cross-Site.Scripting MEDIUM" "ad-inserter-pro 2.7.12 Reflected.Cross-Site.Scripting LOW" "ad-inserter-pro 2.7.10 Reflected.Cross-Site.Scripting MEDIUM" "awcode-toolkit 1.0.19 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "about-rentals No.known.fix Unauthenticated.Actions HIGH" "automatorwp 5.2.6 Authenticated.(Administrator+).SQL.Injection.via.field_conditions HIGH" "automatorwp 5.2.2 Authenticated.(Administrator+).SQL.Injection MEDIUM" "automatorwp 5.1.0 Reflected.Cross-Site.Scripting.via.a-0-o-search_field_value CRITICAL" "automatorwp 2.5.1 Object.Deletion.via.CSRF MEDIUM" "automatorwp 1.7.6 Missing.Authorization.and.Privilege.Escalation MEDIUM" "availability No.known.fix Cross-Site.Request.Forgery MEDIUM" "add-user-role No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "anycomment 0.0.99 Reflected.Cross-Site.Scripting MEDIUM" "anycomment 0.2.18 Arbitrary.HyperComments.Import/Revert.via.CSRF MEDIUM" "anycomment 0.2.18 Comment.Rating.Increase/Decrease.via.Race.Condition LOW" "anycomment 0.3.5 Open.Redirect MEDIUM" "anycomment 0.0.33 XSS MEDIUM" "acf-quickedit-fields 3.2.3 Contributor+.User.Metadata.Leak.via.IDOR LOW" "admin-dashboard-rss-feed 3.4 Administrator+.Stored.XSS LOW" "awesome-progess-bar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-dewplayer No.known.fix Missing.Authorization MEDIUM" "appointment-hour-booking 1.4.57 Captcha.Bypass MEDIUM" "appointment-hour-booking 1.3.73 Unauthenticated.iFrame.Injection HIGH" "appointment-hour-booking 1.3.73 CSV.Injection MEDIUM" "appointment-hour-booking 1.3.73 CAPTCHA.Bypass MEDIUM" "appointment-hour-booking 1.3.72 Feedback.Submission.via.CSRF MEDIUM" "appointment-hour-booking 1.3.56 Admin+.Stored.Cross-Site.Scripting LOW" "appointment-hour-booking 1.3.17 Authenticated.Stored.XSS LOW" "appointment-hour-booking 1.3.16 Admin+.Stored.Cross-Site.Scripting LOW" "appointment-hour-booking 1.1.46 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "accordions-or-faqs No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "accordions-or-faqs 2.3.1 Admin+.Stored.XSS LOW" "accordions-or-faqs 2.1.0 Authenticated.Arbitrary.Options.Update MEDIUM" "accordions-or-faqs 2.1.0 Admin+.Stored.XSS LOW" "accordions-or-faqs 2.0.3 Unauthenticated.Arbitrary.Options.Update CRITICAL" "announcekit No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "accelerated-mobile-pages 1.1.2 Reflected.Cross-Site.Scripting MEDIUM" "accelerated-mobile-pages 1.0.99.2 Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "accelerated-mobile-pages 1.0.97 Missing.Authorization MEDIUM" "accelerated-mobile-pages 1.0.97 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "accelerated-mobile-pages 1.0.93.2 Authenticated(Contributor+).Arbitrary.Post.Deletion.via.amppb_remove_saved_layout_data MEDIUM" "accelerated-mobile-pages 1.0.93 Unautenticated.Reflected.Cross-Site.Scripting MEDIUM" "accelerated-mobile-pages 1.0.92.1 Authenticated.(Contributor+).Cross-Site.Scripting.via.Shortcode MEDIUM" "accelerated-mobile-pages 1.0.89 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "accelerated-mobile-pages 1.0.77.33 Admin+.Stored.Cross-Site.Scripting LOW" "accelerated-mobile-pages 1.0.77.32 Admin+.Stored.Cross-Site.Scripting LOW" "accelerated-mobile-pages 0.9.97.21 Stored.XSS MEDIUM" "advanced-blocks-pro No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "accesspress-twitter-feed No.known.fix Delete.cache.via.CSRF MEDIUM" "accesspress-twitter-feed 1.6.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "admin-note No.known.fix Cross-Site.Request.Forgery MEDIUM" "affiliate-links-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "admin-options-pages 0.9.8 Reflected.Cross-Site.Scripting HIGH" "amp-img-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "adaptive-images 0.6.69 Reflected.Cross-Site.Scripting MEDIUM" "adaptive-images 0.6.67 Local.File.Inclusion.&.Deletion HIGH" "anyvar No.known.fix Stored.Cross-Site.Scripting.(XSS) MEDIUM" "auto-hide-admin-bar 1.6.2 Admin+.Stored.XSS LOW" "awesome-contact-form7-for-elementor 3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "awesome-contact-form7-for-elementor 3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.AEP.Contact.Form.7.Widget MEDIUM" "addify-image-watermark-for-woocommerce 1.0.1 Multiple.CSRF MEDIUM" "advance-menu-manager 3.1.2 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Change MEDIUM" "advance-menu-manager 3.0.6 Reflected.Cross-Site.Scripting MEDIUM" "advance-menu-manager 3.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advance-menu-manager 3.0 Unauthorised.Menu.Edition.via.CSRF MEDIUM" "advance-menu-manager 3.0.7 Unauthorised.Menu.Creation/Deletion MEDIUM" "advanced-coupons-for-woocommerce-free 4.5.0.1 Notice.Dismiss.via.CSRF MEDIUM" "ai-scribe-the-chatgpt-powered-seo-content-creation-wizard No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "ai-scribe-the-chatgpt-powered-seo-content-creation-wizard No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "ai-scribe-the-chatgpt-powered-seo-content-creation-wizard No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "advanced-options-editor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ajax-load-more 7.4.1 Authenticated(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ajax-load-more 7.3.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ajax-load-more 7.1.3 Ajax.Load.More.<.7.1.3.-.Contributor+.Stored.XSS MEDIUM" "ajax-load-more 7.1.2 Authenticated.(Contributor+).Cross-Site.Scripting MEDIUM" "ajax-load-more 7.0.2 Administrator+.Stored.Cross-Site.Scripting MEDIUM" "ajax-load-more 7.1.0 Authenticated.(Admin+).Directory.Traversal.to.Arbitrary.File.Read MEDIUM" "ajax-load-more 6.2 Ajax.Load.More.<.6.2.-.Contributor+.Stored.XSS MEDIUM" "ajax-load-more 5.6.0.3 Ajax.Load.More.<.5.6.0.3.-.Contributor+.Stored.XSS MEDIUM" "ajax-load-more 5.5.4.1 Admin+.Arbitrary.File.Read MEDIUM" "ajax-load-more 5.5.4 Admin+.Arbitrary.File.Read MEDIUM" "ajax-load-more 5.5.4 PHAR.Deserialization.via.CSRF HIGH" "ajax-load-more 5.3.2 Authenticated.SQL.Injection CRITICAL" "academist-membership 1.2 Authentication.Bypass CRITICAL" "ajax-pagination No.known.fix wp-admin/admin-ajax.php.loop.Parameter.Local.File.Inclusion HIGH" "accesspress-pinterest 3.3.4 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "acf-for-woocommerce-product No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "acf-for-woocommerce-product No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "all-contact-form-integration-for-elementor No.known.fix Cross-Site.Request.Forgery MEDIUM" "all-contact-form-integration-for-elementor No.known.fix Missing.Authorization MEDIUM" "all-contact-form-integration-for-elementor No.known.fix Missing.Authorization MEDIUM" "all-contact-form-integration-for-elementor 2.9.9.8 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "all-contact-form-integration-for-elementor 2.9.9.8 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "addify-gift-registry-for-woocommerce 1.1.0 Multiple.CSRF MEDIUM" "alt-manager 1.6.2 Missing.Authorization MEDIUM" "alt-manager 1.5.7 Reflected.Cross-Site.Scripting MEDIUM" "alt-manager 1.5.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ajax-login-and-registration-modal-popup 2.25 Reflected.XSS MEDIUM" "ajax-login-and-registration-modal-popup 2.24 Author+.Stored.XSS MEDIUM" "auto-keyword-backlink No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "accessally 3.5.7 $_SERVER.Superglobal.Leakage HIGH" "accessally 3.3.2 Unauthenticated.Arbitrary.PHP.Code.Execution CRITICAL" "add-tiktok-advertising-pixel 1.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "aparat-responsive No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ai-content-generation 1.2.6 Missing.Authorization MEDIUM" "awesome-twitter-feeds No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "api-bing-map-2018 5.0 CSRF MEDIUM" "advanced-floating-content 3.8.3 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "all-in-one-wp-migration 7.90 Unauthenticated.PHP.Object.Injection HIGH" "all-in-one-wp-migration 7.87 Authenticated.(Administrator+).Arbitrary.PHP.Code.Injection HIGH" "all-in-one-wp-migration 7.87 Unauthenticated.Information.Disclosure.via.Error.Logs MEDIUM" "all-in-one-wp-migration 7.63 Unauthenticated.Reflected.XSS MEDIUM" "all-in-one-wp-migration 7.59 Admin+.File.Deletion.on.Windows.Hosts.via.Path.Traversal MEDIUM" "all-in-one-wp-migration 7.41 Admin+.Arbitrary.File.Upload.to.RCE MEDIUM" "all-in-one-wp-migration 7.15 Arbitrary.Backup.Download HIGH" "all-in-one-wp-migration 7.0 Authenticated.Cross-Site.Scripting.(XSS) CRITICAL" "all-in-one-wp-migration 6.46 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "all-in-one-wp-migration 2.0.5 Unauthenticated.Database.Export HIGH" "amp-wp No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "auphonic-importer No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "advanced-page-visit-counter No.known.fix Authenticated.(Administrator+).SQL.Injection CRITICAL" "advanced-page-visit-counter No.known.fix Admin+.Stored.XSS LOW" "advanced-page-visit-counter No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-page-visit-counter 8.0.1 Contributor+.SQLi MEDIUM" "advanced-page-visit-counter 7.1.1 Reflected.Cross-Site.Scripting MEDIUM" "advanced-page-visit-counter 6.1.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "advanced-page-visit-counter 6.1.6 Subscriber+.Blind.SQL.injection HIGH" "advanced-page-visit-counter 6.0.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "atarim-visual-collaboration 4.1.1 Reflected.Cross-Site.Scripting MEDIUM" "atarim-visual-collaboration 4.0.9 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "atarim-visual-collaboration 4.1.0 Missing.Authorization.to.Authenticated.(Subscriber+).Project.Page/File.Deletion MEDIUM" "atarim-visual-collaboration 4.0.2 Missing.Authorization.via.remove_feedbacktool_notice() MEDIUM" "atarim-visual-collaboration 4.0.3 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "atarim-visual-collaboration 4.0.1 Missing.Authorization MEDIUM" "atarim-visual-collaboration 3.32 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "atarim-visual-collaboration 3.31 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "atarim-visual-collaboration 3.30 Unauthenticated.Settings.Update,.Post.Deletion.etc HIGH" "atarim-visual-collaboration 3.13 Unauthenticated.Stored.XSS HIGH" "atarim-visual-collaboration 3.9.4 Admin+.Stored.XSS LOW" "auto-translate No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Custom.Font MEDIUM" "advanced-usps-shipping-method 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "agency-toolkit 1.0.25 Missing.Authorization MEDIUM" "agency-toolkit 1.0.24 Unauthenticated.Arbitrary.Options.Update CRITICAL" "add-to-any 1.7.48 Admin+.Stored.Cross-Site.Scripting LOW" "add-to-any 1.7.46 Admin+.Stored.XSS MEDIUM" "asf-allow-svg-files No.known.fix Author+.Stored.Cross.Site.Scripting.via.SVG MEDIUM" "asf-allow-svg-files 1.1 Admin+.Arbitrary.File.Upload MEDIUM" "all-in-menu No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "art-direction No.known.fix Contributor+.Stored.XSS MEDIUM" "astra-addon 4.3.2 Authenticated(Contributor+).Remote.Code.Execution.via.Metabox HIGH" "astra-addon 3.5.2 Unauthenticated.SQL.Injection HIGH" "accessibility-toolbar No.known.fix Cross-Site.Request.Forgery MEDIUM" "advanced-popups 1.1.2 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "animation-addons-for-elementor-pro 1.7 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Plugin.Installation/Activation HIGH" "assist24it No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "anfrageformular No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "add-facebook No.known.fix Author+.Stored.XSS MEDIUM" "add-facebook No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting] MEDIUM" "anonymous-restricted-content 1.6.6 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "anonymous-restricted-content 1.6.3 .Protection.Mechanism.Bypass MEDIUM" "antispam-bee 2.11.4 IP.Address.Spoofing.via.get_client_ip MEDIUM" "accesspress-social-icons 1.8.3 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "accesspress-social-icons 1.8.1 Authenticated.SQL.Injection HIGH" "accesspress-social-icons 1.6.8 Authenticated.SQL.Injections MEDIUM" "altos-connect No.known.fix Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "adamrob-parallax-scroll 2.1 Cross-Site.Scripting.(XSS) MEDIUM" "ag-custom-admin 7.2.4 Admin+.SSRF MEDIUM" "ag-custom-admin 7.2.2 Admin+.Stored.XSS.via.Image.URL LOW" "ag-custom-admin 7.0 Admin+.Stored.Cross-Site.Scripting MEDIUM" "ag-custom-admin 6.9.2 AGCA.<.6.9.2.-.Admin+.Stored.Cross-Site.Scripting LOW" "ag-custom-admin 6.5.5 CSRF.&.XSS LOW" "applicantpro No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ai-auto-tool No.known.fix Subscriber+.SQLi HIGH" "ai-auto-tool 2.1.3 Missing.Authorization MEDIUM" "activedemand No.known.fix Missing.Authorization MEDIUM" "activedemand 0.2.44 Cross-Site.Request.Forgery MEDIUM" "activedemand 0.2.42 Unauthenticated.Arbitrary.File.Upload CRITICAL" "activedemand 0.2.28 Unauthenticated.Post.Creation/Update/Deletion HIGH" "auto-install-free-ssl 3.6.0 Reflected.Cross-Site.Scripting MEDIUM" "automatic-featured-images-from-videos 1.2.5 Missing.Authorization MEDIUM" "amty-thumb-recent-post No.known.fix Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "ajax-content-filter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "autoship-cloud 2.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "autoship-cloud 2.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-form-integration 1.100.0 Admin+.Stored.XSS LOW" "advanced-form-integration 1.100.0 Admin+.Stored.XSS LOW" "advanced-form-integration 1.97.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "advanced-form-integration 1.92.1 Reflected.Cross-Site.Scripting MEDIUM" "advanced-form-integration 1.89.6 Cross-Site.Request.Forgery MEDIUM" "advanced-form-integration 1.82.6 SQL.Injection.to.Reflected.Cross-Site.Scripting.via.integration_id MEDIUM" "advanced-form-integration 1.76.0 Authenticated(Administrator+).SQL.Injection MEDIUM" "advanced-form-integration 1.69.1 Reflected.Cross-Site.Scripting MEDIUM" "advanced-form-integration 1.63.0 Admin+.Stored.XSS LOW" "advanced-form-integration 1.49.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "autocomplete-location-field-contact-form-7-pro 2.0 Admin+.Store.Cross-Site.Scripting LOW" "audio-merchant No.known.fix Cross-Site.Request.Forgery.to.Settings.Modifcation.and.Stored.Cross-Site.Scripting MEDIUM" "audio-merchant No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "a3-portfolio 3.1.1 Author+.Stored.XSS MEDIUM" "ap-companion 1.0.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "app-ads-txt 1.1.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "app-ads-txt 1.1.7.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "agendapress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "agendapress 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "agendapress 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ap-contact-form 1.0.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "af-companion 1.2.0 1.1.2.-.Arbitrary.Plugin.Installation.&.Activation.via.CSRF HIGH" "ajax-comment-form-cst No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "addon-library No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "absolute-reviews 1.1.4 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.Criteria.Name MEDIUM" "absolute-reviews 1.0.9 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "admin-form No.known.fix Authenticated.(Admin+).PHP.Object.Injection HIGH" "admin-form No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "admin-form 1.9.1 Cross-Site.Request.Forgery MEDIUM" "admin-form 1.9.1 Reflected.Cross-Site.Scripting MEDIUM" "akismet-privacy-policies No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ad-swapper No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "abcsubmit No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "anant-addons-for-elementor 1.1.9 Arbitrary.Plugin.Installation.via.CSRF MEDIUM" "anant-addons-for-elementor 1.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "arca-payment-gateway 1.3.4 Stored.XSS.via.CSRF HIGH" "all-embed-addons-for-elementor 1.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "auto-rename-media-on-upload 1.1.0 Admin+.Stored.XSS LOW" "automation-web-platform 3.0.18 Unauthenticated.Privilege.Escalation CRITICAL" "automatewoo 5.7.6 Cross-Site.Request.Forgery MEDIUM" "automatewoo 5.7.6 Missing.Authorization MEDIUM" "automatewoo 5.7.2 ShopManager+.SQLi MEDIUM" "automatewoo 5.7.2 Cross-Site.Request.Forgery MEDIUM" "aptivada-for-wp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "azw-woocommerce-file-uploads No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "azw-woocommerce-file-uploads No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "activitytime 1.1.2 Reflected.Cross-Site.Scripting MEDIUM" "activitytime 1.1.0 Unauthenticated.SQL.Injection HIGH" "activitytime 1.0.9 Unauthenticated.SQL.injection HIGH" "activitytime 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "amtythumb No.known.fix Subscriber+.SQLi HIGH" "attire-blocks 1.9.7 Cross-Site.Request.Forgery MEDIUM" "attire-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "attire-blocks 1.9.3 Missing.Authorization MEDIUM" "advanced-custom-fields 6.3.9 Admin+.Remote.Code.Execution MEDIUM" "advanced-custom-fields 6.3.6.3 Admin+.Remote.Code.Execution MEDIUM" "advanced-custom-fields 6.3.9 Admin+.Stored.XSS LOW" "advanced-custom-fields 6.3.6.3 Admin+.Stored.XSS LOW" "advanced-custom-fields 6.3 Contributor+.Custom.Field.Access LOW" "advanced-custom-fields 6.2.5 Contributor+.Stored.Cross-Site.Scripting.via.Custom.Field MEDIUM" "advanced-custom-fields 6.1.6 Reflected.XSS HIGH" "advanced-custom-fields 5.12.5 Contributor+.PHP.Object.Injection MEDIUM" "advanced-custom-fields 6.1.0 Contributor+.PHP.Object.Injection MEDIUM" "advanced-custom-fields 5.12.3 Unauthenticated.File.Upload MEDIUM" "advanced-custom-fields 5.12.1 Contributor+.Database.Information.Access MEDIUM" "advanced-custom-fields 5.11 Subscriber+.Arbitrary.ACF.Data/Field.Groups.View.and.Fields.Move MEDIUM" "advanced-custom-fields 5.8.12 Cross-Site.Scripting.in.Select2.dropdowns MEDIUM" "advanced-custom-fields 5.7.12 Unserialize.of.user.input MEDIUM" "auto-ftp No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "acf-engine No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ai-content-generator No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "add-widgets-to-page No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "amazing-hover-effects No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "authors-list 2.0.6.1 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "authors-list 2.0.5 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "authors-list 2.0.3 Reflected.Cross-Site.Scripting HIGH" "ap-custom-testimonial 1.4.8 Admin+.SQL.Injection MEDIUM" "ap-custom-testimonial 1.4.8 Reflected.Cross-Site.Scripting MEDIUM" "ap-custom-testimonial 1.4.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "authldap 2.5.9 Settings.Update.via.CSRF MEDIUM" "authldap 2.6.2 Admin+.Stored.XSS LOW" "addify-order-tracking-for-woocommerce 1.0.2 Multiple.CSRF MEDIUM" "am-lottieplayer 3.5.4 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Uploaded.Lottie.File MEDIUM" "ai-engine 2.8.4 2.8.3.-.Subscriber+.Privilege.Escalation.via.MCP HIGH" "ai-engine 2.6.5 Admin+.SQLi MEDIUM" "ai-engine 2.4.8 Admin+.SQLi MEDIUM" "ai-engine 2.5.1 Admin+.RCE MEDIUM" "ai-engine 2.4.8 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "ai-engine 2.2.70 Authenticated.(Editor+).Arbitrary.File.Upload CRITICAL" "ai-engine 2.1.5 Authenticated.(Editor+).Server-Side.Request.Forgery MEDIUM" "ai-engine 2.2.1 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "ai-engine 2.1.5 Editor+.Arbitrary.File.Upload.via.add_image_from_url MEDIUM" "ai-engine 1.9.99 Unauthenticated.Arbitrary.File.Upload CRITICAL" "ai-engine 1.6.83 Admin+.Stored.XSS LOW" "add-hierarchy-parent-to-post 3.13 Reflected.Cross-Site.Scripting MEDIUM" "acme-divi-modules No.known.fix Missing.Authorization MEDIUM" "about-me-3000 No.known.fix Administrator.Stored.Cross-Site.Scripting MEDIUM" "about-me-3000 No.known.fix CSRF MEDIUM" "ajax-add-to-cart-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ajax-add-to-cart-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "addify-free-gifts-woocommerce 1.0.2 Multiple.CSRF MEDIUM" "atomchat No.known.fix Missing.Authorization MEDIUM" "atomchat No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "atomchat 1.1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.atomchat.Shortcode MEDIUM" "atomchat 1.1.5 Unauthenticated.Credits.Update MEDIUM" "bilingual-linker 2.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blockypage No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "blockypage No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bluetrait-event-viewer No.known.fix Settings.Update.via.CSRF MEDIUM" "base64-encoderdecoder No.known.fix Stored.XSS.via.CSRF HIGH" "base64-encoderdecoder No.known.fix Reflected.XSS HIGH" "base64-encoderdecoder No.known.fix Settings.Reset.via.CSRF MEDIUM" "bricksforge 2.1.1 Missing.Authorization.to.Unauthenticated.WordPress.Settings.Update MEDIUM" "bricksforge 2.1.1 Missing.Authorization.to.Unauthenticated.Arbitrary.Email.Sending MEDIUM" "bricksforge 2.1.1 Missing.Authorization.to.Unauthenticated.WordPress.Settings.Deletion MEDIUM" "builder-shortcode-extras No.known.fix Authenticated.(Contributor+).Post.Disclosure MEDIUM" "bet-wc-2018-russia No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "better-click-to-tweet 5.10.4 Settings.Update.via.CSRF MEDIUM" "buddypress-giphy 1.5.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "buddyforms-remote 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "booster-elite-for-woocommerce 7.1.8 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "booster-elite-for-woocommerce 7.1.2 .Missing.Authorization.to.Order.Information.Disclosure MEDIUM" "booster-elite-for-woocommerce 7.1.3 Subscriber+.Content.Injection MEDIUM" "booster-elite-for-woocommerce 6.0.1 Multiple.CSRF MEDIUM" "booster-elite-for-woocommerce 6.0.0 Reflected.Cross-Site.Scripting HIGH" "booster-elite-for-woocommerce 1.1.8 Custom.Role.Creation/Deletion.via.CSRF MEDIUM" "booster-elite-for-woocommerce 1.1.7 ShopManager+.Arbitrary.File.Download MEDIUM" "booster-elite-for-woocommerce 1.1.7 Checkout.Files.Deletion.via.CSRF LOW" "booster-elite-for-woocommerce 1.1.3 Subscriber+.Order.Status.Update MEDIUM" "belingogeo No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "bible-text No.known.fix Contributor+.Stored.XSS MEDIUM" "badgearoo No.known.fix Reflected.XSS HIGH" "badgearoo No.known.fix Admin+.Stored.XSS LOW" "bakkbone-florist-companion 7.3.0 Reflected.Cross-Site.Scripting MEDIUM" "bakkbone-florist-companion 7.4.0 Missing.Authorization.to.Arbitrary.Content.Deletion MEDIUM" "bakkbone-florist-companion 7.4.0 Missing.Authorization.to.Sensitive.Data.Exposure MEDIUM" "bemax-elementor No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bank-mellat 2.0.1 Reflected.Cross-Site.Scripting HIGH" "badgeos No.known.fix Missing.Authorization MEDIUM" "badgeos No.known.fix Missing.Authorization.in.delete_badgeos_log_entries MEDIUM" "badgeos No.known.fix Subscriber+.IDOR MEDIUM" "badgeos No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "badgeos No.known.fix CSRF MEDIUM" "badgeos 3.7.1.3 Subscriber+.SQLi HIGH" "badgeos 3.7.1 Unauthenticated.SQLi HIGH" "breakdance 2.0.0 Missing.Authorization MEDIUM" "breakdance 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "breakdance 1.7.2 Authenticated.(Contributor+).Remote.Code.Execution HIGH" "breakdance 1.7.1 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.custom.postmeta MEDIUM" "backup-backup 1.4.6.1 Unauthenticated.PHP.Object.Injection.via.'recursive_unserialize_replace' HIGH" "backup-backup 1.4.4 Information.Exposure.via.Log.Files MEDIUM" "backup-backup 1.4.0 Unauthenticated.Path.Traversal.to.Arbitrary.File.Deletion HIGH" "backup-backup 1.4.0 Authenticated.(Admin+).OS.Command.Injection.via.url MEDIUM" "backup-backup 1.4.0 1.3.9.-.Remote.File.Inclusion.via.content-dir HIGH" "backup-backup 1.3.8 Unauthenticated.RCE CRITICAL" "backup-backup 1.3.6 Sensitive.Data.Exposure HIGH" "backup-backup 1.3.7 Unauthenticated.Arbitrary.File.Download.to.Sensitive.Information.Exposure HIGH" "backup-backup 1.3.0 Cross-Site.Request.Forgery MEDIUM" "backup-backup 1.2.8 Plugin.Installation.via.CSRF MEDIUM" "backup-backup 1.2.8 Subscriber+.Plugin.Installation MEDIUM" "backup-backup 1.1.6 Admin+.Stored.Cross-Site.Scripting MEDIUM" "bulk-woocommerce-category-creator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bulk-woocommerce-category-creator No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "backup-database No.known.fix Admin+.Stored.XSS LOW" "back-to-the-top-button 2.1.7 Admin+.Stored.XSS LOW" "blackhole-bad-bots 3.3.2 Arbitrary.IP.Address.Blocking.via.IP.Spoofing HIGH" "bulk-image-alt-text-with-yoast 1.4.5.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buddyboss-platform 2.8.51 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.'invitee_name' MEDIUM" "buddyboss-platform 2.8.51 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.'bp_nouveau_ajax_media_save'.function MEDIUM" "buddyboss-platform 2.8.51 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.'bbp_topic_title' MEDIUM" "buddyboss-platform 2.8.00 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.'link_title' MEDIUM" "buddyboss-platform 2.6.0 Insecure.Direct.Object.Reference.on.Like.Comment MEDIUM" "buddyboss-platform 2.7.60 Private.Comment.Exposure.via.IDOR MEDIUM" "buddyboss-platform 1.7.9 Subscriber+.SQL.Injection MEDIUM" "block-for-font-awesome 1.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "block-for-font-awesome 1.4.1 Block.for.Font.Awesome.<.1,4,1.-Settings.Update.via.CSRF MEDIUM" "blue-wrench-videos-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bg-patriarchia-bu No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bulk-datetime-change 1.12 Missing.Authorisation MEDIUM" "buooy-sticky-header No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "blockmeister 3.1.11 Reflected.Cross-Site.Scripting MEDIUM" "blockmeister 3.1.10 Reflected.Cross-Site.Scripting MEDIUM" "blockmeister 3.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bws-testimonials 0.1.9 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "bit-integrations 2.5.0 Open.Redirect HIGH" "b-blocks 2.0.1 The.ultimate.block.collection.<.2.0.1.-.Contributor+.Stored.XSS MEDIUM" "blrt-wp-embed No.known.fix Reflected.Cross-Site.Scripting HIGH" "blrt-wp-embed No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "buddyforms-members 1.4.12 Reflected.Cross-Site.Scripting MEDIUM" "bulk-term-editor No.known.fix Cross-Site.Request.Forgery MEDIUM" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.7.0 Authenticated.(Admin+).Arbitrary.File.Upload HIGH" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.6.7 Reflected.Cross-Site.Scripting MEDIUM" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.6.2 Authenticated.(Subscriber+).SQL.Injection HIGH" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.5 Cross-Site.Request.Forgery MEDIUM" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.5 Unauthenticated.Information.Exposure MEDIUM" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.5 Authenticated.(Subscriber+).SQL.Injection HIGH" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.4 Unauthenticated.Privilege.Escalation CRITICAL" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.4 Missing.Authorization MEDIUM" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.4 Missing.Authorization MEDIUM" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.4 Reflected.Cross-Site.Scripting MEDIUM" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.2 Unauthenticated.Arbitrary.File.Upload.via.uploadFile CRITICAL" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.2 Unauthenticated.SQL.Injection.via.userToken CRITICAL" "bdthemes-prime-slider-lite 3.16.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bdthemes-prime-slider-lite 3.15.19 Addons.For.Elementor.(Revolution.of.a.slider,.Hero.Slider,.Ecommerce.Slider.<.3.15.19.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Blog.Widget MEDIUM" "bdthemes-prime-slider-lite 3.14.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Pacific.Widget MEDIUM" "bdthemes-prime-slider-lite 3.14.2 Contributor+.Stored.XSS.via.Pagepiling.Widget MEDIUM" "bdthemes-prime-slider-lite 3.14.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bdthemes-prime-slider-lite 3.14.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "bdthemes-prime-slider-lite 3.13.3 Contributor+.Stored.Cross-Site.Scripting.via.Rubix.Widget MEDIUM" "bdthemes-prime-slider-lite 3.13.3 Contributor+.Stored.Cross-Site.Scripting.via.Mercury.Widget MEDIUM" "bdthemes-prime-slider-lite 3.13.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Fiestar.Widget MEDIUM" "bdthemes-prime-slider-lite 3.11.11 Incorrect.Authorization.via.bdt_duplicate_as_draft MEDIUM" "bdthemes-prime-slider-lite 3.8.3 Reflected.Cross-Site.Scripting MEDIUM" "bdthemes-prime-slider-lite 2.7.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "blog2social 8.4.5 Authenticated.(Subscriber+).SQL.Injection.via.`prgSortPostType`.Parameter MEDIUM" "blog2social 8.4.0 Contributor+.Stored.XSS MEDIUM" "blog2social 7.5.5 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.File.Upload MEDIUM" "blog2social 7.4.2 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "blog2social 7.5.0 Information.Exposure MEDIUM" "blog2social 7.2.1 Reflected.XSS HIGH" "blog2social 6.9.12 Subscriber+.Settings.Update MEDIUM" "blog2social 6.9.10 Subscriber+.SQLi HIGH" "blog2social 6.9.10 Subscriber+.SSRF MEDIUM" "blog2social 6.8.7 Reflected.Cross-Site.Scripting HIGH" "blog2social 6.3.1 Authenticated.SQL.Injection CRITICAL" "blog2social 5.9.0 Cross-Site.Scripting.Issue MEDIUM" "blog2social 5.6.0 SQL.Injection CRITICAL" "blog2social 5.0.3 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "bug-library 2.1.5 Authenticated.(Contributor+).SQL.Injection MEDIUM" "bug-library 2.1.2 Admin+.Stored.XSS LOW" "bug-library 2.1.1 Unauthenticated.RCE CRITICAL" "bug-library 2.0.4 Reflected.Cross-Site.Scripting MEDIUM" "business-profile 2.1.7 Subscriber+.Page.Creation.&.Settings.Update.to.Stored.XSS MEDIUM" "buttons-shortcode-and-widget No.known.fix Stored.XSS.via.shortcode MEDIUM" "buttons-shortcode-and-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "bon-toolkit No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bdthemes-element-pack-lite 5.11.3 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "bdthemes-element-pack-lite 5.10.30 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bdthemes-element-pack-lite 5.10.29 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "bdthemes-element-pack-lite 5.10.15 Addons.for.Elementor.<.5.10.15.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bdthemes-element-pack-lite 5.10.13 Missing.Authorization MEDIUM" "bdthemes-element-pack-lite 5.10.6 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.Lightbox.Widget MEDIUM" "bdthemes-element-pack-lite 5.10.3 Contributor+.Stored.XSS MEDIUM" "bdthemes-element-pack-lite 5.10.3 Contributor+.Stored.XSS MEDIUM" "bdthemes-element-pack-lite 5.10.3 Authenticated.(Contributor+.Stored.Cross-Site.Scripting.via.Open.Map.Widget MEDIUM" "bdthemes-element-pack-lite 5.10.3 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "bdthemes-element-pack-lite 5.10.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Age.Gate MEDIUM" "bdthemes-element-pack-lite 5.10.2 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.Custom.Gallery.Widget MEDIUM" "bdthemes-element-pack-lite 5.7.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bdthemes-element-pack-lite 5.7.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Custom.Gallery.and.Countdown.Widgets MEDIUM" "bdthemes-element-pack-lite 5.7.7 Contributor+.Stored.XSS.via.title_tag MEDIUM" "bdthemes-element-pack-lite 5.7.3 Authenticated.(Contributor+).Arbitrary.File.Read MEDIUM" "bdthemes-element-pack-lite 5.6.12 Contributor+.Stored.XSS MEDIUM" "bdthemes-element-pack-lite 5.6.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bdthemes-element-pack-lite 5.6.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bdthemes-element-pack-lite 5.6.12 Contributor+.Stored.XSS.via.onclick.events MEDIUM" "bdthemes-element-pack-lite 5.6.4 Form.Submission.Admin.Email.Bypass MEDIUM" "bdthemes-element-pack-lite 5.6.2 Contributor+.Stored.XSS MEDIUM" "bdthemes-element-pack-lite 5.6.1 Contributor+.Stored.XSS.via.Panel.Slider.Widget MEDIUM" "bdthemes-element-pack-lite 5.6.1 Contributor+.Stored.XSS.via.Price.List.Widget MEDIUM" "bdthemes-element-pack-lite 5.6.0 Sensitive.Information.Exposure.via..element_pack_ajax_search MEDIUM" "bdthemes-element-pack-lite 5.5.4 Contributor+.Stored.XSS.via.Trailer.Box.Widget MEDIUM" "bdthemes-element-pack-lite 5.3.3 Contributor+.Stored.XSS.via.Custom.Gallery.Widget MEDIUM" "bdthemes-element-pack-lite 5.5.4 Authenticated.(Contributor+).SQL.Injection MEDIUM" "bdthemes-element-pack-lite 5.5.4 Contributor+.Stored.XSS MEDIUM" "bdthemes-element-pack-lite 5.4.12 Missing.Authorization.via.bdt_duplicate_as_draft MEDIUM" "bdthemes-element-pack-lite 5.2.1 Reflected.Cross-Site.Scripting MEDIUM" "buddypress-hashtags 2.7.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "backuply 1.3.5 Authenticated.(Admin+).SQL.Injection CRITICAL" "backuply 1.2.8 Admin+.Directory.Traversal MEDIUM" "backuply 1.2.6 Backup,.Restore,.Migrate.and.Clone.<.1.2.6.-..Unauthenticated.Denial.of.Service HIGH" "backuply 1.2.4 Admin+.Directory.Traversal MEDIUM" "bxslider-wp No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "blogger-301-redirect No.known.fix Unauthenticated.SQL.Injection.via.br HIGH" "buddyforms-woocommerce-form-elements 1.4.4 Reflected.Cross-Site.Scripting MEDIUM" "breezing-forms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ban-users No.known.fix Subscriber+.Settings.Update.&.Privilege.Escalation.via.Missing.Authorization HIGH" "browser-caching-with-htaccess No.known.fix Cross-Site.Request.Forgery MEDIUM" "broken-link-manager No.known.fix Authenticated.(admin+).SQL.Injection MEDIUM" "broken-link-manager 0.6.0 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "broken-link-manager 0.5.0 Unauthenticated.SQL.Injection.&.XSS CRITICAL" "better-wlm-api 1.1.5 Reflected.Cross-Site.Scripting MEDIUM" "better-wlm-api 1.1.4 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "bitly-linker No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bookster 1.2.0 Unauthenticated.Appointment.Status.Update MEDIUM" "bootstrap-shortcodes No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "bp-activity-plus-reloaded No.known.fix Missing.Authorization MEDIUM" "bp-activity-plus-reloaded 1.1.2 Authenticated.(Subscriber+).Blind.Server-Side.Request.Forgery MEDIUM" "booking-and-rental-manager-for-woocommerce 2.3.9 Missing.Authorization MEDIUM" "booking-and-rental-manager-for-woocommerce 2.3.7 Missing.Authorization MEDIUM" "booking-and-rental-manager-for-woocommerce 2.2.9 Missing.Authorization MEDIUM" "booking-and-rental-manager-for-woocommerce 2.2.9 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "booking-and-rental-manager-for-woocommerce 2.2.7 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "booking-and-rental-manager-for-woocommerce 2.2.2 Missing.Authorization MEDIUM" "booking-and-rental-manager-for-woocommerce 2.2.2 Reflected.Cross-Site.Scripting MEDIUM" "booking-and-rental-manager-for-woocommerce 1.2.2 Admin+.Stored.XSS LOW" "bridge-core 3.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bridge-core 3.3.1 Missing.Authorization MEDIUM" "bridge-core 3.3.1 Missing.Authorization.to.Authenticated.(Subscriber+).Demo.Import MEDIUM" "bridge-core 3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "bridge-core 3.1.0 Reflected.XSS HIGH" "boldgrid-easy-seo 1.6.15 Information.Exposure MEDIUM" "boldgrid-easy-seo 1.6.14 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Meta.Description MEDIUM" "benaa-framework No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "benaa-framework No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "benaa-framework No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Updates MEDIUM" "bp-create-group-type No.known.fix Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "bulletin-announcements 3.12 Reflected.Cross-Site.Scripting HIGH" "bulletin-announcements 3.9.0 Authenticated.(Administrator+).SQL.Injection HIGH" "bulletin-announcements 3.8.0 Reflected.Cross-Site.Scripting MEDIUM" "bulletin-announcements 3.7.0 Subscriber+.Unauthorized.Access.and.Modification MEDIUM" "bulletin-announcements 3.7.1 Cross-Site.Request.Forgery MEDIUM" "bulletin-announcements 3.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "brand-my-footer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bing-site-verification-using-meta-tag No.known.fix Admin+.Stored.XSS LOW" "bacon-ipsum No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "birthdays-widget No.known.fix Admin+.Stored.Cross.Site.Scripting LOW" "blog-designer-pack 4.0.1 Unauthenticated.Local.File.Inclusion CRITICAL" "blog-designer-pack 3.4.2 Unauthenticated.Remote.Code.Execution.via.Local.File.Inclusion HIGH" "blog-designer-pack 3.4.1 Reflected.Cross-Site.Scripting MEDIUM" "blog-designer-pack 3.3 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "blog-designer-pack 2.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bp-greeting-message No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bp-activity-filter 2.8.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "browser-address-bar-color 3.4.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "bestbooks No.known.fix Unauthenticated.SQLi HIGH" "bigbuy-wc-dropshipping-connector 2.0.1 Unauthenticated.Full.Path.Disclosute MEDIUM" "bulk-page-stub-creator 1.2 Reflected.Cross-Site.Scripting HIGH" "bnfw 1.7 Reflected.Cross-Site.Scripting MEDIUM" "bnfw 1.9.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "bnfw 1.8.7 Email.Address.Disclosure MEDIUM" "booking-calendar-and-notification No.known.fix Unauthenticated.SQL.Injection HIGH" "booking-calendar-and-notification No.known.fix Authentication.Bypass CRITICAL" "booking-calendar-and-notification No.known.fix Missing.Authorization.via.wpcb_all_bookings,.wpcb_update_booking_post,.and.wpcb_delete_posts.Functions MEDIUM" "branda-white-labeling 3.4.22 Reflected.Cross-Site.Scripting MEDIUM" "branda-white-labeling 3.4.19 Unauthenticated.Full.Path.Disclosure MEDIUM" "branda-white-labeling 3.4.18 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "branda-white-labeling 3.4.18 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.Upload MEDIUM" "branda-white-labeling 3.4.15 IP.Spoofing MEDIUM" "booking-activities 1.15.20 Reflected.Cross-Site.Scripting MEDIUM" "bacola-core No.known.fix Reflected.Cross-Site.Scripting HIGH" "boo-recipes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bdthemes-element-pack 8.0.0 Cross-Site.Request.Forgery MEDIUM" "bdthemes-element-pack 8.0.0 Missing.Authorization MEDIUM" "bdthemes-element-pack 7.9.1 Addon.for.Elementor.Page.Builder.WordPress.Plugin.<.7.9.1.-.Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Wrapper.Link.URL MEDIUM" "bdthemes-element-pack 7.19.3 Contributor+.Arbitrary.File.Read.and.PHAR.Deserialization CRITICAL" "benchmark-email-lite 4.2 Cross-Site.Request.Forgery.via.page_settings() MEDIUM" "bookingcom-banner-creator No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bookingcom-banner-creator 1.4.3 Admin+.Stored.Cross-Site.Scripting LOW" "bbpowerpack 2.37.4 Reflected.Cross-Site.Scripting MEDIUM" "bbpowerpack 2.33.1 Contributor+.Privilege.Escalation HIGH" "bard-extra 1.2.8 Missing.Authorization.to.Authenticated.(Subscriber+).Demo.Import MEDIUM" "background-animation-blocks No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "blogbuzztime-for-wp No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "blog-designer-pro No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "blog-designer-pro No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "block-spam-by-math-reloaded No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "block-spam-by-math-reloaded No.known.fix Missing.Authorization MEDIUM" "button-contact-vr 4.7.10 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "button-contact-vr 4.7.8 Admin+.Stored.XSS LOW" "button-contact-vr 4.7.7 Admin+.Stored.XSS LOW" "bpcustomerio No.known.fix Arbitrary.Plugin.Settings.Update.via.CSRF MEDIUM" "broken-link-checker-for-youtube No.known.fix Cross-Site.Request.Forgery.via.plugin_settings_page() MEDIUM" "billingo 3.4.0 ShopManager+.Stored.XSS MEDIUM" "bbpress-notify-nospam 2.18.4 Reflected.Cross-Site.Scripting MEDIUM" "bulk-attachment-download 1.3.7 Reflected.Cross-Site.Scripting MEDIUM" "bulk-attachment-download 1.3.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "beautiful-taxonomy-filters No.known.fix Unauthenticated.SQL.Injection HIGH" "booking 10.11.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpbc.Shortcode MEDIUM" "booking 10.10.1 Unauthenticated.Post-Confirmation.Booking.Manipulation MEDIUM" "booking 10.9.3 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.'booking'.Shortcode MEDIUM" "booking 10.6.5 Admin+.Stored.XSS LOW" "booking 10.6.3 Admin+.Stored.XSS LOW" "booking 10.6.1 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "booking 10.5.1 Reflected.Cross-Site.Scripting MEDIUM" "booking 10.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.bookingform.Shortcode MEDIUM" "booking 9.9.1 Unauthenticated.SQL.Injection CRITICAL" "booking 9.7.4 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "booking 9.7.3.1 Unauthenticated.Stored.XSS HIGH" "booking 9.2.2 Arbitrary.Translation.Update.via.CSRF MEDIUM" "booking 9.1.1 PHP.Object.Injection HIGH" "booking 8.9.2 Reflected.Cross-Site.Scripting HIGH" "booking 8.4.5.15 SQL.Injection HIGH" "bamboo-enquiries No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bmo-expo No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "bp-activity-social-share 3.2.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "bp-member-type-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "business-card-block 1.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "buddyforms-hook-fields 1.3.2 Reflected.Cross-Site.Scripting MEDIUM" "bulk-edit-user-profiles-in-spreadsheet 1.5.25 Reflected.Cross-Site.Scripting MEDIUM" "bulk-edit-user-profiles-in-spreadsheet 1.5.14 Admin+.Stored.Cross-Site.Scripting LOW" "bulk-edit-user-profiles-in-spreadsheet 1.5.13 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "book-buyback-prices No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "book-buyback-prices No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bulk-me-now No.known.fix Reflected.XSS HIGH" "bulk-me-now No.known.fix Message.Deletion.via.CSRF MEDIUM" "bulk-me-now No.known.fix Stored.XSS.via.Shortcode HIGH" "bunnycdn 2.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bunnycdn 2.0.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "bold-pagos-en-linea 3.1.5 Reflected.Cross-Site.Scripting HIGH" "blizzard-quotes No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "buk-appointments No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blog-manager-wp No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "boxers-and-swipers No.known.fix Author+.Stored.XSS MEDIUM" "beacon-for-helpscout No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "booking-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "booking-for-woocommerce 4.2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "better-messages-wc-vendors-integration 1.0.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bp-check-in 1.9.4 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "block-referer-spam 1.1.9.5 Admin+.Stored.XSS LOW" "buddyforms-posts-to-posts-integration 1.1.4 Reflected.Cross-Site.Scripting MEDIUM" "block-specific-plugin-updates 3.3.2 Arbitrary.Plugin.Update.Blocking.via.CSRF MEDIUM" "bulk-image-resizer No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Options.Update MEDIUM" "betterlinks 2.1.8 Authenticated.(Administrator+).SQL.Injection MEDIUM" "betterlinks 1.6.1 Improper.Authorization.to.Data.Import.and.Export MEDIUM" "betterlinks 1.2.6 Admin+.Stored.Cross-Site.Scripting LOW" "blobinator 2.3 Unauthorised.AJAX.call.via.CSRF MEDIUM" "bp-better-messages 2.7.0 Unauthenticated.Sensitive.Information.Exposure.Through.Unprotected.Directory HIGH" "bp-better-messages 2.7.5 Unauthenticated.Limited.Server-Side.Request.Forgery.in.nice_links MEDIUM" "bp-better-messages 2.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "bp-better-messages 2.4.33 Missing.Authorization MEDIUM" "bp-better-messages 2.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "bp-better-messages 2.1.18 Reflected.Cross-Site.Scripting MEDIUM" "bp-better-messages 1.9.10.71 Subscriber+.Messaging.Block.Bypass MEDIUM" "bp-better-messages 1.9.10.69 Subscriber+.SSRF MEDIUM" "bp-better-messages 1.9.10.58 Subscriber+.Denial.Of.Service MEDIUM" "bp-better-messages 1.9.9.170 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bp-better-messages 1.9.9.149 Cross-Site.Request.Forgery MEDIUM" "bp-better-messages 1.9.9.149 File.Upload.via.CSRF LOW" "bp-better-messages 1.9.9.41 Reflected.Cross-Site.Scripting HIGH" "bp-better-messages 1.9.9.41 Multiple.CSRF MEDIUM" "board-document-manager-from-chuhpl No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bible-embed No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "bee-layer-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "better-elementor-addons 1.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "better-elementor-addons 1.4.2 Authenticated(Contributor+).Local.File.Inclusion HIGH" "better-elementor-addons 1.4.2 Contributor+.Stored.XSS MEDIUM" "better-elementor-addons 1.3.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "better-elementor-addons 1.3.9 Subscriber+.Settings.Update./.Reset MEDIUM" "better-elementor-addons 1.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bws-pinterest 1.0.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "buybox-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "book-a-room No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "booster-plus-for-woocommerce 7.2.5 Reflected.Cross-Site.Scripting MEDIUM" "booster-plus-for-woocommerce 7.1.3 Missing.Authorization.to.Arbitrary.Options.Disclosure MEDIUM" "booster-plus-for-woocommerce 7.1.2 Missing.Authorization.to.Order.Information.Disclosure MEDIUM" "booster-plus-for-woocommerce 7.1.2 Missing.Authorization.to.Arbitrary.Page/Post.Deletion MEDIUM" "booster-plus-for-woocommerce 6.0.1 Multiple.CSRF MEDIUM" "booster-plus-for-woocommerce 6.0.0 Reflected.Cross-Site.Scripting HIGH" "booster-plus-for-woocommerce 5.6.6 Custom.Role.Creation/Deletion.via.CSRF MEDIUM" "booster-plus-for-woocommerce 5.6.5 Checkout.Files.Deletion.via.CSRF LOW" "booster-plus-for-woocommerce 5.6.5 ShopManager+.Arbitrary.File.Download MEDIUM" "booster-plus-for-woocommerce 5.6.1 Subscriber+.Order.Status.Update MEDIUM" "bws-latest-posts 0.3 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "blog-posts-and-category-for-elementor 2.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blog-posts-and-category-for-elementor 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.and.Category.Filter.Widget MEDIUM" "backlink-monitoring-manager No.known.fix Reflected.XSS HIGH" "bold-page-builder 5.3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.additional_settings.Parameter MEDIUM" "bold-page-builder 5.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'data-text'.Parameter MEDIUM" "bold-page-builder 5.3.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "bold-page-builder 5.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bold-page-builder 5.1.6 Authenticated.(Editor+).Path.Traversal LOW" "bold-page-builder 5.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bold-page-builder 5.1.4 Missing.Authorization MEDIUM" "bold-page-builder 5.1.1 -.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bold-page-builder 5.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bold-page-builder 5.0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.bt_bb_button.Shortcode MEDIUM" "bold-page-builder 4.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via."Price.List".Element MEDIUM" "bold-page-builder 4.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.AI.Features MEDIUM" "bold-page-builder 4.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.HTML.Tags MEDIUM" "bold-page-builder 4.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Separator.Element MEDIUM" "bold-page-builder 4.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.bt_bb_price_list.Shortcode MEDIUM" "bold-page-builder 4.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Widget.URL.Attribute MEDIUM" "bold-page-builder 4.7.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.class MEDIUM" "bold-page-builder 4.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.URL MEDIUM" "bold-page-builder 4.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Icon.Link MEDIUM" "bold-page-builder 4.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Raw.Content MEDIUM" "bold-page-builder 4.7.0 Contributor+.Stored.XSS MEDIUM" "bold-page-builder 4.3.3 Admin+.Stored.Cross-Site.Scripting MEDIUM" "bold-page-builder 3.1.6 PHP.Object.Injection MEDIUM" "bold-page-builder 2.3.2 Missing.Access.Controls HIGH" "blocks No.known.fix Admin+.Stored.XSS LOW" "backtotop No.known.fix Cross-Site.Request.Forgery MEDIUM" "beautiful-and-responsive-cookie-consent 2.10.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "beautiful-and-responsive-cookie-consent 2.10.2 Unauthenticated.Stored.XSS HIGH" "beautiful-and-responsive-cookie-consent 2.9.1 Admin+.Stored.XSS LOW" "brutebank 1.9 WP.Security.&.Firewall.<.1.9.-.Settings.Update.via.CSRF MEDIUM" "bookly-responsive-appointment-booking-tool 23.3 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.Color.Profile.Parameter MEDIUM" "bookly-responsive-appointment-booking-tool 22.5 Admin+.Stored.XSS LOW" "bookly-responsive-appointment-booking-tool 22.4 Admin+.SQLi MEDIUM" "bookly-responsive-appointment-booking-tool 21.8 Admin+.Stored.Cross-Site.Scripting.via.service.titles MEDIUM" "bookly-responsive-appointment-booking-tool 21.6 Unauthenticated.Stored.XSS HIGH" "bookly-responsive-appointment-booking-tool 20.3.1 Staff.Member.Stored.Cross-Site.Scripting MEDIUM" "bookly-responsive-appointment-booking-tool 14.5 Bookly.#1.WordPress.Booking.Plugin.(Lite).<.14,5.–.Unauthenticated.Blind.Stored.XSS MEDIUM" "blog-sidebar-widget 1.0.6 Reflected.Cross-Site.Scripting MEDIUM" "blog-sidebar-widget No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "booster-extension No.known.fix Basic.Information.Exposure.via.booster_extension_authorbox_shortcode_display MEDIUM" "becustom 1.0.5.3 Settings.Update.via.CSRF MEDIUM" "bread-butter 7.5.880 Contributor+.Stored.XSS MEDIUM" "bc-woo-custom-thank-you-pages 1.4.14 Missing.Authorization MEDIUM" "bulk-comment-remove No.known.fix Cross-Site.Request.Forgery.via.brc_admin() MEDIUM" "bunnys-print-css No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "boom-fest 2.2.2 Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Settings.Update MEDIUM" "bns-featured-category No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "biagiotti-membership 1.1 Authentication.Bypass.via.biagiotti_membership_check_facebook_user CRITICAL" "back-in-stock-notifier-for-woocommerce 5.3.2 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "blocks-bakery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "blocks-bakery No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bbpress2-shortcode-whitelist No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "better-anchor-links No.known.fix Cross-Site.Request.Forgery.via.admin/options.php MEDIUM" "brizy No.known.fix Contributor+.Stored.XSS MEDIUM" "brizy 2.6.9 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "brizy 2.6.5 Authenticated.(Contributor+).Arbitrary.File.Upload.via.storeUploads CRITICAL" "brizy 2.5.2 Cross-Site.Request.Forgery MEDIUM" "brizy 2.4.45 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "brizy 2.4.45 Missing.Authorization.to.Authenticated.(Contributor+).Post.Modification HIGH" "brizy 2.4.44 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Form.Functionality MEDIUM" "brizy 2.4.44 Unauthenticated.Stored.Cross-Site.Scripting.via.Form HIGH" "brizy 2.4.44 Authenticated.(Contributor+).Store.Cross-Site.Scripting.via.Widget.Link.To.URL HIGH" "brizy 2.4.44 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Custom.Attributes MEDIUM" "brizy 2.4.44 Missing.Authorization MEDIUM" "brizy 2.4.42 Authenticated(Contributor+).Stored.Cross-Site.Scripting HIGH" "brizy 2.4.41 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "brizy 2.4.41 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "brizy 2.4.41 Authenticated.(Contributor+).Directory.Traversal MEDIUM" "brizy 2.4.41 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "brizy 2.4.41 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "brizy 2.4.30 Contributor+.Stored.XSS MEDIUM" "brizy 2.4.2 Contributor+.Stored.Cross-Site.Scripting.via.Element.Content MEDIUM" "brizy 2.4.2 Contributor+.Stored.Cross-Site.Scripting.via.Element.URL MEDIUM" "brizy 2.3.12 Authenticated.File.Upload.and.Path.Traversal HIGH" "brizy 2.3.12 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "brizy 2.3.12 2.3.11.-.Incorrect.Authorization.to.Post.Modification HIGH" "brizy 1.0.126 Page.Builder.<.1.0.126.-.Improper.Access.Controls.on.AJAX.Calls HIGH" "b2i-investor-tools 1.0.8 Reflected.Cross-Site.Scripting MEDIUM" "browser-theme-color 1.4 Settings.Update.via.CSRF MEDIUM" "bricksable 1.6.60 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "boldgrid-backup 1.17.0 Authenticated.(Admin+).Command.Injection HIGH" "boldgrid-backup 1.16.9 Authenticated.(Administrator+).Server-Side.Request.Forgery MEDIUM" "boldgrid-backup 1.16.7 Authenticated.(Administrator+).Remote.Code.Execution.via.Backup.Settings HIGH" "boldgrid-backup 1.15.9 Improper.Authorization.to.Unauthenticated.Arbitrary.File.Download HIGH" "boldgrid-backup 1.14.14 Subscriber+.Backup.Disclosure MEDIUM" "boldgrid-backup 1.14.10 Sensitive.Data.Disclosure.(Server.IP.Address,.UID.etc) MEDIUM" "boldgrid-backup 1.14.10 Unauthenticated.Backup.Download HIGH" "bp-profile-shortcodes-extra No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bp-profile-shortcodes-extra No.known.fix Authenticated.(Contributor+).SQL.Injection.via.tab.Parameter MEDIUM" "bp-profile-shortcodes-extra 2.5.3 Contributor+.Stored.XSS MEDIUM" "blighty-explorer No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "buddyforms-acf 1.3.5 Reflected.Cross-Site.Scripting MEDIUM" "border-loading-bar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "border-loading-bar No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "buddypress-activity-plus 1.6.2 Cross-Site.Request.Forgery.(CSRF) HIGH" "buddypress-sticky-post 1.9.9 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "bamboo-columns No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bp-social-connect No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "bp-social-connect 1.6.2 Authentication.Bypass CRITICAL" "beautiful-link-preview No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "blocks-post-grid No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bp-email-assign-templates 1.7 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "bp-email-assign-templates No.known.fix Missing.Authorization.to.Authorization.Bypass MEDIUM" "bp-email-assign-templates 1.6 Reflected.XSS HIGH" "brave-popup-builder 0.7.1 Cross-Site.Request.Forgery MEDIUM" "brave-popup-builder 0.7.0 Admin+.Stored.XSS LOW" "brave-popup-builder 0.6.6 Unauthenticated.Server-Side.Request.Forgery HIGH" "brave-popup-builder 0.6.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "blog-in-blog No.known.fix Editor+.Local.File.Inclusion.via.Shortcode HIGH" "blog-in-blog No.known.fix Editor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "best-addons-for-elementor No.known.fix Contributor+.Stored.XSS MEDIUM" "before-after-image-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "bravo-translate No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "best-restaurant-menu-by-pricelisto 1.4.3 Missing.Authorization MEDIUM" "best-restaurant-menu-by-pricelisto 1.4.2 Authenticated.(Contributor+).SQL.Injection HIGH" "best-restaurant-menu-by-pricelisto 1.4.0 Settings.Update.via.CSRF MEDIUM" "breadcrumb-simple No.known.fix Admin+.Stored.XSS LOW" "broken-link-checker 2.4.5 Subscriber+.Plugin.Status.Dashboard.View MEDIUM" "broken-link-checker 2.4.2 Admin+.SSRF MEDIUM" "broken-link-checker 2.4.1 Reflected.XSS HIGH" "broken-link-checker 2.2.4 Admin+.Stored.Cross-Site.Scripting LOW" "broken-link-checker 1.11.20 Admin+.Cross-Site.Scripting LOW" "broken-link-checker 1.11.17 Admin+.PHAR.Deserialization MEDIUM" "broken-link-checker 1.11.9 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "broken-link-checker 1.10.9 Unauthenticated.Stored.XSS MEDIUM" "backwp No.known.fix Cross-Site.Request.Forgery MEDIUM" "backup 2.0.9.9 Directory.Listing.Exposing.Backups HIGH" "backup 1.6.9.1 Admin+.Stored.XSS LOW" "backup 1.6.0 Authenticated.Arbitrary.File.Upload CRITICAL" "backup 1.4.1 Subscriber+.Sensitive.Information.Disclosure MEDIUM" "backup 1.4.1 Subscriber+.Arbitrary.Backup.Location.Update MEDIUM" "backup 1.4.0 Arbitrary.File.Upload.via.CSRF HIGH" "backup 1.1.47 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "backup 1.0.3 Authenticated.Arbitrary.File.Upload CRITICAL" "buddyforms No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "buddyforms 2.8.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'buddyforms_nav'.Shortcode MEDIUM" "buddyforms 2.8.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "buddyforms 2.8.13 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "buddyforms 2.8.12 Authenticated.(Contributor+).Privilege.Escalation HIGH" "buddyforms 2.8.10 Email.Verification.Bypass.due.to.Insufficient.Randomness MEDIUM" "buddyforms 2.8.9 Unauthenticated.Arbitrary.File.Read.and.Server-Side.Request.Forgery CRITICAL" "buddyforms 2.8.6 Reflected.Cross-Site.Scripting.via.page MEDIUM" "buddyforms 2.8.8 Missing.Authorization.to.Unauthenticated.Media.Deletion HIGH" "buddyforms 2.8.8 Missing.Authorization MEDIUM" "buddyforms 2.8.8 Missing.Authorization.to.Unauthenticated.Media.Upload HIGH" "buddyforms 2.8.3 Reflected.Cross-Site.Scripting MEDIUM" "buddyforms 2.8.2 Contributor+.Stored.XSS MEDIUM" "buddyforms 2.7.8 Unauthenticated.PHAR.Deserialization HIGH" "buddyforms 2.7.6 Contributor+.Stored.XSS MEDIUM" "buddyforms 2.6.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buddyforms 2.3.2 Subscriber+.Arbitrary.Option.Update CRITICAL" "buddyforms 2.2.8 SQL.Injection CRITICAL" "bizapp-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bulk-change No.known.fix Authenticated.Reflected.Cross-Site.Scripting CRITICAL" "bmlt-tabbed-map 1.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bookit 2.4.1 Price.Bypass MEDIUM" "bookit 2.4.4 Authenticated(Administrator+).SQL.Injection MEDIUM" "bookit 2.3.9 Reflected.Cross-Site.Scripting MEDIUM" "bookit 2.3.8 Authentication.Bypass CRITICAL" "bookit 2.2.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bookit 2.1.6 Authorised.AJAX.Calls MEDIUM" "buddyforms-ultimate-member 1.3.8 Reflected.Cross-Site.Scripting MEDIUM" "bm-builder 3.16.3 Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.ux_cb_page_options_save MEDIUM" "bm-builder 3.16.3 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "bsk-gravityforms-blacklist 4.0 SQLi.via.CSRF MEDIUM" "bsk-gravityforms-blacklist 3.9 Reflected.Cross-Site.Scripting MEDIUM" "bsk-gravityforms-blacklist 3.8.1 Reflected.Cross-Site.Scripting MEDIUM" "bsk-gravityforms-blacklist 3.7 Admin+.Stored.Cross-Site.Scripting LOW" "bang-tinh-lai-suat No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "bring-fraktguiden-for-woocommerce 1.11.5 Missing.Authorization MEDIUM" "business-hours-indicator 2.3.5 Admin+.Stored.Cross-Site.Scripting LOW" "better-comments 1.5.6 Subscriber+.Stored.XSS HIGH" "better-comments 1.5.6 Admin+.Stored.XSS LOW" "better-comments 1.5.4 Reflected.Cross-Site.Scripting MEDIUM" "better-comments 1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "blogger-image-import No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "blockstrap-page-builder-blocks No.known.fix Bootstrap.Blocks.<=.0.1.36.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "breadcrumbs-by-menu 1.0.3 Multiple.Issues HIGH" "buddymeet 2.3.0 Contributor+.Stored.XSS MEDIUM" "bsd-woo-stripe-connect-split-pay 3.2.10 Reflected.Cross-Site.Scripting MEDIUM" "bsd-woo-stripe-connect-split-pay 3.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "better-rss-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "buymeacoffee 3.7 Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "buymeacoffee 3.8 Cross-Site.Request.Forgery HIGH" "buymeacoffee 3.8 Subscriber+.Unauthorized.Data.Modification HIGH" "buymeacoffee 3.7 Admin+.Stored.XSS LOW" "better-follow-button-for-jetpack No.known.fix Admin+.Stored.XSS LOW" "bukza 2.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "booking-calendar 3.2.20 Reflected.Cross-Site.Scripting.via.'calendar_id' MEDIUM" "booking-calendar 3.2.20 Authenticated.(Contributor+).SQL.Injection MEDIUM" "booking-calendar 3.2.16 Unauthenticated.Stored.Cross-Site.Scripting.via.SVG.File.Upload HIGH" "booking-calendar 3.2.12 Admin+.SQLi MEDIUM" "booking-calendar 3.2.9 Multiple.Authenticated(Editor+).SQL.Injection HIGH" "booking-calendar 3.2.8 Admin+.SQLi MEDIUM" "booking-calendar 3.2.4 Form.Creation/Update/Deletion/Duplication.via.CSRF MEDIUM" "booking-calendar 3.2.4 Editor+.Stored.XSS LOW" "booking-calendar 3.2.2 Unauthenticated.Arbitrary.File.Upload CRITICAL" "booking-calendar 2.2.3 Parameters.Tampering.Allowing.Arbitrary.Prices.Change HIGH" "booking-calendar 2.1.8 Authenticated.Stored.XSS.&.CSRF HIGH" "blur-text 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "beds24-online-booking 2.0.30 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "beds24-online-booking 2.0.29 Contributor+.Local.File.Inclusion HIGH" "beds24-online-booking 2.0.28 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "beds24-online-booking 2.0.28 Contributor+.Stored.XSS.via.beds24-link.Shortcode MEDIUM" "beds24-online-booking 2.0.26 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "beds24-online-booking 2.0.24 Authenticated(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "beds24-online-booking 2.0.25 Contributor+.Stored.XSS MEDIUM" "bzscore-live-score 1.6.0 Contributor+.Stored.XSS MEDIUM" "broken-link-checker-seo 1.2.4 Authenticated.(Contributor+).SQL.Injection MEDIUM" "beaver-themer 1.4.9.1 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "beaver-themer 1.4.9.1 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.shortcode MEDIUM" "bb-bootstrap-cards 1.1.5 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "bb-bootstrap-cards 1.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Cards.Widget MEDIUM" "bb-bootstrap-cards 1.1.3 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.bootstrapcard.link MEDIUM" "bbp-style-pack 5.6.8 Contributor+.Stored.XSS MEDIUM" "bbp-style-pack 5.5.6 Reflected.XSS HIGH" "bulk-edit-post-titles No.known.fix Missing.Authorization.via.bulkUpdatePostTitles MEDIUM" "bulk-edit-post-titles No.known.fix Missing.Authorization MEDIUM" "bbp-api No.known.fix Missing.Authorization MEDIUM" "bradmax-player 1.1.28 Contributor+.Stored.XSS MEDIUM" "before-and-after No.known.fix Cross-Site.Request.Forgery MEDIUM" "baw-login-logout-menu No.known.fix Contributor+.Stored.XSS.in.Shortcode MEDIUM" "britetechs-companion 2.2.8 Injected.Backdoor CRITICAL" "bulkpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "boot-modal 1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "buddyforms-anonymous-author 1.1 Reflected.Cross-Site.Scripting MEDIUM" "babelz No.known.fix CSRF.to.Stored.XSS HIGH" "business-contact-widget No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "blog-summary No.known.fix Contributor+.Stored.XSS MEDIUM" "be-popia-compliant 1.1.6 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "bck-tu-dong-xac-nhan-thanh-toan-chuyen-khoan-ngan-hang No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "bizcalendar-web 1.1.0.35 Authenticated.(Administrator+).SQL.Injection MEDIUM" "bizcalendar-web 1.1.0.26 Reflected.XSS HIGH" "blossomthemes-email-newsletter 2.2.7 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "blossomthemes-email-newsletter 2.2.5 Missing.Authorization MEDIUM" "bertha-ai-free No.known.fix Missing.Authorization MEDIUM" "bertha-ai-free 1.12.11 Authenticated.(Subscriber+).Arbitrary.Content.Deletion MEDIUM" "bertha-ai-free 1.11.10.8 Unauthenticated.Arbitrary.File.Upload CRITICAL" "bp-user-to-do-list 3.0.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "batch-cat No.known.fix Subscriber+.Arbitrary.Categories.Add/Set/Delete.to.Posts MEDIUM" "baslider No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "baslider No.known.fix Multiple.CSRF MEDIUM" "baslider No.known.fix Arbitrary.Slide.Deletion.via.CSRF MEDIUM" "boombox-theme-extensions 1.8.1 Subscriber+.Privilege.Escalation.via.Password.Reset/Account.Takeover.in.boombox_ajax_reset_password HIGH" "boombox-theme-extensions 1.8.1 Authenticated.(Contributor+).Local.File.Inclusion.via.Shortcode HIGH" "business-profile-reviews No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "book-press No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "book-press No.known.fix Missing.Authorization MEDIUM" "book-press 1.2.4 Reflected.Cross-Site.Scripting MEDIUM" "book-press 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "blossom-recipe-maker 1.0.8 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "bonjour-bar No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "bbpress 2.6.12 Cross-Site.Request.Forgery.to.Limited.Privilege.Escalation MEDIUM" "bbpress 2.6.5 Unauthenticated.Privilege.Escalation.when.New.User.Registration.enabled CRITICAL" "bbpress 2.6.5 Authenticated.Stored.Cross-Site.Scripting.via.the.forums.list.table MEDIUM" "bbpress 2.6.5 Authenticated.Privilege.Escalation.via.the.Super.Moderator.feature HIGH" "bbpress 2.6.0 Subscriber+.Stored.Cross-Site.Scripting.via.Post.Slug MEDIUM" "booking-sms 1.1.0 Cross-Site.Scripting.(XSS) MEDIUM" "blockwheels No.known.fix Contributor+.Stored.XSS MEDIUM" "bybrick-accordion No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "book-a-place No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "builderall-cheetah-for-wp 2.0.2 Unauthenticated.Server-Side.Request.Forgery HIGH" "buddypress-media 4.6.19 Subscriber+.SQL.Injection HIGH" "buddypress-media 4.6.19 Authenticated.(Contributor+).SQL.Injection.via.rtmedia_gallery.Shortcode HIGH" "buddypress-media 4.6.16 Admin+.RCE MEDIUM" "buddypress-media 4.6.16 Subscriber+.RCE CRITICAL" "buddypress-media 4.6.15 Missing.Authorization.via.export_settings MEDIUM" "buddypress-media 4.6.15 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "buddypress-media 4.6.15 Missing.Authorization.to.Settings.Update MEDIUM" "better-wp-login-page No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "better-robots-txt 1.4.6 Cross-Site.Request.Forgery MEDIUM" "better-robots-txt 1.4.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "better-robots-txt 1.2.6 Subscriber+.Arbitrary.Option.Update CRITICAL" "bulletproof-security 6.1 Admin+.Stored.Cross-Site.Scripting LOW" "bulletproof-security 5.8 Admin+.Stored.Cross-Site.Scripting.(XSS) LOW" "bulletproof-security 5.2 Sensitive.Information.Disclosure MEDIUM" "bulletproof-security .53.4 Multiple.XSS.Vulnerabilities MEDIUM" "blaze-widget 2.5.4 Injected.Backdoor CRITICAL" "baw-post-views-count No.known.fix Contributor+.Stored.XSS.in.Shortcode MEDIUM" "bricksbuilder 1.9.9 Insecure.Direct.Object.Reference MEDIUM" "bubble-menu 4.0.3 Cross-Site.Request.Forgery MEDIUM" "bubble-menu 3.0.5 Admin+.Stored.XSS LOW" "bubble-menu 3.0.4 Reflected.XSS MEDIUM" "bubble-menu 3.0.2 Circle.Floating.Menu.<.3.0.2.-.Form.Deletion.via.CSRF MEDIUM" "bwl-advanced-faq-manager 2.1.5 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Arbitrary.Options.Update HIGH" "bwl-advanced-faq-manager 2.0.4 Authenticated.(Administrator+).SQL.Injection CRITICAL" "before-and-after-product-images-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "before-and-after-product-images-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "before-and-after-product-images-for-woocommerce No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "better-wp-security 9.3.2 IP.Address.Spoofing.to.Denial.of.Service MEDIUM" "better-wp-security 9.0.1 Unauthenticated.Login.Page.Disclosure MEDIUM" "better-wp-security 7.9.1 Hide.Backend.Bypass MEDIUM" "better-wp-security 7.0.3 Authenticated.SQL.Injection HIGH" "better-wp-security 6.9.1 Cross-Site.Scripting.(XSS) HIGH" "bulk-content-creator No.known.fix Cross-Site.Request.Forgery MEDIUM" "bookingpress-appointment-booking No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "bookingpress-appointment-booking 1.1.26 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bookingpress-appointment-booking 1.1.23 Unauthenticated.Export.File.Download MEDIUM" "bookingpress-appointment-booking 1.1.22 Authenticated.(Contributor+).SQL.Injection MEDIUM" "bookingpress-appointment-booking 1.1.17 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "bookingpress-appointment-booking 1.1.8 1.1.7.-.Authentication.Bypass.to.Account.Takeover CRITICAL" "bookingpress-appointment-booking 1.1.6 Authenticated.(Subscriber+).Arbitrary.File.Read.to.Arbitrary.File.Creation HIGH" "bookingpress-appointment-booking 1.1.6 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update.and.Arbitrary.File.Upload HIGH" "bookingpress-appointment-booking 1.0.83 Missing.Authorization.to.Appointment.Time.Alteration MEDIUM" "bookingpress-appointment-booking 1.0.82 Authenticated.(Customer+).Insecure.Direct.Object.Reference MEDIUM" "bookingpress-appointment-booking 1.0.88 Authenticated.(Admin+).Arbitrary.File.Upload HIGH" "bookingpress-appointment-booking 1.0.75 Unauthenticated.Booking.Price.Manipulation HIGH" "bookingpress-appointment-booking 1.0.73 Authenticated.(Contributor+).SQL.Injection HIGH" "bookingpress-appointment-booking 1.0.77 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "bookingpress-appointment-booking 1.0.31 Unauthenticated.IDOR.in.appointment_id HIGH" "bookingpress-appointment-booking 1.0.11 Unauthenticated.SQL.Injection HIGH" "blue-captcha 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "bus-ticket-booking-with-seat-reservation 5.4.4 Cross-Site.Request.Forgery MEDIUM" "bus-ticket-booking-with-seat-reservation 5.3.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "bus-ticket-booking-with-seat-reservation 5.2.6 Unauthenticated.Cross-Site.Scripting HIGH" "bus-ticket-booking-with-seat-reservation 5.2.4 Reflected.XSS HIGH" "bcorp-shortcodes No.known.fix .Unauthenticated.PHP.Object.Injection CRITICAL" "burst-pro 1.5.1 Unauthenticated.SQL.Injection HIGH" "blockspare 3.2.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blockspare 3.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blockspare 3.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blockspare 3.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blockspare 2.6.5 Reflected.Cross-Site.Scripting MEDIUM" "blockspare 2.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "broken-links-remover No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "banner-management-for-woocommerce 2.4.3 Shop.Banner.Settings.Update.via.CSRF MEDIUM" "banner-management-for-woocommerce 2.4.1 Reflected.Cross-Site.Scripting MEDIUM" "banner-management-for-woocommerce 2.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "banner-management-for-woocommerce 1.1.1 Unauthenticated.Settings.Change MEDIUM" "buttonizer-multifunctional-button 3.3.10 Reflected.Cross-Site.Scripting MEDIUM" "buttonizer-multifunctional-button 2.6.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buttonizer-multifunctional-button 2.5.5 Smart.Floating.Action.Button.<.2.5.5.-.Admin+.Stored.Cross-Site.Scripting LOW" "biteship 2.2.25 Reflected.Cross-Site.Scripting.via.biteship_error.and.biteship_message MEDIUM" "biteship 2.2.28 Shop.manager+.Stored.XSS MEDIUM" "biteship 2.2.25 Reflected.Cross-Site.Scripting HIGH" "branding No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "binlayerpress No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "bws-smtp 1.2.0 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "bws-smtp 1.1.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "booking-weir No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "booking-weir 1.0.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "blocked-in-china 1.0.6 Reflected.Cross-Site.Scripting MEDIUM" "blocked-in-china 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buddydrive 2.1.2 Reflected.Cross-Site.Scripting MEDIUM" "basticom-framework 1.5.1 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "blockington No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "banner-manager No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "boostify-header-footer-builder 1.3.7 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "boostify-header-footer-builder 1.3.6 Missing.Authorization.to.Page/Post.Creation MEDIUM" "boostify-header-footer-builder 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.size.Parameter MEDIUM" "buddyboss-platform-pro 2.7.10 Authentication.Bypass.via.Apple.OAuth.provider CRITICAL" "bloglentor-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bruteguard No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "business-manager 1.4.6 Admin+.Stored.Cross-Site.Scripting LOW" "binary-mlm-plan No.known.fix Unauthenticated.SQL.Injection HIGH" "beacon-by No.known.fix Cross-Site.Request.Forgery MEDIUM" "barclaycart No.known.fix Unauthenticated.Shell.Upload CRITICAL" "buddyforms-attach-posts-to-groups-extension 1.2.4 Reflected.Cross-Site.Scripting MEDIUM" "blocksy-companion 2.0.43 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "blocksy-companion 2.0.46 Contributor+.Stored.Cross-Site.Scripting.via.SVG.Uploads MEDIUM" "blocksy-companion 2.0.29 Cross-Site.Request.Forgery MEDIUM" "blocksy-companion 2.0.32 Contributor+.Stored.XSS MEDIUM" "blocksy-companion 1.8.47 Reflected.Cross-Site.Scripting MEDIUM" "blocksy-companion 1.8.82 Subscriber+.Draft.Post.Access MEDIUM" "blocksy-companion 1.8.68 Contributor+.Stored.XSS MEDIUM" "blocksy-companion 1.8.20 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bcs-bertline-book-importer 1.5.8 Unauthenticated.Product.Import HIGH" "bulk-edit-events 1.1.21 Reflected.Cross-Site.Scripting MEDIUM" "bulk-edit-events 1.1.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bmi-calculator-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blu-logistics No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "be-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bft-autoresponder 2.7.2.5 Reflected.Cross-Site.Scripting MEDIUM" "bft-autoresponder 2.7.2.4 Cross-Site.Request.Forgery MEDIUM" "bft-autoresponder 2.7.2.3 CSRF MEDIUM" "bft-autoresponder 2.7.1.1 Unauthenticated.Stored.XSS HIGH" "bft-autoresponder 2.7.1.1 Admin+.Stored.XSS LOW" "bft-autoresponder 2.1.7.2 Contributor+.Stored.XSS MEDIUM" "bft-autoresponder 2.1.7.2 Admin+.Stored.XSS LOW" "bft-autoresponder 2.5.2 Authenticated.Blind.SQL.Injection.&.Multiple.XSS HIGH" "bebetter-social-icons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blog-designer-for-post-and-widget 2.4.1 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "bknewsticker No.known.fix Cross-Site.Request.Forgery MEDIUM" "buddypress 14.2.1 Authenticated.(Subscriber+).Directory.Traversal HIGH" "buddypress 12.5.1 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "buddypress 12.4.1 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "buddypress 11.3.2 Contributor+.Stored.XSS MEDIUM" "buddypress 9.1.1 SQL.Injections HIGH" "buddypress 9.1.1 Activation.Key.Disclosure MEDIUM" "buddypress 7.3.0 Multiple.Authenticated.REST.API.Vulnerabilities MEDIUM" "buddypress 7.2.1 REST.API.Privilege.Escalation HIGH" "buddypress 7.2.1 Read.Private.Messages MEDIUM" "buddypress 7.2.1 Invite.Member.to.Join.Group MEDIUM" "buddypress 7.2.1 .Force.a.Friendship MEDIUM" "buddypress 7.2.1 Manage.BuddyPress.Member.Types MEDIUM" "buddypress 6.4.0 Lack.of.Capability.Check.on.Profile.Page MEDIUM" "buddypress 5.1.2 Private.Data.Exposure.via.REST.API HIGH" "buddypress 5.1.1 Denial.of.Service MEDIUM" "bws-popular-posts 1.0.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "block-controller No.known.fix Reflected.Cross-Site.Scripting HIGH" "buddypress-check-ins-pro 1.4.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "bwp-google-xml-sitemaps No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "bigcommerce No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "bold-timeline-lite 1.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bold-timeline-lite 1.2.0 Missing.Authorization.to.Admin.Notice.Dismissal MEDIUM" "bold-timeline-lite 1.1.5 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "bp-wc-vendors No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bp-wc-vendors No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "browse-as No.known.fix Subscriber+.Authentication.Bypass.via.Cookie HIGH" "buddyboss-media No.known.fix Stored.XSS MEDIUM" "browsing-history No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "back-button-widget 1.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "back-button-widget 1.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "brodos-net-onlineshop No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "business No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "beek-widget-extention No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "bulk-role-change No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Privilege.Escalation HIGH" "booknetic 4.1.5 Staff.Creation.via.CSRF HIGH" "booknetic No.known.fix Cross-Site.Request.Forgery MEDIUM" "burst-statistics 1.5.7 Contributor+.Stored.Cross-Site.Scripting.via.burst_total_pageviews_count MEDIUM" "burst-statistics 1.5.4 Editor+.SQL.Injection HIGH" "burst-statistics 1.5.0 Unauthenticated.SQL.Injection HIGH" "better-search-replace 1.4.5 Unauthenticated.PHP.Object.Injection CRITICAL" "better-search-replace 1.4.1 Admin+.SQLi MEDIUM" "bit-form 2.18.4 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "bit-form 2.18.1 Open.Redirect HIGH" "bit-form 2.17.5 Authenticated.(Administrator+).Server-Side.Request.Forgery LOW" "bit-form 2.17.4 Missing.Authorization.to.Authenticated.(Subscriber+).Form.Submission.Disclosure MEDIUM" "bit-form 2.15.3 Admin+.Arbitrary.File.Read LOW" "bit-form 2.13.12 Authenticated.(Administrator+).SQL.Injection MEDIUM" "bit-form 2.13.11 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "bit-form 2.13.11 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "bit-form 2.13.10 2.13.9.-.Authenticated.(Administrator+).SQL.Injection.via.getLogHistory.Function HIGH" "bit-form 2.13.10 2.13.9.-.Authenticated.(Administrator+).Arbitrary.JavaScript.File.Uploads MEDIUM" "bit-form 2.13.10 2.13.9.-.Authenticated.(Administrator+).Arbitrary.File.Read.And.Deletion CRITICAL" "bit-form 2.13.10 2.13.9.-.Authenticated.(Administrator+).SQL.Injection HIGH" "bit-form 2.13.5 2.13.4.-.Authenticater.(Administrator+).Arbitrary.File.Deletion HIGH" "bit-form 2.13.4 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "bit-form 2.10.2 Unauthenticated.Insecure.Direct.Object.Reference.to.Form.Submission.Alteration MEDIUM" "bit-form 2.2.0 Admin+.Stored.XSS LOW" "bit-form 1.9 RCE.via.Unauthenticated.Arbitrary.File.Upload CRITICAL" "bmi-bmr-calculator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bws-linkedin 1.0.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "bannerlid No.known.fix Reflected.XSS HIGH" "bot-for-telegram-on-woocommerce 1.2.7 Missing.Authorization MEDIUM" "bot-for-telegram-on-woocommerce No.known.fix Subscriber+.Authentication.Bypass HIGH" "bws-google-maps 1.3.6 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "bitcoin-lightning-publisher 1.4.2 Reflected.Cross-Site.Scripting MEDIUM" "bwd-elementor-addons No.known.fix Contributor+.Stored.XSS MEDIUM" "bwd-elementor-addons 4.3.19 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Elementor.Templates MEDIUM" "blockons 1.0.8 Reflected.Cross-Site.Scripting MEDIUM" "bookalet No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "buddyvendor 1.2.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "borderless 1.7.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "borderless 1.6.3 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.Upload MEDIUM" "borderless 1.6.1 Authenticated.(Administrator+).Remote.Code.Execution HIGH" "borderless 1.6.0 Missing.Authorization.to.Icon.Font.Deletion MEDIUM" "borderless 1.5.9 Editor+.Stored.XSS MEDIUM" "borderless 1.5.4 Widgets,.Elements,.Templates.and.Toolkit.for.Elementor.&.Gutenberg.<.1.5.4.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "borderless 1.5.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "borderless 1.4.9 Admin+.Stored.XSS LOW" "brozzme-scroll-top No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "bp-toolkit 3.6.1 Reflected.Cross-Site.Scripting MEDIUM" "bp-toolkit 3.3.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bbs-e-popup No.known.fix Reflected.XSS HIGH" "best-woocommerce-feed 7.3.16 Authenticated.(Admin+).Directory.Traversal LOW" "best-woocommerce-feed 3.0 Reflected.Cross-Site.Scripting MEDIUM" "best-woocommerce-feed 2.2.3.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "buddyforms-hierarchical-posts 1.1.4 Reflected.Cross-Site.Scripting MEDIUM" "blogpost-widgets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bulk-noindex-nofollow-toolkit-by-mad-fish 2.20 Reflected.Cross-Site.Scripting MEDIUM" "bulk-noindex-nofollow-toolkit-by-mad-fish 2.16 Reflected.Cross-Site.Scripting MEDIUM" "bulk-noindex-nofollow-toolkit-by-mad-fish 2.10 Reflected.Cross-Site.Scripting.via.tab,.order,.and.orderby MEDIUM" "bulk-noindex-nofollow-toolkit-by-mad-fish 1.5 Reflected.XSS HIGH" "bulk-noindex-nofollow-toolkit-by-mad-fish 1.51 Missing.Authorization MEDIUM" "block-logic No.known.fix Authenticated.(Contributor+).Remote.Code.Execution HIGH" "bin-stripe-donation No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bin-stripe-donation No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "banner-system No.known.fix Missing.Authorization MEDIUM" "banner-system No.known.fix Privilege.Escalation HIGH" "banner-system No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "booking-ultra-pro 1.1.21 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "booking-ultra-pro 1.1.20 Reflected.Cross-Site.Scripting MEDIUM" "booking-ultra-pro 1.1.14 Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Settings.Updates MEDIUM" "booking-ultra-pro 1.1.14 Unauthenticated.Local.File.Inclusion CRITICAL" "booking-ultra-pro 1.1.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "booking-ultra-pro 1.1.13 Authenticated.(Contributor+).Privilege.Escalation HIGH" "booking-ultra-pro 1.1.7 Cross-Site.Request.Forgery MEDIUM" "booking-ultra-pro 1.1.7 Subscriber+.Settings.Update MEDIUM" "booking-ultra-pro 1.1.9 Reflected.XSS HIGH" "booking-ultra-pro 1.1.9 Reflected.XSS HIGH" "booking-ultra-pro 1.1.7 Multiple.CSRF MEDIUM" "booking-ultra-pro 1.1.7 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "boat-rental-system No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "block-styler-for-gravity-forms 6.3.0 Reflected.Cross-Site.Scripting MEDIUM" "block-styler-for-gravity-forms 6.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bulk-featured-image No.known.fix Missing.Authorization MEDIUM" "better-sharing 2.0.7 Reflected.Cross-Site.Scripting MEDIUM" "better-sharing 1.7.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "booking-system No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "booking-system No.known.fix Missing.Authorization MEDIUM" "booking-system 2.9.9.5.2 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "booking-system No.known.fix Stored.XSS.via.CSRF HIGH" "booking-system 2.9.9.5.1 Authenticated.(Subscriber+).SQL.Injection HIGH" "booking-system 2.9.9.4.8 Admin+.Stored.XSS LOW" "booking-system 2.9.9.4.1 Arbitrary.Settings.Update.via.CSRF MEDIUM" "booking-system 2.9.9.2.9 Admin+.Stored.XSS LOW" "booking-system 2.9.9.2.9 Subscriber+.SQLi HIGH" "booking-system 2.1 Authenticated.Blind.SQL.Injection HIGH" "bulk-edit-categories-tags 1.7.5 Reflected.Cross-Site.Scripting MEDIUM" "bulk-edit-categories-tags 1.5.23 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "better-messages-wcfm-integration 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bandsintown 1.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bookshelf No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "booking-package 1.6.73 Reflected.Cross-Site.Scripting.via.Locale.Parameter MEDIUM" "booking-package 1.6.29 Unauthenticated.Price.Manipulation MEDIUM" "booking-package 1.6.02 Reflected.XSS HIGH" "booking-package 1.5.29 Unauthenticated.Sensitive.Data.Disclosure HIGH" "booking-package 1.5.11 Reflected.Cross-Site.Scripting MEDIUM" "bp-profile-as-homepage No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "best-css-compiler No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bj-lazy-load 1.0 Remote.File.Inclusion.(Timthumb) HIGH" "better-section-navigation 1.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "button-generation 3.1.2 Cross-Site.Request.Forgery MEDIUM" "button-generation 3.0 Button.Deletion.via.CSRF MEDIUM" "button-generation 2.3.9 Unauthenticated.Button.Counter.Reset MEDIUM" "button-generation 2.3.9 Button.Counter.Reset.via.CSRF MEDIUM" "button-generation 2.3.6 Cross-Site.Request.Forgery MEDIUM" "button-generation 2.3.5 Reflected.XSS MEDIUM" "button-generation 2.3.4 easily.Button.Builder.<.2.3.4.-.Admin+.Stored.XSS LOW" "button-generation 2.3.3 RFI.leading.to.RCE.via.CSRF HIGH" "buffer-my-post No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "buffer-my-post No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "boombox-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bne-gallery-extended 1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.gallery.Shortcode MEDIUM" "bulk-page-creator 1.1.4 Arbitrary.Page.Creation.via.CSRF MEDIUM" "bws-google-analytics 1.7.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "bg-orthodox-calendar No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "backup-bolt 1.4.0 Sensitive.Data.Exposure MEDIUM" "backup-bolt 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "bc-menu-cart-woo No.known.fix Cross-Site.Request.Forgery MEDIUM" "beaver-builder-lite-version 2.8.5.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "beaver-builder-lite-version 2.8.4.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "beaver-builder-lite-version 2.8.4.3 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.Button.Widget MEDIUM" "beaver-builder-lite-version 2.8.3.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "beaver-builder-lite-version 2.8.3.7 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.Button.Group.Module MEDIUM" "beaver-builder-lite-version 2.8.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.type.Parameter MEDIUM" "beaver-builder-lite-version 2.8.3.4 Reflected.Cross-Site.Scripting MEDIUM" "beaver-builder-lite-version 2.8.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "beaver-builder-lite-version 2.8.1.3 Contributor+.Stored.Cross-Site.Scripting.via.photo.widget.crop.attribute MEDIUM" "beaver-builder-lite-version 2.8.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "beaver-builder-lite-version 2.8.0.7 Contributor+.Stored.XSS MEDIUM" "beaver-builder-lite-version 2.7.4.5 Contributor+.Stored.Cross-Site.Scripting.via.heading.tag MEDIUM" "beaver-builder-lite-version 2.7.4.3 Contributor+.Stored.XSS MEDIUM" "beaver-builder-lite-version 2.7.4.3 Contributor+.Stored.XSS MEDIUM" "beaver-builder-lite-version 2.7.4.3 Contributor+.Stored.XSS.via.Icon.Widget MEDIUM" "beaver-builder-lite-version 2.7.4.3 Contributor+.Stored.XSS MEDIUM" "beaver-builder-lite-version 2.7.4.3 Reflected.XSS HIGH" "beaver-builder-lite-version 2.7.2.1 Contributor+.Stored.XSS MEDIUM" "beaver-builder-lite-version 2.5.5.3 .Authenticated.Stored.XSS.via.Caption.On.Hover MEDIUM" "beaver-builder-lite-version 2.5.5.3 .Authenticated.Stored.XSS.via.Caption MEDIUM" "beaver-builder-lite-version 2.5.5.3 Authenticated.Stored.XSS.via.Text.Editor MEDIUM" "beaver-builder-lite-version 2.5.5.3 Authenticated.Stored.XSS.via.Image.URL MEDIUM" "beaver-builder-lite-version 2.5.4.4 Subscriber+.Arbitrary.Post.Builder.Layout.Disabling MEDIUM" "banner-cycler No.known.fix Stored.Cross-Site.Scripting.via.CSRF HIGH" "bulk-creator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "blox-page-builder No.known.fix Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "bng-gateway-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bng-gateway-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bng-gateway-for-woocommerce No.known.fix CSRF.Bypass MEDIUM" "bg-biblie-references No.known.fix Reflected.XSS HIGH" "bulk-menu-edit 1.3.1 Missing.Authorization MEDIUM" "buddybadges No.known.fix Admin+.SQLi MEDIUM" "bbp-toolkit No.known.fix Reflected.XSS HIGH" "bbp-toolkit No.known.fix Cross-Site.Request.Forgery MEDIUM" "bne-testimonials 2.0.8 Contributor+.Stored.XSS MEDIUM" "breaking-news-wp No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "breaking-news-wp No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "bitspecter-suite 1.1.0 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "bvd-easy-gallery-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "background-takeover 4.1.5 Directory.Traversal HIGH" "botnet-attack-blocker No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "botnet-attack-blocker No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "bookmarkify No.known.fix Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "bookingcom-product-helper 1.0.2 Admin+.Stored.Cross-Site.Scripting LOW" "buying-buddy-idx-crm 2.0.0 PHP.Object.Injection.via.CSRF HIGH" "bulk-delete-users-by-email No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bulk-delete-users-by-email No.known.fix User.Deletion.via.CSRF HIGH" "buttons-x No.known.fix Buttons.X.<=.0.8.6.-.Contributor+.Stored.XSS MEDIUM" "bodi0s-easy-cache 0.9 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "bverse-convert No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blockonomics-bitcoin-payments 3.5.8 Reflected.Cross-Site.Scripting HIGH" "blockonomics-bitcoin-payments 3.3 Blockonomics.<.3.3.-.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "backup-and-restore-for-wp No.known.fix Admin+.Arbitrary.File.Deletion MEDIUM" "business-directory-plugin 6.4.15 Easy.Listing.Directories.for.WordPress.<.6.4.15.-.Insecure.Direct.Object.Reference.to.Listing.Arbitrary.Image.Addition MEDIUM" "business-directory-plugin 6.4.4 Authenticated.(Author+).CSV.Injection HIGH" "business-directory-plugin 6.4.3 Unauthenticated.SQL.Injection.via.listingfields.Parameter CRITICAL" "business-directory-plugin 6.3.10 Contributor+.Arbitrary.Listing.Deletion LOW" "business-directory-plugin 6.3.11 Cross-Site.Request.Forgery MEDIUM" "business-directory-plugin 5.11.2 Arbitrary.Listing.Export HIGH" "business-directory-plugin 5.11.2 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "business-directory-plugin 5.11.2 Arbitrary.Payment.History.Update MEDIUM" "business-directory-plugin 5.11 Arbitrary.File.Upload.to.RCE HIGH" "business-directory-plugin 5.11.1 Authenticated.PHP4.Upload.to.RCE MEDIUM" "business-directory-plugin 5.11.1 Arbitrary.Add/Edit/Delete.Form.Field.to.Stored.XSS HIGH" "bitcoin-faucet No.known.fix Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "booking-calendar-contact-form 1.2.56 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "booking-calendar-contact-form 1.2.41 Unauthenticated.Reflected.Cross-Site.Scripting HIGH" "booking-calendar-contact-form 1.0.24 XSS.&.SQL.Injection CRITICAL" "booking-calendar-contact-form 1.0.3 Multiple.Authenticated.Vulnerabilities MEDIUM" "bns-twitter-follow-button No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blogsafe-scanner No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "blogsafe-scanner 1.1.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "back-link-tracker No.known.fix Cross-Site.Request.Forgery.to.SQL.Injection HIGH" "buddypress-global-search No.known.fix Admin+.Stored.XSS LOW" "build-app-online No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "build-app-online No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "build-app-online No.known.fix Cross-Site.Request.Forgery MEDIUM" "build-app-online 1.0.22 Unauthenticated.Account.Takeover.via.Weak.Password.Reset.Mechanism CRITICAL" "build-app-online 1.0.21 Subscriber+.Privilege.Escalation HIGH" "build-app-online 1.0.19 Unauthenticated.SQL.Injection HIGH" "bigmart-elements No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bo-wc-customer-review-watson No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "books-papers No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "bootstrap-buttons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bpmnio No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bulgarisation-for-woocommerce 3.0.15 Cross-Site.Request.Forgery HIGH" "bulgarisation-for-woocommerce 3.0.15 Missing.Authorization HIGH" "byconsole-woo-order-delivery-time 2.5.2 Unauthenticated.Full.Path.Dsiclosure MEDIUM" "byconsole-woo-order-delivery-time 2.4.7 Missing.Authorization.to.Arbitrary.Options.Update HIGH" "byconsole-woo-order-delivery-time 2.4.8 Reflected.XSS HIGH" "baidu-tongji-generator No.known.fix Admin+.Stored.XSS LOW" "button 1.1.28 Contributor+.PHP.Object.Injection.in.button_shortcode MEDIUM" "button 1.1.24 Admin+.Stored.XSS LOW" "best-bootstrap-widgets-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "better-user-shortcodes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "brickscore No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "blog-stats-by-w3counter No.known.fix Cross-Site.Request.Forgery MEDIUM" "buddypress-members-only No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "buddypress-members-only 3.4.9 Improper.Access.Control.to.Sensitive.Information.Exposure.via.REST.API MEDIUM" "banner-garden No.known.fix Reflected.XSS HIGH" "betteroptin No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "backupwordpress 3.14 Admin+.Directory.Traversal LOW" "backupwordpress 3.13 Subscriber+.Backup.Disclosure MEDIUM" "bulk-resize-media No.known.fix CSRF MEDIUM" "bus-booking-manager 4.2.3 Administrator+.Stored.XSS LOW" "bmi-adultkid-calculator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bmi-adultkid-calculator 1.2.2 Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "better-font-awesome 2.0.4 Contributor+.Stored.XSS MEDIUM" "better-font-awesome 2.0.2 Settings.Update.via.CSRF MEDIUM" "brid-video-easy-publish 3.8.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.width.Parameter MEDIUM" "brid-video-easy-publish No.known.fix Subscriber+.Arbitrary.Shortcode.Execution MEDIUM" "brid-video-easy-publish 3.8.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.brid_override_yt.Shortcode MEDIUM" "brid-video-easy-publish 3.8.4 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "build-private-store-for-woocommerce 1.1 Missing.Authorization MEDIUM" "build-private-store-for-woocommerce 1.1 Cross-Site.Request.Forgery MEDIUM" "bulk-edit-posts-on-frontend 2.4.27 Reflected.Cross-Site.Scripting MEDIUM" "bulk-edit-posts-on-frontend 2.4.15 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "backup-scheduler No.known.fix Cross-Site.Request.Forgery MEDIUM" "bulk-block-converter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "beaf-before-and-after-gallery 4.6.11 Authenticated.(Admin+).Arbitrary.File.Upload HIGH" "beaf-before-and-after-gallery 4.5.5 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "beyot-framework No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "beyot-framework No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "beyot-framework No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Updates MEDIUM" "bsk-pdf-manager 3.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bsk-pdf-manager 3.4.2 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "bsk-pdf-manager 3.1.2 Admin+.SQL.Injection MEDIUM" "bsk-pdf-manager 1.5 Multiple.Authenticated.SQL.Injections CRITICAL" "bsk-pdf-manager 2.9.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "better-author-bio No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "bulk-add-to-cart-xforwc 1.3.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "backend-designer 1.4 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "biltorvet-dealer-tools No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blogmentor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.pagination_style.Parameter MEDIUM" "bloom 1.1.1 Privilege.Escalation HIGH" "bsuite No.known.fix Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "breeze 2.1.15 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "breeze 2.1.15 Missing.Authorization MEDIUM" "breeze 2.1.4 Admin+.Stored.XSS LOW" "breeze 2.0.3 Subscriber+.Arbitrary.Settings.Update.to.Stored.XSS HIGH" "basic-interactive-world-map No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "basic-interactive-world-map 2.7 Admin+.Stored.XSS LOW" "browser-shots 1.7.6 Contributor+.Stored.XSS MEDIUM" "black-widgets No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "black-widgets 1.3.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "black-widgets 1.3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "black-widgets 1.3.8 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "black-widgets 1.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "black-widgets 1.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "breadcrumb 1.5.33 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "button-block 1.1.6 Missing.Authorization MEDIUM" "button-block 1.2.0 Contributor+.Stored.XSS MEDIUM" "button-block 1.1.6 Authenticated.(Contributor+).Post.Disclosure.via.Post.Duplication MEDIUM" "button-block 1.1.5 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "backupbuddy 8.8.3 Multiple.Reflected.Cross-Site.Scripting HIGH" "backupbuddy 8.7.5 Unauthenticated.Arbitrary.File.Access HIGH" "business-card-by-esterox-100 No.known.fix Admin+.File.Upload MEDIUM" "business-card-by-esterox-100 No.known.fix Card.Edit.via.CSRF MEDIUM" "business-card-by-esterox-100 No.known.fix Category.Deletion.via.CSRF MEDIUM" "business-card-by-esterox-100 No.known.fix Arbitrary.Card.Deletion.via.CSRF MEDIUM" "business-card-by-esterox-100 No.known.fix Category.Edit.via.CSRF MEDIUM" "best-posts-summary No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "beepress No.known.fix Cross-Site.Request.Forgery.via.beepress-pro.php MEDIUM" "bigcontact No.known.fix Cross-Site.Request.Forgery MEDIUM" "buy-one-click-woocommerce No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Export MEDIUM" "buy-one-click-woocommerce No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Order.Deletion MEDIUM" "buy-one-click-woocommerce No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Import MEDIUM" "better-captcha-gravity-forms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "better-captcha-gravity-forms 0.5.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bma-lite-appointment-booking-and-scheduling No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "buddypress-docs 2.2.5 Subscriber+.Arbitrary.Document.Read/Update MEDIUM" "buddypress-docs 2.2.4 Reflected.Cross-Site.Scripting HIGH" "buddypress-docs 1.9.3 Authenticated.Lack.of.Authorisation MEDIUM" "beerxml-shortcode 0.8 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "bp-messages-tool 2.5 Reflected.Cross-Site.Scripting MEDIUM" "breaking-news-ticker No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bravo-search-and-replace No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "blocks-product-editor-for-woocommerce 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "bbspoiler 2.02 Contributor+.Stored.XSS MEDIUM" "bbresolutions No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bbresolutions No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bbp-core 1.2.6 Reflected.Cross-Site.Scripting.via.add_query_arg.Parameter MEDIUM" "bbcode-deluxe No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bp-job-manager 2.6.1 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "ba-plus-before-after-image-slider-free No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "block-options 1.40.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "block-options 1.40.4 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "block-options 1.17 Reflected.Cross-Site.Scripting MEDIUM" "block-options 1.31.6 Contributor+.Arbitrary.PHP.Code.Execution CRITICAL" "bosa-elementor-for-woocommerce 1.0.13 Missing.Authorization MEDIUM" "blue-triad-ezanalytics No.known.fix Reflected.Cross-Site.Scripting.via.'bt_webid' MEDIUM" "builder-style-manager 0.7.7 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "bet-sport-free No.known.fix Cross-Site.Request.Forgery MEDIUM" "booking-manager 2.1.6 Authenticated(Contributor+).SQL.Injection.via.Shortcode HIGH" "booking-manager 2.0.29 Subscriber+.SSRF MEDIUM" "bws-featured-posts 1.0.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "blog-manager-light No.known.fix Settings.Update.via.CSRF MEDIUM" "b-slider 1.1.24 Gutenberg.Slider.Block.for.WP.<.1.1.24.-.Authenticated.(Contributor+).Private.Post.Disclosure.via.bsb-slider.Shortcode MEDIUM" "b-slider 1.1.13 Slider.for.your.block.editor.<.1.1.13.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "big-boom-directory 2.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blog-filter 1.5.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "bp-user-profile-reviews 2.7.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "bsk-contact-form-7-blacklist No.known.fix Reflected.Cross-Site.Scripting HIGH" "better-search 4.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "better-search 3.3.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "better-search 2.5.3 Cross-Site.Request.Forgery MEDIUM" "better-search 2.5.3 CSRF.Nonce.Bypass.in.Import/Export MEDIUM" "better-search 2.2.3 Unauthenticated.SQL.Injection CRITICAL" "better-search 1.3.5 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "better-search 1.3 admin.inc.php.Setting.Manipulation.CSRF MEDIUM" "bp-cover No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "blaze-online-eparcel-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "broken-link-finder 2.5.1 Authenticated.(Author+).Blind.Server-Side.Request.Forgery MEDIUM" "broken-link-finder 2.5.0 Missing.Authorization.via.moblc_auth_save_settings MEDIUM" "bstone-demo-importer No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Privilege.Escalation HIGH" "background-control No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Deletion HIGH" "bulk-categories-assign No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "better-search-tmc No.known.fix Folders.Disclosure.via.Outdated.jQueryFileTree.Library MEDIUM" "bbp-move-topics 1.1.6 Code.Injection.&.CSRF CRITICAL" "browser-and-operating-system-finder No.known.fix Unauthenticated.Settings.Reset MEDIUM" "browser-and-operating-system-finder No.known.fix Unauthenticated.Arbitrary.Settings.Update.to.Stored.XSS HIGH" "backup-wd No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "block-slider 2.1.7 Reflected.Cross-Site.Scripting MEDIUM" "block-slider 2.0.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bsi-hotel-pro No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "bb-ultimate-addon 1.35.14 Contributor+.Arbitrary.File.Download MEDIUM" "bb-ultimate-addon 1.35.15 Contributor+.Privilege.Escalation HIGH" "bit-assist 1.5.5 Unauthenticated.Path.Traversal MEDIUM" "bit-assist 1.5.3 Subscriber+.Arbitrary.File.Read.via.fileID.Parameter MEDIUM" "bit-assist 1.5.3 Authenticated.(Subscriber+).SQL.Injection.via.id.Parameter MEDIUM" "bit-assist 1.5.3 Admin+.Arbitrary.File.Read MEDIUM" "bit-assist 1.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "bit-assist 1.1.9 Admin+.Stored.Cross-Site.Scripting LOW" "betterdocs 3.5.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "betterdocs 3.5.9 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "betterdocs 3.3.4 Unauthenticated.PHP.Object.Injection CRITICAL" "betterdocs 3.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "betterdocs 2.5.3 Missing.Authorization.via.AJAX.actions MEDIUM" "betterdocs 1.9.2 Reflected.Cross-Site.Scripting HIGH" "betterdocs 1.9.0 Reflected.Cross-Site.Scripting HIGH" "banner-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "buddypress-humanity No.known.fix Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "booking-system-trafft 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bonus-for-woo 5.8.3 Reflected.Cross-Site.Scripting HIGH" "bmlt-meeting-map No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bmlt-meeting-map 2.6.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "board-election No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "bookingor No.known.fix Missing.Authorization MEDIUM" "bannerman No.known.fix Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "blue-admin No.known.fix CSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "basepress-migration-tools No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "block-editor-bootstrap-blocks 6.6.2 Reflected.Cross-Site.Scripting.via.tab MEDIUM" "bs-shortcode-ultimate No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bitformpro No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update HIGH" "bitformpro No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "bitformpro No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "bitformpro No.known.fix Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "bounce-handler-mailpoet No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "book-appointment-online 1.39 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "beam-me-up-scotty No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "beam-me-up-scotty 1.0.22 Reflected.Cross-Site.Scripting MEDIUM" "browser-update-notify No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "biometric-login-for-woocommerce 1.0.4 Unauthenticated.Privilege.Escalation CRITICAL" "booqable-rental-reservations No.known.fix Cross-Site.Request.Forgery MEDIUM" "booqable-rental-reservations 2.4.16 Admin+.Stored.XSS LOW" "broken-images-redirection No.known.fix Cross-Site.Request.Forgery MEDIUM" "buddy-press-force-password-change No.known.fix Subscriber+.Account.Takeover.via.Password.Update MEDIUM" "badr-naver-syndication No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "bitpay-checkout-for-woocommerce 5.0.0 Missing.Authorization MEDIUM" "bulk-editor 1.0.8.6 Authenticated.(Editor+).Path.Traversal LOW" "bulk-editor 1.0.8.4 Authenticated.(Editor+).CSV.Path.Traversal LOW" "bulk-editor 1.0.8.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "bulk-editor 1.0.8.2 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "bulk-editor 1.0.8.2 Missing.Authorization MEDIUM" "bulk-editor 1.0.8.2 Cross-Site.Request.Forgery MEDIUM" "bulk-editor 1.0.8.1 Unauthenticated.Stored.Cross-Site.Scripting.via.profile_title MEDIUM" "bulk-editor 1.0.7.2 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "bulk-editor 1.0.7.2 Admin+.Stored.XSS LOW" "bulk-editor 1.0.7.1 Profile.Creation.via.CSRF MEDIUM" "bulk-editor 1.0.7.1 Profile.Creation.via.CSRF MEDIUM" "bulk-editor 1.0.7 Subscriber+.Stored.XSS HIGH" "b-banner-slider No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "bu-slideshow No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "brizy-pro No.known.fix Cross-Site.Request.Forgery MEDIUM" "brizy-pro No.known.fix Missing.Authorization MEDIUM" "brizy-pro No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ba-book-everything 1.6.21 Reflected.Cross-Site.Scripting MEDIUM" "ba-book-everything 1.6.21 Unauthenticated.Arbitrary.User.Password.Reset MEDIUM" "ba-book-everything 1.6.21 Cross-Site.Request.Forgery.to.Email.Address.Update/Account.Takeover HIGH" "ba-book-everything 1.6.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ba-book-everything 1.6.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "ba-book-everything 1.6.5 Authenticated.(Contributor+).SQL.Injection CRITICAL" "ba-book-everything 1.3.25 Unauthenticated.Reflected.XSS.&.XFS MEDIUM" "broadstreet 1.51.8 Reflected.XSS HIGH" "broadstreet No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "broadstreet No.known.fix Subscriber+.Stored.XSS HIGH" "broadstreet No.known.fix Cross-Site.Request.Forgery MEDIUM" "broadstreet 1.51.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.zone.Parameter MEDIUM" "bitcoin-payments No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bulk-image-title-attribute 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bonway-static-block-editor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "better-bp-registration No.known.fix Authentication.Bypass.to.Administrator CRITICAL" "b-testimonial 1.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bootstrap-collapse No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "blogintroduction-wordpress-plugin No.known.fix Settings.Update.via.CSRF MEDIUM" "backwpup 4.0.2 Admin+.Directory.Traversal MEDIUM" "backwpup 4.0.4 Unauthenticated.Backup.Download HIGH" "backwpup 4.0.2 Authenticated.(Administrator+).Directory.Traversal HIGH" "backwpup 3.4.2 Backup.File.Download HIGH" "bauernregeln No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "buddyforms-review 1.4.8 Reflected.Cross-Site.Scripting MEDIUM" "bellows-accordion-menu 1.4.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bellows-accordion-menu 1.4.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "brute-force-login-protection No.known.fix Arbitrary.IP.Removal/Add.via.CSRF MEDIUM" "buzzsprout-podcasting 1.8.5 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "bulk-user-editor No.known.fix Missing.Authorization MEDIUM" "blockart-blocks 2.1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "baiduseo No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "better-protected-pages No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "bu-section-editing No.known.fix Reflected.XSS HIGH" "bu-section-editing No.known.fix Reflected.Cross-Site.Scripting.via.[placeholder] MEDIUM" "breadcrumbs-shortcode 1.45 Reflected.Cross-Site.Scripting MEDIUM" "bigbluebutton No.known.fix Reflected.XSS HIGH" "bigbluebutton 2.2.4 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "backup-by-supsystic No.known.fix Authenticated.Arbitrary.File.Download.and.Deletion CRITICAL" "buddypress-profile-pro 2.0.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "b2bking 4.6.20 Subscriber+.Arbitrary.Products.Price.Update MEDIUM" "brands-for-woocommerce 3.8.2.3 Missing.Authorization.to.Unauthenticated.Order.Manipulation.and.Information.Retrieval MEDIUM" "brands-for-woocommerce 3.8.2.3 Cross-Site.Request.Forgery MEDIUM" "brands-for-woocommerce 3.8.2 Contributor+.Stored.XSS MEDIUM" "bizlibrary No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bizlibrary No.known.fix Admin+.Stored.XSS LOW" "basepress 2.16.3.4 Missing.Authorization.to.Authenticated.(Subscriber+).Database.Update MEDIUM" "basepress 2.16.2.1 Missing.Authorization MEDIUM" "basepress 2.16.2.1 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "basepress 2.15.14 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bp-profile-search 5.8 Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "bp-profile-search 5.6 Reflected.Cross-Site.Scripting.via.BPS_FORM MEDIUM" "bamazoo-button-generator No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.dgs.Shortcode MEDIUM" "booking-calendar-pro 11.2.20 Reflected.Cross-Site.Scripting.via.'calendar_id' MEDIUM" "booking-calendar-pro-payment 21.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "bbp-voting 2.1.11.1 Admin+.Stored.XSS LOW" "broadly No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "buddyforms-easypin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "buddyforms-easypin No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buddyforms-easypin No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "currency-switcher-for-woocommerce 0.0.8 Cross-Site.Request.Forgery MEDIUM" "cf7-field-validation No.known.fix Unauthenticated.SQLi HIGH" "contact-form-builder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "contact-form-builder 1.0.69 CSRF.to.LFI HIGH" "codepress-admin-columns 4.3 Admin+.Stored.XSS.in.Label LOW" "codepress-admin-columns 4.3.2 Authenticated.Stored.Cross-Site.Scripting.(XSS).in.Custom.Field MEDIUM" "coschedule-by-todaymade 3.3.9 CSRF MEDIUM" "compact-wp-audio-player 1.9.15 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "compact-wp-audio-player 1.9.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sc_embed_player.Shortcode MEDIUM" "compact-wp-audio-player 1.9.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.fileurl MEDIUM" "compact-wp-audio-player 1.9.8 Contributor+.Stored.XSS MEDIUM" "compact-wp-audio-player 1.9.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "compact-wp-audio-player 1.9.7 Setting.Change.via.CSRF MEDIUM" "cm-download-manager 3.0.0 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "cm-download-manager 2.9.0 Download.Deletion.via.CSRF MEDIUM" "cm-download-manager 2.9.1 Download.Edit.via.CSRF MEDIUM" "cm-download-manager 2.9.0 Download.Unpublish.via.CSRF MEDIUM" "cm-download-manager 2.8.6 Admin+.Arbitrary.File.Upload MEDIUM" "cm-download-manager 2.8.0 Authenticated.Arbitrary.File.Deletion MEDIUM" "cm-download-manager 2.8.0 Unauthenticated.Reflected.Cross.Site.Scripting.(XSS) MEDIUM" "cm-download-manager 2.8.0 Authenticated.Cross-Site.Scripting MEDIUM" "cm-download-manager 2.0.7 CSRF.to.Cross-Site.Scripting HIGH" "cm-download-manager 2.0.4 Unauthenticated.Code.Injection CRITICAL" "convertplug 3.5.31 ConvertPlus.<.3.5.31.-.Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Options.Update HIGH" "convertplug 3.5.26.1 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "convertplug 3.5.26 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "convertplug 3.5.26 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Arbitrary.Options.Update MEDIUM" "convertplug 3.4.5 Multiple.Issues HIGH" "common-tools-for-site No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "comments-import-export-woocommerce 2.4.4 Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "comments-import-export-woocommerce 2.3.9 Authenticated.(Author+).Arbitrary.File.Read.via.Directory.Traversal MEDIUM" "comments-import-export-woocommerce 2.3.6 Cross-Site.Request.Forgery MEDIUM" "comments-import-export-woocommerce 2.1.11 Cross-Site.Request.Forgery.(CSRF).Issue HIGH" "comment-press 2.7.2 Unauthenticated.Cross-Frame.Scripting HIGH" "category-post-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "currency-switcher-woocommerce 2.16.3 Reflected.Cross-Site.Scripting MEDIUM" "currency-switcher-woocommerce 2.11.2 Security.Restrictions.Bypass MEDIUM" "custom-field-template 2.6.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-field-template 2.6.2 Authenticated(Constibutor+).Stored.Cross-Site.Scripting.via.Custom.Field.Name MEDIUM" "custom-field-template 2.6.2 Authenticated.(Admin+).Stored.Cross-Site.Scritping MEDIUM" "custom-field-template 2.6.2 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "custom-field-template 2.6.2 Authenticated(Contributor+).Information.Exposure MEDIUM" "custom-field-template 2.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.$search_label MEDIUM" "custom-field-template 2.6 Reflected.Cross-Site.Scripting HIGH" "custom-field-template 2.5.9 Cross-Site.Request.Forgery MEDIUM" "custom-field-template 2.5.8 Admin+.PHP.Object.Injection LOW" "custom-field-template 2.5.2 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "custom-field-template 2.5.2 Cross-Site.Request.Forgery MEDIUM" "contact-us-by-lord-linus No.known.fix Admin+.Stored.XSS.via.CSRF HIGH" "contact-us-by-lord-linus No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "clockwork-two-factor-authentication 1.1.0 Cross-Site.Scripting.(XSS) MEDIUM" "classyfrieds No.known.fix Authenticated.Arbitrary.File.Upload.to.RCE CRITICAL" "comparepress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "clients No.known.fix Missing.Authorization MEDIUM" "clients No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "click-pledge-connect 2.24120000-WP6.7.1 Unauthenticated.SQL.Injection HIGH" "candifly No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "clickdesigns 2.0.0 Missing.Authorization.to.API.Key.Modification.or.Removal MEDIUM" "cf7-cc-avenue-add-on No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cms-press No.known.fix Admin+.Stored.XSS LOW" "crazy-call-to-action-box No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "captainform No.known.fix Reflected.Cross-Site.Scripting.via.REQUEST_URI MEDIUM" "captainform No.known.fix CSRF MEDIUM" "cwicly 1.4.0.3 Authenticated.(Contributor+).Remote.Code.Execution HIGH" "comment-license 1.4.0 Arbitrary.Settings.Update.via.CSRF MEDIUM" "cost-calculator-for-elementor 1.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "coditor No.known.fix Arbitrary.File.Edition,.Deletion.and.Internal.Directory.Listing.in.wp-content CRITICAL" "cloud-sso-single-sign-on 1.0.14 Reflected.Cross-Site.Scripting MEDIUM" "cforms2 15.0.7 Unauthenticated.Stored.XSS HIGH" "cforms2 15.0.7 Admin+.Stored.XSS LOW" "cforms2 15.0.5 Settings.Update.via.CSRF MEDIUM" "cforms2 15.0.2 Unauthenticated.HTML.Injection.&.CSRF HIGH" "cforms2 14.13.3 Multiple.XSS MEDIUM" "cforms2 14.13 SQL.Injection CRITICAL" "cforms2 14.6.10 SQL.Injection CRITICAL" "cart-tracking-for-woocommerce 1.0.18 Authenticated.(Administrator+).SQL.Injection MEDIUM" "cart-tracking-for-woocommerce 1.0.17 Authenticated.(Administrator+).SQL.Injection MEDIUM" "cart-tracking-for-woocommerce 1.0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "captcha-for-contact-form-7 1.11.4 Captcha.Bypass MEDIUM" "cryptocurrency-product-for-woocommerce 3.16.10 Reflected.Cross-Site.Scripting MEDIUM" "cryptocurrency-product-for-woocommerce 3.14.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "canto 3.0.9 Unauthenticated.Remote.File.Inclusion CRITICAL" "canto 3.0.7 Unauthenticated.RCE CRITICAL" "canto 3.0.5 Unauthenticated.Remote.File.Inclusion CRITICAL" "canto 3.0.9 Unauthenticated.Blind.SSRF MEDIUM" "cf7-constant-contact-fields-mapping No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cf7-constant-contact-fields-mapping No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "copyright-safeguard-footer-notice No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "convert-classic-editor-to-blocks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "convert-classic-editor-to-blocks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cf7-invisible-recaptcha 1.3.4 CSRF MEDIUM" "cf7-invisible-recaptcha 1.3.2 XSS MEDIUM" "css-javascript-toolbox 11.9 Contributor+.Stored.XSS MEDIUM" "crm-perks-forms 1.1.4 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "crm-perks-forms 1.1.6 Missing.Authorization.to.Unauthenticated.Form.Submission MEDIUM" "crm-perks-forms 1.1.5 Authenticated.(Contributor+).SQL.Injection CRITICAL" "crm-perks-forms 1.1.5 Unauthenticated.SQL.Injection CRITICAL" "crm-perks-forms 1.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "crm-perks-forms 1.1.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "crm-perks-forms 1.1.2 Admin+.Stored.Cross-Site.Scripting MEDIUM" "crm-perks-forms 1.1.1 Reflected.XSS HIGH" "cg-scroll-to-top No.known.fix .Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "custom-fields-account-registration-for-woocommerce 1.2 Cross-Site.Request.Forgery MEDIUM" "contact-form-with-captcha No.known.fix Cross-Site.Request.Forgery MEDIUM" "contact-form-with-captcha 1.6.8 CSRF.to.Stored.Cross-Site.Scripting HIGH" "chat-bubble No.known.fix Admin+.Stored.XSS LOW" "chat-bubble No.known.fix Settings.Update.via.CSRF MEDIUM" "chat-bubble 2.3 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "custom-settings No.known.fix Admin+.Stored XSS LOW" "cpt-onomies No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "campation-postoffice No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "campation-postoffice 1.1.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "contests-from-rewards-fuel 2.0.66 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "contests-from-rewards-fuel 2.0.63 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "contests-from-rewards-fuel 2.0.65 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.update_rewards_fuel_api_key MEDIUM" "common-ninja No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cf7-salesforce 1.4.5 Unauthenticated.Full.Path.Disclosure MEDIUM" "cf7-salesforce 1.4.0 Cross-Site.Request.Forgery MEDIUM" "cf7-salesforce 1.2.6 Reflected.Cross-Site.Scripting HIGH" "counter-box 2.0.7 Authenticated.(Administrator+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "counter-box 2.0.6 Cross-Site.Request.Forgery MEDIUM" "counter-box 1.2.4 Counter.Deletion.via.CSRF MEDIUM" "counter-box 1.2.2 Reflected.XSS MEDIUM" "counter-box 1.2.1 Arbitrary.Counter.Activation/Deactivation.via.CSRF MEDIUM" "counter-box 1.2 Admin+.LFI MEDIUM" "ctt-expresso-para-woocommerce 3.2.13 Information.Exposure.via.Unprotected.Directory MEDIUM" "ctt-expresso-para-woocommerce 3.2.13 Admin+.Stored.XSS LOW" "ctt-expresso-para-woocommerce 3.2.12 Admin+.Stored.XSS LOW" "cats-job-listings No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "categories-gallery-woocommerce No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "cits-support-svg-webp-media-upload No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "cits-support-svg-webp-media-upload No.known.fix Cross-Site.Request.Forgery.to.Font.Assignment.Deletion MEDIUM" "cits-support-svg-webp-media-upload 3.0 Author+.Stored.XSS.via.SVG MEDIUM" "carrrot No.known.fix Admin+.Stored.XSS LOW" "charitable 1.8.5.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "charitable 1.8.4.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "charitable 1.8.3.1 Reflected.Cross-Site.Scripting MEDIUM" "charitable 1.8.1.15 Insecure.Direct.Object.Reference.to.Account.Takeover.and.Privilege.Escalation CRITICAL" "charitable 1.8.1.8 Missing.Authorization.via.ajax_license_check() MEDIUM" "charitable 1.8.1.8 Missing.Authorization.to.Unauthorized.Donation MEDIUM" "charitable 1.7.0.14 Authenticated(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "charitable 1.7.0.13 Unauthenticated.Privilege.Escalation CRITICAL" "charitable 1.7.0.11 Reflected.XSS HIGH" "charitable 1.6.51 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "charitable 1.6.51 Donation.Plugin.<.1.6.51.-.Unauthenticated.Stored.Cross-Site.Scripting HIGH" "charitable 1.5.14 Unauthorised.Access HIGH" "campus-explorer-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7-round-robin-lead-distribution No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "contact-form-7-round-robin-lead-distribution No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "code-manager 1.0.26 Reflected.Cross-Site.Scripting MEDIUM" "code-manager 1.0.14 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "catchers-helpdesk No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "captain-slider No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "cryptocurrency No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cryptocurrency No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cryptocurrency No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "catch-dark-mode No.known.fix Contributor+.Local.File.Inclusion HIGH" "content-control 2.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "content-control 2.6.0 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "content-control 2.2.0 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "content-control 1.1.10 Contributor+.Stored.XSS MEDIUM" "cf7-google-sheets-connector 5.0.18 Missing.Authorization MEDIUM" "cf7-google-sheets-connector 5.0.10 Missing.Authorization.to.Limited.Site.Configuration.Update MEDIUM" "cf7-google-sheets-connector 5.0.6 Unauthenticated.Sensitive.Information.Exposure.via.Debug.Log HIGH" "cf7-google-sheets-connector 5.0.2 Reflected.XSS HIGH" "cliengo No.known.fix Cross-Site.Request.Forgery MEDIUM" "cliengo 3.0.3 Chatbot.<.3.0.3.-.Missing.Authorization.to.Unauthenticated.Chatbot.Settings.Update MEDIUM" "cliengo 3.0.3 Chatbot.<.3.0.3.-.Missing.Authorization.to.Authorized.(Subscriber+).Chatbot.Settings.Update MEDIUM" "cackle No.known.fix Cross-Site.Request.Forgery MEDIUM" "chameleon-css No.known.fix Subscriber+.SQL.Injection CRITICAL" "country-state-city-auto-dropdown 2.7.3 Unauthenticated.SQL.Injection CRITICAL" "country-state-city-auto-dropdown 2.7.2 Missing.Authorization MEDIUM" "category-d3-tree No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "contact-form-7 6.0.6 Order.Replay.Vulnerability MEDIUM" "contact-form-7 5.9.5 Unauthenticated.Open.Redirect MEDIUM" "contact-form-7 5.9.2 Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7 5.8.4 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "contact-form-7 5.3.2 Unrestricted.File.Upload HIGH" "contact-form-7 5.0.4 register_post_type().Privilege.Escalation CRITICAL" "click-datos-lopd No.known.fix Reflected.XSS HIGH" "constant-contact-forms 2.4.3 Information.Disclosure.via.Log.Files MEDIUM" "constant-contact-forms 1.8.8 Multiple.Authenticated.Stored.XSS MEDIUM" "contact-form-7-style No.known.fix Cross-Site.Request.Forgery MEDIUM" "contact-form-7-style No.known.fix CSRF.Bypass.in.Multiple.Plugins MEDIUM" "contact-form-7-style No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting HIGH" "content-slider-block 3.1.6 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "cryptocloud-crypto-payment-gateway No.known.fix Crypto.Payment.Gateway.<=.2.1.2.-.Missing.Authorization MEDIUM" "cost-of-goods-for-woocommerce 3.7.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cost-of-goods-for-woocommerce 3.2.9 Reflected.Cross-Site.Scripting MEDIUM" "cm-faq 1.2.6 Reflected.Cross-Site.Scripting MEDIUM" "cookiemonster No.known.fix Admin+.Stored.XSS LOW" "custom-post-order-category 2.0 Missing.Authorization MEDIUM" "contact-forms-anti-spam 2.2.8 Cross-Site.Request.Forgery.to.Plugin.Settings.Change MEDIUM" "contact-forms-anti-spam 2.1.3 Advanced.Spam.protection.<.2.1.3.-.Admin+.Stored.XSS LOW" "contact-forms-anti-spam 0.10.7 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "contact-forms-anti-spam 0.9.3 Unauthenticated.Stored.Cross-Site.Scripting.via.efas_add_to_log MEDIUM" "contact-forms-anti-spam 0.10.4 IP.Validation.Bypass MEDIUM" "contact-forms-anti-spam 0.7.9 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "coupon-x-discount-pop-up 1.3.6 Missing.Authorization.to.Authenticated.(Contributor+).PHP.Object.Injection HIGH" "coupon-x-discount-pop-up 1.3.6 Missing.Authorization MEDIUM" "comments-not-replied-to 1.5.8 Reflected.Cross-Site.Scripting MEDIUM" "comments-not-replied-to 1.5.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "captivatesync-trade 2.0.26 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "codesnips No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-store-locator 1.4.8 Reflected.Cross-Site.SCripting MEDIUM" "colorlib-coming-soon-maintenance No.known.fix Information.Exposure MEDIUM" "colorlib-coming-soon-maintenance 1.0.99 Admin+.Stored.Cross.Site.Scripting LOW" "cf7-repeatable-fields 2.0.2 Repeatable.Fields.<.2.0.2.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.field_group.Shortcode MEDIUM" "custom-order-statuses-for-woocommerce No.known.fix Missing.Authorization MEDIUM" "custom-order-statuses-for-woocommerce No.known.fix Cross-Site.Request.Forgery MEDIUM" "cardealer 4.48 Missing.Authorization MEDIUM" "cardealer 4.16 Admin+.Content.Injection LOW" "cardealer 3.05 Subscriber+.Arbitrary.Plugin.Installation HIGH" "custom-codes 2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "chatpressai 1.0.1 Reflected.Cross-Site.Scripting MEDIUM" "categorized-gallery No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "contact-form-7-designer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "custom-font-uploader 2.4.0 Custom.Font.Uploader.<.2.4.0.-.Missing.Authorization.to.Font.Deletion MEDIUM" "custom-font-uploader 2.2.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "catch-popup No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "create-block-theme 1.2.2 Unauthenticated.Arbitrary.File.Upload CRITICAL" "cyber-new-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "comment-reply-email 1.5 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "comment-reply-email 1.0.4 Admin+.Stored.XSS LOW" "comment-blacklist-updater 1.2.0 Cross-Site.Request.Forgery.via.update_blacklist_manual MEDIUM" "camoo-sms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "canecto No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "custom-admin-menu No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "canvasio3d-light No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "canvasio3d-light No.known.fix Subscriber+.Entries.Update/Deletion MEDIUM" "canvasio3d-light No.known.fix Reflected.XSS HIGH" "custom-field-for-wp-job-manager 1.5 Cross-Site.Request.Forgery MEDIUM" "custom-field-for-wp-job-manager 1.4 Reflected.Cross-Site.Scripting MEDIUM" "custom-field-for-wp-job-manager 1.3 .Insecure.Direct.Object.Reference.to.Sensitive.Information.Exposure.via.Shortcode MEDIUM" "custom-field-for-wp-job-manager 1.2 Admin+.Stored.XSS LOW" "custom-field-for-wp-job-manager 1.2 Admin+.Stored.XSS LOW" "conditional-payments 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "crm2go No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cysteme-finder 1.4 Unauthenticated.LFI.and.Unauthenticated.File.Upload CRITICAL" "custom-post-type-cpt-cusom-taxonomy-ct-manager No.known.fix Stored.XSS.via.CSRF HIGH" "convertcalculator 1.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "convertcalculator 1.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.and.type.Parameter MEDIUM" "custom-twitter-feeds 2.3.0 Cross-Site.Request.Forgery.to.Cache.Reset.via.ctf_clear_cache_admin.Function MEDIUM" "custom-twitter-feeds 2.2.4 Cross-Site.Request.Forgery MEDIUM" "custom-twitter-feeds 2.2.3 Admin+.Stored.XSS LOW" "custom-twitter-feeds 2.2.2 Cross-Site.Request.Forgery.to.Plugin.Options.Update MEDIUM" "custom-twitter-feeds 2.2 Cross-Site.Request.Forgery MEDIUM" "custom-twitter-feeds 2.0 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "custom-twitter-feeds 1.8.2 Reflected.Cross-Site.Scripting MEDIUM" "changyan No.known.fix Missing.Authorization MEDIUM" "cf7-calendly-integration No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cpt-shortcode No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "cpt-shortcode No.known.fix Admin+.Stored.XSS LOW" "cryptocurrency-donation-box 1.8 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "category-posts 4.9.20 Admin+.Stored.XSS LOW" "category-posts 4.9.18 Admin+.Stored.XSS LOW" "category-posts 4.9.17 Admin+.Stored.XSS LOW" "conversational-forms 1.4.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "conversational-forms 1.3.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "conversational-forms 1.2.0 Unauthenticated.Arbitrary.File.Download HIGH" "conversational-forms 1.17 Admin+.Stored.XSS LOW" "csv-mass-importer No.known.fix Admin+.Arbitrary.File.Upload MEDIUM" "custom-my-account-for-woocommerce No.known.fix Stored.XSS.via.CSRF HIGH" "cresta-addons-for-elementor 1.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-user-css No.known.fix Settings.Update.via.CSRF MEDIUM" "cardinity-free-payment-gateway-for-woocommerce 3.0.7 Reflected.Cross-Site.Scripting HIGH" "cp-polls 1.0.75 Reflected.Cross-Site.Scripting MEDIUM" "cp-polls 1.0.77 Admin+.Stored.XSS.via.Custom.Styles LOW" "cp-polls 1.0.77 Admin+.Stored.Cross-Site.Scripting LOW" "cp-polls 1.0.72 Unauthenticated.Content.Injection MEDIUM" "cp-polls 1.0.72 Unauthenticated.Poll.Limit.Bypass MEDIUM" "cp-polls 1.0.9 Multiple.CSRF.Vulnerabilities MEDIUM" "cp-polls 1.0.9 Multiple.XSS.Vulnerabilities MEDIUM" "custom-welcome-guide 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "custom-welcome-guide 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cxc-sawa No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "capabilities-pro 2.5.2 Admin+.PHP.Objection.Injection MEDIUM" "capabilities-pro 2.3.1 Unauthenticated.Arbitrary.Options.Update.to.Blog.Compromise CRITICAL" "creative-mail-by-constant-contact 1.6.0 Settings.Reset.via.CSRF MEDIUM" "creative-mail-by-constant-contact 1.6.0 Multiple.CSRF MEDIUM" "creative-mail-by-constant-contact 1.6.0 CSRF MEDIUM" "contractor-contact-form-website-to-workflow-tool 4.1.0 Reflected.XSS HIGH" "copy-me No.known.fix Copy.Posts.Cross-Site.Request.Forgery.(CSRF) MEDIUM" "connections No.known.fix Authenticated.(Admin+).Arbitrary.Directory.Deletion MEDIUM" "connections 10.4.37 Contributor+.Stored.XSS MEDIUM" "connections 10.4.3 Admin+.Stored.Cross-Site.Scripting LOW" "connections 9.7 Admin+.CSV.Injection MEDIUM" "connections 8.5.9 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "covermanager No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "canonical-attachments No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "coupon-reveal-button 1.2.6 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "cobwebo-url No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "coub No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "countdown-time 1.2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "countdown-time 1.2.5 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "custom-dashboard-page No.known.fix Cross-Site.Request.Forgery MEDIUM" "cpo-companion No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cpo-companion 1.1.0 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "cpo-companion 1.1.0 Admin+.Stored.XSS LOW" "cool-tag-cloud 2.26 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "cm-invitation-codes No.known.fix Missing.Authorization MEDIUM" "contact-form-7-campaign-monitor-extension No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.File.Deletion CRITICAL" "child-support-calculator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "child-support-calculator 1.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "catch-breadcrumb 1.7 Unauthorised.Plugin's.Setting.Change MEDIUM" "catch-breadcrumb 1.5.7 Unauthenticated.Reflected.XSS MEDIUM" "coming-soon-by-supsystic 1.7.11 Cross-Site.Request.Forgery MEDIUM" "coming-soon-by-supsystic 1.7.6 Reflected.Cross-Site.Scripting MEDIUM" "chaty 3.3.6 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "chaty 3.2.3 Admin+.Stored.XSS LOW" "chaty 3.1.9 Editor+.Stored.XSS LOW" "chaty 3.1.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "chaty 3.1.2 Admin+.Stored.Cross-Site.Scripting LOW" "chaty 3.1 Admin+.Stored.Cross-Site.Scripting LOW" "chaty 3.1 Reflected.XSS HIGH" "chaty 3.0.3 Admin+.SQLi MEDIUM" "chaty 2.8.4 Admin+.Stored.Cross-Site.Scripting MEDIUM" "chaty 2.8.3 Reflected.Cross-Site.Scripting HIGH" "codoc 0.9.52 Reflected.Cross-Site.Scripting MEDIUM" "cab-fare-calculator 1.1.7 Admin+.Stored.XSS LOW" "cab-fare-calculator 1.0.4 Unauthenticated.LFI MEDIUM" "contact-form-7-dynamic-text-extension 5.0.2 Cross-Site.Request.Forgery MEDIUM" "contact-form-7-dynamic-text-extension 4.5.1 Information.Disclosure.via.Shortcode MEDIUM" "contact-form-7-dynamic-text-extension 4.2.0 Insecure.Direct.Object.Reference MEDIUM" "colour-smooth-maps No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cartoon-url No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "chesstempoviewer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "content-protector 4.2.11 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "content-protector 4.2.6.5 Contributor+.Stored.XSS.via.content_protector.Shortcode MEDIUM" "content-protector 4.2.6.3 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "content-protector 4.2.2 Reflected.Cross-Site.Scripting MEDIUM" "content-protector 3.5.5.9 Protection.Bypass.&.Arbitrary.Post.Access HIGH" "content-protector 3.5.5.8 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "content-protector 3.5.5.5.2 Insecure.Storage.of.Password MEDIUM" "content-protector 3.5.5.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "copy-menu No.known.fix Missing.Authorization MEDIUM" "contact-form-7-multi-step-module 4.3.1 Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7-multi-step-module 4.1.91 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "contact-form-7-multi-step-module 3.0.9 Subscriber+.Arbitrary.Option.Update CRITICAL" "chat-bee No.known.fix Admin+.Stored.XSS LOW" "craw-data No.known.fix Server.Side.Request.Forgery MEDIUM" "convertbox-auto-embed 1.0.20 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "coupon-referral-program No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "coupon-referral-program No.known.fix Sensitive.Information.Disclosure MEDIUM" "campaign-monitor-wp 2.5.8 Reflected.Cross-Site.Scripting MEDIUM" "campaign-monitor-wp 2.5.6 Subscriber+.Arbitrary.Options.Update MEDIUM" "cardoza-3d-tag-cloud No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "cardoza-3d-tag-cloud No.known.fix Stored.XSS.via.CSRF MEDIUM" "check-pincode-for-woocommerce 1.2 Reflected.Cross-Site.Scripting MEDIUM" "custom-url-shorter No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "customer-chat-facebook No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "customer-chat-facebook No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "customer-chat-facebook No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "control-listings 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "cardoza-wordpress-poll No.known.fix Authenticated.SQL.Injection HIGH" "cardoza-wordpress-poll 34.06 Multiple.External.Function.Remote.Poll.Manipulation CRITICAL" "cardoza-wordpress-poll 33.6 Multiple.SQL.Injection.Vulnerabilities CRITICAL" "customize-login-image 3.5.3 Admin+.Stored.Cross-Site.Scripting LOW" "catch-web-tools 2.7.1 Subscriber+.Arbitrary.Catch.IDs.Activation/Deactivation MEDIUM" "catch-web-tools 2.7 Unauthorised.Plugin's.Setting.Change MEDIUM" "comment-link-remove 2.1.6 Arbitrary.Comment.Deletion.via.CSRF MEDIUM" "contact-form-7-datepicker No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "checkfront-wp-booking 3.7 Settings.Update.via.CSRF MEDIUM" "cf7-hubspot 1.3.2 Cross-Site.Request.Forgery MEDIUM" "cf7-hubspot 1.2.0 Reflected.Cross-Site.Scripting HIGH" "content-restrictor-for-divi 1.4.3 Reflected.Cross-Site.Scripting MEDIUM" "content-restrictor-for-divi 1.4.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "clever-fox 25.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "clever-fox 25.2.1 Missing.Authorization.to.arbitrary.theme.activation.via.clever-fox-activate-theme MEDIUM" "catch-under-construction 1.4 Unauthorised.Plugin's.Setting.Change MEDIUM" "cp-easy-form-builder 1.2.42 Authenticated.(Contributor+).SQL.Injection MEDIUM" "cp-easy-form-builder 1.2.42 Authenticated.(Contributor+).SQL.Injection MEDIUM" "cp-easy-form-builder 1.2.32 Admin+.Stored.Cross-Site.Scripting LOW" "cc-bmi-calculator 2.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cc-bmi-calculator 2.1.0 Contributor+.Stored.XSS MEDIUM" "chatroll-live-chat 2.6.0 Contributor+.Stored.XSS MEDIUM" "captchelfie-captcha-by-selfie No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "contest-gallery 26.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "contest-gallery 26.0.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "contest-gallery 25.1.2 Authenticated.(Author+).SQL.Injection MEDIUM" "contest-gallery 24.0.4 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "contest-gallery 24.0.8 Unauthenticated.Arbitrary.Password.Reset CRITICAL" "contest-gallery 24.0.4 Unauthenticated.SQL.Injection CRITICAL" "contest-gallery 23.1.3 Unauthenticated.Information.Exposure MEDIUM" "contest-gallery 23.1.3 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "contest-gallery 21.3.5 Authenticated.(Author+).Arbitrary.File.Deletion MEDIUM" "contest-gallery 21.3.6 Reflected.Cross-Site.Scripting MEDIUM" "contest-gallery 21.3.5 Authenticated.(Contributor+).SQL.Injection CRITICAL" "contest-gallery 21.3.2.1 Authenticated.(Contributor+).SQL.Injection CRITICAL" "contest-gallery 21.3.1 Author+.Stored.Cross.Site.Scripting MEDIUM" "contest-gallery 21.2.9 Cross-Site.Request.Forgery MEDIUM" "contest-gallery 21.2.8.1 Unauthenticated.Stored.XSS.via.HTTP.Headers HIGH" "contest-gallery 21.1.2.1 Reflected.XSS HIGH" "contest-gallery 19.1.5 Admin+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5.1 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Unauthenticated.SQL.Injection HIGH" "contest-gallery 19.1.5 Admin+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5.1 Unauthenticated.SQL.Injection HIGH" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5.1 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Admin+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 14.0.0 Unauthenticated.Stored.XSS MEDIUM" "contest-gallery 17.0.5 Author+.SQLi HIGH" "contest-gallery 14.0.0 Author+.Stored.Cross-Site.Scripting MEDIUM" "contest-gallery 13.1.0.7 Subscriber+.Email.Address.Disclosure MEDIUM" "contest-gallery 13.1.0.6 Missing.Access.Controls.to.Unauthenticated.SQL.injection./.Email.Address.Disclosure HIGH" "contest-gallery 10.4.5 Cross-Site.Request.Forgery.(CSRF) HIGH" "comicbookmanagementsystemweeklypicks 2.2.0 Admin+.SQLi MEDIUM" "cloak-front-end-email 1.9.6 Missing.Authorization MEDIUM" "cloak-front-end-email 1.9.2 Contributor+.Stored.XSS MEDIUM" "cs-element-bucket No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-list-table-example No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "category-icon No.known.fix Authenticated.(Author+).XML.External.Entity.Injection MEDIUM" "category-icon 1.0.2 Author+.Arbitrary.File.Download MEDIUM" "category-icon 1.0.1 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "cf7-message-filter 1.6.33 Authenticated.(Administrator+).SQL.Injection MEDIUM" "cf7-message-filter 1.6.3.1 Subscriber+.Filter.Creation MEDIUM" "cf7-message-filter 1.6.3.1 Subscriber+.Filter.Updates/Deletions MEDIUM" "cf7-message-filter 1.6.2 Reflected.Cross-Site.Scripting MEDIUM" "cf7-message-filter 1.4.3 Reflected.Cross-Site.Scripting MEDIUM" "customizable-captcha-and-contact-us-form No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "coming-soon 6.18.16 Subscriber+.Sensitive.Information.Exposure MEDIUM" "coming-soon 6.18.4 Editor+.Stored.XSS MEDIUM" "coming-soon 6.15.22 Unauthenticated.Plugin.Page.Content.Update MEDIUM" "coming-soon 6.15.15.3 Arbitrary.Settings.Update.via.CSRF MEDIUM" "coming-soon 5.1.2 Authenticated.Stored.Cross.Site.Scripting.(XSS) LOW" "cloud No.known.fix Unauthenticated.Arbitrary.File.Read HIGH" "clean-contact No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "content-syndication-toolkit-reader No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "civicrm 5.28.1 CSRF.to.Stored.XSS MEDIUM" "civicrm 5.24.3 Authenticated.Phar.Deserialization MEDIUM" "card-oracle 1.1.6 Reflected.Cross-Site.Scripting MEDIUM" "card-oracle 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "content-audit 1.9.2 Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "custom-dash No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "custom-post-type-pdf-attachment 3.4.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.pdf_attachment.Shortcode MEDIUM" "catch-ids 2.4 Unauthorised.Plugin's.Setting.Change MEDIUM" "chart-builder 3.1.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "chart-builder 2.9.6 Unauthenticated.Local.File.Inclusion.via.source CRITICAL" "chart-builder 2.7.7 Reflected.Cross-Site.Scripting MEDIUM" "chart-builder 2.0.7 Authenticated(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "chart-builder 1.9.7 Admin+.Stored.XSS LOW" "contact-us-page-contact-people No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.style.Parameter MEDIUM" "contact-us-page-contact-people 3.7.1 Contact.people.LITE.<.3.7.1.-.Contact.Update/Deletion/Creation.via.CSRF MEDIUM" "cp-simple-newsletter No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cp-simple-newsletter No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "cbxgooglemap No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cbxgooglemap 1.1.12 Contributor+.Stored.XSS MEDIUM" "cbxgooglemap 1.1.12 Contributor+.Stored.XSS.via.shortcode MEDIUM" "custom-coming-soon No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "codescar-radio-widget No.known.fix .Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "comfino-payment-gateway 4.1.2 Reflected.Cross-Site.Scripting HIGH" "c9-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "c9-blocks No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "custom-simple-rss 2.0.7 CSRF MEDIUM" "coins-marketcap 5.5.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "contact-form-7-simple-recaptcha 0.1.2 Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7-simple-recaptcha 0.0.9 CSRF.to.Stored.XSS HIGH" "content-aware-sidebars 3.19.1 Reflected.Cross-Site.Scripting MEDIUM" "content-aware-sidebars 3.17.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "content-aware-sidebars 3.8.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "coreactivity 2.7.1 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "coreactivity 2.1 Unauthenticated.IP.Spoofing MEDIUM" "coreactivity 1.8.1 Unauthenticated.Stored.XSS HIGH" "contact-form-plugin 4.2.9 Reflected.Cross-Site.Scripting.via.cntctfrm_contact_address MEDIUM" "contact-form-plugin 4.2.9 Reflected.Cross-Site.Scripting.via.cntctfrm_contact_subject MEDIUM" "contact-form-plugin 4.0.6 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "contact-form-plugin 4.0.2 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "contact-form-plugin 3.96 XSS MEDIUM" "contact-form-plugin 3.82 Unauthorized.Language.Manipulation MEDIUM" "contact-form-plugin 3.82 contact_form.php.cntctfrm_contact_email.Parameter.XSS MEDIUM" "chilexpress-oficial No.known.fix Reflected.XSS HIGH" "configure-login-timeout No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "cf7-utm-tracking No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "coinbase-commerce-for-contact-form-7 1.1.2 Reflected.Cross-Site.Scripting MEDIUM" "custom-post-type-ui 1.13.5 Debug.Info.Sending.via.CSRF LOW" "cm-answers 3.3.4 Cross-Site.Request.Forgery MEDIUM" "cm-answers 3.2.7 Missing.Authorization MEDIUM" "cm-answers 3.2.0 Admin+.Stored.XSS LOW" "customizely No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "customizely 1.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "connect-contact-form-7-to-constant-contact-v3 1.5 Reflected.Cross-Site.Scripting MEDIUM" "ct-ultimate-gdpr 2.5 Unauthenticated.Plugin.Settings.Export.and.Import CRITICAL" "contact-form-by-supsystic 1.7.30 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting.via.saveAsCopy.AJAX.Action MEDIUM" "contact-form-by-supsystic 1.7.29 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "contact-form-by-supsystic 1.7.29 Authenticated.(Admin+).Remote.Code.Execution HIGH" "contact-form-by-supsystic 1.7.28 CSRF MEDIUM" "contact-form-by-supsystic 1.7.25 CSRF MEDIUM" "contact-form-by-supsystic 1.7.20 Admin+.Stored.Cross-Site.Scripting LOW" "contact-form-by-supsystic 1.7.15 Reflected.Cross-Site.scripting.(XSS) HIGH" "contact-form-by-supsystic 1.7.11 Authenticated.SQL.Injections CRITICAL" "contact-form-by-supsystic 1.7.7 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "cmb2 2.11.0 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "coronavirus-data-widgets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "code-snippets-extended No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "code-snippets-extended No.known.fix Arbitrary.Snippet.Deletion/Disabling.via.CSRF MEDIUM" "code-snippets-extended No.known.fix RCE.via.CSRF HIGH" "carousel-of-post-images No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "church-management No.known.fix Unauthenticated.SQL.Injection HIGH" "church-management No.known.fix Subscriber+.Privilege.Escalation HIGH" "church-management No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "church-management No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "contact-form-ready No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "contact-form-ready 2.0.12 Form.Styling.Update.via.CSRF MEDIUM" "classified-listing-store 1.4.20 Reflected.Cross-Site.Scripting MEDIUM" "cookie-bar 2.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "cookie-bar 1.8.9 Admin+.Stored.Cross-Site.Scripting LOW" "collectchat 2.4.4 Admin+.XSS LOW" "collectchat 2.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "collectchat 2.4.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "content-repeater No.known.fix Admin+.Stored.XSS LOW" "cpa-offerwall No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cmp-coming-soon-maintenance 4.1.15 Admin+.Arbitrary.File.Upload MEDIUM" "cmp-coming-soon-maintenance 4.1.11 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "cmp-coming-soon-maintenance 4.1.8 Maintenance.Mode.Bypass MEDIUM" "cmp-coming-soon-maintenance 4.1.7 Unauthenticated.Post/Page.Access.in.Maintenance.Mode MEDIUM" "cmp-coming-soon-maintenance 4.0.19 Unauthenticated.Arbitrary.CSS.Update HIGH" "cmp-coming-soon-maintenance 3.8.2 Coming.Soon.&.Maintenance.<.3.8.2.-.Improper.Access.Controls.on.AJAX.Calls HIGH" "coupons 1.4.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "comments-disable-accesspress 1.0.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "capability-manager-enhanced 2.5.2 Admin+.PHP.Objection.Injection MEDIUM" "capability-manager-enhanced 2.3.3 Reflected.Cross-Site.Scripting MEDIUM" "capability-manager-enhanced 2.3.1 Unauthenticated.Arbitrary.Options.Update.to.Blog.Compromise CRITICAL" "custom-scroll-bar-designer No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "complete-google-seo-scan No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "content-grabber No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "contexture-page-security No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "checkout-for-paypal 1.0.39 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "checkout-for-paypal 1.0.33 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "checkout-for-paypal 1.0.14 Contributor+.Stored.XSS MEDIUM" "categorify 1.0.7.5 Cross-Site.Request.Forgery.via.categorifyAjaxRenameCategory MEDIUM" "categorify 1.0.7.5 Cross-Site.Request.Forgery.via.categorifyAjaxAddCategory MEDIUM" "categorify 1.0.7.5 Cross-Site.Request.Forgery.via.categorifyAjaxClearCategory MEDIUM" "categorify 1.0.7.5 Cross-Site.Request.Forgery.via.categorifyAjaxDeleteCategory MEDIUM" "categorify 1.0.7.5 Missing.Authorization.in.categorifyAjaxRenameCategory MEDIUM" "categorify 1.0.7.5 Missing.Authorization.in.categorifyAjaxUpdateFolderPosition MEDIUM" "categorify 1.0.7.5 Cross-Site.Request.Forgery.via.categorifyAjaxUpdateFolderPosition MEDIUM" "categorify 1.0.7.5 Missing.Authorization.in.categorifyAjaxClearCategory MEDIUM" "categorify 1.0.7.5 Missing.Authorization.in.categorifyAjaxDeleteCategory MEDIUM" "categorify 1.0.7.5 Missing.Authorization.in.categorifyAjaxAddCategory MEDIUM" "categorify 1.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "carousel-slider 2.0.0 Cross-Site.Request.Forgery MEDIUM" "carousel-slider 2.2.4 Cross-Site.Request.Forgery MEDIUM" "carousel-slider 2.2.4 Editor+.Stored.XSS LOW" "carousel-slider 2.2.11 Editor+.Stored.XSS LOW" "carousel-slider 2.2.10 Editor+.Stored.XSS MEDIUM" "carousel-slider 2.2.7 Editor+.Stored.XSS LOW" "carousel-slider 2.2.3 Missing.Authorization MEDIUM" "cf7-builder No.known.fix Cross-Site.Request.Forgery MEDIUM" "custom-post-limits No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "christian-science-bible-lesson-subjects 2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "conversion-de-moneda No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cazamba No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cartflows 2.0.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cartflows 2.0.2 Editor+.Stored.XSS LOW" "cartflows 1.6.13 Authenticated.Stored.XSS.via.FB.Pixel.ID.and.Google.Analytics.ID MEDIUM" "cartflows 1.5.16 Cross-Site.Request.Forgery MEDIUM" "cartflows 1.5.16 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "custom-map No.known.fix Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "cision-block 4.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "contact-form-submissions 1.7.3 Unauthenticated.Stored.XSS HIGH" "contact-form-submissions 1.7.1 Authenticated.SQL.Injection MEDIUM" "contact-form-submissions 1.7.1 Authenticated.Double.Query.SQL.injection MEDIUM" "cookie-notice-bar No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "cloudflare 4.12.3 Missing.Authorization.via.initProxy MEDIUM" "cloudflare 1.1.12 Unauthenticated.RCE.via.PHPUnit CRITICAL" "content-sidebars No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "content-sidebars 1.6.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "customer-area 8.2.5 Event.Log.Deletion.via.CSRF MEDIUM" "customer-area 8.2.5 Bulk.Delete.via.CSRF MEDIUM" "customer-area 8.2.3 .Reflected.Cross-Site.Scripting MEDIUM" "customer-area 8.2.1 Subscriber+.Account.Address.Update MEDIUM" "customer-area 8.2.1 Subscriber+.Account.Address.Leak MEDIUM" "customer-area 8.1.4 Unauthorised.Actions.via.CSRF MEDIUM" "customer-area 7.4.3 XSS MEDIUM" "custom-post-popup No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cookielay No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.cookielay.Shortcode MEDIUM" "calendarista-basic-edition 3.0.3 Cross-Site.Request.Forgery MEDIUM" "calendarista-basic-edition 3.0.6 Missing.Authorization MEDIUM" "calendarista-basic-edition 3.0.3 Unauthenticated.Cross-Site.Scripting MEDIUM" "clean-login 1.14.6 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "clean-login 1.13.7 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "clean-login 1.12.6.4 Reflected.Cross-Site.Scripting MEDIUM" "clean-login 1.8 Change.Redirect.URL.CSRF MEDIUM" "clean-login 1.5.1 Reflected.XSS MEDIUM" "click-to-top 1.2.8 Authenticated.Stored.Cross-Site.Scripting LOW" "checkout-files-upload-woocommerce 2.2.1 Contributor+.Stored.XSS MEDIUM" "checkout-files-upload-woocommerce 2.1.3 Reflected.Cross-Site.Scripting MEDIUM" "cookies-by-jm No.known.fix Admin+.Stored.XSS LOW" "cforms No.known.fix Unauthenticated.HTML.Injection.&.CSRF HIGH" "cforms No.known.fix Multiple.XSS MEDIUM" "cforms No.known.fix SQL.Injection CRITICAL" "cforms No.known.fix SQL.Injection CRITICAL" "cforms No.known.fix Remote.Code.Execution.via.Unauthorised.File.Upload MEDIUM" "cforms 13.2 XSS MEDIUM" "cforms 10.5 XSS MEDIUM" "cal-com No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cookiebot 4.4.2 Missing.Authorization.to.Authenticated.(Subscriber+).Survey.Submission MEDIUM" "cookiebot 3.6.1 CSRF.&.XSS LOW" "crafthemes-demo-import No.known.fix Authenticated.(Admin+).Arbitrary.File.Upload.in.process_uploaded_files HIGH" "crafthemes-demo-import No.known.fix Missing.Authorization.to.Arbitrary.Plugin.Installation HIGH" "catch-instagram-feed-gallery-widget 2.3 Unauthorised.Plugin's.Setting.Change MEDIUM" "customize-login No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "change-default-login-logo-url-and-title No.known.fix Cross-Site.Request.Forgery MEDIUM" "copify No.known.fix Stored.Cross-Site.Scripting.via.CSRF HIGH" "chauffeur-booking-system 7.0 Authentication.Bypass CRITICAL" "chauffeur-booking-system 7.3 Unauthenticated.Arbitrary.File.Upload CRITICAL" "content-glass-button No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "customily-v2 No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "custom-fonts 2.1.5 Author+.Stored.XSS MEDIUM" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5.1 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Admin+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Admin+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5.1 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Admin+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5.1 Unauthenticated.SQL.Injection HIGH" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Admin+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Unauthenticated.SQL.Injection HIGH" "custom-global-variables 1.1.1 Stored.Cross-Site.Scripting.(XSS) HIGH" "cimy-header-image-rotator No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "cookies-pro No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "custom-post-type-date-archives No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "click-to-call-or-chat-buttons 1.5.0 Admin+.Stored.XSS LOW" "css-js-files 1.5.1 Authenticated.(Admin+).Arbitrary.File.Read MEDIUM" "cultbooking-booking-engine No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "calendar No.known.fix Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "calendar 1.3.11 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "community-yard-sale No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "contact-form-with-shortcode 4.2.6 Reflected.Cross-Site.Scripting MEDIUM" "cache-images 3.2.1 Image.Upload./.Import.via.CSRF MEDIUM" "custom-post-type-generator No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "caret-country-access-limit 1.0.3 Arbitrary.Settings.Update.via.CSRF MEDIUM" "custom-css-js-php No.known.fix CSRF.Bypass.in.Multiple.Plugins MEDIUM" "custom-css-js-php No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "cleverreach-wc No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "calderawp-license-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "contact-list 2.9.88 Missing.Authorization.to.Notice.Dismissal MEDIUM" "contact-list 2.9.72 Reflected.Cross-Site.Scripting MEDIUM" "contact-list 2.9.50 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "contact-list 2.9.42 Reflected.Cross-Site.Scripting HIGH" "custom-order-numbers-for-woocommerce 1.4.1 CSRF MEDIUM" "cloud-manager No.known.fix Reflected.XSS CRITICAL" "contact-bank No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "categories-gallery No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "critical-site-intel-stats No.known.fix Unauthenticated.SQL.Injection CRITICAL" "causes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "comment-images-reloaded No.known.fix Authenticated.(Subscriber+).Arbitrary.Media.Deletion MEDIUM" "contact-form-7-anti-spambot No.known.fix Missing.Authorization MEDIUM" "conversador No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "cricket-score 2.0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "content-staging No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "current-template-name 1.1.10 Reflected.Cross-Site.Scripting MEDIUM" "cafe-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cafe-lite No.known.fix Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Elementor.Templates MEDIUM" "cafe-lite 2.2.1 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "cafe-lite 2.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.CAFE.Widgets MEDIUM" "cafe-lite 2.1.0 Contributor+.Stored.XSS MEDIUM" "cf7-conditional-fields 2.5 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "cf7-conditional-fields 2.4.14 Cross-Site.Request.Forgery.to.Plugin.Setting.Reset MEDIUM" "cf7-conditional-fields 2.4.2 Missing.Authorization MEDIUM" "curatorio 1.9.2 Contributor+.Stored.XSS MEDIUM" "course-migration-for-learndash No.known.fix Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "cf7-telegram 0.8.6 Missing.Authorization.to.Authenticated.(Subscriber+).Subscription.Approve/Pause/Refuse MEDIUM" "cf7-summary-and-print 1.2.6 Settings.Update.via.CSRF MEDIUM" "checkbot No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "creative-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "checklist No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "checklist 1.1.9 Unauthenticated.Reflected.XSS MEDIUM" "custom-sub-menus No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "constant-contact-forms-by-mailmunch 2.1.3 Reflected.Cross-Site.Scripting MEDIUM" "constant-contact-forms-by-mailmunch 2.1.0 Contributor+.Stored.XSS MEDIUM" "constant-contact-forms-by-mailmunch 2.0.11 Arbitrary.Settings.Update.via.CSRF MEDIUM" "contact-form-master No.known.fix Reflected.XSS HIGH" "contact-form-vcard-generator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "contact-form-vcard-generator No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "cp-contact-form-with-paypal 1.3.53 Cross-Site.Request.Forgery MEDIUM" "cp-contact-form-with-paypal 1.3.02 Multiple.XSS MEDIUM" "cp-contact-form-with-paypal 1.1.6 Multiple.Vulnerabilities HIGH" "css3-rotating-words 5.7 Cross-Site.Request.Forgery MEDIUM" "css3-rotating-words 5.5 Cross-Site.Request.Forgery.via.save_admin_options MEDIUM" "credit-tracker No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "crony No.known.fix Cross-Site.Request.Forgery MEDIUM" "crony 0.4.7 Cross-Site.Scripting.(XSS).&.CSRF HIGH" "cms-commander-client 2.288 Unauthenticated.Authorisation.Bypass HIGH" "computer-repair-shop 3.8214 Missing.Authorization MEDIUM" "computer-repair-shop 3.8120 Authenticated.(Customer+).Privilege.Esclation.via.Account.Takeover CRITICAL" "computer-repair-shop 3.8122 Missing.Authorization.to.Account.Takeover/Privilege.Escalation HIGH" "computer-repair-shop 3.8116 Unauthenticated.Arbitrary.File.Upload CRITICAL" "captcha 4.4.5 Backdoored MEDIUM" "cgc-maintenance-mode No.known.fix Sensitive.Information.Exposure MEDIUM" "cgc-maintenance-mode No.known.fix IP.Spoofing MEDIUM" "clasify-classified-listing No.known.fix Reflected.XSS HIGH" "codepile No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "codepile 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "corner-ad 1.0.57 Ads.Deletion.via.CSRF MEDIUM" "corner-ad 1.0.8 Admin+.Stored.XSS LOW" "custom-top-bar No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "culture-object 4.1.1 Admin+.Stored.Cross-Site.Scripting LOW" "contact-form-advanced-database No.known.fix Unauthorised.AJAX.Calls MEDIUM" "coblocks 3.1.14 Missing.Authorization MEDIUM" "coblocks 3.1.13 Editor+.Stored.XSS LOW" "coblocks 3.1.12 Contributor+.SSRF LOW" "coblocks 3.1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Social.Profiles MEDIUM" "coblocks 3.1.7 Contributor+.Stored.XSS MEDIUM" "coblocks 3.1.7 Contributor+.Stored.XSS MEDIUM" "content-blocks-builder 2.7.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "content-blocks-builder 2.3.17 Reflected.Cross-Site.Scripting MEDIUM" "customizer-export-import 0.9.7.1 Authenticated.(Admin+).Arbitrary.File.Upload.via.Customization.Settings.Import MEDIUM" "customizer-export-import 0.9.6 Admin+.PHP.Object.Injection LOW" "customizer-export-import 0.9.5 Admin+.PHP.Object.Injection MEDIUM" "customizer-export-import 0.9.5 Admin+.PHP.Objection.Injection MEDIUM" "catch-gallery 1.7 Unauthorised.Plugin's.Setting.Change MEDIUM" "cookiehub 1.1.1 Missing.Authorization MEDIUM" "clevernode-related-content 1.1.6 Reflected.Cross-Site.Scripting MEDIUM" "chamber-dashboard-business-directory No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "chamber-dashboard-business-directory 3.3.11 Missing.Authorization MEDIUM" "chamber-dashboard-business-directory 3.3.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "chamber-dashboard-business-directory 3.3.2 Reflected.Cross-Site.Scripting MEDIUM" "chamber-dashboard-business-directory 3.3.1 Authenticated.Stored.Cross-Site.Scripting HIGH" "category-seo-meta-tags No.known.fix Cross-Site.Request.Forgery.via.csmt_admin_options MEDIUM" "category-seo-meta-tags No.known.fix Admin+.Stored.XSS LOW" "content-security-policy-pro No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "custom-admin-login-styler-wpzest No.known.fix Admin+.Stored.XSS LOW" "cyan-backup 2.5.4 Authenticated.(Admin+).Arbitrary.File.Download MEDIUM" "cyan-backup 2.5.3 Admin+.Stored.XSS.via.General.Settings LOW" "cyan-backup 2.5.3 Admin+.Stored.XSS.via.Remote.Storage.Settings LOW" "culqi-checkout 3.0.15 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "cryptocurrency-widgets-for-elementor 1.6.5 Unauthenticated.Local.File.Inclusion HIGH" "cryptocurrency-widgets-for-elementor 1.3 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "configurable-tag-cloud-widget 5.3 Cross-Site.Request.Forgery MEDIUM" "clickbank-storefront No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "chatbot-chatgpt 2.1.8 Reflected.Cross-Site.Scripting MEDIUM" "chatbot-chatgpt 2.1.8 Missing.Authorization.to.Authenticated.(Subscriber+).Assistant.Deletion MEDIUM" "chatbot-chatgpt 2.1.8 Missing.Authorization.to.Authenticated.(Subscriber+).Assistant.Update MEDIUM" "chatbot-chatgpt 2.1.9 Cross-Site.Request.Forgery.to.Authenticated.(Subscriber+).Assistant.Modification MEDIUM" "chatbot-chatgpt 2.1.8 Missing.Authorization.to.Authenticated.(Subscriber+).Assistant.Addition MEDIUM" "chatbot-chatgpt 1.9.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "chatbot-chatgpt 2.0.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "chatbot-chatgpt 2.0.0 Unauthenticated.Arbitrary.File.Upload.via.chatbot_chatgpt_upload_file_to_assistant.Function CRITICAL" "coronavirus-covid-19-notice-message No.known.fix Admin+.Stored.XSS LOW" "customer-reviews-woocommerce 5.62.0 Missing.Authorization.to.Authenticated.(Subscriber+).Import.Cancellation MEDIUM" "customer-reviews-woocommerce 5.48.0 Reflected.Cross-Site.Scripting.via.'s' MEDIUM" "customer-reviews-woocommerce 5.47.0 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Email.Sending MEDIUM" "customer-reviews-woocommerce 5.47.0 Missing.Authorization.to.Authenticated.(Subscriber+).Coupon.Search MEDIUM" "customer-reviews-woocommerce 5.39.0 Improper.Authorization.via.submit_review MEDIUM" "customer-reviews-woocommerce 5.38.10 Author+.Arbitrary.File.Upload HIGH" "customer-reviews-woocommerce 5.38.2 Missing.Authorization.via.manual.review.reminders MEDIUM" "customer-reviews-woocommerce 5.38.2 Cross-Site.Request.Forgery.via.manual.review.reminders MEDIUM" "customer-reviews-woocommerce 5.36.1 Missing.Authorization.in.Reviews.Exporter MEDIUM" "customer-reviews-woocommerce 5.36.1 Missing.Authorization MEDIUM" "customer-reviews-woocommerce 5.17.0 Contributor+.Stored.XSS MEDIUM" "customer-reviews-woocommerce 5.16.0 Contributor+.LFI CRITICAL" "customer-reviews-woocommerce 5.3.6 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "customer-reviews-woocommerce 5.3.6 Broken.Access.Control MEDIUM" "customer-reviews-woocommerce 5.3.6 Cross-Site.Request.Forgery MEDIUM" "colorful-categories 2.0.15 Arbitrary.Colors.Update.via.CSRF MEDIUM" "contact-form-manager 1.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "continuous-announcement-scroller No.known.fix Admin+.Stored.XSS LOW" "cm-pop-up-banners 1.7.6 Reflected.XSS HIGH" "cm-pop-up-banners 1.7.3 Contributor+.Stored.XSS MEDIUM" "cm-pop-up-banners 1.6.6 Contributor+.Stored.XSS MEDIUM" "custom-text-selection-colors No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "calendar-plugin No.known.fix Reflected.Cross-Site.Scripting HIGH" "coming-soon-blocks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "coming-soon-blocks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "comment-form 1.2.1 Admin+.Authenticated.Stored.XSS LOW" "connected-sermons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "connected-sermons No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cf7-redirect-thank-you-page 1.0.8 Reflected.Cross-Site.Scripting MEDIUM" "cf7-redirect-thank-you-page 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "cf7-redirect-thank-you-page 1.0.4 Cross-Site.Request.Forgery MEDIUM" "cf-geoplugin 8.7.4 Missing.Authorization.to.Authenticated.(Subscriber+).Menu.Creation/Deletion MEDIUM" "cf-geoplugin 8.7.0 Missing.Authorization.to.Unauthenticated.Shortcode.Execution MEDIUM" "cf-geoplugin 8.6.5 PHP.Object.Injection CRITICAL" "cf-geoplugin 8.6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cf-geoplugin 8.5.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "cf-geoplugin 7.13.12 Reflected.Cross-Site.Scripting HIGH" "capa No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "cookiecode No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "catch-infinite-scroll 1.9 Unauthorised.Plugin's.Setting.Change MEDIUM" "colibri-page-builder 1.0.332 Contributor+.Stored.XSS MEDIUM" "colibri-page-builder 1.0.288 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "colibri-page-builder 1.0.277 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.colibri_video_player.Shortcode MEDIUM" "colibri-page-builder 1.0.277 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "colibri-page-builder 1.0.274 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "colibri-page-builder 1.0.274 Contributor+.Stored.Cross-Site.Scripting.via.the.plugin's.'colibri_breadcrumb_element'.shortcode MEDIUM" "colibri-page-builder 1.0.264 Author+.Stored.Cross-Site.Scripting MEDIUM" "colibri-page-builder 1.0.270 Contributor+.Stored.XSS MEDIUM" "colibri-page-builder 1.0.249 Missing.Authorization MEDIUM" "colibri-page-builder 1.0.260 Arbitrary.Shortcode.Call.via.CSRF MEDIUM" "colibri-page-builder 1.0.260 Import.Images,.Delete.Post,.Save.Theme.Data.via.CSRF MEDIUM" "colibri-page-builder 1.0.240 Contributor+.Stored.XSS MEDIUM" "colibri-page-builder 1.0.248 Contributor+.Stored.XSS MEDIUM" "colibri-page-builder 1.0.229 Admin+.SQL.Injection MEDIUM" "custom-product-stickers-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "coming-soon-countdown No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "confetti-fall-animation No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "confetti-fall-animation No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.confetti-fall-animation.Shortcode MEDIUM" "custom-wp-rest-api No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "client-showcase No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "conference-scheduler 2.4.3 Reflected.Cross-Site.Scripting MEDIUM" "custom-login 4.1.1 Subscriber+.Unauthorised.Action MEDIUM" "clio-grow-form 1.0.3 Reflected.Cross-Site.Scripting HIGH" "clio-grow-form 1.0.3 Reflected.Cross-Site.Scripting HIGH" "clio-grow-form 1.0.1 Admin+.Stored.XSS LOW" "cbxpetition 2.0.0 Unauthenticated.SQLi HIGH" "comment-guestbook No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "clyp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cardgate 3.2.2 Authenticated.(Administrator+).SQL.Injection MEDIUM" "cardgate 3.2.2 Reflected.Cross-Site.Scripting MEDIUM" "cardgate 3.1.16 Unauthorised.Payments.Hijacking.and.Order.Status.Spoofing HIGH" "classified-listing 4.0.5 Unauthenticated.Settings.Exposure MEDIUM" "classified-listing 3.1.16 Authenticated.(Subscriber+).Limited.Arbitrary.Option.Update HIGH" "classified-listing 3.1.17 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "classified-listing 3.1.8 Missing.Authorization MEDIUM" "classified-listing 3.0.11 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Attachment.Deletion MEDIUM" "classified-listing 3.0.5 Cross-Site.Request.Forgery.to.Account.Takeover.via.rtcl_update_user_account HIGH" "classified-listing 3.0.5 Missing.Authorization MEDIUM" "classified-listing 2.4.6 Cross-Site.Request.Forgery MEDIUM" "classified-listing 2.2.14 Reflected.Cross-Site.Scripting MEDIUM" "convert-post-types No.known.fix Cross-Site.Request.Forgery MEDIUM" "convert-post-types No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "contact-form-generator No.known.fix Contributor+.SQLi MEDIUM" "contact-form-generator 2.6.0 Reflected.XSS HIGH" "contact-form-generator 2.5.5 Multiple.Cross-Site.Request.Forgery.(CSRF) HIGH" "content-audit-exporter No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "captcha-code-authentication 3.0 Captcha.Bypass MEDIUM" "captcha-code-authentication 2.8 Settings.Update.via.CSRF MEDIUM" "compute-links No.known.fix Unauthenticated.Remote.File.Inclusion CRITICAL" "connector-civicrm-mcrestface 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "connector-civicrm-mcrestface 1.0.11 Missing.Authorization MEDIUM" "cube-slider No.known.fix Admin+.SQLi MEDIUM" "custom-icons-for-elementor 0.3.4 Authenticated.(Admin+).Arbitrary.File.Upload HIGH" "custom-tabs-for-products-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "create-with-code 1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "car-rental No.known.fix Admin+.Stored.XSS LOW" "car-rental 1.0.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "custom-post-type-relations No.known.fix Reflected.Cross-Site.Scripting HIGH" "contact-form-to-email 1.3.53 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "contact-form-to-email 1.3.45 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "contact-form-to-email 1.3.42 Captcha.Bypass MEDIUM" "contact-form-to-email 1.3.44 Editor+.Stored.Cross-Site.Scripting LOW" "contact-form-to-email 1.3.38 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "contact-form-to-email 1.3.25 Admin+.Stored.Cross-Site.Scripting LOW" "contact-form-to-email 1.2.66 Multiple.Cross-Site.Scripting.(XSS).&.CSRF HIGH" "commonsbooking 2.6.8 Unauthenticated.SQL.Injection HIGH" "cryptocurrency-pricing-list No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "custom-admin-page 0.1.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "cookiebar No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "cf7-zendesk 1.1.4 Cross-Site.Request.Forgery MEDIUM" "cf7-zendesk 1.0.8 Reflected.Cross-Site.Scripting HIGH" "cue 2.4.5 Missing.Authorization MEDIUM" "codehaveli-bitly-url-shortener No.known.fix Cross-Site.Request.Forgery MEDIUM" "calendar-event 1.4.7 Reflected.Cross-Site.Scripting MEDIUM" "calendar-event 1.4.7 Unauthenticated.Arbitrary.Event.Deletion MEDIUM" "cf7-styler No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution.and.Reflected.Cross-Site.Scripting MEDIUM" "cf7-styler 1.6.9 Reflected.XSS MEDIUM" "cf7-styler 1.6.9 Reflected.Cross-Site.Scripting MEDIUM" "cf7-styler 1.6.5 Missing.Authorization.via.Several.AJAX.Action MEDIUM" "cf7-styler 1.5.4 Reflected.Cross-Site.Scripting MEDIUM" "cf7-styler 1.4.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "charity-addon-for-elementor No.known.fix Authenticated.(Contributor+).Post.Disclosure MEDIUM" "charity-addon-for-elementor 1.3.3 Contributor+.Stored.XSS MEDIUM" "charity-addon-for-elementor 1.3.2 .Contributor+.Stored.XSS MEDIUM" "catalog No.known.fix Admin+.SQL.Injection MEDIUM" "custom-field-finder 0.4 Authenticated.(Author+).PHP.Object.Injection HIGH" "calais-auto-tagger No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "catch-sticky-menu 1.7 Unauthorised.Plugin's.Setting.Change MEDIUM" "compare-ninja-comparison-tables No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "caxton No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "caxton 1.30.1 Reflected.Cross-Site.Scripting MEDIUM" "caxton 1.30.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "charitydonation-thermometer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "clictracker No.known.fix Admin+.Stored.XSS LOW" "csv-to-html 3.15 Reflected.Cross-Site.Scripting HIGH" "csv-to-html 3.27 Subscriber+.Arbitrary.File.Upload CRITICAL" "custom-author-base No.known.fix Settings.Update.via.CSRF MEDIUM" "counter-yandex-metrica No.known.fix Admin+.Stored.XSS LOW" "confirm-user-registration No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ckeditor-for-wordpress 4.5.3.1 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "custom-registration-form-builder-with-submission-manager 6.0.4.4 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "custom-registration-form-builder-with-submission-manager 6.0.3.4 Reflected.Cross-Site.Scripting MEDIUM" "custom-registration-form-builder-with-submission-manager 6.0.2.7 Unauthenticated.Privilege.Escalation.via.Password.Recovery CRITICAL" "custom-registration-form-builder-with-submission-manager 6.0.2.1 Stored.XSS LOW" "custom-registration-form-builder-with-submission-manager 6.0.1.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "custom-registration-form-builder-with-submission-manager 6.0.0.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "custom-registration-form-builder-with-submission-manager 5.3.2.1 Reflected.Cross-Site.Scripting MEDIUM" "custom-registration-form-builder-with-submission-manager 5.3.1.0 Cross-Site.Request.Forgery MEDIUM" "custom-registration-form-builder-with-submission-manager 5.3.2.0 Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "custom-registration-form-builder-with-submission-manager 5.2.6.0 Reflected.Cross-Site.Scripting MEDIUM" "custom-registration-form-builder-with-submission-manager 5.3.1.0 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "custom-registration-form-builder-with-submission-manager 5.2.6.0 Cross-Site.Request.Forgery MEDIUM" "custom-registration-form-builder-with-submission-manager 5.2.5.1 Form.Submission.Limit.Bypass MEDIUM" "custom-registration-form-builder-with-submission-manager 5.2.5.1 IP.Spoofing MEDIUM" "custom-registration-form-builder-with-submission-manager 5.2.4.6 Authenticated(Administrator+).SQL.Injection MEDIUM" "custom-registration-form-builder-with-submission-manager 5.2.3.1 Missing.Authorization MEDIUM" "custom-registration-form-builder-with-submission-manager 5.2.3.0 Cross-Site.Request.Forgery MEDIUM" "custom-registration-form-builder-with-submission-manager 5.2.4.2 Reflected.Cross-Site.Scripting.via.section_id MEDIUM" "custom-registration-form-builder-with-submission-manager 5.2.1.1 Unauthenticated.Authentication.Bypass CRITICAL" "custom-registration-form-builder-with-submission-manager 5.2.1.0 Admin+.Arbitrary.Password.Update.via.IDOR MEDIUM" "custom-registration-form-builder-with-submission-manager 5.1.9.3 Form.Deletion.via.CSRF MEDIUM" "custom-registration-form-builder-with-submission-manager 5.0.2.2 Admin+.SQL.Injection MEDIUM" "custom-registration-form-builder-with-submission-manager 5.0.1.9 Reflected.Cross-Site.Scripting HIGH" "custom-registration-form-builder-with-submission-manager 5.0.1.9 Reflected.Cross-Site.Scripting HIGH" "custom-registration-form-builder-with-submission-manager 5.0.1.8 Authentication.Bypass CRITICAL" "custom-registration-form-builder-with-submission-manager 5.0.1.6 Admin+.SQL.Injection MEDIUM" "custom-registration-form-builder-with-submission-manager 4.6.0.4 Multiple.Critical.Issues HIGH" "custom-registration-form-builder-with-submission-manager 4.6.0.3 Multiple.Cross-Site.Scripting.(XSS) HIGH" "custom-registration-form-builder-with-submission-manager 4.6.0.3 Authenticated.SQL.Injection.via.Form_id MEDIUM" "custom-permalinks 2.7.0 Authenticated(Editor+).Stored.Cross-Site.Scripting MEDIUM" "cf7-reply-manager No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "call-now-icon-animate No.known.fix Admin+.Stored.XSS LOW" "cf7-database 3.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "conditional-payments-for-woocommerce 3.3.1 Cross-Site.Request.Forgery MEDIUM" "conditional-payments-for-woocommerce 2.3.2 Plugin.RuleSets.Activation/Deactivation.via.CSRF MEDIUM" "cf7-live-preview No.known.fix Missing.Authorization.via.update_option MEDIUM" "chatlive No.known.fix Unauthenticated.SQL.Injection HIGH" "corona-virus-covid-19-banner No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "corona-virus-covid-19-banner 1.8.0 CSRF MEDIUM" "custom-product-type-for-woocommerce 1.2.3 Reflected.Cross-Site.Scripting MEDIUM" "custom-product-type-for-woocommerce 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cm-header-footer-script-loader 1.2.5 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "cm-header-footer-script-loader 1.2.2 Reflected.XSS HIGH" "clearfy 2.3.3 Cross-Site.Request.Forgery.to.Plugin.Settings.Update.via.'setup-wbcr_clearfy' MEDIUM" "clearfy 2.3.2 Cross-Site.Request.Forgery.to.Clear.Cache MEDIUM" "clearfy 2.2.5 Missing.Authorization MEDIUM" "clearfy 2.3.3 Cross-Site.Request.Forgery MEDIUM" "clearfy 2.0.5 Reflected.Cross-Site.Scripting MEDIUM" "caching-compatible-cookie-optin-and-javascript 0.0.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "circles-gallery No.known.fix Admin+.Stored.XSS LOW" "canva No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7-newsletter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "clicksold-wordpress-plugin No.known.fix Admin+.XSS LOW" "cms-tree-page-view 1.6.8 Reflected.XSS HIGH" "call-now-coccoc-pht-blog No.known.fix Cross-Site.Request.Forgery MEDIUM" "coschool No.known.fix Missing.Authorization.to.Privilege.Escalation CRITICAL" "church-theme-content 2.6.1 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "contest-code-checker No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "contest-code-checker 2.0.4 Reflected.Cross-Site.Scripting MEDIUM" "contest-code-checker 1.9.8 Reflected.Cross-Site.Scripting MEDIUM" "contest-code-checker 1.9.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cas-maestro No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "category-ajax-filter 2.8.3 Unauthenticated.Local.File.Inclusion CRITICAL" "custom-sidebars 3.1.0 CSRF HIGH" "custom-sidebars 3.0.8.1 CSRF HIGH" "cybersoldier 1.7.0 Admin+.Stored.Cross-Site.Scripting LOW" "customize-login-page No.known.fix Cross-Site.Request.Forgery MEDIUM" "cancel-order-request-woocommerce 1.3.3 Admin+.Stored.XSS LOW" "click-to-tweet No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "click-to-tweet No.known.fix Reflected.XSS HIGH" "click-to-tweet No.known.fix Missing.Authorization MEDIUM" "cc-circle-progress-bar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "coinpayments-payment-gateway-for-woocommerce 1.0.18 Unauthenticated.PHP.Object.Injection CRITICAL" "current-menu-item-for-custom-post-types 1.6 Cross-Site.Request.Forgery MEDIUM" "cornerstone 0.8.1 Reflected.Cross-Site.Scripting MEDIUM" "cornerstone 0.8.1 Reflected.Cross-Site.Scripting.via.PHP_SELF MEDIUM" "cool-timeline 2.4 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "cool-timeline 2.0.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "cool-timeline 2.0.3 Cross-Site.Request.Forgery MEDIUM" "content-planner No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "capitalize-my-title No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "classified-listing-pro 2.0.20 Reflected.Cross-Site.Scripting MEDIUM" "classified-listing-pro 2.0.20 Reflected.Cross-Site.Scripting MEDIUM" "callrail-phone-call-tracking 0.5.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "callrail-phone-call-tracking 0.4.10 Stored.XSS.via.CSRF MEDIUM" "cf7-dynamics-crm 1.1.7 Reflected.Cross-Site.Scripting MEDIUM" "cf7-manual-spam-blocker No.known.fix .Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "christmasify 1.5.6 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "crudlab-google-plus No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "custom-field-manager No.known.fix Reflected.XSS.Vulnerability HIGH" "chopslider No.known.fix Unauthenticated.Blind.SQL.Injection CRITICAL" "content-warning-v2 4.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cpt-bootstrap-carousel No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cpt-bootstrap-carousel No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "copy-move-posts No.known.fix Missing.Authorization MEDIUM" "catch-scroll-progress-bar 1.6 Unauthorised.Plugin's.Setting.Change MEDIUM" "cartflows-pro 1.11.13 CSRF MEDIUM" "cartflows-pro 1.11.12 Reflected.Cross-Site.Scripting HIGH" "cc-canadian-mortgage-calculator 2.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "clink No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "comments-with-hypercommentscom No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "client-portal-suitedash-login 1.8.0 Admin+.Stored.XSS LOW" "chalet-montagne-com-tools No.known.fix Reflected.XSS HIGH" "custom-tinymce-shortcode-button No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cf7-easy-math-captcha No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "christmas-greetings No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "chameleon-jobs 2.5.5 Reflected.Cross-Site.Scripting HIGH" "cj-custom-content No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "cooked 1.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "cooked 1.8.0 Cooked.–.Recipe.Management.<=.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cooked 1.7.15.1 Contributor+.Stored.XSS MEDIUM" "cooked 1.1.13 Reflected.Cross-Site.Scripting MEDIUM" "cooked 1.7.9.1 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "cooked 1.7.5.6 Unauthenticated.Reflected.Cross.Site.Scripting.(XSS) MEDIUM" "cost-calculator-builder-pro 3.2.16 Unauthenticated.SQL.Injection.via.data HIGH" "cost-calculator-builder-pro No.known.fix .Unauthenticated.Price.Manipulation MEDIUM" "cost-calculator-builder-pro 3.1.76 Unauthenticated.Arbitrary.Email.Sending MEDIUM" "cost-calculator-builder-pro 3.1.73 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "cost-calculator-builder-pro 3.1.68 Unauthenticated.Cross-Site.Scripting.via.SVG.Upload HIGH" "code-clone No.known.fix Authenticated.(Administrator+).SQL.Injection.via.snippetId.Parameter MEDIUM" "clear-sucuri-cache No.known.fix Missing.Authorization MEDIUM" "currency-per-product-for-woocommerce 1.7.0 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "create-flipbook-from-pdf No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "cart66-cloud No.known.fix Unauthenticated.Information.Exposure MEDIUM" "cart66-cloud No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "carousels-slider-for-divi No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "classy-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "comments-ratings No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "comments-ratings No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "comments-ratings 1.1.7 Cross-Site.Request.Forgery MEDIUM" "color-your-bar No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "cbxwpsimpleaccounting No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "custom-header-images No.known.fix Cross-Site.Request.Forgery MEDIUM" "contentoptin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "chatter No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "chatter No.known.fix Missing.Authorization MEDIUM" "cart-weight-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cart-weight-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "creative-image-slider 2.5.0 Reflected.Cross-Site.Scripting MEDIUM" "comments-on-feed No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cf7-store-to-db-lite 1.1.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "cf7-store-to-db-lite 1.1.0 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "cs-framework 7.1 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "cs-framework No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Read HIGH" "clickfunnels No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "clickfunnels No.known.fix Settings.Update.via.CSRF MEDIUM" "cryokey No.known.fix Reflected.Cross-Site.Scripting.via.'ckemail'.Parameter MEDIUM" "clipart No.known.fix Reflected.XSS HIGH" "cww-companion 1.2.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cm-table-of-content 1.2.4 Stored.XSS.via.CSRF HIGH" "cm-table-of-content 1.2.3 Settings.Reset.via.CSRF MEDIUM" "commentluv No.known.fix Unauthenticated.SSRF MEDIUM" "cz-loan-management No.known.fix Unauthenticated.SQLi HIGH" "convert-docx2post No.known.fix Authenticated.(Author+).Arbitrary.File.Upload HIGH" "contact-form-7-star-rating No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "contact-form-to-any-api 1.2.5 Unauthenticated.Stored.Cross-Site.Scripting.via.Contact.Form HIGH" "contact-form-to-any-api 1.1.9 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "contact-form-to-any-api 1.1.7 Subscriber+.API.Entry.Record.Deletion MEDIUM" "contact-form-to-any-api 1.1.3 Admin+.SQLi MEDIUM" "custom-checkout-fields-for-woocommerce 1.9.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cta 2.5.1 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "croma-music 3.6.1 Authenticated.(Subscriber+).Arbitrary.Options.Update.in.ironMusic_ajax HIGH" "cc-img-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-searchable-data-entry-system No.known.fix Unauthenticated.Data.Modification.and.Deletion CRITICAL" "cyberus-key 1.1 Admin+.Stored.XSS LOW" "countdown-timer-for-elementor 1.3.7 Contributor+.Stored.XSS MEDIUM" "countdown-timer-for-elementor 1.3.7 Contributor+.Stored.XSS MEDIUM" "currency-converter-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "cf7-active-campaign 1.0.4 Reflected.Cross-Site.Scripting HIGH" "cars-seller-auto-classifieds-script No.known.fix Auto.Classifieds.Script.<=.2.1.0.-.Unauthenticated.SQL.Injection CRITICAL" "cpt-speakers No.known.fix Speakers.<=.1.1.-.Admin+.Stored.XSS LOW" "campaign-url-builder 1.8.2 Contributor+.Stored.XSS MEDIUM" "change-uploaded-file-permissions No.known.fix File.Permission.Update.via.CSRF MEDIUM" "crowdfunding-for-woocommerce 3.1.13 Reflected.Cross-Site.Scripting MEDIUM" "content-egg 5.5.0 Multiple.CSRF MEDIUM" "content-egg 5.3.1 Reflected.Cross-Site.Scripting MEDIUM" "content-egg 5.3.0 Reflected.Cross-Site.Scripting MEDIUM" "call-now-button 1.4.14 Cross-Site.Request.Forgery MEDIUM" "call-now-button 1.4.7 Admin+.Stored.XSS LOW" "call-now-button 1.1.2 Reflected.Cross-Site.Scripting LOW" "cm-on-demand-search-and-replace 1.4.3 Reflected.XSS HIGH" "cm-on-demand-search-and-replace 1.3.9 Plugin.Reset.via.CSRF MEDIUM" "cm-on-demand-search-and-replace 1.3.1 Multiple.CSRF MEDIUM" "cm-on-demand-search-and-replace 1.3.1 Admin+.Stored.XSS LOW" "conditional-shipping-for-woocommerce 3.4.1 Cross-Site.Request.Forgery MEDIUM" "conditional-shipping-for-woocommerce 2.3.2 Ruleset.Toggle.via.CSRF MEDIUM" "clickbank-ads-clickbank-widget 1.35 Admin+.Stored.Cross-Site.Scripting LOW" "clickbank-ads-clickbank-widget 1.35 CSRF.to.Stored.Cross-Site.Scripting HIGH" "chronoforms No.known.fix CSRF MEDIUM" "custom-login-page No.known.fix Reflected.XSS HIGH" "customized-login No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Custom.URL MEDIUM" "custom-post-type-templates-for-elementor 1.1.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "classic-addons-wpbakery-page-builder-addons 3.1 Authenticated.(Editor+).Local.File.Inclusion HIGH" "classic-addons-wpbakery-page-builder-addons 3.1 Authenticated.(Contributor+).Limited.Local.PHP.File.Inclusion HIGH" "classic-addons-wpbakery-page-builder-addons No.known.fix Contributor+.Stored.XSS MEDIUM" "clerkio 4.0.0 Authentication.Bypass.and.API.Keys.Disclosure LOW" "contact-form-7-star-rating-with-font-awersome No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "counters-block 1.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "category-post-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "change-wc-price-title 2.4 Reflected.Cross-Site.Scripting MEDIUM" "change-wc-price-title 2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "codepen-embedded-pen-shortcode 1.0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "codepen-embedded-pen-shortcode 1.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "calendarista 15.5.9 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "content-snippet-manager 1.1.6 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "clp-custom-login-page No.known.fix Cross-Site.Request.Forgery MEDIUM" "custom-skins-contact-form-7 No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Update.and.Skin.Creation MEDIUM" "codebard-help-desk No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "codebard-help-desk No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "codebard-help-desk 1.1.2 Cross-Site.Request.Forgery MEDIUM" "ct-real-estate-core 3.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "copyscape-premium 1.4.0 Stored.XSS.via.CSRF HIGH" "clipr No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "collage-for-divi No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "collage-for-divi 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "catch-import-export 1.9 Unauthorised.Plugin's.Setting.Change MEDIUM" "canalplan-ac No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "conversion-helper No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "codeflavors-vimeo-video-post-lite 2.3.4.3 Authenticated.(Contributor+).SQL.Injection MEDIUM" "codeflavors-vimeo-video-post-lite 2.2.2 Reflected.XSS HIGH" "cf7-file-download No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "clearout-email-validator 3.2.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "church-admin 5.0.10 Unauthenticated.Information.Disclosure MEDIUM" "church-admin 5.0.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "church-admin 5.0.19 Unauthenticated.SQL.Injection HIGH" "church-admin 5.0.9 Missing.Authorization MEDIUM" "church-admin 5.0.0 Reflected.Cross-Site.Scripting MEDIUM" "church-admin 4.4.7 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "church-admin 4.4.5 Missing.Authorization MEDIUM" "church-admin 4.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "church-admin 4.4.0 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "church-admin 4.2.0 Cross-Site.Request.Forgery MEDIUM" "church-admin 4.0.28 Cross-Site.Request.Forgery MEDIUM" "church-admin 4.1.6 .Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "church-admin 4.1.7 Missing.Authorization MEDIUM" "church-admin 4.1.19 Missing.Authorization MEDIUM" "church-admin 4.1.8 Cross-Site.Request.Forgery MEDIUM" "church-admin 4.0.28 Authenticated.(Contributor+).SQL.Injection HIGH" "church-admin 4.1.18 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.meta-text MEDIUM" "church-admin 4.0.27 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "church-admin 3.8.0 Server-Side.Request.Forgery.(SSRF) MEDIUM" "church-admin 3.7.6 Reflected.XSS HIGH" "church-admin 3.7.30 Reflected.XSS HIGH" "church-admin 3.4.135 Unauthenticated.Plugin's.Backup.Disclosure HIGH" "church-admin 1.2550 CSRF HIGH" "cookie-law-bar No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "cp-multi-view-calendar 1.4.07 Unauthenticated.Arbitrary.Event.Deletion MEDIUM" "cp-multi-view-calendar 1.4.07 Unauthenticated.Arbitrary.Event.Creation.to.Stored.XSS HIGH" "cp-multi-view-calendar 1.4.01 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "calculated-fields-form 5.3.59 Cross-Site.Request.Forgery MEDIUM" "calculated-fields-form 5.2.62 Admin+.Stored.XSS LOW" "calculated-fields-form 5.2.62 Admin+.Stored.XSS LOW" "calculated-fields-form 5.2.64 Denial.of.Service MEDIUM" "calculated-fields-form 5.2.64 Admin+.Stored.XSS LOW" "calculated-fields-form 5.2.46 HTML.Injection MEDIUM" "calculated-fields-form 1.2.55 Reflected.Cross-Site.Scripting MEDIUM" "calculated-fields-form 5.1.57 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "calculated-fields-form 1.2.53 Contributor+.Stored.XSS MEDIUM" "calculated-fields-form 1.2.29 Contributor+.Open.Redirect MEDIUM" "calculated-fields-form 1.2.41 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "calculated-fields-form 1.1.151 Admin+.Stored.Cross-Site.Scripting.via.Dropdown.Fields LOW" "calculated-fields-form 1.0.354 Authenticated.Stored.XSS MEDIUM" "coolclock 4.3.5 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "comment-validation-reloaded No.known.fix .Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "custom-registration-and-login-forms-with-new-recaptcha No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "custom-registration-and-login-forms-with-new-recaptcha No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "cm-business-directory 1.4.2 Reflected.XSS HIGH" "chaport No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "cyklodev-wp-notify 1.3.0 Admin+.Stored.XSS LOW" "classic-editor-addon 2.6.4 Subscriber+.Arbitrary.Plugin.Activation MEDIUM" "classic-editor-addon 2.6.4 Arbitrary.Plugin.Installation.from.Dependency.via.CSRF LOW" "custom-post-type-gui No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "colorway No.known.fix Cross-Site.Request.Forgery MEDIUM" "conditional-payment-methods-for-woocommerce No.known.fix Admin+.SQLi MEDIUM" "conditional-menus 1.2.1 Reflected.XSS HIGH" "checkout-mestres-wp No.known.fix 8.7.5.-.Unauthenticated.Arbitrary.Options.Update CRITICAL" "checkout-mestres-wp 8.6.1 Authenticated.(Admin+).Local.File.Inclusion HIGH" "checkout-mestres-wp 7.1.9.8 Missing.Authorization.to.Unauthenticated.Arbitrary.Options.Update CRITICAL" "checkout-mestres-wp 7.1.9.8 Authentication.Bypass.via.Password.Reset CRITICAL" "checkout-mestres-wp 7.1.9.8 Unauthenticated.SQL.Injection CRITICAL" "click-to-chat-for-whatsapp 4.23 Contributor+.Stored.XSS.via.data-no_number.Parameter MEDIUM" "click-to-chat-for-whatsapp 4.0 Contributor+.LFI HIGH" "click-to-chat-for-whatsapp 3.18.1 Contributor+.Stored.XSS MEDIUM" "countdown-builder 2.9.0 Unauthenticated.Limited.Local.File.Inclusion HIGH" "countdown-builder 2.8.9 Authenticated.(Contributor+).Remote.Code.Execution HIGH" "countdown-builder No.known.fix Admin+.Stored.XSS LOW" "countdown-builder 2.7.8.1 Missing.Authorization.to.Authenticated.(Subscriber+).PHP.Object.Injection MEDIUM" "countdown-builder 2.3.3 Reflected.Cross-Site.Scripting MEDIUM" "countdown-builder No.known.fix Pro.Features.Lock.Bypass LOW" "countdown-builder No.known.fix Admin+.Stored.XSS LOW" "countdown-builder 2.2.9 Reflected.Cross-Site.Scripting MEDIUM" "custom-search-plugin 1.36 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "cc-coming-soon No.known.fix Reflected.XSS HIGH" "code-snippets-cpt No.known.fix Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "checkout-freemius-rewamped 2.0.1 Reflected.Cross-Site.Scripting MEDIUM" "cm-registration-pro 3.2.1 PHP.Object.Injection MEDIUM" "car-demon No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "co-authors-plus 3.5.2 Guest.Authors.Email.Address.Disclosure MEDIUM" "change-table-prefix No.known.fix Cross-Site.Request.Forgery.via.change_prefix_form HIGH" "css-live No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "custom-widget-classes No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "cliptakes 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cf7-customizer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cf7-customizer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cf7-customizer No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "cf7-google-sheets-connector-pro 2.3.7 Reflected.XSS HIGH" "card-games No.known.fix CSRF.Bypass NONE" "card-elements-for-elementor 1.2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Profile.Card.Widget MEDIUM" "card-elements-for-elementor 1.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-order-statuses-woocommerce 2.4.0 Cross-Site.Request.Forgery MEDIUM" "currency-converter-calculator 1.3.2 Contributor+.Stored.XSS MEDIUM" "cpt-to-map-store No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "cleverwise-daily-quotes No.known.fix Stored.XSS.via.CSRF HIGH" "content-excel-importer 4.3 Reflected.Cross-Site.Scripting MEDIUM" "content-text-slider-on-post 6.9 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "change-prices-with-time-for-woocommerce 1.9.2 Reflected.Cross-Site.Scripting MEDIUM" "change-prices-with-time-for-woocommerce 1.8.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "camera-slideshow No.known.fix Reflected.Cross-Site.Scripting HIGH" "countdown-block 1.1.2 Missing.Authorisation.in.AJAX.action MEDIUM" "cowidgets-elementor-addons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cowidgets-elementor-addons No.known.fix Authenticated.(Contributor+).Post.Disclosure MEDIUM" "cowidgets-elementor-addons No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "cowidgets-elementor-addons 1.2.0 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "cowidgets-elementor-addons 1.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.heading_tag.Parameter MEDIUM" "cc-custom-taxonmy No.known.fix Admin+.Stored.XSS LOW" "cf7-multi-step 2.7.8 Unauthenticated.SQL.Injection HIGH" "cryout-serious-slider 1.2.7 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "cryout-serious-slider 1.2.5 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "cryout-serious-slider 1.2.5 Cross-Site.Request.Forgery MEDIUM" "calculator-builder 1.6.3 Unauthenticated.Local.File.Inclusion HIGH" "calculator-builder 1.5.1 Reflected.XSS MEDIUM" "custom-share-buttons-with-floating-sidebar 4.2 Admin+.Stored.XSS LOW" "crisp 0.45 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "crisp 0.32 CSRF.to.Stored.Cross-Site.Scripting HIGH" "custom-contact-forms 5.1.0.4 Unauthenticated.Database.Import/Export CRITICAL" "custom-contact-forms 5.1.0.3 Authenticated.Cross.Site.Scripting CRITICAL" "ck-and-syntaxhighlighter No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "cgm-event-calendar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "check-email 1.0.10 Unauthenticated.Hook.Injection HIGH" "check-email 1.0.6 Reflected.Cross-Site.Scripting MEDIUM" "check-email 1.0.4 Reflected.Cross-Site.Scripting HIGH" "check-email 1.0.3 Admin+.SQL.Injections MEDIUM" "check-email 0.5.2 Cross-Site.Scripting.(XSS) MEDIUM" "ceceppa-multilingua No.known.fix Authenticated.Reflected.Cross-Site.Scripting CRITICAL" "contact-form-7-skins 2.1.1 Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7-skins 2.5.1 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "comments-like-dislike 1.2.0 Subscriber+.Settings.Reset MEDIUM" "comments-like-dislike 1.1.4 Add.Like/Dislike.Bypass MEDIUM" "circle-image-slider-with-lightbox 1.0.5 Authenticated.(Admin+).SQL.Injection MEDIUM" "circle-image-slider-with-lightbox 1.0.1 Image.Data.Update.via.CSRF MEDIUM" "circle-image-slider-with-lightbox 1.0.18 Reflected.Cross-Site.Scripting MEDIUM" "circle-image-slider-with-lightbox 1.0.16 Reflected.Cross-Site.Scripting MEDIUM" "caldera-forms 1.7.5.1 Reflected.Cross-Site.Scripting MEDIUM" "caldera-forms 1.9.7 Reflected.Cross-Site.Scripting MEDIUM" "caldera-forms 1.9.5 Admin+.Stored.Cross-Site.Scripting LOW" "caldera-forms 1.6.0 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "customize-wpadmin No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "classic-editor-and-classic-widgets 1.4.2 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "classic-editor-and-classic-widgets 1.2.6 Settings.Update.via.CSRF MEDIUM" "custom-content-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "custom-content-shortcode No.known.fix Contributor+.LFI CRITICAL" "custom-content-shortcode 4.0.2 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "custom-content-shortcode 4.0.1 Unauthorised.Arbitrary.Post.Metadata.Access MEDIUM" "custom-content-shortcode 4.0.2 Authenticated.Arbitrary.File.Access./.LFI HIGH" "consensu-io 1.0.4 Unauthenticated.Settings.Update MEDIUM" "coming-soon-wp 2.1.3 Maintenance.Mode.Bypass MEDIUM" "coming-soon-wp 1.6.7 Admin+.Stored.Cross-Site.Scripting MEDIUM" "contact-form-entries 1.3.9 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "contact-form-entries 1.3.4 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "contact-form-entries 1.3.3 Admin+.Arbitrary.File.Upload MEDIUM" "contact-form-entries 1.3.1 Contributor+.Stored.XSS MEDIUM" "contact-form-entries 1.3.1 SQL.Injection MEDIUM" "contact-form-entries 1.3.0 CSV.Injection MEDIUM" "contact-form-entries 1.2.4 Reflected.Cross-Site.Scripting HIGH" "contact-form-entries 1.2.2 Reflected.Cross-Site.Scripting HIGH" "contact-form-entries 1.2.1 Reflected.Cross-Site.Scripting HIGH" "contact-form-entries 1.1.7 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "content-views-query-and-display-post-page 3.7.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.pagingType.Parameter MEDIUM" "content-views-query-and-display-post-page 3.7.1 Contributor+.Stored.Cross-Site.Scripting.via.Widget.Post.Overlay MEDIUM" "content-views-query-and-display-post-page 3.6.3 Admin+.Stored.XSS MEDIUM" "custom-product-builder-for-woocommerce 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "csv2wpec-coupon No.known.fix Unauthenticated.Remote.File.Upload HIGH" "captcha-them-all 1.4 Admin+.Stored.XSS LOW" "control-block-patterns No.known.fix Missing.Authorization MEDIUM" "convertful 2.6 Missing.Authorization.via.add_woo_coupon MEDIUM" "college-publisher-import No.known.fix Arbitrary.File.Upload.to.RCE CRITICAL" "calendi No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "companion-portfolio No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "customify-sites No.known.fix Unauthenticated.Remote.Code.Execution CRITICAL" "custom-database-tables No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7-to-database-extension 2.10.36 CSV.Injection CRITICAL" "chatplusjp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "car-park-booking-system-for-wordpress No.known.fix Missing.Authorization MEDIUM" "calculatorpro-calculators No.known.fix Reflected.Cross-Site.Scripting.via.CP_preview_calc MEDIUM" "chative-live-chat-and-chatbot 1.2 Channel/Org.ID.Update.via.CSRF MEDIUM" "custom-field-bulk-editor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "coming-soon-master 1.1 Reflected.Cross-Site.Scripting MEDIUM" "custom-comment-notifications No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "contact-form-cfdb7 1.2.7 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "contact-form-cfdb7 1.2.6.5 CSV.Injection LOW" "contact-form-cfdb7 1.2.6.1 Arbitrary.Form.Deletion..via.CSRF MEDIUM" "contact-form-cfdb7 1.2.6.2 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "contact-form-cfdb7 1.2.5.6 CSV.Injection MEDIUM" "contact-form-cfdb7 1.2.5.4 Authenticated.SQL.Injections CRITICAL" "clotya-core No.known.fix Reflected.Cross-Site.Scripting HIGH" "custom-post-widget 3.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.content.Parameter MEDIUM" "custom-post-widget 3.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-post-widget 3.3.1 Authenticated.(Contributor+).Local.File.Inclusion.via.Shortcode HIGH" "custom-post-widget 3.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.content_block.Shortcode MEDIUM" "custom-post-widget 3.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "chatbot-support-ai No.known.fix Admin+.Stored.XSS LOW" "cf7-antispam 0.6.1 Reflected.Cross-Site.Scripting MEDIUM" "contentstudio No.known.fix Missing.Authorization MEDIUM" "contentstudio 1.2.6 Nonce.Disclosure HIGH" "contentstudio 1.2.6 Authorisation.Bypass HIGH" "contentstudio 1.2.6 Unauthorised.Function.Calls HIGH" "chaty-pro 3.3.4 Unauthenticated.Arbitrary.File.Upload CRITICAL" "chaty-pro 2.8.2 Reflected.Cross-Site.Scripting HIGH" "consulting-elementor-widgets 1.3.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "consulting-elementor-widgets 1.3.1 Authenticated.(Contributor+).Remote.Code.Execution HIGH" "consulting-elementor-widgets 1.3.1 Authenticated.(Contributor+).SQL.Injection CRITICAL" "consulting-elementor-widgets 1.3.1 Unauthenticated.Local.File.Inclusion CRITICAL" "club-management-software No.known.fix Authenticated.SQL.Injection MEDIUM" "custom-product-list-table No.known.fix Cross-Site.Request.Forgery MEDIUM" "chatwee No.known.fix Missing.Authorization MEDIUM" "carts-guru 1.4.6 Unauthenticated.Object.Injection CRITICAL" "checkout-field-visibility-for-woocommerce No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "cookie-notice 2.4.18 Admin+.Stored.XSS LOW" "cookie-notice 2.4.7 Contributor+.Stored.XSS MEDIUM" "cookie-notice 2.4.7 Contributor+.XSS MEDIUM" "cookie-notice 2.1.2 Admin+.Stored.Cross-Site.Scripting LOW" "cookie-notice-and-consent-banner 1.7.2 Admin+.Stored.XSS LOW" "cf7-zoho 1.2.4 Admin+.SQLi MEDIUM" "cf7-zoho 1.2.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "cf7-zoho 1.1.9 Reflected.Cross-Site.Scripting HIGH" "cf7-zoho 1.1.8 Reflected.Cross-Site.Scripting HIGH" "commerce-coinbase-for-woocommerce 1.5.0 Reflected.Cross-Site.Scripting MEDIUM" "commerce-coinbase-for-woocommerce 1.4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "currency-converter-widget-pro 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cryptocurrency-widgets-pack No.known.fix Missing.Authorization MEDIUM" "cryptocurrency-widgets-pack 2.0 Unauthenticated.SQLi HIGH" "cosmosfarm-share-buttons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "car No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "clover-online-orders 1.5.8 Reflected.Cross-Site.Scripting MEDIUM" "clover-online-orders 1.5.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.moo_receipt_link.Shortcode MEDIUM" "clover-online-orders 1.5.7 Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Data.Update MEDIUM" "clover-online-orders 1.5.7 Missing.Authorization.to.Plugin.Deactivation.and.Data.Deletion MEDIUM" "clover-online-orders 1.5.7 Missing.Authorization MEDIUM" "clover-online-orders 1.5.7 Missing.Authorization MEDIUM" "clover-online-orders 1.5.5 Cross-Site.Request.Forgery MEDIUM" "clover-online-orders 1.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "clover-online-orders 1.5.5 Reflected.XSS HIGH" "cp-image-store 1.0.68 Unauthenticated.SQLi HIGH" "cmsmasters-content-composer 1.9.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "cds-simple-seo 2.0.26 Arbitrary.Settings.Update.via.CSRF MEDIUM" "cds-simple-seo 1.8.13 Subscriber+.Sitemap.Creation/Deletion MEDIUM" "cds-simple-seo 1.8.13 Sitemap.Creation/Deletion.via.CSRF MEDIUM" "cds-simple-seo 1.7.92 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "cab-grid 1.6 Admin+.Stored.XSS LOW" "cubewp-forms 1.1.6 Missing.Authorization MEDIUM" "cubewp-forms No.known.fix Missing.Authorization MEDIUM" "cubewp-forms 1.1.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "category-post-list-widget No.known.fix Settings.Update.to.Stored.XSS.via.CSRF HIGH" "cf7-email-add-on No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "custom-post-type-lockdown No.known.fix Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "cookie-consent-box 1.1.7 Admin+.Stored.XSS LOW" "coneblog-widgets 1.4.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "coneblog-widgets 1.4.8 Reflected.Cross-Site.Scripting MEDIUM" "coneblog-widgets 1.4.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "crypto-converter-widget 1.9.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "crypto-converter-widget 1.8.4 Contributor+.Stored.XSS MEDIUM" "chessgame-shizzle 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "choice-payment-gateway-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "choice-payment-gateway-for-woocommerce 2.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "conditional-extra-fees-for-woocommerce 1.0.97 Admin+.Stored.XSS MEDIUM" "cookie-notice-consent 1.6.1 Admin+.Stored.XSS LOW" "cc-bcc-for-woocommerce-order-emails No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "configure-conference-room No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "client-documentation No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "collapsing-archives 3.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "companion-auto-update 3.3.6 Authenticated.SQL.Injection CRITICAL" "cmyee-momentopress 1.0.2 Contributor+.Stored.XSS MEDIUM" "custom-landing-pages-leadmagic No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "cosmic-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "current-book No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "captcha-bank No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "custom-database-applications-by-caspio No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "coming-soon-page 3.7.4 IP.Address.Spoofing.via.get_real_ip MEDIUM" "coming-soon-page 3.6.7 Subscriber+.Arbitrary.Email.Sending.to.Subscribed.Users MEDIUM" "coming-soon-page 3.6.8 Arbitrary.Email.Sending.to.Subscribed.Users.via.CSRF LOW" "coming-soon-page 3.5.3 Authenticated.Stored.XSS LOW" "controlled-admin-access 1.5.6 Improper.Access.Control.to.Privilege.Escalation HIGH" "controlled-admin-access 1.5.2 Improper.Access.Control.&.Privilege.Escalation HIGH" "cj-change-howdy No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "change-login-logo 1.1.5 Authenticated.Stored.Cross-Site.Scripting LOW" "cf7-submission-dom-tracking No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "cpo-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "cpo-shortcodes No.known.fix Admin+.Stored.XSS LOW" "c9-admin-dashboard No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "cc-child-pages 1.43 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "contribuinte-checkout 2.0.04 Stored.XSS.via.CSRF HIGH" "client-power-tools 1.9.1 Reflected.Cross-Site.Scripting MEDIUM" "cross-linker No.known.fix Arbitrary.Cross-Link.Creation.via.CSRF MEDIUM" "custom-add-to-cart-button-for-woocommerce No.known.fix Missing.Authorization MEDIUM" "chartjs No.known.fix Editor+.Stored.Cross-Site.Scripting LOW" "chartjs No.known.fix Editor+.Stored.Cross-Site.Scripting.in.New.Chart LOW" "cardoza-facebook-like-box 4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "conveythis-translate 235 Missing.Authorization.to.Limited.Option.Update MEDIUM" "conveythis-translate 224 Unauthenticated.Stored.Cross-Site.Scripting.via.api_key HIGH" "cubewp-framework 1.1.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cubewp-framework 1.1.24 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "cubewp-framework No.known.fix Cross-Site.Request.Forgery MEDIUM" "cubewp-framework 1.1.16 Missing.Authorization MEDIUM" "cubewp-framework 1.1.13 Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "classima-core 1.10 Reflected.Cross-Site.Scripting MEDIUM" "cp-image-gallery No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cp-image-gallery No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "cf7-calendar No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "chat-viber 1.7.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "coming-soon-maintenance-mode-from-acurax No.known.fix Unauthenticated.IP.Spoofing MEDIUM" "coming-soon-maintenance-mode-from-acurax No.known.fix Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "coming-soon-maintenance-mode-from-acurax No.known.fix Information.Exposure MEDIUM" "coming-soon-maintenance-mode-from-acurax No.known.fix Unauthenticated.Stored.XSS HIGH" "custom-content-scrollbar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cf7-widget-elementor 2.4.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "cf7-widget-elementor 2.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.cf7_redirect_page.Attribute MEDIUM" "cf7-widget-elementor 2.4 Missing.Authorization MEDIUM" "cozy-addons 2.1.23 Missing.Authorization MEDIUM" "cozy-addons 2.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cozy-addons 2.0.19 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cozy-addons 2.0.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cozy-addons 2.0.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cozy-addons 1.2.4 Reflected.Cross-Site.Scripting MEDIUM" "cnzz51la-for-wordpress No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "chameleon 1.4.4 Admin+.Stored.XSS LOW" "carousel-anything No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-bulkquick-edit No.known.fix Cross-Site.Request.Forgery MEDIUM" "creative-addons-for-elementor 1.6.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "conversation-watson 0.8.21 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "content-manager-light No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cssjockey-add-ons No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "catablog No.known.fix Authenticated.(Editor+).Arbitrary.File.Upload HIGH" "catablog No.known.fix Authenticated.(Editor+).Arbitrary.File.Deletion MEDIUM" "custom-fields-search 1.3.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "christmas-panda 1.1.0 Cross-Site.Request.Forgery MEDIUM" "csprite No.known.fix Cross-Site.Request.Forgery MEDIUM" "cost-calculator-builder 3.5.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "cost-calculator-builder 3.2.68 Unauthenticated.SQL.Injection HIGH" "cost-calculator-builder 3.2.68 Authenticated.(Subscriber+).SQL.Injection.via.order_ids.Parameter MEDIUM" "cost-calculator-builder 3.2.66 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cost-calculator-builder 3.2.43 Settings.update.via.CSRF MEDIUM" "cost-calculator-builder 3.2.29 Admin+.SQL.Injection MEDIUM" "cost-calculator-builder 3.2.16 Unauthenticated.SQL.Injection CRITICAL" "cost-calculator-builder 3.2.13 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "cost-calculator-builder 3.2.13 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Content.Creation MEDIUM" "cost-calculator-builder 2.3.3 Reflected.Cross-Site.Scripting MEDIUM" "commons-booking No.known.fix Code/Timeframe/Booking.Deletion.via.CSRF MEDIUM" "commons-booking No.known.fix Admin+.Stored.XSS LOW" "checkout-fees-for-woocommerce 2.12.2 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "cmc-migrate No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "credova-financial 2.5.1 Cross-Site.Request.Forgery MEDIUM" "credova-financial 2.4.9 Reflected.Cross-Site.Scripting MEDIUM" "credova-financial 1.4.9 Sensitive.Information.Disclosure MEDIUM" "cf7-mollie No.known.fix Authenticated.(Administrator+).SQL.Injection HIGH" "cf7-mollie No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cashtomer No.known.fix Authenticated.SQL.Injection MEDIUM" "cm-email-blacklist 1.5.6 Reflected.Cross-Site.Scripting MEDIUM" "cm-email-blacklist 1.5.4 Reflected.XSS HIGH" "cm-email-blacklist 1.4.9 Add/Delete.Emails.via.CSRF.Add.and.delete.any.item.from.blacklist/whitelist MEDIUM" "contact-form-lite 1.1.29 Contributor+.Stored.XSS MEDIUM" "contact-form-lite 1.1.27 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "contact-form-lite 1.1.25 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "correosoficial 1.3.0.3 Unauthenticated.Arbitrary.File.Download HIGH" "clicface-trombi No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.nom.Parameter MEDIUM" "caldera-smtp-mailer No.known.fix Missing.Authorization MEDIUM" "cookie-scanner No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "call-to-action-popup No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "category-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "camptix 1.5.1 CSV.Injection.Bypasses.and.XSS HIGH" "css-js-manager 2.4.49.1 Multiple.CSRF MEDIUM" "cartboss 4.1.3 Missing.Authorization MEDIUM" "curtain No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "curtain 1.0.2 Unauthenticated.Maintenance.Mode.Switch HIGH" "contact-form-7-sms-addon 2.4.0 Cross-Site.Scripting.(XSS) MEDIUM" "clock-in-portal No.known.fix Holidays.Deletion.via.CSRF MEDIUM" "clock-in-portal No.known.fix Staff.Deletion.via.CSRF MEDIUM" "clock-in-portal No.known.fix Designation.Deletion.via.CSRF MEDIUM" "check-zipcode No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "check-zipcode No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "copy-or-move-comments No.known.fix Reflected.XSS HIGH" "copy-or-move-comments No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "custom-field-list-widget No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "cpt-ajax-load-more No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "country-flags-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cf7-constant-contact 1.1.6 CSRF MEDIUM" "cf7-constant-contact 1.1.5 Open.Redirect MEDIUM" "cf7-constant-contact 1.1.0 Reflected.Cross-Site.Scripting HIGH" "custom-facebook-feed 4.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.`data-color`.Attribute MEDIUM" "custom-facebook-feed 4.2.2 Facebook.Token.Reset/Update.via.CSRF MEDIUM" "custom-facebook-feed 4.1.6 Contributor+.Stored.XSS MEDIUM" "custom-facebook-feed 4.1.1 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "custom-facebook-feed 4.0.1 Subscriber+.Arbitrary.Plugin.Settings.Update.to.Stored.XSS HIGH" "custom-facebook-feed 2.19.2 Unauthenticated.Stored.XSS CRITICAL" "custom-facebook-feed 2.19.2 Reflected.Cross-Site.Scripting MEDIUM" "conditional-logic-for-woo-product-add-ons 1.2.1 Reflected.Cross-Site.Scripting MEDIUM" "customize-my-account-for-woocommerce 2.9.0 Reflected.Cross-Site.Scripting MEDIUM" "customize-my-account-for-woocommerce 2.7.30 Reflected.Cross-Site.Scripting.via.tab.Parameter MEDIUM" "customize-my-account-for-woocommerce 1.8.4 Cross-Site.Request.Forgery.via.restore_my_account_tabs MEDIUM" "contact-form-x 2.4.1 Reflected.Cross-Site.Scripting MEDIUM" "chatbot 6.3.6 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "chatbot 6.2.4 Admin+.Stored.XSS LOW" "chatbot 5.5.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "chatbot 5.3.6 Missing.Authorization.via.openai_file_upload_callback MEDIUM" "chatbot 5.3.6 Missing.Authorization.via.openai_file_list_callback MEDIUM" "chatbot 5.3.6 Missing.Authorization.via.openai_file_delete_callback MEDIUM" "chatbot 5.1.1 Unauthenticated.PHP.Object.Injection CRITICAL" "chatbot 4.7.9 Authenticated.(Administrator+).SQL.Injection HIGH" "chatbot 4.9.7 4.9.6.-.Authenticated.(Administrator+).Stored.Cross-Site.Scripting.in.FAQ.Builder MEDIUM" "chatbot 4.9.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "chatbot 4.9.3 Subscriber+.Arbitrary.File.Deletion CRITICAL" "chatbot 4.9.1 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "chatbot 4.9.1 Authenticated.(Subscriber+).Directory.Traversal.to.Arbitrary.File.Write.via.qcld_openai_upload_pagetraining_file CRITICAL" "chatbot 4.9.1 Unauthenticated.Blind.SQL.Injection CRITICAL" "chatbot 4.9.3 Missing.authorization.in.AJAX.calls MEDIUM" "chatbot 4.9.1 Subscriber+.Arbitrary.File.Deletion CRITICAL" "chatbot 4.9.1 Missing.authorization.in.AJAX.calls MEDIUM" "chatbot 4.9.1 Unauthenticated.Sensitive.Data.Disclosure MEDIUM" "chatbot 4.7.9 CSRF MEDIUM" "chatbot 4.7.8 Admin+.Stored.XSS.in.FAQ.Builder LOW" "chatbot 4.7.8 Admin+.Stored.XSS.in.Language.Settings LOW" "chatbot 4.6.1 Admin+.Stored.Cross-Site.Scripting LOW" "chatbot 4.5.6 Admin+.Stored.Cross-Site.Scripting LOW" "chatbot 4.5.5 Admin+.Stored.Cross-Site.Scripting LOW" "chatbot 4.4.9 Subscriber+.OpenAI.Settings.Update.to.Stored.XSS HIGH" "chatbot 4.4.7 Unauthenticated.PHP.Object.Injection HIGH" "chatbot 4.5.1 Admin+.Stored.XSS LOW" "chatbot 4.4.9 Unauthenticated.Stored.XSS HIGH" "chatbot 4.4.5 Stored.XSS.via.CSRF HIGH" "chatbot 4.3.0 Settings.Reset.via.CSRF MEDIUM" "chatbot 4.3.1 Admin+.Stored.XSS LOW" "chatbot 4.2.9 Unauthenticated.Settings.Reset MEDIUM" "calculate-prices-based-on-distance-for-woocommerce No.known.fix Missing.Authorization MEDIUM" "cleanup-light 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "cf7-mailchimp 1.1.1 Reflected.Cross-Site.Scripting HIGH" "codecolorer 0.10.1 CodeColorer.<.0,10,1.–.Admin+.Stored.Cross-Site.Scripting LOW" "continue-shopping-from-cart-page No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "conditional-marketing-mailer 1.6 Arbitrary.Plugin.Installation/Activation.via.CSRF CRITICAL" "conditional-marketing-mailer 1.5.2 Arbitrary.Plugin.Installation/Activation.via.Low.Privilege.User CRITICAL" "cloudnet-sync No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cities-shipping-zones-for-woocommerce 1.2.8 Authenticated.(Shop.Manager+).Local.File.Inclusion HIGH" "cbxwpbookmark 1.7.22 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cbxwpbookmark 1.7.21 Admin+.SQLi MEDIUM" "cbxwpbookmark 1.7.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cbxwpbookmark 1.6.9 Reflected.Cross-Site.Scripting HIGH" "country-blocker No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "country-blocker No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "contact-form-with-a-meeting-scheduler-by-vcita No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "contact-form-with-a-meeting-scheduler-by-vcita 4.10.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.livesite-pay.Shortcode MEDIUM" "contact-form-with-a-meeting-scheduler-by-vcita No.known.fix Settings.Update.Via.CSRF MEDIUM" "contact-form-with-a-meeting-scheduler-by-vcita 4.10.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "custom-css 2.4.2 Cross-Site.Request.Forgery.to.Remote.Code.Exectuiron HIGH" "custom-css 2.4.0 Reflected.Cross-Site.Scripting MEDIUM" "clean-social-icons No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cookiehint-wp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "contact-page-with-google-map No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "connatix-video-embed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "call-me-now No.known.fix Cross-Site.Request.Forgery MEDIUM" "cherry-plugin 1.2.7 Unauthenticated.Arbitrary.File.Upload.and.Download CRITICAL" "coming-soons No.known.fix Under.Construction.<=.1.2.0.-.Admin+.Stored.Cross-Site.Scripting LOW" "companion-sitemap-generator 4.5.3 Reflected.XSS HIGH" "companion-sitemap-generator 4.5.3 Contributor+.Stored.XSS MEDIUM" "companion-sitemap-generator 3.7.0 CSRF HIGH" "custom-posts-order No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "caddy 1.9.8 Cross-Site.Request.Forgery MEDIUM" "cleanup-action-scheduler 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "contact-form-maker No.known.fix Admin+.SQLi MEDIUM" "contact-form-maker 1.13.5 Cross-Site.Request.Forgery.to.LFI HIGH" "cart-lift 3.1.6 Reflected.XSS HIGH" "change-memory-limit No.known.fix Missing.Authorization.via.admin_logic() MEDIUM" "convoworks-wp 0.22.15 Reflected.Cross-Site.Scripting MEDIUM" "convoworks-wp 0.22.14 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "custom-more-link-complete No.known.fix Admin+.Stored.XSS LOW" "catch-duplicate-switcher No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "catch-duplicate-switcher 1.6 Unauthorised.Plugin's.Setting.Change MEDIUM" "clickwhale 2.4.7 Missing.Authorization MEDIUM" "clickwhale 2.4.4 Cross-Site.Request.Forgery MEDIUM" "clickwhale 2.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "clickwhale 2.4.2 Reflected.Cross-Site.Scripting MEDIUM" "clickwhale 2.4.2 Authenticated.(Contributor+).SQL.Injection MEDIUM" "code-snippets 3.6.0 Arbitrary.settings.change.via.CSRF MEDIUM" "code-snippets 2.14.4 Reflected.Cross-Site.Scripting MEDIUM" "code-snippets 2.14.3 Reflected.Cross-Site.Scripting HIGH" "code-snippets 2.14.0 CSRF.to.RCE HIGH" "correos-express No.known.fix Sensitive.Information.Disclosure HIGH" "custom-pc-builder-lite-for-woocommerce No.known.fix Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "custom-post-view-generator No.known.fix Reflected.Cross-Site.Scripting HIGH" "coru-lfmember No.known.fix Arbitrary.Game.Deletion/Activation.via.CSRF MEDIUM" "coru-lfmember No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "copy-link No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "crayon-syntax-highlighter No.known.fix Contributor+.Server.Side.Request.Forgery MEDIUM" "crayon-syntax-highlighter No.known.fix Cross-Site.Request.Forgery MEDIUM" "crayon-syntax-highlighter 2.8.4 Multiple.XSS MEDIUM" "child-theme-generator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cryptocurrency-price-ticker-widget 2.8.1 Reflected.Cross-Site.Scripting MEDIUM" "cryptocurrency-price-ticker-widget 2.6.9 Missing.Authorization MEDIUM" "cryptocurrency-price-ticker-widget 2.6.6 2.6.5.-.Unauthenticated.SQL.Injection CRITICAL" "cryptocurrency-price-ticker-widget 2.5 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "custom-login-redirect No.known.fix CSRF.to.Stored.XSS HIGH" "compare-affiliated-products No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "compare-affiliated-products No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "comparison-slider No.known.fix Cross-Site.Request.Forgery MEDIUM" "comparison-slider No.known.fix Missing.Authorization MEDIUM" "comparison-slider No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "coupon-creator 3.1.1 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "coupon-creator 3.1.1 Arbitrary.Settings.Update.via.CSRF MEDIUM" "cookie-law-info 1.8.3 Improper.Access.Controls CRITICAL" "cryptocurrency-prices No.known.fix Contributor+.Stored.XSS MEDIUM" "code-explorer No.known.fix Authenticated.(Admin+).External.File.Reading MEDIUM" "custom-add-user No.known.fix Reflected.Cross-Site.Scripting HIGH" "collect-and-deliver-interface-for-woocommerce 5.5.6 Authenticated.(Shop.Manager+).Arbitrary.File.Upload HIGH" "collect-and-deliver-interface-for-woocommerce 5.1.9 Reflected.Cross-Site-Scripting MEDIUM" "complianz-gdpr-premium 6.4.2 GDPR/CCPA.Cookie.Consent.<.6.4.2.-.Contributor+.Stored.XSS MEDIUM" "complianz-gdpr-premium 6.3.6 Translator.SQLi MEDIUM" "ce21-suite 2.2.1 Unauthenticated.Privilege.Escalation CRITICAL" "ce21-suite No.known.fix Missing.Authorization.to.Unauthenticated.Plugin.Settings.Change MEDIUM" "ce21-suite No.known.fix JWT.Token.Disclosure CRITICAL" "ce21-suite 2.2.1 Authentication.Bypass CRITICAL" "cookie-consent-autoblock No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "cubepm No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "countdown-wpdevart-extended 1.8.3 Admin+.Stored.XSS LOW" "countdown-wpdevart-extended 1.5.8 CSRF.to.Stored.Cross-Site.Scripting HIGH" "contextual-related-posts 4.0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "contextual-related-posts 3.3.1 Contributor+.Stored.XSS MEDIUM" "contextual-related-posts 2.9.4 CSRF.Nonce.Validation.Bypass MEDIUM" "contextual-related-posts 1.8.7 Cross-Site.Request.Forgery MEDIUM" "contextual-related-posts 1.8.10.2 Multiple.Parameter.SQL.Injection HIGH" "comic-easel No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "csv-wc-product-import-export No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "custom-css-js 3.4 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "contact-form-to-db 1.7.3 Authenticated.(Author+).SQL.Injection CRITICAL" "contact-form-to-db 1.7.2 Improper.Neutralization.of.Special.Elements.used.in.an.SQL.Command.('SQL.Injection') MEDIUM" "coupon-zen 1.0.6 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "convertkit 2.4.9.1 Missing.Authorization MEDIUM" "convertkit 2.4.6 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "convertkit 2.2.1 Reflected.XSS HIGH" "convertkit 2.0.5 Contributor+.Stored.XSS MEDIUM" "cardealerpress 6.8.2505.01 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.saleclass.Parameter MEDIUM" "cardealerpress 6.7.2411.00 Reflected.Cross-Site.Scripting MEDIUM" "child-themes-helper No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Deletion HIGH" "core-control No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "currency-switcher 1.2.0.5 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "currency-switcher 1.2.0.4 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "currency-switcher 1.2.0.2 Cross-Site.Request.Forgery MEDIUM" "currency-switcher 1.2.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "currency-switcher 1.2.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "currency-switcher 1.2.0 Subscriber+.Missing.Authorization.Checks MEDIUM" "currency-switcher 1.1.7 Arbitrary.Plugin's.Settings.Change.via.CSRF MEDIUM" "candidate-application-form No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "customer-reviews-collector-for-woocommerce 4.0 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "ct-commerce No.known.fix Admin+.Stored.XSS LOW" "comment-engine-pro No.known.fix Editor+.Stored.Cross-Site.Scripting LOW" "contact-form-multi 1.2.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "content-bot No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "clinked-client-portal No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "clinked-client-portal 1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cb-logo-slider 4.5.0 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "cb-logo-slider 4.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "catch-themes-demo-import 2.1.1 Admin+.Remote.Code.Execution MEDIUM" "catch-themes-demo-import 1.8 Admin+.Arbitrary.File.Upload CRITICAL" "catch-themes-demo-import 1.6 Unauthorised.Plugin's.Setting.Change MEDIUM" "custom-smilies-se No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7-paypal-add-on 2.4.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "contact-form-7-paypal-add-on 2.3.2 PayPal.&.Stripe.Add-on.<.2.3.2.-.Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7-paypal-add-on 2.3.1 Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7-paypal-add-on 2.1 Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7-paypal-add-on 2.2 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "contact-form-7-paypal-add-on 1.9.4 Cross-Site.Request.Forgery MEDIUM" "contact-widgets-for-elementor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "contact-widgets-for-elementor 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "custom-user-guide 1.1.1 Reflected.Cross-Site.Scripting MEDIUM" "custom-user-guide 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "custom-functions No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "czater No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "cf7-styler-for-divi 1.3.3 Reflected.Cross-Site.Scripting MEDIUM" "cf7-styler-for-divi 1.3.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "commenttweets No.known.fix Settings.Update.via.CSRF MEDIUM" "copy-the-code 4.0.4 Contributor+.Stored.XSS MEDIUM" "copy-the-code 2.6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "copy-the-code 2.6.4 Reflected.Cross-Site.Scripting MEDIUM" "contact-forms-builder No.known.fix Authentication.Request.Bypass MEDIUM" "contact-forms-builder No.known.fix Reflected.XSS HIGH" "comment-reply-notification No.known.fix Cross-Site.Request.Forgery MEDIUM" "catalyst-connect-client-portal 2.1.0 Admin+.Stored.XSS LOW" "catalyst-connect-client-portal 2.1.0 Reflected.XSS HIGH" "create-custom-dashboard-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "create-custom-dashboard-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "countdown-for-the-events-calendar 1.4.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "countdown-for-the-events-calendar 1.4 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "captchinoo-captcha-for-login-form-protection 2.5 Arbitrary.Plugin.Installation/Activation.via.CSRF CRITICAL" "captchinoo-captcha-for-login-form-protection 2.4 Arbitrary.Plugin.Installation/Activation.via.Low.Privilege.User CRITICAL" "cartpops 1.4.28 Reflected.Cross-Site.Scripting MEDIUM" "cartpops 1.4.17 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cf7-insightly 1.0.9 Reflected.Cross-Site.Scripting HIGH" "cm-video-lesson-manager 1.8.3 Reflected.XSS HIGH" "cm-video-lesson-manager 1.7.2 Admin+.Stored.Cross-Site.Scripting LOW" "captcha-bws 5.2.1 Captcha.Bypass MEDIUM" "community-events 1.5.1 Admin+.Stored.XSS LOW" "community-events 1.5 Event.Deletion.via.CSRF MEDIUM" "community-events 1.4.9 Admin+.Stored.XSS LOW" "community-events 1.4.8 Reflected.Cross-Site.Scripting.(XSS) HIGH" "community-events 1.4 SQL.Injection CRITICAL" "capturly-optimize-your-website No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "csv-importer 0.3.9 Cross-Site.Request.Forgery MEDIUM" "cubepoints No.known.fix Cross-Site.Request.Forgery MEDIUM" "collapsing-categories 3.0.9 Unauthenticated.SQL.Injection HIGH" "coupon-lite 1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "coupon-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cm-ad-changer 2.0.6 Cross-Site.Request.Forgery MEDIUM" "coaching-staffs No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "clicksend-lead-capture-form No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Message.Deletion MEDIUM" "custom-page-templates-by-vegacorp 1.1.14 Reflected.Cross-Site.Scripting MEDIUM" "custom-page-templates-by-vegacorp 1.1.13 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "copymatic 2.0 Missing.Authorization MEDIUM" "copymatic 1.7 Unauthenticated.Arbitrary.File.Upload CRITICAL" "coming-soon-maintenance-mode 1.0.6 Information.Exposure MEDIUM" "cm-map-locations 2.0.9 Reflected.Cross-Site.Scripting MEDIUM" "case-study No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "custom-field-suite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.cfs[post_title] MEDIUM" "custom-field-suite No.known.fix Authenticated.(Contributor+).SQL.Injection.via.Term.Custom.Field HIGH" "custom-field-suite No.known.fix Contributor+.PHP.Code.Injection.via.Loop.Custom.Field HIGH" "custom-field-suite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.cfs[post_content] MEDIUM" "custom-field-suite 2.6.6 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "custom-field-suite 2.6.5 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "custom-field-suite 2.6.3 Admin+.Stored.XSS LOW" "custom-field-suite 2.5.15 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "cf7-grid-and-styler-for-divi 1.5.2 Reflected.Cross-Site.Scripting MEDIUM" "cf7-grid-and-styler-for-divi 1.4.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cache-control-by-cacholong No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "cache-control-by-cacholong No.known.fix Cross-Site.Request.Forgery MEDIUM" "content-collector No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "content-collector No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "clinicalwp-core No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "clinicalwp-core No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "clinicalwp-core No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "custom-smilies No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "comment-highlighter No.known.fix Authenticated.SQL.Injection MEDIUM" "copy-delete-posts 1.4.0 Subscriber+.Plugin.Installation MEDIUM" "copy-delete-posts 1.4.0 Plugin.Installation.via.CSRF MEDIUM" "copy-delete-posts 1.2.0 Authenticated.SQL.Injection MEDIUM" "count-per-day 3.5.5 Stored.Cross-Site.Scripting.(XSS) HIGH" "count-per-day 3.5.5 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "count-per-day 3.4.1 SQL.Injection MEDIUM" "contentlock 1.0.4 Groups/Emails.Deletion.via.CSRF MEDIUM" "contentlock 1.0.4 Settings.Update.via.CSRF MEDIUM" "contentlock 1.0.4 Email.Adding.via.CSRF MEDIUM" "court-reservation 1.9.1 Reflected.Cross-Site.Scripting MEDIUM" "court-reservation 1.6.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "comments-from-facebook 2.5.0 Admin+.Stored.Cross-Site.Scripting LOW" "color-palette No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.hex.Parameter MEDIUM" "custom-layouts 1.4.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "chat2 No.known.fix Stored.XSS.via.CSRF HIGH" "cosmetsy-core No.known.fix Reflected.Cross-Site.Scripting HIGH" "cssable-countdown No.known.fix Admin+.Stored.XSS LOW" "custom-404-pro 3.11.2 Reflected.Cross-Site.Scripting MEDIUM" "custom-404-pro 3.10.1 Unauthenticated.Stored.Cross-Site.Scripting.via.logging HIGH" "custom-404-pro 3.8.1 Multiple.SQL.Injection HIGH" "custom-404-pro 3.8.2 Reflected.XSS HIGH" "custom-404-pro 3.7.3 Reflected.Cross-Site.Scripting HIGH" "custom-404-pro 3.7.2 Logs.Deletion.via.CSRF MEDIUM" "custom-404-pro 3.7.1 Admin+.SQLi MEDIUM" "custom-404-pro 3.2.9 Authenticated.Reflected.XSS MEDIUM" "custom-404-pro 3.2.8 XSS MEDIUM" "commenting-feature 3.2 Reflected.Cross-Site.Scripting MEDIUM" "commenting-feature 2.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "carousel-ck No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "content-no-cache 0.1.3 Unauthenticated.Private.Content.Disclosure MEDIUM" "cognito-forms No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "comment-approved-notifier-extended 5.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "cwd-3d-image-gallery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "crazy-bone No.known.fix Unauthenticated.Stored.XSS HIGH" "crazy-bone 0.6.0 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "content-mirror No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "complete-open-graph No.known.fix Admin+.Stored.XSS LOW" "custom-post-types 5.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-post-types 5.0.0 Admin+.Stored.Cross-Site.Scripting MEDIUM" "custom-post-types 5.0.3 Admin+.Stored.XSS LOW" "custom-css-pro 1.0.4 CSRF.&.XSS HIGH" "calendapp No.known.fix Reflected.XSS HIGH" "competition-form No.known.fix Reflected.XSS HIGH" "competition-form No.known.fix Competition.Deletion.via.CSRF MEDIUM" "codestyling-localization No.known.fix Multiple.CSRF HIGH" "custom-tiktok-video-feed No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "caldera-forms-pro 1.8.2 Unauthenticated.Arbitrary.File.Read HIGH" "cf7-recaptcha-mine 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "cm-video-lesson-manager-pro 3.5.9 Admin+.Stored.Cross-Site.Scripting LOW" "crossword-compiler-puzzles No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "crossword-compiler-puzzles No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "canvasflow No.known.fix Reflected.XSS HIGH" "contact-form-7-mailchimp-extension No.known.fix Cross-Site.Request.Forgery MEDIUM" "contact-form-7-mailchimp-extension No.known.fix Subscriber+.Server-Side.Request.Forgery MEDIUM" "checkout-plugins-stripe-woo 1.9.2 Cross-Site.Request.Forgery MEDIUM" "checkout-plugins-stripe-woo 1.9.2 Unauthenticated.Insecure.Direct.Object.Reference MEDIUM" "checkout-plugins-stripe-woo 1.4.11 Settings.Update.via.CSRF MEDIUM" "cool-facebook-page-feed-timeline No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "custom-related-posts 1.7.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-related-posts 1.7.4 Missing.Authorization.to.Authenticated.(Subscriber+).Private.Post.Search.and.Relation.Updates MEDIUM" "change-wp-admin-login 1.1.4 Secret.Login.Page.Disclosure MEDIUM" "change-wp-admin-login 1.1.0 Unauthenticated.Arbitrary.Settings.Update MEDIUM" "cslider No.known.fix Cross-Site.Request.Forgery MEDIUM" "css-addons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "co2ok-for-woocommerce 2.0.4 Reflected.Cross-Site.Scripting MEDIUM" "co2ok-for-woocommerce 1.0.9.22 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "co2ok-for-woocommerce 1.0.9.22 Subscriber+.Arbitrary.Option.Update CRITICAL" "css-hero 4.07 Authenticated.Reflected.XSS MEDIUM" "category-specific-rss-feed-menu 2.3 Admin+.Stored.XSS LOW" "category-specific-rss-feed-menu 2.2 Settings.Update.via.CSRF MEDIUM" "cart-rest-api-for-woocommerce 3.12.0 Missing.Authorization MEDIUM" "cmsmasters-elementor-addon 1.15.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "code-generator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "clickcease-click-fraud-protection 3.2.5 Improper.Authorization.to.sensitive.information.exposure.via.get_settings MEDIUM" "clickcease-click-fraud-protection 3.2.8 Cross-Site.Request.Forgery MEDIUM" "contact-form-7-multi-step-addon 1.0.7 Injected.Backdoor CRITICAL" "cbxpoll No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "curated-search No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "custom-post-type-page-template No.known.fix Cross-Site.Request.Forgery MEDIUM" "contact-manager 8.6.5 Unauthenticated.Arbitrary.Double.File.Extension.Upload HIGH" "comment-emailer No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "cryptocurrency-price-widget 1.2.4 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "crudlab-scroll-to-top No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cluevo-lms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cluevo-lms No.known.fix Cross-Site.Request.Forgery.to.Module.Deletion MEDIUM" "cluevo-lms 1.11.0 Settings.Update.via.CSRF MEDIUM" "cluevo-lms 1.8.1 Admin+.Stored.Cross.Site.Scripting LOW" "complianz-gdpr 7.0.0 Cross-Site.Request.Forgery.to.Data.Request.Deletion MEDIUM" "complianz-gdpr 6.5.6 Admin+.Stored.XSS LOW" "complianz-gdpr 6.4.2 GDPR/CCPA.Cookie.Consent.<.6.4.2.-.Contributor+.Stored.XSS MEDIUM" "complianz-gdpr 6.3.4 Translator.SQLi MEDIUM" "complianz-gdpr 6.0.0 GDPR/CCPA.Cookie.Consent.<.6.0.0.-.Reflected.Cross-Site.Scripting MEDIUM" "custom-banners No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "custom-banners 3.3 CSRF.Nonce.Bypass.in.saveCustomFields MEDIUM" "custom-banners 2.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "cf7-paystack-add-on No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "custom-base-terms 1.0.3 Admin+.Stored.XSS LOW" "client-dash No.known.fix Missing.Authorization MEDIUM" "client-dash No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "custom-fields-shortcode No.known.fix Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "contexto No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cyr3lat 3.7 Editor+.SQL.Injection MEDIUM" "clockify-lite No.known.fix Missing.Authorization MEDIUM" "csv-import-export No.known.fix Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "cleantalk-spam-protect 6.44 Unauthenticated.Arbitrary.Plugin.Installation HIGH" "cleantalk-spam-protect 6.45 Unauthenticated.Arbitrary.Plugin.Installation HIGH" "cleantalk-spam-protect 6.21 Counters.Reset/Creation.via.CSRF MEDIUM" "cleantalk-spam-protect 6.21 Email.Update.via.CSRF MEDIUM" "cleantalk-spam-protect 5.185.1 Admin+.SQLi MEDIUM" "cleantalk-spam-protect 5.174.1 Reflected.Cross-Site.Scripting MEDIUM" "cleantalk-spam-protect 5.153.4 Unauthenticated.Blind.SQL.Injection HIGH" "cleantalk-spam-protect 5.149 Multiple.Authenticated.SQL.Injections MEDIUM" "cleantalk-spam-protect 5.127.4 Cross-Site.Scripting.Issue MEDIUM" "cleantalk-spam-protect 5.22 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "campus-directory 1.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "citadela-directory No.known.fix Unauthenticated.Sensitive.Information.Exposure HIGH" "citadela-directory No.known.fix Cross-Site.Request.Forgery MEDIUM" "covid-19-alert No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "cf7-infusionsoft 1.1.4 Reflected.Cross-Site.Scripting HIGH" "content-mask 1.8.4.1 Subscriber+.Arbitrary.Options.Update HIGH" "contact-form-7-select-box-editor-button No.known.fix Cross-Site.Request.Forgery MEDIUM" "cooked-pro 1.8.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "cooked-pro 1.8.0 Cross-Site.Request.Forgery MEDIUM" "cooked-pro 1.8.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cooked-pro 1.8.0 Cross-Site.Request.Forgery.to.Template.Reset MEDIUM" "cooked-pro 1.8.0 Authenticated.(Contributor+).HTML.Injection MEDIUM" "cooked-pro 1.8.0 Cross-Site.Request.Forgery.via.cooked_get_recipe_ids MEDIUM" "cooked-pro 1.8.0 Cross-Site.Request.Forgery.to.Template.Apply MEDIUM" "cooked-pro 1.8.0 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "cooked-pro 1.7.5.7 Unauthenticated.PHP.Object.Injection HIGH" "cooked-pro 1.7.5.6 Unauthenticated.Reflected.Cross.Site.Scripting.(XSS) MEDIUM" "co-marquage-service-public 0.5.77 Reflected.Cross-Site.Scripting.via.add_query_arg.Parameter MEDIUM" "co-marquage-service-public 0.5.73 Reflected.Cross-Site.Scripting.via.search_term MEDIUM" "co-marquage-service-public 0.5.72 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "column-matic No.known.fix Contributor+.Stored.XSS MEDIUM" "category-page-icons No.known.fix Arbitrary.File.Upload/Deletion.via.Path.Traversal CRITICAL" "custom-email-options No.known.fix Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "crudlab-facebook-like-box No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cheetaho-image-optimizer 1.4.3.2 Reflected.Cross-Site.Scripting MEDIUM" "copyrightpro No.known.fix Settings.Update.via.CSRF MEDIUM" "contact-form-add No.known.fix CSRF HIGH" "contact-form-add 1.9.8.4 Authenticated.Stored.Cross-Site.Scripting LOW" "contact-form-add 1.9.8.5 Reflected.Cross-Site.Scripting.(XSS) HIGH" "clickervolt No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "countdown-timer-block No.known.fix Contributor+.Stored.XSS MEDIUM" "crm-memberships No.known.fix Admin+.Stored.XSS LOW" "cf7-spreadsheets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cf7-spreadsheets No.known.fix Missing.Authorization.to.Settings.Update MEDIUM" "code-generator-pro No.known.fix Unauthenticated.SQL.Injection CRITICAL" "content-hubs No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "content-hubs 1.0.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "css-for-elementor No.known.fix Unauthenticated.Server-Side.Request.Forgery HIGH" "css-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "content-cards No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "content-cards 0.9.7 Cross-Site.Scripting.(XSS) MEDIUM" "callbook-mobile-bar No.known.fix Admin+.Stored.Cross.Site.Scripting LOW" "cart66-lite 1.5.5 XSS MEDIUM" "custom-shortcode-sidebars No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "callback-request No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "contact-form-integrated-with-google-maps 2.5 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "ctabs No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "configure-smtp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cpo-content-types 1.1.1 Admin+.Stored.XSS LOW" "connect-daily-web-calendar No.known.fix Stored.XSS.via.CSRF HIGH" "connect-daily-web-calendar 1.4.5 Multiple.Reflected.XSS HIGH" "clearbit No.known.fix Cross-Site.Request.Forgery MEDIUM" "categorycustomfields No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "custom-dashboard-widgets No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting.via.cdw_DashboardWidgets HIGH" "crafty-social-buttons 1.5.8 XSS MEDIUM" "codelights-shortcodes-and-widgets No.known.fix Contributor+.Stored.XSS MEDIUM" "codelights-shortcodes-and-widgets No.known.fix Admin+.Stored.Cross.Site.Scripting MEDIUM" "crawlomatic-multipage-scraper-post-generator 2.6.9 Unauthenticated.Information.Exposure.via.Log.Files MEDIUM" "crawlomatic-multipage-scraper-post-generator 2.6.9 Missing.Authorization MEDIUM" "crawlomatic-multipage-scraper-post-generator 2.6.8.2 Unauthenticated.Arbitrary.File.Upload CRITICAL" "chained-quiz 1.3.3 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "chained-quiz 1.3.2.9 Missing.Authorization MEDIUM" "chained-quiz 1.3.2.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "chained-quiz 1.3.2.6 Admin+.Stored.XSS LOW" "chained-quiz 1.3.2.1 Multiple.Reflected.Cross-Site.Scripting MEDIUM" "chained-quiz 1.3.2.5 Submitted.Quiz.Response.Deletion.via.CSRF MEDIUM" "chained-quiz 1.3.2.4 Multiple.Reflected.Cross-Site.Scripting MEDIUM" "chained-quiz 1.3.2.3 Admin+.Stored.XSS LOW" "chained-quiz 1.3.2.5 Arbitrary.Quiz.Deletion.&.Copying.via.CSRF MEDIUM" "chained-quiz 1.3.2.5 Arbitrary.Question.Deletion.via.CSRF MEDIUM" "chained-quiz 1.3.2.3 Reflected.Cross-Site.Scripting MEDIUM" "chained-quiz 1.2.7.2 Authenticated.Stored.Cross.Site.Scripting LOW" "chained-quiz 1.1.9.1 Authenticated.Stored.XSS MEDIUM" "chained-quiz 1.1.8.2 Unauthenticated.Reflected.XSS CRITICAL" "chained-quiz 1.0.9 Unauthenticated.SQL.Injection MEDIUM" "custom-post-type-list-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "contact-form-check-tester No.known.fix Broken.Access.Control.to.Cross-Site.Scripting.(XSS) HIGH" "checkbox 0.8.4 Reflected.Cross-Site.Scripting MEDIUM" "checkbox 0.8.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cookie-monster No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "custom-emails-for-woocommerce 3.5.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "contact-form-db-divi 1.2 Reflected.Cross-Site.Scripting MEDIUM" "callphoner No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "cf7save-extension No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "combo-wp-rewrite-slugs No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Change MEDIUM" "crypto 2.16 Cross-Site.Request.Forgery.to.Authentication.Bypass HIGH" "crypto 2.19 Authentication.Bypass.via.log_in CRITICAL" "crypto 2.20 Authentication.Bypass.via.register CRITICAL" "course-booking-system No.known.fix Reflected.Cross-Site.Scripting HIGH" "course-booking-system 6.1.1 Missing.Authorization MEDIUM" "course-booking-system 6.0.7 Unauthenticated.SQL.Injection HIGH" "contentmx-content-publisher No.known.fix Missing.Authorization MEDIUM" "continuous-image-carousel-with-lightbox 1.0.16 Reflected.XSS HIGH" "crelly-slider 1.4.7 Admin+.Stored.XSS LOW" "crelly-slider 1.4.6 Subscriber+.Insecure.Direct.Object.Reference MEDIUM" "crelly-slider No.known.fix Admin+.Stored.XSS LOW" "crelly-slider 1.3.5 Arbitrary.File.Upload HIGH" "cwd-stealth-links No.known.fix Unauthenticated.SQL.Injection HIGH" "custom-page-extensions No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "chillpay-payment-gateway No.known.fix .Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "company-updates-for-linkedin No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "crm-customer-relationship-management-by-vcita 2.7.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "crm-customer-relationship-management-by-vcita No.known.fix Missing.Authorization.to.Authenticated.(Susbcriber+).Widget.Toggle MEDIUM" "crm-customer-relationship-management-by-vcita 2.7.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "crm-customer-relationship-management-by-vcita No.known.fix Settings.Update.Via.CSRF MEDIUM" "custom-taxonomy-category-and-term-fields No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "custom-script-integration No.known.fix Cross-Site.Request.Forgery MEDIUM" "cp-blocks 1.0.21 CSRF MEDIUM" "cp-blocks 1.0.15 Admin+.Stored.Cross-Site.Scripting LOW" "contact-forms 1.9.9 Cross-Site.Request.Forgery MEDIUM" "contact-forms 1.9.5 Missing.Authorization.to.Unauthenticated.Form.Submission.Download MEDIUM" "contact-forms 1.9.3 Cross-Site.Request.Forgery.via.process_bulk_action.Function MEDIUM" "contact-forms 1.9.1 Admin+.Stored.XSS LOW" "contact-forms 1.8.0 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "contact-forms 1.6.1 CSRF MEDIUM" "contact-forms 1.5.8 Cross-Site.Request.Forgery MEDIUM" "contact-forms 1.5.5 Reflected.XSS HIGH" "contact-forms 1.5.5 Unauthenticated.Stored.XSS HIGH" "contact-forms 1.4.12 Admin+.Stored.Cross-Site.Scripting LOW" "control-horas No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "calendar-booking No.known.fix Missing.Authorization.to.Unauthenticated.Service.Disconnection MEDIUM" "calendar-booking No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "chp-ads-block-detector 3.9.8 Subscriber+.Plugin.Settings.Update MEDIUM" "chp-ads-block-detector 3.9.8 Plugin.Settings.Update.via.CSRF MEDIUM" "chp-ads-block-detector 3.9.8 Subscriber+.Stored.Cross-Site.Scripting HIGH" "cf7-material-design No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "custom-widget-creator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cloudflare-cache-purge No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dyslexiefont No.known.fix CSRF MEDIUM" "dyslexiefont 1.0.0 Authenticated.Cross-Site.Scripting MEDIUM" "daily-image No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dn-cookie-notice No.known.fix Cross-Site.Request.Forgery MEDIUM" "download-attachments 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "download-attachments 1.3 Contributor+.Stored.XSS MEDIUM" "dtc-documents No.known.fix Cross-Site.Request.Forgery MEDIUM" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.9.0 Unauthenticated.Arbitrary.File.Upload.via.Insufficient.Blacklist.Checks HIGH" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.8.8 Unauthenticated.Arbitrary.File.Deletion HIGH" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.8.9 Unauthenticated.PHP.Object.Injection.via.PHAR.to.Arbitrary.File.Deletion HIGH" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.8.6 Limited.Arbitrary.File.Deletion MEDIUM" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.7.8 Sensitive.Information.Exposure MEDIUM" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.7.4 Contact.Form.7.<.1.3.7.4.-.Unauthenticated.Arbitrary.File.Upload HIGH" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.6.6 File.Upload.and.File.deletion.via.CSRF MEDIUM" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.6.5 File.Upload.Size.Limit.Bypass MEDIUM" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.6.3 Contact.Form.7.<.1.3.6.3.-.Unauthenticated.Stored.XSS MEDIUM" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.5.5 Unauthenticated.Remote.Code.Execution CRITICAL" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.3.3 Unauthenticated.File.Upload.Bypass CRITICAL" "dynamic-post No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "disable-auto-updates No.known.fix Cross-Site.Request.Forgery.to.Auto-update.Disable MEDIUM" "digital-license-manager 1.7.4 Reflected.Cross-Site.Scripting.via.remove_query_arg.Function MEDIUM" "dap-to-autoresponders-daar No.known.fix Unauthenticated.Information.Exposure MEDIUM" "designer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "designer 1.5.0 Contributor+.Local.File.Inclusion HIGH" "dwnldr 1.01 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "dx-auto-publish No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "divi-builder 4.25.1 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "divi-builder 4.5.3 4.5.2,.Extra.2.0.-.4.5.2,.Divi.Builder.2.0.-.4.5.2).-.Authenticated.Arbitrary.File.Upload MEDIUM" "divi-builder 4.0.10 Authenticated.Code.Injection MEDIUM" "divi-builder 2.17.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "divi-builder 1.2.4 Privilege.Escalation HIGH" "display-terms-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "displayproduct No.known.fix Unauthenticated.SQL.Injection HIGH" "download-html-tinymce-button No.known.fix Reflected.XSS HIGH" "dforms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dw-promobar No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "defender-security 4.7.3 Missing.Authorization MEDIUM" "defender-security 4.4.2 IP.Address.Spoofing MEDIUM" "defender-security 4.2.0 Sensitive.Information.Exposure.via.Log.File MEDIUM" "defender-security 4.2.1 Masked.Login.Area.Security.Feature.Bypass MEDIUM" "defender-security 4.1.0 Protection.Bypass.(Hidden.Login.Page) MEDIUM" "defender-security 2.4.6.1 CSRF.Nonce.Bypasses MEDIUM" "droit-dark-mode No.known.fix Cross-Site.Request.Forgery MEDIUM" "docspress 2.5.3 Missing.Authorization MEDIUM" "display-post-meta No.known.fix Display.Post.Meta.<=.2,4,4.-Reflected.Cross-Site.Scripting MEDIUM" "dc-woocommerce-multi-vendor 4.2.23 Unauthenticated.Information.Exposure MEDIUM" "dc-woocommerce-multi-vendor 4.2.23 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dc-woocommerce-multi-vendor 4.2.23 Incorrect.Authorization.to.Authenticated.(Contributor+).Arbitrary.Post.Deletion MEDIUM" "dc-woocommerce-multi-vendor 4.2.20 Missing.Authorization.to.Unauthenticated.Table.Rates.Deletion MEDIUM" "dc-woocommerce-multi-vendor 4.2.15 Unauthenticated.Limited.Local.File.Inclusion CRITICAL" "dc-woocommerce-multi-vendor 4.2.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dc-woocommerce-multi-vendor 4.2.5 Cross-Site.Request.Forgery.to.Vendor.Updates MEDIUM" "dc-woocommerce-multi-vendor 4.2.5 Missing.Authorization.to.Forged.Vendor.Profile.Deletion.Email.Sending MEDIUM" "dc-woocommerce-multi-vendor 4.2.1 Missing.Authorization.to.Limited.Vendor.Privilege.Escalation/Account.Takeover CRITICAL" "dc-woocommerce-multi-vendor 4.2.0 Reflected.Cross-Site.Scripting HIGH" "dc-woocommerce-multi-vendor 4.1.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.hover_animation.Parameter MEDIUM" "dc-woocommerce-multi-vendor 4.1.4 Missing.Authorization MEDIUM" "dc-woocommerce-multi-vendor 4.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dc-woocommerce-multi-vendor 4.0.26 Missing.Authorization HIGH" "dc-woocommerce-multi-vendor 4.0.24 Missing.Authorization.via.mvx_save_dashpages HIGH" "dc-woocommerce-multi-vendor 4.0.26 Improper.Authorization.on.REST.Routes.via.'save_settings_permission' HIGH" "dc-woocommerce-multi-vendor 3.8.12 Multiple.Reflected.Cross-Site.Scripting MEDIUM" "dc-woocommerce-multi-vendor 3.8.12 Unauthorised.AJAX.Calls HIGH" "dc-woocommerce-multi-vendor 3.8.12 Unauthenticated.LFI MEDIUM" "dc-woocommerce-multi-vendor 3.8.4 Reflected.Cross-Site.Scripting HIGH" "dc-woocommerce-multi-vendor 3.7.4 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "dc-woocommerce-multi-vendor 3.7.4 Unauthenticated.Arbitrary.Product.Comment MEDIUM" "dc-woocommerce-multi-vendor 3.5.8 Cross-Site.Request.Forgery MEDIUM" "dc-woocommerce-multi-vendor 3.5.8 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "download-button-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dpt-oauth-client No.known.fix CSRF MEDIUM" "dpt-oauth-client No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "devexhub-gallery No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "divebook No.known.fix Improper.Authorisation.Check MEDIUM" "divebook No.known.fix Unauthenticated.SQL.Injection CRITICAL" "divebook No.known.fix Unauthenticated.Reflected.XSS LOW" "dejureorg-vernetzungsfunktion 1.98.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "delete-post-revisions-on-single-click No.known.fix Cross-Site.Request.Forgery MEDIUM" "different-home-for-logged-in-logged-out 1.3.4 Reflected.Cross-Site.Scripting MEDIUM" "dont-muck-my-markup No.known.fix Cross-Site.Request.Forgery MEDIUM" "different-menus-in-different-pages 2.4.0 Subscriber+.Menu.Duplication MEDIUM" "designo No.known.fix Cross-Site.Request.Forgery MEDIUM" "datasets-manager-by-arttia-creative No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "disable-comments 1.0.4 disable_comments_settings.php.Comment.Status.Manipulation.CSRF HIGH" "demo-user-dzs-showcase-your-admin-safely No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "donations-block No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "donations-block No.known.fix Unauthenticated.Stored.XSS HIGH" "donations-block 2.1.0 Contributor+.Stored.XSS MEDIUM" "drip-feed-content-extended-for-learndash No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "delightful-downloads No.known.fix Unauthenticated.Path.Traversal MEDIUM" "delivery-drivers-for-vendors 1.1.1 Reflected.Cross-Site.Scripting MEDIUM" "delivery-drivers-for-vendors 1.0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "deeper-comments No.known.fix Subscriber+.Arbitrary.Options.Update HIGH" "download-monitor 5.0.23 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "download-monitor 5.0.14 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "download-monitor 5.0.13 Missing.Authorization.to.API.Key.Manipulation MEDIUM" "download-monitor 5.0.10 Missing.Authorization.to.Authenticated.(Subscriber+).Shop.Enable MEDIUM" "download-monitor 4.9.14 Missing.Authorization MEDIUM" "download-monitor 4.9.5 Authenticated.(Admin+).SQL.Injection HIGH" "download-monitor 4.8.2 Admin+.SSRF MEDIUM" "download-monitor 4.5.98 Admin+.Arbitrary.File.Download MEDIUM" "download-monitor 4.5.91 Admin+.Arbitrary.File.Download MEDIUM" "download-monitor 4.4.7 Reflected.Cross-Site.Scripting MEDIUM" "download-monitor 4.4.7 Admin+.Arbitrary.File.Download MEDIUM" "download-monitor 4.4.7 Admin+.Stored.Cross-Site.Scripting LOW" "download-monitor 4.4.5 Admin+.SQL.Injection MEDIUM" "download-monitor 1.9.7 Unauthenticated.Downloading.of.Logs MEDIUM" "download-monitor 1.7.1 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "download-monitor 1.6.4 Authenticated.Directory.Listing MEDIUM" "download-monitor 3.3.6.2 Multiple.Reflected.Cross-Site.Scripting MEDIUM" "deny-all-firewall 1.1.7 CSRF HIGH" "display-custom-post No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dev-land 3.0.5 Reflected.Cross-Site.Scripting MEDIUM" "dyapress No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "democracy-poll No.known.fix Missing.Authorization MEDIUM" "democracy-poll 5.4 CSRF.&.XSS HIGH" "digirisk 6.1.0.0 Reflected.Cross-Site.Scripting MEDIUM" "developer-toolbar No.known.fix Unauthenticated.Information.Exposure MEDIUM" "dd-roles No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "darkmysite No.known.fix Cross-Site.Request.Forgery MEDIUM" "donate-extra No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dirtysuds-embed-pdf No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "distance-rate-shipping-for-woocommerce No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "download-plugins-dashboard 1.9.2 Reflected.Cross-Site.Scripting MEDIUM" "download-plugins-dashboard 1.8.8 Cross-Site.Request.Forgery MEDIUM" "download-plugins-dashboard 1.8.6 Authenticated.(Admin+).Arbitrary.File.Download MEDIUM" "download-plugins-dashboard 1.6.0 Unauthenticated.Stored.XSS MEDIUM" "dukapress 2.5.9.1 Unauthenticated.Blind.SQL.Injection CRITICAL" "da-reactions 5.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "da-reactions 4.0.4 Reflected.Cross-Site.Scripting MEDIUM" "da-reactions 3.20.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "doppler-form 2.4.7 Missing.Authorization MEDIUM" "doppler-form No.known.fix Stored.XSS.via.CSRF HIGH" "doppler-form No.known.fix Contributor+.Stored.XSS MEDIUM" "dimage-360 No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dzs-ajaxer-lite-dynamic-page-load No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "decorator-woocommerce-email-customizer 1.2.8 WooCommerce.Email.Customizer.<.1.2.8.-.Cross-Site.Request.Forgery MEDIUM" "duplicate-theme No.known.fix CSRF MEDIUM" "different-shipping-and-billing-address-for-woocommerce 1.6 Unauthenticated.PHP.Object.Injection CRITICAL" "different-shipping-and-billing-address-for-woocommerce 1.5 Unauthenticated.SQL.Injection HIGH" "different-shipping-and-billing-address-for-woocommerce 1.3 Unauthenticated.SQL.Injection HIGH" "domain-for-sale 3.0.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.class_name.Parameter MEDIUM" "dynamic-url-seo 1.2 Reflected.Cross-Site.Scripting MEDIUM" "dynamic-url-seo 1.2 Cross-Site.Request.Forgery MEDIUM" "dynamic-url-seo 1.2 Reflected.XSS HIGH" "double-opt-in-for-download 2.1.0 Authenticated.SQL.Injection CRITICAL" "dino-game 1.2.0 Contributor+.Stored.XSS MEDIUM" "dologin 3.8 Missing.Authorization.via.REST.Endpoints MEDIUM" "dologin 3.7.1 Subscriber+.IP.Address.leak MEDIUM" "dologin 3.7 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "dologin 3.7 IP.Spoofing MEDIUM" "domain-theme No.known.fix Cross-Site.Request.Forgery MEDIUM" "dashboard-notepads No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "dokan-lite 3.7.6 Unauthenticated.SQLi HIGH" "dokan-lite 3.6.4 Vendor.Stored.Cross-Site.Scripting MEDIUM" "dokan-lite 3.2.1 CSRF.Nonce.Bypasses MEDIUM" "dokan-lite 3.0.9 Cross-Site.Request.Forgery MEDIUM" "dokan-lite 3.0.9 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "delete-old-orders No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dbox-slider-lite No.known.fix Multiple.Authenticated.SQL.injection HIGH" "dynamic-qr-code-generator No.known.fix Reflected.XSS HIGH" "dynamicconditions No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dadata-ru No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "debt-calculator No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "db-tables-importexport No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "display-product-variations-dropdown-on-shop-page No.known.fix Missing.Authorization MEDIUM" "digital-river-global-commerce No.known.fix Use.of.Polyfill.io MEDIUM" "dynamictags 1.4.1 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "dms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "devformatter No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Custom.CSS MEDIUM" "dts-simple-share No.known.fix Admin+.XSS LOW" "daily-prayer-time-for-mosques 2024.09.14 Authenticated.(Contributor+).SQL.Injection CRITICAL" "daily-prayer-time-for-mosques 2023.10.21 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "daily-prayer-time-for-mosques 2023.05.05 Contributor+.Stored.XSS MEDIUM" "daily-prayer-time-for-mosques 2023.03.18 Settings.Update.via.CSRF MEDIUM" "daily-prayer-time-for-mosques 2022.03.01 Unauthenticated.SQLi HIGH" "daily-prayer-time-for-mosques 2021.08.10 Admin+.Stored.XSS LOW" "duofaq-responsive-flat-simple-faq No.known.fix Reflected.Cross-Site.Scripting HIGH" "dethemekit-for-elementor No.known.fix Missing.Authorization MEDIUM" "dethemekit-for-elementor 2.1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dethemekit-for-elementor 2.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dethemekit-for-elementor 2.1.9 Authenticated.(Contributor+).Protected.Post.Disclosure MEDIUM" "dethemekit-for-elementor 2.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.De.Gallery.Widget MEDIUM" "dethemekit-for-elementor 2.1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dethemekit-for-elementor 2.1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.URL.Parameter.of.the.De.Gallery.Widget MEDIUM" "dethemekit-for-elementor 2.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.slitems.Attribute MEDIUM" "dethemekit-for-elementor 2.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "dethemekit-for-elementor 2.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dethemekit-for-elementor 2.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dethemekit-for-elementor 1.5.5.5 Contributor+.Stored.XSS MEDIUM" "digiproveblog No.known.fix Reflected.Cross-Site-Scripting MEDIUM" "device-detector 4.2.1 Reflected.Cross-Site.Scripting.via.id MEDIUM" "devrix-dark-site 1.1.1 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "devnex-addons-for-elementor No.known.fix Contributor+.Stored.XSS MEDIUM" "denk-internet-solutions 6.0.0 Admin+.Stored.XSS LOW" "dokme No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "drm-protected-video-streaming No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "drm-protected-video-streaming No.known.fix Reflected.XSS HIGH" "dynamic-to-top No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "dracula-dark-mode 1.0.9 The.Revolutionary.Dark.Mode.Plugin.For.WordPress.<.1.0.9.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "dracula-dark-mode 1.0.1 Reflected.Cross-Site.Scripting MEDIUM" "depicter 3.6.2 Unauthenticated.SQLi.via.'s'.Parameter HIGH" "depicter 3.2.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "depicter 3.5.0 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "depicter 3.5.0 Missing.Authorization MEDIUM" "depicter 3.1.2 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "depicter 3.2.0 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "depicter 3.1.0 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "depicter 3.1.0 Authenticated.(Contributor+).Arbitrary.Nonce.Generation MEDIUM" "depicter 2.0.7 Settings.Update.via.CSRF MEDIUM" "disable-comments-wpz No.known.fix Authenticated.(Administrator+).SQL.Injection CRITICAL" "doko-box-builder 1.0.1 Reflected.Cross-Site.Scripting MEDIUM" "dtracker No.known.fix Unauthorised.Contract.Creation HIGH" "dtracker No.known.fix Multiple.Unauthenticated.Blind.SQL.Injections HIGH" "duplicator-pro 4.5.14.2 Unauthenticated.Sensitive.Data.Exposure HIGH" "duplicator-pro 4.5.11.1 Unauthenticated.Reflected.XSS HIGH" "duplicator-pro 3.8.7.1 Unauthenticated.Arbitrary.File.Download HIGH" "dl-verification No.known.fix Admin+.Stored.XSS LOW" "ddirections No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dreamgrow-scroll-triggered-box No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "do-that-task No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "dtabs No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "duplicate-post-page-menu-custom-post-type 2.4.0 Subscriber+.Post.Duplication MEDIUM" "download-zip-attachments No.known.fix Arbitrary.File.Download HIGH" "dzs-videogallery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dzs-videogallery No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "dzs-videogallery No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "dyn-business-panel No.known.fix Reflected.XSS HIGH" "dyn-business-panel No.known.fix Reflected.XSS HIGH" "dyn-business-panel No.known.fix Stored.XSS.via.CSRF HIGH" "docket-cache 24.07.03 Unauthenticated.Local.File.Inclusion CRITICAL" "docket-cache 21.08.02 Reflected.Cross-Site.Scripting HIGH" "delivery-drivers-manager 1.1.9 Reflected.Cross-Site.Scripting MEDIUM" "delivery-drivers-manager 1.1.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "database-backup 2.36 Authenticated.(Administrator+).Sensitive.Information.Exposure HIGH" "database-backup 2.37 Authenticated.(Administrator+).Arbitrary.File.Deletion HIGH" "database-backup 2.33 Authenticated.(Admin+).Arbitrary.File.Read MEDIUM" "duplicate-page-or-post 1.5.1 Arbitrary.Settings.Update.to.Stored.XSS HIGH" "dl-robotstxt No.known.fix Admin+.Stored.XSS LOW" "donation-thermometer 2.1.3 Admin+.Stored.Cross-Site.Scripting LOW" "ds-suit No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "dearpdf-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "duplicate-wp-page-post 2.8 Admin+.Stored.Cross-Site.Scripting LOW" "duplicate-wp-page-post 2.5.7 SQL.Injections.due.to.Duplicated.Snippets HIGH" "dragfy-addons-for-elementor No.known.fix Missing.Authorization.via.save_settings MEDIUM" "diary-availability-calendar No.known.fix Authenticated.(subscriber+).SQL.Injection HIGH" "digiwidgets-image-editor No.known.fix Unauthenticated.Remote.Code.Execution CRITICAL" "database-backups No.known.fix CSRF.to.Backup.Download HIGH" "disable-user-login 1.3.9 User.Login.Toggle.via.CSRF MEDIUM" "digits 8.4.6.1 Auth.Bypass.via.OTP.Bruteforcing CRITICAL" "digits 8.4.2 Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "dw-question-answer No.known.fix CSRF.Bypass.in.Multiple.Plugins MEDIUM" "dashi 3.1.9 Missing.Authorization MEDIUM" "dicom-support 0.10.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "defend-wp-firewall 1.1.1 Missing.Authorization MEDIUM" "database-peek No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "data-dash No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dn-footer-contacts No.known.fix Cross-Site.Request.Forgery MEDIUM" "dn-footer-contacts 1.6.3 Admin+.Stored.XSS LOW" "dk-pricr-responsive-pricing-table 5.1.11 Author+.Stored.XSS MEDIUM" "dk-pricr-responsive-pricing-table 5.1.8 Admin+.Stored.Cross-Site.Scriping LOW" "dk-pricr-responsive-pricing-table 5.1.7 Contributor+.Stored.XSS MEDIUM" "designthemes-core-features No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "designthemes-core-features 4.8 Missing.Authorization.to.Unauthenticated.Arbitrary.File.Read.via.dt_process_imported_file HIGH" "demomentsomtres-gravity-forms-improvements 201704251008 Reflected.Cross-Site.Scripting MEDIUM" "dropdown-and-scrollable-text 2.1 Reflected.Cross-Site.Scripting MEDIUM" "display-a-meta-field-as-block 1.2.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "download-from-files No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "drag-n-drop-upload-cf7-pro 5.0.6.4 Contact.Form.7.with.Remote.Storage.Integrations.<.5.0.6.4.-.Reflected.Cross-Site.Scripting HIGH" "drag-n-drop-upload-cf7-pro 2.11.1 Contact.Form.7.Standard.<.2.11.1.-.Reflected.Cross-Site.Scripting HIGH" "drag-n-drop-upload-cf7-pro 2.11.0 Contact.Form.7.Standard.<.2.11.0.-.Path.Traversal MEDIUM" "drag-n-drop-upload-cf7-pro 5.0.6.3 Contact.Form.7.with.Remote.Storage.Integrations.<.5.0.6.3.-.Path.Traversal MEDIUM" "decon-wp-sms No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "delete-usermetas 1.2.0 Cross-Site.Request.Forgery MEDIUM" "data-tables-generator-by-supsystic 1.10.37 Missing.Authorization MEDIUM" "data-tables-generator-by-supsystic 1.10.32 Missing.Authorization MEDIUM" "data-tables-generator-by-supsystic 1.10.20 Admin+.Stored.Cross-Site.Scripting LOW" "data-tables-generator-by-supsystic 1.10.0 Authenticated.SQL.Injection CRITICAL" "data-tables-generator-by-supsystic 1.10.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "data-tables-generator-by-supsystic 1.9.92 Insecure.Permissions.on.AJAX.Actions MEDIUM" "data-tables-generator-by-supsystic 1.9.92 CSRF.to.Stored.XSS,.Data.Table.Creations,.Settings.Modification CRITICAL" "data-tables-generator-by-supsystic 1.9.92 Authenticated.Stored.XSS MEDIUM" "dd-post-carousel 1.4.12 Contributor+.Stored.XSS MEDIUM" "dd-post-carousel 1.4.7 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "dark-mode 1.7 Stored.XSS MEDIUM" "dl-yandex-metrika No.known.fix Admin+.Stored.XSS LOW" "defa-online-image-protector No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "digitimber-cpanel-integration 1.4.8 Cross-Site.Request.Forgery.to.Stored.Cross-site.Scripting MEDIUM" "dynamic-content-for-elementor 2.12.5 Cross-Site.Request.Forgery MEDIUM" "dynamic-content-for-elementor 1.9.6 Authenticated.RCE CRITICAL" "dl-leadback No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "display-admin-page-on-frontend 1.21.1 Reflected.Cross-Site.Scripting MEDIUM" "display-admin-page-on-frontend 1.17.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "drawit No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dokan-pro No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dokan-pro 3.11.0 Unauthenticated.SQL.Injection CRITICAL" "devoluciones-packback No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "duplicate-post 3.2.4 Authenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "dx-watermark No.known.fix Cross-Site.Request.Forgery MEDIUM" "don8 No.known.fix Admin+.Stored.XSS LOW" "disable-image-right-click No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "dont-break-the-code No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dr-flex 2.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "drug-search No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "duplicate-variations-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "duplicate-variations-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "database-collation-fix 1.2.8 Cross-Site.Request.Forgery MEDIUM" "digipass No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "dx-sales-crm No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "demomentsomtres-address No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "demomentsomtres-address No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "dynamic-post-grid-elementor-addon 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "downloader-tiktok 1.4 Server.Side.Request.Forgery.(SSRF).&.Local.File.Inclusion.(LFI) MEDIUM" "decalog 3.9.1 Authenticated.(Admin+).SQL.injection CRITICAL" "dashboard-to-do-list 1.3.0 Missing.Authorization.via.ardtdw_widgetsetup() MEDIUM" "dashboard-to-do-list 1.3.2 Cross-Site.Request.Forgery.via.ardtdw_widgetupdate() MEDIUM" "dollie 6.2.1 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "drawblog No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "dr-widgets-blocks 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dn-sitemap-control No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "directorypress 3.6.23 Cross-Site.Request.Forgery MEDIUM" "directorypress 3.6.20 Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "directorypress 3.6.17 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "directorypress 3.6.11 Contributor+.SQL.Injection HIGH" "directorypress 3.6.8 Reflected.Cross-Site.Scripting HIGH" "dropdown-menu-widget No.known.fix Subscriber+.Arbitrary.Settings.Update.to.Stored.XSS MEDIUM" "dynamically-register-sidebars No.known.fix Admin+.Stored.XSS LOW" "dr-affiliate No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "dynamic-featured-image No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.dfiFeatured.Parameter MEDIUM" "dezdy-mcommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "daisycon No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "daisycon 4.9.0 Contributor+.SQL.Injection MEDIUM" "dreamstime-stock-photos 4.2 Reflected.Cross-Site.Scripting MEDIUM" "display-medium-posts No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.display_medium_posts.Shortcode MEDIUM" "disqus-conditional-load 11.1.2 Admin+.Stored.Cross-Site.Scripting LOW" "docpro No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "debug 1.11 CSRF MEDIUM" "download-magnet 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "dovetail No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "demomentsomtres-grid-archive No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "demomentsomtres-grid-archive No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "delete-duplicate-posts 4.9 Missing.Authorization.via.AJAX.Actions MEDIUM" "delete-duplicate-posts 4.8.9 Reflected.Cross-Site.Scripting MEDIUM" "delete-duplicate-posts 4.7.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "delete-duplicate-posts 4.1.9.5 Subscriber+.Arbitrary.Option.Update CRITICAL" "digital-publications-by-supsystic 1.7.8 Missing.Authorization MEDIUM" "digital-publications-by-supsystic 1.7.8 Cross-Site.Request.Forgery MEDIUM" "digital-publications-by-supsystic 1.7.7 Cross-Site.Request.Forgery.via.AJAX.action MEDIUM" "digital-publications-by-supsystic 1.7.4 Admin+.Stored.Cross-Site.Scripting LOW" "digital-publications-by-supsystic 1.7.0 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "digital-publications-by-supsystic 1.6.12 Authenticated.Path.Traversal LOW" "date-time-picker-field 2.3 Reflected.Cross-Site.Scripting MEDIUM" "date-time-picker-field 2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "dx-share-selection 1.5 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "document No.known.fix Missing.Authorization MEDIUM" "drop-caps No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "dropbox-folder-share No.known.fix Unauthenticated.Server-Side.Request.Forgery.via.'link' HIGH" "dropbox-folder-share No.known.fix Unauthenticated.Remote.Code.Execution.via.LFI CRITICAL" "digital-marketing-agency-templates-for-elementor No.known.fix Cross-Site.Request.Forgery.to.Import MEDIUM" "disable-elementor-editor-translation 1.0.3 Missing.Authorization MEDIUM" "dvk-social-sharing 1.3.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "debug-log-manager 2.3.5 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "debug-log-manager 2.3.2 Missing.Authorization MEDIUM" "debug-log-manager 2.3.2 Missing.Authorization.via.toggle_debugging MEDIUM" "debug-log-manager 2.3.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "debug-log-manager 2.3.0 Sensitive.Logs.Exposure MEDIUM" "debug-log-manager 2.2.2 Debug.Log.Clearing.via.CSRF MEDIUM" "debug-log-manager 2.2.2 Subscriber+.Debug.Log.Clearing MEDIUM" "doctor-listing 1.3.6 Subscriber+.Privilege.Escalation CRITICAL" "delete-all-comments-of-website 4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "definitive-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dh-anti-adblocker 37 Anti.AdBlocker.<.37.-.Settings.Update.via.CSRF MEDIUM" "directorist 8.3 Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Publishing MEDIUM" "directorist 8.2 Privilege.Escalation.and.Account.Takeover HIGH" "directorist 8.1 Unauthenticated.User.Information.Exposure MEDIUM" "directorist 7.9.0 Missing.Authorization MEDIUM" "directorist 7.8.5 Missing.Authorization.to.Unauthenticated.Settings.Change MEDIUM" "directorist 7.5.5 Subscriber+.Arbitrary.User.Password.Reset.to.Privilege.Escalation HIGH" "directorist 7.5.5 Subscriber+.Insecure.Direct.Object.Reference.to.Arbitrary.Post.Deletion MEDIUM" "directorist 7.5.4 Admin+.LFI MEDIUM" "directorist 7.4.4 Subscriber+.Sensitive.Information.Disclosure MEDIUM" "directorist 7.4.2.2 Subscriber+.Arbitrary.User.Password.Update.via.IDOR HIGH" "directorist 7.3.1 Unauthenticated.Email.Address.Disclosure MEDIUM" "directorist 7.3.0 Subscriber+.Arbitrary.E-mail.Sending MEDIUM" "directorist 7.2.3 Business.Directory.Plugin.<.7.2.3.-.Admin+.Arbitrary.File.Upload MEDIUM" "directorist 7.0.6.2 CSRF.to.Remote.File.Upload CRITICAL" "dropdown-multisite-selector 0.9.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dropdown-multisite-selector 0.9.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "drivr-google-drive-file-picker No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "debug-tool No.known.fix Missing.Authorization MEDIUM" "debug-tool No.known.fix Unauthenticated.Arbitrary.File.Creation CRITICAL" "debug-tool No.known.fix Missing.Authorization.to.Information.Exposure MEDIUM" "dp-alterminator-missing-alt-manager No.known.fix Missing.ALT.manager.<=.1.0.2.-.Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "delete-post-revision No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "duplicate-pp 3.5.6 Authenticated.(Contributor+).Post.Disclosure.via.Post.Duplication MEDIUM" "duplica 0.7 Authenticated.(Subscriber+).Missing.Authorization.to.Users/Posts.Duplicates.Creation MEDIUM" "dropdown-content No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ditty-news-ticker 3.1.52 Author+.Stored.XSS LOW" "ditty-news-ticker 3.1.47 Author+.Stored.XSS MEDIUM" "ditty-news-ticker 3.1.46 Author+.Stored.XSS MEDIUM" "ditty-news-ticker 3.1.45 Author+.Stored.XSS MEDIUM" "ditty-news-ticker 3.1.43 Author+.Stored.XSS MEDIUM" "ditty-news-ticker 3.1.39 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "ditty-news-ticker 3.1.36 Author+.Stored.XSS MEDIUM" "ditty-news-ticker 3.1.32 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "ditty-news-ticker 3.1.25 Missing.Authorization.via.save_ditty_permissions_check MEDIUM" "ditty-news-ticker 3.1.25 Reflected.XSS HIGH" "ditty-news-ticker 3.0.33 Contributor+.Stored.XSS MEDIUM" "ditty-news-ticker 3.0.15 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "dn-popup No.known.fix Settings.Update.via.CSRF MEDIUM" "dynamic-widgets 1.6.5 Cross-Site.Request.Forgery MEDIUM" "dynamic-widgets 1.6 Reflected.Cross-Site.Scripting MEDIUM" "dynamic-widgets 1.5.11 Authenticated.Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "daves-wordpress-live-search No.known.fix Admin+.Stored.XSS LOW" "demomentsomtres-mailchimp-immediate-send 3.201704281627 Reflected.Cross-Site.Scripting MEDIUM" "default-thumbnail-plus No.known.fix Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "dp-intro-tours 6.5.3 Reflected.Cross-Site.Scripting MEDIUM" "depay-payments-for-woocommerce 2.12.18 Missing.Authorization.to.Information.Exposure MEDIUM" "dental-optimizer-patient-generator-app No.known.fix Reflected.XSS HIGH" "dextaz-ping No.known.fix Admin+.RCE MEDIUM" "domain-replace No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "df-draggable No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "dynamic-elementor-addons No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "device-wrapper 1.1.1 Reflected.Cross-Site.Scripting MEDIUM" "drop-in-image-slideshow-gallery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "demo-awesome No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Activation MEDIUM" "demo-awesome 1.0.3 Missing.Authorization MEDIUM" "demo-awesome 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "duogeek-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "display-metadata No.known.fix Contributor+.Stored.XSS MEDIUM" "downloadmanager 3.2.83 Unauthenticated.Password.Protected.File.Bypass MEDIUM" "devvn-image-hotspot 1.2.6 Authenticated.(Author+).PHP.Object.Injection HIGH" "donate-with-qrcode No.known.fix Plugin's.Setting.Update.via.CSRF MEDIUM" "donate-with-qrcode 1.4.5 Stored.Cross-Site.Scripting MEDIUM" "demon-image-annotation 4.8 Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "donate-visa No.known.fix Missing.Authorization MEDIUM" "display-post-metadata 1.5.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "datamentor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "download-manager 3.3.19 Authenticated.(Author+).Stored.Cross-site.Scripting.via.wpdm_user_dashboard.Shortcode MEDIUM" "download-manager 3.3.13 Author+.Arbitrary.File.Deletion HIGH" "download-manager 3.3.13 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "download-manager 3.3.09 Authenticated.(Author+).Path.Traversal.to.Limited.File.Overwrite MEDIUM" "download-manager 3.3.07 Unauthenticated.Data.Exposure MEDIUM" "download-manager 3.3.04 Missing.Authorization MEDIUM" "download-manager 3.3.04 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "download-manager 3.3.04 Unauthenticated.Download.of.Password-Protected.Files MEDIUM" "download-manager 3.3.03 Admin+.Stored.XSS LOW" "download-manager 3.3.00 Contributor+.Stored.XSS LOW" "download-manager 3.2.99 Admin+.Stored.XSS LOW" "download-manager 3.2.98 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "download-manager 3.2.90 Improper.Authorization.via.protectMediaLibrary HIGH" "download-manager 3.2.94 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Multiple.Shortcodes MEDIUM" "download-manager 3.2.87 Authenticated.(Subscriber+).Stored.Self-Based.Cross-Site.Scripting MEDIUM" "download-manager 3.2.94 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpdm_modal_login_form.Shortcode MEDIUM" "download-manager 3.2.91 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpdm-all-packages.Shortcode MEDIUM" "download-manager 3.2.85 Contributor+.Stored.XSS MEDIUM" "download-manager 3.2.85 Unauthenticated.File.Download MEDIUM" "download-manager 3.2.86 Contributor+.Stored.XSS MEDIUM" "download-manager 3.2.83 Unauthenticated.Protected.File.Download.Password.Leak MEDIUM" "download-manager 3.2.71 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "download-manager 3.2.71 Broken.Access.Controls MEDIUM" "download-manager 6.3.0 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "download-manager 3.2.62 Contributor+.Stored.XSS MEDIUM" "download-manager 3.2.60 Reflected.XSS HIGH" "download-manager 3.2.55 Admin+.Arbitrary.File/Folder.Access.via.Path.Traversal MEDIUM" "download-manager 3.2.50 Contributor+.PHAR.Deserialization HIGH" "download-manager 3.2.53 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "download-manager 3.2.51 Contributor+.Arbitrary.File.Deletion HIGH" "download-manager 3.2.49 Clear.Stats.&.Cache.via.CSRF MEDIUM" "download-manager 3.2.49 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "download-manager 3.2.49 Multiple.CSRF MEDIUM" "download-manager 3.2.50 Bypass.IP.Address.Blocking.Restriction MEDIUM" "download-manager 3.2.44 Reflected.Cross-Site.Scripting MEDIUM" "download-manager 3.2.44 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "download-manager 3.2.48 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "download-manager 3.2.43 Reflected.Cross-Site.Scripting MEDIUM" "download-manager 3.2.39 Unauthenticated.brute.force.of.files.master.key MEDIUM" "download-manager 3.2.35 Sensitive.Information.Disclosure HIGH" "download-manager 3.2.34 Authenticated.SQL.Injection.to.Reflected.XSS MEDIUM" "download-manager 3.2.22 Subscriber+.Stored.Cross-Site.Scripting HIGH" "download-manager 3.2.16 Admin+.Stored.Cross-Site.Scripting LOW" "download-manager 3.2.13 Email.Template.Setting.Update.via.CSRF MEDIUM" "download-manager 3.1.25 .Authenticated.Directory.Traversal MEDIUM" "download-manager 3.1.25 Authenticated.File.Upload MEDIUM" "download-manager 3.1.23 Unauthorised.Asset.Manager.Usage HIGH" "download-manager 3.1.19 Authenticated.(author+).PHP4.File.Upload.to.RCE CRITICAL" "download-manager 3.1.22 Plugin.Settings.Change.via.CSRF MEDIUM" "download-manager 3.1.18 Unauthorised.Download.Duplication MEDIUM" "download-manager 2.9.97 Various.Sanitisation.Issues MEDIUM" "download-manager 2.9.94 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "download-manager 2.9.61 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "download-manager 2.9.50 Cross-Site.Scripting.(XSS) MEDIUM" "download-manager 2.9.51 Open.Redirect HIGH" "docxpresso No.known.fix Authenticated.(Contributor+).Arbitrary.File.Download MEDIUM" "digital-climate-strike-wp No.known.fix Redirect.to.Malicious.Website.due.to.Compromised.JS.Asset HIGH" "delete-me 3.1 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "domain-mapping-system 1.9.3 Reflected.Cross-Site.Scripting MEDIUM" "domain-mapping-system 1.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "database-sync No.known.fix Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "down-as-pdf No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "demomentsomtres-mailchimp-subscribe 3.201706150908 Reflected.Cross-Site.Scripting MEDIUM" "dx-delete-attached-media 2.0.6 Settings.Update.via.CSRF MEDIUM" "distancr 1.1.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "duplicate-page 4.4.3 Admin+.Stored.Cross-Site.Scripting LOW" "duplicate-page 3.4 Authenticated.SQL.Injection HIGH" "dupeoff No.known.fix Admin+.Stored.XSS LOW" "debounce-io-email-validator No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "debounce-io-email-validator 5.71 Unauthenticated.Local.File.Inclusion CRITICAL" "debounce-io-email-validator No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "debounce-io-email-validator 5.6.6 Reflected.Cross-Site.Scripting MEDIUM" "debug-assistant 1.5 Administrator.Account.Creation.via.CSRF HIGH" "debug-assistant 1.5 Admin+.Stored.XSS LOW" "doofinder-for-woocommerce 2.1.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "doofinder-for-woocommerce 2.1.1 Missing.Authorization.via.multiple.AJAX.actions MEDIUM" "doofinder-for-woocommerce 2.1.8 Reflected.Cross-Site.Scripting HIGH" "demomentsomtres-media-tools-auto No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "demomentsomtres-media-tools-auto No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "duplicate-title-checker No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "domain-sharding No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "devices No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "devices No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "devices No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "drag-and-drop-custom-sidebar No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "display-widgets 2.7 Backdoored MEDIUM" "drag-and-drop-form-builder-for-contact-form-7 1.2.6 Reflected.Cross-Site.Scripting MEDIUM" "drag-and-drop-form-builder-for-contact-form-7 1.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "dn-shipping-by-weight 1.2.1 Reflected.Cross-Site.Scripting MEDIUM" "dn-shipping-by-weight 1.2 Settings.Update.via.CSRF MEDIUM" "drop-shadow-boxes 1.7.15 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "drop-shadow-boxes 1.7.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "drop-shadow-boxes 1.7.12 Reflected.Cross-Site.Scripting MEDIUM" "drop-shadow-boxes 1.7.11 Contributor+.Cross-Site.Scripting MEDIUM" "drop-shadow-boxes 1.7.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "drop-shadow-boxes 1.7.2 Subscriber+.Arbitrary.Option.Update CRITICAL" "debug-log-config-tool 1.5 Unauthenticated.Information.Exposure.via.Logs MEDIUM" "dse-divi-section-enhancer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "dorzki-notifications-to-slack No.known.fix Missing.Authorization MEDIUM" "delete-comments-by-status No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "database-for-cf7 1.2.5 Subscriber+.CF7.DB.Entries.Deletion MEDIUM" "demo-importer-plus 2.0.2 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "download-now-for-woocommerce 3.5.8.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "duplicate-title-validate 1.4 Subscriber+.SQL.Injection HIGH" "dk-pdf 1.9.7 Reflected.Cross-Site.Scripting MEDIUM" "dazzlersoft-teams No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "d-bargain 4.0.0 Admin+.Stored.XSS LOW" "drag-and-drop-multiple-file-upload-for-woocommerce 1.1.7 Unauthenticated.Arbitrary.File.Upload.via.upload.Function CRITICAL" "drag-and-drop-multiple-file-upload-for-woocommerce 1.1.5 Unauthenticated.Arbitrary.File.Move CRITICAL" "drag-and-drop-multiple-file-upload-for-woocommerce 1.1.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "disable-update-notifications 2.4.2 Settings.Update.via.CSRF MEDIUM" "dashylite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dashylite No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "database-cleaner 1.0.6 Authenticated.(Admin+).Arbitrary.File.Read MEDIUM" "database-cleaner 0.9.9 Sensitive.Information.Exposure.via.Log.File MEDIUM" "disc-golf-manager No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "download-theme 1.1.0 Cross-Site.Request.Forgery MEDIUM" "debranding No.known.fix Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "debranding No.known.fix Privilege.Escalation HIGH" "dsgvo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "donations-for-woocommerce 1.1.10 Cross-Site.Request.Forgery MEDIUM" "document-data-automation 1.6.2 Cross-Site.Request.Forgery MEDIUM" "dsgnwrks-twitter-importer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "debrandify 1.1.3 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "document-emberdder 1.7.9 Subscriber+.Arbitrary.Private/Draft.Post.Title.Disclosure MEDIUM" "document-emberdder 1.7.5 Unauthenticated.Arbitrary.Private/Draft.Post.Title.Disclosure MEDIUM" "droip No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "droip No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Settings.Change MEDIUM" "ds-site-message 1.14.5 Stored.XSS.via.CSRF HIGH" "duitku-social-payment-gateway 2.11.7 Missing.Authorization.via.check_duitku_response MEDIUM" "directory-pro 1.9.5 Subscriber+.Privilege.Escalation CRITICAL" "digital-lottery No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "ds-cf7-math-captcha 3.0.1 Reflected.XSS HIGH" "download-plugin 2.2.1 Missing.Authorization.to.Authenticated.(Subscriber+).User.Metadata.and.Comment.Download MEDIUM" "download-plugin 2.0.5 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "download-plugin 2.0.0 Subscriber+.Website.Download HIGH" "download-plugin 1.6.1 Subscriber+.Arbitrary.Plugin.Activation MEDIUM" "daggerhart-openid-connect-generic 3.8.2 Reflected.Cross.Site.Scripting.(XSS).via.Login.Error MEDIUM" "delete-custom-fields No.known.fix Cross-Site.Request.Forgery.to.Post.Meta.Deletion MEDIUM" "debug-info No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "delete-all-comments-easily No.known.fix All.Comments.Deletion.via.CSRF MEDIUM" "dofollow-case-by-case No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "dofollow-case-by-case No.known.fix Cross-Site.Request.Forgery MEDIUM" "dofollow-case-by-case 3.5.0 Email&URLs.Adding.to.Allowlist.via.CSRF MEDIUM" "draw-attention 2.0.16 Improper.Access.Control.via.register_cpt MEDIUM" "draw-attention 2.0.12 Subscriber+.Unauthorized.Featured.Image.Modification MEDIUM" "dsdownloadlist No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "duplicator 1.5.10 Full.Path.Disclosure MEDIUM" "duplicator 1.5.7.1 Settings.Removal.via.CSRF MEDIUM" "duplicator 1.3.0 Unauthenticated.RCE CRITICAL" "duplicator 1.5.7.1 Unauthenticated.Sensitive.Data.Exposure HIGH" "duplicator 1.4.7 Unauthenticated.Backup.Download HIGH" "duplicator 1.4.7.1 Unauthenticated.System.Information.Disclosure MEDIUM" "duplicator 1.3.28 Unauthenticated.Arbitrary.File.Download HIGH" "duplicator 1.2.42 Unauthenticated.Arbitrary.Code.Execution MEDIUM" "duplicator 1.2.33 Cross-Site.Scripting.(XSS) MEDIUM" "duplicator 1.2.29 Duplicator.<=.1,2,28.–.Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "discount-and-dynamic-pricing 2.3.0 Cross-Site.Request.Forgery MEDIUM" "domain-check 1.0.17 Reflected.Cross-Site.Scripting MEDIUM" "doneren-met-mollie 2.10.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "doneren-met-mollie 2.10.3 Unauthenticated.Reflected.Cross-Site.Scripting.via.search MEDIUM" "doneren-met-mollie 2.8.5 Unauthorised.CSV.Export.leading.to.Sensitive.Data.Disclosure MEDIUM" "demo-my-wordpress 1.1.0 Unauthenticated.Privilege.Escalation CRITICAL" "drozd-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dsgvo-all-in-one-for-wp 4.7 Cross-Site.Request.Forgery.to.Account.Deletion MEDIUM" "dsgvo-all-in-one-for-wp 4.6 Contributor+.Stored.XSS MEDIUM" "dsgvo-all-in-one-for-wp 4.4 Cross-Site.Request.Forgery MEDIUM" "dsgvo-all-in-one-for-wp 4.2 Admin+.Stored.Cross-Site.Scripting LOW" "dsgvo-all-in-one-for-wp 4.0 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "dancepress-trwa No.known.fix Cross-Site.Request.Forgery MEDIUM" "dancepress-trwa 3.1.1 Reflected.Cross-Site.Scripting MEDIUM" "dancepress-trwa 2.4.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "donorbox-donation-form 7.1.7 Admin+.Stored.Cross-Site.Scripting LOW" "disabler 4.0.0 CSRF MEDIUM" "display-future-posts No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "debug-functions-time 1.41 Reflected.Cross-Site.Scripting MEDIUM" "database-audit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dp-addthis No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "devbuddy-twitter-feed No.known.fix Admin+.Stored.XSS LOW" "daily-proverb No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "debug-bar-extender No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dnui-delete-not-used-image-wordpress No.known.fix Deletion.of.images.through.CSRF MEDIUM" "disable-dashboard-for-woocommerce 3.2.9 Reflected.Cross-Site.Scripting MEDIUM" "dsgvo-youtube 1.5.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dsgvo-youtube 1.4.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "disqus-popular-posts No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "device-theme-switcher No.known.fix Cross-Site.Request.Forgery MEDIUM" "dzs-zoomsounds No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dzs-zoomsounds No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "dzs-zoomsounds No.known.fix WordPress.Wave.Audio.Player.with.Playlist.<=.6.91.-.Unauthenticated.Arbitrary.File.Download HIGH" "dzs-zoomsounds No.known.fix WordPress.Wave.Audio.Player.with.Playlist.<=.6.91.-.Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Options.Update.and.Settings.Manipulation HIGH" "dzs-zoomsounds No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "dzs-zoomsounds No.known.fix WordPress.Wave.Audio.Player.with.Playlist.<=.6.91.-.Unauthenticated.PHP.Object.Injection HIGH" "dzs-zoomsounds 6.50 Unauthenticated.Arbitrary.File.Download HIGH" "dzs-zoomsounds 6.05 Unauthenticated.Arbitrary.File.Upload CRITICAL" "dzs-zoomsounds 3.0 Remote.File.Upload CRITICAL" "docollipics-faustball-de 2.1.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "delicious-recipes 1.7.0 Improper.Path.Validation.to.Authenticated.(Subscriber+).Arbitrary.File.Move.and.Read HIGH" "delicious-recipes 1.6.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "delicious-recipes 1.5.3 Reflected.Cross-Site.Scripting MEDIUM" "delicious-recipes 1.3.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "drag-and-drop-file-upload-for-elementor-forms 1.5.0 Unauthenticated.Arbitrary.File.Deletion MEDIUM" "demomentsomtres-wp-export No.known.fix Subscriber+.unauthorized.data.export MEDIUM" "demomentsomtres-wp-export 20200610 Reflected.Cross-Site.Scripting MEDIUM" "deal-of-the-day No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "dhvc-form 2.4.8 Unauthenticated.Privilege.Escalation CRITICAL" "dark-mode-for-wp-dashboard 1.2.4 Cross-Site.Request.Forgery MEDIUM" "delivery-and-pickup-scheduling-for-woocommerce 1.0.12 Reflected.Cross-Site.Scripting MEDIUM" "donate-button 2.1.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "documentpress-display-any-document-on-your-site No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "distance-based-shipping-calculator 2.0.23 Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "distance-based-shipping-calculator 2.0.23 Missing.Authorization MEDIUM" "distance-based-shipping-calculator 2.0.22 Reflected.Cross-Site.Scripting MEDIUM" "distance-based-shipping-calculator 2.0.24 Subscriber+.SQL.Injection HIGH" "duracelltomi-google-tag-manager 1.15.2 Admin+.Stored.Cross-Site.Scripting LOW" "duracelltomi-google-tag-manager 1.15.1 Reflected.Cross-Site.Scripting MEDIUM" "donation-button No.known.fix Contributor+.Stored.XSS MEDIUM" "donation-button No.known.fix Subscriber+.Broken.Access.Control.leading.to.SMS.Spam MEDIUM" "delhivery-logistics-courier No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "demomentsomtres-categories No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "demomentsomtres-categories No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "demomentsomtres-categories No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "delucks-seo No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "delucks-seo No.known.fix Subscriber+.Arbitrary.File.Read MEDIUM" "delucks-seo 2.5.5 Missing.Authorization MEDIUM" "download-info-page No.known.fix Admin+.Stored.XSS LOW" "disable-admin-notices No.known.fix Cross-Site.Request.Forgery MEDIUM" "directorypress-frontend 2.8.0 Cross-Site.Request.Forgery.to.Listing.Status.Update MEDIUM" "doofinder No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dashboard-widgets-suite 3.4.4 Reflected.Cross-Site.Scripting MEDIUM" "dashboard-widgets-suite 3.4.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "dashboard-widgets-suite 3.2.2 Admin+.Stored.XSS LOW" "directories 1.3.46 Authenticated.Self-Reflected.Cross-Site.Scripting LOW" "directories 1.3.46 Authenticated.Reflected.Cross-Site.Scripting CRITICAL" "dj-email-publish No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "documentor-lite No.known.fix Unauthenticated.SQLi HIGH" "dashing-memberships No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dd-rating No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "display-template-name No.known.fix Cross-Site.Request.Forgery MEDIUM" "duplicate-post-and-page No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "duplicate-post-and-page No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "disable-right-click-for-wp No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "donate-me No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "donate-me No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "dynamic-product-categories-design 1.1.4 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "dominion-domain-checker-wpbakery-addon No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "delete-original-image No.known.fix Cross-Site.Request.Forgery MEDIUM" "dobsondev-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "daext-autolinks-manager 1.10.05 CSRF MEDIUM" "delivery-woo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "delivery-woo No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "delete-old-posts-programmatically 3.4.3 Reflected.Cross-Site.Scripting MEDIUM" "delete-old-posts-programmatically 2.1.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "doctor-appointment-booking No.known.fix Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "doctor-appointment-booking No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "dzs-enable-debug No.known.fix Cross-Site.Request.Forgery MEDIUM" "dragon-calendar-free-version No.known.fix Cross-Site.Request.Forgery MEDIUM" "dot-htmlphpxml-etc-pages No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "demomentsomtres-classify-on-publish No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "demomentsomtres-classify-on-publish No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "demomentsomtres-classify-on-publish No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "dx-auto-save-images No.known.fix CSRF MEDIUM" "database-toolset No.known.fix Unauthenticated.Sensitive.Information.Exposure.via.Backup.Files MEDIUM" "database-toolset No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "database-toolset No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "dw-question-answer-pro 1.3.7 Arbitrary.Comment.Edition.via.IDOR MEDIUM" "dw-question-answer-pro 1.3.7 Multiple.CSRF MEDIUM" "dpepress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dima-take-action No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "display-remote-posts-block 1.1.1 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "dh-local-seo No.known.fix Unauthenticated.SQL.Injection HIGH" "download-media No.known.fix Missing.Authorization.via.generate_link_for_media MEDIUM" "droit-elementor-addons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "droit-elementor-addons No.known.fix Cross-Site.Request.Forgery MEDIUM" "dans-gcal 1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "dop-shortcodes No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "empik-for-woocommerce 1.4.5 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "external-media 1.0.36 Admin+.Stored.XSS LOW" "external-media 1.0.34 Authenticated.Arbitrary.File.Upload CRITICAL" "eg-attachments No.known.fix Reflected.XSS HIGH" "embed-power-bi-reports 1.1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-call-now-button No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-call-now-button No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ect-homepage-products No.known.fix Reflected.XSS HIGH" "external-media-upload 0.5 Reflected.Cross-Site.Scripting MEDIUM" "email-shortcode No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-image-collage 1.13.6 Missing.Authorization.to.Authenticated.(Contributor+).Data.Clearance MEDIUM" "expert-invoice No.known.fix Expert.Invoice.<=.1,0,2.-Admin+.Stored.XSS LOW" "exchange-addon-easy-ue-vat-taxes 1.2.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "estatebud-properties-listings No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "estatebud-properties-listings No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ethereum-wallet 4.10.6 Reflected.Cross-Site.Scripting MEDIUM" "ethereum-wallet 4.0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-google-map No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "email-subscribe 1.2.24 Authenticated.(Administrator+).SQL.Injection MEDIUM" "email-subscribe 1.2.23 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.print_email_subscribe_form.Shortcode MEDIUM" "email-subscribe 1.2.21 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "email-subscribe 1.2.20 Reflected.XSS HIGH" "email-subscribe 1.2.19 .Reflected.Cross-Site.Scripting MEDIUM" "email-subscribe 1.2.17 Reflected.XSS HIGH" "easy-code-placement No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-smooth-scroll-links No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-smooth-scroll-links 2.23.1 Admin+.Stored.Cross-Site.Scripting LOW" "easy-smooth-scroll-links 2.23.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "event-calendar-wd 1.1.51 Subscriber+.Event.Creation MEDIUM" "event-calendar-wd 1.1.51 Reflected.Cross-Site.Scripting HIGH" "event-calendar-wd 1.1.46 Cross-Site.Scripting.(XSS) MEDIUM" "event-calendar-wd 1.1.45 Cross-Site.Scripting.(XSS) MEDIUM" "event-calendar-wd 1.1.22 Cross-Site.Scripting.(XSS) MEDIUM" "event-calendar-wd 1.0.94 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "easy-youtube-gallery 1.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "event-espresso-core-reg 4.10.7.p Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "easy-property-listings 3.5.4 Arbitrary.Contact.Deletion.via.CSRF MEDIUM" "easy-property-listings 3.5.4 Missing.Authorization.via.epl_update_listing_coordinates() MEDIUM" "easy-property-listings 3.5.3 Authenticated(Contributor+).SQL.Injection.via.Shortcode HIGH" "easy-property-listings 3.5.4 Admin+.Stored.XSS LOW" "easy-property-listings 3.4 Cross-Site.Request.Forgery.(CSRF) HIGH" "easy-property-listings 3.4 Cross-Site.Scripting.(XSS) MEDIUM" "easy-query No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "ect-product-carousel No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "email-posts-to-subscribers No.known.fix Admin+.Stored.XSS LOW" "email-posts-to-subscribers No.known.fix Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "email-posts-to-subscribers No.known.fix Unauthenticated.SQLi HIGH" "elegant-themes-icons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "editorial-calendar 3.8.3 Contributor+.Stored.XSS MEDIUM" "easy-redirect-manager No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "easypromos 1.3.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "easy-accordion-block 1.2.5 Missing.Authorization MEDIUM" "easy-sticky-sidebar 1.5.9 Unauthenticated.AJAX.Actions.Call MEDIUM" "easy-replace No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "exit-popup-show No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "easy-paypal-donation 1.5 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "easy-paypal-donation 1.4.5 Reflected.Cross-Site.Scripting MEDIUM" "easy-paypal-donation 1.3.4 Arbitrary.Post.Deletion.via.CSRF HIGH" "easy-paypal-donation 1.3.2 Admin+.Stored.Cross-Site.Scripting LOW" "easy-paypal-donation 1.3.1 Reflected.Cross-Site.Scripting.via.page.Parameter HIGH" "easy-paypal-donation 1.3.1 CSRF.to.Arbitrary.Post.Deletion MEDIUM" "easy-paypal-donation 1.3.1 CSRF.to.Stored.Cross-Site.Scripting HIGH" "exquisite-paypal-donation No.known.fix Admin+.Stored.XSS LOW" "etemplates No.known.fix Unauthenticated.SQL.Injection CRITICAL" "empty-cart-button-for-woocommerce No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "enhanced-text-widget 1.6.6 Admin+.Stored.XSS LOW" "enhanced-text-widget 1.5.8 Subscriber+.Plugin.Installation MEDIUM" "enhanced-text-widget 1.5.8 Plugin.Installation.via.CSRF MEDIUM" "evergreen-content-poster 1.4.5 Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "evergreen-content-poster 1.4.3 Missing.Authorization MEDIUM" "evergreen-content-poster 1.4.2 Reflected.Cross-Site.Scripting MEDIUM" "evergreen-content-poster 1.4.1 Admin+.Stored.XSS LOW" "edit-comments No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "edit-comments No.known.fix Unauthenticated.SQL.Injection HIGH" "examapp No.known.fix Authenticated.SQL.Injection./.Cross-Site.Scripting HIGH" "ep4-more-embeds No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "easy-caller-with-moceanapi No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "et-core-plugin No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "et-core-plugin No.known.fix Authenticated.(Subscriber+).Limited.Arbitrary.File.Download MEDIUM" "et-core-plugin No.known.fix Unauthenticated.SQL.Injection CRITICAL" "et-core-plugin No.known.fix Missing.Authorization MEDIUM" "et-core-plugin No.known.fix Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "et-core-plugin No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "et-core-plugin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "et-core-plugin No.known.fix Authenticated.(Subscriber+).Limited.Arbitrary.File.Upload CRITICAL" "easy-age-verify 1.8.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "easy-age-verify 1.8.2 Reflected.Cross-Site.Scripting MEDIUM" "easy-age-verify 1.6.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-textillate No.known.fix Authenticated(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-textillate 2.02 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "eshop No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "eshop No.known.fix Authenticated.Blind.SQL.Injection HIGH" "eshop No.known.fix Reflected.Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "eshop 6.3.12 Remote.Code.Execution MEDIUM" "easy-hide-login 1.0.8 Admin+.Stored.XSS LOW" "easy-hide-login 1.0.9 Arbitrary.settings.update.via.CSRF MEDIUM" "edd-cashapp No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "export-users-to-csv No.known.fix CSV.Injection HIGH" "easyazon No.known.fix Reflected.Cross-Site.Scripting.via.easyazon-cloaking-locale MEDIUM" "easyazon 5.1.1 Missing.Authorization.on.AJAX.actions MEDIUM" "ethpress 2.1.1 Reflected.Cross-Site.Scripting MEDIUM" "ethpress 1.5.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "enl-newsletter No.known.fix Stored.XSS.via.CSRF HIGH" "enl-newsletter No.known.fix Admin+.SQL.Injection MEDIUM" "enl-newsletter No.known.fix Campaign.Deletion.via.CSRF MEDIUM" "event-tickets 5.20.1 Reflected.Cross-Site.Scripting MEDIUM" "event-tickets 5.19.1.2 Missing.Authorization.to.Ticket.Deletion MEDIUM" "event-tickets 5.18.1.1 Insecure.Direct.Object.Reference.to.Sensitive.Information.Exposure MEDIUM" "event-tickets 5.11.0.5 Cross-Site.Request.Forgery MEDIUM" "event-tickets 5.8.3 Improper.Authorization.to.Information.Disclosure MEDIUM" "event-tickets 5.8.2 Missing.Authorization MEDIUM" "event-tickets 5.8.1 Contributor+.Arbitrary.Events.Access LOW" "event-tickets 5.6.0 Reflected.Cross-Site.Scripting MEDIUM" "event-tickets 5.3.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "event-tickets 5.2.2 Open.Redirect MEDIUM" "event-tickets 4.10.7.2 CSV.Injection HIGH" "easy-social-sharebar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "enhanced-plugin-admin 1.17 CSRF MEDIUM" "eps-301-redirects 2.51 Easy.Redirect.Manager.<.2.51.-.Authenticated.SQL.Injection CRITICAL" "eps-301-redirects 2.45 Easy.Redirect.Manager.<.2.45.-.Authenticated.Arbitrary.Redirect.Injection.and.Modification,.XSS,.and.CSRF CRITICAL" "esv-bible-shortcode-for-wordpress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "everest-review-lite No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "easy-table 1.7 Admin+.Stored.Cross-Site.Scripting LOW" "easy-table 1.5.3 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "exchange-addon-table-rate-shipping 1.1.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "enable-svg-uploads No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "enhanced-tooltipglossary 4.3.12 Reflected.XSS HIGH" "enhanced-tooltipglossary 4.3.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "enhanced-tooltipglossary 4.3.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "enhanced-tooltipglossary 4.3.4 Admin+.Stored.XSS LOW" "enhanced-tooltipglossary 4.3.0 Settings.Update.via.CSRF MEDIUM" "enhanced-tooltipglossary 3.9.21 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "enhanced-tooltipglossary 3.3.5 XSS MEDIUM" "embed-rss No.known.fix Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "ecommerce-product-catalog 3.3.44 Cross-Site.Request.Forgery.to.Password.Reset HIGH" "ecommerce-product-catalog 3.3.33 Reflected.Cross-Site.Scripting MEDIUM" "ecommerce-product-catalog 3.3.29 Cross-Site.Request.Forgery MEDIUM" "ecommerce-product-catalog 3.3.27 Sensitive.Information.Exposure.via.CSV.Files MEDIUM" "ecommerce-product-catalog 3.3.27 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "ecommerce-product-catalog 3.3.26 Products.Deletion.via.CSRF MEDIUM" "ecommerce-product-catalog 3.3.9 Admin+.Stored.XSS LOW" "ecommerce-product-catalog 3.3.5 Admin+.Stored.XSS LOW" "ecommerce-product-catalog 3.0.72 Reflected.XSS MEDIUM" "ecommerce-product-catalog 3.0.72 Reflected.XSS.via.AJAX MEDIUM" "ecommerce-product-catalog 3.0.71 Reflected.XSS MEDIUM" "ecommerce-product-catalog 3.0.39 Reflected.Cross-Site.Scripting HIGH" "ecommerce-product-catalog 3.0.18 Cross-Site.Request.Forgery MEDIUM" "ecommerce-product-catalog 3.0.18 CSRF.Nonce.Bypass MEDIUM" "ecommerce-product-catalog 2.9.44 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "easy-waveform-player 1.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "eduadmin-booking 5.3.0 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "easy-wp-cleaner 2.0 Data.Deletion.via.CSRF MEDIUM" "embed-google-photos-album-easily 2.2.1 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "everest-backup 2.3.4 Cross-Site.Request.Forgery MEDIUM" "everest-backup 2.2.14 Unauthenticated.Backup.Download HIGH" "everest-backup 2.2.5 Admin+.Arbitrary.File.Upload MEDIUM" "everest-backup 2.2.0 Sensitive.Information.Exposure.via.Log.File HIGH" "easy-replace-image 3.5.1 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "easy-shortcode-buttons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "everest-counter-lite 2.0.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "easy-settings-for-learndash No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-settings-for-learndash No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-filtering No.known.fix Reflected.Cross-Site.Scripting HIGH" "email-template-customizer-for-woo 1.2.9.2 Shop.manager+.Stored.XSS LOW" "edunext-openedx-integrator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "explore-pages No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "email-suscripcion No.known.fix Unauthenticated.SQL.Injection HIGH" "enable-shortcodes-inside-widgetscomments-and-experts No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "email-header-footer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "email-header-footer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "essay-wizard-wpcres No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "edubin No.known.fix Unauthenticated.Server-Side.Request.Forgery HIGH" "extender-all-in-one-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "email-queue 1.1.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "easy-code-snippets No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "easy-code-snippets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-code-snippets 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-code-snippets 1.0.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "editionguard-for-woocommerce-ebook-sales-with-drm No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "editionguard-for-woocommerce-ebook-sales-with-drm No.known.fix Cross-Site.Request.Forgery.to.Privilege.Escalation MEDIUM" "easy-gallery-slideshow No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "elex-helpdesk-customer-support-ticket-system No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "elex-helpdesk-customer-support-ticket-system 3.2.7 Missing.Authorization.to.Authenticated.(Subscriber+).Privilege.Escalation HIGH" "easy-testimonials No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "easy-testimonials 3.9.3 Contributor+.Stored.XSS MEDIUM" "easy-testimonials 3.9 Reflected.Cross-Site.Scripting MEDIUM" "easy-testimonials 3.7 Cross-Site.Request.Forgery MEDIUM" "easy-testimonials 3.7 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "easy-testimonials 3.6 Authenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "easy-testimonials 1.37 Authenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "embed-google-fonts No.known.fix Missing.Authorization MEDIUM" "elementor 3.25.11 Contributor+.Stored.XSS MEDIUM" "elementor 3.27.5 Contributor+.Stored.XSS MEDIUM" "elementor 3.25.10 Contributor+.Stored.XSS.via.Typography.Settings MEDIUM" "elementor 3.25.8 Contributor+.Stored.XSS MEDIUM" "elementor 3.24.6 Contributor+.Information.Exposure.via.get_image_alt LOW" "elementor 3.24.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.in.the.URL.Parameter.in.Multiple.Widgets MEDIUM" "elementor 3.22.2 Contributor+.Arbitrary.SVG.Download MEDIUM" "elementor 3.21.6 Contributor+.DOM.Stored.XSS MEDIUM" "elementor 3.20.3 Contributor+.DOM.Stored.XSS MEDIUM" "elementor 3.19.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.get_image_alt MEDIUM" "elementor 3.19.1 Authenticated(Contributor+).Arbitrary.File.Deletion.and.PHAR.Deserialization HIGH" "elementor 3.18.2 Contributor+.Arbitrary.File.Upload.to.RCE.via.Template.Import HIGH" "elementor 3.16.5 Missing.Authorization.to.Arbitrary.Attachment.Read MEDIUM" "elementor 3.16.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.get_inline_svg() MEDIUM" "elementor 3.5.5 Iframe.Injection MEDIUM" "elementor 3.13.2 Missing.Authorization MEDIUM" "elementor 3.12.2 Admin+.SQLi MEDIUM" "elementor 3.5.6 DOM.Reflected.Cross-Site.Scripting MEDIUM" "elementor 3.6.3 Subscriber+.Arbitrary.File.Upload CRITICAL" "elementor 3.4.8 DOM.Cross-Site-Scripting MEDIUM" "elementor 3.1.4 Authenticated.Stored.Cross-Site.Scripting.(XSS).in.Column.Element MEDIUM" "elementor 3.1.4 Authenticated.Stored.Cross-Site.Scripting.(XSS).in.Divider.Widget MEDIUM" "elementor 3.1.4 Authenticated.Stored.Cross-Site.Scripting.(XSS).in.Icon.Box.Widget MEDIUM" "elementor 3.1.4 Authenticated.Stored.Cross-Site.Scripting.(XSS).in.Heading.Widget MEDIUM" "elementor 3.1.4 Authenticated.Stored.Cross-Site.Scripting.(XSS).in.Accordion.Widget MEDIUM" "elementor 3.1.4 Authenticated.Stored.Cross-Site.Scripting.(XSS).in.Image.Box.Widget MEDIUM" "elementor 3.0.14 SVG.Upload.Allowed.by.Default MEDIUM" "elementor 2.9.14 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "elementor 2.9.10 Authenticated.Stored.XSS HIGH" "elementor 2.9.8 SVG.Sanitizer.Bypass.leading.to.Authenticated.Stored.XSS MEDIUM" "elementor 2.9.6 Authenticated.Safe.Mode.Privilege.Escalation MEDIUM" "elementor 2.8.5 Authenticated.Reflected.XSS MEDIUM" "elementor 2.7.7 Authenticated.Stored.XSS MEDIUM" "elementor 2.8.4 Cross-Site.Scripting.(XSS) MEDIUM" "elementor 2.7.5 Authenticated.Arbitrary.File.Upload CRITICAL" "elementor 1.8.0 Authenticated.Unrestricted.Editing HIGH" "event-monster 1.4.4 Information.Exposure.Via.Visitors.List.Export MEDIUM" "event-monster 1.4.4 Unauthenticated.Information.Exposure MEDIUM" "event-monster 1.4.0 Contributor+.PHP.Object.Injection.via.Custom.Meta MEDIUM" "event-monster No.known.fix Admin+.Stored.XSS LOW" "event-monster 1.2.0 Visitors.Deletion.via.CSRF MEDIUM" "event-monster 1.2.1 Admin+.SQLi MEDIUM" "everest-gallery-lite 1.0.9 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "ezpz-one-click-backup No.known.fix Cross-Site.Scripting.(XSS) CRITICAL" "export-import-menus 1.9.2 Missing.Authorization.to.Unauthenticated.Menu.Export MEDIUM" "export-import-menus 1.9.0 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "embed-any-document 2.7.6 Authenticated.(Contributor+).Blind.Server-Side.Request.Forgery.via.embeddoc.Shortcode MEDIUM" "embed-any-document 2.7.2 Author+.Stored.XSS LOW" "easy-wp-optimizer No.known.fix Missing.Authorization MEDIUM" "export-woocommerce 2.1.0 Reflected.Cross-Site.Scripting MEDIUM" "export-woocommerce 2.0.12 Reflected.Cross-Site.Scripting MEDIUM" "export-woocommerce 2.0.9 Missing.Authorization MEDIUM" "export-woocommerce 2.0.11 Reflected.XSS HIGH" "easy-pricing-tables 3.2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.fontFamily.Attribute MEDIUM" "easy-pricing-tables 3.2.6 Reflected.Cross-Site.Scripting MEDIUM" "easy-pricing-tables 3.2.3 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "easy-pricing-tables 3.2.1 Reflected.Cross-Site-Scripting MEDIUM" "easy-pricing-tables 3.1.3 Author+.Stored.Cross-Site.Scripting MEDIUM" "easy-pricing-tables 3.1.3 Arbitrary.Post.Removal.via.CSRF MEDIUM" "etruel-del-post-copies 6.0 Missing.Authorization MEDIUM" "easy-popup-lightbox-maker No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "exam-matrix No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "eonet-manual-user-approve No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "encyclopedia-lexicon-glossary-wiki-dictionary 1.7.61 Reflected.Cross-Site.Scripting MEDIUM" "email-customizer-for-woocommerce 2.6.1 Information.Exposure MEDIUM" "eventer No.known.fix Unauthenticated.SQL.Injection HIGH" "eventer No.known.fix Missing.Authorization MEDIUM" "eventer 3.9.9.3 Subscriber+.SQLi HIGH" "eventer 3.9.9 Reflected.Cross-Site.Scripting MEDIUM" "eventer 3.9.9.5.1 Missing.Authorization.to.Unauthenticated.Event.Ticket.Download MEDIUM" "eventer 3.9.9.1 Missing.Authorization.to.Authenticated.(Subscriber+).Bookings.Export MEDIUM" "eventer 3.9.9.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "eventer 3.9.9 Unauthenticated.SQL.Injection.via.eventer_get_attendees HIGH" "eventer 3.9.8 Authenticated.(Subscriber+).Arbitrary.File.Read MEDIUM" "essential-grid 3.1.2 Unauthenticated.Private.Post.Disclosure MEDIUM" "essential-grid 3.0.19 Missing.Authorization HIGH" "essential-grid 3.1.1 Reflected.XSS HIGH" "esb-testimonials No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "enqueue-anything No.known.fix Subscriber+.Arbitrary.Asset/Post.Deletion MEDIUM" "essential-widgets 1.9 Unauthorised.Plugin's.Setting.Change MEDIUM" "easy-post-to-post-links No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "extensions-for-cf7 3.2.1 Authenticated.(Admin+).Sever-Side.Request.Forgery LOW" "extensions-for-cf7 3.0.7 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "extensions-for-cf7 2.0.9 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "elex-bulk-edit-products-prices-attributes-for-woocommerce-basic 1.5.0 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "elex-bulk-edit-products-prices-attributes-for-woocommerce-basic 1.5.0 Shop.manager+.SQL.Injection MEDIUM" "easy-amazon-product-information No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "estatik No.known.fix Contributor+.Local.File.Inclusion HIGH" "estatik 4.1.1 Unauthenticated.PHP.Object.Injection HIGH" "estatik 4.1.1 Subscriber+.Arbitrary.Option.Update HIGH" "estatik 4.1.1 Reflected.XSS HIGH" "estatik 2.3.1 Arbitrary.File.Upload HIGH" "elementskit 3.7.9 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.url.Parameter MEDIUM" "elementskit 3.6.7 Authenticated.(Contributor+).Sensitive.Information.Exposure MEDIUM" "elementskit 3.6.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementskit 3.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Motion.Text.and.Table.Widgets MEDIUM" "elementskit 3.6.3 Authenticated.(Contributor+).Server-Side.Request.Forgery HIGH" "elementskit 3.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementskit 3.6.1 Authenticated.(Contributor+).Local.File.Inclusion.via.Price.Menu,.Hotspot,.and.Advanced.Toggle.Widgets HIGH" "elementskit 3.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'ekit_btn_id' MEDIUM" "elementskit 2.2.0 Contributor+.Stored.XSS MEDIUM" "everest-coming-soon-lite 1.1.1 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "easy-order-view No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-admin-menu No.known.fix Admin+.Stored.XSS LOW" "emc2-alert-boxes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-org-chart No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "expand-maker No.known.fix Cross-Site.Request.Forgery.to.Local.File.Inclusion HIGH" "expand-maker 3.4.3 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.'Read.More'.Post.Deletion MEDIUM" "expand-maker 3.2.7 Admin+.PHP.Object.Injection LOW" "exit-intent-popups-by-optimonk 2.0.5 Account.ID.Update.via.CSRF MEDIUM" "easy-schema-structured-data-rich-snippets 2.3.0 Reflected.Cross-Site.Scripting MEDIUM" "e-unlocked-student-result No.known.fix Student.Result.<=.1.0.4.-.Arbitrary.File.Upload.via.CSRF HIGH" "extensions-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "extensions-for-elementor No.known.fix Reflected.Cross-Site.Scripting HIGH" "extensions-for-elementor 2.0.32 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "extensions-for-elementor 2.0.33 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.EE.Events.and.EE.Flipbox.Widget MEDIUM" "extensions-for-elementor 2.0.31 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.url.Parameter MEDIUM" "extra-privacy-for-elementor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "epeken-all-kurir No.known.fix .Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "easy-pie-coming-soon 1.0.7.4 Admin+.Stored.XSS LOW" "event-page-templates-addon-for-the-events-calendar 1.6 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "envira-gallery-lite 1.8.16 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "envira-gallery-lite 1.8.15 Missing.Authorization MEDIUM" "envira-gallery-lite 1.8.15 Author+.Stored.XSS MEDIUM" "envira-gallery-lite 1.8.8 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "envira-gallery-lite 1.8.7.3 Missing.Authorization.to.Gallery.Modification.via.envira_gallery_insert_images MEDIUM" "envira-gallery-lite 1.8.4.7 Reflected.Cross-Site.Scripting MEDIUM" "envira-gallery-lite 1.8.3.3 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "envira-gallery-lite 1.7.7 Authenticated.Stored.Cross-Site.Scripting.(XSS).Issue MEDIUM" "extra-product-options-for-woocommerce 3.0.7 Missing.Authorization MEDIUM" "extra-product-options-for-woocommerce 4.2 Shop.manager+.Stored.XSS MEDIUM" "easy-school-registration No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "extend-filter-products-by-price-widget No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-post-views-count 1.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easyme-connect No.known.fix Cross-Site.Request.Forgery MEDIUM" "easy-paypal-events-tickets 1.3 Cross-Site.Request.Forgery MEDIUM" "easy-paypal-events-tickets 1.2.2 Cross-Site.Request.Forgery.to.Arbitrary.Post.Deletion MEDIUM" "easy-paypal-events-tickets 1.1.2 Reflected.Cross-Site.Scripting.via.page.Parameter HIGH" "evaluate No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "elex-product-feed No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "e2pdf 1.25.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "e2pdf 1.23.00 Missing.Authorization MEDIUM" "e2pdf 1.23.00 Cross-Site.Request.Forgery MEDIUM" "e2pdf 1.20.24 Authenticated(Administrator+).SQL.Injection MEDIUM" "e2pdf 1.20.26 Admin+.Arbitrary.File.Upload HIGH" "e2pdf 1.20.19 Authenticated.(Administrator+).PHP.Object.Injection HIGH" "e2pdf 1.20.20 Admin+.Stored.Cross-Site.Scriping LOW" "e2pdf 1.16.45 Admin+.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "easy-custom-js-and-css No.known.fix Reflected.Cross-Site.Scripting HIGH" "exchange-addon-paypal-pro 1.1.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "extreme-blocks 0.8.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ewww-image-optimizer 7.3.0 Cross-Site.Request.Forgery MEDIUM" "ewww-image-optimizer 7.2.1 Unauthenticated.Sensitive.Information.Exposure.via.Debug.Log MEDIUM" "ewww-image-optimizer 7.2.1 Sensitive.Information.Exposure MEDIUM" "ewww-image-optimizer 5.9 Cross-Site.Request.Forgery MEDIUM" "email-customizer-woocommerce 1.7.2 Multiple.Author+.SQLi MEDIUM" "ekc-tournament-manager 2.2.2 Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "ekc-tournament-manager 2.2.2 Delete.Tournaments.via.CSRF MEDIUM" "ekc-tournament-manager 2.2.2 Admin+.Arbitrary.File.Download LOW" "ekc-tournament-manager 2.2.2 Create.Tournaments/Teams.via.CSRF MEDIUM" "ean-for-woocommerce 5.4.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ean-for-woocommerce 5.4.0 Missing.Authorization MEDIUM" "ean-for-woocommerce 4.9.0 Authenticated.(Shop.Manager+).Arbitrary.Options.Update MEDIUM" "ean-for-woocommerce 4.9.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.alg_wc_ean_product_meta.Shortcode MEDIUM" "ean-for-woocommerce 4.9.3 Insecure.Direct.Object.Reference.to.Sensitve.Information.Exposure.via.Shortcode MEDIUM" "ean-for-woocommerce 4.4.3 Contributor+.Stored.XSS MEDIUM" "export-media-urls 2.0 Cross-Site.Request.Forgery MEDIUM" "elite-notification 2.0.0 Subscriber+.Stored.XSS MEDIUM" "easy-portfolio No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "eyes-only-user-access-shortcode No.known.fix Admin+.Stored.XSS LOW" "enhanced-catalog-images-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "enhanced-catalog-images-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "enhanced-catalog-images-for-woocommerce No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "easy-appointments 3.11.19 Insufficient.Authorization MEDIUM" "easy-appointments 3.11.19 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-appointments 3.11.10 Cross-Site.Request.Forgery MEDIUM" "easy-appointments 3.11.2 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "easy-appointments 1.12.0 Cross-Site.Scripting.(XSS) MEDIUM" "easy-tweet-embed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-video-player 1.2.2.11 Contributor+.Stored.XSS MEDIUM" "easy-video-player 1.2.2.3 Contributor+.Stored.XSS MEDIUM" "easy-csv-importer No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "expandable-paywall 2.0.17 Reflected.Cross-Site.Scripting MEDIUM" "expandable-paywall 2.0.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ecab-taxi-booking-manager 1.2.2 Missing.Authorization MEDIUM" "ecab-taxi-booking-manager 1.1.9 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "ecab-taxi-booking-manager 1.1.0 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "eventprime-event-calendar-management 4.0.7.4 Missing.Authorization.to.Authenticated.(Subscriber+).Event.Attendees.Export MEDIUM" "eventprime-event-calendar-management 4.0.7.4 Unauthenticated.Stored.Cross-Site.Scripting.via.Ticket.Category.and.Ticket.Type.Name HIGH" "eventprime-event-calendar-management 4.0.4.8 Unauthenticated.Stored.Cross-Site.Scripting.via.Transaction.Log MEDIUM" "eventprime-event-calendar-management 4.0.4.8 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "eventprime-event-calendar-management 4.0.4.6 Open.Redirect MEDIUM" "eventprime-event-calendar-management 4.0.4.4 Missing.Authorization.to.Unauthenticated.Private.or.Password-Protected.Events.Disclosure MEDIUM" "eventprime-event-calendar-management 4.0.4.0 Missing.Authorization.via.calendar_event_create() MEDIUM" "eventprime-event-calendar-management 3.5.0 .Subscriber+.Arbitrary.booking.settings.update MEDIUM" "eventprime-event-calendar-management 3.3.5 Unauthenticated.Booking.Price.Manipulation MEDIUM" "eventprime-event-calendar-management 3.4.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "eventprime-event-calendar-management 3.4.4 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Deletion MEDIUM" "eventprime-event-calendar-management 3.4.3 Missing.Authorization.to.Arbitrary.Post.Overwrite MEDIUM" "eventprime-event-calendar-management 3.4.4 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "eventprime-event-calendar-management 3.4.4 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Email.Sending MEDIUM" "eventprime-event-calendar-management 3.4.3 Unauthenticated.Booking.Payment.Bypass MEDIUM" "eventprime-event-calendar-management 3.4.1 Missing.Authorization.to.Authenticated.(Subscriber+).Attendee.List.Retrieval MEDIUM" "eventprime-event-calendar-management 3.4.2 Missing.Authorization.to.Authenticated.(Subscriber+).Event.Export MEDIUM" "eventprime-event-calendar-management 3.4.0 Improper.Input.Validation.via.save_event_booking MEDIUM" "eventprime-event-calendar-management 3.3.6 Unauthenticated.Event.Access MEDIUM" "eventprime-event-calendar-management 3.3.3 Contributor+.Stored.XSS MEDIUM" "eventprime-event-calendar-management 3.3.6 Booking.Pricing.Bypass MEDIUM" "eventprime-event-calendar-management 3.1.6 Reflected.XSS HIGH" "eventprime-event-calendar-management 3.2.0 Reflected.HTML.Injection.on.keyword.parameter MEDIUM" "eventprime-event-calendar-management 3.2.0 Booking.Creation.via.CSRF MEDIUM" "eventprime-event-calendar-management 3.2.0 Reflected.XSS HIGH" "eventprime-event-calendar-management 3.0.6 Reflected.Cross-Site.Scripting HIGH" "eventprime-event-calendar-management 3.0.0 Unauthenticated.Reflected.XSS HIGH" "export-woocommerce-customer-list 2.0.69 CSV.Injection LOW" "export-users No.known.fix CSV.Injection MEDIUM" "easy-countdowner No.known.fix Cross-Site.Request.Forgery MEDIUM" "eventon-lite 2.4.5 Missing.Authorization MEDIUM" "eventon-lite 2.4.2 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "eventon-lite 2.4.1 Unauthenticated.Local.File.Inclusion CRITICAL" "eventon-lite 2.4.2 Contributor+.Local.File.Inclusion HIGH" "eventon-lite 2.2.17 Admin+.Stored.XSS LOW" "eventon-lite 2.2.16 Missing.Authorization.to.Unauthenticated.Stored.Cross-Site.Scripting.and.Plugin.Settings.Updates HIGH" "eventon-lite 2.2.15 Admin+.Stored.Cross-Site.Scripting.via.event.subtitle LOW" "eventon-lite 2.2.15 Admin+.Stored.XSS LOW" "eventon-lite 2.2.8 Unauthenticated.Arbitrary.Post.Metadata.Update HIGH" "eventon-lite 2.2.8 Reflected.XSS HIGH" "eventon-lite 2.2.8 Unauthenticated.Virtual.Event.Password.Disclosure MEDIUM" "eventon-lite 2.2.9 Unauthenticated.Virtual.Event.Settings.Update MEDIUM" "eventon-lite 2.2.8 Unauthenticated.Email.Address.Disclosure MEDIUM" "eventon-lite 2.2.7 Admin+.Stored.Cross-Site.Scripting LOW" "eventon-lite 2.2 Admin.+.Stored.HTML.Injection LOW" "eventon-lite 2.2.3 Reflected.Cross.Site.Scripting HIGH" "eventon-lite 2.2 Admin+.Stored.XSS LOW" "eventon-lite 2.1.2 Unauthenticated.Post.Access.via.IDOR HIGH" "eventon-lite 2.1.2 Unauthenticated.Event.Access HIGH" "export-all-post-meta No.known.fix Missing.Authorization MEDIUM" "extensive-vc-addon 1.9.1 Unauthenticated.RCE CRITICAL" "ect-add-to-cart-button No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "eroom-zoom-meetings-webinar 1.4.19 Missing.Authorization.to.Information.Exposure MEDIUM" "eroom-zoom-meetings-webinar 1.3.4 Reflected.Cross-Site.Scripting MEDIUM" "eroom-zoom-meetings-webinar 1.3.9 Cache.Deletion.via.CSRF MEDIUM" "eroom-zoom-meetings-webinar 1.3.8 Sync.Meetings.via.CSRF MEDIUM" "enhanced-paypal-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "embed-google-map No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "embedder No.known.fix 1.3.5.-.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "events-calendar No.known.fix Admin+.Stored.XSS LOW" "easy-login-styler No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "elegant-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementor-pro 3.29.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementor-pro 3.25.11 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Shortcode MEDIUM" "elementor-pro 3.21.3 Reflected.Cross-Site.Scripting MEDIUM" "elementor-pro 3.21.2 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "elementor-pro 3.20.2 Authententicated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementor-pro 3.20.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementor-pro 3.20.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Form.Widget.SVGZ.File.Upload MEDIUM" "elementor-pro 3.20.2 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.video_html_tag MEDIUM" "elementor-pro 3.20.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.Navigation MEDIUM" "elementor-pro 3.19.3 Authenticated.(Contributor+).Information.Exposure MEDIUM" "elementor-pro 3.11.7 Subscriber+.Arbitrary.Options.Update HIGH" "elementor-pro 2.9.4 Authenticated.Arbitrary.File.Upload CRITICAL" "elementor-pro 2.0.10 XSS MEDIUM" "easy-charts 1.2.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "embed-youtube-video No.known.fix Authenticated.SQL.Injection MEDIUM" "embed-and-integrate-etsy-shop No.known.fix Missing.Authorization MEDIUM" "everest-tab-lite 2.0.4 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "email-reminders 2.0.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "email-reminders 2.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "essential-addons-for-elementor-lite 6.1.13 Contributor+.Stored.XSS.via.Event.Calendar.Widget MEDIUM" "essential-addons-for-elementor-lite 6.1.13 Contributor+.Stored.XSS.via.Pricing.Table.Widget MEDIUM" "essential-addons-for-elementor-lite 6.1.10 Contributor+.Information.Disclosure LOW" "essential-addons-for-elementor-lite 6.1.10 Contributor+.Stored.XSS MEDIUM" "essential-addons-for-elementor-lite 6.0.15 Reflected.Cross-Site.Scripting HIGH" "essential-addons-for-elementor-lite 6.0.8 Contributor+.Stored.XSS MEDIUM" "essential-addons-for-elementor-lite 6.0.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 6.0.10 Authenticated.(Contributor+).Sensitive.Information.Exposure MEDIUM" "essential-addons-for-elementor-lite 6.0.10 Authenticated.(Author+).Sensitive.Information.Exposure.to.Privilege.Escalation HIGH" "essential-addons-for-elementor-lite 6.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Filterable.Gallery.Widget MEDIUM" "essential-addons-for-elementor-lite 6.0.4 Best.Elementor.Templates,.Widgets,.Kits.&.WooCommerce.Builders.<.6.0.4.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Fancy.Text.Widget MEDIUM" "essential-addons-for-elementor-lite 6.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.no_more_items_text.Parameter MEDIUM" "essential-addons-for-elementor-lite 5.9.27 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.9.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.9.23 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.9.22 Contributor+.Stored.Cross-Site.Scripting.via.Twitter.Feed MEDIUM" "essential-addons-for-elementor-lite 5.9.16 Contributor+.Stored.XSS MEDIUM" "essential-addons-for-elementor-lite 5.9.21 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.9.20 Contributor+.Stored.Cross-Site.Scripting.via.'Interactive.Circles' MEDIUM" "essential-addons-for-elementor-lite 5.9.20 Contributor+.DOM-Based.Stored.Cross-Site.Scripting.via.Several.Widgets MEDIUM" "essential-addons-for-elementor-lite 5.9.20 Contributor+.Stored.Cross-Site.Scripting.via.'Dual.Color.Header',.'Event.Calendar',.&.'Advanced.Data.Table' MEDIUM" "essential-addons-for-elementor-lite 5.9.18 Contributor+.Stored.XSS MEDIUM" "essential-addons-for-elementor-lite 5.9.16 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.9.16 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.9.16 Information.Exposure MEDIUM" "essential-addons-for-elementor-lite 5.9.15 Contributor+.Store.XSS.via.Widget.URL MEDIUM" "essential-addons-for-elementor-lite 5.9.14 Author+.PHP.Object.Injection MEDIUM" "essential-addons-for-elementor-lite 5.9.14 Unauthenticated.Private/Draft.Posts.Access MEDIUM" "essential-addons-for-elementor-lite 5.9.12 Contributor+.Stored.XSS MEDIUM" "essential-addons-for-elementor-lite 5.9.12 Contributor+.Stored.XSS MEDIUM" "essential-addons-for-elementor-lite 5.9.10 Contributor+.Stored.Cross-Site.Scripting.via.Event.Calendar HIGH" "essential-addons-for-elementor-lite 5.9.10 Contributor+.Stored.Cross-Site.Scripting.via.Data.Table MEDIUM" "essential-addons-for-elementor-lite 5.9.9 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.9.9 Contributor+.Stored.Cross-Site.Scripting.via.Filterable.Gallery MEDIUM" "essential-addons-for-elementor-lite 5.9.9 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.9.9 Contributor+.Stored.Cross-Site.Scripting.via.Accordion MEDIUM" "essential-addons-for-elementor-lite 5.9.8 Contributor+.Stored.XSS MEDIUM" "essential-addons-for-elementor-lite 5.9.5 Contributor+.Stored.Cross-Site.Scritping MEDIUM" "essential-addons-for-elementor-lite 5.9.5 Contributor+.Stored.Cross-Site.Scripting.via.Image.URl MEDIUM" "essential-addons-for-elementor-lite 5.9.3 Contributor+.Stored.XSS MEDIUM" "essential-addons-for-elementor-lite 5.8.9 Authenticated.(Contributor+).Privilege.Escalation HIGH" "essential-addons-for-elementor-lite 5.8.2 Unauthenticated.MailChimp.API.Key.Disclosure MEDIUM" "essential-addons-for-elementor-lite 5.7.2 Unauthenticated.Privilege.Escalation CRITICAL" "essential-addons-for-elementor-lite 5.0.9 Reflected.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.0.5 Unauthenticated.LFI CRITICAL" "essential-addons-for-elementor-lite 4.5.4 Contributor+.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "emergency-password-reset 9.0 Cross-Site.Request.Forgery MEDIUM" "easy-mls-listings-import 2.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ethiopian-calendar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "eazydocs No.known.fix Missing.Authorization MEDIUM" "eazydocs No.known.fix Contributor+.Local.File.Inclusion HIGH" "eazydocs 2.5.1 Missing.Authorization MEDIUM" "eazydocs 2.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "eazydocs 2.5.0 Admin+.Stored.XSS LOW" "eazydocs 2.4.0 Subscriber+.Arbitrary.Posts.Deletion.and.Document.Management MEDIUM" "eazydocs 2.3.6 Subscriber+.Arbitrary.Posts.Deletion.and.Document.Management MEDIUM" "eazydocs 2.3.4 Subscriber.+.SQLi HIGH" "eazydocs 2.3.6 Reflected.XSS MEDIUM" "eazydocs 2.3.6 Unauthenticated.OnePage.Document.Update/Publish MEDIUM" "eazydocs 2.2.1 Reflected.Cross-Site.Scripting MEDIUM" "embed-office-viewer 2.2.7 Reflected.Cross-Site.Scripting MEDIUM" "embed-office-viewer 2.2.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "elex-request-a-quote No.known.fix Missing.Authorization MEDIUM" "easy-registration-forms No.known.fix Subscriber+.Information.Disclosure.via.Shortcode MEDIUM" "easy-registration-forms No.known.fix CSRF.to.Stored.Cross-Site.Scripting HIGH" "easy-registration-forms No.known.fix CSV.Injection MEDIUM" "exxp-wp No.known.fix Subscriber+.Stored.Cross-Site.Scripting HIGH" "easy-accordion-free 2.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-accordion-free 2.2.0 Contributor+.Stored.XSS MEDIUM" "easy-accordion-free 2.0.22 Admin+.Stored.Cross-Site.Scripting LOW" "epicwin-subscribers No.known.fix Cross-Site.Request.Forgery.to.SQL.Injection MEDIUM" "easy-cookie-law No.known.fix Settings.Update.via.CSRF MEDIUM" "extended-search-plugin No.known.fix Settings.Update.via.CSRF MEDIUM" "easy-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "external-videos No.known.fix Admin+.Stored.XSS LOW" "easy-wp-smtp 2.3.1 Exposure.of.Sensitive.Information.via.the.UI LOW" "easy-wp-smtp 1.5.2 Admin+.Arbitrary.File.Deletion MEDIUM" "easy-wp-smtp 1.5.2 Admin+.RCE MEDIUM" "easy-wp-smtp 1.5.2 Admin+.Arbitrary.File.Access MEDIUM" "easy-wp-smtp 1.5.0 Admin+.PHP.Objection.Injection MEDIUM" "easy-wp-smtp 1.4.3 Debug.Log.Disclosure HIGH" "easy-wp-smtp 1.3.9.1 Unauthenticated.Arbitrary.wp_options.Import MEDIUM" "easy-media-download 1.1.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "easy-media-download 1.1.5 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "edd-tab-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "edd-tab-manager 1.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "edd-tab-manager 1.3.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "email-my-posts No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "elegant-calendar-lite 1.5.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "edoc-easy-tables No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "express-pay 1.1.9 Unauthenticated.SQL.Injection.via.type_id HIGH" "easy-popup-show No.known.fix Cross-Site.Request.Forgery MEDIUM" "email-verification-for-woocommerce-pro 1.8.2 Loose.Comparison.to.Authentication.Bypass CRITICAL" "event-calendars No.known.fix Unauthenticated.Arbitrary.Calendar.Deletion MEDIUM" "events-planner No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "events-calendar-for-google 3.0.0 Contributor+.Local.File.Inclusion HIGH" "exclusive-addons-for-elementor 2.7.9.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Timer.Widget MEDIUM" "exclusive-addons-for-elementor 2.7.9.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "exclusive-addons-for-elementor 2.7.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Animated.Text.and.Image.Comparison.Widgets MEDIUM" "exclusive-addons-for-elementor 2.7.5 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Elementor.Templates MEDIUM" "exclusive-addons-for-elementor 2.7.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "exclusive-addons-for-elementor 2.6.9.9 Authenticated.(Contibutor+).Stored.Cross-Site.Scripting.via.Card.Widget MEDIUM" "exclusive-addons-for-elementor 2.6.9.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Team.Member.Widget MEDIUM" "exclusive-addons-for-elementor 2.6.9.2 Missing.Authorization.to.Post.Duplication MEDIUM" "exclusive-addons-for-elementor 2.6.9.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Expired.Title MEDIUM" "exclusive-addons-for-elementor 2.6.9.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Call.to.Action MEDIUM" "exclusive-addons-for-elementor 2.6.9.4 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "exclusive-addons-for-elementor 2.6.9.3 Contributor+.Stored.XSS MEDIUM" "exclusive-addons-for-elementor 2.6.9.3 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Post.Grid MEDIUM" "exclusive-addons-for-elementor 2.6.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "exclusive-addons-for-elementor 2.6.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "exclusive-addons-for-elementor 2.6.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "exclusive-addons-for-elementor 2.6.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Covid-19.Stats.Widget MEDIUM" "exclusive-addons-for-elementor 2.6.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Call.To.Action.Widget MEDIUM" "exclusive-addons-for-elementor 2.6.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Timer.Widget MEDIUM" "exclusive-addons-for-elementor 2.6.9 Contributor+.Stored.XSS MEDIUM" "exclusive-addons-for-elementor 2.6.9 Contributor+.Stored.XSS MEDIUM" "exclusive-addons-for-elementor 2.6.2 Arbitrary.Uninstall.Reason.Feedback.via.CSRF MEDIUM" "event-notifier 1.2.1 XSS MEDIUM" "events-search-addon-for-the-events-calendar 1.2 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "event-registration-calendar-by-vcita No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "event-registration-calendar-by-vcita 1.4.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "event-registration-calendar-by-vcita No.known.fix CSRF.to.Stored.XSS.in.settings.page MEDIUM" "erp 1.14.0 Missing.Authorization MEDIUM" "erp 1.13.4 Custom+.Unauthorized.Access.to.Terminated.Employee.Information MEDIUM" "erp 1.13.4 Admin+.Stored.XSS LOW" "erp 1.13.3 Reflected.Cross-Site.Scripting MEDIUM" "erp 1.13.1 Authenticated.(Accounting.Manager+).SQL.Injection.via.vendor_id HIGH" "erp 1.13.2 Authenticated.(AccountingManager+).SQL.Injection HIGH" "erp No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "erp No.known.fix Authenticated.(AccountingManager+).SQL.Injection HIGH" "erp No.known.fix Authenticated.(Accounting.Manager+).SQL.Injection HIGH" "erp No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "erp 1.30.0 Authenticated.(Accounting.Manager+).SQL.Injection.via.id HIGH" "erp 1.12.9 Authenticated.(Accounting.manager+).SQL.Injection HIGH" "erp 1.12.7 Missing.Authorization.via.admin.notice.dismissal MEDIUM" "erp 1.12.4 Admin+.SQL.Injection MEDIUM" "erp 1.12.4 Reflected.Cross-Site.Scripting HIGH" "erp 1.7.5 CSRF.Nonce.Bypasses MEDIUM" "erp 1.6.4 Cross-Site.Request.Forgery MEDIUM" "erp 1.6.4 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "easy-justified-gallery 1.1.1 Reflected.Cross-Site.Scripting.(XSS) HIGH" "exchange-addon-easy-us-sales-taxes 1.1.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "exchange-addon-membership 1.3.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "express-shop 4.0.3 CSRF.Bypass MEDIUM" "events-for-geodirectory 2.3.15 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "easy-marijuana-age-verify 1.5.2 Reflected.Cross-Site.Scripting MEDIUM" "easy-marijuana-age-verify 1.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "email-capture-lead-generation No.known.fix Missing.Authorization MEDIUM" "etsy-shop 3.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "elementinvader-addons-for-elementor 1.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementinvader-addons-for-elementor 1.3.2 Missing.Authorization MEDIUM" "elementinvader-addons-for-elementor 1.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementinvader-addons-for-elementor 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementinvader-addons-for-elementor 1.2.7 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "elementinvader-addons-for-elementor 1.3.2 Missing.Authorization.to.Arbitrary.Options.Read MEDIUM" "elementinvader-addons-for-elementor 1.3.0 Authenticated.(Contributor+).Information.Exposure MEDIUM" "elementinvader-addons-for-elementor 1.2.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementinvader-addons-for-elementor 1.2.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementinvader-addons-for-elementor 1.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementinvader-addons-for-elementor 1.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-page-transition No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "elasticpress 5.1.2 Data.Sync.via.CSRF MEDIUM" "elasticpress 3.5.4 Cross-Site.Request.Forgery MEDIUM" "essential-content-types 1.9 Unauthorised.Plugin's.Setting.Change MEDIUM" "email-newsletter No.known.fix SQL.Injection CRITICAL" "exchange-addon-invoices 1.4.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "exclusive-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "everest-forms 3.1.2 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "everest-forms 3.1.2 Unauthenticated.PHP.Object.Injection HIGH" "everest-forms 3.1.2 Reflected.Cross-Site.Scripting MEDIUM" "everest-forms 3.0.9.5 Unauthenticated.Arbitrary.File.Upload,.Read,.and.Deletion CRITICAL" "everest-forms 3.0.8.1 Admin+.Stored.XSS LOW" "everest-forms 3.0.4.2 Admin+.Stored.XSS LOW" "everest-forms 3.0.3.1 Admin+.Stored.XSS LOW" "everest-forms 2.0.8 Unauthenticated.Server-Side.Request.Forgery.via.font_url HIGH" "everest-forms 2.0.5 Admin+.Stored.XSS LOW" "everest-forms 1.8.0 Reflected.Cross-Site.Scripting MEDIUM" "everest-forms 1.5.0 SQL.Injection CRITICAL" "embedstories 0.7.5 Contributor+.Stored.XSS MEDIUM" "easy-wp-tiles No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "edd-venmo No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-captcha No.known.fix Reflected.Cross-Site.Scripting HIGH" "easy-captcha No.known.fix Missing.Authorization MEDIUM" "exchange-rates-widget 1.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easyfonts 1.1.3 Cross-Site.Request.Forgery MEDIUM" "event-countdown-timer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-elementor-addons 2.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-elementor-addons 2.1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "email-artillery No.known.fix CSRF.to.Stored.XSS HIGH" "email-artillery No.known.fix Multiple.Authenticated.SQL.Injections MEDIUM" "email-artillery No.known.fix Multiple.Reflected.Cross-Site.Scripting HIGH" "email-artillery No.known.fix Arbitrary.File.Upload MEDIUM" "ecwid-shopping-cart 7.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ecwid-shopping-cart 6.12.28 Cross-Site.Request.Forgery.to.Send.Deactivation.Message MEDIUM" "ecwid-shopping-cart 6.12.11 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "ecwid-shopping-cart 6.12.5 Cross-Site.Request.Forgery MEDIUM" "ecwid-shopping-cart 6.12.5 Arbitrary.Plugin.Settings.Change.via.CSRF MEDIUM" "ecwid-shopping-cart 6.12.4 Missing.Authorization.on.multiple.functions MEDIUM" "ecwid-shopping-cart 6.11.5 Contributor+.Stored.Cross-Site.Scriping MEDIUM" "ecwid-shopping-cart 6.11.4 Import.via.CSRF MEDIUM" "ecwid-shopping-cart 6.10.24 Settings.Update.via.CSRF MEDIUM" "ecwid-shopping-cart 6.10.23 Insufficient.Access.Control MEDIUM" "e-search No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "easy-event-calendar No.known.fix Admin+.Stored.XSS LOW" "ezyonlinebookings-online-booking-system No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "everest-admin-theme-lite 1.0.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "eupago-gateway-for-woocommerce 3.1.10 CSRF MEDIUM" "elementary-addons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "exchange-addon-authorize-net 1.1.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "exports-and-reports 0.9.2 Contributor+.CSV.Injection LOW" "enable-wp-debug-from-admin-dashboard 1.86 Reflected.Cross-Site.Scripting MEDIUM" "everest-google-places-reviews-lite 2.0.0 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "easy-contact No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "email-subscribers 5.7.50 Admin+.Stored.XSS.in.Template LOW" "email-subscribers 5.7.52 Admin+.Stored.XSS LOW" "email-subscribers 5.7.45 Admin+.Stored.XSS LOW" "email-subscribers 5.7.45 Admin+.Stored.XSS LOW" "email-subscribers 5.7.45 Admin+.Stored.XSS LOW" "email-subscribers 5.7.45 Admin+.Stored.XSS LOW" "email-subscribers 5.7.44 Admin+.SQL.Injection MEDIUM" "email-subscribers 5.7.35 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "email-subscribers 5.7.35 Missing.Authorization.to.Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "email-subscribers 5.7.27 Email.Subscribers,.Newsletters.and.Marketing.Automation.Plugin.<.5.7.27.-.Missing.Authorization MEDIUM" "email-subscribers 5.7.26 Unauthenticated.SQL.Injection.via.unsubscribe CRITICAL" "email-subscribers 5.7.24 Email.Subscribers,.Newsletters.and.Marketing.Automation.Plugin.<.5.7.24.-.Unauthenticated.SQL.Injection.via.optin CRITICAL" "email-subscribers 5.7.23 Authenticated.(Subscriber+).SQL.Injection.Vulnerability.via.options[list_id] HIGH" "email-subscribers 5.7.21 Unauthenticated.SQL.Injection.via.hash CRITICAL" "email-subscribers 5.7.18 Missing.Authorization MEDIUM" "email-subscribers 5.7.20 Missing.Authorization.in.handle_ajax_request HIGH" "email-subscribers 5.7.15 Email.Subscribers,.Newsletters.and.Marketing.Automation.Plugin.<.5.7.15.-.Unauthenticated.SQL.Injection CRITICAL" "email-subscribers 5.7.14 Missing.Authorization MEDIUM" "email-subscribers 5.7.16 Authenticated.(Administrator+).Cross-Site.Scripting.via.CSV.import MEDIUM" "email-subscribers 5.7.12 Reflected.Cross-Site.Scripting.via.campaign_id MEDIUM" "email-subscribers 5.6.24 .Admin+.Directory.Traversal CRITICAL" "email-subscribers 5.5.3 Improper.Neutralization.of.Formula.Elements.in.a.CSV.File MEDIUM" "email-subscribers 5.5.1 Subscriber+.SQLi HIGH" "email-subscribers 5.3.2 Subscriber+.Blind.SQL.injection HIGH" "email-subscribers 5.3.2 Unauthenticated.arbitrary.option.update HIGH" "email-subscribers 4.5.6 Unauthenticated.email.forgery/spoofing HIGH" "email-subscribers 4.5.1 Authenticated.SQL.injection.in.es_newsletters_settings_callback() MEDIUM" "email-subscribers 4.5.1 Cross-site.Request.Forgery.in.send_test_email() LOW" "email-subscribers 4.2.3 Multiple.Issues HIGH" "email-subscribers 4.3.1 Unauthenticated.Blind.SQL.Injection CRITICAL" "email-subscribers 4.1.8 SQL.Injection HIGH" "email-subscribers 4.1.7 Cross-Site.Scripting.(XSS) CRITICAL" "email-subscribers 3.5.0 Cross-Site.Scripting.(XSS) MEDIUM" "email-subscribers 3.4.8 Unauthenticated.Subscriber.Download HIGH" "email-subscribers 2.9.1 Multiple.XSS.&.SQLi MEDIUM" "embedalbum-pro 1.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "embedalbum-pro 1.1.28 Contributor+.Stored.XSS MEDIUM" "essential-breadcrumbs No.known.fix Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "essential-breadcrumbs No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "erocket 1.2.5 Admin+.Stored.XSS LOW" "enhanced-media-library 2.8.10 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "easy-svg-upload No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "export-post-info 1.2.1 Author+.CSV.Injection MEDIUM" "export-post-info 1.2.0 Admin+.Stored.Cross-Site.Scripting LOW" "elements-for-lifterlms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "elements-for-lifterlms No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "essential-blocks-pro 1.1.1 Unauthenticated.Object.Injection HIGH" "essential-blocks-pro 1.1.1 Unauthenticated.PHP.Object.Injection.via.products HIGH" "essential-blocks-pro 1.1.1 Unauthenticated.PHP.Object.Injection.via.queries HIGH" "ethereumico 2.4.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.ethereum-ico.Shortcode MEDIUM" "ethereumico 2.4.4 Reflected.Cross-Site.Scripting MEDIUM" "ethereumico 2.3.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-custom-js-and-css-pro No.known.fix Reflected.Cross-Site.Scripting HIGH" "exhibit-to-wp-gallery No.known.fix Reflected.XSS HIGH" "edwiser-bridge 3.1.0 Reflected.Cross-Site.Scripting MEDIUM" "edwiser-bridge 3.0.8 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "edwiser-bridge 3.0.8 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "edwiser-bridge 3.0.6 Authentication.Bypass.due.to.Missing.Empty.Value.Check CRITICAL" "edwiser-bridge 3.0.4 Authenticated.(Administrator+).SQL.Injection CRITICAL" "edwiser-bridge 2.0.7 Cross-Site.Request.Forgery MEDIUM" "edwiser-bridge 2.0.7 CSRF.Nonce.Bypass MEDIUM" "email-log 2.4.9 Unauthenticated.Hook.Injection HIGH" "email-log 2.4.8 Reflected.Cross-Site.Scripting HIGH" "email-log 2.4.7 Admin+.SQL.Injection MEDIUM" "events-calendar-pro 7.0.2.1 Authenticated.(Administrator+).PHP.Object.Injection.to.Remote.Code.Execution CRITICAL" "events-calendar-pro 6.4.0.1 Contributor+.Arbitrary.Events.Access LOW" "easy-preloader No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "eu-vat-for-woocommerce 2.12.14 Reflected.Cross-Site.Scripting MEDIUM" "eu-vat-for-woocommerce 2.12.14 Missing.Authorization MEDIUM" "eu-vat-for-woocommerce 3.0.0 Reflected.Cross-Site.Scripting HIGH" "easyevent No.known.fix Admin+.Stored.XSS LOW" "easy-ad-manager No.known.fix Admin+.Stored.XSS LOW" "embed-documents-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "error-log-monitor 1.7.7 Reflected.Cross-Site.Scripting MEDIUM" "error-log-monitor 1.7.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "error-log-monitor 1.6.5 Subscriber+.Arbitrary.Option.Update CRITICAL" "elex-woocommerce-google-product-feed-plugin-basic 1.2.4 Reflected.Cross-Site.Scripting.(XSS) HIGH" "exs-widgets 0.3.2 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "elementskit-lite 3.5.3 Contributor+.Stored.XSS.via.Image.Comparison.Widget MEDIUM" "elementskit-lite 3.4.8 Contributor+.Stored.XSS MEDIUM" "elementskit-lite 3.4.1 Unauthenticated.Information.Exposure MEDIUM" "elementskit-lite 3.4.1 Contributor+.Stored.XSS MEDIUM" "elementskit-lite 3.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Comparison.Widget MEDIUM" "elementskit-lite 3.2.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Video.Widget MEDIUM" "elementskit-lite 3.2.1 Unauthenticated.Information.Exposure.via.ekit_widgetarea_content.Function MEDIUM" "elementskit-lite 3.2.0 Missing.Authorization MEDIUM" "elementskit-lite 3.1.3 3.1.2.-.Contributor+.Stored.XSS MEDIUM" "elementskit-lite 3.1.1 Contributor+.Local.File.Inclusion.via.Onepage.Scroll.Module HIGH" "elementskit-lite 3.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Widget MEDIUM" "elementskit-lite 3.0.7 Contributor+.Local.File.Inclusion HIGH" "elementskit-lite 3.0.7 Contributor+.Stored.XSS MEDIUM" "elementskit-lite 3.0.6 Contributor+.Stored.XSS MEDIUM" "elementskit-lite 3.0.5 Contributor+.Stored.XSS MEDIUM" "elementskit-lite 3.0.4 Contributor+.Stored.XSS MEDIUM" "elementskit-lite 3.0.4 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "elementskit-lite 2.9.2 Missing.Authorization MEDIUM" "elementskit-lite 2.2.0 Contributor+.Stored.XSS MEDIUM" "easy-embed-for-youtube-wall 1.2.3 Reflected.Cross-Site.Scripting MEDIUM" "everse-starter-sites 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "everse-starter-sites 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "emag-marketplace-connector 1.0.1 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "essential-wp-real-estate No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "essential-wp-real-estate No.known.fix Reflected.XSS HIGH" "essential-wp-real-estate No.known.fix Unauthenticated.Arbitrary.Post/Page.Deletion HIGH" "embed-pdf-viewer 2.4.0 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "embed-pdf-viewer 2.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.height.and.width.Parameters MEDIUM" "embedded-cdn 1.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "embed-form 1.3.2 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "easy-slider-revolution 1.1.0 Author+.Stored.XSS MEDIUM" "easy-login-woocommerce 2.8.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.xoo_el_action.Shortcode MEDIUM" "easy-login-woocommerce 2.7.3 2.7.2.-.Missing.Authorization.to.Arbitrary.Options.Exposure MEDIUM" "easy-login-woocommerce 2.7.3 Missing.Authorization.to.Arbitrary.Options.Update HIGH" "easy-login-woocommerce 2.4 Settings.Reset.via.CSRF MEDIUM" "easy-login-woocommerce 2.3 Various.Versions.CSRF.to.Arbitrary.Options.Update HIGH" "easy-login-woocommerce 2.2 Reflected.Cross-Site.Scripting HIGH" "easy-login-woocommerce 1.5 Authenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "extra-options-favicons No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "easy-image-display No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ezplayer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-filter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "event-tickets-plus 5.9.1 Contributor+.Arbitrary.Events.Access LOW" "event-tickets-plus 5.9.1 Contributor+.Attendees.Lists.Disclosure LOW" "email-subscriber No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "easy-site-importer No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Change MEDIUM" "external-database-based-actions No.known.fix Authenticated.(Subscriber+).Authentication.Bypass HIGH" "easy-fancybox 2.3.16 Contributor+.Stored.XSS MEDIUM" "easy-fancybox 2.3.15 Contributor+.Stored.XSS MEDIUM" "easy-fancybox 2.3.4 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "easy-fancybox 2.3.4 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "easy-fancybox 1.8.18 Authenticated.Stored.XSS MEDIUM" "ebook-download 1.2 Directory.Traversal HIGH" "elfsight-telegram-chat-cc No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "enquiry-quotation-for-woocommerce 2.2.33.34 Authenticated.(Author+).PHP.Object.Injection.in.enquiry_detail.php HIGH" "enquiry-quotation-for-woocommerce 2.2.13 Admin+.Stored.XSS LOW" "events-manager-pro-extended No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "easy-quotes 1.2.3 Unauthenticated.SQL.Injection HIGH" "easy-testimonial-rotator 1.0.19 Admin+.Stored.XSS LOW" "easy-testimonial-rotator 1.0.16 Reflected.Cross-Site.Scripting HIGH" "easy-slideshow No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-slideshow No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "edd-google-sheet-connector-pro 1.4 Access.Code.Update.via.CSRF MEDIUM" "edd-recent-purchases No.known.fix Unauthenticated.Remote.File.Inclusion CRITICAL" "easy-popups 1.5.1 Reflected.Cross-Site.Scripting MEDIUM" "essential-real-estate No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "essential-real-estate 5.2.1 Unauthenticated.Local.File.Inclusion CRITICAL" "essential-real-estate 5.1.9 Cross-Site.Request.Forgery MEDIUM" "essential-real-estate 5.1.7 Missing.Authorization.to.Authenticated.(Contributor+).Information.Exposure MEDIUM" "essential-real-estate 4.4.5 Insecure.Direct.Object.Reference.to.Arbitrary.Attachment.Deletion MEDIUM" "essential-real-estate 4.4.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "essential-real-estate 4.4.0 Subscriber+.Arbitrary.File.Upload CRITICAL" "essential-real-estate 4.4.0 Subscriber+.Stored.XSS HIGH" "essential-real-estate 4.4.0 Subscriber+.Denial.of.Service.via.Arbitrary.Option.Update HIGH" "essential-real-estate 4.4.0 Subscriber+.Arbitrary.File.Upload HIGH" "essential-real-estate 3.9.6 Reflected.Cross-Site-Scripting MEDIUM" "eexamhall No.known.fix CSRF MEDIUM" "endless-posts-navigation 2.2.8 Cross-Site.Request.Forgery MEDIUM" "e-signature 1.5.6.8 Unauthenticated.Arbitrary.File.Upload.leading.to.RCE CRITICAL" "error-log-viewer-wp No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "error-log-viewer-wp 1.0.4 Missing.Authorization.to.Unauthenticated.Arbitrary.File.Read HIGH" "email-address-obfuscation 1.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.class.Parameter MEDIUM" "envo-elementor-for-woocommerce 1.4.20 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "envo-elementor-for-woocommerce 1.4.17 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "envo-elementor-for-woocommerce 1.4.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "envo-elementor-for-woocommerce 1.4.5 Arbitrary.Theme.Activation.via.CSRF MEDIUM" "envo-elementor-for-woocommerce 1.4.5 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "envo-elementor-for-woocommerce 1.4.5 Subscriber+.Template.Creation MEDIUM" "easy-modal 2.1.0 Authenticated.SQL.Injection HIGH" "elegant-visitor-counter No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "easy-courses No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "explara-events No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "email-to-download No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "embed-lottie-player 1.2.0 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.File.Upload MEDIUM" "embed-privacy 1.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "emi-calculator No.known.fix Missing.Authorization.to.Unauthenticated.Settings.Change MEDIUM" "embedding-barcodes-into-product-pages-and-orders 2.0.5 Authenticated.(Subscriber+).Arbitrary.Content.Deletion MEDIUM" "embedding-barcodes-into-product-pages-and-orders 2.0.5 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "embedding-barcodes-into-product-pages-and-orders 2.0.3 Authenticated.(Subscriber+).Sensitive.Information.Disclosure MEDIUM" "everest-timeline-lite 1.1.2 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "easyappointments No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "easyappointments 1.3.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "edge-gallery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "edge-gallery No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easyrecipe No.known.fix Cross-Site.Request.Forgery MEDIUM" "easy-media-gallery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-demo-importer 1.1.3 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "edit-comments-xt No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "event-espresso-free 3.1.37.12.L Authenticated.Blind.SQL.Injection HIGH" "email-before-download No.known.fix Cross-Site.Request.Forgery MEDIUM" "email-before-download 6.8 Admin+.SQL.Injection MEDIUM" "email-before-download 4.0 SQL.Injection MEDIUM" "external-url-as-post-featured-image-thumbnail 2.03 Reflected.Cross-Site.Scripting MEDIUM" "easy-twitter-feeds No.known.fix Authenticated.(Contributor+).Post.Exposure MEDIUM" "easy-twitter-feeds 1.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "easy-faqs No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "extended-widget-options 5.1.3 Extended.<=.5.1.0.&..Widget.Options.<=.4.0.1.-.Authenticated.(Subscriber+).Information.Disclosure MEDIUM" "enable-accessibility No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "enable-accessibility 1.4.1 CSRF MEDIUM" "echo-knowledge-base 11.31.0 Unauthenticated.PHP.Object.Injection.in.is_article_recently_viewed CRITICAL" "easy-affiliate-links 3.7.4 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Reset MEDIUM" "easy-affiliate-links 3.7.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-affiliate-links 3.7.1 Contributor+.Stored.XSS MEDIUM" "easy-related-posts No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "extra-user-details 0.5.1 Settings.Update.to.Stored.XSS.via.CSRF HIGH" "extra-user-details 0.5.1 Admin+.Stored.XSS LOW" "embed-rentle 1.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "experto-cta-widget 1.2.1 Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "easy-blocks-pro No.known.fix Missing.Authorization HIGH" "electric-studio-client-login No.known.fix Admin+.Stored.XSS LOW" "exertio-framework 1.3.2 Unauthenticated.Arbitrary.User.Password.Update HIGH" "eid-easy-qualified-electonic-signature 3.3.1 Use.of.Polyfill.io MEDIUM" "elo-rating-shortcode 1.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "en-masse-wp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "embed-extended No.known.fix Cross-Site.Request.Forgery MEDIUM" "e-shops-cart2 No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "events-manager 6.6.4.2 Missing.Authorization MEDIUM" "events-manager 6.6.4 Unauthenticated.SQL.Injection.via.Event.Status.Parameter HIGH" "events-manager 6.4.9 Reflected.Cross-Site.Scripting MEDIUM" "events-manager 6.4.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.event,.location,.and.event_category.Shortcodes MEDIUM" "events-manager 6.4.7.2 Cross-Site.Request.Forgery MEDIUM" "events-manager 6.4.7 Missing.Authorization MEDIUM" "events-manager 6.4.7.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "events-manager 6.4.7.2 Cross-Site.Request.Forgery MEDIUM" "events-manager 6.4.7 Authenticated(Administator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "events-manager 6.4.6 Reflected.Cross-Site.Scripting MEDIUM" "events-manager 5.9.8 Admin+.SQL.Injection MEDIUM" "events-manager 5.9.8 Cross-Site.Scripting.(XSS) LOW" "events-manager 5.9.7.2 CSV.Injection MEDIUM" "events-manager 5.9.6 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "events-manager 5.9 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "events-manager 5.8.1.2 Unauthenticated.Stored.XSS CRITICAL" "events-manager 5.6 Cross-Site.Scripting.(XSS).&.Code.Injection MEDIUM" "events-manager 5.5.7.1 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "events-manager 5.5.7 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "events-manager 5.3.4 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "events-manager 5.3.9 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "events-manager 5.5.2 Multiple.Unspecified.XSS.Vulnerabilities MEDIUM" "events-manager 5.5 Cross-Site.Scripting.(XSS) MEDIUM" "elite-video-player No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "elite-video-player No.known.fix Cross-Site.Request.Forgery MEDIUM" "easy-child-theme-creator No.known.fix Cross-Site.Request.Forgery MEDIUM" "envato-affiliater No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "elespare 3.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Horizontal.Nav.Menu.Widge MEDIUM" "elespare 2.1.3 Missing.Authorization.to.Subscriber+.Arbitrary.Post.Creation MEDIUM" "easy-pie-maintenance-mode No.known.fix Admin+.Stored.XSS LOW" "exclusive-content-password-protect No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "easy-set-favicon No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "emails-blacklist-everest-forms 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "emails-blacklist-everest-forms 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "envialosimple-email-marketing-y-newsletters-gratis 2.3 Reflected.Cross-Site.Scripting MEDIUM" "envialosimple-email-marketing-y-newsletters-gratis 2.4 Arbitrary.File.Upload.via.CSRF HIGH" "envialosimple-email-marketing-y-newsletters-gratis 2.2 EnvíaloSimple.<.2,2.Unauthenticated.PHP.Object.Injection MEDIUM" "envialosimple-email-marketing-y-newsletters-gratis 2.3 API.Key.Update.via.CSRF MEDIUM" "easy-table-booking No.known.fix Cross-Site.Request.Forgery MEDIUM" "event-espresso-decaf 5.0.31.decaf Cross-Site.Request.Forgery MEDIUM" "event-espresso-decaf 5.0.22.decaf Authenticated.(Subscriber+).Missing.Authorization.to.Limited.Plugin.Settings.Modification MEDIUM" "event-espresso-decaf 4.10.12 Cross-Site.Request.Forgery MEDIUM" "event-espresso-decaf 4.10.14 CSRF.Bypass MEDIUM" "elfsight-pricing-table No.known.fix Cross-Site.Request.Forgery.via.ajax() MEDIUM" "elfsight-pricing-table No.known.fix Missing.Authorization MEDIUM" "enable-svg-webp-ico-upload 1.1.1 Author+.Stored.XSS MEDIUM" "enable-svg-webp-ico-upload 1.0.7 Author+.Stored.Cross-Site.Scripting MEDIUM" "enable-svg-webp-ico-upload 1.1.1 Author+.Arbitrary.File.Upload HIGH" "eu-cookie-law No.known.fix Admin+.Stored.XSS LOW" "eu-cookie-law 3.1.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "easy-paypal-shopping-cart 1.1.11 Contributor+.Stored.XSS MEDIUM" "expire-tags No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "expire-tags No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "easy-coming-soon No.known.fix Admin+.Stored.XSS LOW" "easy-tiktok-feed 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "easy-tiktok-feed 1.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "exchange-addon-manual-purchases 1.1.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "eveeno 1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-panorama 1.1.5 Admin+.Stored.XSS LOW" "eyewear-prescription-form 4.0.19 Missing.Authorization.to.Unauthenticated.Arbitrary.Options.Update CRITICAL" "easy-side-tab-cta 1.0.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "event-tickets-with-ticket-scanner 2.5.4 Arbitrary.Tickets.Deletion.via.CSRF MEDIUM" "event-tickets-with-ticket-scanner 2.4.4 Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "event-tickets-with-ticket-scanner 2.3.12 Authenticated.(Author+).Remote.Code.Execution HIGH" "event-tickets-with-ticket-scanner 2.3.2 Reflected.Cross-Site.Scripting MEDIUM" "event-tickets-with-ticket-scanner 2.3.8 Admin+.Stored.XSS LOW" "elastic-email-subscribe-form No.known.fix Missing.Authorization MEDIUM" "eventbee-rsvp-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "email-obfuscate-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "enable-media-replace 4.1.6 Reflected.XSS HIGH" "enable-media-replace 4.1.5 Reflected.Cross-Site.Scripting MEDIUM" "enable-media-replace 4.1.3 Author+.PHP.Object.Injection MEDIUM" "enable-media-replace 4.0.2 Author+.Arbitrary.File.Upload CRITICAL" "enable-media-replace 4.0.0 Admin+.Path.Traversal LOW" "email-form-under-post No.known.fix Cross-Site.Request.Forgery MEDIUM" "endomondowp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "exit-notifier 1.10.6 Reflected.Cross-Site.Scripting MEDIUM" "embed-twine No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "epermissions No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "embed-chessboard No.known.fix Contributor+.Stored.XSS MEDIUM" "easy-contact-form-solution 1.7 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "exportfeed-list-woocommerce-products-on-ebay-store No.known.fix Admin+.SQL.Injection MEDIUM" "eventON No.known.fix Missing.Authorization MEDIUM" "eventON 4.9.7 WordPress.Virtual.Event.Calendar.Plugin.<.4.9.7.-.Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "eventON 4.4.1 Reflected.Cross-Site.Scripting MEDIUM" "eventON 4.5.5 Reflected.XSS HIGH" "eventON 4.5.5 Unauthenticated.Virtual.Event.Password.Disclosure MEDIUM" "eventON 4.5.9 Unauthenticated.Virtual.Event.Settings.Update MEDIUM" "eventON 4.5.5 Unauthenticated.Email.Address.Disclosure MEDIUM" "eventON 4.5.5 Admin+.Stored.Cross-Site.Scripting LOW" "eventON 4.5.6 Unauthenticated.Arbitrary.Post.Metadata.Update HIGH" "eventON 4.4.1 Reflected.Cross-Site.Scripting HIGH" "eventON 4.4 Unauthenticated.Event.Access HIGH" "eventON 4.4 Unauthenticated.Post.Access.via.IDOR HIGH" "evernote-sync No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "echoza No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "easy-chart-builder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-facebook-likebox-premium No.known.fix Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "easy-facebook-likebox-premium 6.2.7 Reflected.Cross-Site.Scripting HIGH" "expresstechsoftwares-memberpress-discord-add-on 1.1.2 Reflected.Cross-Site.Scripting MEDIUM" "easy-digital-downloads 3.3.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.edd_receipt.Shortcode MEDIUM" "easy-digital-downloads 3.3.7 Unauthenticated.Private.Post.Title.Disclosure MEDIUM" "easy-digital-downloads 3.3.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting.via.Title MEDIUM" "easy-digital-downloads 3.3.3 Authenticated.(Admin+).Arbitrary.File.Download MEDIUM" "easy-digital-downloads 3.3.5 3.3.4.-.Improper.Authorization.to.Paywall.Bypass LOW" "easy-digital-downloads 3.3.4 Authenticated.(Admin+).PHAR.Deserialization HIGH" "easy-digital-downloads 3.3.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting.via.Currency.Settings MEDIUM" "easy-digital-downloads 3.3.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting.via.Agreement.Text LOW" "easy-digital-downloads 3.3.1 Missing.Authorization MEDIUM" "easy-digital-downloads 3.3.1 Unauthenticated.SQL.Injection CRITICAL" "easy-digital-downloads 3.2.12 Cross-Site.Request.Forgery MEDIUM" "easy-digital-downloads 3.2.12 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "easy-digital-downloads 3.2.7 Cross-Site.Request.Forgery MEDIUM" "easy-digital-downloads 3.2.10 Sensitive.Information.Exposure MEDIUM" "easy-digital-downloads 3.2.7 Shop.Manager+.Stored.XSS MEDIUM" "easy-digital-downloads 3.2.6 Contributor+.Stored.XSS MEDIUM" "easy-digital-downloads 3.2.0 Missing.Authorization MEDIUM" "easy-digital-downloads 3.1.1.4.2 Unauthenticated.Privilege.Escalation CRITICAL" "easy-digital-downloads 3.1.0.5 Contributor+.Stored.XSS MEDIUM" "easy-digital-downloads 3.1.0.4 Unauthenticated.SQLi HIGH" "easy-digital-downloads 3.0 Arbitrary.Post.Deletion.via.CSRF MEDIUM" "easy-digital-downloads 3.1.0.2 Unauthenticated.CSV.Injection MEDIUM" "easy-digital-downloads 3.0.2 Admin+.PHP.Object.Injection MEDIUM" "easy-digital-downloads 2.11.6 Arbitrary.Payment.Note.Insertion.via.CSRF LOW" "easy-digital-downloads 2.11.6 Admin+.Stored.Cross-Site.Scripting LOW" "easy-digital-downloads 2.11.2.1 Reflected.Cross-Site.Scripting HIGH" "easy-digital-downloads 2.10.3 Unauthorised.Stripe.Disconnect.via.CSRF MEDIUM" "easy-digital-downloads 2.9.16 Stored.XSS MEDIUM" "easy-digital-downloads 2.5.8 PHP.Object.Injection MEDIUM" "easy-digital-downloads 2.3.7 Cross-Site.Scripting.Issue MEDIUM" "easy-digital-downloads 2.3.3 SQL.Injection CRITICAL" "elevio No.known.fix Cross-Site.Request.Forgery MEDIUM" "easy2map 1.3.0 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "easy2map 1.3.0 Local.File.Inclusion CRITICAL" "email-keep No.known.fix Email.Deletion.via.CSRF MEDIUM" "email-keep No.known.fix Reflected.XSS HIGH" "easy-social-icons 3.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "easy-social-icons 3.2.5 Missing.Authorization.via.cnss_save_ajax_order MEDIUM" "easy-social-icons 3.2.1 Unauthenticated.Arbitrary.Icon.Deletion MEDIUM" "easy-social-icons 3.2.1 Admin+.Stored.Cross-Site.Scripting.in.add.icon LOW" "easy-social-icons 3.2.0 Admin+.Stored.Cross-Site.Scripting LOW" "easy-social-icons 3.1.4 Admin+.SQL.Injection MEDIUM" "easy-social-icons 3.1.3 Reflected.Cross-Site.Scripting HIGH" "easy-social-icons 3.0.9 Reflected.Cross-Site.Scripting HIGH" "exmage-wp-image-links 1.0.7 Admin+.Blind.SSRF LOW" "easy-watermark 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "easy-watermark 0.7.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "eventify No.known.fix Admin+.Stored.XSS LOW" "embed-comment-images 0.6 Unauthenticated.Stored.XSS MEDIUM" "elfsight-contact-form No.known.fix Unauthenticated.Information.Exposure MEDIUM" "editor-wysiwyg-background-color No.known.fix Missing.Authorization MEDIUM" "easy-custom-code 1.0.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "error-log-viewer 1.1.3 Directory.Listing.to.Sensitive.Data.Exposure LOW" "error-log-viewer 1.1.2 Arbitrary.Text.File.Deletion.via.CSRF LOW" "error-log-viewer 1.1.2 Admin+.Arbitrary.File.Clearing MEDIUM" "error-log-viewer 1.0.6 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "easy-sign-up No.known.fix Contributor+.Stored.XSS MEDIUM" "easy-wp-cookie-popup No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-wp-cookie-popup No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "everlightbox 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "everlightbox 1.1.18 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easylogo No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "easy-menu-manager-wpzest No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "easy-pixels-by-jevnet No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "external-image-replace No.known.fix Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "external-image-replace No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "ebook-downloader No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ebook-downloader No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ebook-downloader No.known.fix Unauthenticated.SQL.Injection HIGH" "easy-svg 3.8 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "easy-svg 3.3.0 Author+.Stored.Cross.Site.Scripting.via.SVG MEDIUM" "easy-flashcards No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "elex-woocommerce-dynamic-pricing-and-discounts 2.1.8 Missing.Authorization MEDIUM" "elex-woocommerce-dynamic-pricing-and-discounts 2.1.3 Cross-Site.Request.Forgery MEDIUM" "elex-woocommerce-dynamic-pricing-and-discounts 2.1.3 Cross-Site.Request.Forgery MEDIUM" "elex-woocommerce-dynamic-pricing-and-discounts 2.1.3 Reflected.Cross-Site.Scripting MEDIUM" "extensions-leaflet-map 3.4.2 Reflected.XSS HIGH" "easy-svg-image-allow No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "eelv-newsletter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "eelv-newsletter No.known.fix Cross-Site.Request.Forgery MEDIUM" "eelv-newsletter 4.6.1 CSRF.&.XSS HIGH" "enjoy-instagram-instagram-responsive-images-gallery-and-carousel No.known.fix Unauthenticated.Arbitrary.Instagram.Account.Unlinking MEDIUM" "enjoy-instagram-instagram-responsive-images-gallery-and-carousel No.known.fix Subscriber+.Plugin.Database.Reset MEDIUM" "enjoy-instagram-instagram-responsive-images-gallery-and-carousel 6.2.1 Reflected.Cross-Site.Scripting MEDIUM" "elisqlreports 5.25.10 Cross-Site.Request.Forgery MEDIUM" "elisqlreports 5.25.10 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "elisqlreports 5.25.10 5.25.08.-.Cross-Site.Request.Forgery.to.Remote.Code.Execution HIGH" "elisqlreports 5.25.08 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easync-booking 1.3.22 Insecure.Direct.Object.Reference.to.Sensitive.Information.Exposure MEDIUM" "easync-booking 1.3.21 Missing.Authorization MEDIUM" "easync-booking 1.3.15 Subscriber+.PayPal.Settings.Update MEDIUM" "easync-booking 1.3.12 Reflected.Cross-Site.Scripting HIGH" "easync-booking 1.3.7 Reflected.Cross-Site.Scripting MEDIUM" "easync-booking 1.1.16 Unauthenticated.Arbitrary.File.Upload CRITICAL" "easync-booking 1.1.10 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-form-builder 3.8.9 Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "easy-form-builder 3.7.5 Authenticated.(Contributor+).SQL.Injection CRITICAL" "easy-form-builder 3.4.0 Admin+.Stored.XSS LOW" "email-users No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "email-users 4.8.4 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "email-users 4.8.3 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "email-users 4.7.6 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "envolve-plugin 1.1.0 Unauthenticated.Arbitrary.File.Upload.via.language_file.and.fonts_file CRITICAL" "envolve-plugin 1.1.0 Unauthenticated.Language.File.Deletion MEDIUM" "email-tracker 5.3.9 Reflected.Cross-Site.Scripting MEDIUM" "email-tracker 5.3.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "email-tracker 5.2.6 Reflected.Cross-Site.Scripting HIGH" "email-tracker 5.2.7 Arbitrary.Email.Entry.Deletion.via.CSRF MEDIUM" "enable-wp-debug-toggle No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-maintenance-mode-coming-soon No.known.fix Information.Exposure MEDIUM" "event-geek No.known.fix Stored.Cross-site.Scripting.(XSS) MEDIUM" "easy-cookies-policy No.known.fix Broken.Access.Control.to.Stored.Cross-Site.Scripting HIGH" "exclusive-divi No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "employee-directory 4.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "events-calendar-registration-booking-by-events-plus No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "email-encoder-bundle 2.2.2 Admin+.Stored.XSS LOW" "email-encoder-bundle 2.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "email-encoder-bundle 2.1.10 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "email-encoder-bundle 2.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "email-encoder-bundle 2.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "email-encoder-bundle 2.1.2 Reflected.Cross.Site.Scripting MEDIUM" "epoll-wp-voting 3.5 Subscriber+.Arbitrary.File.Upload CRITICAL" "epoll-wp-voting 3.4 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "epoll-wp-voting 3.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "email-address-encoder 1.0.24 Cross-Site.Request.Forgery.via.eae_clear_caches() MEDIUM" "email-address-encoder 1.0.23 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "edoc-employee-application No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-real-estate No.known.fix Privilege.Escalation CRITICAL" "easy-real-estate No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "exchange-addon-custom-url-tracking 1.1.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "embed-calendly-scheduling 3.7 Embed.Calendly.<.3,7.Contributor+.Stored.XSS MEDIUM" "educare 1.4.7 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "educare 1.4.4 Students.&.Result.Management.System.<.1.4.4.-.Cross-Site.Request.Forgery.(CSRF) MEDIUM" "external-media-without-import No.known.fix Subscriber+.Blind.SSRF LOW" "external-media-without-import 1.0.1 Reflected.XSS HIGH" "exit-popup-free No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "easy-under-construction No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-under-construction 4.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "event-list 0.8.8 Admin+.Stored.Cross-Site.Scripting LOW" "event-list 0.7.10 XSS MEDIUM" "event-list 0.7.9 Authenticated.SQL.Injection HIGH" "emarksheet 5.4.4 Reflected.Cross-Site.Scripting HIGH" "event-post 5.10.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "event-post 5.10.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "event-post 5.9.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "event-post 5.9.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "event-post 5.9.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "event-post 5.9.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.events_cal.Shortcode MEDIUM" "event-post 5.9.6 Unauthenticated.Local.File.Inclusion CRITICAL" "event-post 5.9.11 Post.Metadata.Update.via.CSRF MEDIUM" "event-post 5.9.5 Missing.Authorization MEDIUM" "event-post 5.9.1 Contributor+.Stored.XSS MEDIUM" "ever-compare 1.2.4 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "embed-video-thumbnail 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "enhanced-youtube-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ect-social-share No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "enhanced-e-commerce-for-woocommerce-store 7.2.4 Missing.Authorization MEDIUM" "enhanced-e-commerce-for-woocommerce-store 7.1.1 All-in-one.Google.Analytics,.Pixels.and.Product.Feed.Manager.for.WooCommerce.<.7.1.1.-.Reflected.Cross-Site.Scripting MEDIUM" "enhanced-e-commerce-for-woocommerce-store 7.0.0 Reflected.Cross-Site.Scripting MEDIUM" "enhanced-e-commerce-for-woocommerce-store 7.0.8 Subscriber+.SQL.Injection HIGH" "enhanced-e-commerce-for-woocommerce-store 7.0.8 Subscriber+.SQL.Injection.via.ee_syncProductCategory HIGH" "enhanced-e-commerce-for-woocommerce-store 6.5.4 Reflected.XSS HIGH" "enhanced-e-commerce-for-woocommerce-store 5.2.4 Settings.Update.via.CSRF MEDIUM" "enhanced-e-commerce-for-woocommerce-store 4.6.2 Subscriber+.SQL.Injection HIGH" "easy-facebook-like-box 4.1.3 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "envato-elements 2.0.15 Author+.Server-Side.Request.Forgery MEDIUM" "envato-elements 2.0.11 Contributor+.Arbitrary.File.Upload HIGH" "emailpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "embed-swagger No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "explara-membership No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "email-customizer-for-woocommerce-with-drag-drop-builder No.known.fix WooCommerce.Email.Customizer.<=.3.0.34.-.Authenticated.(Subscriber+).Missing.Authorization.to.SQL.Injection MEDIUM" "easy-media-gallery-pro 1.3.0 CSRF.&.Cross-Site.Scripting.(XSS) MEDIUM" "easy-automatic-newsletter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "elastik-page-builder No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "easy-team-manager No.known.fix Authenticated.Blind.SQL.Injection CRITICAL" "easy-newsletter-signups No.known.fix Admin+.SQLi MEDIUM" "easy-newsletter-signups No.known.fix Missing.Authorization MEDIUM" "easy-newsletter-signups 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ecpay-ecommerce-for-woocommerce 1.1.2502030 Missing.Authorization.to.Authenticated.(Subscriber+).Log.Deletion MEDIUM" "everest-faq-manager-lite 1.0.9 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "ebecas No.known.fix Admin+.Stored.XSS LOW" "easy-form 2.7.0 Reflected.Cross-Site.Scripting MEDIUM" "easy-form 1.2.1 Admin+.Stored.XSS LOW" "embedpress 4.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'provider_name' MEDIUM" "embedpress 4.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "embedpress 4.0.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "embedpress 4.0.10 Unauthenticated.Local.File.Inclusion CRITICAL" "embedpress 4.0.5 Missing.Authorization MEDIUM" "embedpress 3.9.11 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.PDF.Widget.URL MEDIUM" "embedpress 4.0.2 .Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.EmbedPress.PDF.Widget MEDIUM" "embedpress 3.9.13 Contributor+.PDF.Block.Embedding LOW" "embedpress 3.9.17 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "embedpress 3.9.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Youtube.Block MEDIUM" "embedpress 3.9.9 Missing.Authorization.via.handle_calendly_data MEDIUM" "embedpress 3.9.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "embedpress 3.9.12 Missing.Authorization MEDIUM" "embedpress 3.9.13 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Widget.Attribute MEDIUM" "embedpress 3.9.13 Authenticated.(Contributor+).Stored.Cross-site.Scripting.via.'embedpress_doc_custom_color' MEDIUM" "embedpress 3.9.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Wistia.Block MEDIUM" "embedpress 3.9.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.EmbedPress.PDF.Widget MEDIUM" "embedpress 3.9.9 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Google.Calendar.Widget.Link MEDIUM" "embedpress 3.9.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "embedpress 3.9.6 Contributor+.Stored.XSS MEDIUM" "embedpress 3.9.5 Missing.Authorization MEDIUM" "embedpress 3.9.2 Reflected.XSS HIGH" "embedpress 3.9.2 Reflected.XSS MEDIUM" "embedpress 3.8.4 Cross-Site.Request.Forgery MEDIUM" "embedpress 3.8.3 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "embedpress 3.8.3 Subscriber+.Plugin.Settings.Delete MEDIUM" "embedpress 2.0.3 Reflected.Cross-Site.Scripting MEDIUM" "embedpress 3.8.0 Sensitive.Data.Disclosure MEDIUM" "envo-extra 1.9.10 Missing.Authorization MEDIUM" "envo-extra 1.9.4 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "envo-extra 1.8.25 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Widget MEDIUM" "envo-extra 1.8.17 Authenticated.(Contributor+).Cross-Site.Scripting MEDIUM" "envo-extra 1.8.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "envo-extra 1.8.4 Cross-Site.Request.Forgery MEDIUM" "enweby-variation-swatches-for-woocommerce 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "email-notification-on-login No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "enable-svg 1.4.0 Author+.Stored.Cross.Site.Scripting.via.SVG MEDIUM" "eventon 4.7 WordPress.Virtual.Event.Calendar.Plugin.<.4.7.-.Cross-Site.Request.Forgery.via.admin_test_email MEDIUM" "ekiline-block-collection 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ecpay-logistics-for-woocommerce 1.3.1910240 Unauthenticated.Reflected.XSS MEDIUM" "ecommerce-two-factor-authentication 1.0.5 Two.Factor.Authentication.<.1.0.5.-.Reflected.Cross-Site.Scripting HIGH" "essential-blocks 5.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Slider.and.Post.Carousel.Widgets MEDIUM" "essential-blocks 5.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "essential-blocks 5.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "essential-blocks 4.8.4 Missing.Authorization MEDIUM" "essential-blocks 5.1.1 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "essential-blocks 4.9.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "essential-blocks 4.7.0 Contributor+.Stored.XSS MEDIUM" "essential-blocks 4.5.13 Contributor+.Stored.XSS MEDIUM" "essential-blocks 4.5.10 Contributor+.DOM-Based.XSS.via.Social.Icons.Block MEDIUM" "essential-blocks 4.5.4 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "essential-blocks 4.4.10 Missing.Authorization MEDIUM" "essential-blocks 4.5.4 Contributor+.Stored.XSS MEDIUM" "essential-blocks 4.5.2 Contributor+.Stored.XSS MEDIUM" "essential-blocks 4.4.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "essential-blocks 4.2.1 Contributor+.Unauthorised.Actions LOW" "essential-blocks 4.2.1 Subscriber+.Unauthorised.Actions MEDIUM" "essential-blocks 4.4.3 Unauthenticated.Local.File.Inclusion CRITICAL" "essential-blocks 4.2.1 Missing.Authorization.via.AJAX.actions MEDIUM" "essential-blocks 4.2.1 Unauthenticated.Object.Injection HIGH" "essential-blocks 4.2.1 Unauthenticated.PHP.Object.Injection.via.queries HIGH" "essential-blocks 4.2.1 Unauthenticated.PHP.Object.Injection.via.products HIGH" "essential-blocks 4.0.7 Multiple.Functions.Missing.Authorization.Checks MEDIUM" "erident-custom-login-and-dashboard 3.5.9 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "erident-custom-login-and-dashboard 3.5 Stored.Cross-Site.Scripting.(XSS) HIGH" "easy-bet No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "elastic-email-sender 1.2.7 Admin+.Stored.XSS LOW" "easy-table-of-contents 2.0.68 Editor+.Stored.XSS LOW" "easy-table-of-contents 2.0.67.1 Editor+.Stored.XSS LOW" "easy-table-of-contents 2.0.66 Admin+.Stored.XSS LOW" "easy-tynt No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "edd-courses 0.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "edd-courses 0.1.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "easy-facebook-likebox 6.5.7 Cross-Site.Request.Forgery MEDIUM" "easy-facebook-likebox 6.5.6 Contributor+.Stored.XSS MEDIUM" "easy-facebook-likebox 6.5.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.fb_appid MEDIUM" "easy-facebook-likebox 6.5.5 Cross-Site.Request.Forgery MEDIUM" "easy-facebook-likebox 6.5.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "easy-facebook-likebox 6.5.5 Cross-Site.Request.Forgery MEDIUM" "easy-facebook-likebox 6.5.3 Subscriber+.Settings.Update MEDIUM" "easy-facebook-likebox 6.5.0 Reflected.Cross-Site.Scripting MEDIUM" "easy-facebook-likebox 6.4.0 Contributor+.Stored.XSS MEDIUM" "easy-facebook-likebox 6.3.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-facebook-likebox 6.2.7 Reflected.Cross-Site.Scripting.(XSS) HIGH" "easy-facebook-likebox 6.2.7 Reflected.Cross-Site.Scripting HIGH" "easy-load-more No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "embed-peertube-playlist 1.10 Editor+.Stored.XSS LOW" "ere-recently-viewed 2.0 Unauthenticated.PHP.Object.Injection MEDIUM" "easily-generate-rest-api-url No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "editable-table No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "ebay-feeds-for-wordpress 3.4 Admin+.Stored.XSS LOW" "ebay-feeds-for-wordpress 1.2 Cross-Site.Scripting.via.rss_url.Parameter MEDIUM" "ether-and-erc20-tokens-woocommerce-payment-gateway 4.12.13 Reflected.Cross-Site.Scripting MEDIUM" "ether-and-erc20-tokens-woocommerce-payment-gateway 4.12.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-call-now No.known.fix Cross-Site.Request.Forgery.via.settings_page MEDIUM" "enteraddons 2.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "enteraddons 2.2.0 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "enteraddons 2.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "enteraddons 2.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Events.Card.Widget MEDIUM" "enteraddons 2.2.0 Contributor+.Stored.XSS MEDIUM" "enteraddons 2.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "enteraddons 2.1.6 Contributor+.Stored.XSS.via.Heading.widget MEDIUM" "enteraddons 2.1.6 Contributor+.Stored.XSS.via.Animation.Title.widget MEDIUM" "easy-post-duplicator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-post-duplicator No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "easy-notify-lite 1.1.37 Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "easy-notify-lite 1.1.35 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-notify-lite 1.1.33 Contributor+.Stored.XSS MEDIUM" "easy-notify-lite 1.1.30 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "eventon-rsvp 2.9.5 Reflected.XSS HIGH" "eg-series No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "embed-power-bi No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elfsight-testimonials-slider No.known.fix Missing.Authorization MEDIUM" "elfsight-testimonials-slider No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "elfsight-testimonials-slider No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "easy-career-openings No.known.fix jobid.Parameter.SQL.Injection MEDIUM" "elements-plus 2.16.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elements-plus 2.16.3 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.widget.links MEDIUM" "easy-liveblogs 2.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "exportfeed-for-woocommerce-google-product-feed No.known.fix Admin+.SQLi MEDIUM" "ec-authorizenet No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "external-featured-image-from-bing No.known.fix Authenticated.(Subscriber+).Remote.Code.Execution HIGH" "everest-comment-rating-lite 2.0.5 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "easyrotator-for-wordpress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "easy-eu-cookie-law No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "excel-like-price-change-for-woocommerce-and-wp-e-commerce-light No.known.fix Unauthenticated.SQL.Injection HIGH" "excel-like-price-change-for-woocommerce-and-wp-e-commerce-light No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "excel-like-price-change-for-woocommerce-and-wp-e-commerce-light No.known.fix Unauthenticated.Remote.Code.Execution CRITICAL" "excel-like-price-change-for-woocommerce-and-wp-e-commerce-light No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "excel-like-price-change-for-woocommerce-and-wp-e-commerce-light No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "easy-social-share-buttons3 9.5 Missing.Authorization MEDIUM" "easy-social-share-buttons3 9.5 Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "easy-social-share-buttons3 9.5 Reflected.Cross-Site.Scripting MEDIUM" "elegant-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Switcher,.Slider,.and.Iconbox.Widgets MEDIUM" "elegant-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.HTML.tags MEDIUM" "export-wp-page-to-static-html 2.2.3 Open.Redirect HIGH" "export-wp-page-to-static-html 2.2.0 Missing.Authorization.via.Multiple.AJAX.Actions MEDIUM" "export-wp-page-to-static-html 2.2.0 Cross-Site.Request.Forgery.via.Multiple.AJAX.Actions MEDIUM" "easy-faq-with-expanding-text No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "error-notification No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "easy-zillow-reviews 1.6.2 Reflected.Cross-Site.Scripting MEDIUM" "easy-zillow-reviews 1.4.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-bootstrap-shortcodes No.known.fix Contributor+.Stored.XSS MEDIUM" "exchange-rates 1.2.3 Missing.Authorization MEDIUM" "exchange-addon-2checkout 1.1.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "echosign 1.2 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "elemenda No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "easy-post-types No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "easy-post-types No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.Meta MEDIUM" "easy-post-types No.known.fix Authenticated.(Subscriber+).Missing.Authorization.via.Multiple.Functions MEDIUM" "easy-language-switcher No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy2map-photos 1.1.0 SQL.Injection CRITICAL" "emma-emarketing-plugin No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "embed-swagger-ui No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "eucookielaw 2.7.3 Unauthenticated.Arbitrary.File.Read MEDIUM" "essential-addons-elementor 5.8.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Lightbox.and.Modal.Widget MEDIUM" "essential-addons-elementor 5.8.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Team.Member.Carousel.Widget MEDIUM" "essential-addons-elementor 5.8.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'title_html_tag' MEDIUM" "essential-addons-elementor 5.4.9 Reflected.XSS HIGH" "essential-addons-elementor 5.4.9 Unauthenticated.SSRF MEDIUM" "ehive-objects-image-grid 2.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "esign-genie-for-wp No.known.fix Authenticated.(Admin+).Information.Exposure LOW" "ez-form-calculator-premium No.known.fix WordPress.plugin.<=.2.14.1.2.-.Reflected.Cross-Site.Scripting MEDIUM" "eewee-admincustom No.known.fix Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "eewee-admincustom No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "eelv-redirection 1.5.1 Cross-Site.Request.Forgery.to.Arbitrary.Site.Redirect MEDIUM" "easy-booked 2.4.6 Cross-Site.Request.Forgery MEDIUM" "ebook-store 5.8009 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ebook-store No.known.fix Contributor+.Stored.XSS MEDIUM" "ebook-store 5.8002 Reflected.Cross-Site.Scripting MEDIUM" "ebook-store 5.8002 Reflected.Cross-Site.Scripting.via.'step' MEDIUM" "ebook-store 5.8002 Unauthenticated.Full.Path.Disclosure MEDIUM" "ebook-store 5.8002 Admin+.Stored.XSS LOW" "ebook-store 5.785 Reflected.XSS HIGH" "ebook-store 5.78 Admin+.Stored.XSS LOW" "ebook-store 5.78 Unauthenticated.Sensitive.Data.Disclose MEDIUM" "embed-ispring No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "events-widgets-for-elementor-and-the-events-calendar 1.5 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "easy-form-builder-by-bitware No.known.fix Unauthorised.AJAX.calls HIGH" "easy-form-builder-by-bitware No.known.fix Authenticated.Arbitrary.File.Upload CRITICAL" "education-addon No.known.fix Authenticated.(Contributor+).Insecure.Direct.Object.Reference.via.naedu_elementor_template.Shortcode MEDIUM" "education-addon No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "education-addon 1.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ecommerce-addon 1.4 Reflected.Cross-Site.Scripting MEDIUM" "ecommerce-addon 1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "export-customers-data 1.2.4 Reflected.Cross-Site.Scripting MEDIUM" "emoji-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ez-form-calculator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "event-feed-for-eventbrite 1.1.2 Reflected.Cross-Site.Scripting MEDIUM" "event-feed-for-eventbrite 1.0.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "eprolo-dropshipping 1.7.2 Missing.Authorization MEDIUM" "embedder-for-google-reviews 1.5.11 Reflected.Cross-Site.Scripting MEDIUM" "enhanced-wordpress-contactform 2.3 Admin+.Stored.XSS LOW" "email-templates 1.4.3 Email.Sending.via.CSRF MEDIUM" "etsy-importer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ecava-diot-scada No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "erima-zarinpal-donate No.known.fix Cross-Site.Request.Forgery MEDIUM" "easy-contact-form-pro 1.1.1.9 Authenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "emails-verification-for-woocommerce 2.9.5 Authenticated.(Contributor+).Sensitive.Information.Exposure MEDIUM" "emails-verification-for-woocommerce 2.9.6 Authentication.Bypass.via.Shortcode HIGH" "emails-verification-for-woocommerce 2.9.0 Unauthenticated.SQL.Injection HIGH" "emails-verification-for-woocommerce 2.7.5 Authentication.Bypass HIGH" "emails-verification-for-woocommerce 1.8.2 Loose.Comparison.to.Authentication.Bypass CRITICAL" "easy-pdf-restaurant-menu-upload 1.2 XSS MEDIUM" "exchange-addon-easy-canadian-sales-taxes 1.1.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "export-all-urls 4.6 Reflected.XSS HIGH" "export-all-urls 4.2 Editor+.Stored.XSS MEDIUM" "export-all-urls 4.4 Admin+.Arbitrary.System.File.Removal MEDIUM" "export-all-urls 4.2 Editor+.Stored.Cross-Site.Scripting LOW" "export-all-urls 4.2 Reflected.Cross-Site.Scripting MEDIUM" "export-all-urls 4.3 Private/Draft.Post/Page.Title.Disclosure.via.CSRF MEDIUM" "editor-custom-color-palette 3.3.8 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "external-markdown No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "exchange-addon-stripe 1.2.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "external-video-for-everybody No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-custom-admin-bar No.known.fix Reflected.Cross-Site.Scripting.via.msg.Parameter MEDIUM" "eventr No.known.fix Blind.SQL.Injection CRITICAL" "exportfeed-for-woocommerce-product-to-etsy 5.2.0 Reflected.Cross-Site.Scripting MEDIUM" "exportfeed-for-woocommerce-product-to-etsy 3.3.2 Cross-Site.Request.Forgery MEDIUM" "exportfeed-for-woocommerce-product-to-etsy 3.3.2 CSRF.Bypass MEDIUM" "easy-social-share-buttons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-prayer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-prayer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "events-made-easy No.known.fix Subscriber+.SQLi HIGH" "events-made-easy 2.3.17 Subscriber+.Unauthorised.AJAX.Calls MEDIUM" "events-made-easy 2.2.81 Unauthenticated.SQLi HIGH" "events-made-easy 2.2.36 Subscriber+.SQL.Injection HIGH" "events-made-easy 2.2.24 Admin+.Stored.Cross-Site.Scripting LOW" "events-made-easy 1.6.21 CSRF.to.Cross-Site.Scripting.(XSS) HIGH" "events-made-easy 1.5.50 Multi.CSRF.to.Stored.Cross-Site.Scripting.&.Event.Deletion HIGH" "easyjobs 2.4.15 Reflected.Cross-Site.Scripting MEDIUM" "easyjobs 2.4.7 Subscriber+.Arbitrary.Settings.Update MEDIUM" "easyjobs 1.4.8 Reflected.Cross-Site.Scripting MEDIUM" "element-ready-lite 6.6.3 Cross-Site.Request.Forgery MEDIUM" "element-ready-lite 6.4.9 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Elementor.Templates MEDIUM" "element-ready-lite 6.4.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "element-ready-lite 6.4.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "element-ready-lite 6.4.4 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "element-ready-lite 6.4.3 .Open.Redirect MEDIUM" "element-ready-lite 6.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "element-ready-lite 6.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "element-ready-lite 5.9.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ezoic-integration 2.8.9 Admin+.Stored.XSS LOW" "ezoic-integration 2.8.9 Unauthenticated.Settings.Update.to.Stored.XSS MEDIUM" "events-addon-for-elementor 2.2.4 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "events-addon-for-elementor 2.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "events-addon-for-elementor 2.2.1 Contributor+.Stored.XSS MEDIUM" "events-addon-for-elementor 2.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "events-addon-for-elementor 2.1.3 Cross-Site.Request.Forgery MEDIUM" "events-addon-for-elementor 2.1.3 Missing.Authorization MEDIUM" "events-addon-for-elementor 2.0.3 Reflected.Cross-Site.Scripting MEDIUM" "events-addon-for-elementor 1.9.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-student-results No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-student-results No.known.fix Sensitive.Information.Disclosure.via.REST.API LOW" "estatik-mortgage-calculator No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "estatik-mortgage-calculator No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "estatik-mortgage-calculator 2.0.12 Reflected.Cross-Site.Scripting MEDIUM" "estatik-mortgage-calculator No.known.fix Reflected.XSS HIGH" "estatik-mortgage-calculator No.known.fix Reflected.XSS HIGH" "email-on-publish No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "easy-broken-link-checker No.known.fix Bulk.Actions.via.CSRF MEDIUM" "easy-broken-link-checker No.known.fix Admin+.Stored.XSS LOW" "easy-broken-link-checker No.known.fix Reflected.XSS HIGH" "easy-broken-link-checker No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-custom-css No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "easy-media-replace 0.2.0 Author+.File.Deletion MEDIUM" "easy-testimonial-manager No.known.fix Authenticated.SQL.Injection MEDIUM" "emailshroud No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "easy-custom-auto-excerpt 2.5.0 Sensitive.Information.Exposure MEDIUM" "easy-custom-auto-excerpt 2.4.7 XSS MEDIUM" "ele-blog No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Deactivation.Submission MEDIUM" "ele-blog No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "embed-docs 3.0.0 Reflected.Cross-Site.Scripting MEDIUM" "fix-my-feed-rss-repair No.known.fix Cross-Site.Request.Forgery MEDIUM" "free-wp-booster-by-ads-pro No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "flash-video-player No.known.fix Cross-Site.Request.Forgery MEDIUM" "forms-to-sendinblue No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fast-wp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fast-wp No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fast-wp No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "file-gallery No.known.fix Reflected.Cross-Site.Scripting.via.post_id MEDIUM" "file-gallery 1.8.5.4 Contributor+.Stored.XSS MEDIUM" "facebook-comment-by-vivacity No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "floating-player No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "fast-tube No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fast-tube No.known.fix Reflected.XSS HIGH" "fabrica-reusable-block-instances 1.0.9 Reflected.Cross-Site.Scripting HIGH" "fluent-community 1.3.1 Unauthenticated.PHP.Object.Injection CRITICAL" "fw-integration-for-emailoctopus 1.0.8.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fw-integration-for-emailoctopus 1.0.8.2 Contributor+.Stored.XSS MEDIUM" "futurio-extra 2.0.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.header_size.tag MEDIUM" "futurio-extra 2.0.14 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "futurio-extra 2.0.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "futurio-extra 2.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Advanced.Text.Block.Widget MEDIUM" "futurio-extra 1.9.1 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "futurio-extra 1.6.3 Subscriber+.User.Email.Address.Disclosure MEDIUM" "futurio-extra 1.6.3 Authenticated.SQL.Injection MEDIUM" "fami-sales-popup No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "fudou 5.7.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "file-provider No.known.fix Unauthenticated.SQLi HIGH" "file-provider No.known.fix Item.Deletion.via.CSRF MEDIUM" "finale-woocommerce-sales-countdown-timer-discount 2.20.0 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.Countdown.Timer MEDIUM" "finale-woocommerce-sales-countdown-timer-discount 2.18.1 Cross-Site.Request.Forgery MEDIUM" "finale-woocommerce-sales-countdown-timer-discount 2.18.1 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Plugin.Installation.and.Activation MEDIUM" "finale-woocommerce-sales-countdown-timer-discount 2.18.0 Missing.Authorization.to.Unauthenticated.System.Information.Disclosure MEDIUM" "finale-woocommerce-sales-countdown-timer-discount 2.17.0 Unauthenticated.Arbitrary.File.Deletion HIGH" "frictionless No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "filebird-document-library 2.0.8 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "fast-velocity-minify 2.7.7 Full.Path.Disclosure MEDIUM" "flexible-captcha No.known.fix Contributor+.Stored.XSS MEDIUM" "fwduvp 10.1 Unauthenticated.Arbitrary.File.Download HIGH" "foogallery-captions No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "featured-posts-with-multiple-custom-groups-fpmcg No.known.fix Cross-Site.Request.Forgery MEDIUM" "featured-posts-with-multiple-custom-groups-fpmcg No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fs-poster 7.1.8 Missing.Authorization MEDIUM" "fs-poster No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fs-poster No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "fs-poster No.known.fix Cross-Site.Request.Forgery MEDIUM" "flight-search-widget-blocks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "flight-search-widget-blocks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "flight-search-widget-blocks No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "fixed-html-toolbar 1.0.8 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "front-end-post-edit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fluent-boards 1.48 Unauthenticated.PHP.Object.Injection CRITICAL" "filter-custom-fields-taxonomies-light No.known.fix Missing.Authorization MEDIUM" "filter-custom-fields-taxonomies-light No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "fusion-builder 3.11.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fusion-builder 3.11.14 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "fusion-builder 3.11.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.in.Multiple.Widgets MEDIUM" "fusion-builder 3.11.13 Authenticated.(Contributor+).Protected.Post.Disclosure MEDIUM" "fusion-builder 3.11.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.fusion_button.Shortcode MEDIUM" "fusion-builder 3.11.2 Cross.Site.Scripting.(XSS).vulnerability.in.the.User.Register.element HIGH" "fusion-builder 3.6.2 Unauthenticated.SSRF HIGH" "fluent-crm 2.8.45 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "fluent-crm 2.8.0 Marketing.Automation.For.WordPress..<.2.8.0.-.Unauthenticated.Subscriptions.Update MEDIUM" "flexible-checkout-fields 4.1.3 Missing.Authorization MEDIUM" "foogallery 2.4.30 Authenticated.(Custom+).Stored.Cross-Site.Scripting.via.Album.Title.Size MEDIUM" "foogallery 2.4.30 Insecure.Direct.Object.Reference.to.Authenticated.(Custom+).Arbitrary.Post/Page.Updates MEDIUM" "foogallery 2.4.30 Reflected.Cross-Site.Scripting MEDIUM" "foogallery 2.4.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Gallery.Custom.URL MEDIUM" "foogallery 2.4.15 Author+.Stored.XSS MEDIUM" "foogallery 2.4.15 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "foogallery 2.4.15 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Image.Attachment.Fields MEDIUM" "foogallery 2.4.9 Best.WordPress.Gallery.Plugin.–.FooGallery.<.2,4,9.-Admin+.Stored.Cross-Site.Scripting LOW" "foogallery 2.3.2 Reflected.XSS HIGH" "foogallery 2.3.2 Extensions.Mgt.via.CSRF MEDIUM" "foogallery 2.2.44 Reflected.Cross-Site.Scripting MEDIUM" "foogallery 2.2.41 Reflected.XSS HIGH" "foogallery 2.1.34 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "foogallery 2.0.35 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "foogallery 1.9.25 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "foogallery 1.6.17 Subscriber+.Arbitrary.Option.Update CRITICAL" "fruitcake-horsemanager No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "feedbackscout No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "feedbackscout No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fast-ebay-listings 2.12.16 Open.Redirect MEDIUM" "fat-services-booking No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "fat-services-booking No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "fat-services-booking No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "fat-services-booking No.known.fix Unauthenticated.SQL.Injection HIGH" "forumwp 2.1.1 Unauthenticated.PHP.Object.Injection CRITICAL" "forumwp 2.1.3 Reflected.Cross-Site.Scripting.via.url.Parameter HIGH" "forumwp 2.1.3 Reflected.Cross-Site.Scripting HIGH" "forumwp 2.1.0 Insecure.Direct.Object.Reference.to.Authenticated.(Subscriber+).Privilege.Escalation.via.Account.Takeover HIGH" "filestack-upload 3.0.0 Reflected.Cross-Site.Scripting MEDIUM" "fv-wordpress-flowplayer 7.5.48.7212 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "fv-wordpress-flowplayer 7.5.47.7212 Authenticated.(Subscriber+).SQL.Injection.via.exclude.Parameter HIGH" "fv-wordpress-flowplayer 7.5.46.7212 Reflected.Cross-Site.Scripting MEDIUM" "fv-wordpress-flowplayer 7.5.45.7212 Authenticated.(Subscriber+).Server-side.Request.Forgery MEDIUM" "fv-wordpress-flowplayer 7.5.45.7212 Authenticated.(Contributor+).Arbitrary.Redirect MEDIUM" "fv-wordpress-flowplayer 7.5.44.7212 Reflected.Cross-Site.Scripting MEDIUM" "fv-wordpress-flowplayer 7.5.44.7212 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fv-wordpress-flowplayer 7.5.39.7212 Insufficient.Input.Validation.to.Unauthenticated.Stored.Cross-Site.Scripting.and.Arbitrary.Usermeta.Update MEDIUM" "fv-wordpress-flowplayer 7.5.35.7212 Reflected.XSS HIGH" "fv-wordpress-flowplayer 7.5.31.7212 Settings.Toggle.via.CSRF MEDIUM" "fv-wordpress-flowplayer 7.5.19.727 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "fv-wordpress-flowplayer 7.5.18.727 Author+.SQLi HIGH" "fv-wordpress-flowplayer 7.5.3.727 Reflected.Cross-Site.Scripting HIGH" "fv-wordpress-flowplayer 7.4.38.727 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "fv-wordpress-flowplayer 7.3.19.727 SQL.Injection CRITICAL" "fv-wordpress-flowplayer 7.3.15.727 CSV.Export CRITICAL" "fv-wordpress-flowplayer 7.3.15.727 SQL.Injection MEDIUM" "fv-wordpress-flowplayer 7.3.14.727 Unauthenticated.Stored.XSS MEDIUM" "full-screen-menu-for-elementor No.known.fix Authenticated.(Contributor+).Post.Disclosure MEDIUM" "form-vibes 1.4.13 Missing.Authorization.in.Multiple.Functions MEDIUM" "form-vibes 1.4.11 Authenticated.(Subscriber+).SQL.Injection.via.fv_export_data HIGH" "form-vibes 1.4.9 Reflected.Cross-Site.Scripting MEDIUM" "form-vibes 1.4.6 Admin+.SQLi MEDIUM" "form-vibes 1.4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "free-facebook-reviews-and-recommendations-widgets 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "frontend-post-submission No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "feed-comments-number No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "forms-3rdparty-post-again No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "foundation-columns No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "foopeople No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "foopeople No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fma-additional-registration-attributes No.known.fix Arbitrary.Field.Deletion.and.Form.Modification.via.CSRF HIGH" "forge No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-site.Scripting MEDIUM" "facebook-likebox-widget-and-shortcode 1.2.1 Admin+.Stored.XSS LOW" "full-page-blog-designer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "float-to-top-button No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "favicon-switcher No.known.fix Arbitrary.Settings.Change.via.CSRF MEDIUM" "fraudlabs-pro-sms-verification 1.10.2 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "full-width-responsive-slider-wp 1.1.8 Reflected.XSS HIGH" "font-organizer No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "fancy-box No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "frontend-post-submission-manager-lite 1.2.3 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "flexidx-home-search No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "font-awesome 4.3.2 Contributor+.Stored.XSS MEDIUM" "flashcounter No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "feeds-for-youtube 2.2.2 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "feeds-for-youtube 2.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "feeds-for-youtube 1.4.2 Reflected.Cross-Site.Scripting MEDIUM" "fundpress 2.0.7 Unauthenticated.PHP.Object.Injection HIGH" "file-icons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "food-store No.known.fix Reflected.Cross-Site.Scripting HIGH" "food-store 1.4.7.5 Reflected.Cross-Site.Scripting MEDIUM" "food-store 1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "food-store 1.3.7 Unauthorised.AJAX.call.via.CSRF MEDIUM" "flexible-shipping-ups 3.0.0 Missing.Authorization.to.Plugin.API.key.reset MEDIUM" "flexible-shipping-ups 2.2.5 Cross-Site.Request.Forgery MEDIUM" "fareharbor 3.6.8 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "fareharbor 3.6.7 Admin+.Stored.XSS LOW" "filr-protection 1.2.5 Editor+.Stored.XSS LOW" "filr-protection 1.2.3.6 Author+.RCE.via.file.upload.with.phar.ext CRITICAL" "filr-protection 1.2.3 Reflected.Cross-Site.Scripting MEDIUM" "filr-protection 1.2.2.1 Secure.Document.Library.<.1.2.2.1.-.Subscriber+.AJAX.Calls CRITICAL" "filr-protection 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "forms-for-campaign-monitor 2.8.16 Unauthenticated.Full.Path.Disclosure MEDIUM" "forms-for-campaign-monitor 2.8.14 Reflected.Cross-Site.Scripting HIGH" "folder-gallery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "flying-press 3.9.7 Arbitrary.Settings.Update.to.Stored.XSS HIGH" "fullworks-anti-spam 1.3.10 Reflected.Cross-Site.Scripting MEDIUM" "fullworks-anti-spam 1.3.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fma-products-tabs-pro No.known.fix Arbitrary.Tab.Deletion/Edition.via.CSRF HIGH" "footer-text No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "fg-prestashop-to-woocommerce 4.47.0 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "frontend-admin 3.8.0 Reflected.Cross-Site.Scripting MEDIUM" "frontend-admin 3.3.33 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "feedback-suite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "feedback-suite No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "feedback-suite No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "faq-manager-with-structured-data 5.4.4 Reflected.Cross-Site.Scripting MEDIUM" "faq-manager-with-structured-data 5.4.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fast-image-adder No.known.fix Unauthenticated.Remote.File.Upload CRITICAL" "freesoul-deactivate-plugins 2.1.4 Cross-Site.Request.Forgery.via.eos_dp_pro_delete_transient MEDIUM" "flowplayer6-video-player 1.0.5 Contributor+.Stored.XSS MEDIUM" "fluentforms-pdf 1.1.8 Cross-Site.Scripting MEDIUM" "ftp-sync No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "file-select-control-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "forminator 1.44.2 Contributor+.Stored.DOM-Based.XSS.via.id.and.data-size.Parameters MEDIUM" "forminator 1.42.1 Contributor+.Stored.XSS.via.'limit' MEDIUM" "forminator 1.42.1 Order.Replay.Vulnerability MEDIUM" "forminator 1.39.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "forminator 1.38.3 Reflected.XSS.via.Title.Parameter HIGH" "forminator 1.38.3 Admin+.Stored.XSS LOW" "forminator 1.36.1 Unauthenticated.Arbitrary.Quiz.Submissions.Update MEDIUM" "forminator 1.36.0 Missing.Authorization.to.Authenticated.(Contributor+).Form.Update.and.Creation HIGH" "forminator 1.36.0 Draft.Quiz.Creation.via.CSRF MEDIUM" "forminator 1.36.0 Draft.Custom.Form.Creation.via.CSRF MEDIUM" "forminator 1.34.1 Reflected.Cross-Site.Scripting MEDIUM" "forminator 1.29.2 HubSpot.Developer.API.Key.Sensitive.Information.Exposure HIGH" "forminator 1.29.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "forminator 1.29.3 Admin+.SQL.Injection MEDIUM" "forminator 1.15.4 Reflected.Cross-Site.Scripting MEDIUM" "forminator 1.29.3 Contributor+.Stored.Cross-Site.Scripting.via.forminator_form.Shortcode MEDIUM" "forminator 1.29.1 Unauthenticated.Stored.XSS HIGH" "forminator 1.29.1 Reflected.Cross-Site.Scripting HIGH" "forminator 1.28.0 Admin+.Arbitrary.File.Upload MEDIUM" "forminator 1.27.0 Admin+.Stored.Cross-Site.Scripting LOW" "forminator 1.25.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "forminator 1.24.4 Reflected.XSS HIGH" "forminator 1.24.1 Unauthenticated.Race.Condition.on.poll.vote MEDIUM" "forminator 1.15.4 Admin+.Stored.Cross-Site.Scripting LOW" "forminator 1.14.12 Unauthenticated.Stored.XSS HIGH" "forminator 1.14.8.1 CSRF.Nonce.Bypasses MEDIUM" "forminator 1.13.5 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "forminator 1.6 Authenticated.Multiple.Vulnerabilities MEDIUM" "friends 3.2.2 Missing.Authorization MEDIUM" "friends 2.8.6 Authenticated.(Admin+).Blind.Server-Side.Request.Forgery MEDIUM" "freemind-wp-browser No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "food-recipes 2.6.1 Reflected.Cross-Site.Scripting MEDIUM" "food-recipes 2.1.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fantastic-elasticsearch No.known.fix Reflected.XSS HIGH" "fusion-slider No.known.fix Authenticated.(Contributor+).PHP.Object.Injection MEDIUM" "flynsarmy-iframe-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "faq-builder-ays 1.7.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "faq-builder-ays 1.7.2 Reflected.Cross-Site.Scripting MEDIUM" "faq-builder-ays 1.3.6 Authenticated.Blind.SQL.Injections HIGH" "fwdmsp 8.0 Unauthenticated.Arbitrary.File.Read/Download HIGH" "fattura24 6.2.8 Reflected.Cross-Site.Scripting HIGH" "firsth3tagadsense No.known.fix Missing.Authorization MEDIUM" "fat-coming-soon No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "fv-descriptions No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "filtr8-magazine No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "flexo-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "friendstore-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "flexible-blogtitle No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "full-circle No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "formidable 6.16.2 Reflected.Cross-Site.Scripting.via.Custom.HTML.Form.Parameter MEDIUM" "formidable 6.14.1 Admin+.Stored.XSS LOW" "formidable 6.11.2 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "formidable 6.8 CSRF.to.Stored.Cross-Site.Scripting MEDIUM" "formidable 6.7.1 Admin+.Stored.Cross-Site.Scripting MEDIUM" "formidable 6.7.1 HTML.Injection MEDIUM" "formidable 6.3.1 Subscriber+.Remote.Code.Execution CRITICAL" "formidable 6.2 Unauthenticated.PHP.Object.Injection HIGH" "formidable 6.1 IP.Spoofing MEDIUM" "formidable 5.5.7 Arbitrary.Entry.Deletion.via.CSRF MEDIUM" "formidable 5.0.07 Admin+.Stored.Cross-Site.Scripting LOW" "formidable 4.09.05 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "formidable 4.02.01 Unsafe.Deserialisation CRITICAL" "formidable 2.05.03 Multiple.Vulnerabilities HIGH" "formidable 2.0 Authenticated.Blind.SQL.Injection MEDIUM" "formidable 1.06.03 Arbitrary.File.Upload.via.ofc_upload_image.php CRITICAL" "full-picture-analytics-cookie-notice 5.0.0 Reflected.Cross-Site.Scripting MEDIUM" "full-picture-analytics-cookie-notice 3.2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "football-pool No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "football-pool 2.12.3 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "football-pool 2.11.10 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "football-pool 2.12.1 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "football-pool 2.11.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "football-pool 2.6.5 Multiple.XSS MEDIUM" "faculty-weekly-schedule 1.2.0 Folders.Disclosure.via.Outdated.jQueryFileTree.Library MEDIUM" "flyzoo No.known.fix Admin+.Stored.XSS LOW" "floating-links 3.6.2 Reflected.Cross-Site.Scripting MEDIUM" "floating-links 3.6.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "frontend-checklist No.known.fix Admin+.Stored.XSS.via.Items LOW" "frontend-checklist No.known.fix Admin+.Stored.XSS LOW" "fancy-user-listing No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "facebook-page-feed-graph-api 1.9.0 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "fiverr-official-search-box No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "freshmail-integration No.known.fix Cross-Site.Request.Forgery MEDIUM" "freshmail-integration No.known.fix Reflected.XSS HIGH" "fotomoto No.known.fix Reflected.XSS HIGH" "forcefield 1.2.9 Reflected.Cross-Site.Scripting MEDIUM" "forcefield 1.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "find-my-blocks 3.4.0 Private.Post.Titles.Disclosure MEDIUM" "front-editor No.known.fix Admin+.Stored.XSS LOW" "front-editor 4.4.8 Admin+.Stored.XSS LOW" "front-editor 4.4.5 Admin+.Stored.XSS LOW" "front-editor 4.0.4 Reflected.Cross-Site.Scripting MEDIUM" "front-editor 3.4.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ferma-ru-net-checkout No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "fws-ajax-contact-form 1.4.2 Contributor+.Stored.XSS MEDIUM" "facebook-messenger-customer-chat 1.6 Authenticated.Options.Change.to.Chat.Takeover HIGH" "facebook-messenger-customer-chat 1.3 CSRF HIGH" "floating-tiktok-button 1.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "feed-instagram-lite 1.0.0.37 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "feed-instagram-lite 1.0.0.29 Arbitrary.Post.Duplication.via.CSRF MEDIUM" "fullworks-slack No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fullworks-slack No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "folders 3.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "folders 3.0.1 Directory.Traversal.via.handle_folders_file_upload MEDIUM" "folders 3.0.3 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.User.First.Name.and.Last.Name MEDIUM" "folders 2.9.3 Authenticated.(Author+).Arbitrary.File.Upload.in.handle_folders_file_upload HIGH" "folders 2.9.3 Authenticated.(Author+).Arbitrary.File.Upload HIGH" "file-manager-advanced-shortcode No.known.fix Authenticated.(Administrator+).Local.JavaScript.File.Inclusion.via.Shortcode HIGH" "file-manager-advanced-shortcode 2.5.4 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "file-manager-advanced-shortcode 2.4.1 Authenticated.(Contributor+).Directory.Traversal HIGH" "file-manager-advanced-shortcode No.known.fix Unauthenticated.Remote.Code.Execution.through.shortcode CRITICAL" "formcraft-form-builder 1.2.11 Missing.Authorization MEDIUM" "formcraft-form-builder 1.2.8 Missing.Authorization.via.formcraft_nag_update MEDIUM" "formcraft-form-builder 1.2.7 Admin+.Stored.XSS LOW" "formcraft-form-builder 3.9.7 Admin+.SQLi MEDIUM" "formcraft-form-builder 1.2.10 Contributor+.Stored.XSS MEDIUM" "formcraft-form-builder 1.2.6 Admin+.Stored.Cross.Site.Scripting LOW" "formcraft-form-builder 1.2.2 Cross-Site.Request.Forgery.(CSRF) HIGH" "fraudlabs-pro-for-woocommerce 2.22.12 Missing.Authorization MEDIUM" "fraudlabs-pro-for-woocommerce 2.22.9 Stored.XSS.via.CSRF HIGH" "floating-awesome-button 1.7.0 Reflected.Cross-Site.Scripting MEDIUM" "floating-awesome-button 1.5.14 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "file-renaming-on-upload 2.5.2 Admin+.Stored.Cross-Site.Scripting LOW" "find-any-think No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "fast-custom-social-share-by-codebard No.known.fix Cross-Site.Request.Forgery MEDIUM" "fast-custom-social-share-by-codebard No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "fast-custom-social-share-by-codebard 1.1.0 Reflected.Cross-Site.Scripting MEDIUM" "file-manager-advanced 5.3.2 Missing.Authorization.to.Notice.Dismisaal NONE" "file-manager-advanced 5.3.0 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "file-manager-advanced 5.2.14 5.2.13.-.Subscriber+.Arbitrary.File.Upload HIGH" "file-manager-advanced 5.2.11 Subscriber+.Arbitrary.File.Upload HIGH" "file-manager-advanced 5.2.9 Authenticated.(Administrator+).Local.JavaScript.File.Inclusion.via.fma_locale MEDIUM" "file-manager-advanced 5.2.9 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "file-manager-advanced 5.2.9 Authenticated.(Subscriber+).Limited.File.Upload MEDIUM" "file-manager-advanced 5.2.5 Sensitive.Information.Exposure.via.Directory.Listing MEDIUM" "file-manager-advanced 5.1.1 Admin+.Arbitrary.File/Folder.Access MEDIUM" "flx-dashboard-groups No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "feedpress-generator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "feedpress-generator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "feedpress-generator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "feedpress-generator 1.2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "flickr-photostream No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "featured-products-first-for-woocommerce 1.9.6 Reflected.Cross-Site.Scripting MEDIUM" "featured-products-first-for-woocommerce 1.9.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "feedzy-rss-feeds 4.4.8 Authenticated(Contributor+).Blind.Server-Side.Request.Forgery.(SSRF) MEDIUM" "feedzy-rss-feeds 4.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode.Error.Message MEDIUM" "feedzy-rss-feeds 4.4.3 Missing.Authorization.to.Arbitrary.Page.Creation.and.Publication MEDIUM" "feedzy-rss-feeds 4.4.3 Authenticated(Contributor+).SQL.Injection HIGH" "feedzy-rss-feeds 4.4.2 Missing.Authorization MEDIUM" "feedzy-rss-feeds 4.3.3 Missing.Authorization MEDIUM" "feedzy-rss-feeds 4.3.3 Author+.Stored.Cross-Site.Scripting MEDIUM" "feedzy-rss-feeds 4.1.1 Contributor+.Stored.XSS MEDIUM" "feedzy-rss-feeds 3.4.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "feedzy-rss-feeds 3.4.3 Arbitrary.Settings.Update.via.CSRF MEDIUM" "formlift 7.5.20 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "formlift 7.5.18 Unauthenticated.SQL.Injection CRITICAL" "flagged-content No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "formbuilder No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "formbuilder 1.08 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "formbuilder 1.0.8 Multiple.Authenticated.SQL.Injection MEDIUM" "finance-calculator-with-application-form No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "feedbucket No.known.fix Cross-Site.Request.Forgery MEDIUM" "facebook-by-weblizar 2.8.5 CSRF.&.XSS HIGH" "fast-video-and-image-display No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "facebook-for-woocommerce 1.9.15 CSRF.allowing.Option.Update HIGH" "foobar-notifications-lite 2.1.32 Reflected.Cross-Site.Scripting MEDIUM" "foobar-notifications-lite 2.1.15 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fancy-elementor-flipbox 2.5.2 Contributor+.Stored.XSs.via.Fancy.Elementor.Flipbox.Widget MEDIUM" "frontend-uploader No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "fare-calculator No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "fetch-tweets No.known.fix Reflected.Cross-Site.Scripting HIGH" "fx-toc No.known.fix Contributor+.Stored.XSS MEDIUM" "fs-shopping-cart No.known.fix Authenticated.SQL.Injection HIGH" "fx-calculators 1.3.8 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "fx-calculators 1.3.7 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "float-block No.known.fix Admin+.Stored.XSS.via.Widget LOW" "falang 1.3.62 Cross-Site.Request.Forgery MEDIUM" "falang 1.3.53 Missing.Authorization.to.Translation.Update.and.Information.Exposure MEDIUM" "falang 1.3.52 Cross-Site.Request.Forgery MEDIUM" "falang 1.3.50 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "falang 1.3.48 Authenticated.(Administrator+).SQL.Injection HIGH" "falang 1.3.40 Cross-Site.Request.Forgery MEDIUM" "falang 1.3.18 Reflected.Cross-Site.Scripting HIGH" "formcraft3 3.9.12 Missing.Authorization.to.Plugin.Data.Export.in.formcraft-main.php MEDIUM" "formcraft3 3.9.12 Premium.WordPress.Form.Builder.<.3.9.12.-.Unauthenticated.Stored.Cross-Site.Scripting.via.SVG.File.Upload HIGH" "formcraft3 3.8.28 Unauthenticated.SSRF MEDIUM" "formcraft3 3.4 Premium.WordPress.Form.Builder.<.3.4.-.Authenticated.Stored.XSS MEDIUM" "fat-rat-collect 2.7.4 Reflected.Cross-Site.Scripting MEDIUM" "flickr-picture-backup No.known.fix Unauthenticated.File.Upload CRITICAL" "flexi No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "flexi 4.20 Guest.Submit.<.4.20.-.Reflected.Cross-Site.Scripting MEDIUM" "fg-drupal-to-wp 3.71.0 Sensitive.Information.Exposure MEDIUM" "fg-drupal-to-wp 3.68.0 Cross-Site.Request.Forgery.via.ajax_importer MEDIUM" "final-tiles-grid-gallery-lite 3.6.1 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "final-tiles-grid-gallery-lite 3.6.0 Contributor+.Stored.XSS MEDIUM" "final-tiles-grid-gallery-lite 3.5.8 Reflected.Cross-Site.Scripting MEDIUM" "final-tiles-grid-gallery-lite 3.5.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "final-tiles-grid-gallery-lite 3.5.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "final-tiles-grid-gallery-lite 3.4.19 Authenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "final-tiles-grid-gallery-lite 3.3.57 Subscriber+.Arbitrary.Option.Update CRITICAL" "full-site-editing 3.79150 Contributor+.Stored.XSS MEDIUM" "facturante No.known.fix Unauthenticated.SQL.Injection HIGH" "fullscreen-galleria 1.6.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "flash-album-gallery No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "flash-album-gallery 4.25 Full.Path.Disclosure MEDIUM" "flash-album-gallery No.known.fix admin/news.php.want2Read.Parameter.Traversal.Arbitrary.File.Access HIGH" "flash-album-gallery 2.72 "s".Cross-Site.Scripting HIGH" "fd-elementor-button-plus No.known.fix Contributor+.Stored.XSS MEDIUM" "fresh-framework No.known.fix Missing.Authorization MEDIUM" "fresh-framework No.known.fix Unauthenticated.Remote.Code.Execution CRITICAL" "fusion No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fusion 1.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "facebook-secret-meta No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "falcon 2.8.4 Missing.Authorization MEDIUM" "floating-action-buttons 1.0.1 Missing.Authorization MEDIUM" "formaloo-form-builder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "fd-elementor-imagebox No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "frontend-group-restriction-for-learndash No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "frontend-group-restriction-for-learndash No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "float-menu 6.1.3 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "float-menu 6.0.1 Menu.Deletion.via.CSRF MEDIUM" "float-menu 5.0.3 Admin+.Stored.Cross-Site.Scripting LOW" "float-menu 5.0.2 Reflected.XSS MEDIUM" "float-menu 4.3.1 Arbitrary.Menu.Deletion.via.CSRF MEDIUM" "feather-login-page 1.1.6 Cross-Site.Request.Forgery.via.saveData() MEDIUM" "feather-login-page 1.1.4 CSRF MEDIUM" "feather-login-page 1.1.2 Missing.Authorization.to.Non-Arbitrary.User.Deletion HIGH" "feather-login-page 1.1.2 Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "fontmeister No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "foxyshop 4.8.2 Reflected.Cross-Site.Scripting MEDIUM" "fsflex-local-fonts No.known.fix Admin+.Stored.Cross-Site-Scripting LOW" "fancy-roller-scroller 1.4.1 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "floating-cart-xforwc 1.3.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "flipping-cards 1.31 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "formilla-live-chat 1.3.1 Admin+.Stored.XSS LOW" "free-wp-mail-smtp No.known.fix Cross-Site.Request.Forgery MEDIUM" "flashnews-fading-effect-pearlbells No.known.fix Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "formassembly-web-forms 3.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "formassembly-web-forms 2.0.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fullworks-firewall No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fullworks-firewall No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "font-awesome-more-icons No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "frontpage-manager No.known.fix Cross-Site.Request.Forgery.via.admin_page MEDIUM" "flexible-cookies 1.1.9 Cross-Site.Request.Forgery MEDIUM" "fb-status-updater No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "formality 1.5.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.align.Parameter MEDIUM" "formality 1.5.8 Unauthenticated.Local.File.Inclusion CRITICAL" "formcraft No.known.fix Arbitrary.File.Deletion CRITICAL" "final-user-wp-frontend-user-profiles 1.2.2 Subscriber+.Privilege.Escalation CRITICAL" "f12-profiler 1.4.0 Settings.Update.via.CSRF MEDIUM" "find-content-ids No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "formidablepro-2-pdf 3.11 Subscriber+.SQLi HIGH" "formidable-sms 1.1.0 Cross-Site.Scripting.(XSS) MEDIUM" "forget-about-shortcode-buttons 2.1.3 CSRF MEDIUM" "forget-about-shortcode-buttons 1.1.2 XSS MEDIUM" "forty-four No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "freshing No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "freshing No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "formfacade 1.3.7 Reflected.Cross-Site.Scripting MEDIUM" "formfacade 1.3.7 Reflected.Cross-Site.Scripting HIGH" "formfacade 1.3.3 Reflected.Cross-Site.Scripting MEDIUM" "formfacade 1.2.2 Contributor+.Stored.XSS MEDIUM" "featured-page-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "forms-ada-form-builder No.known.fix Unauthenticated.Reflected.XSS HIGH" "floating-div No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "font-farsi No.known.fix Administrator+.Stored.Cross-Site.Scripting MEDIUM" "font-farsi No.known.fix Admin+.Stored.XSS.in.Settings LOW" "font-farsi No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "fscf-sms 2.4.0 Cross-Site.Scripting.(XSS) MEDIUM" "f4-improvements No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "f4-improvements 1.8.1 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "flamix-bitrix24-and-contact-forms-7-integrations 3.2.0 Unauthenticated.Full.Path.Disclosure MEDIUM" "faq-and-answers 1.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "follow-me No.known.fix Stored.XSS.via.CSRF MEDIUM" "flattr No.known.fix Admin+.Stored.XSS LOW" "free-event-banner No.known.fix Arbitrary.File.Upload.to.RCE CRITICAL" "facebook-button-plugin 2.74 Unauthenticated.Password.Protected.Post.Read MEDIUM" "facebook-button-plugin 2.54 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "facilita-form-tracker No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "formzu-wp 1.6.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "formzu-wp 1.6.7 Contributor+.Stored.XSS.via.id MEDIUM" "fetch-jft 1.8.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "fancy-facebook-comments 1.2.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "fancy-facebook-comments 1.2.15 Contributor+.Stored.XSS MEDIUM" "fancy-facebook-comments 1.2.11 Contributor+.Stored.XSS MEDIUM" "full-screen-page-background-image-slideshow No.known.fix Admin+.Stored.XSS LOW" "fileviewer No.known.fix Arbitrary.File.Upload/Deletion.via.CSRF CRITICAL" "falling-things 1.09 Authenticated.(Editor+).SQL.Injection MEDIUM" "fpw-category-thumbnails No.known.fix Missing.Authorization MEDIUM" "featured-image-caption 0.8.11 Contributor+.Stored.XSS MEDIUM" "fm-notification-bar No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "form-forms No.known.fix Contact.Form.<=.1.2.4.-.Admin+.Stored.Cross-Site.Scripting LOW" "fx-private-site No.known.fix Sensitive.Information.Exposure MEDIUM" "fat-event-lite No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "fat-event-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fat-event-lite No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "formidable-registration 2.12 Contributor+.Arbitrary.User.Password.Reset.To.Account.Takeover HIGH" "flexible-shipping-usps 1.10.0 Sensitive.Information.Exposure MEDIUM" "flexible-shipping-usps 1.9.3 Cross-Site.Request.Forgery MEDIUM" "foobox-image-lightbox 2.7.34 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "foobox-image-lightbox 2.7.32 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.HTML.Data.Attributes MEDIUM" "foobox-image-lightbox 2.7.28 Admin+.Stored.XSS LOW" "foobox-image-lightbox 2.7.27 Reflected.Cross-Site.Scripting MEDIUM" "foobox-image-lightbox 2.7.17 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "foobox-image-lightbox 2.6.4 Subscriber+.Arbitrary.Option.Update CRITICAL" "featured-image-pro 5.15 Reflected.XSS HIGH" "funnelforms-free No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "funnelforms-free 3.7.4.1 Missing.Authorization.to.Unauthenticated.Arbitrary.Media.Deletion MEDIUM" "funnelforms-free 3.7.4.1 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "funnelforms-free 3.7.4.1 Authenticated.(Administrator+).Arbitrary.File.Deletion MEDIUM" "funnelforms-free 3.7.4.1 Missing.Authorization.to.Unauthenticated.Arbitrary.Media.Upload MEDIUM" "funnelforms-free 3.4.2 Form.Deletion/Duplication.via.CSRF MEDIUM" "funnelforms-free 3.4.2 Missing.Authorization.to.Arbitrary.Post.Duplication MEDIUM" "funnelforms-free 3.4.2 Missing.Authorization.to.Test.Email.Sending MEDIUM" "funnelforms-free 3.4.2 Cross-Site.Request.Forgery.to.Arbitrary.Post.Deletion MEDIUM" "funnelforms-free 3.4.2 Missing.Authorization.to.Category.Deletion MEDIUM" "funnelforms-free 3.4.2 Cross-Site.Request.Forgery.to.Arbitrary.Post.Duplication MEDIUM" "funnelforms-free 3.4.2 Missing.Authorization.to.Arbitrary.Post.Deletion MEDIUM" "funnelforms-free 3.4.2 Missing.Authorization.to.New.Category.Creation MEDIUM" "funnelforms-free 3.4.2 Missing.Authorization.to.Post.Modification MEDIUM" "funnelforms-free 3.4.2 Missing.Authorization.to.Enable/Disable.Dark.Mode MEDIUM" "funnelforms-free 3.4.2 Missing.Authorization.to.Category.Update MEDIUM" "funnelforms-free 3.4 Funnelforms.Free.<.3,4.Unauthenticated.Stored.Cross-Site.Scripting CRITICAL" "funnelforms-free 3.3.8.5 Reflected.Cross-Site.Scripting MEDIUM" "fontsy No.known.fix Multiple.Unauthenticated.SQLi HIGH" "for-the-visually-impaired No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "florapress 1.0.8 Reflected.Cross-Site.Scripting MEDIUM" "florapress 1.0.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "floating-social-media-icon No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "facebook-fan-page-widget 2.1 Admin+.Stored.XSS LOW" "flexible-wishlist 1.2.27 Cross-Site.Request.Forgery.to.Wishlist.Creation/Modification MEDIUM" "flexible-wishlist 1.2.26 Unauthenticated.Stored.Cross-Site.Scripting.via.wishlist_name.Parameter HIGH" "featured-image-toolkit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "featured-image-toolkit No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "featured-image-toolkit No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "form-to-json No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "feedburner-alternative-and-rss-redirect 3.8 Plugin.Installation.via.CSRF MEDIUM" "feedburner-alternative-and-rss-redirect 3.8 Subscriber+.Plugin.Installation MEDIUM" "font-awesome-4-menus No.known.fix Contributor+.Stored.XSS MEDIUM" "font-awesome-4-menus No.known.fix Admin+.Stored.XSS LOW" "free-stock-photos-foter No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "forym No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "form-block 1.0.2 Form.Submission.via.CSRF MEDIUM" "flickr-rss No.known.fix XSS.and.CSRF HIGH" "floating-contact 2.8 Admin+.Stored.XSS LOW" "first-order-discount-woocommerce 1.22 Discount.Update.via.CSRF MEDIUM" "fancy-product-designer 6.4.4 Unauthenticated.SQL.Injection HIGH" "fancy-product-designer 6.4.4 Unauthenticated.Arbitrary.File.Upload CRITICAL" "fancy-product-designer 6.1.81 Admin+.Cross.Site.Scripting LOW" "fancy-product-designer 6.1.8 Reflected.Cross.Site.Scripting HIGH" "fancy-product-designer 6.1.81 Admin+.Cross.Site.Scripting.via.Product.Title LOW" "fancy-product-designer 6.1.5 Admin+.SQL.Injection MEDIUM" "fancy-product-designer 4.7.0 Subscriber+.Unauthorized.Site.Options.Modification HIGH" "fancy-product-designer 4.7.0 Subscriber+.Unauthorized.Access.and.Modification MEDIUM" "fancy-product-designer 4.7.6 Arbitrary.File.Upload.via.CSRF HIGH" "fancy-product-designer 4.7.5 Admin+.SQL.Injection MEDIUM" "fancy-product-designer 4.6.9 Unauthenticated.Arbitrary.File.Upload.and.RCE CRITICAL" "fancy-product-designer 4.5.1 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "fooevents 1.19.21 Improper.Authorization.to.(Contributor+).Arbitrary.File.Upload HIGH" "flexytalk-widget No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "floating-button 6.0.1 Cross-Site.Request.Forgery.via.process_bulk_action MEDIUM" "floating-button 5.3.1 Reflected.XSS MEDIUM" "fintelligence-calculator No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "forms-by-made-it 2.8.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "forms-by-made-it 1.12.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "featured-image-plus 1.6.6 Missing.Authorization.to.Authenticated.(Subscriber+).Featured.Image.Update MEDIUM" "footnotes-for-wordpress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "five-minute-webshop No.known.fix Admin+.SQLi.via.orderby MEDIUM" "five-minute-webshop No.known.fix Admin+.SQLi.via.id MEDIUM" "fusionspan-impexium-single-sign-on No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fusionspan-impexium-single-sign-on No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "free-sales-funnel-squeeze-pages-landing-page-builder-templates-make 0.99 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "free-sales-funnel-squeeze-pages-landing-page-builder-templates-make 0.99 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "fast-wp-speed No.known.fix Reflected.XSS HIGH" "foodbakery-sticky-cart No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "fence-url No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "featured-posts-grid No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "fb-reviews-widget 2.4 Missing.Authorization MEDIUM" "freshmail-newsletter 1.6 Unauthenticated.SQL.Injection HIGH" "fw-food-menu No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "favicon-my-blog No.known.fix Cross-Site.Request.Forgery MEDIUM" "favicon-rotator 1.2.11 Reflected.Cross-Site.Scripting MEDIUM" "frontpage-category-filter No.known.fix Cross-Site.Request.Forgery MEDIUM" "featured-image-generator 1.3.3 Missing.Authorization.to.Authenticated.(Subscriber+).Images.Upload MEDIUM" "flatpm-wp 3.1.05 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "flatpm-wp 3.0.13 Reflected.Cross-Site.Scripting HIGH" "flog No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "filedownload No.known.fix Multiple.Issues CRITICAL" "font-awesome-integration No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "fullworks-ice-ide-integration No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fullworks-ice-ide-integration No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fast-flow-dashboard 1.2.18 Reflected.Cross-Site.Scripting MEDIUM" "fast-flow-dashboard 1.2.12 Reflected.Cross-Site.Scripting MEDIUM" "fast-flow-dashboard 1.2.13 Admin+.Stored.Cross-Site.Scripting LOW" "fast-flow-dashboard 1.2.12 Reflected.Cross-Site.Scripting MEDIUM" "forms-to-zapier No.known.fix Authenticated.(Administrator+).SQL.Injection CRITICAL" "forms-to-zapier 1.1.10 Reflected.Cross-Site.Scripting MEDIUM" "forms-to-zapier 1.1.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ftp-access No.known.fix Subscriber+.Stored.XSS HIGH" "free-google-fonts 3.0.1 Reflected.XSS HIGH" "facebook-like-send-button 1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.width.Parameter MEDIUM" "facebook-like-send-button 1.2 Admin+.Stored.XSS LOW" "front-end-only-users No.known.fix Unauthenticated.Information.Exposure MEDIUM" "front-end-only-users No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "front-end-only-users No.known.fix Authenticated.(Admin+).SQL.injection MEDIUM" "front-end-only-users No.known.fix Reflected.XSS HIGH" "front-end-only-users 3.2.31 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "front-end-only-users 3.2.31 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.forgot-password.Shortcode MEDIUM" "front-end-only-users 3.2.29 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "front-end-only-users 3.2.29 Authenticated.(Contributor+).Time-Based.SQL.Injection HIGH" "front-end-only-users 3.2.25 Cross-Site.Request.Forgery MEDIUM" "fastdup 2.2 Directory.Listing.to.Account.Takeover.and.Sensitive.Data.Exposure HIGH" "fastdup 2.1.8 Sensitive.Information.Exposure.via.Log.File MEDIUM" "fifthsegment-whitelist No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "flashfader No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "facebook-wall-and-social-integration 1.11 Admin+.Stored.Cross-Site.Scripting LOW" "fixed-ip-logins 1.0 Reflected.Cross-Site.Scripting MEDIUM" "fullworks-directory No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fullworks-directory No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "first-graders-toolbox 1.0.2 Plugins.Deactivation.via.CSRF MEDIUM" "filled-in 1.9.3 Stored.XSS.via.CSRF HIGH" "find-and-replace-all 1.3 Reflected.Cross.Site.Scripting MEDIUM" "find-and-replace-all No.known.fix Arbitrary.Replacement.via.CSRF HIGH" "fish-and-ships 1.6 Reflected.Cross-Site.Scripting MEDIUM" "filebird 6.4.6 Authenticated.(Author+).Insecure.Direct.Object.Reference MEDIUM" "filebird 6.3.4 Missing.Authorization MEDIUM" "filebird 5.6.4 Author+.Stored.XSS MEDIUM" "filebird 5.6.4 Author+.Users.Folder.Deletion LOW" "filebird 5.6.1 Admin+.Stored.XSS MEDIUM" "filebird 4.7.4 Unauthenticated.SQL.Injection HIGH" "flexible-coupons 1.10.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "foyer No.known.fix Content.Injection.via.Improper.Access.Control MEDIUM" "flexmls-idx 3.14.29 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "flexmls-idx 3.14.28 Unauthenticated.PHP.Object.Injection CRITICAL" "flexmls-idx 3.14.27 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.API.parameters MEDIUM" "flexmls-idx 3.14.23 Reflected.Cross-Site.Scripting MEDIUM" "fb-account-kit-login No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fb-account-kit-login No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "firedrum-email-marketing No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "flip-boxes 1.9.0 Reflected.Cross-Site.Scripting MEDIUM" "flickr-set-slideshows No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "flickr-set-slideshows No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "food-and-drink-menu 2.4.17 Missing.Authorization.to.Menu.Creation MEDIUM" "food-and-drink-menu 2.4.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "food-and-drink-menu 2.4.11 Unauthenticated.PHP.Object.Injection HIGH" "food-and-drink-menu 2.4.7 .Cross-Site.Request.Forgery MEDIUM" "food-and-drink-menu 2.2.1 Unauthenticated.PHP.Object.Injection HIGH" "friendly-functions-for-welcart 1.2.5 Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "fathom-analytics 3.1.0 Admin+.Stored.XSS LOW" "fathom-analytics 3.0.5 Admin+.Stored.Cross-Site.Scripting LOW" "frontier-post No.known.fix Cross-Site.Request.Forgery MEDIUM" "formsite 1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fitness-calculators 2.0.9 Admin+.Stored.XSS LOW" "fitness-calculators 1.9.6 Cross-Site.Request.Forgery.to.Cross-Site.Scripting.(XSS) HIGH" "find-your-reps No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "fastly 1.2.26 Missing.Authorization MEDIUM" "fastly 1.2.26 Missing.Authorization.via.AJAX.actions MEDIUM" "forms-to-klaviyo No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "flatty-flat-admin-theme No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "fontific No.known.fix Cross-Site.Request.Forgery.via.ajax_fontific_save_all HIGH" "flexible-faqs No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "flexible-faqs 0.5.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fix-rss-feed No.known.fix Cross-Site.Request.Forgery MEDIUM" "flags-widget No.known.fix .Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "five-star-ratings-shortcode 1.2.48 Reflected.Cross-Site.Scripting MEDIUM" "five-star-ratings-shortcode 1.2.39 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "formatted-post No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "formscrm 3.6 Reflected.Cross-Site.Scripting MEDIUM" "feedblitz-email-subscription No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "floating-action-button 1.2.2 Cross-Site.Request.Forgery MEDIUM" "finpose No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "feedburner-optin-form No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fluid-responsive-slideshow 2.2.7 CSRF.&.XSS HIGH" "font-awesome-wp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fast-checkout-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fast-checkout-for-woocommerce 1.1.17 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fin-accounting-for-woocommerce 4.4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "frizzly No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "furnob-core No.known.fix Reflected.Cross-Site.Scripting HIGH" "featured-content-gallery No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "firework-videos No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "featured-images-for-rss-feeds 1.6.2 Reflected.Cross-Site.Scripting MEDIUM" "featured-images-for-rss-feeds 1.5.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "favorites 2.3.5 Admin+.Stored.XSS LOW" "favorites 2.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "favorites 2.3.3 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "feed-them-social 4.2.1 Cross-Site.Request.Forgery.via.review_nag_check LOW" "feed-them-social 4.0.0 Settings.Update.via.CSRF MEDIUM" "feed-them-social 3.0.1 Settings.Update.via.CSRF MEDIUM" "feed-them-social 3.0.1 Subscriber+.Stored.XSS MEDIUM" "feed-them-social 3.0.1 Reflected.Cross-Site.Scripting MEDIUM" "feed-them-social 3.0.1 Reflected.Cross-Site.Scripting MEDIUM" "feed-them-social 2.9.8.6 Unauthenticated.PHAR.Deserialisation MEDIUM" "feed-them-social 2.8.7 Cross-Site.Request.Forgery MEDIUM" "feed-them-social 2.8.7 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "feed-them-social 1.7.0 XSS.&.Arbitrary.Shortcode.Execution CRITICAL" "filter-portfolio-gallery No.known.fix Arbitrary.Gallery.Deletion.via.CSRF MEDIUM" "fl3r-feelbox No.known.fix Unauthenticated.SQLi HIGH" "fl3r-feelbox No.known.fix Settings.Update.via.CSRF.to.Stored.XSS HIGH" "fl3r-feelbox No.known.fix Moods.Reset.via.CSRF MEDIUM" "flickr-slideshow-wrapper No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fonts-manager-custom-fonts No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fp-rss-category-excluder No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "funnelcockpit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "funnelcockpit No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "floating-social-buttons No.known.fix Cross-Site.Request.Forgery MEDIUM" "free-download-manager No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "forms-for-divi 8.1.3 Reflected.Cross-Site.Scripting MEDIUM" "freshdesk-support 2.4.0 Open.Redirect MEDIUM" "freshdesk-support 1.8 Open.Redirect MEDIUM" "fastspring No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "flat-preloader 1.5.5 Admin+.Stored.Cross-Site.Scripting MEDIUM" "flat-preloader 1.5.4 CSRF.to.Stored.Cross-Site.Scripting HIGH" "folders-pro 3.0.3 Directory.Traversal.via.handle_folders_file_upload MEDIUM" "folders-pro 3.0.3 Authenticated(Author+).Arbitrary.File.Upload.via.handle_folders_file_upload HIGH" "fonto No.known.fix Authenticated.(Author+).Arbitrary.File.Download MEDIUM" "fonto 1.2.2 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "free-product-sample 1.2.1 Reflected.Cross-Site.Scripting MEDIUM" "free-product-sample 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fuse-social-floating-sidebar 5.4.11 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.File.Upload MEDIUM" "fuse-social-floating-sidebar 5.4.9 Reflected.Cross-Site.Scripting MEDIUM" "fuse-social-floating-sidebar 5.4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "funnel-builder 3.9.1 Unauthenticated.Local.File.Inclusion CRITICAL" "funnel-builder 3.10.2 Admin+.SQL.Injection MEDIUM" "funnel-builder 3.4.7 Missing.Authorization.to.Authenticated.(Contributor+).Settings.Update MEDIUM" "funnel-builder 3.4.0 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.Upload MEDIUM" "funnel-builder 2.14.4 Authenticated(Administrator+).SQL.Injection MEDIUM" "fami-woocommerce-compare No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "flying-twitter-birds No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "form-to-sheet No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "form-to-sheet No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "faltu-testimonial-rotator No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "flightlog No.known.fix Authenticated.(editor+).SQL.Injection HIGH" "fontawesomeio-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "feedwordpress 2024.0428 Unauthenticated.Draft.Access MEDIUM" "feedwordpress 2022.0123 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "feedwordpress 2015.0514 XSS.&.SQL-Injection MEDIUM" "flowpaper-lite-pdf-flipbook 2.0.4 Contributor+.Stored.XSS MEDIUM" "flowpaper-lite-pdf-flipbook 2.0.0 Contributor+.Stored.XSS MEDIUM" "file-upload-types 1.5.0 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "file-away No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.File.Read HIGH" "file-away No.known.fix Missing.Authorization.to.Unauthenticated.File.Upload.via.upload.Function CRITICAL" "file-away No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "flash-show-and-hide-box No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "flaming-forms No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "flaming-forms No.known.fix Unauthenticated.Stored.XSS HIGH" "flaming-forms No.known.fix Reflected.XSS HIGH" "fileorganizer 1.1.5 Authenticated.(Administrator+).Local.JavaScript.File.Inclusion HIGH" "fileorganizer 1.1.0 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "fileorganizer 1.0.8 Sensitive.Information.Exposure.via.Directory.Listing HIGH" "fileorganizer 1.0.7 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "fileorganizer 1.0.3 Admin+.Arbitrary.File.Access MEDIUM" "favicon-generator 2.1 Arbitrary.File.Upload.via.CSRF HIGH" "favicon-generator 2.1 Cross-Site.Request.Forgery.to.Arbitrary.File.Deletion CRITICAL" "favicon-generator 2.1 Arbitrary.File.Deletion.via.CSRF HIGH" "fatal-error-notify 1.5.3 Subscriber+.Test.Error.Email.Sending MEDIUM" "fluent-security 1.0.2 Bypass.blocks.by.IP.Spoofing MEDIUM" "flo-launch 2.4.1 Missing.Authentication.Allow.Full.Site.Takeover CRITICAL" "full-customer 3.1.26 3.1.25.-.Authenticated.(Subscriber+).SQL.Injection MEDIUM" "full-customer 3.1.26 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "full-customer 3.1.23 Reflected.Cross-Site.Scripting MEDIUM" "full-customer 3.1.13 Unauthenticated.Stored.Cross-Site.Scripting.via.License.Plan.Parameter HIGH" "full-customer 2.3 Customer.<.2.3.-.Subscriber+.Health.Check.Disclosure MEDIUM" "full-customer 2.3 Customer.<.2.3.-.Subscriber+.Arbitrary.Plugin.Installation HIGH" "fotobook No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "flo-forms No.known.fix Missing.Authorization MEDIUM" "flo-forms 1.0.43 Missing.Authorization MEDIUM" "flo-forms 1.0.42 Subscriber+.Test.Email.Sending MEDIUM" "flo-forms 1.0.41 Admin+.Stored.XSS LOW" "flo-forms 1.0.36 Authenticated.Options.Change.to.Stored.XSS CRITICAL" "fast-search-powered-by-solr No.known.fix Settings.Update.via.CSRF MEDIUM" "fast-search-powered-by-solr No.known.fix Admin+.Stored.XSS LOW" "fulltext-search 1.79.264 Missing.Authorization MEDIUM" "fulltext-search 1.79.262 Missing.Authorization MEDIUM" "fulltext-search 1.79.262 Cross-Site.Request.Forgery MEDIUM" "fulltext-search 1.69.234 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "fulltext-search 1.70.236 Cross-Site.Request.Forgery MEDIUM" "fulltext-search 1.69.234 Missing.Authorization MEDIUM" "fulltext-search 1.60.213 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.WPFTS.Live.Search.Widget MEDIUM" "fusedesk 6.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.successredirect.Parameter MEDIUM" "fusedesk 6.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fancybox-for-wordpress 3.3.6 Unauthenticated.Stored.XSS HIGH" "fancybox-for-wordpress 3.3.5 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "fancybox-for-wordpress 3.3.4 3.3.3.-.Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "fancier-author-box No.known.fix Admin+.Stored.XSS LOW" "filester 1.8.9 Administrator+.Arbitrary.File.Upload MEDIUM" "filester 1.8.7 Missing.Authorization.to.Authenticated.(Subscriber+).Filebird.Plugin.Installation MEDIUM" "filester 1.8.6 Authenticated.(Administrator+).Local.JavaScript.File.Inclusion HIGH" "filester 1.8.7 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "filester 1.8.3 Authenticated.Plugin.Settings.Update HIGH" "filester 1.8.1 Admin+.Remote.Code.Execution MEDIUM" "filester 1.8.1 Admin+.Stored.Cross-Site.Scripting LOW" "filester 1.8 Remote.Code.Execution.via.CSRF CRITICAL" "fontsampler No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fontsampler 0.14.3 CSRF.to.Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "focus-on-reviews-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "feature-comments 1.2.5 wp-admin/admin-ajax.php.Comment.Status.Manipulation.CSRF MEDIUM" "floating-social-bar No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "floating-social-bar 1.1.7 Cross-Site.Scripting.(XSS) MEDIUM" "fable-extra 1.0.7 Unauthenticated.Local.File.Inclusion CRITICAL" "fable-extra 1.0.7 Unauthenticated.SQL.Injection HIGH" "fable-extra 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fullworks-pricing-tables No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fullworks-pricing-tables No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fwd-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "flipbox-builder No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "file-manager 6.8 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.SVG.File.Uploads MEDIUM" "file-manager 6.5.8 Authenticated.(Subscriber+).Limited.JavaScript.File.Upload MEDIUM" "file-manager 6.5.6 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "file-manager 6.5.6 6.5.5.-.Unauthenticated.Remote.Code.Execution.via.Race.Condition HIGH" "file-manager 6.3 Admin+.Arbitrary.OS.File/Folder.Access.+.Path.Traversal MEDIUM" "file-manager 5.2.3 Subscriber+.Arbitrary.File.Creation/Upload/Deletion CRITICAL" "file-manager 5.0.2 Information.Disclosure HIGH" "fossura-tag-miner 1.1.5 Cross-Site.Request.Forgery.(CSRF).&.XSS HIGH" "featured-image-from-url 4.8.3 Missing.Authorization MEDIUM" "featured-image-from-url 4.8.2 Missing.Authorization MEDIUM" "featured-image-from-url 4.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.fifu_input_url MEDIUM" "featured-image-from-url 4.5.4 Contributor+.Stored.XSS MEDIUM" "featured-image-from-url 4.0.1 Admin+.Stored.Cross-Site.Scripting LOW" "featured-image-from-url 4.0.0 Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "fediverse-embeds 1.5.4 Unauthenticated.Arbitrary.File.Upload CRITICAL" "f4-tree 1.1.19 Reflected.Cross-Site.Scripting MEDIUM" "f4-tree 1.1.15 Reflected.Cross-Site.Scripting MEDIUM" "f4-tree 1.1.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "formget-contact-form No.known.fix Contributor+.Stored.XSS MEDIUM" "flickr-shortcode-importer No.known.fix Authenticated.(Administrator+).PHP.Object.Injection HIGH" "floatbox-plus No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "fitness-trainer 1.4.1 Subscriber+.Privilege.Escalation CRITICAL" "frontend-registration-contact-form-7 No.known.fix Authenticated.(Editor+).Privilege.Escalation HIGH" "find-duplicates No.known.fix Authenticated.(Subscriber+).SQL.Injection CRITICAL" "fluent-support 1.8.6 Unauthenticated.Sensitive.Information.Exposure.Through.Unprotected.Directory HIGH" "fluent-support 1.8.1 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "fluent-support 1.8.1 Insufficient.Authorization.on.Email.Verification MEDIUM" "fluent-support 1.7.7 Authenticated(Administrator+).SQL.Injection MEDIUM" "fluent-support 1.5.8 Admin+.SQLi MEDIUM" "files-download-delay No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "files-download-delay 1.0.8 Reflected.Cross-Site.Scripting MEDIUM" "files-download-delay 1.0.7 Subscriber+.Settings.Reset MEDIUM" "files-download-delay 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "flexi-quote-rotator No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "flynax-bridge No.known.fix Unauthenticated.Arbitrary.User.Deletion MEDIUM" "flynax-bridge No.known.fix Unauthenticated.Limited.Privilege.Escalation HIGH" "flynax-bridge No.known.fix Unauthenticated.Privilege.Escalation.via.Account.Takeover CRITICAL" "flynax-bridge No.known.fix Unauthenticated.Privilege.Escalation.via.Password.Update CRITICAL" "fw-gallery No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "front-end-pm 11.4.3 Sensitive.Data.Exposure.via.Directory.Listing MEDIUM" "front-end-pm 11.3.8 Reflected.Cross-Site.Scripting MEDIUM" "front-end-pm 11.3.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "free-comments-for-wordpress-vuukle 4.0 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "fg-joomla-to-wordpress 4.21.0 Sensitive.Information.Exposure MEDIUM" "flickr-justified-gallery No.known.fix Cross-Site.Request.Forgery MEDIUM" "flickr-justified-gallery 3.4.0 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "fomo-payment-gateway-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fluentform 6.0.3 Contributor+.Stored.XSS MEDIUM" "fluentform 6.0.0 IP-Spoofing MEDIUM" "fluentform 5.2.7 Unauthenticated.Stored.XSS.via.Form.Subject HIGH" "fluentform 5.2.1 Admin+.Stored.XSS LOW" "fluentform 5.1.20 Form.Manager+.Stored.XSS LOW" "fluentform 5.1.19 .Missing.Authorization.to.Authenticated.(Subscriber+).Mailchimp.Integration.Modification MEDIUM" "fluentform 5.1.20 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "fluentform 5.1.20 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "fluentform 5.1.20 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "fluentform 5.1.20 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.Welcome.Screen.Fields MEDIUM" "fluentform 5.1.16 Contributor+.PHP.Object.Injection MEDIUM" "fluentform 5.1.14 Subscriber+.Stored.XSS MEDIUM" "fluentform 5.1.17 Unauthenticated.Settings.Update MEDIUM" "fluentform 5.1.17 Contributor+.Stored.XSS MEDIUM" "fluentform 5.1.17 Unauthenticated.Limited.Privilege.Escalation MEDIUM" "fluentform 5.1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fluentform 5.1.7 Admin+.Stored.Cross-Site.Scripting.via.imported.form.title MEDIUM" "fluentform 5.0.9 Insecure.Direct.Object.Reference MEDIUM" "fluentform 5.0.0 SQL.Injection MEDIUM" "fluentform 4.3.25 Contributor+.Stored.XSS.via.Custom.HTML.Form.Field MEDIUM" "fluentform 4.3.13 CSV.Injection LOW" "fluentform 3.6.67 Cross-Site.Request.Forgery.(CSRF) HIGH" "featured-posts-scroll No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "formforall No.known.fix Contributor+.Stored.XSS MEDIUM" "floating-social-media-links No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "fluent-smtp 2.2.81 Cross-Site.Request.Forgery MEDIUM" "fluent-smtp 2.2.83 Unauthenticated.PHP.Object.Injection HIGH" "fluent-smtp 2.2.5 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "fluent-smtp 2.2.3 Stored.XSS.via.Email.Logs HIGH" "fluent-smtp 2.0.1 Authenticated.Stored.XSS LOW" "frontend-login-and-registration-blocks No.known.fix Unauthenticated.Privilege.Escalation.via.Account.Takeover CRITICAL" "frontend-login-and-registration-blocks No.known.fix Subscriber+.Privilege.Escalation.via.Password.Reset HIGH" "freetobook-responsive-widget 1.1.1 Cross-Site.Request.Forgery MEDIUM" "flat-ui-button No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.flatbtn.Shortcode MEDIUM" "flower-delivery-by-florist-one 3.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "flower-delivery-by-florist-one No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "form-maker 1.15.34 Admin+.Stored.XSS LOW" "form-maker 1.15.32 Admin+.Stored.XSS LOW" "form-maker 1.15.30 Admin+.Stored.XSS LOW" "form-maker 1.15.30 Admin+.Stored.XSS LOW" "form-maker 1.15.33 .Admin+.Stored.XSS LOW" "form-maker 1.15.33 Admin+.Stored.XSS.via.Theme.Title LOW" "form-maker 1.15.31 Admin+.Stored.XSS LOW" "form-maker 1.15.28 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "form-maker 1.15.31 Reflected.Cross-Site.Scripting.via.add_query_arg.Parameter MEDIUM" "form-maker 1.15.28 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "form-maker 1.15.27 Reflected.Cross-Site.Scripting HIGH" "form-maker 1.15.26 Admin+.Stored.XSS MEDIUM" "form-maker 1.15.25 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "form-maker 1.15.25 Authenticated.(Subscriber+).Stored.Self-Based.Cross-Site.Scripting MEDIUM" "form-maker 1.15.24 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "form-maker 1.15.23 Sensitive.Information.Exposure MEDIUM" "form-maker 1.15.22 CSRF.to.limited.RCE MEDIUM" "form-maker 1.15.21 Captcha.Bypass HIGH" "form-maker 1.15.19 Reflected.XSS HIGH" "form-maker 1.15.19 Unauthenticated.Stored.XSS CRITICAL" "form-maker 1.15.20 Unauthenticated.Arbitrary.File.Upload MEDIUM" "form-maker 1.15.6 Admin+.SQLI LOW" "form-maker 1.14.12 Admin+.Stored.Cross-Site.Scripting MEDIUM" "form-maker 1.13.60 Authenticated.Stored.XSS HIGH" "form-maker 1.13.40 Authenticated.Reflected.XSS HIGH" "form-maker 1.13.36 Authenticated.SQL.Injection HIGH" "form-maker 1.13.3 Authenticated.SQL.Injection HIGH" "form-maker 1.13.5 Cross-Site.Request.Forgery.(CSRF).to.LFI MEDIUM" "form-maker 1.12.24 CSV.Injection MEDIUM" "furikake No.known.fix Unauthenticated.Open.Redirect MEDIUM" "facebook-conversion-pixel 3.0.6 Reflected.Cross-Site.Scripting MEDIUM" "facebook-conversion-pixel 2.6.4 Reflected.Cross-Site.Scripting MEDIUM" "facebook-conversion-pixel 2.6.2 CSRF.to.Stored.Cross-Site.Scripting HIGH" "facebook-conversion-pixel 2.6.3 Admin+.Stored.Cross-Site.Scripting LOW" "famethemes-demo-importer 1.1.6 Cross-Site.Request.Forgery MEDIUM" "fs-product-inquiry No.known.fix Reflected.XSS HIGH" "fs-product-inquiry No.known.fix Unauthenticated.Stored.XSS HIGH" "free-shipping-label 2.6.11 Reflected.Cross-Site.Scripting MEDIUM" "far-future-expiry-header 1.5 Plugin's.Settings.Update.via.CSRF MEDIUM" "fyrebox-shortcode No.known.fix Stored.XSS.via.CSRF HIGH" "fastbook-responsive-appointment-booking-and-scheduling-system No.known.fix Cross-Site.Request.Forgery MEDIUM" "fastbook-responsive-appointment-booking-and-scheduling-system No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "featured-product-by-category-name No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "flexible-shipping 4.24.16 Missing.Authorization MEDIUM" "flexible-shipping 4.11.9 Reflected.Cross-Site.Scripting MEDIUM" "faq-for-woocommerce 1.7.1 Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "faq-for-woocommerce 1.7.1 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "faq-for-woocommerce 1.6.4 WooCommerce.Product.FAQ.<.1.6.4.-.Reflected.Cross-Site.Scripting MEDIUM" "faq-for-woocommerce 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "freemage No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "freemage No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "freemage No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "foogallery-premium 2.4.27 Authenticated.(Contributor+).Directory.Traversal HIGH" "foogallery-premium 2.4.15 Author+.Stored.XSS MEDIUM" "foogallery-premium 2.4.6 Contributor+.Stored.XSS MEDIUM" "fast-index 1.10 Reflected.Cross-Site.Scripting MEDIUM" "football-leagues-by-anwppro 0.16.8 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "forms-gutenberg No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "forms-gutenberg 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "formafzar 2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "feedfocal 1.3.0 Unauthenticated.Tracking.Code.Update MEDIUM" "foliopress-wysiwyg No.known.fix .Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "facebook-pagelike-widget 6.4.2 Admin+.Stored.XSS LOW" "facebook-pagelike-widget 6.4 Admin+.Stored.XSS LOW" "flowfact-wp-connector 2.1.8 Reflected.XSS HIGH" "formello 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "footer-putter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "formularios-de-contacto-salesup No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "free-product-table-for-woocommerce No.known.fix Missing.Authorization.to.Arbitrary.Content.Deletion MEDIUM" "free-product-table-for-woocommerce No.known.fix Missing.Authorization MEDIUM" "flexible-woocommerce-checkout-field-editor No.known.fix Missing.Authorization MEDIUM" "fluid-notification-bar No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "foobox-image-lightbox-premium 2.7.28 Admin+.Stored.XSS LOW" "footer-flyout-widget No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "frontend-dashboard 2.2.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "frontend-dashboard 2.2.8 2.2.7.-.Subscriber+.Account.Takeover/Privilege.Escalation.via.ajax_request.Function HIGH" "frontend-dashboard 2.2.8 2.2.7.-.Subscriber+.Privilege.Escalation.via.fed_admin_setting_form_function.Function HIGH" "frontend-dashboard 2.2.7 2.2.6.-.Unauthenticated.Privilege.Escalation.via.fed_wp_ajax_fed_login_form_post.Function CRITICAL" "frontend-dashboard 2.2.6 Unauthenticated.SQL.Injection HIGH" "frontend-dashboard 2.2.5 Authenticated.(Subscriber+).Arbitrary.Function.Call HIGH" "frontend-dashboard 2.2.4 Frontend.Dashboard.<.2,2,4.- MEDIUM" "frontend-dashboard 2.2.2 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "flipdish-ordering-system No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "form-to-chat 1.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "feed-changer 0.3 Admin+.Stored.XSS LOW" "favicon-by-realfavicongenerator 1.3.23 Reflected.Cross-Site.Scripting MEDIUM" "favicon-by-realfavicongenerator 1.3.22 Reflected.Cross-Site.Scripting.(XSS) HIGH" "first-comment-redirect No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "frndzk-expandable-bottom-bar No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.text.Parameter MEDIUM" "form-data-collector 2.2.4 Reflected.Cross-Site.Scripting MEDIUM" "filter-gallery 0.1.6 Admin+.Stored.XSS LOW" "filter-gallery 0.0.7 Unauthorised.AJAX.Calls HIGH" "faqs No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "faqs No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "fancy-gallery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "funnel-builder-pro 3.5.0 Funnel.Kit.Funnel.Builder.PRO.<.3,5,0.Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.allow_iframe_tag_in_post MEDIUM" "gf-multi-uploader 1.1.5 Unauthenticated.Arbitrary.File.Upload CRITICAL" "gallery-styles 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "global-notification-bar No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "go-to-top No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "gift-voucher 4.5.0 Missing.Authorization.to.Unauthenticated.Price,.Date,.and.Note.Updates MEDIUM" "gift-voucher 4.4.5 Author+.Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "gift-voucher 4.4.1 Cross-Site.Request.Forgery MEDIUM" "gift-voucher 4.3.3 Subscriber+.SQLi HIGH" "gift-voucher 4.1.8 Unauthenticated.Blind.SQL.Injection HIGH" "gravity-forms-toolbar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "guestofy-restaurant-reservations No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "guestofy-restaurant-reservations No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gallery-lightbox-slider 1.0.0.41 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "guild-armory-roster No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "globe-gateway-e4 No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "gf-freshdesk 1.2.9 Reflected.Cross-Site.Scripting HIGH" "gp-back-to-top No.known.fix Cross-Site.Request.Forgery MEDIUM" "gotcha-gesture-based-captcha No.known.fix Reflected.Cross-Site.Scripting.via.menu.Parameter MEDIUM" "gb-gallery-slideshow No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gb-gallery-slideshow No.known.fix Missing.Authorization MEDIUM" "google-places-reviews 2.0.0 Admin+.Stored.Cross.Site.Scripting LOW" "gtranslate 3.0.4 Admin+.Stored.XSS LOW" "gtranslate 2.9.9 CSRF.to.Account.Takeover HIGH" "gtranslate 2.9.7 Reflected.Cross-Site.Scripting LOW" "gtranslate 2.8.65 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "gtranslate 2.8.52 Unauthenticated.Reflected.Cross.Site.Scripting.(XSS) MEDIUM" "get-a-quote-for-woocommerce No.known.fix Unauthenticated.Quote.PDF.and.CSV.Download MEDIUM" "gs-woocommerce-products-slider 1.5.9 Contributor+.Stored.XSS MEDIUM" "gsheetconnector-wpforms-pro 2.5.7 Reflected.XSS HIGH" "getresponse-integration No.known.fix Contributor+.Stored.XSS MEDIUM" "getresponse-integration 5.5.32 Contributor+.Stored.XSS MEDIUM" "getresponse-integration 5.5.21 API.Key.Update.via.CSRF MEDIUM" "greenshift-animation-and-page-builder-blocks 11.5.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "greenshift-animation-and-page-builder-blocks 11.4.6 11.4.5.-.Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "greenshift-animation-and-page-builder-blocks 11.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "greenshift-animation-and-page-builder-blocks 10.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "greenshift-animation-and-page-builder-blocks 9.0.1 Missing.Authorization.to.Authenticated.(Subscriber+).Server-Side.Request.Forgery.and.Stored.Cross-Site.Scripting MEDIUM" "greenshift-animation-and-page-builder-blocks 9.9.9.4 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "greenshift-animation-and-page-builder-blocks 9.8 Missing.Authorization MEDIUM" "greenshift-animation-and-page-builder-blocks 9.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "greenshift-animation-and-page-builder-blocks 8.9.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "greenshift-animation-and-page-builder-blocks 7.6.3 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "greenshift-animation-and-page-builder-blocks 4.3 Reflected.Cross-Site.Scripting MEDIUM" "greenshift-animation-and-page-builder-blocks 5.0.0 Author+.Stored.XSS MEDIUM" "greenshift-animation-and-page-builder-blocks 5.0 Contributor+.Stored.XSS MEDIUM" "greenshift-animation-and-page-builder-blocks 4.8.9 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "greenshift-animation-and-page-builder-blocks 1.1.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "google-distance-calculator 3.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gdreseller No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "gdreseller No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gdpr-compliance No.known.fix Authenticated.(Subscriber+).Information.Exposure MEDIUM" "gs-logo-slider 3.7.4 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "gs-logo-slider 3.7.1 Settings.Update.via.Cross-Site.Request.Forgery MEDIUM" "gs-logo-slider 3.6.9 Admin+.Stored.XSS LOW" "gs-logo-slider 3.5.2 Cross-Site.Request.Forgery MEDIUM" "gs-logo-slider 3.3.8 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "goolytics-simple-google-analytics 1.1.2 Simple.Google.Analytics.<.1.1.2.-.Admin+.Stored.Cross-Site.Scripting LOW" "get-post-content-shortcode No.known.fix Insecure.Direct.Object.Reference.to.Authenticated.(Contributor+).Sensitive.Information.Disclosure.via.post_content.Shortcode MEDIUM" "goodbarber 1.0.27 Open.Redirect MEDIUM" "goodbarber 1.0.24 Settings.Update.via.CSRF MEDIUM" "gf2pdf No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "green-money-payment-gateway 3.0.10 3.0.9.-.Unauthenticated.Information.Exposure MEDIUM" "grid-view-gallery No.known.fix Authenticated.(Editor+).PHP.Object.Injection HIGH" "gwolle-gb 4.7.2 Reflected.Cross-Site.Scripting MEDIUM" "gwolle-gb 4.2.0 Reflected.Cross-Site.Scripting MEDIUM" "gwolle-gb 2.5.4 Cross-Site.Scripting.(XSS) MEDIUM" "gwolle-gb 2.1.1 Cross-Site.Request.Forgery.(CSRF) CRITICAL" "glorious-sites-installer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "glorious-sites-installer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gdpr-tools No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "go-fetch-jobs-jobengine No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "go-fetch-jobs-jobengine No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "gift-message-for-woocommerce 1.7.9 Cross-Site.Request.Forgery MEDIUM" "gift-message-for-woocommerce 1.7.5 Reflected.Cross-Site.Scripting MEDIUM" "gift-message-for-woocommerce 1.6.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gap-hub-user-role No.known.fix Cross-Site.Request.Forgery MEDIUM" "gamipress 7.4.6 Authenticated.(Administrator+).SQL.Injection MEDIUM" "gamipress 7.3.8 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "gamipress 7.2.2 Unauthenticated.Arbitrary.Shortcode.Execution.via.gamipress_do_shortcode().Function HIGH" "gamipress 7.2.2 Unauthenticated.Arbitrary.Shortcode.Execution.via.gamipress_ajax_get_logs.Function HIGH" "gamipress 7.3.2 Unauthenticated.SQL.Injection.via.orderby.Parameter HIGH" "gamipress 7.1.6 Unauthenticated.Arbitrary.Shortcode.Execution.via.gamipress_get_user_earnings HIGH" "gamipress 6.8.9 Broken.Access.Control LOW" "gamipress 6.8.6 Cross-Site.Request.Forgery MEDIUM" "gamipress 6.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "gamipress 6.8.7 Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "gamipress 2.5.7.1 Unauthenticated.SQLi HIGH" "google-analytics-opt-out 2.3.5 Admin+.Stored.XSS LOW" "genki-pre-publish-reminder No.known.fix Stored.XSS.&.RCE.via.CSRF HIGH" "gutenify No.known.fix Contributor+.Stored.XSS MEDIUM" "gutenify 1.4.1 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "gmap-point-list No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gs-pinterest-portfolio 1.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gs-pinterest-portfolio 1.8.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shorcode MEDIUM" "gs-pinterest-portfolio 1.8.1 Missing.Authorization.via._update_shortcode MEDIUM" "giphypress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gamipress-reset-user 1.0.1 Reset.User.<=.1.0.0.-.GamiPress.User.Data.Removal.via.CSRF MEDIUM" "guest-author 2.4 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "guest-author 2.4 Contributor+.Stored.XSS MEDIUM" "generatepress-premium 2.4.0 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Custom.Meta MEDIUM" "gallery-categories 1.0.9 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "geodatasource-country-region-dropdown 1.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "google-site-kit 1.8.0 Privilege.Escalation.to.gain.Search.Console.Access CRITICAL" "gt3-photo-video-gallery 2.7.7.26 Contributor+.Stored.XSS MEDIUM" "gt3-photo-video-gallery 2.7.7.25 GT3.Image.Gallery.&.Gutenberg.Block.Gallery.<.2.7.7.25.-.Reflected.Cross-Site.Scripting MEDIUM" "gt3-photo-video-gallery 2.7.7.22 GT3.Image.Gallery.&.Gutenberg.Block.Gallery.<.2.7.7.22.-.Authenticated.(Author+).Cross-Site.Scripting MEDIUM" "gocodes No.known.fix Authenticated.XSS.&.Blind.SQL.Injection HIGH" "gs-team-members 2.2.4 Contributor+.Stored.XSS MEDIUM" "gs-team-members 2.2.2 Reflected.Cross-Site.Scripting MEDIUM" "gs-team-members 1.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gotmls 4.23.56 Unauthenticated.Remote.Code.Execution CRITICAL" "gotmls 4.21.83 Reflected.Cross-Site.Scripting MEDIUM" "gotmls 4.20.96 Reflected.Cross-Site.Scripting LOW" "gotmls 4.20.94 Admin+.Reflected.Cross-Site.Scripting LOW" "gs-projects 1.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "global-multisite-search No.known.fix CSRF.Bypass MEDIUM" "get-a-quote-button-for-woocommerce 1.5 Unauthenticated.Arbitrary.Shortcode.Execution.via.fire_contact_form HIGH" "goqsmile No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "good-url-preview-box No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "google-typography No.known.fix Missing.Authorization MEDIUM" "genki-announcement No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "gutentor 3.4.7 Admin+.SQL.Injection MEDIUM" "gutentor 3.4.4 Contributor+.Stored.XSS MEDIUM" "gutentor 3.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Widget MEDIUM" "gutentor 3.3.6 Gutenberg.Blocks.-.Page.Builder.for.Gutenberg.Editor.<.3.3.6.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gutentor 3.3.6 Contributor+.Stored.XSS MEDIUM" "gutentor 1.0.3 Reflected.Cross-Site.Scripting MEDIUM" "gtbabel 6.6.9 Unauthenticated.Admin.Account.Takeover HIGH" "google-captcha 1.79 CAPTCHA.Bypass MEDIUM" "google-captcha 1.28 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "guest-author-name 4.35 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gallery-slideshow No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gd-rating-system 3.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.extra_class.Parameter MEDIUM" "gd-rating-system 3.6.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "gd-rating-system 3.5.1 Unauthenticated.Stored.Cross-Site.Scripting.via.IP MEDIUM" "gd-rating-system 2.3.1 Multiple.Vulnerabilities HIGH" "gd-rating-system 2.1 XSS MEDIUM" "global-meta-keyword-and-description No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "get-cash 3.2 Reflected.Cross-Site.Scripting MEDIUM" "gtm-kit 2.4.1 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "globalquran No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "gtpayment-donation No.known.fix Stored.XSS.via.CSRF HIGH" "gtmetrix-for-wordpress 0.4.8 Arbitrary.Post.Deletion.via.CSRF MEDIUM" "gtmetrix-for-wordpress 0.4.6 Reflected.Cross-Site.Scripting HIGH" "gtmetrix-for-wordpress 0.4.6 Reflected.XSS HIGH" "gdpr-cookie-compliance 4.15.7 Admin+.Stored.XSS LOW" "gdpr-cookie-compliance 4.15.9 Admin+.Stored.XSS LOW" "gdpr-cookie-compliance 4.15.7 Admin+.Stored.XSS LOW" "gdpr-cookie-compliance 4.15.7 Admin+.Stored.XSS LOW" "gdpr-cookie-compliance 4.15.9 Admin+.Stored.XSS LOW" "gdpr-cookie-compliance 4.15.7 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "gdpr-cookie-compliance 4.15.7 Admin+.Stored.XSS LOW" "gdpr-cookie-compliance 4.12.5 License.Update/Deactivation.via.CSRF MEDIUM" "gold-price-chart-widget No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.plugin.settings MEDIUM" "greenshiftwoo 1.9.8 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "google-one 1.3.4 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "gettext-override-translations 2.0.0 Admin+.Stored.Cross-Site.Scripting LOW" "gsheetconnector-for-elementor-forms-pro 1.0.5 Reflected.XSS HIGH" "giveaway No.known.fix Authenticated.SQL.Injection HIGH" "googlemapper-2 No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gdpr-cookie-consent 3.8.1 Cross-Site.Request.Forgery MEDIUM" "gdpr-cookie-consent 3.6.6 Missing.Authorization.to.Authenticated.(Subscriber+).Whitelist.Script MEDIUM" "gdpr-cookie-consent 3.3.0 Unauthenticated.Stored.Cross-Site.Scripting.via.Client-IP.header HIGH" "gdpr-cookie-consent 3.1.0 Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "getsocial No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "go-fetch-jobs-wp-job-manager 1.8.4.5 Reflected.Cross-Site.Scripting MEDIUM" "go-fetch-jobs-wp-job-manager 1.7.3.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gatormail-smart-forms 1.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "google-analytics-for-wordpress 8.22.0 Missing.Authorization MEDIUM" "google-analytics-for-wordpress 8.14.1 Contributor+.Stored.XSS MEDIUM" "google-analytics-for-wordpress 8.12.1 Contributor+.Stored.XSS MEDIUM" "google-analytics-for-wordpress 8.9.1 Stored.Cross-Site.Scripting.via.Google.Analytics MEDIUM" "gs-coach 1.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "grid-kit-premium 2.2.0 Multiple.Reflected.Cross-Site.Scripting HIGH" "grid-kit-premium 2.1.2 Reflected.Cross-Site.Scripting HIGH" "grid-kit-premium 2.1.2 Reflected.Cross-Site.Scripting HIGH" "gracemedia-media-player No.known.fix Local.File.Inclusion.(LFI) CRITICAL" "gigpress No.known.fix Admin+.Stored.Cross.Site.Scripting LOW" "gigpress No.known.fix Subscriber+.SQLi HIGH" "gigpress 2.3.28 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "gigpress 2.3.11 Authenticated.XSS.&.Blind.SQLi HIGH" "gnu-mailman-integration No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gmap-embed 1.9.4 Admin+.Stored.XSS LOW" "gmap-embed 1.9.4 Admin+.Stored.XSS LOW" "gmap-embed 1.8.4 Arbitrary.Post.Deletion.and.Plugin's.Settings.Update.via.CSRF MEDIUM" "gmap-embed 1.8.1 Subscriber+.Map.Creation/Update/Deletion MEDIUM" "gmap-embed 1.8.1 Subscriber+.Arbitrary.Post.Deletion.and.Plugin's.Settings.Update MEDIUM" "gmap-embed 1.7.7 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "ga-for-wp 2.2.0 Reflected.Cross-Site.Scripting MEDIUM" "ga-for-wp 1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "google-maps-anywhere No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "gsheetconnector-ninja-forms 1.2.8 Reflected.Cross-Site.Scripting MEDIUM" "gsheetconnector-ninja-forms 1.2.7 Reflected.XSS HIGH" "gsheetconnector-ninja-forms 1.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "great-quotes No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "google-maps-widget 4.25 Admin+.Stored.XSS LOW" "gotowp No.known.fix Contributor+.Stored.XSS MEDIUM" "genesis-blocks 3.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Sharing.Block.Attributes MEDIUM" "genesis-blocks 3.1.4 Contributor+.Stored.XSS MEDIUM" "genesis-blocks 3.1.3 Contributor+.Stored.XSS MEDIUM" "genesis-blocks 3.1.3 Contributor+.Stored.XSS MEDIUM" "google-map-professional No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "google-map-professional No.known.fix Reflected.XSS HIGH" "gwp-histats No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "google-org-chart No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gf-excel-import 1.18.1 Reflected.Cross-Site.Scripting HIGH" "gc-testimonials No.known.fix Contributor+.Stored.XSS MEDIUM" "gnucommerce No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "gnucommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gnucommerce 1.4.2 XSS MEDIUM" "gnucommerce 0.5.7-beta XSS MEDIUM" "gou-wc-account-tabs 1.0.1.9 Missing.Authorization MEDIUM" "gantry No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gallery-plugin 4.7.4 Authenticated.(Administrator+).PHP.Object.Injection HIGH" "gallery-plugin 4.7.0 Author+.SQL.Injection MEDIUM" "gallery-plugin 4.7.0 Author+.Stored.Cross-Site.Scripting MEDIUM" "gallery-plugin 4.5.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "good-reviews-wp 2.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Review.URL MEDIUM" "gdpr-framework 2.2.0 Admin+.Stored.XSS LOW" "google-mobile-sitemap No.known.fix Cross-Site.Request.Forgery MEDIUM" "gmo-social-connection No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "g-auto-hyperlink No.known.fix Admin+.SQL.Injection MEDIUM" "grand-media 1.20.0 Admin+.Stored.Cross-Site.Scripting LOW" "grand-media 1.18.5 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "getyourguide-ticketing 1.0.4 Admin+.Stored.XSS LOW" "gs-dribbble-portfolio 1.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "google-language-translator 6.0.12 Google.Language.Translator.<.6.0.12.-.Admin+.Stored.Cross-Site.Scripting LOW" "google-language-translator 6.0.10 Authenticated.(author+).Cross-Site.Scripting.(XSS) MEDIUM" "google-language-translator 6.0.10 Authenticated.Cross-Site.Scripting.(XSS) LOW" "google-language-translator 5.0.06 XSS MEDIUM" "get-site-to-phone-by-qr-code No.known.fix Stored.XSS.via.CSRF MEDIUM" "grid-accordion-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gallery-voting 1.3 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "go-viral No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "go-viral 1.8.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gd-mail-queue 4.4 CVE-2025-24608 MEDIUM" "gd-mail-queue 4.0 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "google-maps-v3-shortcode No.known.fix Contributor+.XSS MEDIUM" "gmapsmania No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "gpt3-ai-content-generator 1.9.15 Cross-Site.Request.Forgery MEDIUM" "gpt3-ai-content-generator 1.8.97 Authenticated.(Admin+).PHP.Object.Injection.via.wpaicg_export_prompts HIGH" "gpt3-ai-content-generator 1.8.97 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "gpt3-ai-content-generator 1.8.97 Authenticated.(Admin+).PHP.Object.Injection.via.wpaicg_export_ai_forms HIGH" "gpt3-ai-content-generator 1.8.97 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "gpt3-ai-content-generator 1.8.90 Unauthenticated.Arbitrary.File.Upload CRITICAL" "gpt3-ai-content-generator 1.8.67 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gpt3-ai-content-generator 1.8.13 Cross-Site.Request.Forgery MEDIUM" "gpt3-ai-content-generator 1.8.3 Missing.Authorization.to.Sensitive.Data.Exposure MEDIUM" "gpt3-ai-content-generator 1.7.38 Reflected.Cross-Site.Scripting MEDIUM" "gpt3-ai-content-generator 1.4.38 Subscriber+.Arbitrary.Post.Content.Update MEDIUM" "get-your-number No.known.fix Admin+.Stored.XSS LOW" "guten-free-options No.known.fix Reflected.XSS HIGH" "guten-free-options No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "goal-tracker-ga 1.0.11 Reflected.Cross-Site.Scripting MEDIUM" "genesis-style-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gs-portfolio 1.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gs-portfolio 1.6.1 Contributor+.Stored.XSS MEDIUM" "game-review-block 4.8.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.className.Parameter MEDIUM" "glass No.known.fix CSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "gravity-forms-multiple-form-instances 1.1.2 Unauthenticated.Full.Path.Disclosure MEDIUM" "gfirem-action-after No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gfirem-action-after No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "geocache-stat-bar-widget No.known.fix Admin+.Stored.XSS LOW" "get-directions 2.16.2 Reflected.Cross-Site.Scripting MEDIUM" "get-directions 2.15.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gs-envato-portfolio 1.4.0 Contributor+.Stored.XSS MEDIUM" "gallery-image-gallery-photo 1.1.6 Grid.Gallery.<.1.1.6.-.Admin+.Stored.Cross-Site.Scripting LOW" "google-apps-login 3.4.5 Admin+.Stored.XSS LOW" "global-payments-woocommerce 1.13.3 Reflected.XSS HIGH" "google-calendar-events 3.4.3 Reflected.Cross-Site.Scripting MEDIUM" "google-calendar-events 3.2.8 Contributor+.Stored.XSS.via.shortcode MEDIUM" "google-calendar-events 3.2.5 Cross-Site.Request.Forgery.via.duplicate_feed MEDIUM" "google-calendar-events 3.2.6 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "gd-bbpress-attachments 4.7.3 Reflected.Cross-Site.Scripting MEDIUM" "gd-bbpress-attachments 4.4 Admin+.Stored.XSS LOW" "gm-woo-product-list-widget No.known.fix Reflected.XSS HIGH" "gs-woo-brands 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "google-adsense-and-hotel-booking No.known.fix Open.Proxy CRITICAL" "graceful-email-obfuscation No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "geounit-maps 0.0.7 Reflected.Cross-Site.Scripting MEDIUM" "google-seo-author-snippets No.known.fix Cross-Site.Request.Forgery MEDIUM" "google-seo-author-snippets No.known.fix Missing.Authorization MEDIUM" "gallery-metabox No.known.fix Subscriber+.Unauthorized.Data.Access MEDIUM" "gallery-metabox No.known.fix Gallery.Removal.via.CSRF MEDIUM" "gravitate-qa-tracker No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "gnupress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "global-translator No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "global-translator No.known.fix Cross-Site.Request.Forgery MEDIUM" "gfirem-fields No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gfirem-fields No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gfirem-fields No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "gallery-bank 4.0.19 Reflected.Cross-Site.Scripting MEDIUM" "gallery-bank No.known.fix Author+.Stored.XSS.via.Media.Upload.Module MEDIUM" "gallery-bank No.known.fix Author+.Stored.XSS.via.Gallery.Description MEDIUM" "gallery-bank 3.0.330 Authenticated.Blind.SQL.Injection MEDIUM" "gn-publisher 1.5.6 Reflected.XSS HIGH" "global-shop-discount-for-woocommerce 2.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gosign-posts-slider-block No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gosign-posts-slider-block No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "global-gallery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "global-gallery 9.1.6 WordPress.Responsive.Gallery.<.9.1.6.-.Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "google-listings-and-ads 2.8.7 Information.Disclosure.via.Publicly.Accessible.PHP.Info.File MEDIUM" "gdlr-hotel No.known.fix Unauthenticated.SQL.Injection HIGH" "gdlr-hotel No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "gdlr-hotel No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "goods-catalog No.known.fix Contributor+.Stored.XSS MEDIUM" "gs-facebook-comments 1.7.4 Missing.Authorization.via.wpfc_allow_comments() MEDIUM" "genie-wp-favicon No.known.fix Arbitrary.Favicon.Change.via.CSRF MEDIUM" "gallery-by-supsystic 1.15.17 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "gallery-by-supsystic 1.15.6 Arbitrary.Settings.Update.via.CSRF MEDIUM" "gallery-by-supsystic 1.8.6 Arbitrary.Image.Adding.via.CSRF MEDIUM" "gallery-by-supsystic 1.8.6 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "google-plus-google No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "google-docs-rsvp-guestlist No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "gna-search-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "get-post-custom-taxonomy-term-shortcode No.known.fix CSRF.Bypass NONE" "gallery-album No.known.fix Authenticated.(Contributor+).SQL.Injection CRITICAL" "gallery-album No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gallery-album No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gallery-album No.known.fix Unauthenticated.Stored.XSS HIGH" "gallery-album No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "gallery-album No.known.fix Missing.Authorization.via.Multiple.AJAX.Actions MEDIUM" "gallery-album 2.0.2 Reflected.XSS HIGH" "gallery-album 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "gallery-album 1.2.1 Admin+.SQLi MEDIUM" "gift-certificate-creator No.known.fix Reflected.Cross-Site.Scripting.via.receip_address.Parameter MEDIUM" "gift-certificate-creator 1.1 Stored.XSS MEDIUM" "gs-books-showcase 1.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gs-books-showcase 1.3.1 Contributor+.Stored.XSS MEDIUM" "guruwalk-affiliates No.known.fix Admin+.Stored.XSS LOW" "gwyns-imagemap-selector No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ghactivity No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "goqmieruca No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "galleria No.known.fix Cross-Site.Request.Forgery MEDIUM" "grandconference No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "gtg-advanced-blocks No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "greek-multi-tool 2.3.2 Missing.Authorization MEDIUM" "greek-multi-tool 2.3.2 Unauthenticated.Stored.XSS HIGH" "genesis-columns-advanced 2.0.4 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "google-shortlink 1.5.3 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "gwebpro-store-locator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gwebpro-store-locator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "glofox-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "google-transliteration No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "glomex-oembed 0.9.2 Contributor+.Stored.XSS MEDIUM" "gumlet-video 1.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gold-addons-for-elementor No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).License.Activation/Deactivation MEDIUM" "gold-addons-for-elementor 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gallery-images-ape No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gallery-images-ape No.known.fix Contributor+.Stored.XSS MEDIUM" "gravity-file-ajax-upload-free No.known.fix Arbitrary.File.Upload CRITICAL" "gf-dynamics-crm 1.1.5 Open.Redirect MEDIUM" "gf-dynamics-crm 1.0.8 Reflected.Cross-Site.Scripting HIGH" "genesis-simple-love No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "gistpress 3.0.2 Authenticated.Stored.XSS MEDIUM" "google-cse No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "google-cse No.known.fix Admin+.Stored.XSS LOW" "google-1 No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gallery-photo-gallery 5.7.1 Administrator+.HTML.Injection MEDIUM" "gallery-photo-gallery 5.5.3 Reflected.Cross-Site.Scripting MEDIUM" "gallery-photo-gallery 5.2.7 CSRF MEDIUM" "gallery-photo-gallery 5.1.4 Reflected.XSS HIGH" "gallery-photo-gallery 5.1.7 Reflected.XSS MEDIUM" "gallery-photo-gallery 4.4.4 Reflected.Cross-Site.Scripting.(XSS) HIGH" "gallery-photo-gallery 4.4.4 Responsive.Image.Gallery.<.4.4.4.-.Authenticated.Blind.SQL.Injections HIGH" "gallery-photo-gallery 1.0.1 SQL.Injection CRITICAL" "geoflickr 1.4 Reflected.Cross-Site.Scripting MEDIUM" "gumroad No.known.fix Contributor+.Stored.XSS MEDIUM" "gg-woo-feed 1.2.7 Missing.Authorization MEDIUM" "gg-woo-feed 1.2.5 Unauthenticated.Settings.Update MEDIUM" "geo-targetly-geo-content No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gm-woocommerce-quote-popup 3.2 Reflected.XSS HIGH" "gm-woocommerce-quote-popup 3.1 Arbitrary.Enquiry.Deletion.via.CSRF MEDIUM" "gm-woocommerce-quote-popup 3.1 Admin+.Stored.XSS LOW" "gm-woocommerce-quote-popup 3.1 Cross-Site.Request.Forgery MEDIUM" "gm-woocommerce-quote-popup 3.1 Unauthenticated.Stored.XSS HIGH" "gm-woocommerce-quote-popup 3.2 Reflected.XSS HIGH" "google-maps-advanced No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "genoo 6.0.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gtm-server-side 2.1.20 Reflected.Cross-Site.Scripting MEDIUM" "gp-notification-bar No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "guardgiant No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "guardgiant 2.2.6 Admin+.SQLi MEDIUM" "gmaps-for-visual-composer-free No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "git-sync No.known.fix Cross-Site.Request.Forgery.to.Remote.Code.Execution HIGH" "gmace No.known.fix Arbitrary.File.Creation/Deletion/Update.via.CSRF HIGH" "gmace No.known.fix Admin+.Path.Traversal MEDIUM" "gf-salesforce-crmperks No.known.fix Open.Redirect MEDIUM" "gf-salesforce-crmperks 1.2.6 Reflected.Cross-Site.Scripting HIGH" "geo-my-wp 4.5.1 Missing.Authorization.via.get_field_options_ajax MEDIUM" "geo-my-wp 4.5 Admin+.Arbitrary.File.Upload MEDIUM" "geo-my-wp 4.5.0.4 Reflected.Cross-Site.Scripting MEDIUM" "geo-my-wp 4.5.0.2 Unauthenticated.LFI.to.RCE/PHAR.Deserialization CRITICAL" "geo-my-wp 4.2 Cross-Site.Request.Forgery MEDIUM" "geo-my-wp 4.0.3 Authenticated(Administrator+).SQL.Injection MEDIUM" "geo-my-wp 4.0.1 Contributor+.Stored.XSS MEDIUM" "generic-elements-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "google-maps-travel-route No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "gfirem-advance-search No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gfirem-advance-search No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gfirem-advance-search No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "gourl-bitcoin-payment-gateway-paid-downloads-membership 1.4.14 Shell.Upload HIGH" "gsheetconnector-easy-digital-downloads 1.6.6 Reflected.Cross-Site.Scripting MEDIUM" "gsheetconnector-easy-digital-downloads 1.6.6 Access.Code.Update.via.CSRF MEDIUM" "gsheetconnector-easy-digital-downloads 1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "go-sphinx No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "googleanalytics No.known.fix Cross-Site.Request.Forgery MEDIUM" "googleanalytics 3.2.2 Missing.Authorization.to.Unauthenticated.Feature.Deactivation MEDIUM" "googleanalytics 2.5.2 Reflected.Cross-Site.Scripting.(XSS) HIGH" "google-earth-tours No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "google-drive-wp-media No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "google-map-shortcode No.known.fix Settings.Update.via.CSRF MEDIUM" "google-map-shortcode No.known.fix Reflected.XSS HIGH" "google-map-shortcode No.known.fix Contributor+.Stored.XSS HIGH" "give 4.3.1 Missing.Authorization.To.Authenticated.(Contributor+).Campaign.Data.View.And.Modification MEDIUM" "give 3.22.2 Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "give 3.22.1 Missing.Authorization.to.Unauthenticated.Arbitrary.Earning.Reports.Disclosure.via.give_reports_earnings.Function MEDIUM" "give 3.20.0 Unauthenticated.PHP.Object.Injection CRITICAL" "give 3.19.4 Unauthenticated.PHP.Object.Injection HIGH" "give 3.19.3 Unauthenticated.PHP.Object.Injection HIGH" "give 3.19.0 Reflected.XSS HIGH" "give 3.16.4 Unauthenticated.PHP.Object.Injection.to.Remote.Code.Execution CRITICAL" "give 3.16.2 Unauthenticated.PHP.Object.Injection CRITICAL" "give 3.16.2 Authenticated.(GiveWP.Manager+).SQL.Injection.via.order.Parameter MEDIUM" "give 3.16.0 Cross-Site.Request.Forgery MEDIUM" "give 3.16.0 Unauthenticated.Full.Path.Disclosure MEDIUM" "give 3.14.2 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.File.Deletion MEDIUM" "give 3.14.0 Missing.Authorization.to.Unauthenticated.Event.Settings.Update MEDIUM" "give 3.14.0 Missing.Authorization.to.Limited.Information.Exposure MEDIUM" "give 3.14.2 Unauthenticated.PHP.Object.Injection.to.RCE CRITICAL" "give 3.14.0 Insecure.Direct.Object.Reference.to.Authenticated.(GiveWP.Worker+).Arbitrary.Post.Actions MEDIUM" "give 3.12.1 Reflected.Cross-Site.Scripting MEDIUM" "give 3.11.0 Contributor+.Stored.XSS MEDIUM" "give 3.5.0 Authenticated.(GiveWP.Manager+).PHP.Object.Injection HIGH" "give 3.7.0 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "give 3.6.0 Contributor+.Stored.XSS MEDIUM" "give 3.4.0 Reflected.Cross-Site.Scripting HIGH" "give 3.3.0 Contributor+.Stored.XSS MEDIUM" "give 2.33.4 Cross-Site.Request.Forgery.to.plugin.installation MEDIUM" "give 2.33.4 Cross-Site.Request.Forgery.to.Stripe.Integration.Deletion MEDIUM" "give 2.33.2 Missing.Authorization.via.handleBeforeGateway MEDIUM" "give 2.33.4 Cross-Site.Request.Forgery.to.plugin.deactivation MEDIUM" "give 2.33.1 Donation.Plugin.<.2.33.1.-.Authenticated(Give.Manager+).Privilege.Escalation HIGH" "give 2.25.3 Cross-Site.Request.Forgery MEDIUM" "give 2.25.2 Contributor+.Arbitrary.Content.Deletion MEDIUM" "give 2.25.2 Cross-Site.Request.Forgery MEDIUM" "give 2.25.2 Author+.Stored.Cross-Site.Scripting MEDIUM" "give 2.25.2 Admin+.Server-Side.Request.Forgery MEDIUM" "give 2.25.2 Contributor+.Stored.XSS MEDIUM" "give 2.24.0 Contributor+.Stored.XSS MEDIUM" "give 2.24.1 Unauthenticated.SQLi HIGH" "give 2.21.0 Manager+.Arbitrary.File.Creation.via.Export HIGH" "give 2.21.0 Manager+.Arbitrary.File.Access.via.Export MEDIUM" "give 2.21.3 DoS.via.CSRF LOW" "give 2.21.3 Admin+.Stored.Cross-Site.Scripting LOW" "give 2.21.0 Reflected.Cross-Site.Scripting MEDIUM" "give 2.21.0 Donor.Information.Disclosure MEDIUM" "give 2.17.3 Reflected.Cross-Site.Scripting.via.Import.Tool MEDIUM" "give 2.17.3 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "give 2.17.3 Reflected.Cross-Site.Scripting.via.Donation.Forms.Dashboard HIGH" "give 2.12.0 Admin+.Stored.XSS MEDIUM" "give 2.10.4 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "give 2.10.0 Reflected.Cross.Site.Scripting.(XSS) HIGH" "give 2.5.10 Multiple.Issues HIGH" "give 2.5.5 Authentication.Bypass HIGH" "give 2.5.1 SQL.Injection CRITICAL" "give 2.4.7 Stored.XSS MEDIUM" "give 2.3.1 Cross-Site.Scripting.(XSS) MEDIUM" "global-elementor-buttons No.known.fix Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.button.link MEDIUM" "goodlayers-core 2.1.3 Subscriber+.Stored.XSS.via.SVG.Upload HIGH" "goodlayers-core 2.0.10 Contributor+.Stored.XSS MEDIUM" "goodlayers-core 2.0.8 Reflected.Cross-Site.Scripting.via.'font-family' MEDIUM" "gamipress-button 1.0.8 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "getresponse 2.5.8 Reflected.Cross-Site.Scripting MEDIUM" "goanimate No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "group-category-creator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gsheetconnector-forminator 1.0.13 Reflected.XSS HIGH" "gps-plotter No.known.fix Admin+.Stored.XSS LOW" "google-map-locations No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gutenium No.known.fix Contributor+.Stored.XSS MEDIUM" "gs-testimonial 3.3.0 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "gs-testimonial 3.3.1 Missing.Authorization MEDIUM" "gs-testimonial 3.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gs-testimonial 1.9.7 Contributor+.Stored.XSS MEDIUM" "gs-testimonial 1.9.7 Author+.Stored.Cross-Site.Scripting MEDIUM" "google-picasa-albums-viewer 4.0.3 Reflected.Cross-Site.Scripting MEDIUM" "gallerio No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gallerio No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "gdpr-compliance-cookie-consent 1.3 CSRF MEDIUM" "g5plus-auteur No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "g5plus-auteur No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "g5plus-auteur No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Updates MEDIUM" "gallery-videos 2.4.3 Authenticated.(Administrator+).SQL.Injection HIGH" "gallery-videos 2.4.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "gallery-videos 2.2.6 Admin+.SQLi MEDIUM" "gallery-videos 1.7.7 Admin+.Stored.XSS LOW" "gamipress-vimeo-integration 1.0.9 Contributor+.Stored.XSS MEDIUM" "gradient-text-widget-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gallery 2.2.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "game-server-status No.known.fix Contributor+.SQL.Injection HIGH" "game-server-status No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "game-server-status No.known.fix Admin+.SQL.Injection MEDIUM" "goodlayers-blocks 1.0.3 Reflected.Cross-Site.Scripting MEDIUM" "global-income-stats-from-freemius No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "global-income-stats-from-freemius No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "global-income-stats-from-freemius No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "gd-mylist No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "gpx-viewer 2.2.12 Editor+.Path.Traversal LOW" "gpx-viewer 2.2.10 Subscriber+.Arbitrary.File.Creation HIGH" "goldstar No.known.fix Missing.Authorization MEDIUM" "goon-plugin-control 1.2.9.2 Reflected.Cross-Site.Scripting MEDIUM" "goon-plugin-control 1.2.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gecka-terms-thumbnails No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "greencon No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gsheetconnector-caldera-forms 1.3 Access.Code.Update.via.CSRF MEDIUM" "gpp-slideshow No.known.fix Missing.Authorization MEDIUM" "go-social No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "google-analytics-top-posts-widget 1.5.7 Reflected.XSS MEDIUM" "geo-mashup 1.13.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.geo_mashup_visible_posts_list.Shortcode MEDIUM" "geo-mashup 1.13.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "geo-mashup 1.13.12 Reflected.Cross-Site.Scripting MEDIUM" "geo-mashup 1.13.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "geo-mashup 1.10.4 Unspecified.Cross-Site.Scripting.(XSS) CRITICAL" "gsheetconnector-gravityforms-pro 4.3.6 Access.Code.Update.via.CSRF MEDIUM" "geodigs No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "google-maps-easy 1.11.19 Author+.XML.Entity.Injection MEDIUM" "google-maps-easy 1.11.16 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "google-maps-easy 1.11.12 Cross-Site.Request.Forgery MEDIUM" "google-maps-easy 1.11.8 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "google-maps-easy 1.10.1 Admin+.Stored.Cross-Site.Scripting LOW" "google-maps-easy 1.9.32 Reflected.Cross-Site.Scripting MEDIUM" "geoportail-shortcode No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "geoportail-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "g-business-reviews-rating 5.3 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "gp-premium 2.4.1 Reflected.Cross-Site.Scripting MEDIUM" "greenshiftquery 3.9.2 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "getshop-ecommerce No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "gdpr-compliance-by-supsystic No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "get-custom-field-values 4.1 Admin+.Stored.XSS LOW" "get-custom-field-values 4.0 Contributors+.Arbitrary.Post.Metadata.Access MEDIUM" "get-custom-field-values 4.0.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "gamipress-link 1.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "giga-messenger-bots No.known.fix Reflected.XSS HIGH" "gravityforms 2.9.2 Unauthenticated.Stored.Cross-Site.Scripting.via.'alt'.parameter HIGH" "gravityforms 2.9.2 2.9.1.3.-.Unauthenticated.Stored.Cross-Site.Scripting.via.'style_settings'.parameter MEDIUM" "gravityforms 2.7.5 Reflected.XSS HIGH" "gravityforms 2.7.4 Unauthenticated.PHP.Object.Injection HIGH" "gravityforms 2.4.9 Hashed.Password.Leakage LOW" "giveaways-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "giveaways-for-woocommerce No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "gf-infusionsoft 1.1.5 Reflected.Cross-Site.Scripting HIGH" "guest-author-affiliate 1.1.6 Reflected.Cross-Site.Scripting MEDIUM" "guest-author-affiliate 1.1.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "godaddy-email-marketing-sign-up-forms 1.1.4 Cross-Site.Request.Forgery.(CSRF) HIGH" "getwid-megamenu 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gaxx-keywords No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting HIGH" "gallery-images 2.0.6 Stored.Cross-Site.Scripting.(XSS) CRITICAL" "gamepress No.known.fix Reflected.Cross-Site.Scripting HIGH" "gAppointments No.known.fix Admin+.Stored.XSS LOW" "gAppointments 1.10.0 Reflected.Cross-Site.Scripting HIGH" "gift-up 2.22 Settings.Update.via.CSRF MEDIUM" "gift-up 2.20.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "gallery-and-lightbox No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gmo-font-agent No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gift-cards-for-woocommerce-pro 2.9.2 Missing.Authorization.to.Infinite.Money.Glitch HIGH" "gestpay-for-woocommerce 20240307 Cross-Site.Request.Forgery.(CSRF).via.ajax_unset_default_card MEDIUM" "gestpay-for-woocommerce 20240307 Cross-Site.Request.Forgery.(CSRF).via.ajax_delete_card MEDIUM" "gestpay-for-woocommerce 20240307 Cross-Site.Request.Forgery.(CSRF).via.ajax_set_default_card MEDIUM" "gallery-with-thumbnail-slider 6.1 Contributor+.Stored.XSS MEDIUM" "gplus-comments No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "gravatarlocalcache No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ganohrs-toggle-shortcode 0.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gravity-forms-sms-notifications 2.4.0 Cross-Site.Scripting.(XSS) MEDIUM" "glorious-services-support 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "glorious-services-support 2.0.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "googl-url-shorter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "graphcomment-comment-system 2.3.5 Reflected.Cross-Site.Scripting MEDIUM" "google-plus-share-and-plusone-button No.known.fix Cross-Site.Request.Forgery MEDIUM" "gf-salesmate-add-on 2.0.4 Missing.Authorization MEDIUM" "gf-salesmate-add-on 2.0.4 Unauthenticated.SQL.Injection HIGH" "gdpr-data-request-form 1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gsearch-plus No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "glossary-by-codeat 2.2.27 Unauthenticated.Full.Path.Disclosure MEDIUM" "glossary-by-codeat 2.2.3 Reflected.Cross-Site.Scripting MEDIUM" "glossary-by-codeat 2.1.28 Contributor+.Stored.XSS MEDIUM" "glossary-by-codeat 2.1.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gsheetconnector-for-elementor-forms 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "gsheetconnector-for-elementor-forms 1.0.7 Reflected.XSS HIGH" "gf-zendesk 1.1.3 Open.Redirect MEDIUM" "gf-zendesk 1.0.8 Reflected.Cross-Site.Scripting HIGH" "guitar-tuner No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gs-instagram-portfolio No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).CSS.Injection MEDIUM" "gs-instagram-portfolio 1.4.5 Contributor+.Stored.XSS MEDIUM" "gianism 5.2.1 Admin+.Stored.XSS LOW" "gmap-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gdpr-cookie-notice No.known.fix Missing.Authorization MEDIUM" "gwa-autoresponder No.known.fix Unauthenticated.SQL.Injection HIGH" "google-font-fix No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "give-donation-modules-for-divi 2.0.1 Sensitive.Information.Dislcosure MEDIUM" "grid-shortcodes 1.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "grid-shortcodes 1.1.1 Contributor+.Stored.XSS MEDIUM" "gsheetconnector-ninja-forms-pro 1.5.2 Reflected.XSS HIGH" "groundhogg 4.1.2 Authenticated.(Administrator+).Arbitrary.File.Deletion HIGH" "groundhogg 4.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.label.Parameter MEDIUM" "groundhogg 3.7.3.6 Authenticated.(Author+).Arbitrary.File.Upload.via.gh_big_file_upload.Function HIGH" "groundhogg 3.7.3.4 Reflected.Cross-Site.Scripting MEDIUM" "groundhogg 3.4.3 Reflected.Cross-Site.Scripting MEDIUM" "groundhogg 3.4.3 Cross-Site.Request.Forgery MEDIUM" "groundhogg 2.7.11.11 Admin+.Stored.XSS LOW" "groundhogg 2.7.11.1 Admin+.SQLi MEDIUM" "groundhogg 2.7.11.1 CSRF MEDIUM" "groundhogg 2.7.10 Disable.All.Plugins.via.CSRF MEDIUM" "groundhogg 2.7.10 Ticket.Creation.via.CSRF MEDIUM" "groundhogg 2.7.10 Lack.of.Authorization.for.Non-Arbitrary.File.upload MEDIUM" "groundhogg 2.7.10 Contributor+.Stored.XSS MEDIUM" "groundhogg 2.7.10 Privilege.Escalation.via.CSRF HIGH" "groundhogg 2.7.9.4 Admin+.SQLi MEDIUM" "groundhogg 2.0.9.11 Authenticated.Reflected.XSS HIGH" "gf-zoho 1.1.6 Reflected.Cross-Site.Scripting HIGH" "geolocator No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "gp-unique-id 1.5.6 Unauthenticated.Form.Submission.Unique.ID.Modification LOW" "gseor No.known.fix Authenticated.SQL.Injection MEDIUM" "gdlr-hostel No.known.fix Unauthenticated.SQL.Injection HIGH" "gdlr-hostel No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gdlr-hostel No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "giveaway-boost No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "gs-woo-variation-swatches 3.0.5 Missing.Authorization MEDIUM" "gs-woo-variation-swatches 1.6.0 Reflected.Cross-Site.Scripting MEDIUM" "glasses-for-woocommerce No.known.fix Reflected.Cross-Site.Scipting MEDIUM" "gratisfaction-all-in-one-loyalty-contests-referral-program-for-woocommerce 4.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "goauth No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "goauth 2.20 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gallery-factory-lite No.known.fix Contributor+.Stored.XSS MEDIUM" "google-maps-for-wordpress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "graph-lite No.known.fix Missing.Authorization MEDIUM" "google-news-editors-picks-news-feeds No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "gboy-custom-google-map No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "geotagged-media No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "geotagged-media No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gutenberg 18.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Template.Part.Block MEDIUM" "gutenberg 18.01 18.0.0.-.Unauthenticated.&.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Avatar.Block MEDIUM" "gutenberg 16.8.1 Contributor+.Stored.XSS MEDIUM" "gutenberg 16.8.1 Contributor+.Stored.XSS.via.Navigation.Links.Block MEDIUM" "gutenberg 14.3.1 Multiple.Stored.XSS LOW" "gutenberg 12.7.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "gutenberg 12.7.2 Prototype.Pollution.via.Gutenberg’s.wordpress/url.package MEDIUM" "gt-tabs No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "gmb-manager No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "getastra No.known.fix Missing.Authorization MEDIUM" "gutensee 1.0.7 Contributor+.Stored.XSS MEDIUM" "google-sitemap-generator 4.1.3 Admin+.Stored.Cross-Site.Scripting LOW" "google-sitemap-generator 4.1.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "grey-owl-lightbox No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gf-hubspot 1.0.9 Reflected.Cross-Site.Scripting HIGH" "gloria-assistant-by-webtronic-labs No.known.fix Cross-Site.Request.Forgery MEDIUM" "google-news No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "google-news-sitemap No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "google-analyticator 6.5.6 Admin+.PHP.Object.Injection LOW" "google-analyticator 6.5.6 Admin+.PHP.Object.Injection MEDIUM" "google-analyticator 6.4.9.6 Multiple.Cross-Site.Scripting.(XSS) HIGH" "google-analyticator 6.4.9.4 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "gd-security-headers 1.7.1 Admin+.SQLi MEDIUM" "gd-security-headers 1.7 Reflected.XSS HIGH" "gdpr-consent-manager 1.0.1 Author+.Stored.XSS.via.SVG.File.Upload MEDIUM" "generate-dummy-posts No.known.fix Missing.Authorization MEDIUM" "google-map-on-postpage No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "good-bad-comments No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "gallery-from-files No.known.fix Unauthenticated.RCE CRITICAL" "gallery-from-files No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "gf-block-ips 1.0.2 Cross-Site.Request.Forgery MEDIUM" "gravity-forms-sticky-list No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gravity-forms-sticky-list No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gravity-forms-sticky-list No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "gdpr-compliant-recaptcha-for-all-forms 4.1.2 Cross-Site.Request.Forgery MEDIUM" "gutenverse 3.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.countdown.Block MEDIUM" "gutenverse 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gutenverse 1.9.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gutenverse 1.9.1 Contributor+.Stored.XSS MEDIUM" "generateblocks 2.0.0 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.'get_image_description' MEDIUM" "generateblocks 1.8.3 Contributor+.Arbitrary.Draft/Private.Post.Access LOW" "generateblocks 1.4.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "greek-namedays-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gf-insightly 1.0.7 Reflected.Cross-Site.Scripting HIGH" "goodlms 2.1.5 Unauthenticated.SQL.Injection CRITICAL" "gerryworks-post-by-mail No.known.fix Contributor+.Privilege.Escalation HIGH" "gmw-premium-settings 3.1 Admin+.Arbitrary.File.Upload MEDIUM" "google-sitemap-plugin 3.0.8 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "grid-plus No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution.via.grid_plus_load_by_category HIGH" "grid-plus 1.3.4 Subscriber+.Local.File.Inclusion MEDIUM" "grid-plus 1.3.3 Subscriber+.Grid.Layout.Creation/Deletion/Update MEDIUM" "grid-plus 1.3.5 Reflected.XSS HIGH" "gravity-forms-css-themes-with-fontawesome-and-placeholder-support No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "gearside-developer-dashboard No.known.fix Reflected.XSS HIGH" "gf-constant-contact No.known.fix Open.Redirect HIGH" "gf-constant-contact 1.0.6 Reflected.Cross-Site.Scripting HIGH" "gdy-modular-content 0.9.93 Reflected.Cross-Site.Scripting MEDIUM" "graphina-elementor-charts-and-graphs 3.0.5 Missing.Authorization MEDIUM" "graphina-elementor-charts-and-graphs 3.0.5 Cross-Site.Request.Forgery.to.Local.File.Inclusion HIGH" "graphina-elementor-charts-and-graphs 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "graphina-elementor-charts-and-graphs 1.8.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "golf-tracker No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "geo-request No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "geo-request No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "gym-management No.known.fix Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "gym-management No.known.fix Unauthenticated.SQL.Injection HIGH" "gym-management 67.2.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "gym-management 67.2.0 Missing.Authorization.to.Authenticated.(Subscriber+).Privilege.Escalation HIGH" "generate-pdf-using-contact-form-7 4.1.3 Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "generate-pdf-using-contact-form-7 4.1.3 Cross-Site.Request.Forgery.to.Arbitrary.File.Deletion HIGH" "generate-pdf-using-contact-form-7 3.6 Admin+.Stored.Cross-Site.Scripting LOW" "generate-child-theme 2.0.1 Cross-Site.Request.Forgery.via.process_create_form() MEDIUM" "generate-child-theme 1.6 Unauthorised.Plugin's.Setting.Change MEDIUM" "guten-post-layout 1.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.align.Attribute MEDIUM" "gdpr-personal-data-reports No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "google-pagespeed-insights 4.0.7 Multiple.CSRF MEDIUM" "google-pagespeed-insights 4.0.4 Reflected.Cross-Site.Scripting MEDIUM" "gyta-buyback 1.2.9 Reflected.Cross-Site.Scripting MEDIUM" "gyta-buyback 1.1.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "greenwallet-gateway 1.0.2 Reflected.Cross.Site.Scripting.in.checkout.page MEDIUM" "go-dash No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ghost 1.5.0 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "ghost 0.5.6 Unrestricted.Export.Download MEDIUM" "greeklish-permalink 3.5 Unauthenticated.Post.Slug.Update MEDIUM" "gulri-slider 3.5.9 Reflected.Cross-Site.Scripting MEDIUM" "gutenslider 5.10.2 Reflected.Cross-Site.Scripting MEDIUM" "gutenslider 5.7.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gutenslider 5.2.0 Contributor+.Stored.XSS MEDIUM" "garden-gnome-package 2.4.0 Authenticated.(Author+).Arbitrary.File.Upload HIGH" "garden-gnome-package 2.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "garden-gnome-package 2.2.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "giveaways-contests-by-promosimple No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "google-document-embedder No.known.fix Authenticated.(Contributor+).Blind.Server.Side.Request.Forgery MEDIUM" "google-document-embedder 2.6.2 CSRF.&.XSS MEDIUM" "google-document-embedder 2.6.1 XSS MEDIUM" "google-image-sitemap No.known.fix Map.generation.through.CSRF MEDIUM" "gsheetconnector-gravity-forms 1.3.5 Access.Code.Update.via.CSRF MEDIUM" "gestion-pymes No.known.fix Admin+.Stored.XSS LOW" "graphicsly No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "get-bookings-wp No.known.fix Missing.Authorization MEDIUM" "get-bookings-wp No.known.fix Appointments.&.Bookings.Plugin.Basic.Version.<=.1.1.27.-.Authenticated.(Subscriber+).Privilege.Escalation.via.Account.Takeover HIGH" "gallery-for-ultimate-member No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "gallery-for-ultimate-member 1.1.3 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "gallery-for-ultimate-member 1.1.2 Reflected.Cross-Site.Scripting MEDIUM" "gallery-for-ultimate-member 1.1.1 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "glossy No.known.fix Reflected.XSS HIGH" "geodirectory 2.8.120 Contributor+.Stored.XSS MEDIUM" "geodirectory 2.8.98 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.Display_name.Parameter MEDIUM" "geodirectory 2.3.85 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "geodirectory 2.3.81 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "geodirectory 2.3.71 Missing.Authorization.via.geodirectory_rated() MEDIUM" "geodirectory 2.3.62 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "geodirectory 2.3.49 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'gd_single_tabs'.Shortcode MEDIUM" "geodirectory 2.3.29 Authenticated(Administrator+).SQL.Injection MEDIUM" "geodirectory 2.3.29 Authenticated.(Administrator+).SQL.Injection.via.orderby HIGH" "geodirectory 2.2.24 Admin+.SQLi MEDIUM" "geodirectory 2.2.22 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "geodirectory 2.1.1.3 Authenticated.(admin+).Stored.Cross-Site.Scripting.(XSS) MEDIUM" "gravity-forms-pdf-extended 6.3.1 Reflected.Cross-Site.Scripting MEDIUM" "gregs-high-performance-seo 1.6.2 Reflected.XSS MEDIUM" "good-old-gallery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "googmonify No.known.fix CSRF.&.XSS MEDIUM" "gsheetconnector-wpforms 3.4.6 Reflected.XSS HIGH" "googledrive-folder-list No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "giveasap No.known.fix Cross-Site.Request.Forgery MEDIUM" "giveasap 2.48.2 Authenticated.(Contributor+).SQL.Injection MEDIUM" "giveasap 2.46.1 CSRF MEDIUM" "giveasap 2.46.1 Reflected.Cross-Site.Scripting LOW" "giveasap 2.45.1 Admin+.Stored.XSS LOW" "giveasap 2.45.1 Editor+.Stored.Cross-Site.Scripting LOW" "giveasap 2.45.1 Admin+.Stored.Cross-Site.Scripting MEDIUM" "giveasap 2.42.1 Unauthorised.AJAX.Calls.via.Freemius HIGH" "giveasap 2.36.2 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) CRITICAL" "google-maps-gpx-viewer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gf-custom-style No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "gs-behance-portfolio 3.0.2 Reflected.Cross-Site.Scripting MEDIUM" "goftino 1.7 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "google-visualization-charts No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "genealogical-tree 2.2.1 Reflected.Cross-Site.Scripting MEDIUM" "genealogical-tree 2.1.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "google-website-translator 1.4.14 Admin+.Stored.XSS LOW" "google-website-translator 1.4.14 Admin+.Stored.XSS LOW" "google-website-translator 1.4.12 Google.Website.Translator.<.1.4.12.-.Authenticated.(Admin+).PHP.Object.Injection CRITICAL" "gutenkit-blocks-addon 2.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gutenkit-blocks-addon 2.1.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "generate-post-thumbnails No.known.fix Cross-Site.Request.Forgery MEDIUM" "green-wp-telegram-bot-by-teplitsa No.known.fix Telegram.Bot.for.WP.<=.1.3.-.Telegram.Bot.Token.Disclosure HIGH" "gixaw-chat No.known.fix Stored.XSS.via.CSRF HIGH" "gum-elementor-addon 1.3.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gum-elementor-addon 1.3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gum-elementor-addon 1.3.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gum-elementor-addon 1.3.6 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "gum-elementor-addon 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Price.Table.and.Post.Slider.Widgets MEDIUM" "gum-elementor-addon 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.Meta.Widget MEDIUM" "google-analytics-dashboard-for-wp 8.2.0 Missing.Authorization MEDIUM" "google-analytics-dashboard-for-wp 7.14.2 Contributor+.Stored.XSS MEDIUM" "google-analytics-dashboard-for-wp 7.12.1 Contributor+.Stored.XSS MEDIUM" "g-meta-keywords No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "getwid 2.0.12 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "getwid 2.0.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "getwid 2.0.11 Missing.Authentication.to.MailChimp.API.key.update MEDIUM" "getwid 2.0.11 Missing.Authorization.to.Google.API.key.update MEDIUM" "getwid 2.0.8 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.'Countdown' MEDIUM" "getwid 2.0.6 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Block.Content MEDIUM" "getwid 2.0.5 Captcha.Bypass MEDIUM" "getwid 2.0.5 Missing.Authorization.to.Recaptcha.API.Key.Modification MEDIUM" "getwid 2.0.3 Unauthenticated.Arbitrary.Email.Sending.to.Admin MEDIUM" "getwid 1.8.4 Subscriber+.SSRF MEDIUM" "gravityformswebhooks 1.7.0 Authenticated.(Admin+).Server-Side.Request.Forgery.via.Webhook MEDIUM" "glance-that No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "gutena-kit No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hurrakify 8.0.1 Unauthenticated.Server-Side.Request.Forgery HIGH" "hpbtool No.known.fix Admin+.Stored.Cross.Site.Scripting LOW" "happiness-reports-for-help-scout No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hurrytimer 2.12.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Campaign.Name MEDIUM" "hurrytimer 2.11.0 Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.Post.Publication MEDIUM" "hurrytimer 2.10.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hover-image No.known.fix CSRF MEDIUM" "heartland-management-terminal 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "helpie-faq 1.28 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "helpie-faq 1.9.13 Reflected.Cross-Site.Scripting MEDIUM" "helpie-faq 1.9.9 Reflected.XSS MEDIUM" "helpie-faq 1.7.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "helpie-faq 0.7.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "hits-counter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hacklog-remote-attachment No.known.fix Cross-Site.Request.Forgery MEDIUM" "header-footer 3.3.1 Authenticated.(Administrator+).PHP.Code.Injection.in.Multisite.Environments MEDIUM" "highlight-focus No.known.fix Admin+.Stored.Cross.Site.Scripting LOW" "html5-audio-player 2.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "html5-audio-player 2.2.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "html5-audio-player 2.2.22 Best.WordPress.Audio.Player.Plugin.<.2.2.22.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "html5-audio-player 2.1.12 Contributor+.Stored.XSS MEDIUM" "html5-audio-player 2.1.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "header-footer-code-manager 1.1.35 Snippets.Activation/Deactivation/Deletion.via.CSRF MEDIUM" "header-footer-code-manager 1.1.24 Reflected.Cross-Site.Scripting MEDIUM" "header-footer-code-manager 1.1.17 Reflected.Cross-Site.Scripting MEDIUM" "header-footer-code-manager 1.1.14 Admin+.SQL.Injections MEDIUM" "ht-menu-lite 1.2.2 Cross-Site.Request.Forgery MEDIUM" "header-image-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hover-image-button No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "homepage-pop-up No.known.fix CSRF MEDIUM" "homepage-pop-up No.known.fix Admin+.Stored.XSS LOW" "ht-mega-for-elementor 2.8.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "ht-mega-for-elementor 2.8.3 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.Countdown.Widget MEDIUM" "ht-mega-for-elementor 2.8.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Widget HIGH" "ht-mega-for-elementor 2.7.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.block_css.and.inner_css MEDIUM" "ht-mega-for-elementor 2.6.6 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.template_id MEDIUM" "ht-mega-for-elementor 2.5.8 Authenticated.(Contributor+).JSON.File.Directory.Traversal MEDIUM" "ht-mega-for-elementor 2.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "ht-mega-for-elementor 2.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Video.Player.Widget.Settings MEDIUM" "ht-mega-for-elementor 2.5.3 Contributor+.Stored.XSS MEDIUM" "ht-mega-for-elementor 2.5.3 Subscriber+.Options.Update HIGH" "ht-mega-for-elementor 2.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Gallery.Justify MEDIUM" "ht-mega-for-elementor 2.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Tooltip.&.Popover.Widget MEDIUM" "ht-mega-for-elementor 2.4.8 Missing.Authorization.to.Information.Exposure MEDIUM" "ht-mega-for-elementor 2.5.0 Contributor+.Stored.XSS.via.Countdown.Widget MEDIUM" "ht-mega-for-elementor 2.4.9 Contributor+.Stored.XSS.via.Accordion/FAQ MEDIUM" "ht-mega-for-elementor 2.4.7 Unauthenticated.Order.Data.Disclosure HIGH" "ht-mega-for-elementor 2.5.0 Contributor+.Stored.XSS.via.Image.Grid.Widget MEDIUM" "ht-mega-for-elementor 2.4.7 Contributor+.Stored.XSS.via.size MEDIUM" "ht-mega-for-elementor 2.4.7 Contributor+.Stored.XSS.via.Lightbox.Widget MEDIUM" "ht-mega-for-elementor 2.4.4 Contributor+.Stored.XSS MEDIUM" "ht-mega-for-elementor 2.4.7 Contributor+.Directory.Traversal HIGH" "ht-mega-for-elementor 2.4.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.titleTag MEDIUM" "ht-mega-for-elementor 2.4.5 Contributor+.Stored.Cross-Site.Scripting.via.Post.Carousel.Widget MEDIUM" "ht-mega-for-elementor 2.3.4 Arbitrary.Plugin/Theme.Activation.via.CSRF MEDIUM" "ht-mega-for-elementor 2.3.9 Reflected.Cross-Site.Scripting HIGH" "ht-mega-for-elementor 1.5.7 Absolute.Addons.for.Elementor.Page.Builder.<.1.5.7.-.Contributor+.Stored.XSS MEDIUM" "htaccess-file-editor 1.0.20 Unauthenticated.Information.Exposure MEDIUM" "htaccess-file-editor 1.0.19 Missing.Authorization MEDIUM" "health-check 1.6.0 CSRF MEDIUM" "health-check 1.2.4 Missing.Authorization.Checks MEDIUM" "handsome-testimonials 2.1.1 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "hcaptcha-for-forms-and-more 4.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.cf7-hcaptcha.Shortcode MEDIUM" "hunk-companion 1.9.0 Unauthenticated.Plugin.Installation CRITICAL" "hunk-companion 1.8.5 Missing.Authorization.to.Unauthenticated.Arbitrary.Plugin.Installation/Activation CRITICAL" "hqtheme-extra No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hqtheme-extra No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "hide-it No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hitsteps-visitor-manager 5.87 Admin+.Stored.XSS LOW" "hitsteps-visitor-manager 5.87 Arbitrary.Settings.Update.via.CSRF MEDIUM" "hslide No.known.fix WordPress.Slider.Plugin.<=.1.3.5.-.Authenticated.(Subscriber+).SQL.Injection MEDIUM" "hyperlink-group-block 2.0.2 Contributor+.Stored.XSS MEDIUM" "hyperlink-group-block 1.17.6 Contributor+.Stored.XSS MEDIUM" "hero-banner-ultimate No.known.fix Author+.Local.File.Inclusion HIGH" "hero-banner-ultimate 1.4 Contributor+.Stored.XSS MEDIUM" "hebrewdates 2.3.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "hrm 2.2.6 Multiple.Issues HIGH" "hq-rental-software No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.Options.Update HIGH" "html2wp No.known.fix Subscriber+.Arbitrary.File.Deletion HIGH" "html2wp No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "html2wp No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "hostel 1.1.5.9 Admin+.Stored.XSS LOW" "hostel 1.1.5.8 Reflected.XSS MEDIUM" "hostel 1.1.5.7 Authenticated.(Administrator+).SQL.Injection MEDIUM" "hostel 1.1.5.6 Reflected.Cross-Site.Scripting MEDIUM" "hostel 1.1.5.5 Reflected.Cross-Site.Scripting MEDIUM" "hostel 1.1.5.3 Reflected.XSS HIGH" "hostel 1.1.5.4 Cross-Site.Request.Forgery MEDIUM" "hostel 1.1.5.2 Admin+.Stored.XSS LOW" "hostel 1.1.4 Unauthenticated.Stored.XSS MEDIUM" "ht-contactform 1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ht-contactform 1.1.6 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "hmapsprem No.known.fix Customizable.Google.Maps.Plugin.<=.2.3.9.-.Authenticated.(Subscriber+).SQL.Injection MEDIUM" "hmapsprem 2.2.3 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "hm-testimonial 1.5 Reflected.Cross-Site.Scripting MEDIUM" "hm-testimonial 1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "helpful 4.5.26 Information.Disclosure MEDIUM" "helpful 4.5.15 Votes.Tampering MEDIUM" "helpful 4.4.59 Admin+.Stored.Cross-Site.Scripting LOW" "header-footer-elementor 1.6.47 Contributor+.Stored.XSS.via.Page.Title.Widget MEDIUM" "header-footer-elementor 1.6.46 Author+.Stored.XSS.via.SVG.File.Upload MEDIUM" "header-footer-elementor 1.6.44 Authenticated.(Contributor+).Information.Disclosure.via.Shortcode MEDIUM" "header-footer-elementor 1.6.36 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "header-footer-elementor 1.6.36 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Site.Title.Widget MEDIUM" "header-footer-elementor 1.6.26.1 Contributor+.Stored.XSS MEDIUM" "header-footer-elementor 1.6.27 Authenticated.(Author+).HTML.Injection MEDIUM" "header-footer-elementor 1.6.29 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "header-footer-elementor 1.6.25 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "header-footer-elementor 1.5.8 Header,.Footer.&.Blocks.Template.<.1.5.8.-.Contributor+.Stored.XSS MEDIUM" "hostfact-bestelformulier-integratie No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hack-info 3.18 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "hacklog-downloadmanager No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "houzez-property-feed 2.5.5 Unauthenticated.Arbitrary.File.Download HIGH" "houzez-property-feed 2.4.22 Cross-Site.Request.Forgery.to.Property.Feed.Export.Deletion MEDIUM" "horizontal-scrolling-announcement No.known.fix Horizontal.scrolling.announcement.for.WordPress.<=.9,2.Contributor+.Stored.XSS MEDIUM" "horizontal-scrolling-announcement No.known.fix Authenticated.(subscriber+).Blind.SQL.Injection HIGH" "hr-management-lite No.known.fix Cross-Site.Request.Forgery MEDIUM" "heateor-social-comments 1.6.2 Contributor+.Stored.XSS MEDIUM" "hub2word No.known.fix Subscriber+.Arbitrary.Options.Update CRITICAL" "host-php-info No.known.fix Missing.Authorization.to.Unauthenticated.Sensitive.Information.Disclosure HIGH" "hide-links No.known.fix Unauthenticated.Shortcode.Execution MEDIUM" "hermit No.known.fix Subscriber+.SQLi HIGH" "hermit No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "hermit No.known.fix Unauthenticated.SQLi HIGH" "hermit No.known.fix Arbitrary.Cache/Source.Deletion.&.Source.Creation.via.CSRF MEDIUM" "hide-login No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hk-filter-and-search No.known.fix Contributor+.Local.File.Inclusion HIGH" "hk-filter-and-search 2.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "hmh-footer-builder-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "huurkalender-wp 1.6.0 Contributor+.Stored.XSS MEDIUM" "hot-random-image 1.9.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.link.Parameter MEDIUM" "hot-random-image 1.9.3 Path.Traversal.to.Authenticated.(Contributor+).Limited.Arbitrary.Image.Access.via.path.Parameter MEDIUM" "hot-random-image 1.8.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hitpay-payment-gateway 4.1.4 Information.Exposure.via.Log.Files MEDIUM" "header-footer-code 1.2 Admin+.Stored.XSS LOW" "header-footer-code 1.2 Admin+.Stored.XSS.via.CSS.Styles LOW" "html5-maps 1.7.1.5 Arbitrary.Settings.Update.via.CSRF MEDIUM" "html5-maps 1.6.5.7 CSRF.&.XSS HIGH" "hover-effects 2.1.1 Admin+.LFI MEDIUM" "houzez-theme-functionality 3.2.3 Functionality.<.3.2.3.-.Authenticated.(Seller+).SQL.Injection HIGH" "header-footer-composer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "heart-this No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "html5-mp3-player-with-mp3-folder-feedburner-playlist No.known.fix Authenticated.(Author+).PHP.Object.Injection HIGH" "hana-flv-player No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "halfdata-optin-downloads No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "hashbar-wp-notification-bar 1.4.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "hashbar-wp-notification-bar 1.3.6 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "hdw-player-video-player-video-gallery No.known.fix Cross-Site.Scripting MEDIUM" "hashtagger No.known.fix Missing.Authorization MEDIUM" "hyp3rl0cal-city-search No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hesabfa-accounting 2.2.0 Cross-Site.Request.Forgery MEDIUM" "hesabfa-accounting 2.1.3 Reflected.Cross-Site.Scripting MEDIUM" "http-https-remover 3.2.4 Plugin.Installation.via.CSRF MEDIUM" "http-https-remover 3.2.4 Subscriber+.Plugin.Installation MEDIUM" "hostinger 1.9.8 Unauthenticated.Maintenance.Mode.Toggle MEDIUM" "helloasso 1.1.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "helloasso 1.1.11 Missing.Authorization.to.Authenticated.(Contributor+).Limited.Options.Update MEDIUM" "helloasso 1.1.11 Missing.Authorization MEDIUM" "helloasso 1.1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "helloasso 1.1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ht-builder 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ht-easy-google-analytics 1.1.8 Reflected.Cross-Site.Scripting MEDIUM" "ht-easy-google-analytics 1.2.0 Missing.Authorization.to.Unauthenticated.GA4.Email.Update MEDIUM" "ht-easy-google-analytics 1.0.7 Plugin.Activation.via.CSRF MEDIUM" "horizontal-scrolling-announcements 2.5 .Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "host-webfonts-local 5.7.10 Unauthenticated.Directory.Deletion.&.Stored.XSS HIGH" "host-webfonts-local 4.5.12 Admin+.Arbitrary.Folder.Deletion.via.Path.Traversal MEDIUM" "host-webfonts-local 4.5.4 Unauthenticated.Path.Traversal.in.REST.API MEDIUM" "host-webfonts-local 4.5.4 Subscriber+.Arbitrary.File/Folder.Deletion CRITICAL" "heat-trackr 1.01 XSS MEDIUM" "hm-portfolio No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "header-images-rotator No.known.fix Reflected.Cross-Site.Scripting HIGH" "header-enhancement 1.5 Unauthorised.Plugin's.Setting.Change MEDIUM" "http-auth 1.0.0 Settings.Update.via.CSRF MEDIUM" "html5-virtual-classroom No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hotspots No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "how-to-wp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hypotext No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hire-me-widget 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "hire-me-widget 1.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "hmenu No.known.fix Responsive.WordPress.Menu.Plugin.<=.1.16.5.-.Authenticated.(Subscriber+).SQL.Injection MEDIUM" "hmenu No.known.fix Responsive.WordPress.Menu.Plugin.<=.1.16.5.-.Reflected.Cross-Site.Scripting MEDIUM" "hmenu No.known.fix Responsive.WordPress.Menu.Plugin.<=.1.16.5.-.Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Directory.Deletion MEDIUM" "hmenu No.known.fix Responsive.WordPress.Menu.Plugin.<=.1.16.5.-.Authenticated.(Subscriber+).SQL.Injection MEDIUM" "hmenu No.known.fix Responsive.WordPress.Menu.Plugin.<=.1.16.5.-.Reflected.Cross-Site.Scripting MEDIUM" "hmenu No.known.fix Responsive.WordPress.Menu.Plugin.<=.1.16.5.-.Authenticated.(Subscriber+).SQL.Injection MEDIUM" "hello-world 2.2.0 Authenticated.(Subscriber+).Arbitrary.File.Read MEDIUM" "hot-linked-image-cacher No.known.fix Image.upload/cache.abuse.via.CSRF LOW" "hacklog-remote-image-autosave No.known.fix Cross-Site.Request.Forgery MEDIUM" "house-manager No.known.fix Reflected.XSS HIGH" "hal 2.2 Admin+.Stored.Cross-Site.Scripting LOW" "history-collection No.known.fix Arbitraty.File.Download HIGH" "hashthemes-demo-importer 1.1.2 Improper.Access.Control.to.Blog.Reset HIGH" "helpdeskwp No.known.fix Editor+.Stored.XSS LOW" "hungarian-pickup-points-for-woocommerce 1.9.0.3 Multiple.CSRF MEDIUM" "hdw-tube No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "hls-player 1.0.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "horoscope-and-tarot 1.3.1 Contributor+.Stored.XSS MEDIUM" "hide-shipping-method-for-woocommerce 1.5.2 Missing.Authorization MEDIUM" "hide-shipping-method-for-woocommerce 1.3.3 Reflected.Cross-Site.Scripting MEDIUM" "hide-shipping-method-for-woocommerce 1.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "hydra-booking 1.1.11 Authenticated.(Contributor+).SQL.Injection MEDIUM" "hotscot-contact-form 1.3 Admin+.SQL.Injection MEDIUM" "happy-elementor-addons 3.16.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "happy-elementor-addons 3.15.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "happy-elementor-addons 3.12.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Comparison MEDIUM" "happy-elementor-addons 3.12.4 Missing.Authorization MEDIUM" "happy-elementor-addons 3.12.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "happy-elementor-addons 3.12.3 Authenticated.(Contributor+).Sensitive.Information.Exposure MEDIUM" "happy-elementor-addons 3.11.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.PDF.View.Widget MEDIUM" "happy-elementor-addons 3.11.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Gradient.Heading.Widget MEDIUM" "happy-elementor-addons 3.11.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.Navigation.Widget MEDIUM" "happy-elementor-addons 3.11.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Accordion MEDIUM" "happy-elementor-addons 3.10.9 Contributor+.Stored.XSS MEDIUM" "happy-elementor-addons 3.10.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Event.Calendar.Widget MEDIUM" "happy-elementor-addons 3.10.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Stack.Group.Widget MEDIUM" "happy-elementor-addons 3.10.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "happy-elementor-addons 3.10.6 Contributor+.Stored.XSS.via.HTML.Tags MEDIUM" "happy-elementor-addons 3.10.5 Contributor+.Stored.XSS MEDIUM" "happy-elementor-addons 3.10.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Page.Title.HTML.Tag MEDIUM" "happy-elementor-addons 3.10.4 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.title_tag MEDIUM" "happy-elementor-addons 3.10.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Calendy MEDIUM" "happy-elementor-addons 3.10.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.Title.HTML.Tag MEDIUM" "happy-elementor-addons 3.10.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Photo.Stack.Widget MEDIUM" "happy-elementor-addons 3.10.5 Incorrect.Authorization.to.Information.Exposure MEDIUM" "happy-elementor-addons 3.10.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Author.Meta.Widget MEDIUM" "happy-elementor-addons 3.10.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Archive.Title.Widget MEDIUM" "happy-elementor-addons 3.10.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "happy-elementor-addons 3.10.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "happy-elementor-addons 3.10.2 Missing.Authorization.via.add_row_actions MEDIUM" "happy-elementor-addons 3.10.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "happy-elementor-addons 3.10.0 Reflected.Cross-Site.Scripting HIGH" "happy-elementor-addons 3.10.0 Contributor+.SSRF LOW" "happy-elementor-addons 3.8.3 Cross-Site.Request.Forgery MEDIUM" "happy-elementor-addons 2.24.0 Contributor+.Stored.XSS MEDIUM" "hotjar-connecticator No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "hotjar-connecticator No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "hello-in-all-languages No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "hueman-addons No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "hipaatizer 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hc-custom-wp-admin-url No.known.fix Unauthenticated.Secret.URL.Disclosure MEDIUM" "hc-custom-wp-admin-url No.known.fix Unauthenticated.Arbitrary.Settings.Update.via.CSRF MEDIUM" "hreflang-manager-lite 1.07 Cross-Site.Request.Forgery MEDIUM" "horizontal-scroll-image-slideshow No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hr-management 1.1.2 Unauthenticated.PHP.Object.Injection HIGH" "helloprint 2.1.0 Subscriber+.Arbitrary.File.Deletion HIGH" "helloprint 2.1.0 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "helloprint 2.0.5 Unauthenticated.Arbitrary.File.Upload CRITICAL" "helloprint 1.4.7 Reflected.Cross-Site.Scripting MEDIUM" "hamburger-icon-menu-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "h5p 1.15.8 Contributor+.Stored.XSS MEDIUM" "hooked-editable-content No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hooked-editable-content No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "http-headers 1.19.0 Admin+.SSRF MEDIUM" "http-headers 1.19.0 Admin+.Stored.XSS LOW" "http-headers 1.18.11 Admin+.Remote.Code.Execution MEDIUM" "http-headers 1.18.8 Admin+.SQL.Injection MEDIUM" "happy-scss-compiler No.known.fix Compile.SCSS.to.CSS.automatically.<=.1.3.10.-.Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "hummingbird-performance 3.9.2 Cross-Site.Request.Forgery MEDIUM" "hummingbird-performance 3.9.2 Missing.Authorization MEDIUM" "hummingbird-performance 3.7.4 Missing.Authorization MEDIUM" "hummingbird-performance 3.4.2 Unauthenticated.Path.Traversal HIGH" "hummingbird-performance 3.3.2 Admin+.Stored.Cross-Site.Scripting LOW" "hash-elements 1.5.1 Contributor+.Stored.XSS MEDIUM" "hash-elements 1.4.8 Missing.Authorization.to.Unauthenticated.Draft.Post.Title.Exposure MEDIUM" "hash-elements 1.3.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.url.Parameter.in.Multiple.Widgets MEDIUM" "hash-elements 1.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hypercomments No.known.fix Unauthenticated.(Subscriber+).Arbitrary.Options.Update CRITICAL" "hypercomments No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "html5-soundcloud-player-with-playlist No.known.fix Authenticated.(Author+).PHP.Object.Injection HIGH" "headline-analyzer 1.3.4 Cross-Site.Request.Forgery MEDIUM" "headline-analyzer 1.3.2 Missing.Authorization.via.REST.APIs MEDIUM" "houzez-crm 1.4.3 Authenticated.(Seller+).SQL.Injection HIGH" "hide-my-wp 5.4.02 Unauthenticated.Local.File.Inclusion HIGH" "hide-my-wp 5.4.02 Unauthenticated.Limited.File.Read MEDIUM" "hide-my-wp 5.4.01 Hidden.Login.Page.Disclosure MEDIUM" "hide-my-wp 5.3.02 Reflected.Cross-Site.Scripting.via.URL MEDIUM" "hide-my-wp 5.2.02 Hidden.Login.Page.Disclosure MEDIUM" "hide-my-wp 5.0.20 IP.Address.Spoofing MEDIUM" "host-analyticsjs-local 4.7.15 Unauthenticated.Settings.Update MEDIUM" "host-analyticsjs-local 4.1.9 Admin+.Arbitrary.Folder.Deletion.via.Path.Traversal MEDIUM" "https-links-in-content No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "hola-free-video-player No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hash-form 1.2.9 Cross-Site.Request.Forgery MEDIUM" "hash-form 1.2.2 Missing.Authorization.to.Authenticated.(Contributor+).Form.Style.Creation MEDIUM" "hash-form 1.2.0 Drag.&.Drop.Form.Builder.<.1.2.0.-.Unauthenticated.Limited.File.Upload MEDIUM" "hash-form 1.1.1 Unauthenticated.PHP.Object.Injection HIGH" "hash-form 1.1.1 Unauthenticated.Arbitrary.File.Upload.to.Remote.Code.Execution CRITICAL" "ht-event No.known.fix Authenticated.(Contributor+).Sensitive.Information.Exposure.via.HT.Event:.Sponsor MEDIUM" "ht-event 1.4.6 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "hq60-fidelity-card No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hide-my-site No.known.fix Unauthenticated.Information.Exposure MEDIUM" "ht-team-member 1.1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ht-team-member 1.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.htteamember.Shortcode MEDIUM" "history-log-by-click5 No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "history-log-by-click5 No.known.fix Unauthenticated.SQL.Injection HIGH" "history-log-by-click5 1.0.13 Admin+.Time-Based.Blind.SQL.Injection MEDIUM" "html5-mp3-player-with-playlist No.known.fix Authenticated.(Author+).PHP.Object.Injecton HIGH" "html5-mp3-player-with-playlist 2.8.0 Full.Path.Disclosure.(FPD) MEDIUM" "houzez-login-register 3.3.0 Subscriber+.Privilege.Escalation.via.Account.Takeover HIGH" "hospital-management No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "hospital-management No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "hospital-management No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hospital-management No.known.fix Unauthenticated.SQL.Injection HIGH" "hospital-management No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "hospital-management No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "html-forms 1.5.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "html-forms 1.5.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "html-forms 1.4.2 Reflected.Cross-Site.Scripting MEDIUM" "html-forms 1.3.34 Bulk.Delete.via.CSRF MEDIUM" "html-forms 1.3.33 Admin+.Stored.XSS LOW" "html-forms 1.3.30 Admin+.Stored.XSS LOW" "html-forms 1.3.25 Admin+.SQLi MEDIUM" "hero-maps-pro No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "html5-lyrics-karaoke-player No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "htaccess-login-block No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hockeydata-los No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "hb-audio-gallery No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "homey-login-register No.known.fix Unauthenticated.Privilege.Escalation.in.homey_register CRITICAL" "homey-login-register No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "help-scout 6.5.7 Missing.Authorization MEDIUM" "hive-support No.known.fix Authenticated.(Subscriber+).Missing.Authorization.via.hs_update_ai_chat_settings.and.hive_lite_support_get_all_binbox HIGH" "hive-support No.known.fix Cross-Site.Request.Forgery.via.hs_update_ai_chat_settings.Function MEDIUM" "hive-support No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "hive-support 1.2.6 Reflected.Cross-Site.Scripting MEDIUM" "hive-support No.known.fix Subscriber+.Stored.XSS HIGH" "hive-support 1.2.6 Missing.Authorization MEDIUM" "hive-support 1.2.6 Missing.Authorization MEDIUM" "hive-support 1.1.7 Missing.Authorization MEDIUM" "hive-support 1.1.3 Cross-Site.Request.Forgery MEDIUM" "hive-support 1.1.3 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "hive-support 1.1.2 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "handl-utm-grabber 2.6.5 Authenticated.Option.Change.via.CSRF HIGH" "happy-elementor-addons-pro 2.10.0 Reflected.Cross-Site.Scripting HIGH" "happy-elementor-addons-pro 2.8.1 Reflected.XSS HIGH" "happy-elementor-addons-pro 1.17.0 Contributor+.Stored.XSS MEDIUM" "heateor-social-login 1.1.36 Authentication.Bypass HIGH" "heateor-social-login 1.1.33 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "heateor-social-login 1.1.33 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "heateor-social-login 1.1.32 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "heateor-social-login 1.1.31 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "htaccess-redirect No.known.fix Reflected.Cross-Site.Scripting HIGH" "hercules-core 6.7 Missing.Authorization.to.Settings.Update MEDIUM" "hercules-core 6.5 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "hoo-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hybrid-gallery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "h5pxapikatchu 0.4.15 Missing.Authorization MEDIUM" "hotel-listing 1.3.7 Subscriber+.Privilege.Escalation CRITICAL" "hotel-listing 1.3.3 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "highlight-search-terms-results 1.04 Reflected.Cross-Site.Scripting MEDIUM" "hm-multiple-roles 1.9 Reflected.Cross-Site.Scripting MEDIUM" "hm-multiple-roles 1.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "hm-multiple-roles 1.3 Arbitrary.Role.Change CRITICAL" "hss-embed-streaming-video No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ht-instagram 1.2.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ht-instagram 1.2.8 Cross-Site.Request.Forgery MEDIUM" "ht-slider-for-elementor 1.4.0 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "hestia-nginx-cache 2.4.1 Missing.Authorization MEDIUM" "highlight 2.0.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "highlight 0.9.3 Authenticated.Stored.Cross-Site.Scripting LOW" "holler-box 2.3.3 Admin+.Stored.XSS LOW" "holler-box 2.1.4 Admin+.SQL.Injection MEDIUM" "h5p-css-editor No.known.fix Reflected.Cross-Site.Scripting HIGH" "hide-admin-bar-based-on-user-roles 3.5.0 Reflected.Cross-Site.Scripting MEDIUM" "hide-admin-bar-based-on-user-roles 3.0.0 Subscriber+.Settings.Update MEDIUM" "hide-admin-bar-based-on-user-roles 3.1.0 Settings.Update.via.CSRF MEDIUM" "hello-event-widgets-for-elementor 1.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hl-twitter No.known.fix Admin+.Stored.XSS.via.Widget LOW" "hl-twitter No.known.fix Settings.Update.via.CSRF MEDIUM" "hl-twitter No.known.fix Unlink.Twitter.Account.via.CSRF MEDIUM" "hd-quiz-save-results-light 0.6 Missing.Authorization MEDIUM" "htaccess 1.8.2 CSRF.to.edit..htaccess HIGH" "htaccess 1.7.6 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "history-timeline No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hiweb-migration-simple No.known.fix hiWeb.Migration.Simple.<=.2,0,0,1.Reflected.Cross-Site.Scripting HIGH" "haxcan No.known.fix CSRF.Bypass MEDIUM" "haxcan No.known.fix Arbitrary.File.Access MEDIUM" "hm-cool-author-box-widget 3.0.1 Cross-Site.Request.Forgery MEDIUM" "hm-cool-author-box-widget 3.0.0 Missing.Authorization MEDIUM" "hm-cool-author-box-widget 2.9.5 Reflected.Cross-Site.Scripting MEDIUM" "honeypot 2.1.14 Reflected.XSS HIGH" "honeypot 1.5.7 Authenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "ht-portfolio 1.1.6 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "hotlink2watermark No.known.fix Cross-Site.Request.Forgery MEDIUM" "hkdev-maintenance-mode 3.0.2 Unauthenticated.IP.Spoofing MEDIUM" "hkdev-maintenance-mode 3.0.2 Unauthenticated.Post/Page.Content.Disclosure MEDIUM" "html5-video-player 2.5.36 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.heading.Parameter MEDIUM" "html5-video-player 2.5.35 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Options.Update MEDIUM" "html5-video-player 2.5.33 Missing.Authorization.in.multiple.functions.via.h5vp_ajax_handler MEDIUM" "html5-video-player 2.5.31 Missing.Authorization MEDIUM" "html5-video-player 2.5.32 Authenticated.(Subscriber+).Information.Exposure MEDIUM" "html5-video-player 2.5.27 Unauthenticated.SQLi HIGH" "html5-video-player 2.5.25 Unauthenticated.SQLi HIGH" "html5-video-player 2.5.19 Subscriber+.Stored.XSS HIGH" "hide-category-by-user-role-for-woocommerce 2.2 Subscriber+.Arbitrary.Content.Deletion MEDIUM" "html5-chat No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "helpgent No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "hs-brand-logo-slider No.known.fix Authenticated.Arbitrary.File.Upload CRITICAL" "horizontal-line-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "honeypot-for-wp-comment No.known.fix Reflected.Cross-Site.Scripting.via.page MEDIUM" "honeypot-for-wp-comment No.known.fix Directory.Traversal.to.Unauthenticated.Arbitrary.File.Deletion CRITICAL" "hyve-lite 1.2.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "hm-logo-showcase 2.0.4 Reflected.Cross-Site.Scripting MEDIUM" "hm-logo-showcase 1.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "happyforms 1.26.3 Admin+.Stored.XSS LOW" "happyforms 1.26.1 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "happyforms 1.25.11 Missing.Authorization MEDIUM" "happyforms 1.25.10 Reflected.Cross-Site.Scripting MEDIUM" "happyforms 1.22.0 Contributor+.Stored.XSS MEDIUM" "heureka 1.1.0 Cross-Site.Request.Forgery MEDIUM" "hack-me-if-you-can No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "hotjar 1.0.16 Admin+.Stored.XSS MEDIUM" "html5-video-player-with-playlist No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hd-quiz 2.0.0 Editor+.Stored.XSS LOW" "hd-quiz 1.8.12 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.plugin.settings MEDIUM" "hd-quiz 1.8.4 Authenticated.Stored.XSS MEDIUM" "html5-responsive-faq No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "hms-testimonials 2.0.11 CSRF MEDIUM" "hover-video-preview No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "homepage-product-organizer-for-woocommerce No.known.fix Subscriber+.SQLi HIGH" "infusionsoft-landing-pages No.known.fix Settings.Update.via.CSRF MEDIUM" "interactive-us-map No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "indeed-wp-superbackup 2.4 Unauthenticated.Arbitrary.File.Upload CRITICAL" "indeed-wp-superbackup 2.4 Missing.Authorization MEDIUM" "indeed-wp-superbackup 2.4 Missing.Authorization.to.Unauthenticated.Back-Up.File.Download HIGH" "indeed-wp-superbackup 2.4 Reflected.Cross-Site.Scripting MEDIUM" "indeed-wp-superbackup 2.4 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "indeed-wp-superbackup 2.4 Migrate.for.WordPress.<.2.4.-.Unauthenticated.Arbitrary.File.Upload CRITICAL" "images-optimizer No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Download MEDIUM" "image-hover-effects-block No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "internal-links-generator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "issuupress No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "increase-sociability No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "integrate-automate No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "integrate-automate 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "idealien-category-enhancements No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "image-magnify No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "infusionsoft-web-form-javascript No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "icon-widget-with-links No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ifolders 1.5.1 Admin+.XSS MEDIUM" "inbound-brew No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "inbound-brew No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "inbound-brew No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "in-stock-mailer-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ider-login No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "iteras 1.8.1 Stored.XSSS.via.CSRF HIGH" "image-regenerate-select-crop 7.3.1 Sensitive.Information.Exposure MEDIUM" "image-hover-effects-ultimate-visual-composer 2.6.1 Authenticated.Arbitrary.Options.Update HIGH" "imbachat-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "infunding No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "integracao-rd-station 5.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "integracao-rd-station 5.2.1 Multiple.CSRF MEDIUM" "ip-metaboxes No.known.fix Admin+.Stored.XSS LOW" "ip-metaboxes No.known.fix Unauthenticated.Reflected.XSS HIGH" "intuitive-custom-post-order 3.1.5 Admin+.SQLi LOW" "intuitive-custom-post-order 3.1.4 Subscriber+.Arbitrary.Menu.Order.Update MEDIUM" "intuitive-custom-post-order 3.1.4 Arbitrary.Menu.Order.Update.via.CSRF MEDIUM" "inpost-for-woocommerce 1.4.5 Missing.Authorization.to.Unauthenticated.Arbitrary.File.Read.and.Delete CRITICAL" "imagenius No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ilab-media-tools 4.5.25 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "ilab-media-tools 4.5.21 Reflected.Cross-Site.Scripting MEDIUM" "ilab-media-tools 4.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "image-hover-effects-css3 No.known.fix Admin+.Stored.XSS LOW" "image-export No.known.fix Directory.Traversal CRITICAL" "icons-font-loader 1.1.5 Authenticated(Administrator+).Arbitrary.File.Upload MEDIUM" "icons-font-loader 1.1.2.1 Improper.Neutralization.of.Special.Elements.used.in.an.SQL.Command.('SQL.Injection') HIGH" "indexisto No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "image-hover-effects-ultimate 9.8.5 Admin+.Stored.XSS LOW" "image-hover-effects-ultimate 9.7.2 Authenticated.Arbitrary.Options.Change HIGH" "image-hover-effects-ultimate 9.8.0 Authenticated.Stored.XSS MEDIUM" "image-hover-effects-ultimate 9.7.2 Reflected.Cross-Site.Scripting MEDIUM" "image-hover-effects-ultimate 9.7.1 Reflected.Cross-Site.Scripting HIGH" "image-hover-effects-ultimate 9.7.0 Unauthenticated.Arbitrary.Option.Update CRITICAL" "idsk-toolkit No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "idsk-toolkit No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "integration-for-contact-form-7-and-google-sheets 1.1.0 Cross-Site.Request.Forgery MEDIUM" "interactive-world-maps 2.5 Reflected.Cross-Site.Scripting MEDIUM" "internal-link-builder No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "inpost-gallery 2.1.4.4 Cross-Site.Request.Forgery MEDIUM" "inpost-gallery 2.1.4.3 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution.via.inpost_gallery_get_shortcode_template MEDIUM" "inpost-gallery 2.1.4.2 Reflected.XSS HIGH" "inpost-gallery 2.1.4.1 Unauthenticated.LFI.to.RCE CRITICAL" "iamport-for-woocommerce 3.2.6 Reflected.Cross-Site.Scripting MEDIUM" "importify 1.0.5 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "image-content-show-hover No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "insight-core No.known.fix Subscriber+.PHP.Object.Injection.&.Stored.XSS MEDIUM" "ipanorama-360-virtual-tour-builder-lite 1.8.4 Missing.Authorization MEDIUM" "ipanorama-360-virtual-tour-builder-lite 1.8.2 Missing.Authorization MEDIUM" "ipanorama-360-virtual-tour-builder-lite 1.8.1 .Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "ipanorama-360-virtual-tour-builder-lite 1.8.0 Authenticated.(Admin+).SQL.injection HIGH" "ipanorama-360-virtual-tour-builder-lite 1.6.30 Contributor+.Stored.XSS MEDIUM" "ipanorama-360-virtual-tour-builder-lite 1.6.22 Reflected.Cross-Site.Scripting HIGH" "imageboss 3.0.6 Admin+.Stored.Cross-Site.Scripting LOW" "idpay-contact-form-7 No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "iamport-payment No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ipages-flipbook-pro 1.4.3 Reflected.Cross-Site.Scripting HIGH" "issues-tracker 1.2.3 Reflected.Cross-Site.Scripting MEDIUM" "issues-tracker 1.0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "intelligent-importer 5.1.4 Reflected.Cross-Site.Scripting MEDIUM" "inspirational-quote-rotator No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "import-xml-feed 2.1.6 Authenticated.(Administrator+).Arbitrary.File.Upload CRITICAL" "import-xml-feed 2.1.5 Unauthenticated.RCE CRITICAL" "import-xml-feed 2.1.4 Admin+.Arbitrary.File.Upload MEDIUM" "import-xml-feed 2.0.3 Authenticated.Server-side.Request.Forgery.(SSRF) MEDIUM" "instantsearch-for-woocommerce 3.0.59 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ignitiondeck 1.10.0 Missing.Authorization MEDIUM" "include-mastodon-feed 1.9.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "include-mastodon-feed 1.9.6 Contributor+.Stored.XSS MEDIUM" "integration-for-szamlazzhu-woocommerce 5.6.3.3 Multiple.CSRF MEDIUM" "instalinker 1.1.2 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "inprosysmedia-likes-dislikes-post No.known.fix Unauthenticated.SQL.Injection HIGH" "inprosysmedia-likes-dislikes-post No.known.fix Unauthenticated.SQL.Injection HIGH" "include-lottie-animation-for-elementor 1.10.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "integration-for-billingo-gravity-forms 1.0.4 Multiple.CSRF MEDIUM" "interactive-world-map 3.4.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "interactive-world-map 3.4.4 Reflected.Cross-Site.Scripting HIGH" "interactive-world-map 3.4.4 CSRF MEDIUM" "inline-tweets No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "incredible-font-awesome No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "image-hover-effects-with-carousel No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via._id,.oxi_addons_f_title_tag,.and.content_description_tag.Parameters MEDIUM" "image-hover-effects-with-carousel 3.0 Reflected.XSS HIGH" "infinite-scroll No.known.fix Cross-Site.Request.Forgery.to.Plugin.Settings.Update MEDIUM" "image-hover-effects-addon-for-elementor 1.4.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.eihe_link.Parameter MEDIUM" "image-hover-effects-addon-for-elementor 1.4.2 Elementor.Addon.<.1.4.2.-.Authenticated(Contributor+).DOM-based.Stored.Cross-Site.Scripting.via.Image.Hover.Effects.Widget MEDIUM" "image-hover-effects-addon-for-elementor 1.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'eihe_align' MEDIUM" "image-hover-effects-addon-for-elementor 1.3.4 Elementor.Addon.<.1.3.4.-.Contributor+.Stored.XSS MEDIUM" "image-vertical-reel-scroll-slideshow 9.1 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "image-vertical-reel-scroll-slideshow No.known.fix Admin+.Stored.XSS LOW" "interactive-maps 0.99 Cross-Site.Request.Forgery MEDIUM" "image-tag-manager No.known.fix Reflected.Cross-Site.Scripting.via.default_class MEDIUM" "image-gallery-with-slideshow No.known.fix Multiple.XSS.and.SQL.Injection CRITICAL" "image-hover-effects-elementor-addon No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "image-carousel-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ideal-wp-login-logo-changer 1.1.8 Cross-Site.Request.Forgery MEDIUM" "issuu-panel No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "internal-link-building-plugin No.known.fix CSRF MEDIUM" "internal-link-building-plugin No.known.fix Admin+.Stored.XSS LOW" "insertify No.known.fix Cross-Site.Request.Forgery.to.Remote.Code.Execution HIGH" "integration-for-szamlazz-hu-gravity-forms 1.2.7 Multiple.CSRF MEDIUM" "inline-tweet-sharer 2.6 Admin+.Stored.XSS LOW" "inavii-social-feed-for-elementor 2.1.3 Reflected.Cross-Site.Scripting MEDIUM" "igniteup No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "igniteup 3.4.1 Multiple.Issues HIGH" "import-users-from-csv 1.3 Authenticated.(Admin+).PHP.Object.Injection HIGH" "incoming-links 0.9.10b referrers.php.XSS MEDIUM" "increase-upload-file-size-maximum-execution-time-limit 3.0 Reflected.Cross-Site.Scripting MEDIUM" "independent-analytics 1.25.1 Reflected.Cross-Site.Scripting MEDIUM" "indieweb-post-kinds 1.3.1.1 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "interactive-page-hierarchy No.known.fix Missing.Authorization MEDIUM" "insert-estimated-reading-time No.known.fix Admin+.Stored.XSS LOW" "inline-svg-elementor No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "insert-pages 3.7.5 Contributor+.Stored.XSS MEDIUM" "insert-pages 3.7.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "insert-pages 3.7.0 Contributor+.Arbitrary.Posts/Pages.Access MEDIUM" "insert-pages 3.2.4 Directory.Traversal CRITICAL" "insert-php-code-snippet 1.3.7 Cross-Site.Request.Forgery.to.Code.Snippet.Activate/Deactivate/Deletion MEDIUM" "insert-php-code-snippet 1.3.5 Admin+.Stored.XSS LOW" "ip-vault-wp-firewall 2.1 IP.Address.Spoofing.to.Protection.Mechanism.Bypass MEDIUM" "ip-vault-wp-firewall 2.1 WP.Firewall.<.2.1.-.Admin+.Stored.XSS LOW" "i-recommend-this 3.9.0 Admin+.Stored.XSS LOW" "i-recommend-this 3.9.1 CSRF MEDIUM" "i-recommend-this 3.8.2 Authenticated.SQL.Injection HIGH" "indieblocks 0.13.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.kind.Parameter MEDIUM" "indieblocks 0.13.2 Unauthenticated.Server-Side.Request.Forgery HIGH" "if-so 1.9.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "if-so 1.9.2.2 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "if-so 1.8.0.4 Admin+.Stored.XSS LOW" "if-so 1.8.0.4 Reflected.XSS MEDIUM" "if-so 1.8.0.3 Contributor+.Shortcode.Stored.XSS MEDIUM" "if-so 1.7.1.1 Missing.Authorization MEDIUM" "if-so 1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "inactive-logout 3.2.3 Missing.Authorization MEDIUM" "inactive-logout 3.2.3 Cross-Site.Request.Forgery MEDIUM" "intelly-posts-footer-manager No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "intelly-posts-footer-manager 2.2.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "icestats No.known.fix Cross-Site.Request.Forgery MEDIUM" "instantio 3.3.17 Authenticated.(Admin+).Arbitrary.File.Upload HIGH" "instantio 1.2.6 CSRF.Bypass MEDIUM" "instawp-connect 0.1.0.86 Unauthenticated.Local.PHP.File.Inclusion HIGH" "instawp-connect 0.1.0.83 Unauthenticated.Local.File.Inclusion CRITICAL" "instawp-connect 0.1.0.84 Cross-Site.Request.Forgery.to.Local.File.Inclusion HIGH" "instawp-connect 0.1.0.45 Authentication.Bypass.to.Admin CRITICAL" "instawp-connect 0.1.0.39 Unauthenticated.Arbitrary.File.Upload CRITICAL" "instawp-connect 0.1.0.39 Missing.Authorization.to.Unauthenticated.API.setup/Arbitrary.Options.Update/Administrative.User.Creation CRITICAL" "instawp-connect 0.1.0.25 Missing.Authorization MEDIUM" "instawp-connect 0.1.0.23 Unauthenticated.Arbitrary.File.Upload CRITICAL" "instawp-connect 0.1.0.9 Authenticated.(Subscriber+).Remote.Code.Execution HIGH" "instawp-connect 0.1.0.10 Authenticated.(Subscriber+).SQL.Injection HIGH" "instawp-connect 0.1.0.10 Missing.Authorization.to.Sensitive.Information.Dislcosure MEDIUM" "instawp-connect 0.1.0.9 Missing.Authorization.to.Arbitrary.Options.Update HIGH" "instawp-connect 0.1.0.9 Cross-Site.Request.Forgery.via.create_file_db_manager MEDIUM" "instawp-connect 0.0.9.19 Unauthenticated.Data.Modification CRITICAL" "institutions-directory 1.3.1 Subscriber+.Privilege.Escalation CRITICAL" "image-slider-widget 1.1.127 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "image-slider-widget 1.1.123 Arbitrary.Post.Duplication.via.CSRF MEDIUM" "ithemes-exchange 1.12.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "ipushpull 2.3.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "intelliwidget-elements No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "idraw No.known.fix Authenticated.(Author+).Arbitrary.File.Upload HIGH" "image-over-image-vc-extension 3.0 Contributor+.Stored.XSS MEDIUM" "info-cards 1.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "improved-sale-badges-free-version No.known.fix Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "icon-list-block 1.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "i2-pro-cons No.known.fix Contributor+.Stored.XSS MEDIUM" "image-classify No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "icdsoft-reseller-store 2.5.0 Reflected.Cross-Site.Scripting MEDIUM" "instant-images 6.1.1 Author+.Arbitrary.Options.Update HIGH" "instant-images 5.2.0 Author+.SSRF LOW" "instant-images 4.4.0.1 Authenticated.Stored.XSS.&.XFS MEDIUM" "instabot No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "interactive-medical-drawing-of-human-body 2.6 Admin+.Stored.XSS LOW" "insert-headers-and-footers-script 1.1.3 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Options.Update MEDIUM" "integrar-getnet-con-woo 0.0.5 Unauthenticated.Authorization.Bypass HIGH" "include-me 1.2.2 Authenticated.Remote.Code.Execution.(RCE).via.LFI.log.poisoning HIGH" "ithemes-sync 3.0.1 Stored.Cross-Site.Scripting.via.packages MEDIUM" "ithemes-sync 2.1.14 Cross-Site.Request.Forgery.and.Missing.Authorization.via.'hide_authenticate_notice' MEDIUM" "immotoolbox-connect 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "iq-block-country 1.2.20 Protection.Bypass.due.to.IP.Spoofing MEDIUM" "iq-block-country 1.2.13 Admin+.Arbitrary.File.Deletion.via.Zip.Slip MEDIUM" "iq-block-country 1.2.12 Admin+.Stored.Cross-Site.Scripting LOW" "iq-block-country 1.1.20 Reflected.Cross-Site.Scripting.(XSS) CRITICAL" "import-export-with-custom-rest-api No.known.fix 2.0.3.-.Missing.Authorization.to.Unauthenticated.Privilege.Escalation.via.process_handler.Function CRITICAL" "internal-link-finder 5.1.4 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "internal-link-finder 5.1.3 Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "ithemes-mobile 1.2.8 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "info-boxes-shortcode-and-widget No.known.fix Cross-Site.Request.Forgery MEDIUM" "ip2location-country-blocker 2.38.9 Unauthenticated.Information.Disclosure MEDIUM" "ip2location-country-blocker 2.38.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ip2location-country-blocker 2.34.3 Cross-Site.Request.Forgery MEDIUM" "ip2location-country-blocker 2.33.4 Unauthenticated.Sensitive.Information.Exposure.via.Debug.Log.File MEDIUM" "ip2location-country-blocker 2.26.9 Admin+.Stored.Cross-Site.Scripting LOW" "ip2location-country-blocker 2.26.5 Subscriber+.Arbitrary.Country.Ban MEDIUM" "ip2location-country-blocker 2.26.6 Arbitrary.Country.Ban.via.CSRF MEDIUM" "ip2location-country-blocker 2.26.5 Ban.Bypass MEDIUM" "i-plant-a-tree 1.7.4 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "i-plant-a-tree No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "insta-gallery 4.4.0 Missing.Authorization MEDIUM" "insta-gallery 2.4.8 CSRF.&.Missing.Authorisation.Checks HIGH" "iframe-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "infogram No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "iflychat No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "iflychat 4.7.0 Admin+.Stored.Cross-Site.Scripting.(XSS) LOW" "inlinkz-scripter No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "include-file No.known.fix Authenticated.(Contributor+).Arbitrary.File.Download MEDIUM" "include-file No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "import-social-statistics 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "import-social-statistics No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "import-social-statistics No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "image-hover-effects-visual-composer-extension 5.0 Contributor+.Stored.XSS MEDIUM" "import-legacy-media No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "images-to-webp 1.9 Authenticated.Local.File.Inclusion LOW" "images-to-webp 1.9 Multiple.Cross.Site.Request.Forgery.(CSRF) MEDIUM" "iframe-popup No.known.fix Admin+.Stored.XSS LOW" "igit-related-posts-with-thumb-images-after-posts No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "icustomizer 1.5.0 Reflected.Cross-Site.Scripting.(XSS) HIGH" "if-menu 0.19.2 Missing.Authorization.to.License.Key.Update MEDIUM" "infusionsoft-web-tracker No.known.fix Cross-Site.Request.Forgery MEDIUM" "image-map-pro 6.0.21 Missing.Authorization.to.Authenticated.(Contributor+).Map.Project.Add/Update/Delete MEDIUM" "image-map-pro 6.0.21 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "image-map-pro 5.6.9 Cross-Site.Scripting HIGH" "image-map-pro 5.6.9 Cross-Site.Request.Forgery MEDIUM" "import-csv-files No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "imagemeta No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "imagemapper No.known.fix Subscriber+.Arbitrary.Post.Deletion MEDIUM" "imagemapper No.known.fix Stored.XSS.via.CSRF HIGH" "imagemapper No.known.fix Contributor+.Stored.XSS MEDIUM" "imagemapper No.known.fix Settings.Update.via.CSRF MEDIUM" "information-reel 10.1 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "ip-based-login 2.4.1 Log.Deletion.via.CSRF MEDIUM" "ip-based-login 2.4.1 Admin+.Stored.XSS LOW" "internal-link-flow-topical-authority-topical-map No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "insert-headers-and-footers 2.0.13.1 Reflected.XSS HIGH" "insert-headers-and-footers 2.0.9 Arbitrary.Log.File.Deletion.via.CSRF MEDIUM" "insert-headers-and-footers 2.0.7 Contributor+.WPCode.Library.Auth.Key.Update/Deletion LOW" "infolinks-ad-wrap No.known.fix Settings.Update.via.CSRF MEDIUM" "improve-my-city No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "ithemes-security-pro 6.8.4 Hide.Backend.Bypass MEDIUM" "irm-newsroom No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'irmcalendarview'.Shortcode MEDIUM" "irm-newsroom No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'irmeventlist'.Shortcode MEDIUM" "irm-newsroom No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'irmflat'.Shortcode MEDIUM" "inactive-user-deleter 1.60 Cross-Site.Request.Forgery MEDIUM" "import-holded-products-woocommerce 2.0 Reflected.Cross-Site.Scripting MEDIUM" "import-holded-products-woocommerce 2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "import-export-for-woocommerce No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "import-export-for-woocommerce No.known.fix Subscriber+.Arbitrary.File.Upload CRITICAL" "image-captcha No.known.fix Cross-Site.Request.Forgery MEDIUM" "ione360-configurator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ie-css3-support No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "itempropwp No.known.fix Admin+.Stored.XSS LOW" "imgspider 2.3.11 Authenticated.(Contributor+).Arbitrary.File.Upload.via.'upload_img_file' HIGH" "imgspider 2.3.11 Authenticated.(Contributor+).Arbitrary.File.Upload.via.'upload' HIGH" "insert-or-embed-articulate-content-into-wordpress No.known.fix Authenticated.(Editor+).Arbitrary.File.Upload HIGH" "insert-or-embed-articulate-content-into-wordpress 4.3000000024 Author+.Arbitrary.File.Upload CRITICAL" "insert-or-embed-articulate-content-into-wordpress 4.3000000025 Iframe.Injection LOW" "insert-or-embed-articulate-content-into-wordpress 4.30000000254.3000000025 Author+.Upload.to.RCE CRITICAL" "insert-or-embed-articulate-content-into-wordpress 4.3000000023 Contributor+.Stored.XSS MEDIUM" "insert-or-embed-articulate-content-into-wordpress 4.3000000021 Reflected.Cross-Site.Scripting MEDIUM" "insert-or-embed-articulate-content-into-wordpress 4.3000000016 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "insert-or-embed-articulate-content-into-wordpress 4.29991 Authenticated.Arbitrary.Folder.Deletion.and.Rename MEDIUM" "insert-or-embed-articulate-content-into-wordpress 4.2999 Unauthenticated.RCE CRITICAL" "insert-or-embed-articulate-content-into-wordpress 4.2997 Subscriber+.Arbitrary.Option.Update CRITICAL" "iq-testimonials No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "inventorypress No.known.fix Author+.Stored.XSS MEDIUM" "ims-countdown No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "intergeo-maps No.known.fix Contributor+.Stored.XSS MEDIUM" "intergeo-maps 1.1.6 Reflected.Cross-Site.Scripting MEDIUM" "integrations-of-zoho-crm-with-elementor-form No.known.fix Open.Redirect MEDIUM" "internal-link-shortcode No.known.fix Unauthenticated.SQL.Injection HIGH" "insert-html-here No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "index-wp-mysql-for-speed 1.4.18 Admin+.Reflected.XSS HIGH" "ics-calendar 10.12.0.2 Authenticated(Contributor+).Directory.Traversal.via._url_get_contents MEDIUM" "interactive-uk-regional-map No.known.fix Cross-Site.Request.Forgery MEDIUM" "interactive-map-of-florida No.known.fix Missing.Authorization MEDIUM" "interact-quiz-embed 3.1 Contributor+.Stored.XSS MEDIUM" "image-map-pro-lite No.known.fix Subscriber+.Stored.XSS MEDIUM" "image-map-pro-lite No.known.fix CSRF.to.Stored.XSS MEDIUM" "insert-php 2.5.1 Woody.code.snippets.–.Insert.Header.Footer.Code,.AdSense.Ads.<.2,5,1.-Authenticated.(Contributor+).Remote.Code.Execution CRITICAL" "insert-php 2.5.1 Admin+.Stored.XSS MEDIUM" "insert-php 2.4.6 Reflected.Cross-Site.Scripting MEDIUM" "insert-php 2.3.10 Arbitrary.Settings.Update.via.CSRF MEDIUM" "insert-php 2.3.10 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "insert-php 2.2.9 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "insert-php 2.2.6 Arbitrary.Post.Deletion MEDIUM" "insert-php 2.2.5 Multiple.issues.leading.to.RCE HIGH" "implied-cookie-consent No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "improved-sale-badges 4.4.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "inline-google-spreadsheet-viewer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "icons-enricher No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "idbbee No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "include-fussball-de-widgets No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "interactive-3d-flipbook-powered-physics-engine 1.16.16 Lite.Edition.<.1.16.16.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.style.and.mode.Parameters MEDIUM" "interactive-3d-flipbook-powered-physics-engine 1.15.7 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "interactive-3d-flipbook-powered-physics-engine 1.15.5 Authenticated.(Author+).Stored.Cross-Site.Scritping.via.Bookmark.URL MEDIUM" "interactive-3d-flipbook-powered-physics-engine 1.15.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Bookmarks MEDIUM" "interactive-3d-flipbook-powered-physics-engine 1.15.3 Contributor+.Stored.XSS MEDIUM" "interactive-3d-flipbook-powered-physics-engine 1.13.3 Contributor+.Stored.XSS MEDIUM" "interactive-3d-flipbook-powered-physics-engine 1.12.1 Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "ip-blacklist-cloud No.known.fix Admin+.Stored.XSS LOW" "ip-blacklist-cloud No.known.fix Admin+.SQLi MEDIUM" "ip-blacklist-cloud 3.43 Admin+.Arbitrary.File.Disclosure MEDIUM" "ip-locator 4.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "instagram-feed 6.9.1 Contributor+.Stored.XSS.via.`data-plugin`.Attribute MEDIUM" "instagram-feed 2.9.2 Reflected.Cross-Site.Scripting MEDIUM" "iws-geo-form-fields No.known.fix Geo.Form.Fields.<=.1.0.-.Unauthenticated.SQLi HIGH" "iwjob No.known.fix Missing.Authorization MEDIUM" "iwjob No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "iworks-pwa 1.6.4 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "icons-with-links-widget No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "ipages-flipbook 1.5.2 Missing.Authorization MEDIUM" "ipages-flipbook 1.5.0 Authenticated.(Administrator+).SQL.Injection HIGH" "ipages-flipbook 1.4.7 Contributor+.Stored.XSS MEDIUM" "ipages-flipbook 1.4.3 Reflected.Cross-Site.Scripting HIGH" "ichart 2.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.width.Parameter MEDIUM" "ig-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "iconize No.known.fix Authenticated.(Admin+).Remote.Code.Execution HIGH" "indeed-job-importer No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "imdb-info-box No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "icon 1.0.0.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "icon 1.0.0.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "infusionsoft-official-opt-in-forms 2.0.2 Unauthenticated.Limited.Local.File.Inclusion CRITICAL" "infusionsoft-official-opt-in-forms No.known.fix Contributor+.Stored.XSS MEDIUM" "infusionsoft-official-opt-in-forms No.known.fix Contributor+.Stored.XSS MEDIUM" "infusionsoft-official-opt-in-forms 1.0.12 Admin+.Stored.XSS LOW" "instagram-slider-widget 2.2.9 Admin+.Stored.XSS LOW" "instagram-slider-widget 2.2.9 Admin+.Stored.XSS.via.Widgets LOW" "instagram-slider-widget 2.2.5 Missing.Authorization MEDIUM" "instagram-slider-widget 2.0.7 Admin+.Stored.XSS.via.Feeds LOW" "instagram-slider-widget 2.0.6 Admin+.Stored.XSS.via.API.Key LOW" "instagram-slider-widget 2.0.5 Reflected.Cross-Site.Scripting MEDIUM" "instagram-slider-widget 2.0.5 Subscriber+.Stored.XSS.via.Feeds HIGH" "instagram-slider-widget 2.0.5 Subscriber+.Arbitrary.API.Key.Update.to.Stored.XSS HIGH" "instagram-slider-widget 2.0.5 Subscriber+.Arbitrary.Feed.Deletion MEDIUM" "instagram-slider-widget 1.8.5 Authenticated.Reflected.Cross-Site.Scripting.(XSS) CRITICAL" "iubenda-cookie-law-solution 3.3.3 Subscriber+.Privileges.Escalation.to.Admin HIGH" "iconic-woothumbs 5.5.4 Reflected.Cross-Site.Scripting MEDIUM" "icafe-library No.known.fix Authenticated.(Editor+).SQL.Injection MEDIUM" "imdb-widget 1.0.9 Local.File.Inclusion.(LFI) HIGH" "integration-for-contact-form-7-and-pipedrive 1.2.1 Cross-Site.Request.Forgery MEDIUM" "integration-for-contact-form-7-and-pipedrive 1.1.1 Reflected.Cross-Site.Scripting HIGH" "integrate-google-drive 1.3.94 Missing.Authorization MEDIUM" "integrate-google-drive 1.3.91 Missing.Authorization MEDIUM" "integrate-google-drive 1.3.91 Missing.Authorization MEDIUM" "integrate-google-drive 1.3.9 Missing.Authorization.to.Unauthenticated.Settings.Modification.and.Export CRITICAL" "integrate-google-drive 1.3.4 Subscriber+.Settings.Update MEDIUM" "integrate-google-drive 1.3.5 Cross-Site.Request.Forgery MEDIUM" "integrate-google-drive 1.3.3 Open.Redirect.via.state MEDIUM" "integrate-google-drive 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "integrate-google-drive 1.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "import-eventbrite-events 1.7.5 Reflected.Cross-Site.Scripting MEDIUM" "integracao-entre-eduzz-e-wc-powers No.known.fix 1.7.5.-.Missing.Authorization.to.Authenticated.(Subscriber+).Privilege.Escalation HIGH" "infusionsoft 1.5.12 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "infusionsoft 1.5.10 1.5.10.Arbitrary.File.Upload MEDIUM" "invitation-based-registrations No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "ip2location-world-clock 1.1.10 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "image-gallery-box-by-crudlab No.known.fix Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "iva-business-hours-pro No.known.fix Unauthenticated.Arbitrary.File.Upload.to.RCE CRITICAL" "innovs-hr-manager No.known.fix Employee.Creation.via.CSRF MEDIUM" "innovs-hr-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "integration-of-zoho-crm-and-contact-form-7 No.known.fix Open.Redirect MEDIUM" "instant-chat-wp No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "impreza 8.18 Reflected.Cross-Site.Scripting MEDIUM" "ibtana-visual-editor No.known.fix Contributor+.Stored.XSS MEDIUM" "ibtana-visual-editor 1.2.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.align.Attribute MEDIUM" "ibtana-visual-editor 1.2.3.4 WordPress.Website.Builder.<.1.2.3.4.-.Unauthenticated.reCAPTCHA.Settings.Update MEDIUM" "ibtana-visual-editor 1.2.2.1 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "ibtana-visual-editor 1.1.8.8 Contributor+.Stored.XSS.via.Shortcode HIGH" "ibtana-visual-editor 1.1.4.9 Subscriber+.Settings.Update.to.Stored.XSS MEDIUM" "include-url No.known.fix Authenticated.(Contributor+).Arbitrary.File.Download MEDIUM" "include-url No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "image-gallery 1.3.0 Image.Gallery.<.1.3.0.-.Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Plugin.Settings MEDIUM" "image-gallery 1.3.0 Cross-Site.Request.Forgery.to.Plugin.Settings.Update MEDIUM" "image-gallery 1.3.0 Image.Gallery.<.1.3.0.-.Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Deletion.and.Post.Title.Update MEDIUM" "image-resizer-on-the-fly No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "ibryl-switch-user No.known.fix Authenticated.(Subscriber+).Privilege.Escalation.via.Account.Takeover HIGH" "isee-products-extractor 2.1.4 .Reflected.Cross-Site.Scripting HIGH" "infility-global No.known.fix Subscriber+.SQL.Injection HIGH" "infility-global 2.9.9 Reflected.XSS HIGH" "infility-global 2.9.9 Reflected.XSS.via.set_type.Parameter HIGH" "infility-global 2.9.9 Subscriber+.Plugin.Settings.Update MEDIUM" "iks-menu 1.11.2 Reflected.Cross-Site.Scripting MEDIUM" "iks-menu 1.9.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "iframe-widget No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "integrate-firebase 0.10.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "import-shopify-to-woocommerce 1.1.13 Import.Shopify.to.WooCommerce.<.1.1.13.-.Admin+.Arbitrary.File.Access MEDIUM" "indeed-affiliate-pro 4.0 Authenticated.Stored.XSS MEDIUM" "intelly-related-posts No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "intelly-related-posts 3.8.0 Admin+.Stored.XSS LOW" "intelly-related-posts 3.7.0 Reflected.XSS HIGH" "intelly-related-posts 3.4.0 Tracking.Toggle.via.CSRF MEDIUM" "intelly-related-posts 3.6.0 Subscriber+.Password.Protected.Post.Read MEDIUM" "intelly-related-posts 3.5.0 Admin+.Stored.XSS LOW" "intelly-related-posts 3.0.5 Admin+.Cross-Site.Scripting LOW" "image-watermark 1.7.4 Missing.Authorization.to.Authenticated.(Subscriber+).Watermark.Modification MEDIUM" "ics-button No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "image-mapper No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "insert-post-ads No.known.fix Missing.Authorization MEDIUM" "image-protector No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "ical-feeds No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ip2location-redirection 1.33.4 Missing.Authorization.to.Unauthenticated.Settings.Export MEDIUM" "instagram-for-wordpress No.known.fix Contributor+.Stored.XSS MEDIUM" "insert-code No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "inet-webkit 1.2.3 Missing.Authorization MEDIUM" "image-switcher No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "image-switcher No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "inquiry-cart No.known.fix Stored.XSS.via.CSRF HIGH" "iphone-webclip-manager No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "infinite-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "interactive-geo-maps 1.6.25 Reflected.Cross-Site.Scripting HIGH" "interactive-geo-maps 1.6.1 Reflected.Cross-Site.Scripting MEDIUM" "interactive-geo-maps 1.5.11 Editor+.Stored.XSS LOW" "interactive-geo-maps 1.5.9 Contributor+.Stored.XSS MEDIUM" "interactive-geo-maps 1.5.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "icalendrier 1.81 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ithemeland-bulk-posts-editing-lite 4.2.4 Cross-Site.Request.Forgery MEDIUM" "ithemeland-bulk-posts-editing-lite 4.2.4 Authenticated.(Subscriber+).Missing.Authorization MEDIUM" "interactive-map-of-africa No.known.fix Cross-Site.Request.Forgery MEDIUM" "integration-of-capsule-crm-for-contact-form-7 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "integration-of-capsule-crm-for-contact-form-7 No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "instant-appointment No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "instant-appointment No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "instant-appointment No.known.fix Unauthenticated.SQL.Injection HIGH" "imageseo 3.1.2 Unauthenticated.Full.Path.Disclosure MEDIUM" "imageseo 2.0.8 Settings.Update.via.CSRF LOW" "ithemelandco-woo-report 1.5.2 Cross-Site.Request.Forgery.to.Arbitrary.Options.Update HIGH" "ithemelandco-woo-report 1.5.0 Reflected.Cross-Site.Scripting MEDIUM" "integration-dynamics 1.3.24 Contributor+.RCE.and.Arbitrary.File.Read CRITICAL" "integration-dynamics 1.3.18 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "infocob-crm-forms 2.4.1 Authenticated.(Editor+).Arbitrary.File.Download MEDIUM" "intelly-welcome-bar No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "import-spreadsheets-from-microsoft-excel 10.1.5 Authenticated.(Editor+).Arbitrary.File.Upload CRITICAL" "import-spreadsheets-from-microsoft-excel 10.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "iksweb 3.8 Admin+.Stored.XSS LOW" "imagements No.known.fix Unauthenticated.Arbitrary.File.Upload.to.RCE CRITICAL" "image-widget 4.4.11 Admin+.Stored.XSS LOW" "imagemagick-engine 1.7.11 Administrator+.OS.Command.Injection MEDIUM" "imagemagick-engine 1.7.6 PHAR.Deserialization.via.CSRF HIGH" "imagemagick-engine 1.7.6 Command.Injection.via.CSRF HIGH" "invoicing 2.8.12 Missing.Authorization.via.column_subscription() MEDIUM" "invoicing 2.3.4 Authenticated.Stored.XSS HIGH" "imithemes-listing 3.4 Unauthenticated.Privilege.Escalation.via.Unverified.Password.Reset CRITICAL" "image-upload-for-bbpress 1.1.20 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "image-upload-for-bbpress 1.1.19 Cross-Site.Request.Forgery.via.hm_bbpui_admin_page MEDIUM" "iframe-to-embed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "instagram-widget-by-wpzoom 2.1.14 Missing.Authorization.to.Authenticated.(Subscriber+).Instagram.Image.Deletion MEDIUM" "inline-footnotes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "improved-include-page No.known.fix Contributor+.Arbitrary.Posts/Pages.Access MEDIUM" "image-hover-effects-for-visual-composer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "iframe-forms No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "ia-map-analytics-basic No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "improved-variable-product-attributes 5.3.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "indigitall-web-push-notifications 3.2.3 Admin+.Stored.XSS LOW" "interactive-polish-map 1.2.1 Admin+.Stored.XSS LOW" "invitation-code-content-access 1.5.5 Reflected.Cross-Site.Scripting MEDIUM" "internal-links 2.24.4 Cross-Site.Request.Forgery MEDIUM" "internal-links 2.23.5 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "internal-links 2.23.3 Reflected.Cross-Site.Scripting MEDIUM" "internal-links 1.3.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "indeed-learning-pro No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "indeed-membership-pro 12.8 Unauthenticated.PHP.Object.Injection HIGH" "indeed-membership-pro 12.8 Unauthenticated.Privilege.Escalation CRITICAL" "indeed-membership-pro 12.8 Reflected.Cross-Site.Scripting HIGH" "ithemes No.known.fix New-Password.Requirements.Not.Enforced.Until.second.Login HIGH" "ipanorama-pro 1.6.22 Reflected.Cross-Site.Scripting HIGH" "import-external-images No.known.fix CSRF MEDIUM" "iwp-client 1.13.1 Unauthenticated.Limited.Directory.Traversal.to.Arbitrary..txt.File.Reading MEDIUM" "iwp-client 1.12.3.1 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "iwp-client 1.12.1 Unauthenticated.Sensitive.Information.Exposure HIGH" "iwp-client 1.9.4.5 Authentication.Bypass CRITICAL" "idcrm-contacts-companies 1.0.3 Reflected.Cross-Site.Scripting MEDIUM" "inlocation No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "iloveimg 1.0.6 iLoveIMG.<.1.0.6.-.Admin+.PHP.Object.Injection HIGH" "image-horizontal-reel-scroll-slideshow No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "image-horizontal-reel-scroll-slideshow 13.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "image-horizontal-reel-scroll-slideshow 13.3 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "infographic-and-list-builder-ilist 5.0.0 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "infographic-and-list-builder-ilist 4.7.5 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Title.Update MEDIUM" "infographic-and-list-builder-ilist 4.6.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "infographic-and-list-builder-ilist 4.3.8 iList.<.4.3.8.-.Unauthenticated.SQL.Injection HIGH" "ideal-interactive-map No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "imagerecycle-pdf-image-compression 3.1.17 Reflected.Cross-Site.Scripting MEDIUM" "imagerecycle-pdf-image-compression 3.1.15 Missing.Authorization.in.Several.AJAX.Actions MEDIUM" "imagerecycle-pdf-image-compression 3.1.15 Cross-Site.Request.in.Several.AJAX.Actions MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Cross-Site.Request.Forgery.to.Settings.Update.in.stopOptimizeAll MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Cross-Site.Request.Forgery.to.Settings.Update.in.optimizeAllOn MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Missing.Authorization.to.Settings.Update.in.enableOptimization MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Missing.Authorization.to.Settings.Update.in.disableOptimization MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Missing.Authorization.to.Plugin.Data.Removal.in.reinitialize MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Missing.Authorization.to.Settings.Update.in.optimizeAllOn MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Cross-Site.Request.Forgery.to.Settings.Update.in.enableOptimization MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Missing.Authorization.to.Settings.Update.in.stopOptimizeAll MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Cross-Site.Request.Forgery.to.Settings.Update.in.disableOptimization MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Cross-Site.Request.Forgery.to.Plugin.Data.Removal.in.reinitialize MEDIUM" "imagerecycle-pdf-image-compression 3.1.11 Reflected.XSS HIGH" "imagerecycle-pdf-image-compression 3.1.12 Reflected.XSS HIGH" "idx-broker-platinum 3.2.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "idx-broker-platinum 3.2.3 Contributor+.Stored.XSS MEDIUM" "idx-broker-platinum 3.0.6 Reflected.Cross-Site.Scripting HIGH" "idx-broker-platinum 2.6.2 Authenticated.Post.Creation,.Modification,.and.Deletion MEDIUM" "idx-broker-platinum 2.6.2 Authenticated.Stored.Cross-Site.Scripting.(XSS).via.unprotected.'idx_update_recaptcha_key'.AJAX MEDIUM" "ip-address-blocker No.known.fix IP.Spoofing MEDIUM" "ip-address-blocker No.known.fix Cross-Site.Request.Forgery MEDIUM" "imagelinks-pro 1.5.3 Reflected.Cross-Site.Scripting HIGH" "ip2location-variables 2.9.6 Cross-Site.Request.Forgery MEDIUM" "ibtana-ecommerce-product-addons 0.2.4 Ecommerce.Product.Addons.<.0.2.4.-.Reflected.Cross-Site.Scripting HIGH" "invite-anyone 1.4.8 Reflected.Cross-Site.Scripting MEDIUM" "invite-anyone 1.3.19 Unauthenticated.PHP.Object.Injection CRITICAL" "invite-anyone 1.3.16 Multiple.Issues MEDIUM" "invoice-payment-for-woocommerce 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "image-carousel-for-divi 1.6.1 Reflected.Cross-Site.Scripting MEDIUM" "image-carousel-for-divi 1.5.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "internallink-audit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "internal-comments No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "internal-comments 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ifeature-slider No.known.fix Contributor+.Stored.XSS MEDIUM" "ilc-thickbox No.known.fix Settings.update.via.CSRF MEDIUM" "image-source-control-isc 2.28.1 Reflected.Cross-Site.Scripting MEDIUM" "image-source-control-isc 2.29.1 Reflected.Cross-Site.Scripting MEDIUM" "image-source-control-isc 2.17.1 Sensitive.Information.Exposure.via.Log.File MEDIUM" "image-source-control-isc 2.3.1 Contributor+.Arbitrary.Post.Meta.Value.Change MEDIUM" "instant-css 1.2.2 Theme/CSS/Minify/Preprocessor.Data.Update.via.CSRF MEDIUM" "instant-css 1.1.5 Subscriber+.Unauthorised.AJAX.Calls MEDIUM" "import-users-to-mailchimp No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "integration-for-gravity-forms-and-pipedrive 1.0.7 Reflected.Cross-Site.Scripting HIGH" "intimate-io-cryptocurrency-payments No.known.fix CSRF.Bypass MEDIUM" "ipblocklist No.known.fix CSRF MEDIUM" "idonate No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "idonate 2.0.0 Admin+.Stored.XSS LOW" "infugrator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "iframe 5.1 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "iframe 5.1 Contributor+.Stored.XSS MEDIUM" "iframe 4.9 Contributor+.Stored.XSS LOW" "iframe 4.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'iframe'.Shortcode MEDIUM" "iframe 4.5 Authenticated.Stored.Cross.Site.Scripting.(XSS) MEDIUM" "ideapush 8.73 Missing.Authorization MEDIUM" "ideapush 8.72 Missing.Authorization.to.Board.Term.Deletion MEDIUM" "ideapush 8.71 Cross-Site.Request.Forgery MEDIUM" "ideapush 8.69 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ideapush 8.66 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "ideapush 8.61 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "ideapush 8.58 Subscriber+.Memory.Tab/Routine/Taxonomy.Creation MEDIUM" "ideapush 8.53 Admin+.Stored.XSS LOW" "indeed-api No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "interview No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "instagrate-to-wordpress 1.3.8 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "ink-official No.known.fix Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "image-hover-effects 5.6 Caption.Settings.Update.via.CSRF MEDIUM" "image-hover-effects 5.5 Admin+.Stored.XSS LOW" "interactive-image-map-builder 1.1 Admin+.Stored.XSS LOW" "igumbi-online-booking 1.41 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "inline-text-popup No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ibuildapp No.known.fix Reflected.XSS HIGH" "images-optimize-and-upload-cf7 2.2.1 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "imagelinks-interactive-image-builder-lite 1.6.0 Admin+.SQLi MEDIUM" "imagelinks-interactive-image-builder-lite 1.5.4 Contributor+.Stored.XSS MEDIUM" "imagelinks-interactive-image-builder-lite 1.5.3 Reflected.Cross-Site.Scripting HIGH" "ip-loc8 No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "imagemagick-sharpen-resized-images No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "import-users-from-csv-with-meta 1.27.13 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "import-users-from-csv-with-meta 1.27.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "import-users-from-csv-with-meta 1.26.9 Unauthenticated.Information.Exposure MEDIUM" "import-users-from-csv-with-meta 1.26.7 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "import-users-from-csv-with-meta 1.26.7 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "import-users-from-csv-with-meta 1.26.6 Missing.Authorization MEDIUM" "import-users-from-csv-with-meta 1.26.3 Authenticated.(Admin+).PHP.Object.Injection HIGH" "import-users-from-csv-with-meta 1.24.7 Missing.Authorization.via.fire_cron.REST.endpoint MEDIUM" "import-users-from-csv-with-meta 1.24.4 Contributor+.Stored.XSS MEDIUM" "import-users-from-csv-with-meta 1.24.3 Admin+.Arbitrary.File.Read/Deletion MEDIUM" "import-users-from-csv-with-meta 1.20.5 Subscriber+.CSV.Injection MEDIUM" "import-users-from-csv-with-meta 1.19.2.1 Admin+.Stored.Cross-Site.Scripting LOW" "import-users-from-csv-with-meta 1.16.3.6 CSV.Injection MEDIUM" "import-users-from-csv-with-meta 1.15.0.1 Unauthorised.Authenticated.Users.Export LOW" "import-users-from-csv-with-meta 1.14.2.2 CSRF.leading.to.attachment.deletion.&.Path.Traversal HIGH" "import-users-from-csv-with-meta 1.14.1.3 XSS MEDIUM" "import-users-from-csv-with-meta 1.14.0.3 XSS.and.CSRF HIGH" "import-users-from-csv-with-meta 1.12.1 Import.Cross-Site.Scripting.(XSS) MEDIUM" "icon-widget 1.4.0 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "icon-widget 1.3.0 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "import-facebook-events 1.8.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "icegram-rainmaker 1.3.19 Missing.Authorization MEDIUM" "icegram-rainmaker 1.3.15 Missing.Authorization MEDIUM" "icegram-rainmaker 1.3.9 Contributor+.Stored.XSS MEDIUM" "inline-call-to-action-builder-lite 1.1.1 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "images-asynchronous-load 1.06 Reflected.Cross-Site.Scripting MEDIUM" "inline-click-to-tweet No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "icegram 3.1.32 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "icegram 3.1.32 Author+.Stored.XSS MEDIUM" "icegram 3.1.32 Admin+.Stored.XSS LOW" "icegram 3.1.32 Admin+.Stored.XSS LOW" "icegram 3.1.26 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "icegram 3.1.25 Missing.Authorization MEDIUM" "icegram 3.1.25 Missing.Authorization.to.Unauthenticated.Message.Duplication MEDIUM" "icegram 3.1.22 Contributor+.Campaign.Status.Toggle./.Duplication LOW" "icegram 3.1.19 Cross-Site.Request.Forgery.via.save_campaign_preview MEDIUM" "icegram 3.1.20 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Campaign.Message MEDIUM" "icegram 3.1.12 Reflected.XSS HIGH" "icegram 2.1.8 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "icegram 2.0.5 Reflected.Cross-Site.Scripting MEDIUM" "icegram 2.0.3 Admin+.Stored.Cross-Site.Scripting LOW" "icegram 1.10.29 CSRF.to.Stored.XSS MEDIUM" "icegram 1.9.19 Cross-Site.Request.Forgery.(CSRF).&.XSS MEDIUM" "information-for-help 0.0.3 Reflected.Cross-Site.Scripting MEDIUM" "image-wall 3.1 Reflected.Cross-Site.Scripting MEDIUM" "image-alt-text 3.0.0 Missing.Authorization.to.Authenticated.(Subscriber+).Image.Alt.Text.Update MEDIUM" "image-optimizer-wd 1.0.27 Admin+.Path.Traversal MEDIUM" "image-optimizer-wd 1.0.27 Reflected.Cross-Site.Scripting HIGH" "interactive-uk-map 3.4.9 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting HIGH" "intelligence No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "joli-faq-seo 1.3.3 Cross-Site.Request.Forgery MEDIUM" "joli-faq-seo 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "joli-faq-seo 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "job-manager No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "job-manager No.known.fix .Insecure.Direct.Object.Reference.(IDOR) MEDIUM" "job-manager 0.7.25 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "journey-analytics 1.0.13 Unauthorised.AJAX.call.via.CSRF MEDIUM" "jf3-maintenance-mode 2.1.0 IP.Spoofing.to.Maintenance.Mode.Bypass MEDIUM" "jet-blog 2.4.3.1 Missing.Authorization MEDIUM" "jet-blog 2.4.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "joli-clear-lightbox No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "joli-clear-lightbox 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "jetpackcrm-ext-woo-connect 2.13 Unauthorized.Invoice.Disclosure LOW" "jsm-show-post-meta 4.6.1 Missing.Authorization MEDIUM" "job-postings 2.7.12 Authenticated.(Subscriber+).Arbitrary.File.Read MEDIUM" "job-postings 2.7.11 Contributor+.Stored.XSS MEDIUM" "job-postings 2.7.8 Contributor+.Stored.XSS MEDIUM" "job-postings 2.7.6 Reflected.Cross-Site.Scripting.via.job-search MEDIUM" "job-postings 2.7.6 Reflected.Cross-Site.Scripting MEDIUM" "job-postings 2.7.4 Contributor+.Stored.XSS MEDIUM" "job-postings 2.5.11 Admin+.Stored.XSS LOW" "job-postings 2.6.0 Author+.Stored.XSS MEDIUM" "just-custom-fields No.known.fix Cross-Site.Request.Forgery.via.AJAX.actions MEDIUM" "just-custom-fields No.known.fix Missing.Authorization.via.AJAX.actions MEDIUM" "just-custom-fields No.known.fix Cross-Site.Request.Forgery.on.AJAX.Actions MEDIUM" "just-custom-fields No.known.fix Missing.Authorization.on.AJAX.Actions MEDIUM" "jp-staticpagex No.known.fix Arbitrary.Settings.Update.via.CSRF.to.Stored.XSS MEDIUM" "js-vehicle-manager No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "jc-ajax-search-for-woocommerce 1.0.3 Reflected.Cross-Site.Scripting MEDIUM" "joy-of-text No.known.fix Missing.Authorization MEDIUM" "joy-of-text No.known.fix Settings.Update.via.CSRF MEDIUM" "joy-of-text 2.3.1 Unauthenticated.SQLi HIGH" "job-board-manager 2.1.61 Missing.Authorization MEDIUM" "job-board-manager No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "job-board-manager No.known.fix Missing.Authorization MEDIUM" "job-board-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "job-board-manager 2.1.60 Cross-Site.Request.Forgery MEDIUM" "job-board-manager No.known.fix Missing.Authorization MEDIUM" "job-board-manager 2.1.59 Subscriber+.Stored.XSS HIGH" "jp-students-result-system-premium No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "job-manager-career 1.4.5 Cross-Site.Request.Forgery.to.PHP.Object.Injection HIGH" "job-manager-career 1.4.4 Directory.listing.to.Sensitive.Data.Exposure HIGH" "jivochat 1.3.5.4 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "joli-table-of-contents 2.0.10 Reflected.Cross-Site.Scripting MEDIUM" "joli-table-of-contents 1.3.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "jet-blocks 1.3.16.1 Missing.Authorization MEDIUM" "jet-blocks 1.3.16.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jet-blocks 1.3.12.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jet-blocks 1.3.8.1 Reflected.Cross.Site.Scripting MEDIUM" "jc-importer 2.14.6 Unauthenticated.Sensitive.Information.Exposure.Through.Unprotected.Directory HIGH" "jc-importer 2.13.1 Admin+.Server-side.Request.Forgery MEDIUM" "jc-importer 2.4.6 Admin+.Arbitrary.File.Upload.to.RCE MEDIUM" "job-portal No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "jemployee No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "jonradio-private-site 3.1.0 Improper.Access.Control.to.Sensitive.Information.Exposure.via.REST.API MEDIUM" "jonradio-private-site 3.0.8 Arbitrary.Settings.Update.via.CSRF MEDIUM" "jquery-t-countdown-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.tminus.Shortcode MEDIUM" "jquery-t-countdown-widget 2.3.24 Contributor+.Stored.XSS MEDIUM" "jw-player-7-for-wp 2.3.4 Missing.Authorization MEDIUM" "jet-engine 3.6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jet-engine 3.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.list_tag.Parameter MEDIUM" "jet-engine 3.2.5 Authenticated.(Contributor+).Privilege.Escalation HIGH" "jet-engine 3.2.5 Missing.Authorization HIGH" "jet-engine 3.1.3.1 Author+.Remote.Code.Execution HIGH" "js-jobs No.known.fix Unauthenticated.SQL.Injection HIGH" "js-jobs No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "js-jobs No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "js-jobs No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "js-jobs No.known.fix Missing.Authorization MEDIUM" "js-jobs No.known.fix Authenticated.Insecure.Direct.Object.Reference MEDIUM" "js-jobs 2.0.1 Multiple.CSRF MEDIUM" "js-jobs 2.0.1 Missing.Authorization MEDIUM" "js-jobs 2.0.1 Subscriber+.Stored.XSS HIGH" "js-jobs 1.1.9 Unauthenticated.Arbitrary.Plugin.Installation/Activation CRITICAL" "js-jobs 1.0.7 CSRF HIGH" "jk-html-to-pdf No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "jsmol2wp No.known.fix Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "jsmol2wp No.known.fix Unauthenticated.Server.Side.Request.Forgery.(SSRF) HIGH" "javascript-logic No.known.fix CSRF.to.Stored.XSS HIGH" "jcarousel-for-wordpress No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "joomdev-wp-pros-cons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "json-content-importer 1.6.0 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "json-content-importer 1.5.4 Reflected.XSS HIGH" "json-content-importer 1.3.16 Admin+.Stored.XSS LOW" "jquery-reply-to-comment No.known.fix CSRF.to.Stored.Cross-Site.Scripting HIGH" "just-tables 1.5.0 Cross-Site.Request.Forgery MEDIUM" "jds-portfolio No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "jwp-a11y No.known.fix Admin+.Stored.XSS LOW" "jquery-vertical-accordion-menu No.known.fix Contributor+.Stored.XSS MEDIUM" "jetpack-boost 3.4.8 Contributor+.Stored.XSS MEDIUM" "jetpack-boost 3.4.7 Admin+.SSRF MEDIUM" "jreviews No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "jazz-popups No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting HIGH" "json-api-user 3.9.4 Unauthenticated.Privilege.Escalation CRITICAL" "joomsport-sports-league-results-management 5.6.18 Reflected.Cross-Site.Scripting.via.page HIGH" "joomsport-sports-league-results-management 5.6.4 Missing.Authorization MEDIUM" "joomsport-sports-league-results-management 5.5.7 Missing.Authorization MEDIUM" "joomsport-sports-league-results-management 5.2.8 Unauthenticated.SQLi HIGH" "joomsport-sports-league-results-management 5.2.6 Admin+.SQLi MEDIUM" "joomsport-sports-league-results-management 5.1.8 Unauthenticated.PHP.Object.Injection MEDIUM" "joomsport-sports-league-results-management 3.4 SQL.Injection CRITICAL" "juicer 1.11 Contributor+.Stored.XSS MEDIUM" "job-board-vanilla No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "jquery-validation-for-contact-form-7 5.3 Arbitrary.Options.Update.via.CSRF HIGH" "jet-search 3.5.7.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jet-search 3.5.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jetpack-debug-helper 2.0.1 Missing.Authorization MEDIUM" "jobwp 2.4.0 Unauthenticated.SQL.Injection HIGH" "jobwp 2.4.0 Cross-Site.Request.Forgery MEDIUM" "jobwp 2.2 Sensitive.Information.Exposure HIGH" "jobwp 2.0 Reflected.Cross-Site.Scripting MEDIUM" "jet-menu 2.4.9.1 Missing.Authorization MEDIUM" "jb-horizontal-scroller-news-ticker No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jungbillig-portfolio-gallery No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "job-board-light No.known.fix Missing.Authorization MEDIUM" "job-board-light No.known.fix Authenticated.(Employer+).Insecure.Direct.Object.Reference MEDIUM" "job-board-light 1.2.7 Unauthenticated.Arbitrary.File.Upload CRITICAL" "jma-youtube-playlists-with-schema No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "justified-gallery 1.8.0b1 Reflected.Cross-Site.Scripting MEDIUM" "justified-gallery 1.7.1 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "justified-gallery 1.5.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "js-css-script-optimizer No.known.fix Cross-Site.Request.Forgery MEDIUM" "judgeme-product-reviews-woocommerce 1.3.21 Contributor+.Stored.XSS MEDIUM" "jekyll-exporter 2.2.1 Unauthenticated.RCE.via.PHPUnit CRITICAL" "js-support-ticket 2.9.3 Missing.Authorization MEDIUM" "js-support-ticket 2.9.2 Unauthenticated.Arbitrary.File.Download HIGH" "js-support-ticket 2.9.3 Unauthenticated.SQL.Injection HIGH" "js-support-ticket 2.9.3 Unauthenticated.Local.File.Inclusion CRITICAL" "js-support-ticket 2.9.3 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "js-support-ticket 2.8.9 Unauthenticated.Sensitive.Information.Exposure.Through.Unprotected.Directory HIGH" "js-support-ticket 2.8.9 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "js-support-ticket 2.8.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "js-support-ticket 2.8.7 Unauthenticated.PHP.Code.Injection.to.Remote.Code.Execution CRITICAL" "js-support-ticket 2.8.4 Missing.Authorization MEDIUM" "js-support-ticket 2.8.2 Unauthenticated.SQL.Injection.via.email.and.trackingid CRITICAL" "js-support-ticket 2.7.8 Best.Help.Desk.&.Support.<.2.7.8.-.Subscriber+.Ticket.Manipulation.via.IDOR MEDIUM" "js-support-ticket 2.7.2 CSRF MEDIUM" "js-support-ticket 2.0.6 CSRF HIGH" "jet-theme-core 2.2.1 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "jobcareer No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Multiple.Administrative.Actions HIGH" "jh-404-logger No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "jeg-elementor-kit 2.6.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Video.Button.and.Countdown.Widgets MEDIUM" "jeg-elementor-kit 2.6.12 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Countdown.and.Off-Canvas MEDIUM" "jeg-elementor-kit 2.6.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.JKit.-.Countdown.Widget MEDIUM" "jeg-elementor-kit 2.6.10 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.sg_content_template MEDIUM" "jeg-elementor-kit 2.6.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jeg-elementor-kit 2.6.8 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File MEDIUM" "jeg-elementor-kit 2.6.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.JKit.-.Tabs.and.JKit.-.Accordion.Widgets MEDIUM" "jeg-elementor-kit 2.6.5 Contributor+.Stored.XSS.via.Countdown.Widget MEDIUM" "jeg-elementor-kit 2.6.5 Contributor+.Stored.XSS.via.Elementor.Widget.URL.Custom.Attributes MEDIUM" "jeg-elementor-kit 2.6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.JKit.-.Banner MEDIUM" "jeg-elementor-kit 2.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Box MEDIUM" "jeg-elementor-kit 2.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Testimonial MEDIUM" "jeg-elementor-kit 2.6.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "jeg-elementor-kit 2.5.7 Unauthenticated.Settings.Update MEDIUM" "jeg-elementor-kit 2.5.7 Subscriber+.Authorization.Bypass MEDIUM" "justified-image-grid No.known.fix Unauthenticated.Server-Side.Request.Forgery MEDIUM" "jet-elements 2.7.4.2 Missing.Authorization MEDIUM" "jet-elements 2.7.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jet-elements 2.7.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "jet-elements 2.6.20.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jet-elements 2.6.20.1 Authenticated.(Contributor+).Arbitrary.Local.File.Inclusion HIGH" "jet-elements 2.6.13.1 Missing.Authorization.to.Unauthenticated.Arbitrary.Attachment.Download MEDIUM" "jetpack 14.1-a.1 Unauthenticated.DOM-XSS MEDIUM" "jetpack 6.6.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 8.8.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 5.0.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 7.2.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 12.8.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 12.2.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 10.6.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 11.3.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 9.7.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 9.5.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 5.7.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 7.9.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 4.1.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.5.1 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 12.0.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 10.4.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 6.4.6 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 8.6.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 4.8.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 7.0.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.3.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 11.1.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 9.3.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 5.5.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 7.7.6 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 3.9.10 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 11.8.6 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 10.2.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 6.2.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 8.4.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 4.6.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 6.8.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 5.3.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 7.5.7 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.1.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 12.5.1 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 10.9.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 9.1.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 11.6.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 10.0.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 6.0.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 8.2.6 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 4.4.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.8.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 8.9.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 5.1.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 7.3.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 12.9.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 12.3.1 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 10.7.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 11.4.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 9.8.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 9.6.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 5.8.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 8.0.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 4.2.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.6.1 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 6.5.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 8.7.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 4.9.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 7.1.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 12.7.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 12.1.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 10.5.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 11.2.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 9.4.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 5.6.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 7.8.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 4.0.7 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.4.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 11.9.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 10.3.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 6.3.7 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 8.5.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 4.7.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 6.9.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.2.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 12.6.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 11.0.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 9.2.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 5.4.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 7.6.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 11.7.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 10.1.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 6.1.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 8.3.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 4.5.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 6.7.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.9.1 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 9.0.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 5.2.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 7.4.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.0.1 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 12.4.1 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 10.8.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 11.5.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 9.9.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 5.9.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 8.1.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 4.3.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.7.1 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.8 Contributor+.Stored.XSS MEDIUM" "jetpack 13.8 Unauthenticated.Arbitrary.Block.&.Shortcode.Execution MEDIUM" "jetpack 13.4 Contributor+.Stored.Cross-Site.Scripting.via.wpvideo.Shortcode MEDIUM" "jetpack 13.2.1 Contributor+.Stored.XSS MEDIUM" "jetpack 12.8-a.3 Contributor+.Stored.XSS.via.block.attribute MEDIUM" "jetpack 12.7 Authenticated(Contributor+).Clickjacking.via.Iframe.Injection MEDIUM" "jetpack 12.7 Improper.Authorization.via.WPCom.External.Media.REST.endpoints MEDIUM" "jetpack 12.1.1 Author+.Arbitrary.File.Manipulation.via.API HIGH" "jetpack 9.8 Carousel.Module.Non-Published.Page/Post.Attachment.Comment.Leak MEDIUM" "jetpack 7.9.1 Vulnerability.in.Shortcode.Embed.Code MEDIUM" "jetpack 6.5 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "jetpack 4.0.4 Multiple.Vulnerabilities MEDIUM" "jiangqie-official-website-mini-program No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "jiangqie-official-website-mini-program 1.1.1 Authenticated.SQL.Injection CRITICAL" "jobboardwp 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "jobboardwp 1.2.2 Unauthenticated.Arbitrary.File.Upload CRITICAL" "jobboardwp 1.1.0 Admin+.Stored.Cross-Site.Scripting LOW" "jet-footer-code No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "jtrt-responsive-tables No.known.fix Cross-Site.Request.Forgery MEDIUM" "jtrt-responsive-tables 4.1.2 JTRT.Responsive.Tables.<.4,1,2.–.Authenticated.SQL.Injection HIGH" "jvm-rich-text-icons 1.2.4 Subscriber+.Arbitrary.File.Upload HIGH" "jvm-rich-text-icons 1.2.7 Subscriber+.Arbitrary.File.Deletion HIGH" "jalbum-bridge 2.0.18 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jalbum-bridge 2.0.19 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jalbum-bridge 2.0.17 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.ar.Parameter MEDIUM" "job-listings No.known.fix Unauthenticated.Privilege.Escalation.via.register_action.Function CRITICAL" "just-post-preview No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "jet-woo-product-gallery 2.1.22.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jiangqie-free-mini-program No.known.fix Unauthenticated.Arbitrary.File.Uplaod CRITICAL" "jlayer-parallax-slider-wp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "justrows-free No.known.fix Reflected.XSS HIGH" "jet-tricks 1.5.1.1 Missing.Authorization MEDIUM" "jsp-store-locator No.known.fix Contributor+.SQL.Injection HIGH" "jsp-store-locator No.known.fix Deletion.via.Missing.CSRF MEDIUM" "jquery-news-ticker 3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "jquery-news-ticker 3.1 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "jet-tabs 2.2.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jet-tabs 2.2.3.1 Authenticated.(Contributor+).Arbitrary.Local.File.Inclusion HIGH" "jet-reviews 2.3.7 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "joan 5.6.3 Authenticated.Stored.Cross-Site.Scripting LOW" "joan 5.6.2 Reflected.Cross-Site.Scripting HIGH" "joan 5.6.2 Arbitrary.Plugin's.Settings.Update.via.CSRF MEDIUM" "jetgridbuilder 1.1.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "just-writing-statistics 5.4 Missing.Authorization MEDIUM" "just-writing-statistics 4.8 Authenticated.(Administrator+).SQL.Injection MEDIUM" "just-writing-statistics 4.6 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "jquery-collapse-o-matic No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "jquery-collapse-o-matic 1.8.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "jquery-collapse-o-matic No.known.fix Contributor+.Stored.XSS MEDIUM" "jquery-collapse-o-matic 1.8.3 Contributor+.Stored.XSS MEDIUM" "jigoshop-store-toolkit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "just-wp-variables No.known.fix Cross-Site.Request.Forgery MEDIUM" "jquery-accordion-slideshow 8.2 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "jt-express 2.0.15 Reflected.Cross-Site.Scripting.via.[placeholder] MEDIUM" "jet-smart-filters 3.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jetwidgets-for-elementor 1.0.19 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "jetwidgets-for-elementor 1.0.18 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.layout_type.and.id.Parameters MEDIUM" "jetwidgets-for-elementor 1.0.17 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Widget.Button.URL MEDIUM" "jetwidgets-for-elementor 1.0.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Animated.Box.Widget MEDIUM" "jetwidgets-for-elementor 1.0.13 Settings.Update.via.CSRF MEDIUM" "jetwidgets-for-elementor 1.0.14 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "jetwidgets-for-elementor 1.0.9 Contributor+.Stored.XSS MEDIUM" "jazzcash-woocommerce-gateway No.known.fix Reflected.Cross-Site.Scripting HIGH" "jigoshop-exporter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "justified-image-gallery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jetformbuilder 3.3.4.2 Authenticated.(Administrator+).Privilege.Escalation HIGH" "jetformbuilder 3.1.5 Unauthenticated.Content.Injection MEDIUM" "jetformbuilder 3.0.7 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "jayj-quicktag 1.3.2 CSRF HIGH" "jetpack-feedback-exporter No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "jet-popup 2.0.12 Missing.Authorization MEDIUM" "js-twentytwenty No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jm-twitter-cards 14.1.0 Password.Protected.Post.Access MEDIUM" "jibu-pro No.known.fix Stored.XSS MEDIUM" "jeeng-push-notifications 2.0.4 Admin+.Stored.Cross-Site.Scripting LOW" "jetwoo-widgets-for-elementor 1.1.8 Authenticated.(Contributor+).Limited.Local.File.Inclusion HIGH" "javo-core 3.0.0.266 Unauthenticated.Privilege.Escalation.in.ajax_signup CRITICAL" "jch-optimize 4.2.1 Authenticated.(Subscriber+).Directory.Traversal MEDIUM" "jch-optimize 3.2.3 Admin+.Stored.XSS LOW" "jobhunt-notifications No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Content.Deletion MEDIUM" "jsfiddle-shortcode 1.1.3 Contributor+.XSS.via.Shortcode MEDIUM" "jquery-drop-down-menu-plugin No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "json-structuring-markup No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "jupiterx-core 4.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Inline.SVG MEDIUM" "jupiterx-core 4.8.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jupiterx-core 4.8.12 Unauthenticated.PHP.Object.Injection.via.PHAR HIGH" "jupiterx-core 4.8.8 Authenticated.(Contributor+).SVG.Upload.to.Local.File.Inclusion.(Remote.Code.Execution) HIGH" "jupiterx-core 4.8.8 Authenticated.(Contributor+).Arbitrary.File.Read MEDIUM" "jupiterx-core 4.8.6 Missing.Authorization.to.Unauthenticated.Popup.Template.Export MEDIUM" "jupiterx-core 4.8.6 Missing.Authorization.to.Authenticated.Library.Sync MEDIUM" "jupiterx-core 4.7.8 Limited.Unauthenticated.Authentication.Bypass.to.Account.Takeover HIGH" "jupiterx-core 4.6.6 Unauthenticated.Arbitrary.File.Upload CRITICAL" "jupiterx-core 3.4.3 Unauthenticated.Privilege.Escalation CRITICAL" "jupiterx-core 3.3.8 Unauthenticated.Arbitrary.File.Upload CRITICAL" "jupiterx-core 4.6.9 Unauthenticated.Arbitrary.File.Download HIGH" "jupiterx-core 2.0.7 Subscriber+.Arbitrary.Plugin.Deactivation.and.Settings.Update MEDIUM" "jupiterx-core 2.0.8 Subscriber+.Privilege.Escalation.and.Post.Deletion CRITICAL" "jupiterx-core 2.0.7 Information.Disclosure,.Modification,.and.Denial.of.Service MEDIUM" "jet-woo-builder 2.1.18.1 Missing.Authorization MEDIUM" "jet-woo-builder 2.1.18.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "job-board 1.1.4 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "job-board 1.0.1 Admin+.Stored.XSS LOW" "jet-compare-wishlist 1.5.10 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "jet-skinner-for-buddypress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "jquery-tagline-rotator No.known.fix Reflected.Cross-Site.Scripting HIGH" "ksher-payment 1.1.3 Missing.Authorization MEDIUM" "ksher-payment 1.1.2 Missing.Authorization MEDIUM" "kush-micro-news No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "kadence-starter-templates 1.2.17 Admin+.PHP.Object.Injection MEDIUM" "korea-sns 1.6.5 Settings.Update.via.CSRF MEDIUM" "kodo-qiniu 1.5.1 Cross-Site.Request.Forgery MEDIUM" "kaswara No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "kbucket 4.2.2 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "kbucket 4.2.3 Subscriber+.Arbitrary.File.Upload HIGH" "kbucket 4.1.5 Reflected.XSS MEDIUM" "kbucket 4.1.6 Admin+.Stored.XSS LOW" "kunze-law 2.1 Admin+.Stored.Cross-Site.Scripting LOW" "kadence-woocommerce-email-designer 1.5.15 Admin+.Arbitrary.File.Upload MEDIUM" "kadence-woocommerce-email-designer 1.5.12 CSRF MEDIUM" "kadence-woocommerce-email-designer 1.5.7 Admin+.PHP.Objection.Injection MEDIUM" "keyword-meta No.known.fix CSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "kiwichat No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.url.Parameter MEDIUM" "kimili-flash-embed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kimili-flash-embed No.known.fix Cross-Site.Request.Forgery MEDIUM" "koalendar-free-booking-widget 1.0.3 Contributor+.Stored.XSS.via.height.Parameter MEDIUM" "kstats-reloaded No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kiotvietsync No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "kiotvietsync 1.8.5 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "kings-tab-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kopa-nictitate-toolkit No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kineticpay-for-woocommerce 3.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "kattene 1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ko-fi-button 1.3.3 Admin+.Stored.XSS LOW" "kona-instagram-feed-for-gutenberg No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kona-instagram-feed-for-gutenberg No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "koko-analytics 1.3.13 Reflected.Cross-Site.Scripting MEDIUM" "kiwi-logo-carousel 1.7.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "kevins-plugin No.known.fix Cross-Site.Request.Forgery MEDIUM" "kundgenerator 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "kv-tinymce-editor-fonts No.known.fix Font.List.Update.via.CSRF MEDIUM" "kitestudio-core 2.3.1 Reflected.Cross-Site-Scripting MEDIUM" "kopatheme No.known.fix Cross-Site.Request.Forgery MEDIUM" "kintpv-connect 8.141 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "kubio 2.5.2 Unauthenticated.Local.File.Inclusion CRITICAL" "kubio 2.4.0 Reflected.Cross-Site.Scripting MEDIUM" "kubio 2.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kh-easy-user-settings No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "keymaster-chord-notation-free No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kikfyre-events-calendar-tickets No.known.fix Missing.Authorization MEDIUM" "konami-easter-egg No.known.fix Cross-Site.Request.Forgery MEDIUM" "keycaptcha No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "kama-spamblock 1.8.3 Reflected.Cross-Site.Scripting MEDIUM" "kkprogressbar No.known.fix Stored.XSS.via.CSRF HIGH" "kkprogressbar No.known.fix Progress.Bar.Deletion.via.CSRF MEDIUM" "kkprogressbar No.known.fix Admin+.SQL.Injection MEDIUM" "kraken-image-optimizer 2.6.6 Settings.Update.via.CSRF MEDIUM" "korea-for-woocommerce 1.1.12 Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "kento-ads-rotator No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "keydatas 2.6.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "kapost-byline No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "k-elements 5.4.0 Authentication.Bypass CRITICAL" "ki-live-video-conferences No.known.fix Unauthenticated.Information.Disclosure MEDIUM" "ki-live-video-conferences No.known.fix Missing.Authorization MEDIUM" "knowledgebase 2.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "knowledgebase 2.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "knr-author-list-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "knr-author-list-widget 3.0.0 Unauthenticated.SQL.Injection CRITICAL" "knowledgebase-helpdesk-pro No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "keep-backup-daily 2.1.1 Authenticated.(Admin+).Arbitrary.File.Download MEDIUM" "keep-backup-daily No.known.fix Unauthenticated.Information.Disclosure MEDIUM" "keep-backup-daily 2.0.3 Reflected.Cross-Site.Scripting MEDIUM" "kento-wp-stats No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "krsp-frontend-file-upload No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "krsp-frontend-file-upload No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "kwayy-html-sitemap 4.0 Admin+.Stored.XSS LOW" "kenta-blocks 1.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kenta-blocks 1.3.4 Reflected.Cross-Site.Scripting MEDIUM" "kingcomposer No.known.fix Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "kingcomposer No.known.fix Open.Redirect MEDIUM" "kingcomposer 2.9.5 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "kingcomposer 2.9.4 Multiple.Critical.Issues CRITICAL" "kingcomposer 2.8.2 Authenticated.Stored.XSS HIGH" "kingcomposer 2.8.1 Reflected.Cross-Site.Scripting MEDIUM" "kudos-donations 3.3.0 Reflected.Cross-Site.Scripting.via.'add_query_arg' MEDIUM" "kudos-donations 3.3.0 Reflected.Cross-Site.Scripting MEDIUM" "kudos-donations 3.1.2 Arbitrary.Items.Deletion.via.CSRF HIGH" "kk-youtube-video No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kali-forms 2.4.3 Contributor+.Stored.XSS MEDIUM" "kali-forms 2.3.42 Missing.Authorization MEDIUM" "kali-forms 2.3.42 Missing.Authorization.to.Arbitrary.Plugin.Deactivation HIGH" "kali-forms 2.3.37 Kali.Forms.<.2.3.37.-.Insecure.Direct.Object.Reference MEDIUM" "kali-forms 2.3.28 Kali.Forms.<.2.3.28.-.Missing.Authorization.via.Contact.Form MEDIUM" "kali-forms 2.3.29 Kali.Forms.<.2.3.29.-.Missing.Authorization.via.get_log MEDIUM" "kali-forms 2.1.2 Form.builder.by.Kali.Forms.<.2.1.2.-.Unauthenticated.Arbitrary.Post.Deletion HIGH" "kali-forms 2.1.2 Form.builder.by.Kali.Forms.<.2.1.2.-.Multiple.CSRF.Bypass.Issues MEDIUM" "kali-forms 2.1.2 Form.builder.by.Kali.Forms.<.2.1.2.-.Authenticated.Plugin's.Settings.Change HIGH" "kd-coming-soon No.known.fix Unauthenticated.PHP.Object.Injection.via.cetitle HIGH" "king-ie No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "knight-lab-timelinejs No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "knight-lab-timelinejs 3.9.3.4 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "knight-lab-timelinejs 3.7.0.0 Outdated.TimelineJS.library.could.Lead.to.Stored.XSS MEDIUM" "king-addons 24.12.59 Missing.Authorization MEDIUM" "kento-post-view-counter No.known.fix CSRF.&.multiple.XSS HIGH" "kargo-entegrator 1.1.15 Authenticated.(Shop.Manager+).SQL.Injection MEDIUM" "kjm-admin-notices No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "kivicare-clinic-management-system 3.6.8 Authenticated.(Doctor+).SQL.Injection.via.'u_id'.Parameter MEDIUM" "kivicare-clinic-management-system 3.6.5 Authenticated.(Doctor/Receptionist+).SQL.Injection MEDIUM" "kivicare-clinic-management-system 3.6.5 Unauthenticated.SQL.Injection HIGH" "kivicare-clinic-management-system 3.6.5 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "kivicare-clinic-management-system 3.6.7 Patient+.Insecure.Direct.Object.Reference MEDIUM" "kivicare-clinic-management-system 3.2.1 Subscriber+.Unauthorised.AJAX.Calls HIGH" "kivicare-clinic-management-system 3.2.1 Reflected.Cross-Site.Scripting HIGH" "kivicare-clinic-management-system 3.2.1 Multiple.CSRF HIGH" "kivicare-clinic-management-system 3.2.1 Subscriber+.Sensitive.Information.Disclosure MEDIUM" "kivicare-clinic-management-system 2.3.9 Unauthenticated.SQLi HIGH" "kredeum-nfts 1.6.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kioken-blocks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "kangu 2.2.10 Reflected.XSS HIGH" "kau-boys-backend-localization No.known.fix Settings.Update.via.CSRF MEDIUM" "kn-fix-your No.known.fix Authenticated.Stored.XSS LOW" "klaviyo 3.0.10 Admin+.Stored.XSS LOW" "klaviyo 3.0.8 Admin+.Stored.XSS LOW" "klarna-payments-for-woocommerce 3.3.0 Missing.Authorization MEDIUM" "kalender-digital 1.0.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kk-i-like-it No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "killer-theme-options No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "klarna-checkout-for-woocommerce 2.13.5 DoS.via.Excessive.Logging MEDIUM" "klarna-checkout-for-woocommerce 2.0.10 Authenticated.Arbitrary.Plugin.Deactivation,.Activation.and.Installation CRITICAL" "ketchup-restaurant-reservations No.known.fix Unauthenticated.Blind.SQLi HIGH" "ketchup-restaurant-reservations No.known.fix Unauthenticated.Stored.XSS HIGH" "ketchup-shortcodes-pack 0.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ketchup-shortcodes-pack 0.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kumihimo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kodex-posts-likes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kodex-posts-likes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kodex-posts-likes No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "kodex-posts-likes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kodex-posts-likes 2.5.0 Settings.Update.via.CSRF MEDIUM" "kaya-qr-code-generator 1.5.3 Contributor+.Stored.XSS MEDIUM" "kontxt-semantic-engine No.known.fix CSRF.Bypass MEDIUM" "kp-fastest-tawk-to-chat No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "key4ce-osticket-bridge No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "konnichiwa No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kanzu-support-desk No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kanzu-support-desk No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "kanzu-support-desk No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "keywords-highlight-tool No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kb-support No.known.fix Unauthenticated.Sensitive.Information.Exposure.Through.Unprotected.Directory HIGH" "kb-support 1.6.8 Unauthenticated.Open.Redirect MEDIUM" "kb-support 1.6.7 Unauthenticated.Ticket.Reply.Exposure MEDIUM" "kb-support 1.6.7 Subscriber+.Multiple.Administrator.Actions HIGH" "kb-support 1.6.1 Missing.Authorization MEDIUM" "kb-support 1.5.6 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "kenta-companion 1.1.9 Reflected.Cross-Site.Scripting MEDIUM" "kadence-blocks 3.4.10 Contributor+.Stored.XSS MEDIUM" "kadence-blocks 3.3.2 Missing.Authorization MEDIUM" "kadence-blocks 3.4.3 Authenticated.(contributor+).Stored.Cross-Site.Scripting.via.Button.Link MEDIUM" "kadence-blocks 3.2.54 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "kadence-blocks 3.2.54 Admin+.Stored.XSS LOW" "kadence-blocks 3.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kadence-blocks 3.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Icon.Widget MEDIUM" "kadence-blocks 3.2.53 Contributor+.Stored.XSS MEDIUM" "kadence-blocks 3.2.46 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.HTML.Data.Attributes MEDIUM" "kadence-blocks 3.2.43 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.in.Google.Maps.Widget MEDIUM" "kadence-blocks 3.2.39 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.titleFont.Parameter MEDIUM" "kadence-blocks 3.2.38 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "kadence-blocks 3.2.37 Contributor+.Stored.XSS MEDIUM" "kadence-blocks 3.2.38 Contributor+.Stored.Cross-Site.Scripting.via.Typer.Effect MEDIUM" "kadence-blocks 3.2.37 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Timer MEDIUM" "kadence-blocks 3.2.37 Contributor+.Stored.Cross-Site.Scripting.via.Block.Link MEDIUM" "kadence-blocks 3.2.35 Contributor+.Stored.XSS MEDIUM" "kadence-blocks 3.2.12 Contributor+.Server-Side.Request.Forgery HIGH" "kadence-blocks 3.2.32 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.and.CountUp.Widget MEDIUM" "kadence-blocks 3.2.18 Authenticated(Editor+).Stored.Cross-Site.Scripting.via.Contact.Form.Message.Settings MEDIUM" "kadence-blocks 3.2.26 Authenticated.(Author+).Server-Side.Request.Forgery MEDIUM" "kadence-blocks 3.2.20 Contributor+.Server-Side.Request.Forgery MEDIUM" "kadence-blocks 3.2.26 Contributor+.Stored.XSS MEDIUM" "kadence-blocks 3.2.26 Contributor+.Stored.XSS MEDIUM" "kadence-blocks 3.2.26 Contributor+.Stored.XSS MEDIUM" "kadence-blocks 3.2.24 Contributor+.Stored.XSS MEDIUM" "kiwi-social-share 2.1.8 Information.Disclosure MEDIUM" "kiwi-social-share 2.1.3 Kiwi.2.1.0.-.Unauthenticated.Arbitrary.WordPress.Options.Update.and.Read CRITICAL" "kiwi-social-share 2.0.11 Kiwi.<.2.0.11.-.Arbitrary.WordPress.Options.Update CRITICAL" "kadence-blocks-pro 2.3.8 Contributor+.Arbitrary.Option.Access MEDIUM" "kvoucher No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kvoucher No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "kanban No.known.fix Missing.Authorization MEDIUM" "kanban No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kanban 2.5.21 Admin+.Stored.XSS LOW" "kanban 2.5.21 Admin+.Stored.XSS LOW" "kanban No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "kata-plus 1.5.4 Unauthenticated.PHP.Object.Injection HIGH" "kata-plus 1.5.0 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "kata-plus 1.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kk-star-ratings 5.4.10.2 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "kk-star-ratings 5.4.6 Rating.Tampering.via.Race.Condition LOW" "kk-star-ratings 5.4.6 Missing.Authorization MEDIUM" "kk-star-ratings 5.4.5 Reflected.Cross-Site.Scripting MEDIUM" "kk-star-ratings 5.2.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "kama-clic-counter 4.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kama-clic-counter 3.5.0 XSS MEDIUM" "kama-clic-counter 3.5.0 Authenticated.Blind.SQL.Injection HIGH" "kv-send-email-from-admin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kvcore-idx No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "linet-erp-woocommerce-integration 3.6.0 Authenticated.(Admin+).Arbitrary.File.Read.&.Deletion HIGH" "linet-erp-woocommerce-integration 3.5.8 Cross-Site.Request.Forgery MEDIUM" "learning-management-system 1.13.4 Authenticated.(Student+).Stored.Cross-Site.Scripting.via.Ask.a.Question.Functionality MEDIUM" "learning-management-system 1.13.4 Authenticated.(Student+).Missing.Authorization.to.Privilege.Escalation HIGH" "learning-management-system 1.11.5 LMS.<.1.11.5.-.Authenticated.(Student+).Insecure.Direct.Object.Reference MEDIUM" "learning-management-system 1.12.0 LMS.<.1.12.0.-.Missing.Authorization MEDIUM" "learning-management-system 1.11.5 LMS.<.1.11.5.-.Missing.Authorization MEDIUM" "learning-management-system 1.7.4 LMS.<.1.7.4.-.Insecure.Direct.Object.Reference MEDIUM" "learning-management-system 1.7.3 LMS.<.1.7.3.-.Unauthenticated.Privilege.Escalation CRITICAL" "learning-management-system 1.6.8 Information.Exposure MEDIUM" "login-with-phone-number 1.7.50 Authenticated.(Subscriber+).Authorization.Bypass.to.Privilege.Escalation HIGH" "login-with-phone-number 1.7.36 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "login-with-phone-number 1.7.35 Insecure.Password.Reset.Mechanism HIGH" "login-with-phone-number 1.7.27 Authentication.Bypass.due.to.Missing.Empty.Value.Check CRITICAL" "login-with-phone-number 1.7.20 Missing.Authorization MEDIUM" "login-with-phone-number 1.6.94 Missing.Authorization MEDIUM" "login-with-phone-number 1.7.17 Unauthorized.Account.Password.Change.to.Privilege.Escalation HIGH" "login-with-phone-number 1.6.94 Cross-Site.Request.Forgery MEDIUM" "login-with-phone-number 1.5.7 User.Password.Change.via.CSRF HIGH" "login-with-phone-number 1.4.2 Reflected.Cross-Site.Scripting HIGH" "login-with-phone-number 1.3.8 Multiple.Admin+.Stored.XSS LOW" "login-with-phone-number 1.3.7 Unauthenticated.remote.plugin.deletion MEDIUM" "laposta No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "loi-hamon No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "limit-attempts 1.3.0 Reflected.Cross-Site.Scripting MEDIUM" "limit-attempts 1.1.8 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "limit-attempts 1.1.1 SQL.Injection CRITICAL" "lgpd-framework No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "language-switcher-for-transposh 1.6.0 Reflected.Cross-Site.Scripting MEDIUM" "locatoraid 3.9.51 Unauthenticated.PHP.Object.Injection CRITICAL" "locatoraid 3.9.48 Reflected.Cross-Site.Scripting MEDIUM" "locatoraid 3.9.31 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "locatoraid 3.9.24 Reflected.XSS HIGH" "locatoraid 3.9.19 Subscriber+.Stored.XSS HIGH" "locatoraid 3.9.15 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "locatoraid 3.9.12 CSRF MEDIUM" "leira-roles 1.1.10 Reflected.Cross-Site.Scripting MEDIUM" "local-search-seo-contact-page No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "login-sidebar-widget No.known.fix Open.Redirect MEDIUM" "letterpress No.known.fix Subscriber.Deletion.via.CSRF MEDIUM" "letterpress No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "legull No.known.fix Reflected.XSS HIGH" "login-designer 1.6.2 Reflected.Cross-Site.Scripting MEDIUM" "likebtn-like-button 2.6.54 Cross-Site.Request.Forgery MEDIUM" "likebtn-like-button 2.6.45 Arbitrary.e-mail.Sending MEDIUM" "likebtn-like-button 2.6.38 Unauthorised.Vote.Export.to.Email.&.IP.Addresses.Disclosure HIGH" "likebtn-like-button 2.6.32 Unauthenticated.Full-Read.SSRF HIGH" "likebtn-like-button 2.5.4 Unauthenticated.Arbitrary.Blog.Settings.Change HIGH" "lawyer-directory 1.2.9 Subscriber+.Privilege.Escalation CRITICAL" "lawpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "lawpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "lawpress 1.4.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "latex No.known.fix Arbitrary.Settings.Update.via.CSRF.to.Stored.XSS MEDIUM" "lh-qr-codes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lastform No.known.fix Drag.&.Drop.Contact.Form.Builder.<=.1.0.5.-.Admin+.Arbitrary.System.File.Read MEDIUM" "ltl-freight-quotes-fedex-freight-edition 3.4.2 Unauthenticated.SQL.Injection HIGH" "lean-wp No.known.fix Arbitrary.Plugin.Installation.from.Dependency.via.CSRF LOW" "lean-wp No.known.fix Subscriber+.Arbitrary.Plugin.Activation MEDIUM" "lifterlms-gateway-paypal 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "ldd-directory-lite No.known.fix Reflected.Cross-Site.Scripting.via.remove_query_arg.Parameter MEDIUM" "ldd-directory-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "livemesh-table-rate-shipping 1.2 Reflected.Cross-Site.Scripting MEDIUM" "leads-crm No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "linkedin-login 1.1 Reflected.Cross-Site.Scripting MEDIUM" "library-management-system No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "library-management-system No.known.fix Authenticated.(Admin+).SQL.Injection MEDIUM" "login-rebuilder 2.8.1 Admin+.Stored.XSS LOW" "legal-plus No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "live-composer-page-builder 1.5.43 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "live-composer-page-builder 1.5.43 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "live-composer-page-builder No.known.fix Author+.Stored.XSS MEDIUM" "live-composer-page-builder 1.5.39 Missing.Authorization MEDIUM" "live-composer-page-builder 1.5.36 Cross-Site.Request.Forgery MEDIUM" "live-composer-page-builder 1.5.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "live-composer-page-builder 1.5.29 .Author+.PHP.Object.Injection MEDIUM" "live-composer-page-builder 1.5.23 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "labtools No.known.fix Subscriber+.Arbitrary.Publication.Deletion MEDIUM" "lws-hide-login 2.1.9 Protection.Mechanism.Bypass MEDIUM" "lws-hide-login 2.1.7 Plugin.Settings.Page.Creation.via.CSRF MEDIUM" "live-scores-for-sportspress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "live-scores-for-sportspress 1.9.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "live-scores-for-sportspress 1.9.1 Reflected.Cross-Site.Scripting HIGH" "live-scores-for-sportspress 1.9.1 Authenticated.Local.File.Inclusion MEDIUM" "login-with-azure 1.4.5 Reflected.Cross-Site.Scripting.via.appId HIGH" "logo-showcase 3.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lunar-sell-photos-online No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "login-as-users 1.4.4 Missing.Authorization.to.Privielge.Escalation.via.Account.Takeover HIGH" "login-as-users 1.4.3 Authentication.Bypass CRITICAL" "loginizer-security 1.9.3 Authentication.Bypass HIGH" "landing-pages-and-domain-aliases No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "light-messages No.known.fix CSRF.to.Stored.XSS HIGH" "len-slider No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "liveagent 4.4.8 Cross-Site.Request.Forgery MEDIUM" "landing-page-cat 1.7.9 Reflected.Cross-Site.Scripting MEDIUM" "landing-page-cat 1.7.8 Reflected.Cross-Site.Scripting MEDIUM" "landing-page-cat 1.7.7 Reflected.Cross-Site.Scripting MEDIUM" "landing-page-cat 1.7.5 Missing.Authorization MEDIUM" "landing-page-cat 1.7.3 Unauthenticated.Information.Exposure MEDIUM" "lgx-owl-carousel No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lana-downloads-manager 1.10.0 Admin+.Arbitrary.File.Download.via.Path.Traversal MEDIUM" "lana-downloads-manager 1.8.0 Contributor+.Arbitrary.File.Download HIGH" "language-field No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "load-more-posts No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "live-tv No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "login-with-vipps 1.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lastudio-element-kit 1.5.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Compare.and.Google.Maps.Widgets MEDIUM" "lastudio-element-kit 1.5.3 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.data-lakit-element-link.Parameter MEDIUM" "lastudio-element-kit 1.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Table.of.Contents.Widget MEDIUM" "lastudio-element-kit 1.5.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lastudio-element-kit 1.4.5 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "lastudio-element-kit 1.4.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "lastudio-element-kit 1.3.9.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lastudio-element-kit 1.3.9.2 Contributor+.Stored.XSS MEDIUM" "lastudio-element-kit 1.3.9 Authenticated.(Contributor+).Local.File.Inclusion.via.'progress_type' MEDIUM" "lastudio-element-kit 1.3.9 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "lastudio-element-kit 1.3.7.4 Missing.Authorization MEDIUM" "lastudio-element-kit 1.3.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "lastudio-element-kit 1.3.7.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.LaStudioKit.Post.Author.Widget MEDIUM" "lastudio-element-kit 1.3.7.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lastudio-element-kit 1.1.6 Missing.Authorization MEDIUM" "leads-5050-visitor-insights 1.0.4 Unauthenticated.License.Change HIGH" "leads-5050-visitor-insights 1.1.0 Unauthorised.License.Change HIGH" "localize-my-post No.known.fix Unauthenticated.Local.File.Inclusion.(LFI) HIGH" "linkmyposts No.known.fix Reflected.XSS HIGH" "limb-gallery No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Download MEDIUM" "limb-gallery No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "limb-gallery 1.5.6 Reflected.Cross-Site.Scripting MEDIUM" "limb-gallery 1.5.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "limb-gallery 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "logo-showcase-with-slick-slider 3.2.1 Reflected.Cross-Site.Scripting MEDIUM" "logo-showcase-with-slick-slider 2.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "logo-showcase-with-slick-slider 2.0.1 Arbitrary.Media.Title/Description/Alt.Text/URL.Update.via.CSRF MEDIUM" "logo-showcase-with-slick-slider 1.2.5 Subscriber+.Arbitrary.Media.Title/Description/Alt.Text/URL.Update MEDIUM" "logo-showcase-with-slick-slider 1.2.4 Author+.Stored.Cross.Site.Scripting MEDIUM" "lenxel-core No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "lenxel-core No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lenxel-core 1.2.5 Author+.Stored.XSS.via.SVG.File.Upload MEDIUM" "l-squared-hub-wp-virtual-device No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "lava-ajax-search No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "live-2d 1.9.12 Subscriber+.Arbitrary.File.Deletion HIGH" "latepoint 5.1.93 Unauthenticated.Insecure.Direct.Object.Reference MEDIUM" "latepoint 5.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "latepoint 5.0.13 Authentication.Bypass HIGH" "latepoint 5.0.12 Unauthenticated.Arbitrary.User.Password.Change.via.SQL.Injection CRITICAL" "latepoint 4.9.9.1 Missing.Authorization.and.Sensitive.Information.Exposure.via.IDOR CRITICAL" "listplus No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "league-table-lite 1.14 Tables.Cloning/Update/Deletion.via.CSRF MEDIUM" "link-juice-keeper 2.0.3 Admin+.Stored.XSS LOW" "login-form-recaptcha No.known.fix Admin+.Stored.XSS LOW" "loginizer 1.9.3 Authentication.Bypass HIGH" "loginizer 1.7.9 Reflected.XSS HIGH" "loginizer 1.7.6 Reflected.XSS HIGH" "loginizer 1.7.6 Cross-Site.Request.Forgery MEDIUM" "loginizer 1.6.4 Unauthenticated.SQL.Injection CRITICAL" "loginizer 1.4.0 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "loginizer 1.3.6 Cross-Site.Request.Forgery.(CSRF) HIGH" "loginizer 1.3.6 Blind.SQL.Injection CRITICAL" "livechat-woocommerce 2.2.17 Cross-Site.Request.Forgery MEDIUM" "ltl-freight-quotes-xpo-edition 4.3.8 Unauthenticated.SQL.Injection HIGH" "lws-cleaner 2.3.1 Cross-Site.Request.Forgery MEDIUM" "livemesh-siteorigin-widgets 3.3 Reflected.Cross-Site.Scripting MEDIUM" "livemesh-siteorigin-widgets 2.8.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "livemesh-siteorigin-widgets 2.5.2 Subscriber+.Arbitrary.Option.Update CRITICAL" "lh-copy-media-file 1.09 Reflected.Cross-Site.Scripting MEDIUM" "library-bookshelves 5.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "library-bookshelves 5.9 Reflected.Cross-Site.Scripting MEDIUM" "library-bookshelves 5.9 Reflected.Cross-Site.Scripting MEDIUM" "license-manager-for-woocommerce 3.0.10 Reflected.Cross-Site.Scripting MEDIUM" "license-manager-for-woocommerce 3.0.7 Improper.Authorization.to.Authenticated(Contributor+).Sensitive.Information.Exposure MEDIUM" "license-manager-for-woocommerce 2.2.11 Authenticated.(Administrator+).SQL.Injection HIGH" "license-manager-for-woocommerce 2.3b1 Reflected.Cross-Site.Scripting MEDIUM" "license-manager-for-woocommerce 2.2.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "learnpress 4.2.7.6 Missing.Authorization MEDIUM" "learnpress 4.2.7.5.1 Authenticated.(LP.Instructor+).Stored.Cross-Site.Scripting.via.Lesson.Name MEDIUM" "learnpress 4.2.7.2 Authenticated.(Subscriber+).Open.Redirect MEDIUM" "learnpress 4.2.7.5.1 Admin+.Stored.XSS LOW" "learnpress 4.2.7.5.1 Admin+.Stored.XSS LOW" "learnpress 4.2.7.4 Course.Material.Sensitive.Information.Exposure.via.REST.API MEDIUM" "learnpress 4.2.7.2 Admin+.Stored.XSS LOW" "learnpress 4.2.7.2 Admin+.Stored.XSS LOW" "learnpress 4.2.7.1 Unauthenticated.SQL.Injection.via.'c_fields' CRITICAL" "learnpress 4.2.7.1 Unauthenticated.SQL.Injection.via.'c_only_fields' CRITICAL" "learnpress 4.2.6.9.4 Authenticated.(Contributor+).SQL.Injection.via.order.Parameter HIGH" "learnpress 4.2.6.9 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "learnpress 4.2.6.9 Cross-Site.Request.Forgery MEDIUM" "learnpress 4.2.6.9 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "learnpress 4.2.6.8.2 Missing.Authorization.to.Unauthenticated.User.Registration.Bypass MEDIUM" "learnpress 4.2.6.8.2 Unauthenticated.Bypass.to.User.Registration MEDIUM" "learnpress 4.2.6.8.1 Basic.Information.Disclosure.via.JSON.API MEDIUM" "learnpress 4.2.6.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "learnpress 4.2.6.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.layout_html.Parameter MEDIUM" "learnpress 4.2.6.6 Unauthenticated.Time-Based.SQL.Injection CRITICAL" "learnpress 4.2.6.6 Authenticated.(Instructor+).Arbitrary.File.Upload HIGH" "learnpress 4.2.6.6 Unauthenticated.Bypass.to.User.Registration MEDIUM" "learnpress 4.2.6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "learnpress 4.2.6.4 Insecure.Direct.Object.Reference MEDIUM" "learnpress 4.2.6.4 Authenticated(LP.Instructor+).Stored.Cross-Site.Scripting MEDIUM" "learnpress 4.0.1 Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "learnpress 4.2.5.8 Unauthenticated.Command.Injection HIGH" "learnpress 4.2.5.8 Subscriber+.Arbitrary.Course.Progress.Disclosure MEDIUM" "learnpress 4.2.5.8 Unauthenticated.SQLi HIGH" "learnpress 4.2.5.5 Reflected.Cross-Site.Scripting HIGH" "learnpress 4.2.0 Unauthenticated.SQLi HIGH" "learnpress 4.2.0 Unauthenticated.LFI CRITICAL" "learnpress 4.2.0 Subscriber+.SQLi HIGH" "learnpress 4.1.7.2 Unauthenticated.PHP.Object.Injection.via.REST.API MEDIUM" "learnpress 4.1.6.7 Reflected.Cross-Site.Scripting MEDIUM" "learnpress 4.1.6 Reflected.Cross-Site.Scripting MEDIUM" "learnpress 4.1.5 Arbitrary.Image.Renaming MEDIUM" "learnpress 4.1.4 Admin+.SQL.Injection MEDIUM" "learnpress 4.1.3.2 Admin+.Stored.Cross-Site.Scripting LOW" "learnpress 4.1.3.1 Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "learnpress 3.2.7.3 CSRF.&.XSS LOW" "learnpress 3.2.6.8 Authenticated.Time.Based.Blind.SQL.Injection HIGH" "learnpress 3.2.6.9 Authenticated.Post.Creation.and.Status.Modification HIGH" "learnpress 3.2.6.9 Privilege.Escalation.to."LP.Instructor" HIGH" "learnpress 3.2.6.7 Privilege.Escalation MEDIUM" "layerslider 7.11.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.ls_search_form.Shortcode MEDIUM" "layerslider 7.10.1 7.10.0.-.Unauthenticated.SQL.Injection CRITICAL" "layerslider 7.7.10 Cross-Site.Request.Forgery MEDIUM" "layerslider 7.7.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "list-category-posts No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "list-category-posts 0.90.3 Author+.Stored.XSS LOW" "list-category-posts 0.89.7 Contributor+.Stored.XSS MEDIUM" "list-category-posts 0.89.4 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "library-instruction-recorder No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "lightweight-accordion 1.5.17 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "lightweight-accordion 1.5.15 Contributor+.Stored.XSS MEDIUM" "luckywp-table-of-contents 2.1.11 Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "luckywp-table-of-contents 2.1.7 Admin+.Stored.XSS LOW" "luckywp-table-of-contents 2.1.6 Admin+.Stored.XSS LOW" "luckywp-table-of-contents 2.1.5 Admin+.Stored.XSS MEDIUM" "luckywp-table-of-contents 2.1.6 Reflected.Cross-Site.Scripting MEDIUM" "luckywp-table-of-contents 2.1.5 Contributor+.Stored.XSS MEDIUM" "library-viewer 2.0.6.1 Contributor+.Stored.XSS MEDIUM" "lemonade-sna-pinterest-edition No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "lu-radioplayer 6.24.11.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "lu-radioplayer 6.24.11.07 Unauthenticated.Arbitrary.File.Read HIGH" "livesupporti No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "lupsonline-link-netwerk No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "litespeed-cache 7.1 Editor+.Server-Side.Request.Forgery MEDIUM" "litespeed-cache 6.5.2 Unauthenticated.Privilege.Escalation HIGH" "litespeed-cache 6.5.1 Author+.Path.Traversal MEDIUM" "litespeed-cache 6.5.1 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "litespeed-cache 6.5.1 Contributor+.Stored.XSS MEDIUM" "litespeed-cache 6.5 Authenticated.(Administrator+).Stored.Cross-Site.Scripting LOW" "litespeed-cache 6.5.0.1 Unauthenticated.Sensitive.Information.Exposure.via.Log.Files HIGH" "litespeed-cache 6.4 Unauthenticated.Privilege.Escalation HIGH" "litespeed-cache 6.3 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "litespeed-cache 5.7.0.1 Unauthenticated.CDN.Status.Update MEDIUM" "litespeed-cache 5.7.0.1 Unauthenticated.Stored.XSS HIGH" "litespeed-cache 5.7 Contributor+.Stored.XSS MEDIUM" "litespeed-cache 5.3.1 CSRF MEDIUM" "litespeed-cache 4.4.4 IP.Check.Bypass.to.Unauthenticated.Stored.XSS HIGH" "litespeed-cache 4.4.4 Admin+.Reflected.Cross-Site.Scripting LOW" "litespeed-cache 3.6.1 Authenticated.Stored.Cross-Site.Scripting LOW" "loggedin 1.3.2 Reflected.Cross-Site.Scripting MEDIUM" "loading-page 1.0.83 Admin+.Stored.Cross-Site.Scripting LOW" "luzuk-testimonials No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "live-chat-facebook-fanpage No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "lightbox-popup 2.1.6 Admin+.Stored.XSS LOW" "logo-carousel-free 3.4.2 Unauthorised.Private.Post.Access MEDIUM" "logo-carousel-free 3.4.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "lordicon-interactive-icons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "local-magic No.known.fix Unauthenticated.SQL.Injection HIGH" "local-magic No.known.fix Missing.Authorization MEDIUM" "leopard-wordpress-offload-media 3.1.2 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update CRITICAL" "leopard-wordpress-offload-media No.known.fix WordPress.offload.media.<=.2.0.36.-.Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "leopard-wordpress-offload-media No.known.fix WordPress.offload.media.<=.2.0.36.-.Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "listingpro-plugin No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "listingpro-plugin No.known.fix Authenticated.(Subscriber+).SQL.Injection CRITICAL" "listingpro-plugin No.known.fix Unauthenticated.SQL.Injection CRITICAL" "listingpro-plugin No.known.fix Authenticated.(Author+).Local.File.Inclusion HIGH" "ldap-wp-login-integration-with-active-directory 3.0.2 Reflected.Cross-Site.Scripting MEDIUM" "ldap-wp-login-integration-with-active-directory 3.0.2 Unauthenticated.Settings.Update.to.Auth.Bypass CRITICAL" "lazy-blocks 3.8.3 Reflected.XSS HIGH" "livejournal-shortcode No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "latex2html 2.6.0 Reflected.Cross-Site.Scripting MEDIUM" "latex2html 2.5.5 Reflected.Cross-Site.Scripting MEDIUM" "ltl-freight-quotes-ups-edition 3.6.5 Unauthenticated.SQL.Injection HIGH" "list-pages-at-depth No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "leadboxer 1.4 Reflected.XSS HIGH" "lingotek-translation No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "leartes-try-exchange-rates No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ltl-freight-quotes-daylight-edition 2.2.7 Unauthenticated.Stored.Cross-Site.Scripting.via.`expiry_date`.Parameter HIGH" "liveforms 4.8.5 Missing.Authorization MEDIUM" "liveforms No.known.fix Entry.Deletion.via.CSRF MEDIUM" "liveforms No.known.fix Missing.Authorization MEDIUM" "liveforms 4.8.5 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "liveforms 3.4.0 XSS MEDIUM" "liveforms 3.2.0 Visual.Form.Builder.3.0.1.-.Blind.SQL.Injection CRITICAL" "live-search-xforwc 2.1.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "loginpress 4.0.0 Arbitrary.Options.Update.via.CSRF HIGH" "loginpress 1.6.3 Unauthenticated.Settings.Update MEDIUM" "loginpress 1.5.12 Reflected.Cross-Site.Scripting MEDIUM" "loginpress 1.1.14 Unauthorized.Blind.SQL.Injection CRITICAL" "link-optimizer-lite No.known.fix Stored.Cross-Site.Scripting.via.CSRF HIGH" "listdom 4.1.0 Open.Redirect MEDIUM" "listdom 3.7.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode.Parameter MEDIUM" "lana-text-to-image 1.1.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "live-flight-radar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ltl-freight-quotes-sefl-edition 3.2.5 Unauthenticated.SQL.Injection HIGH" "lastunes No.known.fix Settings.Update.via.CSRF HIGH" "login-alert No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "limit-max-ips-per-user No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "leadin 11.1.34 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.HubSpot.Meeting.Widget MEDIUM" "leadin 8.8.15 Contributor+.Blind.SSRF MEDIUM" "loginpress-pro 3.0.0 Captcha.Bypass MEDIUM" "loginpress-pro 3.0.0 Unauthenticated.License.Activation/Deactivation MEDIUM" "libro-de-reclamaciones-y-quejas 1.0 Authenticated.(Administrator+).SQL.Injection MEDIUM" "libro-de-reclamaciones-y-quejas No.known.fix Stored.XSS.via.CSRF HIGH" "lbg-audio2-html5 No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "listings-for-buildium No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "login-recaptcha 1.7 IP.Check.Bypass LOW" "logo-carousel-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "live-news-lite 1.07 Settings.Update.via.CSRF MEDIUM" "login-redirect No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "lead-capturing-call-to-actions-by-vcita No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Contact/Widget.Toggle MEDIUM" "lead-capturing-call-to-actions-by-vcita No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lead-capturing-call-to-actions-by-vcita 2.7.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "lead-capturing-call-to-actions-by-vcita No.known.fix Settings.Update.Via.CSRF MEDIUM" "link-to-bible 2.5.10 Administrator+.Stored.XSS LOW" "local-shipping-labels-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "login-logout-register-menu No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'llrmloginlogout'.Shortcode MEDIUM" "login-logout-register-menu No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "livestream-notice 1.3.0 Admin+.Stored.XSS LOW" "list-all-posts-by-authors-nested-categories-and-titles 2.8.3 CSRF MEDIUM" "laposta-signup-basic 1.4.2 CSRF MEDIUM" "laposta-signup-basic 1.4.2 Missing.Authorization MEDIUM" "left-right-image-slideshow-gallery 12.1 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "live-weather-station 3.8.13 Mode.Switch.via.CSRF MEDIUM" "lightbox-plus 2.8 CSRF.to.XSS MEDIUM" "lime-developer-login No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ltl-freight-quotes-freightquote-edition 2.3.12 Missing.Authorization MEDIUM" "ltl-freight-quotes-freightquote-edition 2.3.12 Unauthenticated.SQL.Injection HIGH" "leaderboard-lite No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "livemesh-weight-based-shipping 1.4 Reflected.Cross-Site.Scripting MEDIUM" "login-logout-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.class.Parameter MEDIUM" "ldap-login-password-and-role-manager No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "login-with-cognito 1.4.9 Admin+.Stored.XSS LOW" "login-with-cognito 1.4.4 Reflected.Cross-Site.Scripting.via.appId HIGH" "ltl-freight-quotes-abf-freight-edition 3.3.8 Unauthenticated.SQL.Injection HIGH" "leader No.known.fix Missing.Authorization MEDIUM" "linked-variation-for-woocommerce 2.0.0 CSRF MEDIUM" "list-categories 0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "launchpad-by-obox No.known.fix Admin+.Stored.XSS LOW" "launchpad-by-obox No.known.fix CSRF MEDIUM" "ltl-freight-quotes-saia-edition 2.2.11 Unauthenticated.SQL.Injection HIGH" "lana-shortcodes 1.2.0 Contributor+.Stored.XSS MEDIUM" "linkedin-lite No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "logo-manager-for-enamad 0.7.2 Admin+.Stored.XSS.via.Widget LOW" "logo-manager-for-enamad 0.7.1 Stored.XSS.via.CSRF HIGH" "launcher No.known.fix Admin+.Stored.XSS MEDIUM" "launcher 1.0.11 Multiple.Stored.XSS MEDIUM" "latest-custom-post-type-updates No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "lazy-load-for-videos 2.18.3 Arbitrary.Settings.Update.via.CSRF MEDIUM" "list-custom-taxonomy-widget 4.2 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "layouts-for-elementor No.known.fix Cross-Site.Request.Forgery MEDIUM" "layouts-for-elementor 1.8 Missing.Authorization.to.Unauthenticated.Arbitrary.File.Upload CRITICAL" "lenix-elementor-leads-addon 1.8.3 Unauthenticated.Stored.Cross-Site.Scripting.via.URL.Form.Field HIGH" "lj-custom-menu-links No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "leadinfo 2.1 Missing.Authorization.to.Unauthenticated.Settings.Change MEDIUM" "leadinfo 1.1 Settings.Update.via.CSRF MEDIUM" "list-last-changes 1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "llama-redirect No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "lara-google-analytics 2.0.5 Authenticated.Stored.XSS HIGH" "ltl-freight-quotes-globaltranz-edition 2.3.12 Unauthenticated.SQL.Injection HIGH" "ltl-freight-quotes-globaltranz-edition 2.3.13 Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "lh-add-media-from-url 1.30 Reflected.Cross-Site.Scripting MEDIUM" "lh-add-media-from-url 1.23 Reflected.Cross-Site.Scripting MEDIUM" "logwpmail No.known.fix Email.Logs.Publicly.Accessible HIGH" "leadfox No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ltl-freight-quotes-estes-edition 3.3.8 Unauthenticated.SQL.Injection HIGH" "loginplus No.known.fix Missing.Authorization MEDIUM" "loginplus No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "launchpage-app-importer No.known.fix Unauthenticated.SQL.Injection CRITICAL" "lh-login-page No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "log-http-requests 1.3.2 Stored.Cross-Site.Scripting MEDIUM" "like-on-vkontakte No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "lh-email No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "lgpd-compliant-cookie-banner No.known.fix Cross-Site.Request.Forgery MEDIUM" "luzuk-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "linkz-ai 1.2.0 Unauthenticated.Plugin.Settings.Update MEDIUM" "linkz-ai 1.2.0 Subscriber+.Plugin.Settings.Update MEDIUM" "linker 1.2.2 Contributor+.Stored.XSS MEDIUM" "ladipage No.known.fix Missing.Authorization.via.init_endpoint MEDIUM" "ladipage No.known.fix Missing.Authorization.on.publish_lp() MEDIUM" "ladipage No.known.fix Cross-Site.Request.Forgery.via.publish_lp() MEDIUM" "ladipage No.known.fix Cross-Site.Request.Forgery.via.ladiflow_save_hook() MEDIUM" "ladipage No.known.fix Missing.Authorization.via.ladiflow_save_hook() MEDIUM" "ladipage No.known.fix Missing.Authorization.via.save_config() MEDIUM" "ladipage No.known.fix Cross-Site.Request.Forgery.via.save_config() MEDIUM" "ladipage No.known.fix Cross-Site.Request.Forgery.via.init_endpoint MEDIUM" "ladipage No.known.fix Missing.Authorization MEDIUM" "locations-and-areas 1.7.2 Reflected.Cross-Site.Scripting MEDIUM" "locations-and-areas 1.7.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "logo-slider-wp 4.6.0 Contributor+.Stored.XSS MEDIUM" "logo-slider-wp 4.5.0 Contributor+.Stored.XSS MEDIUM" "logo-slider-wp 4.5.0 Author+.Stored.XSS MEDIUM" "logo-slider-wp 4.1.0 Contributor+.Stored.XSS MEDIUM" "logo-slider-wp 4.0.0 Contributor+.Stored.XSS MEDIUM" "logo-slider-wp 3.6.0 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "login-as-customer-or-user No.known.fix Admin.Account.Takeover HIGH" "login-as-customer-or-user No.known.fix Authentication.Bypass CRITICAL" "login-as-customer-or-user 3.3 Unauthenticated.Privilege.Escalation.to.Admin CRITICAL" "login-as-customer-or-user 1.8 Arbitrary.Plugin.Installation/Activation.via.Low.Privilege.User CRITICAL" "login-as-customer-or-user 2.1 Arbitrary.Plugin.Installation/Activation.via.CSRF CRITICAL" "larsens-calender No.known.fix Stored.Cross-Site.Scripting.(XSS) HIGH" "lessbuttons No.known.fix Cross-Site.Request.Forgery MEDIUM" "local-sync 1.1.7 Missing.Authorization MEDIUM" "lpagery 1.2.6 Reflected.Cross-Site.Scripting MEDIUM" "livechat-elementor 1.0.14 Cross-Site.Request.Forgery MEDIUM" "login-block-ips No.known.fix IP.Spoofing.Bypass LOW" "login-block-ips No.known.fix Arbitrary.Setting.Update.via.CSRF MEDIUM" "logs-de-connexion No.known.fix Admin+.SQL.Injection LOW" "logs-de-connexion No.known.fix Log.Deletion.via.CSRF MEDIUM" "leadster-marketing-conversacional 1.1.3 Cross-Site.Request.Forgery.via.leadster_script_code_action MEDIUM" "leadster-marketing-conversacional 1.1.3 Settings.Update.via.CSRF MEDIUM" "learn-manager 1.1.5 Unauthenticated.Arbitrary.User.Field.Edition/Creation MEDIUM" "learn-manager 1.1.3 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "labinator-content-types-duplicator No.known.fix Cross-Site.Request.Forgery MEDIUM" "libreform 2.0.9 Unauthenticated.Arbitrary.Submissions.Listing.&.Deletion HIGH" "login-with-ajax 4.2 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "login-with-ajax 4.2 Missing.Authorization MEDIUM" "light-poll No.known.fix Poll.Answers.Deletion.via.CSRF MEDIUM" "light-poll No.known.fix Polls.Deletion.via.CSRF MEDIUM" "locateandfilter 1.6.17 Missing.Authorization MEDIUM" "locateandfilter 1.6.16 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "lodgixcom-vacation-rental-listing-management-booking-plugin No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "laybuy-gateway-for-woocommerce No.known.fix Missing.Authorization MEDIUM" "laybuy-gateway-for-woocommerce No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lucas-string-replace No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "littlebot-invoices No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "littlebot-invoices No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "linked-orders-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "linked-orders-for-woocommerce 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "lightweight-and-responsive-youtube-embed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lightweight-and-responsive-youtube-embed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "live-support-tickets 1.11.1 Unauthenticated.Information.Disclosure MEDIUM" "lazy-load-videos-and-sticky-control No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lexicata No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "lexicata No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "login-page-styler 7.1.2 Missing.Authorization.to.Authenticated.(Subsciber+).Log.Deletion.and.Session.Termination MEDIUM" "login-page-styler 7.1.2 Missing.Authorization.to.Authenticated.(Subscriber+)Privilege.Escalation HIGH" "login-page-styler 6.2.5 Admin+.Stored.XSS LOW" "likebot No.known.fix Admin+.Stored.XSS.via.CSRF LOW" "list-related-attachments-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "legalweb-cloud 1.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "likecoin 3.3.0 Authenticated.(Contributor+).Arbitrary.File.Read MEDIUM" "link-log No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "link-log No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "link-log 2.1 SQL.Injection CRITICAL" "link-log 2.0 HTTP.Response.Splitting HIGH" "lockets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "lead-form-builder 1.9.8 Admin+.Stored.XSS LOW" "lead-form-builder 1.9.2 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "lead-form-builder 1.9.8 Admin+.Stored.XSS LOW" "lead-form-builder 1.9.0 Cross-Site.Request.Forgery MEDIUM" "lead-form-builder 1.9.0 Missing.Authorization MEDIUM" "lead-form-builder 1.7.4 Multiple.Subscriber+.Settings.Update MEDIUM" "lead-form-builder 1.7.0 Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "lead-form-builder 1.6.8 Subscriber+.Arbitrary.Lead.Deletion MEDIUM" "lead-form-builder 1.6.4 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "login-widget-for-ultimate-member 1.1.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "list-children 2.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "linkpreview No.known.fix Cross-Site.Request.Forgery MEDIUM" "location-piker No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "layoutboxx No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "login-and-logout-redirect No.known.fix .Open.Redirect MEDIUM" "lh-ogp-meta-tags No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "leaflet-map 3.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "leaflet-map 3.0.0 Contributor+.Stored.XSS MEDIUM" "leaflet-map 3.0.0 Arbitrary.Settings.Update.via.CSRF.Leading.to.Stored.XSS MEDIUM" "linkify-text No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "live-stock-prices-for-wordpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "link-to-url-post No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "lifeline-donation No.known.fix Authentication.Bypass CRITICAL" "lock-your-updates No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "login-or-logout-menu-item 1.2.0 Unauthenticated.Options.Change MEDIUM" "leaflet-maps-marker 3.12.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "leaflet-maps-marker 3.12.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "leaflet-maps-marker 3.12.7 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "leaflet-maps-marker 3.12.5 Admin+.SQLi MEDIUM" "lws-affiliation 2.3.5 Missing.Authorization MEDIUM" "ldap-ad-staff-employee-directory-search 1.3 Admin.LDAP.Credentials.Retrieval LOW" "ldap-ad-staff-employee-directory-search 1.2.3 Improper.escaping.of.LDAP.entries HIGH" "liquid-speech-balloon 1.2 Settings.Update.via.CSRF MEDIUM" "language-switcher 3.8.0 Reflected.Cross-Site.Scripting MEDIUM" "leanpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "local-delivery-drivers-for-woocommerce 1.9.1 Missing.Authorization.to.Driver.Account.Takeover HIGH" "local-delivery-drivers-for-woocommerce 1.9.0 Reflected.Cross-Site.Scripting MEDIUM" "local-delivery-drivers-for-woocommerce 1.8.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ltl-freight-quotes-unishippers-edition 2.5.9 Reflected.Cross-Site.Scripting MEDIUM" "ltl-freight-quotes-unishippers-edition 2.5.9 Missing.Authorization MEDIUM" "ltl-freight-quotes-unishippers-edition 2.5.9 Unauthenticated.SQL.Injection HIGH" "like-dislike-plus-counter No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "localseomap-for-elementor No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ltl-freight-quotes-freightview-edition 1.0.12 Unauthenticated.Stored.Cross-Site.Scripting.via.`expiry_date`.Parameter HIGH" "list-pages-shortcode 1.7.6 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "ltl-freight-quotes-worldwide-express-edition 5.0.21 Missing.Authorization.to.Unauthenticated.Arbitrary.Content.Deletion MEDIUM" "ltl-freight-quotes-worldwide-express-edition 5.0.22 Reflected.Cross-Site.Scripting MEDIUM" "ltl-freight-quotes-worldwide-express-edition 5.0.21 Worldwide.Express.Edition.<.5.0.21.-.Unauthenticated.SQL.Injection HIGH" "ltl-freight-quotes-worldwide-express-edition 5.0.21 Unauthenticated.SQL.Injection HIGH" "live-chat-support-by-social-intents No.known.fix Admin+.Stored.XSS LOW" "login-customizer 2.2.3 Reflected.Cross-Site.Scripting MEDIUM" "login-customizer 2.1.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "linklaunder-seo-plugin No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "livemesh-dynamic-pricing 1.2 Reflected.Cross-Site.Scripting MEDIUM" "logaster-logo-generator No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "lite-wp-logger No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "last-viewed-posts 1.0.2 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "last-viewed-posts 1.0.1 Unauthenticated.PHP.Object.Injection CRITICAL" "linked-variation 1.0.4 Missing.Authorization MEDIUM" "legoeso-pdf-manager No.known.fix Authenticated.(Author+).SQL.Injection.via.checkedVals.Parameter MEDIUM" "lock-user-account No.known.fix User.Lock.Bypass MEDIUM" "lock-user-account 1.0.4 Arbitrary.Account.Lock/Unlock.via.CSRF MEDIUM" "lightview-plus No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "list-one-category-of-posts No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "listings-for-appfolio 1.2.1 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "link-library 7.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "link-library 7.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Link.Additional.Parameters MEDIUM" "link-library 7.7.3 Reflected.Cross-Site.Scripting MEDIUM" "link-library 7.7.2 Reflected.Cross-Site.Scripting MEDIUM" "link-library 7.6.4 Reflected.Cross-Site.Scripting MEDIUM" "link-library 7.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.link-library.Shortcode MEDIUM" "link-library 7.6.1 Reflected.Cross-Site.Scripting MEDIUM" "link-library 7.6.7 Reflected.Cross-Site.Scripting MEDIUM" "link-library 7.6.1 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "link-library 7.6 Reflected.Cross-Site.Scripting.via.'link_price'.and.'link_tags' MEDIUM" "link-library 7.6 Cross-Site.Request.Forgery.via.action_admin_init MEDIUM" "link-library 7.4.1 Admin+.Stored.XSS LOW" "link-library 7.2.8 Unauthenticated.Arbitrary.Links.Deletion MEDIUM" "link-library 7.2.8 Library.Settings.Reset.via.CSRF MEDIUM" "link-library 7.2.9 Reflected.Cross-Site.Scripting MEDIUM" "lifterlms 8.0.2 Missing.Authorization.to.Unauthenticated.Post.Trashing MEDIUM" "lifterlms 7.8.6 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Deletion MEDIUM" "lifterlms 8.0.1 Reflected.XSS HIGH" "lifterlms 7.7.6 Authenticated.(Admin+).SQL.Injection HIGH" "lifterlms 7.6.3 Authenticated.(Contributor+).SQL.Injection.via.Shortcode CRITICAL" "lifterlms 7.5.1 Cross-Site.Request.Forgery MEDIUM" "lifterlms 7.5.2 Missing.Authorization.via.process_review MEDIUM" "lifterlms 7.5.0 Authenticated(Administrator+).Directory.Traversal.to.Arbitrary.CSV.File.Deletion LOW" "lifterlms 4.21.2 Access.Other.Student.Grades/Answers.via.IDOR MEDIUM" "lifterlms 4.21.1 Reflected.Cross-Site.Scripting.(XSS).via.Coupon.Code.in.Checkout MEDIUM" "lifterlms 4.21.1 Authenticated.Stored.XSS.in.Edit.Profile HIGH" "lifterlms 3.37.15 Arbitrary.File.Writing CRITICAL" "lifterlms 3.35.1 Unauthenticated.Options.Import CRITICAL" "language-bar-flags No.known.fix CSRF.to.Stored.XSS HIGH" "leadsquared-suite No.known.fix Admin+.Stored.XSS LOW" "leadsquared-suite No.known.fix CSRF MEDIUM" "lucidlms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "login-screen-manager No.known.fix Stored.XSS.via.CSRF HIGH" "login-screen-manager No.known.fix Admin+.Stored.XSS LOW" "listamester 2.3.7 Cross-Site.Request.Forgery MEDIUM" "listamester 2.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "listamester 2.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lbg-audio3-html5 No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "lets-box 1.13.3 Reflected.Cross-Site.Scripting MEDIUM" "limit-login-attempts-reloaded 2.25.27 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "limit-login-attempts-reloaded 2.25.26 Admin+.Missing.Authorization.to.Toggle.Plugin.Auto-Update LOW" "limit-login-attempts-reloaded 2.16.0 Authenticated.Reflected.Cross-Site.Scripting HIGH" "limit-login-attempts-reloaded 2.17.4 Login.Rate.Limiting.Bypass LOW" "ltl-freight-quotes-day-ross-edition 2.1.11 Unauthenticated.Stored.Cross-Site.Scripting.via.`expiry_date`.Parameter HIGH" "lktags-linkedin-insight-tags 1.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "libsyn-podcasting No.known.fix Cross-Site.Request.Forgery MEDIUM" "libsyn-podcasting No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "libsyn-podcasting No.known.fix Reflected.XSS HIGH" "libsyn-podcasting No.known.fix Sensitive.Information.Exposure MEDIUM" "legal-pages 1.4.6 Missing.Authorization MEDIUM" "legal-pages 1.4.3 Cross-Site.Request.Forgery MEDIUM" "legal-pages 1.3.9 Cross-Site.Request.Forgery.via.moveToTrash.and.fetch_and_insert_template_data MEDIUM" "legal-pages 1.3.9 Missing.Authorization MEDIUM" "legal-pages 1.3.8 Missing.Authorization.on.'deleteLegalTemplate' MEDIUM" "limit-bio No.known.fix Reflected.XSS HIGH" "limit-bio No.known.fix Stored.XSS.via.CSRF HIGH" "linear No.known.fix Cross-Site.Request.Forgery.to.Cache.Reset MEDIUM" "linear No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "linear 2.8.1 Contributor+.Stored.XSS MEDIUM" "leira-cron-jobs 1.2.10 Reflected.Cross-Site.Scripting MEDIUM" "like-box 0.8.41 Contributor+.Stored.XSS MEDIUM" "like-box 0.8.40 Admin+.Stored.XSS LOW" "lafka-plugin No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Theme.Option.Update MEDIUM" "ldap-login-for-intranet-sites 4.2 Admin.LDAP.Passback LOW" "ldap-login-for-intranet-sites 4.1.10 Unauthenticated.Log.Disclosure MEDIUM" "ldap-login-for-intranet-sites 4.1.6 Sensitive.Information.Disclosure HIGH" "ldap-login-for-intranet-sites 4.1.5 SQL.Injection.via.CSRF LOW" "ldap-login-for-intranet-sites 4.1.1 Unauthenticated.Data.Disclosure MEDIUM" "ldap-login-for-intranet-sites 3.6.95 Reflected.Cross-Site.Scripting HIGH" "luzuk-team No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ltl-freight-quotes-purolator-freight-edition 2.2.4 Unauthenticated.SQL.Injection HIGH" "locations No.known.fix Contributor+.Stored.XSS MEDIUM" "locations 4.0 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "locations 4.0 Cross-Site.Request.Forgery HIGH" "landing-pages 2.2.5 Reflected.Cross-Site.Scripting.(XSS) HIGH" "landing-pages 1.9.2 Unauthenticated.Remote.Command.Execution MEDIUM" "list-mixcloud No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "luckywp-scripts-control 1.2.2 Missing.Authorization MEDIUM" "luckywp-scripts-control 1.2.2 CSRF.via.multiple.AJAX.actions LOW" "ledenbeheer-external-connection 2.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lw-all-in-one 1.6.5 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "lava-directory-manager No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "lava-directory-manager No.known.fix Unauthenticated.Stored.XSS HIGH" "link-list-manager No.known.fix Reflected.Cross-Site.Scripting HIGH" "ltl-freight-quotes-rl-edition 3.3.5 Unauthenticated.SQL.Injection HIGH" "layouts-importer 1.0.3 Reflected.Cross-Site.Scripting MEDIUM" "linkworth-wp-plugin 3.3.4 Arbitrary.Setting.Update.via.CSRF MEDIUM" "logo-showcase-ultimate 1.4.5 Contributor+.Local.File.Inclusion HIGH" "logo-showcase-ultimate 1.4.2 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "logo-showcase-ultimate 1.3.9 Authenticated(Contributor+).PHP.Object.Injection HIGH" "limit-login-attempts No.known.fix Subscriber+.Stored.XSS HIGH" "limit-login-attempts 1.7.2 Unauthenticated.Stored.XSS HIGH" "limit-login-attempts 1.7.1 Auth.Cookies.Brute.Force.Bypass LOW" "league-of-legends-shortcodes No.known.fix Authenticated.(Contributor+).SQL.Injection.via.Shortcode MEDIUM" "league-of-legends-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "localize-remote-images No.known.fix Settings.Update.via.CSRF MEDIUM" "laika-pedigree-tree No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "login-logger No.known.fix Cross-Site.Request.Forgery MEDIUM" "leadquizzes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "login-box No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "limit-login-attempts-plus No.known.fix IP.Address.Spoofing.to.Protection.Mechanism.Bypass MEDIUM" "live-dashboard No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "lazy-facebook-comments 2.0.5 Admin+.Stored.Cross-Site.Scripting LOW" "label-grid-tools 1.3.59 Reflected.Cross-Site.Scripting MEDIUM" "latest-tweets-widget No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "ltl-freight-quotes-odfl-edition 4.2.11 Unauthenticated.SQL.Injection HIGH" "letsrecover-woocommerce-abandoned-cart 1.2.0 Unauthenticated.SQLi HIGH" "letsrecover-woocommerce-abandoned-cart 1.2.0 Admin+.SQLi MEDIUM" "letsrecover-woocommerce-abandoned-cart 1.2.0 Admin+.SQLi MEDIUM" "livesync No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "liquid-blocks 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lock-my-bp 1.7.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "linkid No.known.fix Missing.Authorization.to.Unauthenticated.Sensitive.Information.Exposure HIGH" "login-me-now No.known.fix Authentication.Bypass HIGH" "leyka 3.31.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "leyka 3.31.7 Missing.Authorization MEDIUM" "leyka 3.31.2 Missing.Authorization MEDIUM" "leyka 3.30.7.1 Subscriber+.Sensitive.Information.Disclosure MEDIUM" "leyka 3.30.4 Admin+.Stored.XSS LOW" "leyka 3.30.3 Reflected.XSS HIGH" "leyka 3.30.2 Reflected.XSS HIGH" "leyka 3.30.3 Subscriber+.Privilege.Escalation HIGH" "leyka 3.30 Unauthenticated.Stored.XSS HIGH" "logo-scheduler-great-for-holidays-events-and-more 1.2.2 Admin+.Stored.XSS LOW" "leadcapture No.known.fix Unauthenticated.SQL.Injection HIGH" "login-with-yourmembership 1.1.4 Admin+.Stored.XSS LOW" "leenkme No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "leenkme 2.6.0 XSS.&.CSRF MEDIUM" "links-in-captions No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "language-icons-flags-switcher No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "list-posts-by-category No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "learnpress-import-export 4.0.5 Reflected.Cross-Site.Scripting MEDIUM" "learnpress-import-export 4.0.4 Reflected.Cross-Site.Scripting MEDIUM" "learnpress-import-export 4.0.4 Authenticated.(Administrator+).SQL.Injection CRITICAL" "learnpress-import-export 4.0.3 Reflected.XSS HIGH" "login-logout-menu 1.4.0 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "logo-slider No.known.fix Admin+.SQLi MEDIUM" "listapp-mobile-manager No.known.fix Missing.Authorization.to.Privilege.Escalation CRITICAL" "login-watchdog No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "loan-comparison 2.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "loan-comparison 1.5.3 Reflected.XSS.via.shortcode MEDIUM" "loan-comparison 1.5.3 Contributor+.Stored.XSS.via.shortcode MEDIUM" "lws-tools 2.4.2 Cross-Site.Request.Forgery MEDIUM" "list-urls No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "license-envato 1.1.0 Unauthenticated.Local.File.Inclusion CRITICAL" "license-envato 1.1.0 Reflected.Cross-Site.Scripting MEDIUM" "libro-de-reclamaciones No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "login-attempts-limit-wp No.known.fix IP.Address.Spoofing.to.Protection.Mechanism.Bypass MEDIUM" "login-attempts-limit-wp No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "login-lockdown 2.12 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.IP.Whitelisting MEDIUM" "login-lockdown 2.09 Subscriber+.Options.Leak MEDIUM" "login-lockdown 2.07 Admin+.SQLi MEDIUM" "login-lockdown 2.07 Administrator+.SQL.Injection HIGH" "localgrid No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "leaky-paywall 4.21.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "leaky-paywall 4.21.3 Cross-Site.Request.Forgery MEDIUM" "leaky-paywall 4.20.9 Missing.Authorization.to.Price.Manipulation MEDIUM" "leaky-paywall 4.16.7 Admin+.Stored.Cross-Site.Scripting LOW" "login-configurator No.known.fix Reflected.Cross-Site.Scripting HIGH" "login-configurator No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "login-configurator No.known.fix Reflected.XSS HIGH" "lana-email-logger 1.1.0 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "lbg-audio1-html5 No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "login-logo-editor-by-oizuled No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "lsd-google-maps-embedder No.known.fix Cross-Site.Request.Forgery.Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "link-party No.known.fix Unauthenticated.Arbitrary.Link.Deletion MEDIUM" "link-party No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "link-party No.known.fix Settings.Update.via.CSRF MEDIUM" "link-party No.known.fix Unauthenticated.Stored.XSS HIGH" "lightbox-gallery 0.9.5 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "lis-video-gallery No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "lbstopattack 1.1.3 Arbitrary.Settings.Update.via.CSRF MEDIUM" "location-click-map No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lws-optimize 2.0 Cross-Site.Request.Forgery MEDIUM" "location-weather 1.3.4 Contributor+.Stored.XSS MEDIUM" "landingi-landing-pages 3.1.2 Cross-Site.Request.Forgery MEDIUM" "locked-payment-methods-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "locked-payment-methods-for-woocommerce 1.3.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "lazyload-background-images No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Settings.Update MEDIUM" "loco-translate 2.6.10 Cross-Site.Request.Forgery MEDIUM" "loco-translate 2.6.1 Authenticated.Stored.Cross-Site.Scripting HIGH" "loco-translate 2.5.4 Authenticated.PHP.Code.Injection HIGH" "loco-translate 2.2.2 Authenticated.LFI MEDIUM" "link-whisper 0.7.9 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "link-whisper 0.7.0 Link.Whisper.Free.<.0,7,0 MEDIUM" "link-whisper 0.7.2 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "link-whisper 0.6.9 Reflected.Cross-Site.Scripting MEDIUM" "link-whisper 0.6.6 Authenticated.(Contributor+).SQL.Injection HIGH" "lws-sms No.known.fix Cross-Site.Request.Forgery MEDIUM" "leadconnector 3.0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "leadconnector 1.8 Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "link-shield No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "link-shield No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "logdash-activity-log 1.1.4 Unauthenticated.SQLi HIGH" "mark-posts 2.2.5 Missing.Authorization MEDIUM" "mark-posts 2.0.1 Admin+.Stored.Cross-Site.Scripting LOW" "my-favorite-cars No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "map-block-gutenberg 1.32 Unauthorised.Google.API.Key.change MEDIUM" "microsoft-clarity 0.9.4 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "microsoft-clarity 0.4 Admin+.Stored.Cross-Site.Scripting LOW" "mwp-forms No.known.fix Admin+.SQL.Injection HIGH" "mihdan-index-now 2.6.4 Cross-Site.Request.Forgery.via.reset_form HIGH" "metasync 1.8.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "moloni 4.8.0 Reflected.Cross-Site.Scripting MEDIUM" "magic-action-box No.known.fix Contributor+.Stored.XSS MEDIUM" "mp-restaurant-menu 2.4.5 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "mp-restaurant-menu 2.4.2 Admin+.Stored.Cross.Site.Scripting LOW" "member-hero No.known.fix Unauthenticated.RCE CRITICAL" "mshop-naver-talktalk 1.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mshop-naver-talktalk 1.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.add_plus_friends.and.add_plus_talk.Shortcodes MEDIUM" "menu-items-visibility-control No.known.fix Admin+.Arbitrary.PHP.Code.Execution MEDIUM" "mobile-browser-color-select No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "maintenance-switch No.known.fix Theme.Files.Creation/Deletion.via.CSRF MEDIUM" "maintenance-switch No.known.fix Reflected.XSS HIGH" "manage-shipyaari-shipping No.known.fix Admin+.Stored.XSS LOW" "mailcwp 1.110 Unauthenticated.Arbitrary.File.Upload CRITICAL" "media-usage No.known.fix Reflected.Cross-Site.Scripting HIGH" "marker-io 1.1.9 Cross-Site.Request.Forgery MEDIUM" "marker-io 1.1.7 Cross-Site.Request.Forgery MEDIUM" "mihdan-no-external-links 5.0.2 Admin+.Stored.Cross-Site.Scripting LOW" "missing-widgets-for-elementor 1.3.5 Reflected.Cross-Site.Scripting MEDIUM" "missing-widgets-for-elementor 1.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mega-forms 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "mega-forms 1.2.5 Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "mashsharer No.known.fix Missing.Authorization MEDIUM" "mashsharer 3.8.7 Contributor+.Stored.XSS MEDIUM" "mashsharer 3.8.5 Admin+.Stored.Cross-Site.Scripting LOW" "multi-column-tag-map 17.0.34 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.mctagmap.Shortcode MEDIUM" "multi-column-tag-map 17.0.27 Cross-Site.Request.Forgery MEDIUM" "multi-column-tag-map 17.0.25 Contributor+.Stored.XSS MEDIUM" "my-waze No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "menu-ordering-reservations 2.4.3 Reflected.Cross-Site.Scripting MEDIUM" "menu-ordering-reservations 2.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "menu-ordering-reservations 2.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "menu-ordering-reservations 2.3.7 Reflected.XSS HIGH" "menu-ordering-reservations 2.3.6 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "menu-ordering-reservations 2.3.1 Unauthorised.AJAX.Calls MEDIUM" "menu-ordering-reservations 2.3.2 Multiple.CSRF MEDIUM" "mini-loops No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "magic-fields 1.7.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "mappress-google-maps-for-wordpress 2.94.10 Admin+.Stored.XSS LOW" "mappress-google-maps-for-wordpress 2.94.9 Contributor+.Stored.XSS MEDIUM" "mappress-google-maps-for-wordpress 2.94.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Map.Block MEDIUM" "mappress-google-maps-for-wordpress 2.93 Admin+.Stored.XSS.via.Map.Settings LOW" "mappress-google-maps-for-wordpress 2.88.17 Contributor+.Stored.XSS.via.Map.Settings MEDIUM" "mappress-google-maps-for-wordpress 2.88.16 Unauthenticated.Arbitrary.Private/Draft.Post.Disclosure MEDIUM" "mappress-google-maps-for-wordpress 2.88.15 Contributor+.Stored.XSS MEDIUM" "mappress-google-maps-for-wordpress 2.88.14 Contributor+.Stored.XSS MEDIUM" "mappress-google-maps-for-wordpress 2.88.5 Contributor+.Stored.XSS MEDIUM" "mappress-google-maps-for-wordpress 2.85.5 Contributor+.SQL.Injection MEDIUM" "mappress-google-maps-for-wordpress 2.73.13 Admin+.File.Upload.to.Remote.Code.Execution MEDIUM" "mappress-google-maps-for-wordpress 2.73.4 Reflected.Cross-Site.scripting MEDIUM" "mappress-google-maps-for-wordpress 2.54.6 Improper.Capability.Checks.in.AJAX.Calls CRITICAL" "mappress-google-maps-for-wordpress 2.53.9 Authenticated.Map.Creation/Deletion.Leading.to.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "mappress-google-maps-for-wordpress 2.53.9 Remote.Code.Execution.(RCE).due.to.Incorrect.Access.Control.in.AJAX.Actions CRITICAL" "mmm-file-list No.known.fix Subscriber+.Arbitrary.Directory.Listing MEDIUM" "mmm-file-list No.known.fix Contributor+.Stored.XSS MEDIUM" "maxi-blocks 2.1.1 Contributor+.Arbitrary.Options.Update HIGH" "maxi-blocks 1.9.3 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "media-download No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "media-download 1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "medma-matix No.known.fix Unauthenticated.Arbitrary.Options.Update CRITICAL" "mshop-npay 3.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.mnp_purchase.Shortcode MEDIUM" "mailchimp-subscribe-sm 4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mailchimp-subscribe-sm 4.0.9.8 Editor+.Stored.XSS LOW" "mailchimp-subscribe-sm 4.0.9.2 Admin+.Stored.XSS LOW" "metronet-profile-picture 2.6.2 Authenticated.(Author+).Insecure.Direct.Object.Reference.to.Profile.Picture.Update MEDIUM" "metronet-profile-picture 2.6.0 Arbitrary.User.Picture.Change/Deletion.via.IDOR MEDIUM" "metronet-profile-picture 2.5.0 Sensitive.Information.Disclosure MEDIUM" "mapme No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "memeone No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "media-modal No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "map-block-leaflet 3.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.url.Parameter MEDIUM" "menubar 5.9 Cross-Site.Request.Forgery MEDIUM" "menubar 5.8 Reflected.Cross-Site.Scripting MEDIUM" "marketing-optimizer No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mailarchiver 2.11.0 Unauthenticated.Stored.XSS HIGH" "mass-email-to-users 1.1.5 Reflected.XSS HIGH" "mins-to-read No.known.fix Cross-Site.Request.Forgery..to.Stored.Cross-Site.Scripting MEDIUM" "mfplugin No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "multiple-admin-emails No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mybooktable 3.5.4 Cross-Site.Request.Forgery MEDIUM" "mybooktable 3.5.0 Stored.XSS.via.CSRF MEDIUM" "mybooktable 3.3.8 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "mybooktable 3.3.5 API.Key.Update.via.CSRF MEDIUM" "mh-board No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "mdc-youtube-downloader No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mdc-youtube-downloader No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mdc-youtube-downloader 2.1.1 Local.File.Inclusion HIGH" "munk-sites No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.Plugin.Installation MEDIUM" "media-alt-renamer No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via._wp_attachment_image_alt.postmeta MEDIUM" "meetup No.known.fix Authentication.Bypass CRITICAL" "mshop-mysite 1.1.8 Subscriber+.Settings.Update MEDIUM" "meks-video-importer 1.0.13 Missing.Authorization.to.Authenticated.(Subscriber+).API.Keys.Modification MEDIUM" "meks-video-importer No.known.fix Missing.Authorization MEDIUM" "multi-column-taxonomy-list No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mailhawk 1.3.2 Unauthenticated.Local.File.Inclusion CRITICAL" "mautic-integration-for-woocommerce 1.0.3 Arbitrary.Options.Update.via.CSRF HIGH" "melipayamak No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "mobile-address-bar-changer No.known.fix Settings.Update.via.CSRF MEDIUM" "magazine-blocks 1.3.21 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "magazine-blocks 1.3.18 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "magazine-blocks 1.3.15 Reflected.Cross-Site.Scripting MEDIUM" "magazine-blocks 1.3.7 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "morkva-ua-shipping 1.0.20 Unauthenticated.Local.File.Inclusion CRITICAL" "magic-post-thumbnail 5.2.10 Reflected.Cross-Site.Scripting MEDIUM" "magic-post-thumbnail 5.2.8 Admin+.Stored.XSS LOW" "magic-post-thumbnail 4.1.13 Reflected.Cross-Site.Scripting MEDIUM" "magic-post-thumbnail 4.1.11 Reflected.XSS HIGH" "magic-post-thumbnail 3.3.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "magic-post-thumbnail 3.3.7 Reflected.Cross-Site.Scripting.(XSS) HIGH" "manual-image-crop 1.11 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "mycryptocheckout 2.126 CSRF MEDIUM" "mycryptocheckout 2.124 Reflected.XSS HIGH" "members-import No.known.fix XSS.via.Imported.CSV MEDIUM" "myagileprivacy 2.1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.vis.Shortcode MEDIUM" "mailmunch 3.2.0 Reflected.Cross-Site.Scripting MEDIUM" "mailmunch 3.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mailmunch 3.1.3 Settings.Update.via.CSRF MEDIUM" "min-and-max-quantity-for-woocommerce 2.1.0 Missing.Authorization MEDIUM" "min-and-max-quantity-for-woocommerce 1.1.1 Reflected.Cross-Site.Scripting MEDIUM" "mailchimp-forms-by-mailmunch 3.2.4 Reflected.Cross-Site.Scripting MEDIUM" "mailchimp-forms-by-mailmunch 3.2.2 Cross-Site.Request.Forgery MEDIUM" "mailchimp-forms-by-mailmunch 3.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "mailchimp-forms-by-mailmunch 3.1.5 Arbitrary.Actions.via.CSRF MEDIUM" "memberpress 1.12.0 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "memberpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "memberpress 1.11.30 Reflected.Cross-Site.Scripting.via.mepr_screenname.and.mepr_key.Parameters MEDIUM" "memberpress 1.11.35 Missing.Authorization MEDIUM" "memberpress 1.11.30 Authenticated.(Contributor+).Blind.Server-Side.Request.Forgery.via.mepr-user-file.Shortcode HIGH" "memberpress 1.11.30 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.arglist.Parameter MEDIUM" "memberpress 1.11.27 Reflected.Cross-Site.Scripting.via.message.and.error MEDIUM" "mycred-for-elementor 1.2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "memphis-documents-library 3.1.6 Arbitrary.File.Download CRITICAL" "maan-elementor-addons No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "myticket-events No.known.fix Unauthenticated.Limited.File.Read MEDIUM" "magic-post-voice No.known.fix Reflected.Cross-Site.Scripting HIGH" "mycustomwidget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "microkids-related-posts No.known.fix Cross-Site.Request.Forgery MEDIUM" "my-idx-home-search 2.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "my-idx-home-search 2.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mimo-woocommerce-order-tracking No.known.fix Missing.Authorization.to.Limited.Settings.Update MEDIUM" "mimo-woocommerce-order-tracking No.known.fix Missing.Authorization.to.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "migrate-post No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "my-marginalia No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "microsoft-advertising-universal-event-tracking-uet 1.0.4 Admin+.Stored.Cross-Site.Scripting LOW" "miniorange-saml-20-single-sign-on 5.0.5 Missing.Authorization.to.notice.dismissal MEDIUM" "miniorange-saml-20-single-sign-on 12.1.0 Open.Redirect.in.SSO.login MEDIUM" "miniorange-saml-20-single-sign-on 16.0.8 Open.Redirect.in.SSO.login MEDIUM" "miniorange-saml-20-single-sign-on 20.0.7 Open.Redirect.in.SSO.login MEDIUM" "miniorange-saml-20-single-sign-on 4.8.84 Cross-Site.Scripting.(XSS).via.Crafted.SAML.XML.Response MEDIUM" "miniorange-saml-20-single-sign-on 4.8.73 Cross-Site.Scripting.(XSS) MEDIUM" "mage-forms No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "meow-gallery 5.2.8 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "meow-gallery 5.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "meow-gallery 4.2.0 Unauthorised.Arbitrary.Options.Update.via.REST.API HIGH" "meow-gallery 4.1.9 Contributor+.SQL.Injection HIGH" "my-quota No.known.fix Reflected.XSS HIGH" "masterstudy-lms-learning-management-system-pro 4.7.1 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "modal-portfolio No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "multiple-image-uploads-with-preview-for-wpforms No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mobile-app-editor 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "mobile-app-editor 1.1.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mobile-app 3.8.3 Missing.Authorization MEDIUM" "melapress-login-security 2.1.1 Authenticated.(Administrator+).PHP.Object.Injection HIGH" "melapress-login-security 2.1.1 Missing.Authorization.to.Unauthenticated.Arbitrary.User.Deletion MEDIUM" "melapress-login-security 1.3.1 Authenticated.(Admin+).Remote.File.Inclusion MEDIUM" "mail-subscribe-list 2.1.10 Contributor+.Stored.XSS MEDIUM" "mail-subscribe-list 2.1.4 Arbitrary.Subscribed.User.Deletion.via.CSRF MEDIUM" "mail-subscribe-list 2.1 Stored.XSS MEDIUM" "movies No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "multi-purpose-mail-form No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "multi-purpose-mail-form No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "master-blocks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "master-blocks No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "multipurpose-block 1.7.6 Reflected.Cross-Site.Scripting MEDIUM" "multipurpose-block 1.7.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "marketing-performance No.known.fix Reflected.XSS HIGH" "multicarousel No.known.fix Unauthenticated.SQL.Injection HIGH" "miniorange-otp-verification 4.2.2 Missing.Authorization.via.dismiss_notice MEDIUM" "mantenimiento-web 0.14 Stored.XSS.via.CSRF MEDIUM" "mantenimiento-web 0.14 Admin+.Stored.XSS LOW" "mystickyelements 2.1.4 Unauthenticated.Unauthorised.Action MEDIUM" "mystickyelements 2.1.2 Admin+.Stored.Cross-Site.Scripting LOW" "mystickyelements 2.0.9 Admin+.SQLi MEDIUM" "mystickyelements 2.0.4 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "mdr-webmaster-tools No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "monkee-boy-wp-essentials No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "my-contador-wp 2.1 Missing.Authorization.to.Unauthenticated.User.Registration.CSV.Export MEDIUM" "meta-box 5.9.11 Missing.Authorization.to.Information.Exposure MEDIUM" "meta-box 5.9.4 Contributor+.Arbitrary.Posts'.Custom.Field.Disclosure LOW" "meta-box 5.9.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "meta-box 4.16.3 Unauthorised.File.Deletion MEDIUM" "meta-box 4.16.2 Mishandled.Uploaded.Files HIGH" "mind3dom-ryebread-widgets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "macro-admin-email-data-optin-calculator No.known.fix Unauthenticated.Information.Disclosure MEDIUM" "mb-custom-post-type 2.7.7 Admin+.Stored.XSS LOW" "master-bar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "makestories-helper 3.0.4 Authenticated.(Subscriber+).Arbitrary.File.Download.and.Server-Side.Request.Forgery MEDIUM" "makestories-helper 3.0.3 Settings.Update.via.CSRF MEDIUM" "mighty-addons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "miniorange-2-factor-authentication 5.6.6 Missing.Authorization.to.Plugin.Settings.Change HIGH" "miniorange-2-factor-authentication 5.6.2 Subscriber+.Settings.Update MEDIUM" "miniorange-2-factor-authentication 5.5.75 Reflected.Cross-Site.Scripting MEDIUM" "miniorange-2-factor-authentication 5.5.6 Admin+.Stored.Cross-Site.Scripting LOW" "miniorange-2-factor-authentication 5.5 Unauthenticated.Arbitrary.Options.Deletion CRITICAL" "miniorange-2-factor-authentication 5.4.40 Reflected.Cross-Site.Scripting HIGH" "mas-static-content 1.0.9 Authenticated.(Contributor+).Private.Static.Content.Page.Disclosure MEDIUM" "mapsvg-lite-interactive-vector-maps 8.6.10 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "mapsvg-lite-interactive-vector-maps 8.6.5 Contributor+.Arbitrary.File.Upload HIGH" "mapsvg-lite-interactive-vector-maps 8.6.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mapsvg-lite-interactive-vector-maps 8.6.5 Missing.Authorization MEDIUM" "mapsvg-lite-interactive-vector-maps 3.3.0 Cross-Site.Request.Forgery.(CSRF) HIGH" "monetag-official No.known.fix Missing.Authorization MEDIUM" "mainwp-maintenance-extension 4.1.2 Subscriber+.SQL.Injection.(SQLi) HIGH" "mediavine-control-panel 2.10.7 Unauthenticated.Information.Exposure MEDIUM" "mediavine-control-panel 2.10.5 Contributor+.Stored.XSS MEDIUM" "mww-disclaimer-buttons 3.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "momoyoga-integration 2.8.0 Contributor+.Stored.XSS MEDIUM" "mwb-point-of-sale-pos-for-woocommerce 1.0.1 CSRF.Bypass./.Unauthorised.AJAX.Call MEDIUM" "menukaart 1.4 Reflected.Cross-Site.Scripting MEDIUM" "migrate-shopify-to-woocommerce No.known.fix Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "mobile-login-woocommerce 2.3 Unauthenticated.Privilege.Escalation HIGH" "master-slider 3.10.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.masterslider_pb.and.ms_slide.Shortcodes MEDIUM" "master-slider No.known.fix Missing.Authorization MEDIUM" "master-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.ms_layer.Shortcode MEDIUM" "master-slider 3.10.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.ms_slider.Shortcode MEDIUM" "master-slider 3.10.5 Editor+.Stored.XSS LOW" "master-slider 3.10.0 CSRF.to.slider.deletion MEDIUM" "master-slider 3.10.5 Reflected.Cross-Site.Scripting HIGH" "master-slider 3.10.0 Contributor+.Stored.XSS.via.ms_layer.Shortcode MEDIUM" "master-slider 3.9.10 Responsive.Touch.Slider.<.3.9.10.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "master-slider 3.9.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "master-slider 3.9.7 Unauthenticated.PHP.Object.Injection CRITICAL" "master-slider 3.9.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "master-slider 3.9.10 Editor+.Stored.XSS.via.slider.callback LOW" "master-slider 3.10.0 Sliders.Deletion.via.CSRF MEDIUM" "master-slider 3.10.0 Contributor+.Stored.XSS MEDIUM" "master-slider 3.7.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "master-slider 2.8.0 Reflected.Cross-Site.Scripting.(XSS) HIGH" "master-slider 2.5.2 Authenticated.Blind.SQL.Injection CRITICAL" "my-shortcodes No.known.fix Missing.Authorization.via.Multiple.AJAX.Actions MEDIUM" "mailchimp-for-wp 4.9.17 Authenticated.(Administrator+).Stored.Cross-Site.Scripting LOW" "mailchimp-for-wp 4.9.17 4.9.16.-.Reflected.Cross-Site.Scripting HIGH" "mailchimp-for-wp 4.9.10 Unauthenticated.Unpublished.Form.Preview MEDIUM" "mailchimp-for-wp 4.8.7 Admin+.Stored.Cross-Site.Scripting LOW" "mailchimp-for-wp 4.8.7 Admin+.Stored.Cross-Site.Scripting LOW" "mailchimp-for-wp 4.8.5 Authenticated.Arbitrary.Redirect MEDIUM" "mailchimp-for-wp 4.8.5 Unauthorised.Actions.via.CSRF MEDIUM" "mailchimp-for-wp 4.1.7 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "mailchimp-for-wp 4.1.8 XSS MEDIUM" "marketking-multivendor-marketplace-for-woocommerce 2.0.0 Authenticated.(Shop.Manager+).Stored.Cross-Site.Scripting MEDIUM" "marketking-multivendor-marketplace-for-woocommerce 2.0.25 Missing.Authorization MEDIUM" "music-request-manager No.known.fix Unauthenticated.Stored.XSS MEDIUM" "music-request-manager No.known.fix Stored.XSS.via.CSRF HIGH" "music-request-manager No.known.fix Reflected.XSS MEDIUM" "meks-smart-author-widget 1.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "modify-comment-fields 1.04 Reflected.Cross-Site.Scripting MEDIUM" "minterpress No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Content.Deletion HIGH" "minterpress No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "music-store 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "music-store 1.1.14 WordPress.eCommerce.<.1.1.14.-.Authenticated.(Admin+).SQL.Injection CRITICAL" "music-store 1.0.43 Cross-Site.Scripting.(XSS) MEDIUM" "ms-reviews No.known.fix Subscriber+.Stored.XSS HIGH" "meta-slider-and-carousel-with-lightbox 2.0.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "most-and-least-read-posts-widget 2.5.21 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "most-and-least-read-posts-widget 2.5.19 Cross-Site.Request.Forgery.via.most_and_least_read_posts_options MEDIUM" "most-and-least-read-posts-widget 2.5.17 Authenticated(Contributor+).SQL.Injection.via.Widget.settings HIGH" "mapifylite 4.0.0 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "marquee-style-rss-news-ticker No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "magic-login-api No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "media-library-helper 1.3.0 Cross-Site.Request.Forgery MEDIUM" "mobile-events-manager 1.4.8 Admin+.CSV.Injection LOW" "mobile-events-manager 1.4.4 Admin+.Stored.Cross-Site.Scripting LOW" "mollie-payments-for-woocommerce 7.8.0 .Unauthenticated.Full.Path.Disclosure MEDIUM" "mollie-payments-for-woocommerce 7.3.12 Authenticated.(Shop.Manager+).Arbitrary.File.Upload HIGH" "mobile-friendly-app-builder-by-easytouch No.known.fix Unauthenticated.File.Upload CRITICAL" "media-downloader 0.4.7.6 Reflected.Cross-Site.Scripting MEDIUM" "media-downloader 0.4.7.5 Reflected.Cross-Site.Scripting MEDIUM" "milat-jquery-automatic-popup No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-site.Scripting MEDIUM" "mw-wp-form 5.1.0 Editor+.Stored.XSS MEDIUM" "mw-wp-form 5.0.4 Improper.Limitation.of.File.Name.to.Unauthenticated.Arbitrary.File.Deletion HIGH" "mw-wp-form 5.0.2 Unauthenticated.Arbitrary.File.Upload HIGH" "mw-wp-form 5.0.0 Missing.Authorization MEDIUM" "mw-wp-form 4.4.3 Unauthenticated.Path.Traversal MEDIUM" "mapplic 6.2.1 SSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "movie-database No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "mpl-publisher 2.18.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mpl-publisher 1.30.4 Self-publish.your.book.&.ebook.<.1.30.4.-.Admin+.Stored.Cross-Site.Scripting LOW" "mpl-publisher 1.29.2 Reflected.Cross-Site.Scripting.via.PHPRelativePath.Library HIGH" "music-player-for-woocommerce 1.6.0 Missing.Authorization MEDIUM" "multicons 3.0 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "multisite-post-duplicator 1.1.3 Cross-Site.Request.Forgery.(CSRF) HIGH" "masterstudy-elementor-widgets 1.2.3 Missing.Authorization MEDIUM" "mobile-bottom-menu-for-wp 1.4.1 Missing.Authorization MEDIUM" "motopress-hotel-booking-lite 4.11.2 Unauthenticated.PHP.Object.Injection CRITICAL" "motopress-hotel-booking-lite 4.8.5 Unauthenticated.Arbitrary.File.Download.&.Deletion CRITICAL" "motopress-hotel-booking-lite 4.7.0 Settings.Update.via.CSRF MEDIUM" "mancx-askme-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "make-builder 1.1.11 Authenticated.(Subscriber+).Server-Side.Request.Forgery.via.make_builder_ajax_subscribe.Function MEDIUM" "mega-addons-for-visual-composer 4.3.0 Contributor+.Stored.XSS MEDIUM" "mega-addons-for-visual-composer No.known.fix Subscriber+.Settings.Update MEDIUM" "mega-addons-for-visual-composer No.known.fix Settings.Update.via.CSRF MEDIUM" "mailpoet 5.5.2 Admin+.Stored.XSS LOW" "mailpoet 5.3.2 Admin+.Stored.XSS LOW" "mailpoet 3.23.2 Reflected.Cross-Site.Scripting.Issue HIGH" "multi-video-box No.known.fix Reflected.Cross-Site.Scripting.via.video_id.and.group_id.Parameters MEDIUM" "mapifylite-master 4.0.0 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "meta-accelerator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "m-wp-popup No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "m-wp-popup 1.3.1 Unauthenticated.Denial.of.Service HIGH" "mobile-app-for-woocommerce No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "machic-core No.known.fix Reflected.Cross-Site.Scripting HIGH" "mtphr-widgets No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "modal-dialog 3.5.15 Reflected.XSS HIGH" "modal-dialog 3.5.10 Admin+.Stored.XSS LOW" "material-design-for-contact-form-7 No.known.fix Subscriber+.Arbitrary.Settings.Update.leading.to.DoS MEDIUM" "material-design-for-contact-form-7 No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mayosis-core 5.4.2 Unauthenticated.Arbitrary.File.Read HIGH" "matrix-pre-loader No.known.fix Cross-Site.Request.Forgery MEDIUM" "momo-venmo 4.2 Reflected.Cross-Site.Scripting MEDIUM" "mas-wp-job-manager-company 1.0.14 Reflected.Cross-Site.Scripting MEDIUM" "maxslider 1.2.4 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "mycss No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "master-popups-lite No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "mrlegend-typedjs No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.typespeed.Parameter MEDIUM" "multimanager-wp 1.1.0 Authentication.Bypass.via.User.Impersonation CRITICAL" "membership-for-woocommerce 2.8.2 Missing.Authorization MEDIUM" "membership-for-woocommerce 2.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "membership-for-woocommerce 2.1.7 Unauthenticated.Arbitrary.File.Upload CRITICAL" "mailoptin 1.2.70.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mailoptin 1.2.54.1 Admin+.Stored.XSS LOW" "mailoptin 1.2.50.0 Unauthenticated.Campaign.Cache.Deletion MEDIUM" "mailoptin 1.2.35.2 Unauthorised.AJAX.Call MEDIUM" "medical-addon-for-elementor 1.6.3 Insecure.Direct.Object.Reference.to.Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Shortcode MEDIUM" "medical-addon-for-elementor No.known.fix Contributor+.Stored.XSS MEDIUM" "master-addons 2.0.7.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "master-addons 2.0.7.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "master-addons 2.0.6.8 Free.Widgets,.Hover.Effects,.Toggle,.Conditions,.Animations.for.Elementor.<.2.0.6.8.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Tooltip.Module MEDIUM" "master-addons No.known.fix Author+.Stored.XSS MEDIUM" "master-addons 2.0.6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.data-jltma-wrapper-link.Element MEDIUM" "master-addons 2.0.6.3 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "master-addons 2.0.6.2 Missing.Authorization.to.MA.Template.Creation.or.Modification MEDIUM" "master-addons 2.0.6.2 Missing.Authorization.to.Unauthenticated.Stored.Cross-Site.Scripting.via.Navigation.Menu.Widget HIGH" "master-addons 2.0.5.6 Missing.Authorization.via.get_jltma_save_menuitem_settings() MEDIUM" "master-addons 2.0.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "master-addons 2.0.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "master-addons 2.0.6.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "master-addons 2.0.5.6 Missing.Authorization.on.Duplicate.Post MEDIUM" "master-addons 2.0.5.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Pricing.Table.Widget MEDIUM" "master-addons 2.0.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "master-addons 2.0.4 Contributor+.Stored.XSS MEDIUM" "master-addons 2.0.3 Reflected.Cross-Site.Scripting MEDIUM" "master-addons 1.8.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "master-addons 1.8.2 Reflected.Cross-Site.Scripting MEDIUM" "menu-shortcode No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "mobile-app-builder-by-wappress No.known.fix Unauthenticated.File.Upload CRITICAL" "mwp-skype 4.0.4 Button.Deletion.via.CSRF MEDIUM" "mwp-skype 4.0.2 Reflected.XSS MEDIUM" "mailchimp-for-woocommerce 2.7.2 Admin+.SSRF LOW" "mailchimp-for-woocommerce 2.7.1 Subscriber+.SSRF MEDIUM" "moka-get-posts No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "more-from-google No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "metadata-seo No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mobile-banner 1.6 CSRF MEDIUM" "my-wp-health-check No.known.fix Cross-Site.Request.Forgery MEDIUM" "marekkis-watermark No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "masterslider No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "masterslider No.known.fix Authenticated.(Editor+).SQL.Injection HIGH" "masterslider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "moose-elementor-kit 1.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "moose-elementor-kit 1.1.0 Reflected.Cross-Site.Scripting MEDIUM" "mapfig-premium-leaflet-map-maker No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "maz-loader 1.4.1 Arbitrary.Loader.Deletion.via.CSRF MEDIUM" "maz-loader 1.3.3 Contributor+.SQL.Injection HIGH" "more-link-modifier No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mywebtonet-performancestats No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "mdc-comment-toolbar No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mobile-smart No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "multiple-post-passwords 1.1.2 Admin+.Stored.XSS LOW" "mailchimp-wp 2.5.8 Reflected.Cross-Site.Scripting MEDIUM" "mailchimp-wp 2.5.8 Authenticated.(Editor+).Stored.Cross-Site.Scripting.via.Form.Color.Parameters MEDIUM" "mailchimp-wp 2.5.5 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "multisite-robotstxt-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "multisite-robotstxt-manager No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "melascrivi No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mightyforms 1.3.10 Missing.Authorization MEDIUM" "mightyforms 1.3.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "magical-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "media-library-downloader 1.3.2 Missing.Authorization MEDIUM" "mojoplug-slide-panel No.known.fix Admin+.Stored.XSS LOW" "my-reading-library No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "mimetic-books No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "media-cleaner 6.7.3 Unauthenticated.Information.Exposure MEDIUM" "mx-time-zone-clocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mx-time-zone-clocks 3.4.1 Contributor+.Cross-Site.Scripting MEDIUM" "mjm-clinic 1.1.23 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "mjm-clinic 1.1.23 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "memberpress-downloads 1.2.6 Subscriber+.Arbitrary.File.Upload CRITICAL" "mj-update-history No.known.fix Missing.Authorization MEDIUM" "mj-update-history No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "modal-popup-box 1.5.3 Authenticated.(Contributor+).PHP.Object.Injection.in.awl_modal_popup_box_shortcode HIGH" "mergado-marketing-pack No.known.fix Stored.XSS.via.CSRF HIGH" "my-related-posts No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "multiple-pages-generator-by-porthas 4.0.6 Authenticated.(Editor+).Server-Side.Request.Forgery.via.fileUrl MEDIUM" "multiple-pages-generator-by-porthas 4.0.3 Authenticated.(Editor+).Directory.Traversal.to.Limited.File.Deletion LOW" "multiple-pages-generator-by-porthas 4.0.2 Missing.Authorization MEDIUM" "multiple-pages-generator-by-porthas 3.4.8 Authenticated.(Contributor+).SQL.Injection MEDIUM" "multiple-pages-generator-by-porthas 3.4.1 Cross-Site.Request.Forgery MEDIUM" "multiple-pages-generator-by-porthas 3.4.1 Missing.Authorization.via.mpg_get_log_by_project_id MEDIUM" "multiple-pages-generator-by-porthas 3.4.1 Authenticated.(Editor+).Remote.Code.Execution HIGH" "multiple-pages-generator-by-porthas 3.0.0 Reflected.Cross-Site.Scripting MEDIUM" "multiple-pages-generator-by-porthas 3.3.20 SQL.Injection MEDIUM" "multiple-pages-generator-by-porthas 3.3.18 Admin+.SQLi MEDIUM" "multiple-pages-generator-by-porthas 3.3.18 SQLi.via.CSRF LOW" "multiple-pages-generator-by-porthas 3.3.10 MPG.<.3.3.10.-.Multiple.CSRF MEDIUM" "multilist-subscribe-for-sendy No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "multilist-subscribe-for-sendy No.known.fix Subscriber+.Arbitrary.Options.Update HIGH" "multilist-subscribe-for-sendy No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "multilist-subscribe-for-sendy No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "misiek-photo-album No.known.fix Album.Deletion.via.CSRF MEDIUM" "misiek-photo-album No.known.fix Stored.XSS.via.CSRF HIGH" "make-email-customizer-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting HIGH" "mobile-contact-bar 3.0.5 Admin+.Stored.XSS LOW" "metform 3.9.3 Admin+.SSRF MEDIUM" "metform 3.3.0 Unauthenticated.Double-Extension.Arbitrary.File.Upload HIGH" "metform 3.8.9 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "metform 3.8.4 Missing.Authorization.to.Notice.Dismissal MEDIUM" "metform 3.8.6 Contributor+.Stored.XSS MEDIUM" "metform 3.8.4 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "metform 3.8.2 Cross-Site.Request.Forgery MEDIUM" "metform 3.3.2 Authenticated.(Subscriber+).Information.Disclosure.via.'mf_first_name'.shortcode MEDIUM" "metform 3.3.3 Cross-Site.Request.Forgery MEDIUM" "metform 3.3.1 Multiple.Contributor+.Stored.XSS.via.Shortcode MEDIUM" "metform 3.3.1 Unauthenticated.CSV.Injection HIGH" "metform 3.3.2 Multiple.Subscriber+.Sensitive.Information.Disclosure.Issues MEDIUM" "metform 3.3.2 Unauthenticated.Permalink.Structure.Update MEDIUM" "metform 3.2.2 reCaptcha.Bypass MEDIUM" "metform 3.2.0 Unauthenticated.Stored.XSS HIGH" "metform 2.1.4 Unauthenticated.API.keys.and.Secrets.Disclosure HIGH" "mts-url-shortener No.known.fix Admin+.Stored.XSS LOW" "mts-url-shortener No.known.fix Reflected.XSS HIGH" "my-chatbot No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "my-chatbot No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "mobile-blocks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mobile-blocks 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "marketing-and-seo-booster No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "modern-events-calendar-lite 7.22 Information.Exposure MEDIUM" "modern-events-calendar-lite 7.13.0 Subscriber+.Server.Side.Request.Forgery HIGH" "modern-events-calendar-lite 7.12.0 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "modern-events-calendar-lite 7.1.0 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "modern-events-calendar-lite 6.5.2 Admin+.Stored.XSS LOW" "modern-events-calendar-lite 6.3.0 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "modern-events-calendar-lite 6.5.2 Admin+.Stored.Cross-Site.Scripting LOW" "modern-events-calendar-lite 6.4.7 Reflected.Cross-Site.Scripting MEDIUM" "modern-events-calendar-lite 6.4.0 Contributor+.Stored.Cross.Site.Scripting MEDIUM" "modern-events-calendar-lite 6.2.0 Subscriber+.Category.Add.Leading.to.Stored.XSS MEDIUM" "modern-events-calendar-lite 6.1.5 Reflected.Cross-Site.Scripting HIGH" "modern-events-calendar-lite 6.1.5 Unauthenticated.Blind.SQL.Injection HIGH" "modern-events-calendar-lite 5.22.3 Authenticated.Stored.Cross.Site.Scripting LOW" "modern-events-calendar-lite 5.22.2 Admin+.Stored.Cross-Site.Scripting LOW" "modern-events-calendar-lite 5.16.5 Unauthenticated.Events.Export MEDIUM" "modern-events-calendar-lite 5.16.6 Authenticated.SQL.Injection CRITICAL" "modern-events-calendar-lite 5.16.5 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "modern-events-calendar-lite 5.16.5 Authenticated.Arbitrary.File.Upload.leading.to.RCE CRITICAL" "modern-events-calendar-lite 5.1.7 Multiple.Subscriber+.Stored.XSS MEDIUM" "mailup-auto-subscribtion 1.2.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "marketing-automation 1.2.6.9 Reflected.Cross-Site.Scripting MEDIUM" "multimedia-carousel No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "mapplic-lite No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "mapplic-lite 1.0.1 SSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "mobile-dj-manager 1.7.5.3 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "mobile-dj-manager 1.7.6 Reflected.Cross-Site.Scripting MEDIUM" "multiple-roles 1.3.2 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "multiple-roles 1.3.2 Cross-Site.Request.Forgery MEDIUM" "maxgalleria 6.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.maxgallery_thumb.Shortcode MEDIUM" "maxgalleria 6.4.3 Missing.Authorization MEDIUM" "maxgalleria 6.2.7 Author+.Stored.Cross-Site.Scripting MEDIUM" "mendeleyplugin No.known.fix Admin+.Stored.XSS LOW" "mpoperationlogs No.known.fix Unauthenticated.Stored.XSS HIGH" "mipl-wc-multisite-sync 1.1.6 Unauthenticated.Arbitrary.File.Download HIGH" "mail-integration-365 1.9.1 Reflected.XSS HIGH" "my-custom-css No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "multi-rating No.known.fix Unauthenticated.Ratings.Update MEDIUM" "multi-rating No.known.fix Admin+.Stored.XSS LOW" "multi-rating 5.0.6 Reflected.XSS HIGH" "multi-rating 5.0.6 Ratings.Deletion.via.CSRF MEDIUM" "multiparcels-shipping-for-woocommerce 1.16.9 Cross-Site.Request.Forgery MEDIUM" "multiparcels-shipping-for-woocommerce 1.15.2 Arbitrary.Shipment.Deletion.via.CSRF MEDIUM" "multiparcels-shipping-for-woocommerce 1.15.4 Reflected.XSS HIGH" "multiparcels-shipping-for-woocommerce 1.14.14 Subscriber+.Arbitrary.Shipment.Deletion MEDIUM" "multiparcels-shipping-for-woocommerce 1.15.4 Reflected.XSS HIGH" "multiparcels-shipping-for-woocommerce 1.14.15 Subscriber+.SQLi HIGH" "mail-mint 1.17.8 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "minimum-purchase-for-woocommerce No.known.fix Contributor+.Stored.XSS MEDIUM" "molie-instructure-canvas-linking-tool No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "molie-instructure-canvas-linking-tool No.known.fix Authenticated.SQL.Injection HIGH" "miniorange-login-with-eve-online-google-facebook 6.26.4 Authentication.Bypass HIGH" "miniorange-login-with-eve-online-google-facebook 6.23.4 Improper.Authentication HIGH" "miniorange-login-with-eve-online-google-facebook 6.24.2 SSO.(OAuth.Client).Free.<.6.24.2.-.IdP.Deletion.via.CSRF MEDIUM" "miniorange-login-with-eve-online-google-facebook 6.24.2 SSO.(OAuth.Client).<.6.24.2.-.IdP.Discard.via.CSRF MEDIUM" "miniorange-login-with-eve-online-google-facebook 6.22.6 Authentication.Bypass CRITICAL" "miniorange-login-with-eve-online-google-facebook 6.20.3 Reflected.Cross-Site.Scripting.via.appId HIGH" "miniorange-google-authenticator 1.0.5 CSRF.to.Stored.Cross-Site.Scripting MEDIUM" "miniorange-google-authenticator 1.0.8 Admin+.Stored.Cross-Site.Scripting LOW" "media-file-renamer 5.7.8 Admin+.Remote.Code.Execution MEDIUM" "media-file-renamer 5.7.0 Sensitive.Information.Exposure.via.Log.File MEDIUM" "media-file-renamer 5.2.7 Auto.&.Manual.Rename.<.5.2.7.-.Media.Title/Filename/Locking.State.Update.via.CSRF MEDIUM" "market-360-viewer No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "mindbody-access-management 2.0.9 Unauthorised.AJAX.call MEDIUM" "my-tickets 2.0.17 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "my-tickets 2.0.10 Missing.Authorization MEDIUM" "my-tickets 1.9.11 Bulk.Emailing.via.CSRF MEDIUM" "my-tickets 1.8.31 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "members 3.2.11 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "magical-posts-display 1.2.39 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "multiple-shipping-address-woocommerce 2.0 Unauthenticated.SQLi HIGH" "miniorange-wp-as-saml-idp 1.15.7 Authenticated.(Administrator+).SQL.Injection HIGH" "miniorange-wp-as-saml-idp 1.13.4 Admin+.Stored.Cross-Site.Scripting LOW" "mrkwp-footer-for-divi No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mrkwp-footer-for-divi No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "meks-smart-social-widget No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "meks-smart-social-widget 1.6.4 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "ms-registration No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "ms-registration No.known.fix Missing.Authorization MEDIUM" "marketing-automation-by-azexo No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "marketing-automation-by-azexo No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "mass-custom-fields-manager No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "media-tags No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "multimedial-images No.known.fix Admin+.SQLi MEDIUM" "media-slider 1.4.0 Missing.Authorization MEDIUM" "mailtree-log-mail 1.0.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "meeting-scheduler-by-vcita No.known.fix Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "meeting-scheduler-by-vcita 4.5.2 Cross-Site.Request.Forgery MEDIUM" "meeting-scheduler-by-vcita 4.5.2 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "meeting-scheduler-by-vcita 4.5 Reflected.Cross-Site.Scripting MEDIUM" "meeting-scheduler-by-vcita 4.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "meeting-scheduler-by-vcita 4.4.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "meeting-scheduler-by-vcita 4.4.3 Reflected.Cross-Site.Scripting MEDIUM" "meeting-scheduler-by-vcita 4.4.3 Missing.Authorization.to.Unauthenticated.Stored.Cross-Site.Scripting HIGH" "meeting-scheduler-by-vcita 4.4.3 Reflected.Cross-Site.Scripting MEDIUM" "meeting-scheduler-by-vcita 4.3.3 Reflected.XSS HIGH" "meeting-scheduler-by-vcita 4.3.1 Unauthenticated.Stored.Cross-Site.Scripting CRITICAL" "meeting-scheduler-by-vcita 4.3.0 Subscriber+.Denial.of.Service.by.account.logout MEDIUM" "meeting-scheduler-by-vcita 4.5 Subscriber+.Settings.Update.&.Stored.XSS MEDIUM" "meeting-scheduler-by-vcita 4.4.3 Unauthenticated.Stored.XSS CRITICAL" "meeting-scheduler-by-vcita 4.5.2 Denial.of.Service.via.CSRF MEDIUM" "mini-twitter-feed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mytube No.known.fix Reflected.Cross-Site.Scripting.via.addplaylistid MEDIUM" "meks-easy-instagram-widget 1.2.4 Subscriber+.Settings.Update.to.Stored.XSS MEDIUM" "media-element-html5-video-and-audio-player No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "mas-addons-for-elementor 1.1.8 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG MEDIUM" "mas-addons-for-elementor 1.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "myorderdesk 3.3.0 Contributor+.Stored.XSS MEDIUM" "mf-gig-calendar No.known.fix Cross-Site.Request.Forgery MEDIUM" "mf-gig-calendar No.known.fix Arbitrary.Event.Deletion.via.CSRF MEDIUM" "mf-gig-calendar No.known.fix Editor+.Stored.XSS LOW" "mf-gig-calendar No.known.fix Authenticated(Contributor+).SQL.Injection HIGH" "mf-gig-calendar 1.2.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "mf-gig-calendar 1.2 Reflected.Cross-Site.Scripting.(XSS) HIGH" "mapster-wp-maps 1.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mapster-wp-maps 1.6.0 Incorrect.Authorization.to.Authenticated.(Contributor+).Arbitrary.Options.Update HIGH" "mapster-wp-maps 1.2.39 Contributor+.Stored.XSS MEDIUM" "mapster-wp-maps 1.2.36 Reflected.Cross-Site.Scripting MEDIUM" "media-net-ads-manager No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "mail-masta No.known.fix Multiple.SQL.Injection CRITICAL" "mail-masta No.known.fix Unauthenticated.Local.File.Inclusion.(LFI) HIGH" "moving-media-library 1.23 Authenticated.(Administrator+).Directory.Traversal.to.Arbitrary.File.Deletion MEDIUM" "media-hygiene 4.0.1 Missing.Authorization MEDIUM" "media-hygiene 3.0.2 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Attachment.Deletion MEDIUM" "menu-manager-ultra 1.0.8 Reflected.Cross-Site.Scripting MEDIUM" "md-custom-content No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mini-course-generator 1.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "minimal-share-buttons 1.7.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.align.Parameter MEDIUM" "manage-gravity-forms-stripe-subscriptions 4.1.6 Reflected.Cross-Site.Scripting MEDIUM" "manage-gravity-forms-stripe-subscriptions 4.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "miniorange-firebase-sms-otp-verification 3.6.1 Authentication.Bypass HIGH" "miniorange-firebase-sms-otp-verification 3.6.1 Unauthenticated.Arbitrary.User.Password.Change CRITICAL" "miniorange-firebase-sms-otp-verification 3.6.1 Privilege.Escalation.via.Registration.due.to.Administrator.Default.User.Role.Value CRITICAL" "moceanapi-sendsms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "modula-best-grid-gallery 2.10.2 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.FancyBox.5.JavaScript.Library MEDIUM" "modula-best-grid-gallery 2.11.11 Author+.Arbitrary.File.Upload HIGH" "modula-best-grid-gallery 2.7.5 Incomplete.Authorization.via.'save_image'.and.'save_images' LOW" "modula-best-grid-gallery 2.6.91 Unauthenticated.Troubleshooting.Settings.Update MEDIUM" "modula-best-grid-gallery 2.6.7 Reflected.Cross-Site.Scripting MEDIUM" "modula-best-grid-gallery 2.2.5 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "modal-survey No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "modal-survey No.known.fix Unauthenticated.SQL.Injection HIGH" "modal-survey No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "mainwp-google-analytics-extension 4.0.5 Subscriber+.Settings.Update MEDIUM" "mainwp-google-analytics-extension 4.0.5 Subscriber+.SQLi HIGH" "my-wp-brand 1.1.3 Missing.Authorization MEDIUM" "mwp-herd-effect 6.2.2 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "mwp-herd-effect 5.2.7 Effect.Deletion.via.CSRF MEDIUM" "mwp-herd-effect 5.2.3 Admin+.Stored.XSS LOW" "mwp-herd-effect 5.2.4 Effect.Deletion.via.CSRF MEDIUM" "mwp-herd-effect 5.2.2 Reflected.XSS MEDIUM" "mwp-herd-effect 5.2.1 Admin+.LFI MEDIUM" "majestic-support 1.1.1 Missing.Authorization MEDIUM" "majestic-support 1.1.1 Unauthenticated.SQL.Injection HIGH" "majestic-support 1.1.1 Missing.Authorization MEDIUM" "majestic-support 1.0.7 Unauthenticated.Local.File.Inclusion CRITICAL" "majestic-support 1.0.6 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "majestic-support 1.0.6 Unauthenticated.Sensitive.Information.Exposure.Through.Unprotected.Directory HIGH" "my-bootstrap-menu No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "menus-plus No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "mojo-under-construction No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "more-better-reviews-for-woocommerce No.known.fix Missing.Authorization MEDIUM" "more-better-reviews-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "more-better-reviews-for-woocommerce 3.0.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "music-let-loose-mp3-audio-player No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "mp3-music-player-by-sonaar 5.9.5 Missing.Authorization MEDIUM" "mp3-music-player-by-sonaar 5.9.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Podcast.RSS.Feed MEDIUM" "mp3-music-player-by-sonaar 5.9 Missing.Authorization MEDIUM" "mp3-music-player-by-sonaar 5.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sonaar_audioplayer.Shortcode MEDIUM" "mp3-music-player-by-sonaar 5.7.1 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "mp3-music-player-by-sonaar 5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sonaar_audioplayer.Shortcode MEDIUM" "mp3-music-player-by-sonaar 5.0 Unauthenticated.Arbitrary.File.Download MEDIUM" "mp3-music-player-by-sonaar 5.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mp3-music-player-by-sonaar 5.1.1 Missing.Authorization MEDIUM" "mp3-music-player-by-sonaar 4.10.1 Missing.Authorization.to.Template.Import MEDIUM" "mp3-music-player-by-sonaar 2.4.2 Multiple.Admin+.Cross.Site.Scripting LOW" "multi-gallery No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "media-library-assistant 3.25 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "media-library-assistant 3.24 Reflected.Cross-Site.Scripting.via.smc_settings_tab,.unattachfixit-action,.and.woofixit-action.Parameters MEDIUM" "media-library-assistant 3.20 Authenticated.(Administrator+).Remote.Code.Execution HIGH" "media-library-assistant 3.19 Authenticated.(Author+).Arbitrary.File.Upload.via.mla-inline-edit-upload-scripts.AJAX.Action HIGH" "media-library-assistant 3.18 Reflected.Cross-Site.Scripting MEDIUM" "media-library-assistant 3.17 Authenticated.(Contributor+).SQL.Injection.via.order.Parameter HIGH" "media-library-assistant 3.16 Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "media-library-assistant 3.16 Reflected.Cross-Site.Scripting HIGH" "media-library-assistant 3.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.mla_gallery.Shortcode MEDIUM" "media-library-assistant 3.14 Authenticated.(Contributor+).SQL.Injection.via.Shortcode MEDIUM" "media-library-assistant 3.12 Author+.Stored.XSS MEDIUM" "media-library-assistant 3.11 Contributor+.Stored.XSS MEDIUM" "media-library-assistant 3.10 Unauthenticated.Local/Remote.File.Inclusion.&.Remote.Code.Execution HIGH" "media-library-assistant 3.08 Reflected.Cross-Site.Scripting MEDIUM" "media-library-assistant 3.06 Admin+.SQLi MEDIUM" "media-library-assistant 3.01 Unauthenticated.Error.Log.Access LOW" "media-library-assistant 2.90 Authenticated.Blind.SQL.Injection MEDIUM" "media-library-assistant 2.82 Authenticated.RCE CRITICAL" "media-library-assistant 2.82 Unauthenticated.Limited.Local.File.Inclusion HIGH" "media-library-assistant 2.82 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "media-library-assistant 2.7.4 Cross-Site.Scripting.(XSS) MEDIUM" "mapfig-studio No.known.fix Stored.XSS.via.CSRF HIGH" "meks-themeforest-smart-widget No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "memberlite-shortcodes 1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.memberlite_accordion.Shortcode MEDIUM" "memberlite-shortcodes 1.3.9 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "media-mirror No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "mobile-navigation No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "mitm-bug-tracker No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "msync No.known.fix Authenticated.(Administrator+).SQL.Injection HIGH" "marketo-forms-and-tracking No.known.fix CSRF.to.XSS HIGH" "magayo-lottery-results No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mobile-call-now-map-buttons No.known.fix Admin+.Stored.XSS LOW" "miniorange-oauth-oidc-single-sign-on 18.5.4 Incorrect.Authorization.to.Sensitive.Information.Exposure MEDIUM" "miniorange-oauth-oidc-single-sign-on 48.5.4 Incorrect.Authorization.to.Sensitive.Information.Exposure MEDIUM" "miniorange-oauth-oidc-single-sign-on 38.5.4 Incorrect.Authorization.to.Sensitive.Information.Exposure MEDIUM" "miniorange-oauth-oidc-single-sign-on 28.5.4 Incorrect.Authorization.to.Sensitive.Information.Exposure MEDIUM" "miniorange-oauth-oidc-single-sign-on 50.5.4 Incorrect.Authorization.to.Sensitive.Information.Exposure MEDIUM" "miniorange-oauth-oidc-single-sign-on 40.5.4 Incorrect.Authorization.to.Sensitive.Information.Exposure MEDIUM" "miniorange-oauth-oidc-single-sign-on 30.5.4 Incorrect.Authorization.to.Sensitive.Information.Exposure MEDIUM" "miniorange-oauth-oidc-single-sign-on 48.4.9 SSO.(OAuth.Client).Enterprise.<.48.4.9.-.IdP.Deletion.via.CSRF MEDIUM" "miniorange-oauth-oidc-single-sign-on 28.4.9 SSO.(OAuth.Client).Standard.<.28.4.9.-.IdP.Deletion.via.CSRF MEDIUM" "miniorange-oauth-oidc-single-sign-on 38.4.9 SSO.(OAuth.Client).Premium.<.38.4.9.-.IdP.Deletion.via.CSRF MEDIUM" "morpheus-slider No.known.fix Authenticated.SQL.Injection MEDIUM" "media-list 1.4.0 Contributor+.Stored.XSS MEDIUM" "media-list 1.4.1 Contributor+.Stored.XSS MEDIUM" "mobile-booster No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mobile-booster 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "media-from-ftp 11.17 Author+.Arbitrary.File.Access CRITICAL" "media-from-ftp 9.85 Authenticated.Directory.Traversal MEDIUM" "more-mime-type-filters No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mybookprogress No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "mybookprogress No.known.fix Missing.Authorization MEDIUM" "mybookprogress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.book.Parameter MEDIUM" "mycred 2.9.4.3 Missing.Authorization MEDIUM" "mycred 2.9.4.3 Missing.Authorization MEDIUM" "mycred 2.7.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.mycred_send.Shortcode MEDIUM" "mycred 2.7.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.mycred_link.Shortcode MEDIUM" "mycred 2.7.4 Missing.Authorization.to.Unauthenticated.Database.Upgrade MEDIUM" "mycred 2.7.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mycred 2.7.3 Unauthenticated.PHP.Object.Injection HIGH" "mycred 2.7.3 Unauthenticated.Information.Exposure MEDIUM" "mycred 2.6.4 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "mycred 2.6.2 Contributor+.Stored.XSS MEDIUM" "mycred 2.5.3 Reflected.Cross-Site.Scripting MEDIUM" "mycred 2.5.1 Cross-Site.Request.Forgery MEDIUM" "mycred 2.4.4.1 Subscriber+.User.E-mail.Addresses.Disclosure MEDIUM" "mycred 2.4.4 Subscriber+.Arbitrary.Post.Creation MEDIUM" "mycred 2.4.4 Subscriber+.Import/Export.to.Email.Address.Disclosure MEDIUM" "mycred 2.4.4 Reflected.Cross-Site.Scripting MEDIUM" "mycred 2.4.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mycred 2.4 Reflected.Cross-Site.Scripting HIGH" "mycred 2.3 Subscriber+.SQL.Injection HIGH" "mycred 1.7.8 Reflected.Cross-Site.Scripting HIGH" "magic-the-gathering-card-tooltips 3.6.0 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "magic-the-gathering-card-tooltips 3.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mortgage-calculators-wp 1.60 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mortgage-calculators-wp 1.56 Admin+.Stored.Cross-Site.Scripting LOW" "meta-tags-for-seo 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mediaburst-email-to-sms No.known.fix Authenticated(Administrator+).SQL.Injection MEDIUM" "mediaburst-email-to-sms 3.0.0 Cross-Site.Scripting.(XSS) MEDIUM" "minimum-password-strength No.known.fix Cross-Site.Request.Forgery MEDIUM" "miniorange-discord-integration No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "miniorange-discord-integration 2.1.6 Subscriber+.App.Disabling MEDIUM" "my-geo-posts-free No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "message-ticker No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "message-ticker 9.3 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "min-and-max-purchase-for-woocommerce No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "m-chart 1.10 Contributor+.Stored.XSS MEDIUM" "martins-free-and-easy-ad-network-get-more-visitors No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mailin 3.1.88 Cross-Site.Request.Forgery MEDIUM" "mailin 3.1.83 Cross-Site.Request.Forgery MEDIUM" "mailin 3.1.78 Reflected.Cross-Site.Scripting MEDIUM" "mailin 3.1.78 Reflected.XSS HIGH" "mailin 3.1.61 Reflected.XSS HIGH" "mailin 3.1.31 Reflected.Cross-Site.Scripting MEDIUM" "mailin 3.1.25 Reflected.XSS HIGH" "menu-image 3.11 Admin+.Stored.XSS LOW" "menu-image 3.10 Reflected.Cross-Site.Scripting MEDIUM" "menu-image 3.0.8 Subscriber+.Stored.Cross-Site.Scripting HIGH" "menu-image 3.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "manage-user-columns 1.0.6 Cross-Site.Request.Forgery MEDIUM" "mihanpanel-lite 12.7 Cross-Site.Request.Forgery MEDIUM" "m1downloadlist No.known.fix Authenticated.(Contributor+).Sensitive.Information.Disclosure MEDIUM" "m1downloadlist 0.20 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "my-default-post-content No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "mind-doodle-sitemap No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mailclient No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "maintenance 4.03 Authenticated.Stored.XSS MEDIUM" "magicpost 1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wb_share_social.Shortcode MEDIUM" "multi-crypto-currency-payment No.known.fix Unauthenticated.SQL.Injection HIGH" "mainwp-child 5.3 Authentication.Bypass HIGH" "mainwp-child 4.4.1.2 Sensitive.File.Disclosure MEDIUM" "mainwp-child 4.1.8 Admin+.SQL.Injection MEDIUM" "mobile-menu 2.8.5 Missing.Authorization.to._mobmenu_icon.Post.Meta.Modification MEDIUM" "mobile-menu 2.8.4.4 Cross-Site.Request.Forgery MEDIUM" "mobile-menu 2.8.4.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Alt MEDIUM" "mobile-menu 2.8.4 Reflected.Cross-Site.Scripting MEDIUM" "mobile-menu 2.8.2.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mobile-menu 2.8.2.3 Reflected.Cross-Site.Scripting.(XSS) HIGH" "mobile-menu 2.7.3 Subscriber+.Arbitrary.Option.Update CRITICAL" "maintenance-and-noindex-nofollow No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "multi-step-form 1.7.24 Missing.Authorization.to.Unauthenticated.Limited.File.Upload MEDIUM" "multi-step-form 1.7.22 Missing.Authorization.via.fw_delete_files MEDIUM" "multi-step-form 1.7.19 Form.Deletion.via.CSRF MEDIUM" "multi-step-form 1.7.17 Admin+.Stored.XSS LOW" "multi-step-form 1.7.13 Form.Update/Deletion.via.CSRF MEDIUM" "multi-step-form 1.7.8 Admin+.Stored.XSS LOW" "multi-step-form 1.2.6 Cross-Site.Scripting.(XSS) MEDIUM" "multi-step-form 1.2.6 Multiple.Unauthenticated.Reflected.XSS MEDIUM" "maintenance-notice 1.0.7 Settings.Reset.via.CSRF MEDIUM" "mediamatic No.known.fix Cross-Site.Request.Forgery MEDIUM" "mediamatic 2.8.1 Subscriber+.SQL.Injection HIGH" "marmoset-viewer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "marmoset-viewer 1.9.3 Reflected.Cross.Site.Scripting HIGH" "membership-by-supsystic No.known.fix Authenticated.SQL.Injection CRITICAL" "mediabay-lite No.known.fix Missing.Authorization.via.AJAC.actions MEDIUM" "mediabay-lite No.known.fix Editor+.Stored.XSS MEDIUM" "msstiger No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "multifox-plus No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "multifox-plus 1.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mass-pagesposts-creator 2.1.7 Reflected.Cross-Site.Scripting MEDIUM" "mass-pagesposts-creator 2.1.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mass-pagesposts-creator 1.2.5 DoS MEDIUM" "mark-new-posts 7.6 Missing.Authorization.via.save_options MEDIUM" "ml-slider 3.99.0 Contributor+.Stored.XSS.via.aria-label.Parameter MEDIUM" "ml-slider 3.95.0 Editor+.Stored.XSS LOW" "ml-slider 3.95.0 Editor+.Stored.XSS LOW" "ml-slider 3.95.0 Authenticated.(Editor+).PHP.Object.Injection HIGH" "ml-slider 3.70.1 Contributor+.Stored.Cross-Site.Scripting.via.metaslider.Shortcode MEDIUM" "ml-slider 3.29.1 Reflected.XSS HIGH" "ml-slider 3.27.9 Admin+.Stored.Cross.Site.Scripting LOW" "ml-slider 3.17.2 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "meks-flexible-shortcodes 1.3.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "meks-flexible-shortcodes 1.3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "meks-flexible-shortcodes 1.3.5 Contributor+.Stored.XSS MEDIUM" "mailpress No.known.fix Arbitrary.Settings.Update.&.Log.Files.Purge.via.CSRF MEDIUM" "month-name-translation-benaceur 2.3.8 Admin+.Stored.XSS LOW" "mapsvg No.known.fix Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "mapsvg No.known.fix Authenticated.(Contributor+).Privilege.Esclation HIGH" "mapsvg No.known.fix Missing.Authorization MEDIUM" "mapsvg No.known.fix All.Kinds.of.Maps.and.Store.Locator.for.WordPress.<=.8.6.4.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mapsvg No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "mapsvg No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mapsvg No.known.fix Missing.Authorization MEDIUM" "mapsvg 6.2.20 Unauthenticated.SQLi HIGH" "masy-gallery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "membership-simplified-for-oap-members-only No.known.fix Unauthenticated.Arbitrary.File.Download CRITICAL" "modern-designs-for-gravity-forms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "modern-designs-for-gravity-forms No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mime-types-extended No.known.fix Author+.Stored.XSS.via.SVG.Upload MEDIUM" "mesmerize-companion 1.6.149 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.mesmerize_contact_form.Shortcode MEDIUM" "mesmerize-companion 1.6.135 Contributor+.Stored.XSS MEDIUM" "members-list 4.3.7 Reflected.Cross-Site.Scripting MEDIUM" "magic-carousel No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "mad-mimi No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mainwp 5.0 Cross-Site.Request.Forgery.via.posting_bulk MEDIUM" "mainwp 4.4.3.4 Authenticated.(Administrator+).SQL.Injection HIGH" "mainwp 4.5.1.3 Authenticated(Administrator+).CSS.Injection LOW" "my-loginlogout No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "meks-easy-ads-widget 2.0.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "mybb-cross-poster No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "material-dashboard 1.4.7 Unauthenticated.Privilege.Escalation CRITICAL" "material-dashboard 1.4.6 Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "material-dashboard 1.4.6 Unauthenticated.Local.File.Inclusion CRITICAL" "material-dashboard 1.4.6 Unauthenticated.Privilege.Escalation CRITICAL" "modal-window 6.1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.iframeBox.Shortcode MEDIUM" "modal-window 6.1.5 Cross-Site.Request.Forgery.to.Settings.Ipdate MEDIUM" "modal-window 6.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "modal-window 5.3.10 Modal.Deletion.via.CSRF MEDIUM" "modal-window 5.3.9 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "modal-window 5.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "modal-window 5.2.2 RFI.leading.to.RCE.via.CSRF HIGH" "magee-shortcodes No.known.fix Contributor+.Stored.XSS.via.shortcode MEDIUM" "magee-shortcodes 2.0.9 Reflected.Cross-Site.Scripting MEDIUM" "membersonic-lite 1.302 Authentication.Bypass CRITICAL" "menu-item-scheduler No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mortgage-loan-calculator No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mortgage-loan-calculator 1.5.17 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "mailchimp-top-bar 1.6.1 Reflected.Cross-Site.Scripting MEDIUM" "moova-for-woocommerce 3.8 Reflected.Cross-Site.Scripting HIGH" "marketer-addons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mighty-builder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "memorialday 1.1.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mediaview 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "mediaview No.known.fix Reflected.Cross-Site.Scripting.via.id.Parameter MEDIUM" "memberspace 2.1.14 Reflected.Cross-Site.Scripting MEDIUM" "memberspace 2.1.14 Reflected.XSS MEDIUM" "modern-addons-elementor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "modern-addons-elementor 1.2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "myanime-widget No.known.fix Cross-Site.Request.Forgery.to.Privilege.Escalation CRITICAL" "multiple-location-google-map No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "myshopkit-popup-smartbar-slidein No.known.fix .Unauthenticated.Sensitive.Information.Exposure MEDIUM" "menu-icons 0.13.14 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.Upload MEDIUM" "manager-for-icomoon 2.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "manager-for-icomoon 2.2 Contributor+.Stored.XSS MEDIUM" "memberful-wp 1.74.0 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "memberful-wp 1.73.8 Authenticated.(contributor+).Stored.Cross-Site.Scripting MEDIUM" "medibazar-core No.known.fix Reflected.Cross-Site.Scripting HIGH" "microcopy No.known.fix Authenticated.SQL.Injection MEDIUM" "my-restaurant-menu No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "multilanguage 1.2.3 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "maximum-products-per-user-for-woocommerce 4.2.9 Reflected.Cross-Site.Scripting MEDIUM" "masterstudy-lms-learning-management-system 3.5.29 Contributor+.Local.File.Inclusion HIGH" "masterstudy-lms-learning-management-system 3.5.29 Missing.Authorization MEDIUM" "masterstudy-lms-learning-management-system 3.3.24 Privilege.Escalation.to.Instructor MEDIUM" "masterstudy-lms-learning-management-system 3.2.2 Cross-Site.Request.Forgery MEDIUM" "masterstudy-lms-learning-management-system 3.2.13 Missing.Authorization MEDIUM" "masterstudy-lms-learning-management-system 3.3.9 Missing.Authorization MEDIUM" "masterstudy-lms-learning-management-system 3.3.4 Unauthenticated.Local.File.Inclusion.via.template CRITICAL" "masterstudy-lms-learning-management-system 3.3.1 Unauthenticated.Local.File.Inclusion.via.modal CRITICAL" "masterstudy-lms-learning-management-system 3.3.2 Unauthenticated.Privilege.Escalation HIGH" "masterstudy-lms-learning-management-system 3.3.0 Missing.Authorization.to.Sensitive.Information.Exposure.in.search_posts MEDIUM" "masterstudy-lms-learning-management-system 3.2.11 Basic.Information.Exposure.via.REST.route MEDIUM" "masterstudy-lms-learning-management-system 3.2.6 Unauthenticated.SQL.Injection CRITICAL" "masterstudy-lms-learning-management-system 3.0.18 Unauthenticated.Instructor.Account.Creation MEDIUM" "masterstudy-lms-learning-management-system 2.8.0 Reflected.Cross-Site.Scripting MEDIUM" "masterstudy-lms-learning-management-system 3.0.9 Contributor+.Stored.XSS MEDIUM" "masterstudy-lms-learning-management-system 3.0.9 Subscriber+.Course.Category.Creation MEDIUM" "masterstudy-lms-learning-management-system 2.7.6 Unauthenticated.Admin.Account.Creation CRITICAL" "mastercurrency-wp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Currency.Converter.Form.Shortcode MEDIUM" "m-vslider No.known.fix Authenticated.(admin+).SQL.Injection HIGH" "multi-day-booking-calendar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mousewheel-smooth-scroll 5.7 Plugin's.Setting.Update.via.CSRF MEDIUM" "move-addons 1.3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "move-addons 1.3.6 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Elementor.Templates MEDIUM" "move-addons 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "move-addons 1.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "move-addons 1.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "move-addons 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "move-addons 1.3.0 Missing.Authorization MEDIUM" "move-addons 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "motopress-slider-lite No.known.fix Subscriber+.Stored.Cross-Site.Scripting CRITICAL" "motopress-slider-lite No.known.fix Reflected.Cross-Site.Scripting HIGH" "multiplayer-plugin No.known.fix Reflected.Cross-Site.Scripting HIGH" "mhr-custom-anti-copy No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "moolamojo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mapbox-for-wp-advanced No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mollie-forms 2.7.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mollie-forms 2.6.14 Cross-Site.Request.Forgery.to.Arbitrary.Post.Duplication MEDIUM" "mollie-forms 2.6.4 Missing.Authorization.to.Arbitrary.Post.Duplication MEDIUM" "mollie-forms 2.6.4 Missing.Authorization MEDIUM" "media-file-organizer No.known.fix Directory.Traversal MEDIUM" "mobigatevn No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mooberry-book-manager 4.15.13 Unauthenticated.Information.Exposure.via.Export.Files MEDIUM" "make-paths-relative No.known.fix Settings.Update.via.CSRF MEDIUM" "mapping-multiple-urls-redirect-same-page No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "magic-google-maps No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "music-pack-for-elementor No.known.fix Contributor+.Stored.XSS MEDIUM" "muzaara-adwords-optimize-dashboard No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "muzaara-adwords-optimize-dashboard No.known.fix Information.Exposure MEDIUM" "mainwp-piwik-extension 4.0.5 CSRF MEDIUM" "matomo 5.1.1 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "matomo 5.0.1 Reflected.Cross-Site.Scripting.via.idsite MEDIUM" "miniorange-login-openid No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "miniorange-login-openid 200.3.10 Authentication.Bypass HIGH" "miniorange-login-openid 7.6.7 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "miniorange-login-openid 7.6.5 Authentication.Bypass CRITICAL" "miniorange-login-openid 7.6.0 Admin+.Stored.XSS LOW" "miniorange-login-openid 7.5.15 Multiple.CSRF MEDIUM" "miniorange-login-openid 7.6.1 Unauthenticated.Arbitrary.Content.Deletion MEDIUM" "myweather No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "master-elements No.known.fix Unauthenticated.SQLi CRITICAL" "mynx-page-builder No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "miniorange-malware-protection 4.7.3 Unauthenticated.Privilege.Escalation CRITICAL" "miniorange-malware-protection 4.7.3 Admin+.SQLi MEDIUM" "miniorange-malware-protection 4.7.2 IP.Spoofing MEDIUM" "miniorange-malware-protection 4.5.2 Admin+.Stored.Cross-Site.Scripting LOW" "minimal-coming-soon-maintenance-mode 2.39 Missing.Authorization.to.Limited.Settings.Change MEDIUM" "minimal-coming-soon-maintenance-mode 2.38 Unauthenticated.Maintenance.Mode.Bypass LOW" "minimal-coming-soon-maintenance-mode 2.35 Multiple.Authenticated.Stored.XSS LOW" "minimal-coming-soon-maintenance-mode 2.15 CSRF.to.Stored.XSS.and.Setting.Changes HIGH" "minimal-coming-soon-maintenance-mode 2.17 Insecure.permissions:.Export.Settings/Theme.Change MEDIUM" "minimal-coming-soon-maintenance-mode 2.15 Insecure.Permissions:.Enable.and.Disable.Maintenance.Mode HIGH" "moveto No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "moveto No.known.fix Unauthenticated.SQL.Injection CRITICAL" "moveto No.known.fix Missing.Authorization.to.Unauthenticated.Options.Update CRITICAL" "moveto No.known.fix Unauthenticated.Directory.Traversal.to.Arbitrary.File.Deletion CRITICAL" "microblog-poster No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "microblog-poster 1.6.2 Authenticated.Blind.SQL.Injection HIGH" "multilevel-referral-plugin-for-woocommerce No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "multilevel-referral-plugin-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "multilevel-referral-plugin-for-woocommerce 2.23 Reflected.Cross-Site.Scripting MEDIUM" "material-design-icons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.mdi-icon.Shortcode MEDIUM" "map-multi-marker No.known.fix Reflected.Cross-Site.Scripting HIGH" "mail-picker 1.0.15 Unauthenticated.PHP.Object.Injection CRITICAL" "mail-picker No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mp-timetable 2.4.14 Admin+.PHP.Object.Injection MEDIUM" "mp-timetable 2.4.12 Authenticated.(Contributor+).SQL.Injection CRITICAL" "mp-timetable 2.4.2 Unauthorised.Event.TimeSlot.Deletion MEDIUM" "mp-timetable 2.4.0 Arbitrary.User's.Hashed.Password/Email/Username.Disclosure MEDIUM" "mp-timetable 2.4.2 Unauthorised.Event.TimeSlot.Update MEDIUM" "mp-timetable 2.3.19 Author+.Stored.Cross-Site.Scripting MEDIUM" "mailrelay 2.1.2 Arbitrary.Settings.Update.via.CSRF MEDIUM" "meintopf No.known.fix Reflected.XSS HIGH" "mage-eventpress 4.4.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mage-eventpress 4.3.7 Contributor+.PHP.Object.Injection MEDIUM" "mage-eventpress 4.3.0 Missing.Authorization MEDIUM" "mage-eventpress 4.3.0 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "mage-eventpress 4.2.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mage-eventpress 4.2.2 Authenticated.(Contributor+).Local.File.Inclusion CRITICAL" "mage-eventpress 4.1.2 Authenticated.(Contributor+).PHP.Object.Injection.in.mep_event_meta_save HIGH" "mage-eventpress 3.9.6 Editor+.Stored.Cross-Site.Scripting MEDIUM" "mage-eventpress 3.8.7 Admin+.Stored.XSS LOW" "mage-eventpress 3.7.8 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "mage-eventpress 3.8.0 Contributor+.Stored.XSS MEDIUM" "mage-eventpress 3.5.8 Contributor+.SQL.Injection HIGH" "mage-eventpress 3.5.3 Unauthenticated.Arbitrary.Elementor.Template.Import MEDIUM" "mage-eventpress 3.5.3 Unauthenticated.Arbitrary.Options.Reset HIGH" "maanstore-api No.known.fix Authentication.Bypass CRITICAL" "modern-footnotes 1.4.17 Contributor+.Stored.XSS MEDIUM" "modern-footnotes 1.4.16 Admin+.Stored.XSS LOW" "modify-profile-fields-dashboard-menu-buttons 1.04 Reflected.Cross-Site.Scripting MEDIUM" "megamenu 3.3.1 Missing.Authorization MEDIUM" "megamenu 2.4 Authenticated.XSS MEDIUM" "map-contact No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "miniorange-openid-connect-client 2.1.5 Reflected.Cross-Site.Scripting.via.appId HIGH" "moreads-se 1.4.7 XSS MEDIUM" "mediaburst-ecommerce-sms-notifications 2.4.2 Cross-Site.Scripting.(XSS) MEDIUM" "mycbgenie-clickbank-storefront No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "maniac-seo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mixcloud-embed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "monitor-chat No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "multiline-files-for-contact-form-7 2.9 Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Deactivation MEDIUM" "mg-parallax-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mg-post-contributors No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "markdown-on-save-improved 2.5.1 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "multilang-contact-form No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "motopress-hotel-booking 4.8.5 Unauthenticated.Arbitrary.File.Download.&.Deletion CRITICAL" "music-player-for-elementor 2.4.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.album_buy_url.Parameter MEDIUM" "music-player-for-elementor 2.4.2 Missing.Authorization.to.Authenticated.(Subscriber+).Template.Import MEDIUM" "music-player-for-elementor 1.5.9.9 Reflected.Cross-Site.Scripting MEDIUM" "music-player-for-elementor 1.5.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "martins-link-network 1.2.30 Reflected.XSS HIGH" "my-instagram-feed 3.1.2 Reflected.Cross-Site.Scripting MEDIUM" "my-instagram-feed 3.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "muslim-prayer-time-bd 2.5 Settings.Reset.via.CSRF MEDIUM" "map-store-location No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mstore-api 4.17.6 Missing.Authorization.to.Authenticated.(Subscriber+).Posts.Creation MEDIUM" "mstore-api 4.17.5 Unauthenticated.Limited.Privilege.Escalation MEDIUM" "mstore-api 4.16.5 Authenticated.(Subscriber+).HTML.File.Upload.(Stored.Cross-Site.Scripting) MEDIUM" "mstore-api 4.15.8 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "mstore-api 4.15.4 Authenticated.(Subscriber+).Limited.Arbitrary.File.Upload MEDIUM" "mstore-api 4.15.4 Unauthorized.User.Registration HIGH" "mstore-api 4.15.3 Authentication.Bypass.to.Account.Takeover HIGH" "mstore-api 4.15.0 Authentication.Bypass CRITICAL" "mstore-api 4.10.2 Cross-Site.Request.Forgery MEDIUM" "mstore-api 4.0.7 Subscriber+.SQLi HIGH" "mstore-api 4.0.2 Unauthenticated.SQL.Injection CRITICAL" "mstore-api 3.9.8 Unauthenticated.SQL.Injection HIGH" "mstore-api 4.10.8 Unauthenticated.Privilege.Escalation CRITICAL" "mstore-api 3.9.9 Unauthenticated.Privilege.Escalation CRITICAL" "mstore-api 3.9.8 Unauthenticated.Blind.SQLi HIGH" "mstore-api 3.9.7 Subscriber+.Unauthorized.Settings.Update MEDIUM" "mstore-api 3.9.7 Multiple.CSRF MEDIUM" "mstore-api 3.9.3 Authentication.Bypass CRITICAL" "mstore-api 3.9.2 Authentication.Bypass CRITICAL" "mstore-api 3.9.1 Authentication.Bypass CRITICAL" "mstore-api 3.4.5 Unauthenticated.PHP.File.Upload CRITICAL" "mstore-api 3.2.0 Authentication.Bypass.With.Sign.In.With.Apple HIGH" "mstore-api 2.1.6 Unauthenticated.Arbitrary.Account.Creation/Edition HIGH" "material-design-icons-for-elementor 1.4.3 Contributor+.Stored.XSS MEDIUM" "material-design-icons-for-elementor 1.4.3 Settings.Update.via.CSRF MEDIUM" "magazine-lister-for-yumpu No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mt-addons-for-elementor 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "magical-addons-for-elementor 1.3.7 Contributor+.Stored.XSS MEDIUM" "magical-addons-for-elementor 1.2.5 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Elementor.Template MEDIUM" "magical-addons-for-elementor 1.2.3 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "magical-addons-for-elementor 1.1.42 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "magical-addons-for-elementor 1.1.42 Contributor+.Stored.XSS MEDIUM" "magical-addons-for-elementor 1.1.40 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "magical-addons-for-elementor 1.1.35 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "magical-addons-for-elementor 1.1.38 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Text.Effect.Widget MEDIUM" "mm-email2image No.known.fix Contributor+.Stored.XSS MEDIUM" "mm-email2image No.known.fix Stored.XSS.via.CSRF HIGH" "macme No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "members-page-only-for-logged-in-users No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "machform-shortcode 1.5.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mobile-friendly-flickr-slideshow 2.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mobile-friendly-flickr-slideshow 2.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "miguras-divi-enhancer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "miguras-divi-enhancer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "meks-easy-social-share 1.2.8 Admin+.Stored.Cross-Site.Scripting LOW" "music-sheet-viewer No.known.fix Unauthenticated.Arbitrary.File.Read HIGH" "music-sheet-viewer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "minical No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mobilize No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "multiple-domain 1.0.3 XSS.in.Canonical/Alternate.Tags LOW" "mega-elements-addons-for-elementor 1.2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mega-elements-addons-for-elementor 1.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mega-elements-addons-for-elementor 1.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mega-elements-addons-for-elementor 1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Widget MEDIUM" "mega-elements-addons-for-elementor 1.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "multi-feed-reader No.known.fix Cross-Site.Request.Forgery MEDIUM" "multi-feed-reader 2.2.4 SQL.Injection HIGH" "mycurator 3.79 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "mycurator 3.77 Reflected.Cross-Site.Scripting MEDIUM" "mycurator 3.75 Cross-Site.Request.Forgery MEDIUM" "multi-scheduler No.known.fix Arbitrary.Record.Deletion.via.CSRF HIGH" "member-access No.known.fix Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "mapwiz No.known.fix Admin+.SQLi MEDIUM" "marketplace-items No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "marketplace-items No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'marketplace'.Shortcode MEDIUM" "mtouch-quiz No.known.fix Admin+.Stored.Cross.Site.Scripting LOW" "mtouch-quiz 3.1.3 Multiple.Vulnerabilities.XSS.&.CSRF MEDIUM" "mihdan-yandex-turbo-feed 1.6.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "most-popular-posts-widget-lite 0.9 Admin+.SQL.injection MEDIUM" "map-location-picker-at-checkout-for-woocommerce 1.9.0 Missing.Authorization.via.checkout_map_rules_order_ajax_handler MEDIUM" "map-location-picker-at-checkout-for-woocommerce 1.8.5 Reflected.Cross-Site.Scripting MEDIUM" "map-location-picker-at-checkout-for-woocommerce 1.4.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "monarch 1.2.7 Privilege.Escalation HIGH" "multisafepay 4.16.0 Unauthenticated.Arbitrary.File.Access HIGH" "member-database No.known.fix Reflected.XSS HIGH" "marquee-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mojito-shipping 1.3.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "migrate-users No.known.fix CSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "meta-store-elements No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "magic-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mediavine-create 1.9.9 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "mediavine-create 1.9.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mediavine-create 1.9.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Schema.Meta.Shortcode MEDIUM" "mediavine-create 1.9.5 Unauthenticated.SQLi HIGH" "my-wp 1.24.1 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "melhor-envio-cotacao 2.15.12 Unauthenticated.Sensitive.Information.Exposure.via.Hardcoded.Hash MEDIUM" "miniorange-limit-login-attempts 4.0.72 Admin+.Stored.Cross-Site.Scripting LOW" "miniorange-limit-login-attempts 4.0.50 Unauthenticated.Stored.Cross-Site.Scripting CRITICAL" "mainwp-code-snippets-extension 4.0.3 Subscriber+.PHP.Objection.Injection HIGH" "mainwp-code-snippets-extension 4.0.3 Subscriber+.Stored.XSS HIGH" "mainwp-code-snippets-extension 4.0.3 Subscriber+.Settings.Update MEDIUM" "materialis-companion 1.3.42 Authenticated.(Contributor+).Store.Cross-Site.Scripting.via.materialis_contact_form.Shortcode MEDIUM" "materialis-companion 1.3.40 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "minimalistic-event-manager No.known.fix Missing.Authorization MEDIUM" "mhr-post-ticker 1.2 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "mmx-make-me-christmas No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "movylo-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "moving-users 1.10 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "mybb-last-topics No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mystickymenu 2.7.3 Admin+.Stored.XSS LOW" "mystickymenu 2.7.2 Admin+.Stored.XSS LOW" "mystickymenu 2.6.8 Admin+.Stored.XSS LOW" "mystickymenu 2.6.7 CSV.Export.via.CSRF.to.Sensitive.Information.Disclosure LOW" "mystickymenu 2.6.5 Subscriber+.Arbitrary.Form.Leads.Deletion MEDIUM" "mystickymenu 2.5.2 Authenticated.Stored.XSS MEDIUM" "minify-html-markup 2.1.11 -.Regular.Expressions.Denial.of.Service MEDIUM" "minify-html-markup 2.1.8 Settings.Update.via.CSRF MEDIUM" "my-content-management 1.7.7 Admin+.Stored.XSS LOW" "maxab No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mlr-audio No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "maintenance-coming-soon-redirect-animation 2.3.0 Missing.Authorization.to.Settings.Update MEDIUM" "maintenance-coming-soon-redirect-animation No.known.fix IP.Spoofing.to.Bypass MEDIUM" "maps-for-wp 1.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "maps-for-wp 1.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "my-wp-responsive-video No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mystyle-custom-product-designer 3.21.2 Unauthenticated.SQL.Injection HIGH" "melapress-login-security-premium 2.1.1 Missing.Authorization.to.Unauthenticated.Arbitrary.User.Deletion MEDIUM" "mq-woocommerce-products-price-bulk-edit No.known.fix XSS MEDIUM" "myworks-woo-sync-for-quickbooks-online 2.9.2 Reflected.Cross-Site.Scripting MEDIUM" "mmt-eventon-exim-lite 1.1.2 Reflected.Cross-Site.Scripting MEDIUM" "mobilook 1.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mainwp-broken-links-checker-extension No.known.fix Unauthenticated.SQLi CRITICAL" "map-addons-for-elementor-waze-map No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mailster 4.0.10 Reflected.Cross-Site.Scripting MEDIUM" "mailster 4.0.7 Unauthenticated.Local.File.Inclusion CRITICAL" "mailster 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "mailster 2.4.9 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "mfolio-lite No.known.fix Contributor+.Stored.XSS MEDIUM" "mfolio-lite 1.2.2 Missing.Authorization.to.Authenticated.(Author+).File.Upload.via.EXE.and.SVG.Files CRITICAL" "musicbox No.known.fix Reflected.XSS HIGH" "mindvalley-pagemash No.known.fix Authenticated.(Editor+).SQL.Injection MEDIUM" "media-library-tools 1.5.0 Author+.Stored.XSS.via.SVG MEDIUM" "multi-page-toolkit No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "my-calendar 3.4.24 Authenticated.Stored.XSS MEDIUM" "my-calendar 3.4.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "my-calendar 3.4.22 Unauthenticated.SQL.Injection CRITICAL" "my-calendar 3.4.4 Cross-Site.Request.Forgery MEDIUM" "my-calendar 3.3.25 Event/Location.Deletion.via.CSRF MEDIUM" "my-calendar 3.2.18 Subscriber+.Reflected.Cross-Site.Scripting MEDIUM" "my-calendar 3.1.10 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "mass-delete-unused-tags 3.0.0 Tags.Deletion.via.CSRF MEDIUM" "market-exporter 2.0.23 Cross-Site.Request.Forgery MEDIUM" "market-exporter 2.0.22 Missing.Authorization MEDIUM" "market-exporter 2.0.20 Missing.Authorization.to.Arbitrary.File.Deletion HIGH" "market-exporter 2.0.19 Reflected.Cross-Site.Scripting MEDIUM" "market-exporter 2.0.14 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mindmeister-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "misiek-paypal No.known.fix Stored.XSS.via.CSRF HIGH" "mobile-kiosk No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "multiple-post-type-order No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.mpto.Shortcode MEDIUM" "modern-events-calendar 7.13.0 Subscriber+.Server.Side.Request.Forgery HIGH" "modern-events-calendar 7.12.0 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "media-category-library No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mail-boxes-etc 2.2.1 Cross-Site.Request.Forgery MEDIUM" "mail-boxes-etc 2.2.1 Information.Exposure MEDIUM" "mail-boxes-etc 2.3.0 Reflected.XSS HIGH" "mail-control 0.3.0 Reflected.Cross-Site.Scripting MEDIUM" "mail-control 0.3.2 Unauthenticated.Stored.XSS.via.Email.Subject HIGH" "miniorange-login-security 1.0.8 Reflected.Cross-Site.Scripting HIGH" "meinturnierplande-widget-viewer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mp3-jplayer No.known.fix Multiple.CSRF MEDIUM" "mp3-jplayer 2.5 Full.Path.Disclosure MEDIUM" "mwp-countdown No.known.fix Admin+.SQLi MEDIUM" "mygallery No.known.fix Unauthenticated.File.Inclusion CRITICAL" "mangboard 1.8.7 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Board.Header.And.Footer MEDIUM" "mangboard 1.8.5 Reflected.Cross-Site.Scripting MEDIUM" "mangboard 1.8.1 Reflected.Cross-Site.Scripting MEDIUM" "mangboard 1.7.8 Admin+.Stored.XSS LOW" "mangboard 1.8.2 Settings.Update.via.CSRF MEDIUM" "mangboard 1.6.9 SQL.Injection HIGH" "mabel-shoppable-images-lite 1.2.4 Arbitrary.Post.Deletion.via.CSRF MEDIUM" "metrika No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "masterbip-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mercadolibre-integration No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "my-wp-translate 1.0.4 CSRF.&.XSS HIGH" "mambo-joomla-importer No.known.fix Authenticated.(Administrator+).PHP.Object.Injection HIGH" "magicform No.known.fix WordPress.Form.Builder.<=.1.6.2.-.Missing.Authorization MEDIUM" "magicform No.known.fix Reflected.Cross-Site.Scripting HIGH" "maxbuttons 9.8.4 Admin+.Stored.XSS LOW" "maxbuttons 9.8.1 Admin+.Stored.XSS.via.Text.Color LOW" "maxbuttons 9.8.1 Admin+.Stored.XSS.via.Button.Width LOW" "maxbuttons 9.8.0 Full.Path.Disclosure MEDIUM" "maxbuttons 9.7.8 Editor+.Stored.XSS LOW" "maxbuttons 9.7.7 Contributor+.Stored.XSS MEDIUM" "maxbuttons 9.7.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "maxbuttons 9.6 Contributor+.Stored.XSS MEDIUM" "maxbuttons 9.3 Arbitrary.Settings.Update.via.CSRF MEDIUM" "maxbuttons 9.3 Admin+.Stored.Cross-Site.Scripting LOW" "maxbuttons 6.19 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "manycontacts-bar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "moceanapi-abandoned-carts No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "multiple-votes-in-one-page No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mlanguage No.known.fix Cross-Site.Request.Forgery MEDIUM" "miniorange-oauth-20-server 4.0.1 Authentication.Bypass CRITICAL" "mytweetlinks No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "meet-my-team No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "music-press-pro No.known.fix Missing.Authorization MEDIUM" "music-press-pro No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "maintenance-page 1.0.9 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "maintenance-page 1.0.9 Security.Mechanism.Bypass.via.REST.API MEDIUM" "mypixs No.known.fix Unauthenticated.Local.File.Inclusion.(LFI) HIGH" "monetize No.known.fix Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "max-addons-pro-bricks 1.6.2 Reflected.Cross-Site.Scripting MEDIUM" "max-addons-pro-bricks 1.6.2 Missing.Authorization MEDIUM" "mj-contact-us No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "manage-notification-emails 1.8.6 Missing.Authorization MEDIUM" "manage-notification-emails 1.8.3 Settings.Reset.via.CSRF MEDIUM" "manage-notification-emails 1.8.3 Settings.Reset.via.CSRF MEDIUM" "media-file-manager No.known.fix Authenticated.Multiple.Vulnerabilities MEDIUM" "mcjh-button-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "menu-swapper 1.1.1 Cross-Site.Request.Forgery MEDIUM" "menu-swapper 1.1.1 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "modern-polls No.known.fix Cross-Site.Request.Forgery MEDIUM" "my-wish-list 1.4.2 Multiple.Parameter.XSS MEDIUM" "mejorcluster 1.1.16 Contributor+.Stored.XSS MEDIUM" "molongui-authorship 4.7.8 Authenticated.(Author+).Insecure.Direct.Object.Reference MEDIUM" "molongui-authorship 4.7.8 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "molongui-authorship 4.7.5 Information.Exposure.via.ma_debug MEDIUM" "molongui-authorship 4.7.4 Missing.Authorization MEDIUM" "molongui-authorship 4.6.20 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "molongui-authorship 4.6.20 Reflected.XSS HIGH" "moceansms-order-sms-notification-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "motor-racing-league No.known.fix Admin+.XSS LOW" "mainwp-child-reports 2.2.1 Cross-Site.Request.Forgery.to.Arbitrary.Options.Update HIGH" "mainwp-child-reports 2.2 Cross-Site.Request.Forgery MEDIUM" "mainwp-child-reports 2.0.8 Admin+.SQL.Injection MEDIUM" "mediabay No.known.fix WordPress.Media.Library.Folders.<=.1.4.-.Reflected.Cross-Site.Scripting MEDIUM" "media-library-plus 8.3.1 Missing.Authorization.to.Plugin.Settings.Change MEDIUM" "media-library-plus 8.2.4 Missing.Authorization.on.Various.Functions MEDIUM" "media-library-plus 8.2.3 Authenticated.(Subscriber+).Second-Order.SQL.Injection CRITICAL" "media-library-plus 8.2.1 Reflected.Cross-Site.Scripting.via.'s' MEDIUM" "media-library-plus 8.1.9 Authenticated.(Author+).Directory.Traversal MEDIUM" "media-library-plus 8.1.8 Authenticated.(Author+).SQL.Injection CRITICAL" "media-library-plus 7.1.2 Plugin.Reset.via.CSRF MEDIUM" "my-auctions-allegro-free-edition No.known.fix Cross-Site.Request.Forgery MEDIUM" "my-auctions-allegro-free-edition 3.6.21 Contributor+.SQLi HIGH" "my-auctions-allegro-free-edition 3.6.19 Reflected.Cross-Site.Scripting MEDIUM" "my-auctions-allegro-free-edition 3.6.18 Reflected.Cross-Site.Scripting MEDIUM" "miguras-divi-maker No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "my-wpdb 2.5 Arbitrary.SQL.Query.via.CSRF MEDIUM" "mm-breaking-news No.known.fix Stored.XSS.via.CSRF HIGH" "mm-breaking-news No.known.fix Reflected.XSS MEDIUM" "meta-data-filter 2.2.8 Arbitrary.Settings.Update.via.CSRF MEDIUM" "makewebbetter-hubspot-for-woocommerce 1.6.0 Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.Options.Update HIGH" "my-wp-tabs 2.2.7 Admin+.Stored.XSS LOW" "msrp-for-woocommerce 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "metorik-helper 1.7.2 Cross-Site.Request.Forgery MEDIUM" "meta-tag-manager 3.2 Missing.Authorization MEDIUM" "meta-tag-manager 3.1 Subscriber+.PHP.Object.Injection HIGH" "meta-tag-manager 2.1 Reflected.Cross-Site.Scripting MEDIUM" "membermouse 2.2.9 Blind.SQL.Injection CRITICAL" "meteor-slides No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "meteor-slides No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "meteor-slides 1.5.7 Contributor+.Stored.XSS MEDIUM" "metricool 1.18 Admin+.Stored.XSS LOW" "makecommerce 3.5.2 Reflected.Cross-Site.Scripting MEDIUM" "my-account-page-editor 1.3.2 Subscriber+.Arbitrary.File.Upload CRITICAL" "motors-car-dealership-classified-listings 1.4.72 Unauthenticated.Local.File.Inclusion CRITICAL" "motors-car-dealership-classified-listings 1.4.65 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Plugin.Installation HIGH" "motors-car-dealership-classified-listings 1.4.64 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "motors-car-dealership-classified-listings 1.4.67 Missing.Authorization.to.Authenticated.(Subscriber+).Wizard.Set-up MEDIUM" "motors-car-dealership-classified-listings 1.4.72 Contributor+.Local.File.Inclusion HIGH" "motors-car-dealership-classified-listings 1.4.72 Contributor+.Stored.XSS MEDIUM" "motors-car-dealership-classified-listings 1.4.58 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Deletion.and.Listing.Template.Creation MEDIUM" "motors-car-dealership-classified-listings 1.4.44 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution.via.Custom.Title MEDIUM" "motors-car-dealership-classified-listings 1.4.11 Missing.Authorization MEDIUM" "motors-car-dealership-classified-listings 1.4.7 Unauthenticated.SSRF MEDIUM" "motors-car-dealership-classified-listings 1.4.7 Reflected.XSS HIGH" "motors-car-dealership-classified-listings 1.4.5 CSRF MEDIUM" "motors-car-dealership-classified-listings 1.4.4 Car.Dealer,.Classifieds.&.Listing.<.1.4.4.-.Arbitrary.File.Upload CRITICAL" "motors-car-dealership-classified-listings 1.4.1 Multiple.Issues MEDIUM" "masjidal 1.8.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "metalpriceapi 1.1.5 Contributor+.Remote.Code.Execution HIGH" "mz-mindbody-api 2.8.3 Unauthorised.AJAX.Calls HIGH" "my-favorites 1.4.3 Contributor+.Stored.XSS MEDIUM" "my-favorites No.known.fix Contributor+.Stored.XSS MEDIUM" "mass-messaging-in-buddypress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mobile-pages No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mobile-pages No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mobile-pages 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "nmr-strava-activities 1.0.8 Contributor+.Stored.XSS MEDIUM" "nepali-date-converter 3.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "notification 6.1.0 Reflected.Cross-Site.Scripting MEDIUM" "notification 8.0.0 Admin+.Stored.Cross-Site.Scripting LOW" "notices No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "notifications-center No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "nafeza-prayer-time No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "notificationx 3.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "notificationx 2.9.4 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "notificationx 2.8.3 Unauthenticated.SQL.Injection CRITICAL" "notificationx 2.3.12 Unauthenticated.SQLi HIGH" "notificationx 2.3.9 Unauthenticated.Blind.SQL.Injection HIGH" "notificationx 1.8.3 Cross-Site.Request.Forgery MEDIUM" "notificationx 1.8.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "news-wall No.known.fix Cross-Site.Request.Forgery.to.Plugin.Settings.Update MEDIUM" "nudgify 1.3.4 Cross-Site.Request.Forgery.via.sync_orders_manually() MEDIUM" "noveldesign-store-directory No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "ns-woocommerce-watermark No.known.fix Abuse.of.Functionality MEDIUM" "nc-wishlist-for-woocommerce No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "no-disposable-email No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "nd-booking 3.7 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "nd-booking 3.7 Unauthenticated.Local.File.Inclusion CRITICAL" "nd-booking 3.3 Contributor+.Stored.XSS MEDIUM" "nd-booking 2.5 Unauthenticated.Options.Change MEDIUM" "newsletter-optin-box 4.0.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "newsletter-optin-box 3.4.3 Missing.Authorization.to.Unauthenticated.Form.Submission MEDIUM" "newsletter-optin-box 1.6.5 Open.Redirect MEDIUM" "news-ticker-for-elementor No.known.fix Missing.Authorization MEDIUM" "newsletter2go No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Style.Reset MEDIUM" "newsletter2go No.known.fix Authenticated(Subscriber+).Stored.Cross-Site.Scripting.via.style MEDIUM" "newsletter-bulk-email No.known.fix Contributor+.Stored.XSS MEDIUM" "nautic-pages No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "nemesis-all-in-one No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nitek-carousel-cool-transitions No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "nitek-carousel-cool-transitions No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "nitek-carousel-cool-transitions No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "norse-runes-oracle 1.4.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "norse-runes-oracle 1.4.3 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "new-photo-gallery 1.4.3 Contributor+.PHP.Object.Injection.via.Shortcode MEDIUM" "nasa-core No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "nasa-core 6.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nasa-core No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "nasa-core No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "nextcart-woocommerce-migration 3.9.5 Unauthenticated.SQL.Injection HIGH" "nextcart-woocommerce-migration 3.9.4 Reflected.Cross-Site.Scripting MEDIUM" "notibar 2.1.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "notibar 2.1.5 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution.via.njt_nofi_text MEDIUM" "notibar 2.1.5 Missing.Authorization.via.ajax_install_plugin MEDIUM" "newsletters-lite 4.10 Authenticated.(Administrator+).Local.File.Inclusion HIGH" "newsletters-lite 4.9.9.9 Authenticated.(Contributor+).SQL.Injection.orderby.Parameter MEDIUM" "newsletters-lite 4.9.9.8 Authenticated.(Administrator+).SQL.Injection MEDIUM" "newsletters-lite 4.9.9.8 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "newsletters-lite 4.9.9.8 Reflected.Cross-Site.Scripting.via.To.Parameter MEDIUM" "newsletters-lite 4.9.9.7 Reflected.Cross-Site.Scripting MEDIUM" "newsletters-lite 4.9.9.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.newsletters_video.Shortcode MEDIUM" "newsletters-lite 4.9.9.2 Reflected.Cross-Site.Scripting MEDIUM" "newsletters-lite 4.9.9.3 Authenticated.Privilege.Escalation HIGH" "newsletters-lite 4.9.9 Reflected.Cross-Site.Scripting MEDIUM" "newsletters-lite 4.9.9.1 Unauthenticated.Full.Path.Disclosure MEDIUM" "newsletters-lite 4.9.8 Cross-Site.Request.Forgery MEDIUM" "newsletters-lite 4.9.6 Reflected.Cross-Site.Scripting MEDIUM" "newsletters-lite 4.9.6 Authenticated.(Admin+).Arbitrary.File.Upload CRITICAL" "newsletters-lite 4.9.6 Information.Exposure.via.Log.files MEDIUM" "newsletters-lite 4.9.3 Admin+.Command.Injection MEDIUM" "newsletters-lite 4.6.19 Multiple.Issues HIGH" "newsletters-lite 4.6.8.6 PHP.Object.Injection CRITICAL" "ni-woocommerce-sales-report-email No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "narnoo-commerce-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "nexa-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nexa-blocks No.known.fix Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "nepali-date-utilities No.known.fix Stored.XSS.via.CSRF HIGH" "nitropack 1.17.6 Subscriber+.Limited.Options.Update HIGH" "nitropack 1.17.6 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Transient.Update MEDIUM" "nitropack 1.16.8 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "nitropack 1.10.3 Multiple.CSRF MEDIUM" "nitropack 1.10.0 Missing.Authorization.via.multiple.AJAX.functions MEDIUM" "nite-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "newsmanapp 2.7.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "newsletter-manager No.known.fix Unauthenticated.Insecure.Deserialisation HIGH" "newsletter-manager 1.5 Unauthenticated.Open.Redirect MEDIUM" "newsletter-manager 1.0.2 Cross-Site.Request.Forgery MEDIUM" "newsletter-manager 1.0.2 Authenticated.Reflected.Cross.Site.Scripting HIGH" "nacc-wordpress-plugin 4.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "naver-blog-api No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ninja-job-board 1.3.3 Resume.Disclosure.via.Directory.Listing MEDIUM" "nextgen-cooliris-gallery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "no-bot-registration 2.0 Cross-Site.Request.Forgery MEDIUM" "newsletter-image-generator No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ngg-smart-image-search 3.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ngg-smart-image-search 3.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "netgsm 2.9.33 Missing.Authorization MEDIUM" "netgsm 2.9.1 Reflected.Cross-Site.Scripting MEDIUM" "nirweb-support No.known.fix Missing.Authorization MEDIUM" "nirweb-support 2.8.2 Unauthenticated.SQLi HIGH" "nps-computy 2.8.1 Reflected.Cross-Site.Scripting MEDIUM" "nps-computy 2.7.6 Admin+.Stored.XSS LOW" "nps-computy 2.7.6 Results.Deletion.via.CSRF MEDIUM" "nextend-facebook-connect 3.1.13 Reflected.Self-Based.Cross-Site.Scripting.via.error_description MEDIUM" "navayan-csv-export No.known.fix Unauthenticated.SQL.Injection CRITICAL" "novelist 1.2.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "novelist 1.2.3 Cross-Site.Request.Forgery MEDIUM" "novelist 1.2.1 Admin+.Stored.XSS MEDIUM" "notify-odoo 1.0.1 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "nifty-coming-soon-and-under-construction-page 1.58 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "navigation-du-lapin-blanc No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ninja-beaver-lite-addons-for-beaver-builder No.known.fix .Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Widgets MEDIUM" "ni-purchase-orderpo-for-woocommerce 1.2.2 Admin+.File.Upload.to.Remote.Code.Execution MEDIUM" "notifyvisitors-lead-form No.known.fix Admin+.Stored.XSS LOW" "next-event-calendar No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "new-image-gallery 1.4.6 Missing.Authorization MEDIUM" "n5-uploadform No.known.fix Unauthenticated.Arbitrary.File.Upload.to.RCE CRITICAL" "nex-forms 7.8.8 Authentication.Bypass.for.PDF.Reports MEDIUM" "nex-forms 7.8.8 Authentication.Bypass.for.Excel.Reports MEDIUM" "ni-woo-sales-commission No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Commission.Update MEDIUM" "ninjateam-telegram 1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.username.Parameter MEDIUM" "ninjateam-telegram 1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ninja-forms 3.10.1 Admin+.Stored.XSS LOW" "ninja-forms 3.10.1 Admin+.Stored.XSS LOW" "ninja-forms 3.10.1 Admin+.Stored.XSS LOW" "ninja-forms 3.8.25 Contributor+.Stored.XSS MEDIUM" "ninja-forms 3.8.23 Subscriber+.Arbitrary.Shortcode.Execution MEDIUM" "ninja-forms 3.8.20 Unauthenticated.Stored.XSS.via.Form.Calculations HIGH" "ninja-forms 3.8.18 Admin+.Stored.XSS LOW" "ninja-forms 3.8.18 Admin+.Stored.XSS LOW" "ninja-forms 3.8.16 Reflected.Self-Based.Cross-Site.Scripting.via.Referer MEDIUM" "ninja-forms 3.8.12 Administrator+.Stored.Cross-Site.Scripting MEDIUM" "ninja-forms 3.8.11 Reflected.XSS HIGH" "ninja-forms 3.8.7 Cross-Site.Request.Forgery MEDIUM" "ninja-forms 3.8.5 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "ninja-forms 3.8.1 Admin+.Stored.Cross-Site.Scripting MEDIUM" "ninja-forms 3.8.1 Publicly.Accessible.Form.Submission.Export.via.CSRF MEDIUM" "ninja-forms 3.8.1 Author+.Stored.XSS LOW" "ninja-forms 3.7.2 Unauthenticated.Second.Order.SQL.Injection MEDIUM" "ninja-forms 3.6.34 Admin+.Stored.XSS NONE" "ninja-forms 3.6.26 Admin+.Stored.HTML.Injection NONE" "ninja-forms 3.6.26 Contributor+.Form.Entries.Export MEDIUM" "ninja-forms 3.6.26 Subscriber+.Form.Entries.Export MEDIUM" "ninja-forms 3.6.26 Reflected.Cross-Site.Scripting HIGH" "ninja-forms 3.6.25 Admin+.Arbitrary.File.Deletion LOW" "ninja-forms 3.6.22 Reflected.XSS HIGH" "ninja-forms 3.6.13 Admin+.PHP.Objection.Injection MEDIUM" "ninja-forms 3.6.11 Unauthenticated.PHP.Object.Injection CRITICAL" "ninja-forms 3.6.10 Admin+.Stored.Cross-Site.Scripting LOW" "ninja-forms 3.6.10 Admin+.Stored.Cross-Site.Scripting.via.Import LOW" "ninja-forms 3.6.8-wp Unauthenticated.Email.Address.Disclosure MEDIUM" "ninja-forms 3.6.4 Admin+.SQL.Injection MEDIUM" "ninja-forms 3.5.8.2 Admin+.Stored.Cross-Site.Scripting LOW" "ninja-forms 3.5.8 Unprotected.REST-API.to.Sensitive.Information.Disclosure MEDIUM" "ninja-forms 3.5.8 Unprotected.REST-API.to.Email.Injection MEDIUM" "ninja-forms 3.5.5 Reflected.Cross-Site.Scripting MEDIUM" "ninja-forms 3.4.34 CSRF.to.OAuth.Service.Disconnection MEDIUM" "ninja-forms 3.4.34 Authenticated.SendWP.Plugin.Installation.and.Client.Secret.Key.Disclosure CRITICAL" "ninja-forms 3.4.34 Administrator.Open.Redirect MEDIUM" "ninja-forms 3.4.34.1 Authenticated.OAuth.Connection.Key.Disclosure HIGH" "ninja-forms 3.4.27.1 Validation.Bypass.via.Email.Field MEDIUM" "ninja-forms 3.4.27.1 CSRF.leading.to.Arbitrary.Plugin.Installation HIGH" "ninja-forms 3.4.28 Stored.Cross-Site.Scripting MEDIUM" "ninja-forms 3.4.24.2 CSRF.to.Stored.XSS HIGH" "ninja-forms 3.4.23 CSRF.to.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "ninja-forms 3.3.21.3 XSS.and.SQLi CRITICAL" "ninja-forms 3.3.21.2 SQL.Injection MEDIUM" "ninja-forms 3.3.19.1 Authenticated.Open.Redirect MEDIUM" "ninja-forms 3.3.18 Unauthenticated.Cross-Site.Scripting.(XSS) HIGH" "ninja-forms 3.3.14 Cross-Site.Scripting.(XSS).in.Import.Function CRITICAL" "ninja-forms 3.3.14 CSV.Injection HIGH" "ninja-forms 3.3.9 Insufficient.Restrictions.during.Export.Personal.Data.requests MEDIUM" "ninja-forms 3.2.15 Parameter.Tampering MEDIUM" "ninja-forms 3.2.14 Cross-Site.Scripting.(XSS) CRITICAL" "neuvoo-jobroll No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "newsletter-by-supsystic No.known.fix Authenticated.SQL.Injection CRITICAL" "newsletter-by-supsystic 1.1.8 Authenticated.Stored.XSS.&.CSRF HIGH" "new-contact-form-widget 1.4.7 Cross-Site.Request.Forgery MEDIUM" "new-contact-form-widget 1.4.3 Cross-Site.Request.Forgery MEDIUM" "new-contact-form-widget 1.4.0 Sensitive.Information.Exposure MEDIUM" "no-future-posts No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "nd-restaurant-reservations No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nd-restaurant-reservations 2.0 Directory.Traversal.to.Authenticated.(Contributor+).Local.File.Inclusion HIGH" "nd-restaurant-reservations 1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nd-restaurant-reservations 1.5 Unauthenticated.Options.Change CRITICAL" "nextgen-gallery-voting No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "nice-paypal-button-lite No.known.fix CSRF MEDIUM" "nlinks No.known.fix Authenticated.SQL.Injection HIGH" "network-favorites No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "nepali-post-date No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "narnoo-shortcodes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ni-woocommerce-product-editor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ninjafirewall 4.3.4 Authenticated.(admin+).PHAR.Deserialization LOW" "nd-travel No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "nd-travel 1.7 Unauthenticated.Options.Change MEDIUM" "newsplugin 1.1.0 CSRF.to.Stored.Cross-Site.Scripting HIGH" "nurelm-get-posts No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nm-visitors No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.via.HTTP.Header HIGH" "nd-shortcodes 7.6 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "nd-shortcodes 7.0 Subscriber+.LFI HIGH" "nd-shortcodes 7.0 Contributor+.Stored.XSS.via.Shortcodes MEDIUM" "nd-shortcodes 6.0 Unauthenticated.WP.Options.Update MEDIUM" "notifier 2.6.1 Admin+.Stored.XSS LOW" "next-page No.known.fix Admin+.Stored.XSS LOW" "neshan-maps No.known.fix Admin+.SQLi MEDIUM" "nextcellent-gallery-nextgen-legacy No.known.fix Admin+.Stored.XSS LOW" "nix-anti-spam-light No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "ni-crm-lead No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ni-crm-lead No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "ninja-forms-webhooks 3.0.8 Authenticated.(Admin+).Server-Side.Request.Forgery.via.Form.Webhook MEDIUM" "nblocks No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "nofollow-links 1.0.11 Cross-Site.Scripting.(XSS) MEDIUM" "new-video-gallery 1.5.4 Missing.Authorization MEDIUM" "news-ticker-widget-for-elementor 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "news-kit-elementor-addons No.known.fix Contributor+.Stored.XSS MEDIUM" "news-kit-elementor-addons No.known.fix Contributor+.Stored.XSS MEDIUM" "news-kit-elementor-addons 1.2.2 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Canvas.Menu.Elementor.Template MEDIUM" "nv-slider No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "nv-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "novo-map No.known.fix CSRF MEDIUM" "nichetable 2.8.0 Reflected.Cross-Site.Scripting MEDIUM" "nichetable 2.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "news-element No.known.fix Contributor+.Stored.XSS MEDIUM" "news-element 1.0.6 Unauthenticated.LFI HIGH" "nativery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ns-simple-intro-loader No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "nd-elements 2.2 Authenticated.(Contributor+).Local.File.Inclusion.via.Multiple.Widget.Attributes HIGH" "neon-product-designer-for-woocommerce No.known.fix Unauthenticated.SQL.Injection HIGH" "neon-product-designer-for-woocommerce No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "navz-photo-gallery 2.7 Missing.Authorization MEDIUM" "navz-photo-gallery 2.0 Subscriber+.UserMeta.Update MEDIUM" "navz-photo-gallery 1.7.5 Reflected.Cross-Site.Scripting MEDIUM" "notice-faq No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nias-course No.known.fix Contributor+.Stored.XSS MEDIUM" "nofollow-free No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "network-posts-extended No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.post_height.Parameter MEDIUM" "new-user-approve 2.6.4 Missing.Authorization MEDIUM" "new-user-approve 2.5.2 Cross-Site.Request.Forgery.via.admin_notices MEDIUM" "new-user-approve 2.5.1 Reflected.Cross-Site.Scripting MEDIUM" "new-user-approve 2.4 Arbitrary.Settings.Update.&.Invitation.Code.Creation.via.CSRF MEDIUM" "new-user-approve 2.4.1 Reflected.Cross-Site.Scripting MEDIUM" "new-user-approve 2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "newstatpress 1.3.6 Reflected.Cross-Site.Scripting MEDIUM" "newstatpress 1.2.5 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "newstatpress 1.0.6 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "newstatpress 1.0.6 SQL.Injection CRITICAL" "newstatpress 1.0.4 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "newstatpress 1.0.1 SQL.Injection CRITICAL" "namaste-lms No.known.fix Cross-Site.Request.Forgery MEDIUM" "namaste-lms 2.6.5 Cross-Site.Request.Forgery MEDIUM" "namaste-lms 2.6.4.1 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "namaste-lms 2.6.3 Reflected.Cross-Site.Scripting MEDIUM" "namaste-lms 2.6.4 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "namaste-lms 2.6.3 Authenticated.(Student+).Stored.Cross-Site.Scripting MEDIUM" "namaste-lms 2.6.1.2 Reflected.Cross-Site.Scripting MEDIUM" "namaste-lms 2.6 Admin+.Stored.XSS LOW" "namaste-lms 2.5.9.4 Admin+.Stored.XSS LOW" "namaste-lms 2.5.9.2 Admin+.Stored.XSS LOW" "ni-woocommerce-sales-report 3.7.4 Subscriber+.Sale.&.Order.Reports.Access MEDIUM" "nhrrob-options-table-manager 1.1.3 Authenticated.(Admin+).PHP.Object.Injection HIGH" "newsletter-api 2.4.6 API.v1.and.v2.addon.for.Newsletter.<.2.4.6.-.Missing.Authorization.to.Email.Subscribers.Management MEDIUM" "new-user-email-set-up No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "new-grid-gallery 1.4.4 Contributor+.PHP.Object.Injection.via.shortcode MEDIUM" "new-grid-gallery 1.2.5 Authenticated.Stored.Cross.Site.Scripting.(XSS) LOW" "new-year-firework No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "no-external-links No.known.fix Admin+.Stored.XSS LOW" "nofollow No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "nicebackgrounds No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "nktagcloud No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "nearby-locations No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "ni-woocommerce-cost-of-goods 3.2.9 Subscriber+.Stored.XSS MEDIUM" "ni-woocommerce-cost-of-goods 3.2.9 Missing.Authorization MEDIUM" "ni-woocommerce-cost-of-goods 3.2.9 Admin+.SQL.Injection MEDIUM" "nexter-extension 2.0.4 Reflected.XSS HIGH" "nexter-extension 2.0.4 Authenticated(Editor+).Remote.Code.Execution.via.metabox HIGH" "n360-splash-screen No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "number-chat No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "number-chat No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "nelio-ab-testing 4.6.4 CSRF HIGH" "nelio-ab-testing 4.5.11 SSRF CRITICAL" "nelio-ab-testing 4.5.9 Server.Side.Request.Forgery.(SSRF) CRITICAL" "nelio-ab-testing 4.5.0 Path.Traversal MEDIUM" "nelio-content 3.2.1 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "new-order-popup No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "nokaut-offers-box No.known.fix Admin+.Stored.XSS LOW" "nokaut-offers-box No.known.fix Plugin.Reset.via.CSRF MEDIUM" "nexus No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "nexus No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "nexus No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "navegg No.known.fix Cross-Site.Request.Forgery MEDIUM" "ninja-tables-pro No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nowpayments-for-woocommerce 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "notification-plus No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "nex-forms-express-wp-form-builder 8.9.2 Authenticated.(Custom).Limited.Code.Execution.via.get_table_records.Function MEDIUM" "nex-forms-express-wp-form-builder 8.9.2 Authenticated.(Custom).Stored.Cross-Site.Scripting MEDIUM" "nex-forms-express-wp-form-builder 8.8.2 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "nex-forms-express-wp-form-builder 8.7.16 Authenticated.(Admin+).SQL.Injection MEDIUM" "nex-forms-express-wp-form-builder 8.7.9 Authenticated.(Administrator+).SQL.Injection MEDIUM" "nex-forms-express-wp-form-builder 8.7.4 Reflected.Cross-Site.Scripting MEDIUM" "nex-forms-express-wp-form-builder 8.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nex-forms-express-wp-form-builder 8.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "nex-forms-express-wp-form-builder 8.5.7 Missing.Authorization.via.set_starred() MEDIUM" "nex-forms-express-wp-form-builder 8.5.7 Missing.Authorization.via.restore_records() MEDIUM" "nex-forms-express-wp-form-builder 8.5.7 Missing.Authorization.via.set_read() MEDIUM" "nex-forms-express-wp-form-builder 8.5.5 Cross-Site.Request.Forgery MEDIUM" "nex-forms-express-wp-form-builder 8.5.6 Authenticated.(Admin+).SQL.Injection MEDIUM" "nex-forms-express-wp-form-builder 8.4.4 Authenticated.Stored.XSS LOW" "nex-forms-express-wp-form-builder 8.4 Admin+.SQL.Injection MEDIUM" "nex-forms-express-wp-form-builder 8.3.3 Contributor+.Stored.XSS MEDIUM" "nex-forms-express-wp-form-builder 7.9.7 Authenticated.SQLi MEDIUM" "nex-forms-express-wp-form-builder 8.4.3 Stored.Cross-Site.Scripting.via.CSRF HIGH" "nex-forms-express-wp-form-builder 7.8 Subscriber+.Unauthorised.AJAX.Calls MEDIUM" "nex-forms-express-wp-form-builder 4.6.1 Unauthenticated.Blind.SQL.Injection CRITICAL" "nooz 1.7.0 Admin+.Stored.XSS LOW" "navigation-tree-elementor No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "naver-analytics No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "no-api-amazon-affiliate 4.4.0 Admin+.Stored.XSS LOW" "network-summary No.known.fix Unauthenticated.SQL.Injection CRITICAL" "ns-coupon-to-become-customer No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "nabz-image-gallery No.known.fix Unauthenticated.SQL.Injection CRITICAL" "name-directory 1.30.1 Missing.Authorization MEDIUM" "name-directory 1.29.1 Reflected.Cross-Site.Scripting MEDIUM" "name-directory 1.27.2 Settings.Update.via.CSRF MEDIUM" "name-directory 1.25.5 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "name-directory 1.25.4 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "name-directory 1.25.3 Reflected.Cross-Site.Scripting MEDIUM" "name-directory 1.25.4 Arbitrary.Directory/Name.Deletion.via.CSRF MEDIUM" "name-directory 1.18 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "newsletter 8.8.5 Admin+.Stored.XSS.via.Widget LOW" "newsletter 8.8.5 Admin+.Stored.XSS.via.Form LOW" "newsletter 8.8.2 Admin+.Stored.XSS.via.Subscription LOW" "newsletter 8.7.1 Admin+.Stored.XSS LOW" "newsletter 8.3.5 Unauthenticated.Stored.Cross-Site.Scripting.via.np1 MEDIUM" "newsletter 8.2.1 IP.Spoofing MEDIUM" "newsletter 7.9.0 Contributor+.Stored.XSS MEDIUM" "newsletter 7.6.9 Reflected.XSS HIGH" "newsletter 7.4.6 Admin+.Stored.Cross-Site.Scripting LOW" "newsletter 7.4.5 Reflected.Cross-Site.Scripting LOW" "newsletter 6.8.2 Authenticated.PHP.Object.Injection MEDIUM" "newsletter 6.8.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "newsletter 6.7.7 Authenticated.Stored.Cross-Site.Scripting LOW" "newsletter 6.5.4 CSV.Injection LOW" "newsletter 3.8.3 Open.Redirect LOW" "newsletter 3.2.7 Cross-Site.Scripting.(XSS) MEDIUM" "newsletter 3.0.9 SQL.Injection MEDIUM" "nextgen-gallery-geo 2.0.3 Unauthenticated.PHP.Object.Injection MEDIUM" "no-update-nag No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "newsletter-subscriptions No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "newsletter-page-redirects No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "nextend-twitter-connect 1.5.2 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "nicejob 3.7.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nicejob 3.7.2 Contributor+.Stored.XSS MEDIUM" "nicejob 3.6.5 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "nicejob 3.6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ninja-page-categories-and-tags No.known.fix Admin+.Stored.XSS LOW" "newspack-ads 1.47.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nd-projects No.known.fix Contributor+.Stored.XSS MEDIUM" "nd-projects No.known.fix Contributor+.Stored.XSS MEDIUM" "nd-projects 1.6 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "nd-projects No.known.fix Authenticated.Local.File.Inclusion MEDIUM" "ninjalibs-ses No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "no-spam-at-all No.known.fix Missing.Authorization MEDIUM" "new-order-notification-for-woocommerce No.known.fix Missing.Authorization MEDIUM" "nextend-social-login-pro 3.1.17 Authentication.Bypass.via.Apple.OAuth.provider CRITICAL" "nextend-social-login-pro 3.1.15 Authentication.Bypass CRITICAL" "new-album-gallery 1.6.4 Authenticated.(Editor+).PHP.Object.Injection.via.Gallery.Meta HIGH" "new-album-gallery 1.5.8 Missing.Authorization MEDIUM" "new-album-gallery 1.5.0 Cross-Site.Request.Forgery MEDIUM" "news-announcement-scroll 9.1.0 .Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "news-announcement-scroll 9.0.0 Admin+.Stored.XSS LOW" "newsticker No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nimble-builder 3.2.2 Reflected.Cross-Site.Scripting MEDIUM" "netforum-directory-with-importer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "netforum-directory-with-importer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "notification-for-telegram 3.3.2 Missing.Authorization.to.Authenticated.(Subscriber+).Send.Telegram.Test.Message MEDIUM" "noakes-menu-manager 3.2.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nimbata-call-tracking No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "notice-board-by-towkir No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "night-mode 1.4.0 Admin+.Stored.Cross-Site.Scripting LOW" "noo-timetable No.known.fix Cross-Site.Request.Forgery MEDIUM" "noo-timetable No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "nova-poshta-ttn 1.19.7 Unauthenticated.SQL.Injection HIGH" "nova-poshta-ttn 1.7.49 Reflected.Cross-Site.Scripting MEDIUM" "nextgen-gallery-pro 3.1.11 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "news-articles No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nd-learning 5.0 Admin+.Stored.Cross-Site.Scripting LOW" "nd-learning 4.8 Unauthenticated.Options.Change MEDIUM" "newspack-newsletters 3.14.0 Open.Redirect MEDIUM" "newspack-newsletters 2.13.3 Missing.Authorization MEDIUM" "newspack-newsletters 2.13.3 Cross-Site.Request.Forgery MEDIUM" "noted-pro No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "noted-pro No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "note-press No.known.fix Admin+.SQLi.via.id MEDIUM" "note-press No.known.fix Admin+.SQLi.via.Bulk.Actions MEDIUM" "note-press No.known.fix Admin+.SQLi.via.Update MEDIUM" "note-press 0.1.2 SQL.Injection CRITICAL" "ninja-forms-uploads 3.3.18 Unauthenticated.Stored.Cross-Site.Scripting.via.File.Upload HIGH" "ninja-forms-uploads 3.3.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "ninja-forms-uploads 3.3.13 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "ninja-forms-uploads 3.0.23 Unauthenticated.Arbitrary.File.Upload HIGH" "notif-bell 0.9.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "notifikacie-sk No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ntzantispam No.known.fix Settings.Update.via.CSRF HIGH" "n-media-wp-simple-quiz No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nextend-smart-slider3-pro 3.5.0.9 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "newsletter-popup No.known.fix Unauthenticated.Stored.XSS HIGH" "newsletter-popup No.known.fix Admin+.Stored.XSS LOW" "newsletter-popup No.known.fix Subscriber.Deletion.via.CSRF MEDIUM" "newsletter-popup No.known.fix List.Deletion.via.CSRF MEDIUM" "newsletter-popup No.known.fix Unauthenticated.Stored.XSS HIGH" "newsletter-popup No.known.fix Record.Deletion.via.CSRF MEDIUM" "nova-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nova-blocks 2.1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.align.Attribute MEDIUM" "nmedia-user-file-uploader 22.8 Sensitive.Information.Exposure.via.user.uploads MEDIUM" "nmedia-user-file-uploader 22.7 Editor+.Arbitrary.File.Download HIGH" "nmedia-user-file-uploader 21.4 File.Upload.via.CSRF MEDIUM" "nmedia-user-file-uploader 21.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "nmedia-user-file-uploader 21.3 Subscriber+.Arbitrary.File.Upload CRITICAL" "nmedia-user-file-uploader 21.3 Unauthenticated.File.Renaming CRITICAL" "nmedia-user-file-uploader 18.3 Unauthenticated.Post.Meta.Change.to.Arbitrary.File.Download HIGH" "nmedia-user-file-uploader 18.3 Unauthenticated.Content.Injection.and.Stored.XSS HIGH" "nmedia-user-file-uploader 18.3 Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "nmedia-user-file-uploader 18.3 Unauthenticated.HTML.Injection MEDIUM" "nmedia-user-file-uploader 18.3 Privilege.Escalation MEDIUM" "nmedia-user-file-uploader 18.3 Authenticated.Arbitrary.Settings.Change.to.Arbitrary.File.Upload CRITICAL" "ni-woocommerce-custom-order-status 1.9.7 Subscriber+.SQL.Injection HIGH" "nertworks-all-in-one-social-share-tools No.known.fix Cross-Site.Request.Forgery MEDIUM" "nopeamedia No.known.fix Cross-Site.Request.Forgery MEDIUM" "nopeamedia 1.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nimble-portfolio No.known.fix Unauthenticated.Server-Side.Request.Forgery CRITICAL" "navigation-menu-as-dropdown-widget 1.3.5 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "news-magazine-and-blog-elements No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "neon-text 1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "news-list No.known.fix Reflected.XSS HIGH" "notice-bar 3.1.1 Contributor+.Stored.XSS MEDIUM" "nextgen-gallery 3.59.5 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.SimpleLightbox.JavaScript.Library MEDIUM" "nextgen-gallery 3.59.9 Admin+.Stored.XSS LOW" "nextgen-gallery 3.59.5 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "nextgen-gallery 3.59.5 Admin+.Stored.XSS LOW" "nextgen-gallery 3.59.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "nextgen-gallery 3.59.3 Admin+.Stored.XSS LOW" "nextgen-gallery 3.59.1 Admin+.Stored.XSS LOW" "nextgen-gallery 3.59.1 Missing.Authorization.to.Unauthenticated.Information.Disclosure MEDIUM" "nextgen-gallery 3.39 Admin+.Arbitrary.File.Read.and.Delete MEDIUM" "nextgen-gallery 3.39 Admin+.PHAR.Deserialization HIGH" "nextgen-gallery 3.39 Admin+.Local.File.Inclusion MEDIUM" "nextgen-gallery 3.3.10 Reflected.Cross-Site.Scripting MEDIUM" "nextgen-gallery 3.29 Thumbnail.Deletion.via.CSRF MEDIUM" "nextgen-gallery 3.5.0 CSRF.allows.File.Upload,.Stored.XSS,.and.RCE CRITICAL" "nextgen-gallery 3.5.0 CSRF.allows.File.Upload HIGH" "nextgen-gallery 3.2.11 SQL.Injection CRITICAL" "nextgen-gallery 3.1.7 Subscriber+.Arbitrary.Option.Update CRITICAL" "nextgen-gallery 3.1.6 Authenticated.PHP.Object.Injection HIGH" "nextgen-gallery 2.2.50 Galley.Paths.Not.Secured HIGH" "nextgen-gallery 2.2.45 Cross-Site.Scripting.(XSS) MEDIUM" "nextgen-gallery 2.1.79 Unauthenticated.SQL.Injection HIGH" "nextgen-gallery 2.1.57 Authenticated.Local.File.Inclusion.(LFI).&.SQLi CRITICAL" "nextgen-gallery 2.1.15 Unrestricted.File.Upload HIGH" "nextgen-gallery 2.1.10 Multiple.XSS MEDIUM" "nextgen-gallery 2.1.9 Authenticated.Path.Traversal MEDIUM" "nextgen-gallery 2.1.15 Path.Traversal MEDIUM" "nextgen-gallery 2.0.77.3 CSRF.&.Arbitrary.File.Upload HIGH" "nextgen-gallery 2.0.0 Full.Path.Disclosure HIGH" "nextgen-gallery 2.0.0 gallerypath.Parameter.Stored.XSS CRITICAL" "new-adman No.known.fix Settings.Update.via.CSRF MEDIUM" "new-adman No.known.fix Admin+.Stored.XSS LOW" "nugget-by-ingot No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "nugget-by-ingot No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "newsboard No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "notice-board No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "newpost-catch 1.3.20 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.npc.Shortcode MEDIUM" "newspack-content-converter 1.0.0 Missing.Authorization MEDIUM" "nextgen-gallery-sell-photo No.known.fix Authenticated.Stored.Cross-Site.Scripting LOW" "narnoo-distributor No.known.fix Unauthenticated.LFI.to.Arbitrary.File.Read./.RCE HIGH" "nd-donations No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "nd-donations No.known.fix Unauthenticated.SQLi HIGH" "nd-donations 1.4 Unauthenticated.Options.Change MEDIUM" "next-order-coupon-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "next-order-coupon-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "next-order-coupon-woocommerce No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "naver-map No.known.fix Contributor+.Stored.XSS MEDIUM" "new-royalslider 3.4.3 Reflected.Cross-Site.Scripting MEDIUM" "nuajik-cdn No.known.fix Admin+.Stored.XSS LOW" "nmedia-mailchimp-widget No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "nino-social-connect No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "netreviews 2.3.15 Admin+.Stored.XSS LOW" "ni-woocommerce-product-enquiry No.known.fix Missing.Authorization MEDIUM" "newspack-blocks 3.0.9 Authenticated.(Contributor+).Arbitrary.File.Upload CRITICAL" "newspack-blocks 3.0.9 Missing.Authorization MEDIUM" "newspack-blocks 3.0.9 Authenticated.(Contributor+).Arbitrary.Directory.Deletion MEDIUM" "newspack-blocks 3.0.9 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "newspack-popups 2.31.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ns-facebook-pixel-for-wp No.known.fix Admin+.Stored.XSS LOW" "nofollow-jquery-links 1.5.2 Reflected.Cross-Site.Scripting MEDIUM" "nofollow-jquery-links 1.4.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ninja-tables 5.0.19 Unauthenticated.PHP.Object.Injection.to.Limited.Remote.Code.Execution MEDIUM" "ninja-tables 5.0.17 Admin+.Stored.XSS LOW" "ninja-tables 5.0.13 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "ninja-tables 5.0.10 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "ninja-tables 5.0.7 Contributor+.Table.Data.Access LOW" "ninja-tables 4.3.5 Admin+.Stored.XSS LOW" "ninja-tables 4.1.8 Admin+.Stored.Cross-Site.Cross-Site.Scripting LOW" "ni-woocommerce-order-export No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "n-media-woocommerce-checkout-fields 18.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "nanosupport No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "nanosupport No.known.fix Missing.Authorization MEDIUM" "ninja-gdpr-compliance 2.7.4 Missing.Authorization MEDIUM" "ninja-gdpr-compliance 2.7.2 Missing.Authorization MEDIUM" "ninja-gdpr-compliance 2.7.1 Missing.Authorization.to.Settings.Update.and.Stored.Cross-Site.Scripting MEDIUM" "ninja-gdpr-compliance 2.4 Unauthenticated.PHP.Object.Injection HIGH" "oxyextras 1.4.5 Unauthenticated.Cross-Site.Scripting MEDIUM" "opal-portfolios No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ovic-product-bundle No.known.fix Missing.Authorization MEDIUM" "online-appointment-scheduling-software No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "official-sendle-shipping-method 5.18 Reflected.XSS HIGH" "one-click-demo-import 3.2.1 Authenticated.(Admin+).PHP.Object.Injection HIGH" "one-click-demo-import 3.1.0 Admin+.Arbitrary.File.Upload MEDIUM" "oi-yamaps No.known.fix Contributor+.Stored.XSS MEDIUM" "order-on-chat-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "order-on-chat-for-woocommerce 1.6.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "off-page-seo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "oracle-cards 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "oxygenbuilder 4.9 Missing.Authorization.to.Authenticated.(Subscriber+).Stylesheet.Update MEDIUM" "oxygenbuilder 4.8.3 Authenticated.(Contributor+).Remote.Code.Execution HIGH" "oxygenbuilder 4.8.1 Contributor+.Stored.XSS MEDIUM" "opencart-product-display No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "open-menu No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "one-login No.known.fix Unauthenticated.Privilege.Esclation CRITICAL" "ota-sync-booking-engine-widget 1.3.0 Settings.Update.via.CSRF MEDIUM" "opencart-product-in-wp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "obfuscate-email No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "oauth2-server No.known.fix Authentication.Bypass MEDIUM" "oxygen 4.4 CSRF MEDIUM" "order-export-and-more-for-woocommerce 3.25 Unauthenticated.Sensitive.Information.Exposure.Through.Unprotected.Directory MEDIUM" "order-export-and-more-for-woocommerce 3.24 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "ocim-mp3 No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "oz-canonical No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "oauth2-provider 4.4.0 Open.Redirect MEDIUM" "oauth2-provider 4.2.5 Arbitrary.Post.Deletion.via.CSRF MEDIUM" "oauth2-provider 4.3.0 Subscriber+.Arbitrary.Client.Deletion MEDIUM" "oauth2-provider 3.4.2 Client.Secret.Regeneration.via.CSRF MEDIUM" "oauth2-provider 4.2.2 Admin+.Stored.XSS LOW" "oauth2-provider 3.1.5 Insecure.Pseudor&om.Number.Generation CRITICAL" "order-status-for-woocommerce 1.6.1 Reflected.Cross-Site.Scripting MEDIUM" "olevmedia-shortcodes No.known.fix Contributor+.Stored.XSS MEDIUM" "olevmedia-shortcodes 1.1.9 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "order-tracking 3.3.13 Missing.Authorization.via.send_test_email() MEDIUM" "order-tracking 3.3.7 Reflected.Cross-Site.Scripting HIGH" "order-tracking 3.3.7 Admin+.Stored.Cross-Site.Scripting LOW" "osm-map-elementor 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "ovic-import-demo No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Download MEDIUM" "our-team-members 2.3 Missing.Authorization.to.Authenticated.(Subscriber+).Information.Disclosure MEDIUM" "ooohboi-steroids-for-elementor 2.1.5 Arbitrary.File.Upload MEDIUM" "ooohboi-steroids-for-elementor 2.1.5 Subscriber+.Attachment.Deletion MEDIUM" "oneclick-whatsapp-order 1.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "oneclick-whatsapp-order 1.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "oneclick-whatsapp-order 1.0.5 Admin+.Stored.XSS LOW" "oneclick-whatsapp-order 1.0.4.2 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "order-delivery-pickup-location-date-time-free-version No.known.fix Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "ovic-vc-addon No.known.fix Missing.Authorization MEDIUM" "ovic-vc-addon 1.2.9 Subscriber+.Option.Update HIGH" "order-post No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "opt-in-hound No.known.fix Reflected.Cross-Site.Scripting.via.add_query_arg.Parameter MEDIUM" "oss-aliyun 1.4.11 Authenticated.(Administrator+).SQL.Injection CRITICAL" "openpgp-form-encryption 1.5.1 Contributor+.Stored.XSS MEDIUM" "open-graphite 1.6.1 Reflected.Cross-Site.Scripting HIGH" "og-tags 2.0.2 Plugin's.Settings.Update.via.CSRF MEDIUM" "optinly 1.0.19 Missing.Authorization MEDIUM" "optinly 1.0.16 CSRF MEDIUM" "olive-one-click-demo-import No.known.fix Unauthenticated.Information.Exposure MEDIUM" "olive-one-click-demo-import 1.1.2 Missing.Authorization MEDIUM" "olive-one-click-demo-import No.known.fix Admin+.Arbitrary.File.Upload MEDIUM" "onoffice-for-wp-websites No.known.fix Missing.Authorization MEDIUM" "onoffice-for-wp-websites No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "oneelements-ultimate-addons-for-elementor No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "open-graph-metabox No.known.fix CSRF MEDIUM" "out-of-the-box 1.20.3 Reflected.Cross-Site.Scripting MEDIUM" "order-audit-log-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "openid No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "owl-carousel No.known.fix Contributor+.Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "olimometer 2.57 Unauthenticated.SQL.Injection CRITICAL" "optio-dentistry 2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "oauth-client 1.11.4 Authenticated.Bypass CRITICAL" "outdooractive-embed 1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "opal-hotel-room-booking No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "optin-forms 1.3.7 Admin+.Stored.Cross-Site.Scripting LOW" "optin-forms 1.3.3 Admin+.Stored.XSS LOW" "open-hours No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ok-poster-group No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "optinmonster 2.16.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "optinmonster 2.16.0 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "optinmonster 2.12.2 Subscriber+.Arbitrary.Post.Content.Disclosure MEDIUM" "optinmonster 2.6.5 Unprotected.REST-API.Endpoints HIGH" "optinmonster 2.6.1 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "optinmonster 1.1.4.6 Execution.of.Arbitrary.Shortcodes MEDIUM" "otp-easy-login-with-mocean No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ova-events-manager No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "online-lesson-booking-system 0.8.7 CSRF.&.XSS HIGH" "order-redirects-for-woocommerce 0.8.1 Reflected.Cross-Site.Scripting MEDIUM" "one-click-close-comments No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "onlyoffice-docspace 2.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "omnify-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "offload-videos-bunny-netaws-s3 1.0.1 Offload.Videos.–.Bunny,net,.AWS.S3.<=.1,0,1.Subscriber+.CSRF MEDIUM" "one-backend-language No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "off-canvas-sidebars 0.5.8.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "off-canvas-sidebars 0.5.8.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "online-accessibility No.known.fix Missing.Authorization MEDIUM" "online-accessibility 4.19 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "online-accessibility 4.19 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "online-accessibility 4.19 Missing.Authorization MEDIUM" "online-accessibility 4.13 Subscriber+.SQLi HIGH" "online-accessibility 4.13 Subscriber+.SQLi HIGH" "opcache No.known.fix Reflected.XSS HIGH" "order-auto-complete-for-woocommerce 1.2.1 Admin+.Stored.XSS LOW" "otter-pro 2.6.12 Authenticated.(Subscriber+).Information.Exposure MEDIUM" "otter-pro 2.6.4 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.File.Field.CSS MEDIUM" "otter-pro 2.6.4 Unauthenticated.Stored.Cross-Site.Scripting.via.SVG.Upload MEDIUM" "onlyoffice 2.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "opal-widgets-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "onelogin-saml-sso 2.4.3 Signature.Wrapping HIGH" "oxygen-mydata 1.0.65 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "opensea No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "opensea 1.0.3 Admin+.Stored.XSS MEDIUM" "opensea 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "official-saleswizard-crm 1.0.4 Contributor+.Stored.XSS MEDIUM" "oliver-pos 2.4.2.4 Sensitive.Information.Exposure.to.Privilege.Escalation CRITICAL" "oliver-pos 2.4.1.9 Cross-Site.Request.Forgery MEDIUM" "oliver-pos 2.4.2.1 Subscriber+.Unauthorized.AJAX.Calls MEDIUM" "open-ai-search-bar No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "osmapper No.known.fix Unauthenticated.Arbitrary.Post.Deletion HIGH" "open-user-map 1.3.27 Admin+.Stored.XSS LOW" "open-user-map 1.3.15 Reflected.Cross-Site.Scripting MEDIUM" "open-user-map 1.2.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "oauth-twitter-feed-for-developers No.known.fix Admin+.Stored.XSS LOW" "onesignal-free-web-push-notifications 1.17.8 Stored.XSS MEDIUM" "option-tree 2.7.3 Object.Injection.Bypass CRITICAL" "option-tree 2.7.0 PHP.Object.Injection CRITICAL" "option-tree 2.6.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "option-tree 2.5.4 XSS MEDIUM" "omnipress 1.5.5 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "omnipress 1.5.0 Contributor+.Stored.XSS MEDIUM" "overlay-image-divi-module 1.5 Reflected.Cross-Site.Scripting MEDIUM" "overlay-image-divi-module 1.3.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "opening-hours 1.47 Admin+.Stored.XSS LOW" "opening-hours 1.46 Cross-Site.Request.Forgery MEDIUM" "opening-hours 1.45 Missing.Authorization MEDIUM" "opening-hours 1.42 Admin+.Stored.Cross-Site.Scripting LOW" "opening-hours 1.38 Admin+.Stored.XSS LOW" "ootb-openstreetmap 2.8.4 Contributor+.Stored.XSS.via.ootb_query.Shortcode MEDIUM" "onestore-sites No.known.fix Unauthenticated.Blind.Server-Side.Request.Forgery MEDIUM" "onestore-sites No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.Plugin.Installation MEDIUM" "ovation-elements 1.1.3 Missing.Authorization MEDIUM" "one-user-avatar 2.3.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "one-user-avatar 2.3.7 Avatar.Update.via.CSRF LOW" "orangebox No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "olympus-google-fonts 3.7.8 Missing.Authorization MEDIUM" "olympus-google-fonts 3.7.8 Cross-Site.Request.Forgery MEDIUM" "olympus-google-fonts 3.0.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "official-skrill-woocommerce 1.0.67 Settings.Update.via.CSRF MEDIUM" "optima-express 7.3.1 Admin+.Stored.XSS LOW" "os-pricing-tables No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "onceki-yazi-linki No.known.fix Cross-Site.Request.Forgery MEDIUM" "official-facebook-pixel 3.0.0 PHP.Object.Injection.with.POP.Chain CRITICAL" "official-facebook-pixel 3.0.4 CSRF.to.Stored.XSS.and.Settings.Deletion HIGH" "oppso-unit-converter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ova-brw 1.8.7 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "ova-brw 1.8.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "orange-form No.known.fix Unauthenticated.Arbitrary.Post.Deletion CRITICAL" "orange-form No.known.fix SQL.Injection.via.CSRF HIGH" "orbisius-simple-notice 1.1.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "optimate-ads No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "oss-upload No.known.fix Cross-Site.Request.Forgery MEDIUM" "osd-subscribe No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "order-delivery-date 12.6.0 Unauthenticated.Arbitrary.Post.Title.Disclosure MEDIUM" "order-delivery-date 12.4.0 Reflected.XSS HIGH" "order-delivery-date 12.3.1 Unauthenticated.Arbitrary.Option.Update CRITICAL" "order-delivery-date No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "order-delivery-date No.known.fix Admin+.Stored.XSS LOW" "order-delivery-date No.known.fix Settings.Update.via.CSRF MEDIUM" "odihost-easy-redirect-301 No.known.fix Cross-Site.Request.Forgery MEDIUM" "onlinecontract No.known.fix Missing.Authorization.to.Unauthenticated.Settings.Import MEDIUM" "opal-estate No.known.fix Cross-Site.Request.Forgery MEDIUM" "opal-estate No.known.fix CSRF.Bypass MEDIUM" "opal-estate No.known.fix Missing.Authorization MEDIUM" "open-external-links-in-a-new-window 1.43 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "open-external-links-in-a-new-window 1.43 Tabnabbing LOW" "order-your-posts-manually No.known.fix Reflected.XSS HIGH" "order-your-posts-manually No.known.fix Admin+.SQLi MEDIUM" "otp-login No.known.fix Authentication.Bypass.via.Weak.OTP HIGH" "os-diagnosis-generator No.known.fix Missing.Authorization MEDIUM" "otter-blocks 3.0.7 Unauthetnicated.Path.Traversal.to.Arbitrary.Image.View MEDIUM" "otter-blocks 3.0.4 Gutenberg.Block.<.3.0.4.-.Missing.Authorization MEDIUM" "otter-blocks 3.0.5 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "otter-blocks 2.6.10 Contributor+.Stored.XSS.via.titleTag MEDIUM" "otter-blocks 2.6.9 Contributor+.Stored.Cross-Site.Scripting.via.Block.Attributes MEDIUM" "otter-blocks 2.6.9 Author+.Stored.XSS.via.SVG.Upload MEDIUM" "otter-blocks 2.6.6 Contributor+.Stored.XSS MEDIUM" "otter-blocks 2.6.6 Contributor+.Stored.XSS MEDIUM" "otter-blocks 2.6.5 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "otter-blocks 2.2.6 Gutenberg.Blocks.<.2.2.6.-.Author+.PHAR.Deserialization MEDIUM" "original-texts-yandex-webmaster No.known.fix Cross-Site.Request.Forgery MEDIUM" "opensheetmusicdisplay 1.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.className.Parameter MEDIUM" "opal-membership No.known.fix Authenticated.(Subscriber+).Information.Disclosure MEDIUM" "opal-membership No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "olympus-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "option-editor No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.Options.Update HIGH" "order-and-inventory-manager-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "order-and-inventory-manager-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "out-of-stock-badge No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-site.Scripting MEDIUM" "orbisius-child-theme-creator 1.5.6 Missing.Authorization.to.Authenticated.(Subscriber+).Cloud.Snippet.Update/Delete MEDIUM" "orbisius-child-theme-creator 1.5.5 Reflected.Cross-Site.Scripting MEDIUM" "orbisius-child-theme-creator 1.5.2 CSRF.to.Arbitrary.File.Modification/Creation HIGH" "orbisius-child-theme-creator 1.2.8 Arbitrary.File.Write MEDIUM" "order-delivery-date-for-woocommerce 3.21.1 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "order-delivery-date-for-woocommerce 3.20.1 Reflected.XSS HIGH" "oauth-client-for-user-authentication 3.0.4 Unauthenticated.Settings.Update.to.Authentication.Bypass CRITICAL" "official-statcounter-plugin-for-wordpress 2.0.7 Admin+.Stored.Cross-Site.Scripting LOW" "oembed-gist No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "octrace-support No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "octrace-support No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "octrace-support 1.2.5 Reflected.Cross-Site.Scripting MEDIUM" "octrace-support 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "one-page-express-companion 1.6.38 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.one_page_express_contact_form.Shortcode MEDIUM" "order-hours-scheduler-for-woocommerce 4.3.22 Reflected.Cross-Site.Scripting MEDIUM" "optimole-wp 3.13.0 Author+.Stored.Cross-Site.Scripting.via.SVG.Upload MEDIUM" "optimole-wp 3.3.2 Admin+.Stored.Cross-Site.Scripting LOW" "omnisend-connect 1.14.4 Cross-Site.Request.Forgery MEDIUM" "omnisend-connect 1.13.9 Sensitive.Information.Exposure MEDIUM" "ohio-extra No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "order-tip-woo 1.4.0 Missing.Authorization.to.Unauthenticated.Data.Export MEDIUM" "om-stripe No.known.fix Reflected.XSS HIGH" "official-mailerlite-sign-up-forms 1.7.7 Missing.Authorization MEDIUM" "official-mailerlite-sign-up-forms 1.7.7 1.7.6.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "official-mailerlite-sign-up-forms 1.5.8 Signup.forms.(official).<.1.5.8.-.API.Key.Update.via.CSRF MEDIUM" "official-mailerlite-sign-up-forms 1.5.4 Reflected.Cross-Site.Scripting MEDIUM" "official-mailerlite-sign-up-forms 1.4.4 Unauthenticated.SQL.Injection CRITICAL" "official-mailerlite-sign-up-forms 1.4.5 Multiple.CSRF.Issues HIGH" "otpless No.known.fix 2.0.59.-.Unauthenticated.Arbitrary.Email.Update.to.Account.Takeover/Privilege.Escalation CRITICAL" "otpless 2.0.59 Reflected.Cross-Site.Scripting MEDIUM" "offsprout-page-builder No.known.fix 2.15.2.-.Contributor+.Privilege.Escalation HIGH" "only-tweet-like-share-and-google-1 No.known.fix Admin+.Stored.XSS LOW" "order-status-rules-for-woocommerce 3.7.2 Open.Redirect HIGH" "outbound-link-manager No.known.fix Settings.Update.via.CSRF MEDIUM" "ocean-extra 2.4.7 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "ocean-extra 2.4.7 Contributor+.Stored.XSS.via.'ocean_gallery_id' MEDIUM" "ocean-extra 2.4.7 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "ocean-extra 2.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ocean-extra 2.2.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Flickr.Widget MEDIUM" "ocean-extra 2.2.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "ocean-extra 2.2.5 Contributor+.Stored.XSS MEDIUM" "ocean-extra 2.2.3 Cross-Site.Request.Forgery.to.Arbitrary.Plugin.Activation MEDIUM" "ocean-extra 2.1.8 Reflected.Cross-Site.Scripting MEDIUM" "ocean-extra 2.1.3 Contributor+.Stored.XSS MEDIUM" "ocean-extra 2.1.3 Subscriber+.Arbitrary.Post.Content.Disclosure MEDIUM" "ocean-extra 2.1.2 Contributor+.Stored.XSS MEDIUM" "ocean-extra 2.0.5 Admin+.PHP.Objection.Injection MEDIUM" "ocean-extra 1.9.5 Reflected.Cross-Site.Scripting MEDIUM" "ocean-extra 1.9.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ocean-extra 1.6.6 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "ocean-extra 1.5.9 Unauthenticated.Settings.change.and.CSS.injection HIGH" "olivewp-companion No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "opentracker-analytics No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "one-page-blocks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "one-page-blocks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "one-page-blocks No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "oopspam-anti-spam 1.1.45 Cross-Site.Request.Forgery MEDIUM" "oopspam-anti-spam 1.1.36 Admin+.Stored.XSS LOW" "oshine-modules 3.3.8 Reflected.Cross-Site.Scripting MEDIUM" "oshine-modules 3.3.8 Unauthenticated.Server-Side.Request.Forgery HIGH" "ovic-addon-toolkit No.known.fix Missing.Authorization MEDIUM" "openbook-book-data No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "opal-estate-pro No.known.fix Contributor+.Stored.XSS MEDIUM" "onlywire-multi-autosubmitter No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "one-click-login No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ops-robots-txt 2.0.1 Stored.XSS.via.CSRF HIGH" "ops-robots-txt 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "osm No.known.fix Contributor+.Stored.XSS MEDIUM" "osm 6.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "osm 6.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.osm_map.and.osm_map_v3.Shortcodes MEDIUM" "osm 6.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "osm 6.0.4 Contributor+.SQL.Injection MEDIUM" "osm 6.0.6 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "osm 6.0.3 CSRF MEDIUM" "open-social No.known.fix Admin+.Stored.XSS LOW" "owm-weather 5.6.12 Post.Duplication.via.CSRF MEDIUM" "owm-weather 5.6.9 Contributor+.SQLi HIGH" "onclick-show-popup 6.6 Admin+.Stored.XSS LOW" "od-photogallery-plugin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "open-rdw-kenteken-voertuiginformatie 2.1.0 Reflected.XSS HIGH" "oik 4.15.2 Missing.Authorization MEDIUM" "oik 4.12.1 Cross-Site.Request.Forgery MEDIUM" "oik 4.12.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.bw_button.Shortcode MEDIUM" "oik 4.10.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "opal-woo-custom-product-variation 1.2.1 Unauthenticated.Arbitrary.File.Deletion MEDIUM" "opal-woo-custom-product-variation 1.1.4 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "one-click-plugin-updater No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "oa-social-login 5.10.0 Authentication.Bypass CRITICAL" "options-for-twenty-seventeen 2.5.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "os-bxslider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "onwebchat 3.2.0 Live.support.<.3.2.0.-.Cross-Site.Request.Forgery MEDIUM" "one-click-order-reorder 1.1.10 Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "order-notification-for-telegram No.known.fix Missing.Authorization.to.Unauthenticated.Send.Telegram.Test.Message MEDIUM" "order-import-export-for-woocommerce 2.6.1 Directory.Traversal.to.Authenticated.(Administrator+).Limited.Arbitrary.File.Read.via.download_file.Function MEDIUM" "order-import-export-for-woocommerce 2.6.1 Authenticated.(Admin+).PHP.Object.Injection.via.form_data.Parameter HIGH" "order-import-export-for-woocommerce 2.6.1 Directory.Traversal.to.Authenticated.(Administrator+).Limited.Arbitrary.File.Deletion.via.admin_log_page.Function LOW" "order-import-export-for-woocommerce 2.6.1 Authenticated.(Administrator+).Server-Side.Request.Forgery.via.validate_file.Function HIGH" "order-import-export-for-woocommerce 2.5.0 Authenticated.(Administrator+).PHP.Object.Injection HIGH" "order-import-export-for-woocommerce 2.4.4 Shop.Manager+.Arbitrary.File.Upload HIGH" "one-click-ssl 1.4.7 Multiple.Issues HIGH" "order-attachments-for-woocommerce No.known.fix Unauthenticated.Sensitive.Information.Exposure.Through.Unprotected.Directory MEDIUM" "order-attachments-for-woocommerce 2.5.0 2.4.1.-.Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Arbitrary.File.Upload MEDIUM" "opti-marketing 2.0.10 Unauthenticated.SQLi HIGH" "omnileads-scripts-and-tags-manager No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "office-locator No.known.fix Unauthenticated.SQL.Injection HIGH" "office-locator No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "os-our-team No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "organization-chart 1.5.1 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.title_input.and.node_description.Parameters MEDIUM" "organization-chart 1.4.5 Multiple.CSRF MEDIUM" "organization-chart 1.4.5 Admin+.Stored.XSS LOW" "ownerrez 1.2.1 Cross-Site.Request.Forgery MEDIUM" "out-of-stock-display-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "opengraph 1.11.3 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "order-picking-for-woocommerce 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "openai-tools-for-wp-wc No.known.fix Missing.Authorization MEDIUM" "occupancyplan No.known.fix Cross-Site.Request.Forgery.to.SQL.Injection MEDIUM" "occupancyplan No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "promotion-slider No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "powers-triggers-of-woo-to-chat No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "page-parts 1.4.4 Reflected.Cross-Site.Scripting MEDIUM" "pit-login-welcome No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pkt1-centro-de-envios 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "phplist-form-integration No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "pdf-block No.known.fix Contributor+.Stored.XSS MEDIUM" "past-events-extension No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "past-events-extension No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "past-events-extension No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "pressforward 5.2.4 Reflected.Cross-Site.Scripting.(XSS) HIGH" "plugins-last-updated-column 0.1.4 Cache.Clear.via.CSRF MEDIUM" "pingmeter-uptime-monitoring No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pdf-embedder-fay No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "photo-gallery 1.8.35 Photo.Gallery.by.10Web.–.Mobile-Friendly.Image.Gallery.<.1,8,35.Reflected.Cross-Site.Scripting.via.'image_id'.Parameter MEDIUM" "photo-gallery 1.8.34 Unauthenticated.Stored.XSS HIGH" "photo-gallery 1.8.33 Admin+.Stored.XSS LOW" "photo-gallery 1.8.31 Admin+.Stored.XSS LOW" "photo-gallery 1.8.31 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "photo-gallery 1.8.28 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "photo-gallery 1.8.28 Admin+.Stored.XSS LOW" "photo-gallery 1.8.29 Admin+.Stored.XSS LOW" "photo-gallery 1.8.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Zipped.SVG MEDIUM" "photo-gallery 1.8.24 Authenticated.(Contributor+).Path.Traversal.via.esc_dir.Function MEDIUM" "photo-gallery 1.8.26 Subscriber+.Notice.Dismiss MEDIUM" "photo-gallery 1.8.21 Missing.Authorization MEDIUM" "photo-gallery 1.8.22 Admin+.Stored.XSS.via.SVG LOW" "photo-gallery 1.8.22 Multiple.Reflected.XSS HIGH" "photo-gallery 1.8.20 Mobile-Friendly.Image.Gallery.<.1.8.20.-.Directory.Traversal.to.Arbitrary.File.Rename CRITICAL" "photo-gallery 1.8.19 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Widget MEDIUM" "photo-gallery 1.8.15 Admin+.Path.Traversal MEDIUM" "photo-gallery 1.8.3 Stored.XSS.via.CSRF MEDIUM" "photo-gallery 1.7.1 Reflected.Cross-Site.Scripting MEDIUM" "photo-gallery 1.6.4 Admin+.Stored.Cross-Site.Scripting LOW" "photo-gallery 1.6.3 Reflected.Cross-Site.Scripting MEDIUM" "photo-gallery 1.6.3 Unauthenticated.SQL.Injection HIGH" "photo-gallery 1.6.0 Unauthenticated.SQL.Injection HIGH" "photo-gallery 1.5.79 Stored.XSS.via.Uploaded.SVG.in.Zip MEDIUM" "photo-gallery 1.5.75 File.Upload.Path.Traversal LOW" "photo-gallery 1.5.75 Stored.Cross-Site.Scripting.via.Uploaded.SVG MEDIUM" "photo-gallery 1.5.67 Authenticated.Stored.Cross-Site.Scripting.via.Gallery.Title MEDIUM" "photo-gallery 1.5.69 Multiple.Reflected.Cross-Site.Scripting.(XSS) HIGH" "photo-gallery 1.5.69 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "photo-gallery 1.5.68 Reflected.Cross-Site.Scripting.(XSS) HIGH" "photo-gallery 1.5.55 Unauthenticated.SQL.Injection CRITICAL" "photo-gallery 1.5.46 Multiple.Cross-Site.Scripting.(XSS).Issues MEDIUM" "photo-gallery 1.5.35 SQL.Injection.&.XSS CRITICAL" "photo-gallery 1.5.31 SQL.Injection CRITICAL" "photo-gallery 1.5.25 Authenticated.LFI MEDIUM" "photo-gallery 1.5.23 Authenticated.XSS MEDIUM" "photo-gallery 1.3.67 Cross-Site.Scripting.(XSS) HIGH" "photo-gallery 1.3.51 Authenticated.SQL.Injection MEDIUM" "photo-gallery 1.3.43 Authenticated.Path.Traversal HIGH" "photo-gallery 1.3.36 Authenticated.SQL.Injection MEDIUM" "photo-gallery 1.2.13 Cross-Site.Scripting.(XSS) HIGH" "poll-wp 2.4.7 Authenticated.(Administrator+).SQL.Injection.via.'s'.Parameter MEDIUM" "poll-wp 2.4.1 Admin+.SQLi MEDIUM" "poll-wp 2.4.0 Admin+.SQL.Injection MEDIUM" "poll-wp 1.5.9 Reflected.Cross-Site.Scripting HIGH" "poll-wp 1.3.4 Broken.Authentication.and.Missing.Capability.Checks.on.AJAX.calls CRITICAL" "post-type-modifier-simple 1.04 Reflected.Cross-Site.Scripting MEDIUM" "print-page 1.0.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "parcelpanel 4.3.3 Reflected.Cross-Site.Scripting MEDIUM" "parcelpanel 3.9.0 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "protect-admin-account 2.0.2 Reflected.Cross-Site.Scripting MEDIUM" "push-monkey-desktop-push-notifications No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "preloader-sws No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "post-and-page-builder 1.27.7 Path.Traversal.to.Authenticated.(Contributor+).Arbitrary.File.Read.via.template_via_url.Function MEDIUM" "post-and-page-builder 1.27.6 Contributor+.Stored.XSS MEDIUM" "post-and-page-builder 1.26.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.File.Upload MEDIUM" "post-and-page-builder 1.26.5 Authenticated.(Contributer+).Stored.Cross-Site.Scripting MEDIUM" "post-and-page-builder 1.26.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-and-page-builder 1.24.2 Editor.Settings.Update.via.CSRF MEDIUM" "plugin-logic 1.0.8 Admin+.SQLi MEDIUM" "post-to-pdf 1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-shortcode No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "popcashnet-code-integration-tool 1.1 Cross-Site.Scripting.(XSS) MEDIUM" "polo-video-gallery No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "post-carousel-slider No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "pdf-for-wpforms 5.6.1 Missing.Authorization MEDIUM" "pdf-for-wpforms 5.3.1 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "pdf-for-wpforms 4.8.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.yeepdf_dotab.Shortcode MEDIUM" "pixelyoursite 10.1.1.2 Unauthenticated.PHP.Object.Injection HIGH" "pixelyoursite 10.0.2 Settings.Update.via.CSRF MEDIUM" "pixelyoursite 9.7.2 Unauthenticated.Information.Exposure.and.Log.Deletion MEDIUM" "pixelyoursite 9.6.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "pixelyoursite 9.3.7 Admin+.Stored.Cross-Site.Scripting LOW" "pixelyoursite 5.3.0 XSS MEDIUM" "product-countdown-for-woocommerce 1.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pricing-tables-for-visual-composer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wdo_pricing_tables.Shortcode MEDIUM" "pages-order No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "plenigo No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "prevent-file-access 2.5.2 Admin+.Arbitrary.File.Upload MEDIUM" "pz-linkcard 2.5.3 Contributor+.SSRF LOW" "pz-linkcard 2.5.3 Reflected.XSS HIGH" "pz-linkcard 2.5.3 Admin+.Stored.XSS LOW" "pz-linkcard 2.5.3 Caching.Management.via.CSRF MEDIUM" "pz-linkcard 2.4.5.3 Reflected.Cross-Site.Scripting MEDIUM" "premium-seo-pack 1.6.002 Authenticated.(Contributor+).SQL.Injection MEDIUM" "premium-seo-pack No.known.fix Unauthenticated.Information.Exposure MEDIUM" "posts-to-page No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "php-execution-plugin No.known.fix Settings.Update.via.CSRF HIGH" "publishpress 1.9.5 Reflected.Cross-Site.Scripting MEDIUM" "publishpress 3.5.1 Reflected.Cross-Site.Scripting HIGH" "paypal-gift-certificate No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting.via.wpppgc_plugin_options MEDIUM" "podcast-subscribe-buttons 1.4.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "podcast-subscribe-buttons 1.4.2 Contributor+.Stored.XSS MEDIUM" "popup-box 3.2.5 Cross-Site.Request.Forgery MEDIUM" "popup-box 2.2.7 Popup.Deletion.via.CSRF MEDIUM" "popup-box 2.2.2 Reflected.XSS MEDIUM" "popup-box 2.2 Admin+.LFI MEDIUM" "pubsubhubbub 3.2.0 Admin+.Stored.XSS MEDIUM" "particle-background No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "progressive-wp No.known.fix Missing.Authorization MEDIUM" "profile-widget-ninja No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "picu 2.4.1 Missing.Authorization MEDIUM" "plinks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "peprodev-ups No.known.fix 7.5.2.-.Limited.Unauthenticated.Arbitrary.User.Meta.Update HIGH" "peprodev-ups No.known.fix 7.5.2.-.Unauthenticated.Email.Enumeration MEDIUM" "peprodev-ups No.known.fix 7.5.2.-.Authentication.Bypass.to.Account.Takeover CRITICAL" "popup-more 2.3.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "popup-more 2.2.5 Admin+.Directory.Traversal.to.Limited.Local.File.Inclusion MEDIUM" "prezi-embedder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pixobe-cartography No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pixobe-cartography No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "people-lists 2.0.0 Missing.Authorization MEDIUM" "perfect-pullquotes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "photokit No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "powr-pack 2.2.0 Contributor+.Stored.XSS MEDIUM" "platformly-for-woocommerce 1.1.7 Unauthenticated.Blind.Server-Side.Request.Forgery MEDIUM" "plugversions 0.0.8 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Creation HIGH" "popularis-extra 1.2.8 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "popularis-extra 1.2.7 Reflected.Cross-Site.Scripting MEDIUM" "pepro-ultimate-invoice No.known.fix Insecure.Direct.Object.Reference.to.Unauthenticated.Order.Information.Exposure MEDIUM" "pepro-ultimate-invoice 2.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pepro-ultimate-invoice 2.0.2 Missing.Authorisation MEDIUM" "pepro-ultimate-invoice 1.9.8 Unauthenticated.Arbitrary.Invoice.Access HIGH" "product-puller No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "partners No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "partners No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "private-content No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "private-content No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "private-content No.known.fix Unauthenticated.Privilege.Escalation.via.Account.Takeover CRITICAL" "private-content No.known.fix Missing.Authorization MEDIUM" "private-content 8.4.4 Brute.Force.Protection.Bypass MEDIUM" "project-source-code-download No.known.fix Unauthenticated.Backup.Download HIGH" "product-recommendation-quiz-for-ecommerce 2.1.2 Missing.Authorization.in.prq_set_token MEDIUM" "pixproof No.known.fix Missing.Authorization MEDIUM" "petfinder-listings 1.1 Admin+.Stored.Cross-Site.Scripting LOW" "post-content-xmlrpc No.known.fix Admin+.SQL.Injections HIGH" "postcode-redirect 5.0.0 Reflected.Cross-Site.Scripting MEDIUM" "postcode-redirect 4.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pin-generator 2.0.1 Missing.Authorization MEDIUM" "peoplepond No.known.fix CSRF.to.Stored.XSS HIGH" "payment-form-for-paypal-pro 1.1.73 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "payment-form-for-paypal-pro 1.1.65 Unauthenticated.SQL.Injection CRITICAL" "payment-form-for-paypal-pro 1.0.2 Multiple.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "post-grid-carousel-ultimate 1.7 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "post-grid-carousel-ultimate 1.7 Authenticated.(Contributor+).Local.File.Inclusion.via.post_type_ajax_handler() HIGH" "post-grid-carousel-ultimate 1.7 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "post-grid-carousel-ultimate 1.6.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-grid-carousel-ultimate 1.6.8 Authenticated.(Contributor+).PHP.Object.Injection.in.outpost_shortcode_metabox_markup HIGH" "post-grid-carousel-ultimate 1.5.0 Admin+.Stored.XSS LOW" "pro-addons-for-elementor 1.6.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "paytm-donation No.known.fix Admin+.Stored.XSS LOW" "paytm-donation 2.3.2 Reflected.Cross-Site.Scripting MEDIUM" "paytm-donation 2.2.1 Reflected.XSS HIGH" "permalink-manager 2.4.4.1 Missing.Authorization.to.Unauthenticated.Sensitive.Information.Exposure MEDIUM" "permalink-manager 2.4.3.4 Reflected.Cross-Site.Scripting MEDIUM" "permalink-manager 2.4.3.2 Reflected.Cross-Site.Scripting MEDIUM" "permalink-manager 2.4.3.2 Missing.Authorization.via.get_uri_editor MEDIUM" "permalink-manager 2.4.3.2 Missing.Authorization.to.Authenticated(Author+).arbitrary.post.slug.modification MEDIUM" "permalink-manager 2.4.3.1 Reflected.Cross-Site.Scripting MEDIUM" "permalink-manager 2.3.0 Authenticated.Stored.XSS MEDIUM" "permalink-manager 2.2.20.2 Settings.Update.via.CSRF MEDIUM" "permalink-manager 2.2.20.1 Unauthenticated.URI.Deletion MEDIUM" "permalink-manager 2.2.15 Reflected.Cross-Site.Scripting MEDIUM" "permalink-manager 2.2.13.1 Admin+.SQL.Injection MEDIUM" "persian-woocommerce-shipping 4.2.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "product-image-watermark-for-woo 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "postcasa No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "photospace No.known.fix Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "photospace No.known.fix Subscriber+.Arbitrary.Settings.Update MEDIUM" "prodigy-commerce 3.0.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "prodigy-commerce 3.1.3 Missing.Authorization LOW" "pagemash No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "post-carousel-divi 1.2 Reflected.Cross-Site.Scripting MEDIUM" "post-carousel-divi 1.1.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pretty-google-calendar 2.0.0 Contributor+.Stored.XSS MEDIUM" "pretty-google-calendar 1.6.0 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.pretty_google_calendar.shortcode MEDIUM" "plugin-central No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Deletion HIGH" "payday No.known.fix Missing.Authorization MEDIUM" "proranktracker No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "post-sync No.known.fix Reflected.XSS HIGH" "participants-database 2.5.9.3 Unauthenticated.PHP.Object.Injection HIGH" "participants-database 2.5.6 Missing.Authorization MEDIUM" "participants-database 1.9.5.6 Authenticated.Time.Based.SQL.Injection HIGH" "participants-database 1.7.5.10 Cross-Site.Scripting MEDIUM" "participants-database 1.5.4.9 Unauthenticated.SQL.Injection CRITICAL" "pretty-simple-popup-builder 1.0.10 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "pretty-simple-popup-builder 1.0.10 Admin+.Stored.XSS LOW" "pretty-simple-popup-builder 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "photo-gallery-pearlbells No.known.fix Cross-Site.Request.Forgery.to.Privilege.Escalation MEDIUM" "post-status-notifier-lite 1.11.7 Reflected.Cross-Site.Scripting.via.page MEDIUM" "post-status-notifier-lite 1.11.1 Reflected.Cross-Site.Scripting MEDIUM" "post-status-notifier-lite 1.10.1 Reflected.XSS HIGH" "posts-in-page 1.3.0 Directory.Traversal HIGH" "phppoet-checkout-fields 3.5.13 Unauthenticated.Arbitrary.File.Upload CRITICAL" "plexx-elementor-extension 1.3.7 Contributor+.Stored.XSS MEDIUM" "primer-mydata 4.2.4 Reflected.Cross-Site.Scripting MEDIUM" "primer-mydata 4.2.2 Reflected.Cross-Site.Scripting MEDIUM" "piotnetforms No.known.fix Authenticated.(Editor+).Path.Traversal LOW" "piotnetforms No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "piotnetforms No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "piotnetforms 1.0.29 Unauthenticated.Arbitrary.File.Upload CRITICAL" "piotnetforms 1.0.30 Missing.Authorization.via.multiple.AJAX.actions MEDIUM" "piotnetforms No.known.fix Unauthenticated.Arbitrary.File.Upload HIGH" "post-thumbs No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "plethora-tabs-accordions 1.2 Contributor+.Stored.XSS MEDIUM" "plethora-tabs-accordions 1.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "progress-bar 2.2.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "progress-bar 2.2.2 Contributor+.Stored.XSS MEDIUM" "posts-for-page No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "prevent-direct-access 2.8.8.3 2.8.8.2.-.Incorrect.Authorization.to.Authenticated.(Contributor+).Multiple.Media.Actions MEDIUM" "prevent-direct-access 2.8.8.1 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "push-notification-mobile-and-web-app No.known.fix Missing.Authorization MEDIUM" "padma-advanced 0.0.17 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "product-code-for-woocommerce 1.5.1 Cross-Site.Request.Forgery.to.Database.Update MEDIUM" "product-code-for-woocommerce 1.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "plausible-analytics 1.3.4 Reflected.XSS HIGH" "plausible-analytics 1.2.4 Subscriber+.Arbitrary.Settings.Update MEDIUM" "plausible-analytics 1.2.3 Admin+.Stored.Cross-Site.Scripting MEDIUM" "peepso-files 6.4.6.1 Insecure.Direct.Object.Reference.to.Unauthenticated.Sensitive.Information.Exposure.via.file_download MEDIUM" "prettyphoto No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.url.Parameter MEDIUM" "page-scroll-to-id 1.7.9 Contributor+.Stored.XSS MEDIUM" "page-scroll-to-id 1.7.6 Contributor+.Stored.XSS MEDIUM" "pixel-formbuilder No.known.fix Unauthenticated.SQL.Injection HIGH" "pixel-formbuilder No.known.fix Cross-Site.Request.Forgery MEDIUM" "post-plugin-library No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "post-carousel 3.0.1 Editor+.Stored.XSS LOW" "post-carousel 2.4.28 Editor+.Stored.XSS LOW" "post-carousel 2.4.19 Contributor+.Stored.XSS MEDIUM" "post-carousel 2.3.5 CSRF.Bypass./.Unauthorised.AJAX.Calls MEDIUM" "pixel-for-web-stories 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "photoshow 1.0.19 Update/Delete.Google.API.Key.via.CSRF MEDIUM" "popliup No.known.fix Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "perfect-survey 1.5.2 Unauthorised.AJAX.Call.to.Stored.XSS./.Survey.Settings.Update HIGH" "perfect-survey 1.5.2 Reflected.Cross-Site.Scripting HIGH" "perfect-survey 1.5.2 Unauthenticated.SQL.Injection HIGH" "perfect-survey No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "popup-image No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pafacile No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "product-notes-for-woocommerce 3.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "payhere-payment-gateway 2.2.12 Unauthenticated.Log.Data.Disclosure MEDIUM" "pw-bulk-edit 2.135 Cross-Site.Request.Forgery MEDIUM" "premmerce-search 2.2.4 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-search 2.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "plezi 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "plezi 1.0.3 Unauthenticated.Stored.XSS HIGH" "prime-affiliate-links No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "poll-maker 5.7.8 Unauthenticated.Race.Condition.to.Multi-Vote MEDIUM" "poll-maker 5.5.4 Admin+.Stored.XSS LOW" "poll-maker 5.6.6 Authenticated.(Administrator+).SQL.Injection MEDIUM" "poll-maker 5.5.7 Missing.Authorization MEDIUM" "poll-maker 5.5.5 Unauthenticated.HTML.Injection MEDIUM" "poll-maker 5.5.5 Cross-Site.Request.Forgery.to.Poll.Duplication MEDIUM" "poll-maker 5.4.7 Authenticated.(Administrator+).Time-Based.SQL.Injection MEDIUM" "poll-maker 5.4.7 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Poll.Settings MEDIUM" "poll-maker 5.4.7 Authenticated.(Administrator+).SQL.Injection.via.Order_by.Parameter MEDIUM" "poll-maker 5.1.9 Missing.Authorization.to.Unauthenticated.Stored.Cross-Site.Scripting HIGH" "poll-maker 5.1.9 .Missing.Authorization.to.Unauthenticated.Email.Enumeration MEDIUM" "poll-maker 4.8.1 Missing.Authorization MEDIUM" "poll-maker 4.7.2 Missing.Authorization MEDIUM" "poll-maker 4.7.1 Reflected.XSS HIGH" "poll-maker 4.0.2 Admin+.Stored.Cross-Site.Scripting LOW" "poll-maker 3.4.2 Unauthenticated.Time.Based.SQL.Injection CRITICAL" "poll-maker 3.2.9 Reflected.Cross-Site.Scripting HIGH" "poll-maker 3.2.1 Authenticated.Blind.SQL.Injections HIGH" "permalink-manager-pro 2.2.15 Reflected.Cross-Site.Scripting MEDIUM" "post-grid-for-elementor 1.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pdf2post No.known.fix Authenticated.(Subscriber+).Remote.Code.Execution HIGH" "podlove-subscribe-button 1.3.11 Authenticated.(Contributor+).SQL.Injection HIGH" "podlove-subscribe-button 1.3.9 Multiple.CSRF MEDIUM" "podlove-subscribe-button 1.3.9 Admin+.Stored.XSS LOW" "portfolio-builder-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.11.9 Contributor+.Stored.XSS.via.Countdown.Widget MEDIUM" "premium-addons-for-elementor 4.10.57 Missing.Authorization LOW" "premium-addons-for-elementor 4.10.61 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.Video.Box.Widget MEDIUM" "premium-addons-for-elementor 4.10.53 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Media.Grid.Widget MEDIUM" "premium-addons-for-elementor 4.10.39 Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.Content.Deletion.and.Arbitrary.Title.Update MEDIUM" "premium-addons-for-elementor 4.10.37 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.Animated.Text.Widget MEDIUM" "premium-addons-for-elementor 4.10.35 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.10.36 Regular.Expressions.Denial.of.Service LOW" "premium-addons-for-elementor 4.10.36 Contributor+.Stored.Cross-Site.Scripting.via.Countdown.Widget MEDIUM" "premium-addons-for-elementor 4.10.34 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.10.32 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Fancy.Text.Widget MEDIUM" "premium-addons-for-elementor 4.10.32 Missing.Authorization.to.Information.Disclosure MEDIUM" "premium-addons-for-elementor 4.10.32 Contributor+.DOM-Based.Stored.Cross-Site.Scripting.via.Global.Tooltip MEDIUM" "premium-addons-for-elementor 4.10.32 Missing.Authorization.to.Information.Disclosure MEDIUM" "premium-addons-for-elementor 4.10.32 Contributor+.Stored.XSS MEDIUM" "premium-addons-for-elementor 4.10.31 Contributor+.Stored.XSS MEDIUM" "premium-addons-for-elementor 4.10.29 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.10.29 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.10.26 Contributor+.Stored.XSS MEDIUM" "premium-addons-for-elementor 4.10.25 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.10.17 Contributor+.Stored.Cross-Site.Scripting.via.Wrapper.Link.Widget MEDIUM" "premium-addons-for-elementor 4.10.28 Contributor+.Stored.Cross-Site.Scripting.via.Button MEDIUM" "premium-addons-for-elementor 4.10.25 Contributor+.DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.10.23 Authenticated.(Contributor+).Sensitive.Information.Exposure MEDIUM" "premium-addons-for-elementor 4.10.24 Contributor+.Stored.XSS MEDIUM" "premium-addons-for-elementor 4.10.22 Contributor+.Stored.XSS MEDIUM" "premium-addons-for-elementor 4.10.19 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.10.19 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.10.17 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.5.2 Subscriber+.Arbitrary.Blog.Option.Update HIGH" "premium-addons-for-elementor 4.2.8 Contributor+.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "portfolio-pro No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-title-counter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "popups 1.8 Reflected.Cross-Site.Scripting MEDIUM" "popups No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "posttabs No.known.fix Arbitrary.Settings.Update.via.CSRF.to.Stored.XSS MEDIUM" "page-layout-builder No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "postmarkapp-email-integrator No.known.fix Missing.Authorization MEDIUM" "postmarkapp-email-integrator No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "peepso-photos 6.3.1.0 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "piotnet-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "piotnet-addons-for-elementor No.known.fix Contributor+.Stored.XSS MEDIUM" "piotnet-addons-for-elementor 2.4.33 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "piotnet-addons-for-elementor 2.4.32 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.Heading.Widget MEDIUM" "piotnet-addons-for-elementor 2.4.32 Contributor+.Stored.XSS MEDIUM" "piotnet-addons-for-elementor 2.4.31 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "piotnet-addons-for-elementor 2.4.30 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "piotnet-addons-for-elementor 2.4.29 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widget.Attributes HIGH" "piotnet-addons-for-elementor 2.4.28 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "piotnet-addons-for-elementor 2.4.26 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "piotnet-addons-for-elementor 2.4.27 Contributor+.Stored.XSS MEDIUM" "post-smtp 3.1.3 Authenticated.(Administrator+).SQL.Injection.via.columns.Parameter MEDIUM" "post-smtp 3.1.0 Unauthenticated.Stored.XSS HIGH" "post-smtp 2.9.12 Missing.Authorization.via.regenerate_qrcode() MEDIUM" "post-smtp 2.9.10 Admin+.SQLi MEDIUM" "post-smtp 2.9.4 Administrator+.SQL.Injection MEDIUM" "post-smtp 2.8.8 Authorization.Bypass.via.type.connect-app.API CRITICAL" "post-smtp 2.8.8 Unauthenticated.Stored.Cross-Site.Scripting.via.device HIGH" "post-smtp 2.8.7 Admin+.SQL.Injection MEDIUM" "post-smtp 2.8.7 Reflected.Cross-Site.Scripting HIGH" "post-smtp 2.7.1 Unauthenticated.Cross-site.Scripting HIGH" "post-smtp 2.6.1 Authenticated.(Administrator+).SQL.Injection HIGH" "post-smtp 2.5.8 Reflected.Cross-Site.Scripting MEDIUM" "post-smtp 2.5.8 Unauthenticated.Stored.Cross-Site.Scripting.via.Email.Contents HIGH" "post-smtp 2.5.7 Account.Takeover.via.CSRF MEDIUM" "post-smtp 2.5.7 Arbitrary.Log.Deletion.via.CSRF MEDIUM" "post-smtp 2.1.7 Admin+.Blind.SSRF LOW" "post-smtp 2.1.4 Admin+.Stored.Cross-Site.Scripting LOW" "post-smtp 2.0.21 CSRF.Nonce.Bypass MEDIUM" "purple-xmls-google-product-feed-for-woocommerce No.known.fix Authenticated.(Administrator+).SQL.Injection CRITICAL" "purple-xmls-google-product-feed-for-woocommerce 3.2.3.4 Reflected.Cross-Site.Scripting MEDIUM" "purple-xmls-google-product-feed-for-woocommerce 3.3.1.0 Authenticated.SQL.Injection MEDIUM" "precious-metals-chart-and-widgets 1.2.9 Authenticated.(Contributor+).Stored.Cross-site.Scripting MEDIUM" "portfolleo No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "papercite No.known.fix Missing.Authorization MEDIUM" "postman-widget No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "post-ideas No.known.fix Unauthenticated.SQL.Injection HIGH" "pocket-widget No.known.fix Admin+.Stored.XSS LOW" "paytr-taksit-tablosu-woocommerce No.known.fix CSRF MEDIUM" "paytr-taksit-tablosu-woocommerce 1.3.2 Unauthenticated.Settings.Update MEDIUM" "php-everywhere 3.0.0 Subscriber+.RCE.via.Shortcode CRITICAL" "php-everywhere 3.0.0 Contributor+.RCE.via.Gutenberg.Block CRITICAL" "php-everywhere 3.0.0 Contributor+.RCE.via.Metabox CRITICAL" "php-everywhere 2.0.3 Arbitrary.Settings.Update.via.CSRF MEDIUM" "pdf-generator-addon-for-elementor-page-builder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pdf-generator-addon-for-elementor-page-builder 2.0.1 Unauthenticated.Arbitrary.File.Download HIGH" "pdf-generator-addon-for-elementor-page-builder 1.7.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "password-policy-manager 2.0.5 Authenticated.(Subscriber+).Privilege.Escalation.via.Account.Takeover HIGH" "pagerank-tools No.known.fix Reflected.XSS HIGH" "postmatic No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "postmatic 2.2.10 Subscriber+.PHP.Object.Injection MEDIUM" "postmatic 2.2.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "postmatic 1.4.6 Cross-Site.Scripting.(XSS) MEDIUM" "post-index No.known.fix CSRF.to.Stored.XSS HIGH" "popup-maker-wp 1.3.7 Subscriber+.Stored.XSS HIGH" "passwordless-wp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "page-generator 1.7.2 Authenticated(Administrator+).SQL.Injection MEDIUM" "page-generator 1.6.6 Arbitrary.Keywords.Deletion/Duplication.via.CSRF MEDIUM" "page-generator 1.6.5 Admin+.Stored.Cross-Site.Scripting LOW" "page-generator 1.5.9 Reflected.Cross-Site.Scripting HIGH" "ps-ads-pro No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pop-up No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "pop-up No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "parone 1.18.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "password-protect-plugin-for-wordpress No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "post-timeline 2.3.10 Reflected.XSS HIGH" "post-timeline 2.3.10 Reflected.Cross-Site.Scripting MEDIUM" "post-timeline 2.2.6 Reflected.XSS HIGH" "pre-publish-checklist 1.1.2 Insecure.Direct.Object.Reference.to.Arbitrary.Post.'_ppc_meta_key'.Update MEDIUM" "product-specifications 0.7.0 Reflected.Cross-Site.Scripting HIGH" "pootle-button No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pootle-button 1.2.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "performance-lab 2.3.0 CSRF MEDIUM" "ptoffice-sign-ups No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "post-views-stats No.known.fix Reflected.Cross-Site.Scripting.via.from.and.to MEDIUM" "price-calc No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "pdf-generator-for-wp 1.1.2 Reflected.XSS HIGH" "page-studio-lite No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "page-studio-lite No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "product-designer 1.0.37 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "product-designer 1.0.34 Unauthenticated.Arbitrary.Attachment.Deletion MEDIUM" "product-designer 1.0.33 Unauthenticated.PHP.Object.Injection CRITICAL" "paygreen-payment-gateway 1.0.27 Reflected.Cross-Site.Scripting MEDIUM" "pretty-opt-in-lite 1.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "product-import-export-for-woo 2.5.1 Authenticated.(Admin+).PHP.Object.Injection.via.form_data.Parameter HIGH" "product-import-export-for-woo 2.5.1 Authenticated.(Administrator+).Server-Side.Request.Forgery.via.validate_file.Function HIGH" "product-import-export-for-woo 2.5.1 Directory.Traversal.to.Authenticated.(Administrator+).Limited.Arbitrary.File.Deletion.via.admin_log_page.Function LOW" "product-import-export-for-woo 2.5.1 Directory.Traversal.to.Authenticated.(Administrator+).Limited.Arbitrary.File.Read.via.download_file.Function MEDIUM" "product-import-export-for-woo 2.4.2 Authenticated(Shop.Manager+).Arbitrary.File.Upload HIGH" "product-import-export-for-woo 2.3.8 Shop.Manager+.Arbitrary.File.Upload.via.upload_import_file HIGH" "presto-player 3.0.3 Missing.Authorization MEDIUM" "presto-player 2.2.3 Contributor+.Stored.XSS MEDIUM" "pop-up-pop-up 1.2.0 Plugin.Installation.via.CSRF MEDIUM" "pop-up-pop-up 1.2.0 Subscriber+.Plugin.Installation MEDIUM" "pop-up-pop-up 1.1.6 Arbitrary.Settings.Update.via.CSRF MEDIUM" "pardakht-delkhah 2.9.9 Form.Fields.Reset.via.CSRF MEDIUM" "pardakht-delkhah 2.9.3 Unauthenticated.Stored.XSS HIGH" "packlink-pro-shipping 3.4.7 Missing.Authorization MEDIUM" "phoenix-media-rename 3.4.4 Author.Arbitrary.Media.File.Renaming MEDIUM" "pull-this No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "parallax-image 1.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.position.Parameter MEDIUM" "parallax-image 1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.dd-parallax.Shortcode MEDIUM" "parallax-image 1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "photographer-connections No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "price-commander-xforwc 1.3.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "post-status-notifier 1.11.7 Reflected.Cross-Site.Scripting.via.page MEDIUM" "plms No.known.fix Authenticated.(Salesman+).Arbitrary.File.Upload HIGH" "publishpress-authors 4.7.6 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "publishpress-authors 4.7.4 Authenticated.(Administrator+).SQL.Injection MEDIUM" "publishpress-authors 4.7.2 Insecure.Direct.Object.Reference.to.Authenticated.(Author+).Arbitrary.User.Email.Update.and.Account.Takeover HIGH" "pricetable No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "piwigopress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-indexer 3.0.6.2 Authenticated.SQL.Injection HIGH" "post-indexer 3.0.6.2 PHP.Object.Injection.via.MitM HIGH" "pro-links-maintainer-dev No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pro-links-maintainer-dev No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "porto-functionality 3.1.0 Functionality.<.3.1.0.-.Authenticated.(Contributor+).Local.File.Inclusion.via.Post.Meta HIGH" "porto-functionality 3.1.1 Functionality.<.3.1.1.-.Authenticated.(Contributor+).Local.File.Inclusion.via.Shortcode HIGH" "porto-functionality 2.12.1 Functionality.<.2.12.1.-.Missing.Authorization MEDIUM" "porto-functionality 2.12.1 Functionality.<.2.12.1.-.Unauthenticated.SQL.Injection CRITICAL" "pdf-light-viewer 1.4.12 Authenticated.Command.Injection LOW" "pixtypes No.known.fix Reflected.XSS HIGH" "pixtypes 1.4.15 Cross-Site.Request.Forgery MEDIUM" "pf-timer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "philantro 5.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.donate.Shortcode MEDIUM" "philantro 5.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "payments-stripe-gateway No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "payments-stripe-gateway No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "payments-stripe-gateway 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "payment-qr-woo No.known.fix Missing.Authorization MEDIUM" "planso-forms No.known.fix Authenticated.Stored.Cross-Site.Scripting LOW" "pripre No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "powerkit 2.9.2 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "powerkit 2.5.9 Post.Views.Settings.Update/Reset.via.CSRF MEDIUM" "portfolio-elementor 3.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "portfolio-elementor 2.3.1 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "portfolio-elementor 2.1.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "price-alert-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "profilepro No.known.fix Subscriber+.Stored.Cross.Site.Scripting HIGH" "partdo-core No.known.fix Reflected.Cross-Site.Scripting HIGH" "ps-phpcaptcha 1.2.0 PS.PHPCaptcha.<.1,2,0.-Denial.of.Service CRITICAL" "photospace-responsive 2.1.2 Admin+.Stored.XSS MEDIUM" "peters-collaboration-e-mails No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "parsi-font 4.3 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "productive-commerce No.known.fix Unauthenticated.SQL.Injection HIGH" "page-loading-effects 3.0.0 Admin+.Stored.XSS LOW" "php-to-page No.known.fix Authenticated.(Subscriber+).Local.File.Inclusion.to.Remote.Code.Execution.via.Shortcode CRITICAL" "pmpro-payfast 1.4.2 Unauthenticated.Information.Exposure MEDIUM" "penci-data-migrator 1.3.1 Unauthenticated.Local.File.Inclusion CRITICAL" "ppo-call-to-actions No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "persian-woocommerce-sms 7.1.0 Authenticated.(Shop.manager+).SQL.Injection MEDIUM" "persian-woocommerce-sms 7.0.6 Reflected.Cross-Site.Scripting MEDIUM" "persian-woocommerce-sms 7.0.6 Reflected.Cross-Site.Scripting MEDIUM" "persian-woocommerce-sms 7.0.3 Reflected.Cross-Site.Scripting MEDIUM" "persian-woocommerce-sms 3.3.4 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "product-input-fields-for-woocommerce 1.12.1 Unauthenticated.Limited.File.Upload HIGH" "product-input-fields-for-woocommerce 2.0 .Contributor+.Arbitrary.File.Read MEDIUM" "product-input-fields-for-woocommerce 1.8.0 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "product-input-fields-for-woocommerce 1.2.7 Unauthenticated.File.Download HIGH" "prevent-content-copy-image-save No.known.fix CSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "pronamic-google-maps 2.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "paypal-donations 1.9.9 Admin+.Stored.XSS LOW" "private-only No.known.fix CSRF.&.XSS HIGH" "payment-gateway-payfabric 1.0.13 Reflected.Cross-Site.Scripting MEDIUM" "payment-gateway-payfabric 1.0.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pixelstats No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pre-orders-for-woocommerce 1.2.14 Contributor+.Stored.XSS MEDIUM" "powerpack-lite-for-elementor 2.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "powerpack-lite-for-elementor 2.8.2 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "powerpack-lite-for-elementor 2.7.21 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Link.Effects.Widget MEDIUM" "powerpack-lite-for-elementor 2.7.20 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "powerpack-lite-for-elementor 2.7.18 Contributor+.Stored.XSS MEDIUM" "powerpack-lite-for-elementor 2.7.19 Contributor+.Stored.XSS MEDIUM" "powerpack-lite-for-elementor 2.7.16 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "powerpack-lite-for-elementor 2.7.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "powerpack-lite-for-elementor 2.7.14 Settings.Reset/Update.via.CSRF MEDIUM" "powerpack-lite-for-elementor 2.6.2 Reflected.Cross-Site.Scripting HIGH" "powerpack-lite-for-elementor 2.3.2 Contributor+.Stored.XSS MEDIUM" "personalize-woocommerce-cart-page 4.0 Missing.Authorization.to.Unuthenticated.Settings.Update MEDIUM" "personalize-woocommerce-cart-page 2.5 Cross-Site.Request.Forgery.(CSRF) HIGH" "prevent-landscape-rotation 2.1 Settings.Update.via.CSRF MEDIUM" "pta-member-directory 1.8.0 Missing.Authorization MEDIUM" "permalinks-customizer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "premium-addons-pro 2.9.14 Contributor+.Stored.XSS MEDIUM" "premium-addons-pro 2.9.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Premium.Magic.Scroll.Module MEDIUM" "premium-addons-pro 2.9.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Messenger.Chat.Widget MEDIUM" "premium-addons-pro 2.9.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multi.Scroll.Widget MEDIUM" "premium-addons-pro 2.9.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Global.Badge.Module MEDIUM" "premium-addons-pro 2.9.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Custom.Mouse.Cursor.Module MEDIUM" "premium-addons-pro 2.9.13 .Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.widget.link MEDIUM" "premium-addons-pro 2.8.25 Reflected.XSS HIGH" "phraseanet-client No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pilotpress 2.0.31 Subscriber+.Report.Access.&.DB.Transients.Purging MEDIUM" "plerdy-heatmap 1.3.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "pagepost-specific-social-share-buttons No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "prepost-seo No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "panda-pods-repeater-field 1.5.4 Reflected.XSS HIGH" "pray-for-me No.known.fix Unauthenticated.Stored.XSS HIGH" "pray-for-me No.known.fix Settings.Update.via.CSRF MEDIUM" "personizely 0.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.widgetId.Parameter MEDIUM" "pastebin-embed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "premmerce-user-roles 1.0.13 Missing.Authorization.via.role.management.functions HIGH" "premmerce-user-roles 1.0.12 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-user-roles 1.0.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "podcast-box No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "podcast-box 1.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "prdctfltr 8.2.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "peachpay-for-woocommerce 1.113.0 Reflected.Cross-Site.Scripting MEDIUM" "pure-chat 2.41 Reflected.Cross-Site.Scripting.via.purechatWidgetName.Parameter MEDIUM" "pure-chat 2.23 Cross-Site.Request.Forgery MEDIUM" "pure-chat No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "password-protected 2.7.8 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "password-protected 2.6.7 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "password-protected 2.6.7 Admin+.Stored.XSS LOW" "password-protected 2.6.3.2 Reflected.Cross-Site.Scripting MEDIUM" "password-protected 2.6.3 Admin+.Stored.XSS LOW" "popup-zyrex 1.1 Admin+.Arbitrary.File.Upload MEDIUM" "panorama 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "panorama 1.0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "premmerce-woocommerce-wholesale-pricing 1.1.10 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-wholesale-pricing 1.1.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "premmerce-woocommerce-wholesale-pricing 1.1.4 Subscriber+.Arbitrary.Option.Update CRITICAL" "peekaboo No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "point-maker No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "point-maker 0.1.5 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "primary-addon-for-elementor 1.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "primary-addon-for-elementor 1.6.3 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "primary-addon-for-elementor 1.5.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "primary-addon-for-elementor 1.5.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "primary-addon-for-elementor 1.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Pricing.Table.Widget MEDIUM" "primary-addon-for-elementor 1.5.3 Reflected.Cross-Site.Scripting MEDIUM" "primary-addon-for-elementor 1.5.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "payment-page 1.2.9 Reflected.Cross-Site.Scripting MEDIUM" "payment-page 1.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "photo-contest No.known.fix CSRF.Bypass MEDIUM" "photo-contest No.known.fix Cross-Site.Request.Forgery MEDIUM" "protected-page No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "protected-page No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "price-calculator-to-your-website No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "post-type-archive-mapping No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-type-archive-mapping 5.3.0 Missing.Authorization.via.REST.Routes MEDIUM" "pin-locations-on-map No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pay-with-contact-form-7 No.known.fix Cross-Site.Request.Forgery MEDIUM" "pay-with-contact-form-7 No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "pvn-auth-popup No.known.fix Contributor+.XSS.via.Shortcode MEDIUM" "pvn-auth-popup No.known.fix Admin+.Stored.XSS LOW" "privy-crm-integration No.known.fix Missing.Authorization MEDIUM" "perfect-portal-widgets 3.0.4 Contributor+.Stored.XSS MEDIUM" "pramadillo-activecampaign-email-preference-center 2.0.12 Reflected.Cross-Site.Scripting MEDIUM" "pramadillo-activecampaign-email-preference-center 2.0.10 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "product-filter-for-woocommerce-product No.known.fix Unauthenticated.SQLi HIGH" "posts-filter No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pretty-link 3.6.16 Missing.Authorization MEDIUM" "pretty-link 3.6.3 Reflected.Cross-Site.Scripting.via.post_status HIGH" "pretty-link 3.6.4 Plugin.Settings.Update.via.CSRF MEDIUM" "pretty-link 3.4.1 Link.Visit.Stats.Clear.via.CSRF MEDIUM" "pretty-link 2.1.10 Stored.XSS.and.CSV.Injection HIGH" "pretty-link 1.6.8 Authenticated.SQL.Injection MEDIUM" "profitori No.known.fix 2.1.1.3.-.Unauthenticated.Privilege.Escalation CRITICAL" "postapanduri No.known.fix Unauthenticated.SQL.Injection HIGH" "paritypress 1.0.1 Admin+.Stored.XSS LOW" "page-and-post-lister No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Deletion MEDIUM" "posts-and-products-views 2.1.1 Contributor+.Stored.XSS MEDIUM" "pedalo-connector No.known.fix Authentication.Bypass.to.Administrator CRITICAL" "ploxel 2.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "pie-calendar 1.2.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.piecal.Shortcode MEDIUM" "photo-gallery-builder No.known.fix Missing.Authorization MEDIUM" "pie-register-social-site 1.8 Authentication.Bypass.via.WordPress.com.OAuth.provider HIGH" "pie-register-social-site 1.7.8 Social.Sites.Login.(Add.on).<.1.7.8.-.Unauthenticated.Privilege.Escalation CRITICAL" "pdf-rechnungsverwaltung No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "pdf-invoicing-for-woocommerce 2.2.2 Reflected.Cross-Site.Scripting MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.2.3 Cross-Site.Request.Forgery.via.ajax_transcript_delete.Function MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.2.0 Authenticated.(Admin+).Stored.Cross-Site.Scripting.via.Feed.Name MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.1.24 Admin+.Stored.XSS LOW" "podlove-podcasting-plugin-for-wordpress 4.2.1 Admin+.Stored.XSS LOW" "podlove-podcasting-plugin-for-wordpress 4.1.17 Authenticated.(Admin+).Remote.Code.Execution HIGH" "podlove-podcasting-plugin-for-wordpress 4.1.14 Cross-Site.Request.Forgery.to.Remote.Code.Execution HIGH" "podlove-podcasting-plugin-for-wordpress 4.1.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.0.15 Cross-Site.Request.Forgery MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.0.12 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.1.1 Missing.Authorization MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.0.14 Authenticated.(Contributor+).SQL.Injection CRITICAL" "podlove-podcasting-plugin-for-wordpress 4.0.10 Reflected.Cross-Site.Scripting MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.0.12 Missing.Authorization.to.Settings.Import MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.0.12 Missing.Authorization.to.Unauthenticated.Data.Export MEDIUM" "podlove-podcasting-plugin-for-wordpress 3.8.4 Cross-Site.Request.Forgery MEDIUM" "podlove-podcasting-plugin-for-wordpress 3.8.3 Admin+.Stored.XSS LOW" "podlove-podcasting-plugin-for-wordpress 3.5.6 Unauthenticated.SQL.Injection MEDIUM" "podlove-podcasting-plugin-for-wordpress 2.6.0 Authenticated.SQL.Injection HIGH" "podlove-podcasting-plugin-for-wordpress 2.3.16 Multiple.SQLi.&.XSS CRITICAL" "product-websites-showcase No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "payment-gateway-groups-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "payment-gateway-groups-for-woocommerce 1.1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "property-hive-stamp-duty-calculator 1.0.23 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "prime-mover 1.9.3 Directory.Listing.to.Sensitive.Data.Exposure HIGH" "prime-mover 1.8.8 Reflected.Cross-Site.Scripting MEDIUM" "prime-mover 1.5.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "perfmatters 2.1.7 Cross-Site.Request.Forgery MEDIUM" "perfmatters 2.2.0 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "perfmatters 2.1.7 Reflected.Cross-Site.Scripting MEDIUM" "perfmatters 2.1.7 Missing.Authorization MEDIUM" "pearl-header-builder No.known.fix Missing.Authorization MEDIUM" "pearl-header-builder No.known.fix Cross-Site.Request.Forgery MEDIUM" "pearl-header-builder 1.3.9 Cross-Site.Request.Forgery.to.Header.Deletion MEDIUM" "pearl-header-builder 1.3.8 Missing.Authorization.to.Unauthenticated.Arbitrary.Site.Options.Deletion MEDIUM" "pearl-header-builder 1.3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "pearl-header-builder 1.3.5 CSRF MEDIUM" "product-price-history 2.1.5 Reflected.Cross-Site.Scripting MEDIUM" "portfolio-and-projects No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "pickup-and-delivery-from-customer-locations-for-woocommerce 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "pickup-and-delivery-from-customer-locations-for-woocommerce 1.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pojo-accessibility 3.2.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "patreon-connect 1.9.2 Missing.Authorization MEDIUM" "patreon-connect 1.9.1 Protection.Mechanism.Bypass MEDIUM" "patreon-connect 1.8.8 Cross-Site.Request.Forgery MEDIUM" "patreon-connect 1.8.2 Admin+.Stored.Cross-Site.Scripting LOW" "patreon-connect 1.7.2 Reflected.XSS.on.patreon_save_attachment_patreon_level.AJAX.action HIGH" "patreon-connect 1.7.0 CSRF.to.Overwrite/Create.User.Meta MEDIUM" "patreon-connect 1.7.2 Reflected.XSS.on.Login.Form HIGH" "patreon-connect 1.7.0 Unauthenticated.Local.File.Disclosure HIGH" "patreon-connect 1.7.0 CSRF.to.Disconnect.Sites.From.Patreon MEDIUM" "patreon-connect 1.2.2 PHP.Object.Injection CRITICAL" "prismatic 2.8 Contributor+.Stored.XSS MEDIUM" "prismatic 2.8 Reflected.Cross-Site.Scripting.(XSS) HIGH" "pricing-table-by-supsystic 1.9.13 Admin+.Content.Injection LOW" "pricing-table-by-supsystic 1.9.5 Reflected.Cross-Site.Scripting MEDIUM" "pricing-table-by-supsystic 1.8.9 Authenticated.SQL.Injections CRITICAL" "pricing-table-by-supsystic 1.9.0 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "pricing-table-by-supsystic 1.8.2 Insecure.Permissions.on.AJAX.Actions HIGH" "pricing-table-by-supsystic 1.8.1 Cross-Site.Request.Forgery.to.XSS.and.Setting.Changes HIGH" "pricing-table-by-supsystic 1.8.2 Unauthenticated.Stored.XSS HIGH" "pdf-viewer-block 1.0.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "propertyhive 2.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "propertyhive 2.1.1 Reflected.XSS HIGH" "propertyhive 2.0.20 Cross-Site.Request.Forgery.via.save_account_details HIGH" "propertyhive 2.0.10 Missing.Authorization MEDIUM" "propertyhive 2.0.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "propertyhive 2.0.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "propertyhive 2.0.13 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Deletion MEDIUM" "propertyhive 2.0.9 Reflected.Cross-Site.Scripting MEDIUM" "propertyhive 2.0.10 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "propertyhive 2.0.7 Missing.Authorization.via.activate_pro_feature MEDIUM" "propertyhive 2.0.6 Unauthenticated.PHP.Object.Injection.via.propertyhive_currency HIGH" "propertyhive 1.5.49 Reflected.XSS HIGH" "propertyhive 1.5.47 Reflected.XSS HIGH" "propertyhive 1.4.26 Unvalidated.Input.to.do_action() MEDIUM" "press-elements No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "press-elements No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "press-elements No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "poeditor 0.9.11 Cross-Site.Request.Forgery HIGH" "poeditor 0.9.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "poeditor 0.9.5 CSRF MEDIUM" "poeditor 0.9.8 Settings.Reset.via.CSRF MEDIUM" "preloader-for-website 1.3 Missing.Authorization.via.plwao_register_settings() MEDIUM" "projecthuddle-child-site 1.0.35 Missing.Authorization.via.ph_child_ajax_notice_handler MEDIUM" "price-bands-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "price-bands-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "price-bands-for-woocommerce No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "paypal-responder No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "pdf24-posts-to-pdf No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "paid-member-subscriptions 2.14.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "paid-member-subscriptions 2.13.8 Authentication.Bypass.via.pms_payment_id CRITICAL" "paid-member-subscriptions 2.13.5 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "paid-member-subscriptions 2.13.1 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "paid-member-subscriptions 2.12.9 Reflected.Cross-Site.Scripting MEDIUM" "paid-member-subscriptions 2.11.1 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "paid-member-subscriptions 2.11.2 Missing.Authorization.via.creating_pricing_table_page MEDIUM" "paid-member-subscriptions 2.11.2 Missing.Authorization.via.pms_stripe_connect_handle_authorization_return MEDIUM" "paid-member-subscriptions 2.10.5 Cross-Site.Request.Forgery.via.ajax_add_log_entry MEDIUM" "paid-member-subscriptions 2.4.2 Authenticated.SQL.Injection MEDIUM" "paid-member-subscriptions 2.4.2 Reflected.Cross-Site.Scripting.(XSS) HIGH" "page-builder-by-azexo No.known.fix Contributor+.Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "page-builder-by-azexo No.known.fix Subscriber+.Post.Creation MEDIUM" "page-builder-by-azexo No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "page-builder-by-azexo No.known.fix Cross-Site.Request.Forgery.(CSRF).to.Stored.XSS MEDIUM" "pdf-viewer-by-themencode 3.2.0 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "pdf-viewer-by-themencode 2.9.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "pegapoll No.known.fix Unauthenticated.Arbitrary.Options.Update CRITICAL" "product-configurator-for-woocommerce 1.2.32 Unauthenticated.Arbitrary.File.Deletion HIGH" "ppv-live-webcams 7.3.12 Authentication.Bypass CRITICAL" "ppv-live-webcams 7.3.1 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "paid-membership 2.9.30 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "paid-membership No.known.fix Reflected.Cross-Site.Scripting HIGH" "paid-membership 2.9.30 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "paid-membership 1.9.6 Arbitrary.Settings.Update.via.CSRF MEDIUM" "pago-redsys-tpv-grafreak 1.0.13 Reflected.Cross-Site.Scripting MEDIUM" "podcast-channels 0.28 Unauthenticated.Reflected.XSS MEDIUM" "pay-addons-for-elementor 1.2.1 Reflected.Cross-Site.Scripting MEDIUM" "product-category-tree No.known.fix Reflected.XSS HIGH" "product-category-tree No.known.fix CSRF MEDIUM" "producer-retailer No.known.fix Subscriber+.Privilege.Escalation CRITICAL" "product-layouts 1.1.4 Reflected.Cross-Site.Scripting MEDIUM" "print-science-designer No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "print-science-designer No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "print-science-designer 1.3.153 Unauthenticated.PHP.Object.Injection HIGH" "pdf-image-generator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "powerpack-elements 2.10.15 Contributor+.Privilege.Escalation HIGH" "powerpack-elements 2.10.18 Authenticated.(Contributor+).Privilege.Escalation HIGH" "powerpack-elements 2.10.8 Missing.Authorization.to.Settings.Reset HIGH" "powerpack-elements 2.10.8 Cross-Site.Request.Forgery.to.Plugin.Settings.Modification.and.Cross-Site.Scripting MEDIUM" "powerpack-elements 2.9.24 Reflected.Cross-Site.Scripting MEDIUM" "push-notification-by-feedify 2.4.6 Reflected.Cross-Site.Scripting MEDIUM" "push-notification-by-feedify 2.4.6 Reflected.XSS HIGH" "push-notification-by-feedify 2.4.3 Reflected.Cross-Site.Scripting MEDIUM" "push-notification-by-feedify 2.1.9 Reflected.Cross-Site.Scripting MEDIUM" "pirate-forms 2.6.0 Admin+.Stored.XSS LOW" "pirate-forms 2.6.0 Admin+.Stored.XSS LOW" "pirate-forms 2.6.1 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "pirate-forms 2.5.2 HTML.Injection.&.CSRF MEDIUM" "post-grid 2.3.7 Unauthenticated.User.Information.Exposure MEDIUM" "post-grid 2.3.6 Unauthenticated.Paid.Order.Creation MEDIUM" "post-grid 2.3.4 2.3.3.-.Unauthenticated.Privilege.Escalation CRITICAL" "post-grid 2.2.94 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-grid 2.2.90 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-grid 2.2.91 2.2.90.-.Subscriber+.Privilege.Escalation HIGH" "post-grid 2.2.93 Contributor+.Stored.XSS MEDIUM" "post-grid 2.2.88 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Accordion.Block MEDIUM" "post-grid 2.2.87 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-grid 2.2.86 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.redirectURL.Parameter.of.Date.Countdown.Widget MEDIUM" "post-grid 2.2.81 Combo.Blocks.<.2.2.81.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Block.Attribute MEDIUM" "post-grid 2.2.81 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-grid 2.2.81 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-grid 2.2.79 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "post-grid 2.2.76 Reflected.Cross-Site.Scripting MEDIUM" "post-grid 2.2.76 Unauthenticated.Password.Protected.Posts.Access MEDIUM" "post-grid 2.2.69 Information.Exposure.via.get_posts.API.Endpoint HIGH" "post-grid 2.2.65 Authenticated.(Contributor+).Cross-Site.Scripting MEDIUM" "post-grid 2.1.16 Reflected.Cross-Site.Scripting.via.keyword MEDIUM" "post-grid 2.1.16 Reflected.Cross-Site.Scripting.via.post_types MEDIUM" "post-grid 2.1.13 Contributor+.SQL.Injection MEDIUM" "post-grid 2.1.8 Reflected.Cross-Site.Scripting.(XSS) HIGH" "post-grid 2.0.73 Authenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "post-grid 2.0.73 PHP.Object.Injection HIGH" "password-for-wp 1.6 Stored.XSS.via.CSRF HIGH" "product-quantity-dropdown-for-woocommerce 1.3 Cross-Site.Request.Forgery MEDIUM" "peters-login-redirect 3.0.0.5 Reflected.Cross-Site.Scripting HIGH" "peters-login-redirect 2.9.2 Multiple.CSRF HIGH" "peters-login-redirect 2.9.1 Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "password-protected-woo-store 2.3 Unauthenticated.Arbitrary.Post.Tile.&.Content.Access MEDIUM" "publish-confirm-message 2.0 Settings.Update.via.CSRF MEDIUM" "post-type-x 1.8.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-type-x 1.8.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.show_products.Shortcode MEDIUM" "post-type-x 1.7.7 Sensitive.Information.Exposure.via.Product.CSV MEDIUM" "post-type-x 1.7.6 Cross-Site.Request.Forgery.via.ic_system_status MEDIUM" "post-type-x 1.7.0 Reflected.XSS HIGH" "post-type-x 1.5.13 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "post-type-x 1.5.13 Cross-Site.Request.Forgery MEDIUM" "piotnet-addons-for-elementor-pro No.known.fix Cross-Site.Request.Forgery MEDIUM" "piotnet-addons-for-elementor-pro No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "piotnet-addons-for-elementor-pro No.known.fix Missing.Authorization.to.Arbitrary.Post/Page.Deletion MEDIUM" "piotnet-addons-for-elementor-pro No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "piotnet-addons-for-elementor-pro No.known.fix Unauthenticated.Server-Side.Request.Forgery HIGH" "package-quantity-xforwc 1.2.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "premmerce-redirect-manager 1.0.12 Admin+.Stored.XSS MEDIUM" "premmerce-redirect-manager 1.0.10 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-redirect-manager 1.0.12 Admin+.Stored.XSS LOW" "premmerce-redirect-manager 1.0.11 Cross-Site.Request.Forgery MEDIUM" "premmerce-redirect-manager 1.0.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pootle-page-builder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pootle-page-builder No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pootle-page-builder 5.7.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "popup-by-supsystic 1.10.30 Admin+.Remote.Code.Execution MEDIUM" "popup-by-supsystic 1.10.28 Missing.Authorization MEDIUM" "popup-by-supsystic 1.10.20 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "popup-by-supsystic 1.10.19 Prototype.Pollution MEDIUM" "popup-by-supsystic 1.10.9 Unauthenticated.Subscriber.Email.Addresses.Disclosure HIGH" "popup-by-supsystic 1.10.5 Reflected.Cross-Site.scripting.(XSS) HIGH" "popup-by-supsystic 1.7.9 Cross-Site.Request.Forgery.(CSRF) HIGH" "powerpress-multisite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pie-forms-for-wp 1.5 Reflected.Cross-Site.Scripting MEDIUM" "pie-forms-for-wp 1.4.9.4 Admin+.Stored.Cross-Site.Scripting LOW" "pdf-viewer-for-wordpress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "push-notification-for-post-and-buddypress 2.12 Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "push-notification-for-post-and-buddypress 2.08 Reflected.Cross-Site.Scripting MEDIUM" "push-notification-for-post-and-buddypress 1.9.4 Multiple.Unauthenticated.SQLi HIGH" "pluginpass-pro-plugintheme-licensing No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "passbeemedia-web-push-notifications No.known.fix Reflected.XSS HIGH" "product-catalog-feed 2.2.0 Cross-Site.Request.Forgery MEDIUM" "product-catalog-feed 2.1.1 Reflected.XSS HIGH" "product-catalog-feed 2.1.1 Reflected.XSS HIGH" "portable-phpmyadmin No.known.fix /pma/phpinfo.php.Direct.Request.System.Information.Disclosure CRITICAL" "portable-phpmyadmin No.known.fix Multiple.Script.Direct.Request.Authentication.Bypass CRITICAL" "premmerce 1.3.18 Reflected.Cross-Site.Scripting MEDIUM" "premmerce 1.3.17 Cross-Site.Request.Forgery MEDIUM" "premmerce 1.3.16 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "puredevs-customer-history-for-woocommerce 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "puredevs-customer-history-for-woocommerce 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "popping-content-light No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "portfolio-filter-gallery 1.6.5 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "portfolio-filter-gallery 1.5.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "protected-posts-logout-button 1.4.6 Admin+.Stored.XSS LOW" "protected-posts-logout-button 1.4.5 Settings.Update.via.CSRF MEDIUM" "protected-posts-logout-button 1.4.6 Missing.Authorization MEDIUM" "prime-addons-for-elementor 2.0.2 Authenticated.(Contributor+).Insecure.Direct.Object.Reference.via.pae_global_block.Shortcode MEDIUM" "product-slider-for-woocommerce-lite No.known.fix Contributor+.Stored.XSS MEDIUM" "product-slider-for-woocommerce-lite 1.1.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "premmerce-woocommerce-toolkit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-toolkit No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "power-forms-builder No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "preloader-for-divi 1.5 Reflected.Cross-Site.Scripting MEDIUM" "preloader-for-divi 1.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pricing-table-addon-for-elementor No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "pdf-viewer-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.render MEDIUM" "pdf-viewer-for-elementor No.known.fix Arbitrary.JavaScript.Execution MEDIUM" "pdf-viewer-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-connector 1.0.10 Admin+.Stored.Cross-Site.Scripting MEDIUM" "post-connector 1.0.4 XSS MEDIUM" "publitio No.known.fix Contributor+.Arbitrary.File.Read MEDIUM" "publitio 2.1.9 Missing.Authorization MEDIUM" "publitio 2.1.9 Missing.Authorization MEDIUM" "progress-tracker No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "postpage-import-export-with-custom-fields-taxonomies 2.0.4 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "postpage-import-export-with-custom-fields-taxonomies 2.0.1 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "profile-extra-fields 1.2.8 Unauthenticated.Sensitive.Data.Disclosure MEDIUM" "profile-extra-fields 1.2.4 Reflected.Cross-Site.Scripting HIGH" "profile-extra-fields 1.0.7 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "post-slider-and-carousel 3.2.10 Admin+.Stored.XSS LOW" "post-slider-and-carousel 3.2.1 Reflected.Cross-Site.Scripting MEDIUM" "post-slider-and-carousel 2.1.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pc-robotstxt 1.10 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "picsmize No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "plugmatter-optin-feature-box-lite 2.0.14 Unauthenticated.Blind.SQL.Injection CRITICAL" "pods 3.2.8.2 Admin+.SQL.Injection MEDIUM" "pods 3.2.8.1 Admin+.Stored.XSS LOW" "pods 3.2.7.1 Admin+.Stored.XSS LOW" "pods 3.2.1.1 Contributor+.Stored.Cross-Site.Scripting.via.Pod.Form.Redirect.URL MEDIUM" "pods 3.1 Contributor+.Remote.Code.Execution HIGH" "pods 3.1 Contributor+.Pods/Users.Creation MEDIUM" "pods 3.1 Contributor+.SQLi MEDIUM" "pods 2.8.0 Reflected.Cross-Site.Scripting MEDIUM" "pods 2.9.11 Pods.Deletion.via.CSRF MEDIUM" "pods 2.7.29 Multiple.Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "pods 2.7.27 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "pods 2.7.27 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "photographer-directory 1.0.9 Subscriber+.Privilege.Escalation CRITICAL" "ptypeconverter No.known.fix Authenticated.(Editor+).SQL.Injection HIGH" "pdfjs-viewer-shortcode 2.2 Arbitrary.JavaScript.Execution MEDIUM" "pdfjs-viewer-shortcode 2.1.8 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "pdfjs-viewer-shortcode 2.0.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "pagemanager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "preloader-quotes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pepro-cf7-database No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "pepro-cf7-database 1.9.0 Cross-Site.Request.Forgery MEDIUM" "pepro-cf7-database 1.8.0 Unauthenticated.Stored.XSS HIGH" "property-hive-mortgage-calculator 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.price.Parameter MEDIUM" "powies-uptime-robot No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "post-meta-data-manager No.known.fix Authentciated.(Admin+).Multisite.Privilege.Escalation HIGH" "post-meta-data-manager 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-meta-data-manager 1.2.2 Cross-Site.Request.Forgery.to.Post,.Term,.and.User.Meta.Deletion MEDIUM" "post-meta-data-manager 1.2.1 Subscriber+.Privilege.Escalation HIGH" "post-meta-data-manager 1.2.1 Unauthenticated.Data.Deletion HIGH" "post-meta-data-manager 1.2.1 Missing.Authorization.to.Post,.Term,.and.User.Meta.Deletion MEDIUM" "pta-volunteer-sign-up-sheets 5.5.5 Authenticated.(Admin+).Stored.Cross-site.Scripting MEDIUM" "poll-builder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pushbiz No.known.fix Reflected.XSS HIGH" "podlove-web-player 5.7.4 Missing.Authorization.to.Unauthenticated.Information.Exposure MEDIUM" "podlove-web-player 5.7.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting HIGH" "pie-register 3.8.4.1 Sensitive.Information.Exposure.via.Log.Files MEDIUM" "pie-register 3.8.3.5 Basic.<=.3.8.3.4.-.Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Plugin.Installation.and.Activation/Deactivation HIGH" "pie-register 3.8.3.3 Unauthenticated.Arbitrary.File.Upload HIGH" "pie-register 3.8.2.3 Open.Redirect MEDIUM" "pie-register 3.8.1.3 Unauthenticated.Arbitrary.User.Deletion HIGH" "pie-register 3.7.2.4 Open.Redirect MEDIUM" "pie-register 3.1.7.6 Unauthenticated.Arbitrary.Login CRITICAL" "pie-register 3.7.1.6 Unauthenticated.SQL.Injection HIGH" "pie-register 3.7.0.1 Reflected.Cross-Site.Scripting.(XSS) HIGH" "pie-register 3.1.2 SQL.Injection CRITICAL" "pie-register 3.0.18 Unauthenticated.Cross-Site.Scripting.(XSS) CRITICAL" "podpress 8.8.10.17 players/1pixelout/1pixelout_player.swf.playerID.Parameter.XSS MEDIUM" "phpinfo-wp 6.0 Unauthenticated.Information.Exposure MEDIUM" "post-layouts No.known.fix Contributor+.Stored.XSS MEDIUM" "page-visit-counter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "page-visit-counter No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "powies-whois 0.9.33 Authenticated.Stored.Cross-Site.Scripting LOW" "portfolio-gallery 2.1.11 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "post-duplicator 2.36 Missing.Authorization MEDIUM" "post-duplicator 2.37 Authenticated.(Contributor+).Protected.Post.Disclosure MEDIUM" "post-duplicator 2.32 Missing.Authorization.via.mtphr_duplicate_post MEDIUM" "post-duplicator 2.27 Admin+.Stored.Cross-Site.Scripting LOW" "pre-party-browser-hints 1.8.20 Admin+.SQLi MEDIUM" "print-invoices-packing-slip-labels-for-woocommerce 4.7.2 Authenticated.(Shop.Manager+).Stored.Cross-Site.Scripting MEDIUM" "print-invoices-packing-slip-labels-for-woocommerce 4.4.3 Missing.Authorization.to.Unauthenticated.Settings.Reset MEDIUM" "print-invoices-packing-slip-labels-for-woocommerce 4.4.1 Reflected.Cross-Site.Scripting MEDIUM" "print-invoices-packing-slip-labels-for-woocommerce 4.4.2 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "print-invoices-packing-slip-labels-for-woocommerce 4.3.1 Subscriber+.Arbitrary.Order.Export MEDIUM" "print-invoices-packing-slip-labels-for-woocommerce 4.3.0 Shop.Manager+.Arbitrary.Options.Update HIGH" "pubydoc-data-tables-and-charts No.known.fix Admin+.Stored.XSS MEDIUM" "pondol-carousel No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "product-size-chart-for-woo 1.1.6 Settings.Update.via.CSRF MEDIUM" "popup-modal-for-youtube No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "premmerce-woocommerce-multi-currency 2.3.5 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-multi-currency 2.3.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "profile-builder 3.13.9 Unauthenticated.Content.Spoofing MEDIUM" "profile-builder 3.13.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.user_meta.and.compare.Shortcodes MEDIUM" "profile-builder 3.13.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "profile-builder 3.13.0 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "profile-builder 3.11.9 Unauthenticated.Privilege.Escalation CRITICAL" "profile-builder 3.12.2 Admin+.Stored.Cross.Site.Scripting LOW" "profile-builder 3.11.8 Unauthenticated.Media.Upload MEDIUM" "profile-builder 3.11.3 Restricted.Email.Bypass MEDIUM" "profile-builder 3.10.9 Missing.Authorization.to.Plugin.Settings.Change.via.wppb_two_factor_authentication_settings_update HIGH" "profile-builder 3.10.8 Contributor+.User.Metadata.Disclosure MEDIUM" "profile-builder 3.10.4 Plugins.Activation/Deactivation.CSRF MEDIUM" "profile-builder 3.9.8 Unauthenticated.Plugin's.Pages.Creation MEDIUM" "profile-builder 3.9.1 Unauthorised.Password.Reset HIGH" "profile-builder 3.9.1 Subscriber+.Arbitrary.User.Meta.Disclosure MEDIUM" "profile-builder 3.6.1 Settings.Import.via.CSRF LOW" "profile-builder 3.6.8 Admin+.Stored.Cross-Site.Scripting LOW" "profile-builder 3.6.2 Reflected.Cross-Site.Scripting MEDIUM" "profile-builder 3.5.1 Reflected.Cross-Site.Scripting MEDIUM" "profile-builder 3.4.9 Admin.Access.via.Password.Reset CRITICAL" "profile-builder 3.4.8 Authenticated.Stored.XSS MEDIUM" "profile-builder 3.3.3 Authenticated.Blind.SQL.Injection MEDIUM" "profile-builder 3.1.1 User.Registration.With.Administrator.Role CRITICAL" "profile-builder 2.5.8 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "profile-builder 2.4.2 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "profile-builder 2.4.1 Privilege.Escalation HIGH" "profile-builder 2.2.5 XSS MEDIUM" "profile-builder 2.1.4 Missing.Access.Controls HIGH" "profile-builder 2.0.3 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "profile-builder 1.1.60 Password.Recovery.Bypass MEDIUM" "profile-builder 1.1.66 Multiple.XSS MEDIUM" "plugmatter-pricing-table No.known.fix Reflected.Cross-Site.Scripting HIGH" "product-gtin-ean-upc-isbn-for-woocommerce No.known.fix Contributor+.Stored.XSS MEDIUM" "pet-manager No.known.fix Reflected.XSS HIGH" "pet-manager No.known.fix Contributor+.Stored.XSS MEDIUM" "product-notices-for-woocommerce No.known.fix Cross-Site.Request.Forgery MEDIUM" "promolayer-popup-builder 1.1.1 Missing.Authorization MEDIUM" "post-to-csv 1.4.1 Author+.CSV.Injection MEDIUM" "post-to-csv 1.3.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "propovoice No.known.fix Unauthenticated.Insecure.Direct.Object.Reference MEDIUM" "propovoice 1.7.6.3 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "photoswipe-masonry 1.2.15 Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "per-page-add-to 1.4.4 CSRF.to.Stored.XSS HIGH" "per-page-add-to No.known.fix Authenticated.Stored.XSS LOW" "post-grid-elementor-addon 2.0.19 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-grid-elementor-addon 2.0.17 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.title_tag MEDIUM" "product-delivery-date-for-woocommerce-lite 2.8.1 Lite.<.2.8.1.-.Reflected.Cross-Site.Scripting MEDIUM" "product-delivery-date-for-woocommerce-lite 2.7.4 Reflected.Cross-Site.Scripting MEDIUM" "product-delivery-date-for-woocommerce-lite 2.7.3 Missing.Authorization MEDIUM" "product-delivery-date-for-woocommerce-lite 2.7.1 Missing.Authorization MEDIUM" "performance-kit No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "private-messages-for-wordpress No.known.fix Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "private-messages-for-wordpress No.known.fix Arbitrary.Message.Sent.via.CSRF MEDIUM" "post-views-counter 1.4.5 Cross-Site.Request.Forgery.via.save_bulk_post_views() MEDIUM" "post-views-counter 1.3.5 Authenticated.Stored.XSS LOW" "popup-anything-on-click 2.8.1 Missing.Authorization MEDIUM" "popup-anything-on-click 2.2.2 Popup.Settings.Reset.via.CSRF MEDIUM" "popup-anything-on-click 2.1.7 Reflected.Cross-Site.Scripting MEDIUM" "popup-anything-on-click 2.0.4 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "pipdisqus No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "product-page-shipping-calculator-for-woocommerce 1.3.26 Admin+.Stored.XSS LOW" "product-page-shipping-calculator-for-woocommerce 1.3.21 Admin+.Stored.XSS LOW" "perfect-woocommerce-brands 2.0.5 Subscriber+.Sensitive.Information.Disclosure MEDIUM" "perfect-woocommerce-brands 2.0.5 Subscriber+.Arbitrary.Brand.Creation MEDIUM" "premmerce-woocommerce-wishlist 1.1.10 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-wishlist 1.1.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "premmerce-woocommerce-wishlist 1.1.2 Subscriber+.Arbitrary.Option.Update CRITICAL" "paytium 4.4.12 Unauthenticated.Full.Path.Disclosure MEDIUM" "paytium 4.4.11 Missing.Authorization MEDIUM" "paytium 4.4.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "paytium 4.3.7 Admin+.Stored.XSS LOW" "paytium 3.1.2 Stored.Cross-Site.Scripting.(XSS) CRITICAL" "plainview-protect-passwords No.known.fix Reflected.XSS HIGH" "plainview-protect-passwords No.known.fix Cross-Site.Request.Forgery MEDIUM" "payu-india No.known.fix Authentication.Bypass CRITICAL" "payu-india 3.8.4 Unauthenticated.Privilege.Escalation CRITICAL" "payu-india No.known.fix Reflected.Cross-Site.Scripting.via.type HIGH" "product-expiry-for-woocommerce 2.6 Subscriber+.Settings.Update MEDIUM" "pondol-formmail No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "photo-feed No.known.fix Reflected.XSS HIGH" "pocket-news-generator No.known.fix .Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "pocket-news-generator No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "popup-with-fancybox 3.6 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "pmpro-register-helper 1.8.1 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "prayer-times-anywhere No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "post-meta 1.1.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "profiler-what-slowing-down No.known.fix Missing.Authentication.to.Unauthenticated.Arbitrary.Plugin.Reactivation.via.State.Restoration MEDIUM" "page-health-o-meter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pricing-table No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "pdq-csv 2.0.0 Admin+.Stored.Cross-Site.Scripting LOW" "paypal-payment-button-by-vcita 3.30.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "paypal-payment-button-by-vcita 3.30.0 Contributor+.Stored.XSS MEDIUM" "paypal-payment-button-by-vcita 3.20.0 CSRF.to.Stored.XSS.in.settings.page MEDIUM" "paypal-payment-button-by-vcita 3.10.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "push-notification-for-wp-by-pushassist No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "push-notification-for-wp-by-pushassist No.known.fix Reflected.Cross-Site.Scripting HIGH" "publish-to-schedule 4.5.5 Admin+.Stored.XSS LOW" "planyo-online-reservation-system No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "podiant No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "pdf-print 2.0.3 Unauthenticated.Cross-Site-Scripting.(XSS) MEDIUM" "pdf-print 1.9.4 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "post-in-page-for-elementor 1.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "phzoom No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "patron-button-and-widgets-by-codebard No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "patron-button-and-widgets-by-codebard 2.2.0 Cross-Site.Request.Forgery MEDIUM" "patron-button-and-widgets-by-codebard 2.2.0 Reflected.XSS MEDIUM" "patron-button-and-widgets-by-codebard 2.1.9 Reflected.XSS HIGH" "process-steps-template-designer 1.3 CSRF.to.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "pretty-grid 1.0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "polls-widget No.known.fix Admin+.Stored.XSS LOW" "polls-widget 1.5.3 Unauthenticated.Blind.SQL.Injection CRITICAL" "posti-shipping 3.10.4 Cross-Site.Request.Forgery MEDIUM" "posti-shipping 3.10.4 Reflected.Cross-Site.Scripting MEDIUM" "posti-shipping 3.10.3 Full.Path.Disclosure MEDIUM" "push-notifications-for-wp 6.0.1 Settings.Update.via.CSRF MEDIUM" "polldaddy No.known.fix Cross-Site.Request.Forgery MEDIUM" "polldaddy 3.1.0 Rating.Update.via.CSRF MEDIUM" "polldaddy 3.1.0 Reflected.Cross-Site.Scripting HIGH" "polldaddy 3.0.10 Contributor+.Rating.Settings.Update MEDIUM" "polldaddy 3.0.8 Reflected.Cross-Site.Scripting MEDIUM" "persian-woocommerce 9.0.0 Missing.Authorization MEDIUM" "persian-woocommerce 5.9.8 Reflected.Cross-Site.Scripting MEDIUM" "pricing-deals-for-woocommerce No.known.fix Missing.Authorization.via.vtprd_ajax_clone_rule MEDIUM" "pricing-deals-for-woocommerce 2.0.3 Unauthenticated.SQLi HIGH" "post-expirator 2.6.0 Contributor+.Arbitrary.Post.Schedule.Deletion HIGH" "pmpro-membership-maps 0.7 Membership.Maps.Add.On.<.0.7.-.Contributor+.Sensitive.Information.Disclosure MEDIUM" "preloader-plus No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "preloader-plus 2.1 Reflected.Cross-Site.Scripting MEDIUM" "printcart-integration 2.4.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "printcart-integration No.known.fix Unauthenticated.SQL.Injection HIGH" "payment-forms-for-paystack 4.0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "payment-forms-for-paystack 4.0.2 Authenticated.(Administrator+).SQL.Injection MEDIUM" "payment-forms-for-paystack 4.0.0 Contributor+.Stored.XSS MEDIUM" "pinterest-pin-it-button-on-image-hover-and-post 3.4 Subscriber+.Arbitrary.Settings.Update MEDIUM" "post-carousel-slider-for-elementor 1.6.0 Contributor+.Stored.XSS MEDIUM" "pcrecruiter-extensions 1.4.23 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "personal-favicon No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "print-my-blog 3.27.1 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "print-my-blog 3.26.3 Missing.Authorization MEDIUM" "print-my-blog 3.25.2 Reflected.Cross-Site.Scripting MEDIUM" "print-my-blog 3.11.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "print-my-blog 3.4.2 Plugin.Deactivation.via.CSRF MEDIUM" "print-my-blog 1.6.6 Unauthenticated.Server.Side.Request.Forgery.(SSRF) CRITICAL" "product-delivery-date 1.1.5 Reflected.Cross-Site.Scripting MEDIUM" "photo-video-gallery-master No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "parallaxer-lite-parallax-effects-on-images No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pdf-viewer 1.0.0 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "post-pay-counter 2.790 Reflected.XSS HIGH" "post-pay-counter 2.731 PHP.Obj.Injection.&.Access.Control.Issues CRITICAL" "page-or-post-clone 6.1 Insecure.Direct.Object.Reference.to.Authenticated.(Author+).Sensitive.Information.Exposure MEDIUM" "pretty-file-links No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "playlist-for-youtube 1.40 Editor+.Stored.XSS LOW" "policy-genius No.known.fix Reflected.XSS HIGH" "paged-gallery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "profile-builder-pro 3.10.1 Cross-Site.Request.Forgery HIGH" "profile-builder-pro 3.10.1 Authenticated.(Subscriber+).Time-Based.One-Time.Password.Sensitive.Information.Exposure MEDIUM" "profile-builder-pro 3.10.1 Reflected.Cross-Site.Scripting MEDIUM" "profile-builder-pro 3.6.2 Reflected.Cross-Site.Scripting MEDIUM" "profile-builder-pro 3.3.3 Authenticated.Blind.SQL.Injection MEDIUM" "profile-builder-pro 3.1.1 User.Registration.With.Administrator.Role CRITICAL" "pallet-packaging-for-woocommerce 1.1.16 Missing.Authorization MEDIUM" "post-to-google-my-business 3.1.14 Reflected.Cross-Site.Scripting MEDIUM" "post-to-google-my-business 3.0.10 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pricing-tables-for-wpbakery-page-builder 3.0 Contributor+.Stored.XSS MEDIUM" "pricing-tables-for-wpbakery-page-builder 3.0 Subscriber+.LFI HIGH" "post-thumbnail-editor No.known.fix Sensitive.Information.Exposure MEDIUM" "powerpack-addon-for-beaver-builder 1.3.1 Reflected.Cross-Site.Scripting.via.Navigate.Parameter MEDIUM" "powerpack-addon-for-beaver-builder 1.3.0.4 Authenticated.(Editor+).Local.File.Inclusion HIGH" "powerpack-addon-for-beaver-builder 1.3.0.5 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "powerpack-addon-for-beaver-builder 1.3.0.1 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.element.link MEDIUM" "powerpack-addon-for-beaver-builder 1.2.9.1 Reflected.Cross-Site.Scripting MEDIUM" "powerpack-addon-for-beaver-builder 1.2.9.3 Reflected.Cross-Site.Scripting MEDIUM" "preferred-languages 2.3.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "pdf24-post-to-pdf No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "pollin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pollin No.known.fix Authenticated.(Admin+).SQL.Injection MEDIUM" "power-ups-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "power-ups-for-elementor 1.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "postie 1.9.41 Post.Submission.Spoofing.&.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "porsline 1.1 Contributor+.SQL.Injection MEDIUM" "pagebar 2.70 Arbitrary.Settings.Update.via.CSRF.to.Stored.XSS MEDIUM" "posts-table-filterable 1.0.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.tableon_popup_iframe_button.Shortcode MEDIUM" "posts-table-filterable 1.0.4 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "posts-table-filterable No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "posts-table-filterable No.known.fix Missing.Authorization MEDIUM" "posts-table-filterable 1.0.1 Reflected.Cross-Site.Scripting MEDIUM" "parcel-tracker-ecourier 1.0.2 Plugin's.Settings.Update.via.CSRF MEDIUM" "pie-register-premium 3.8.3.3 Missing.Authorization MEDIUM" "pie-register-premium 3.8.3.3 Authenticated.(Subscriber+).Limited.File.Deletion MEDIUM" "pie-register-premium 3.8.3.3 Unauthenticated.Arbitrary.File.Upload CRITICAL" "pie-register-premium 3.8.3.3 Unauthenticated.Cross-Site.Scripting MEDIUM" "pie-register-premium 3.8.3.3 Missing.Authorization MEDIUM" "post-from-frontend No.known.fix Post.Deletion.via.CSRF MEDIUM" "php-compatibility-checker 1.6.0 Cross-Site.Request.Forgery MEDIUM" "pb-mailcrypt-antispam-email-encryption No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pesapal-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "perfect-font-awesome-integration 2.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "perfect-font-awesome-integration 2.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "polylang-supertext No.known.fix Stored.XSS.via.CSRF HIGH" "page-views-count 2.8.5 2.8.4.-.Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Options.Update HIGH" "page-views-count 2.6.1 Contributor+.Stored.XSS MEDIUM" "page-views-count 2.5.6 Settings.Reset.via.CSRF MEDIUM" "page-views-count 2.4.15 Unauthenticated.SQL.Injection HIGH" "page-views-count 2.4.9 Contributor+.Stored.XSS MEDIUM" "pakkelabels-for-woocommerce 5.0.4 Missing.Authorization.to.Authenticated.(Customer+).Information.Disclosure MEDIUM" "progressive-license No.known.fix CSRF.to.Stored.XSS MEDIUM" "proofreading 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "proofreading 1.1 Reflected.XSS HIGH" "product-blocks 4.2.5 Missing.Authorization MEDIUM" "product-blocks 3.1.5 PHP.Object.Injection.via.wopb_wishlist.and.wopb_compare CRITICAL" "product-blocks 3.0.0 Missing.Authorization.via.option_data_save MEDIUM" "parallax-slider-block 1.2.6 Author+.Stored.XSS MEDIUM" "phpsword-favicon-manager No.known.fix Authenticated.(Admin+).Arbitrary.File.Upload CRITICAL" "page-takeover 1.1.7 Admin+.Stored.XSS LOW" "private-files No.known.fix Protection.Disabling.via.CSRF MEDIUM" "perelandra-sermons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "perelandra-sermons No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "perelandra-sermons No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "post-by-email No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "profilepress-pro 4.11.2 Pro.<.4.11.2.-.Authentication.Bypass HIGH" "photoshelter-official-plugin No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "podcast-importer-secondline 1.3.8 Admin+.SQLi MEDIUM" "podcast-importer-secondline 1.1.5 Server-Side.Request.Forgery.(SSRF) MEDIUM" "pretty-url No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pretty-url No.known.fix Cross-Site.Request.Forgery MEDIUM" "pretty-url No.known.fix Admin+.Stored.XSS.in.plugin.settings LOW" "pixnet No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "paypal-pay-buy-donation-and-cart-buttons-shortcode No.known.fix Admin+.Stored.XSS LOW" "paypal-pay-buy-donation-and-cart-buttons-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "paypal-pay-buy-donation-and-cart-buttons-shortcode No.known.fix .Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "payform No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "pdf-catalog-woocommerce 3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "payment-gateway-stripe-and-woocommerce-integration 3.8.0 Unauthenticated.SQL.Injection CRITICAL" "payment-gateway-stripe-and-woocommerce-integration 3.8.0 Unauthenticated.WC.Order.Status.Update MEDIUM" "payment-gateway-stripe-and-woocommerce-integration 3.7.8 Authentication.Bypass HIGH" "payment-gateway-stripe-and-woocommerce-integration 3.6.0 Reflected.Cross-Site.Scripting.(XSS) HIGH" "page-builder-sandwich No.known.fix Missing.Authorization MEDIUM" "page-builder-sandwich No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "page-builder-sandwich No.known.fix Missing.Authorization.to.Authenticated(Subscriber+).Arbitrary.Post.Editing MEDIUM" "page-builder-sandwich No.known.fix Sensitive.Information.Exposure MEDIUM" "page-builder-sandwich No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "page-builder-sandwich 4.5.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pmpro-mailchimp 2.3.5 Unauthenticated.Information.Disclosure MEDIUM" "protect-uploads-with-login-page No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "protect-uploads-with-login-page No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "permalink-finder No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "project-panorama-lite No.known.fix Admin+.Stored.XSS LOW" "project-panorama-lite 1.5.1 WordPress.Project.Management.<.1.5.1.-.Admin+.Stored.XSS LOW" "product-table-for-woocommerce 1.2.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "popupally 2.1.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "popupally 2.1.2 Admin+.Stored.XSS LOW" "popupally 2.1.1 Cross-Site.Request.Forgery.via.optin_submit_callback MEDIUM" "popup-seo-optimized No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "postmash-custom No.known.fix Unauthenticated.SQL.Injection CRITICAL" "push-envoy No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "peepso-core No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "peepso-core 6.4.6.2 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "peepso-core 6.4.6.1 Unauthenticated.Full.Path.Disclosure MEDIUM" "peepso-core 6.4.6.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.content.Parameter MEDIUM" "peepso-core 6.4.6.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "peepso-core 6.2.7.1 Unauthenticated.Sensitive.Information.Disclosure.via.Log.file MEDIUM" "peepso-core 6.3.1.2 User.Post.Creation.via.CSRF MEDIUM" "peepso-core 6.3.1.2 Reflected.XSS HIGH" "peepso-core 6.2.7.0 Reflected.Cross-Site.Scripting HIGH" "peepso-core 6.2.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "peepso-core 6.2.0.0 Cross-Site.Request.Forgery.via.delete MEDIUM" "peepso-core 6.0.3.0 Multiple.CSRF MEDIUM" "peepso-core 1.6.1 Authenticated.Privilege.Escalation HIGH" "pj-news-ticker 1.9.6 Contributor+.Stored.XSS MEDIUM" "page-list 5.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "page-list 5.3 Contributor+.Stored.XSS MEDIUM" "pressference-exporter No.known.fix Authenticated.(Administrator+).SQL.Injection HIGH" "postify-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "product-lister-walmart No.known.fix Unauthenticated.RCE.via.Outdated.PHPUnit CRITICAL" "private-google-calendars 20240106 Contributor+.Stored.XSS MEDIUM" "page-builder-add 1.5.2.1 Authenticated.(Editor+).Local.File.Inlcusion HIGH" "page-builder-add 1.5.1.9 Reflected.Cross-Site.Scripting.via.pageType MEDIUM" "page-builder-add 1.5.1.8 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "page-builder-add 1.5.1.6 Open.Redirect MEDIUM" "page-builder-add 1.5.1.3 Admin+.Stored.XSS LOW" "page-builder-add 1.4.9.9 Contributor+.Cross-Site.Scripting.via.Shortcode MEDIUM" "page-builder-add 1.4.9.6 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "post-snippets 4.0.4 Reflected.Cross-Site.Scripting MEDIUM" "post-snippets 4.0.3 Admin+.Stored.XSS LOW" "post-snippets 3.1.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "post-snippets 3.1.4 CSRF.to.Stored.Cross-Site.Scripting HIGH" "post-snippets 3.0.4 Subscriber+.Arbitrary.Option.Update CRITICAL" "pwa-for-wp 1.7.73 Missing.Authorization MEDIUM" "pwa-for-wp 1.7.72 PWA.For.WP.&.AMP.<.1,7,72.Administrator+.Stored.XSS LOW" "pwa-for-wp 1.7.33 Authenticated.(Subscriber+).Settings.Change MEDIUM" "pwa-for-wp 1.7.33 Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "product-table No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "product-table No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pcloud-backup No.known.fix Missing.Authorization MEDIUM" "pagination 1.2.3 Admin+.Stored.XSS LOW" "pagination 1.0.7 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "planaday-api 11.5 Reflected.Cross-Site.Scripting MEDIUM" "print-google-cloud-print-gcp-woocommerce 4.5.4 Missing.Authorization.via.showTemplatePreview() MEDIUM" "print-google-cloud-print-gcp-woocommerce 4.5.6 Cross-Site.Request.Forgery.to.Cross-Site.Scripting.via.process.php MEDIUM" "print-google-cloud-print-gcp-woocommerce 4.5.4 Unauthenticated.WC.Order.Data.Access MEDIUM" "print-google-cloud-print-gcp-woocommerce 4.5.4 Printer.Settings.Update.via.CSRF MEDIUM" "popup-maker 1.20.5 Contributor+.Stored.XSS.via.popupID.Parameter MEDIUM" "popup-maker 1.20.3 Contributor+.Stored.XSS MEDIUM" "popup-maker 1.20.3 Contributor+.Stored.XSS MEDIUM" "popup-maker 1.20.0 Missing.Authorization MEDIUM" "popup-maker 1.19.1 Admin+.Stored.XSS LOW" "popup-maker 1.19.1 Contributor+.Stored.XSS MEDIUM" "popup-maker 1.18.3 Contributor+.Stored.XSS MEDIUM" "popup-maker 1.16.11 Contributor+.Stored.Cross.Site.Scripting MEDIUM" "popup-maker 1.16.9 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "popup-maker 1.16.9 Contributor+.Stored.XSS.via.Subscription.Form MEDIUM" "popup-maker 1.16.5 Admin+.Stored.Cross-Site.Scripting LOW" "popup-maker 1.8.13 Multiple.Vulnerabilities CRITICAL" "popup-maker 1.8.3 Subscriber+.Arbitrary.Option.Update CRITICAL" "popup-maker 1.6.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "preprocess-dezrez No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "preprocess-dezrez No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "post-saint No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "pb-seo-friendly-images No.known.fix Admin+.Stored.XSS LOW" "pandavideo 1.4.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "pandavideo 1.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "podclankova-inzerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "product-tabs-for-woocommerce 1.7.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "player No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "player No.known.fix Reflected.XSS HIGH" "posts-date-ranges No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "portfolio-wp 2.1.0 Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "product-customizer-light No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "printus-cloud-printing-for-woocommerce 1.2.7 Missing.Authorization MEDIUM" "printus-cloud-printing-for-woocommerce 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "pjw-mime-config No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "product-shipping-countdown-free-version No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "product-shipping-countdown-free-version No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "postman-smtp No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "post-list-designer 3.3.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "post-list-designer 3.3.1 Reflected.Cross-Site.Scripting MEDIUM" "post-list-designer 3.2 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "post-list-designer 2.1.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "platformly 1.14 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "pdf-invoices-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pardot 2.1.1 Missing.Authorization MEDIUM" "photo-video-store No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "photo-video-store No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "pagopar-woocommerce-gateway 2.8.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "post-custom-templates-lite No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "post-custom-templates-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "project-status No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "planning-center-online-giving No.known.fix Contributor+.XSS.via.Shortcode MEDIUM" "premmerce-woocommerce-brands 1.2.13 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-brands 1.2.12 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "popup-manager No.known.fix Unauthenticated.Stored.XSS HIGH" "popup-manager No.known.fix Unauthenticated.Arbitrary.Popup.Deletion MEDIUM" "photoxhibit No.known.fix Reflected.XSS.Issues MEDIUM" "pricer-ninja-pricing-tables No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "posten-post-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pepro-bacs-receipt-upload-for-woocommerce 2.7.0 Reflected.Cross-Site.Scripting MEDIUM" "pdf-for-woocommerce 5.4.0 Authenticated.(Administrator+).SQL.Injection MEDIUM" "pdf-for-woocommerce 4.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "photoblocks-grid-gallery 1.3.0 Reflected.Cross-Site.Scripting MEDIUM" "photoblocks-grid-gallery 1.2.9 Cross-Site.Request.Forgery MEDIUM" "photoblocks-grid-gallery 1.2.7 Contributor+.Stored.XSS MEDIUM" "photoblocks-grid-gallery 1.2.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "photoblocks-grid-gallery 1.2.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "photoblocks-grid-gallery 1.1.43 Authenticated.Reflected.XSS HIGH" "photoblocks-grid-gallery 1.1.41 Unauthenticated.Reflected.XSS MEDIUM" "payplus-payment-gateway 7.0.8 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "payplus-payment-gateway 6.6.9 Reflected.Cross-Site.Scripting MEDIUM" "payplus-payment-gateway 6.6.9 Unauthenticated.SQLi HIGH" "persian-nested-showhide-text No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pure-css-circle-progress-bar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pdf-invoices-and-packing-slips-for-woocommerce 1.3.8 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "pz-frontend-manager 1.0.6 CSRF.change.user.profile.picture MEDIUM" "protect-your-content No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "plestar-directory-listing No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "post-types-carousel-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "post-types-carousel-slider 1.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "psw-login-and-registration No.known.fix Unauthenticated.Account.Takeover/Privilege.Escalation CRITICAL" "psw-login-and-registration No.known.fix Authentication.Bypass CRITICAL" "promobar 1.1.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "platinum-seo-pack No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "popup-contact-form No.known.fix Admin+.Stored.XSS LOW" "popup-contact-form No.known.fix Admin+.Stored.XSS LOW" "pdf-embedder 4.8.0 Arbitrary.JavaScript.Execution MEDIUM" "pdf-embedder 4.7.1 Contributor+.Stored.XSS MEDIUM" "product-blocks-for-woocommerce 2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-pinterest No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-pinterest No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "perelink No.known.fix Settings.Update.via.CSRF MEDIUM" "product-lister-ebay No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "paytm-payments 2.7.7 Editor+.SQLi MEDIUM" "pdf-thumbnail-generator 1.4 Reflected.Cross-Site.Scripting MEDIUM" "preview-link-generator 1.0.4 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "posts-reminder No.known.fix Settings.Update.via.CSRF MEDIUM" "page-and-post-restriction 1.3.7 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "page-and-post-restriction 1.3.5 Unauthenticated.Protected.Post.Access MEDIUM" "page-and-post-restriction 1.2.7 Admin+.Stored.Cross-Site.Scripting LOW" "post-author No.known.fix Cross-Site.Request.Forgery MEDIUM" "popup4phone No.known.fix Editor+.Stored.XSS LOW" "popup4phone No.known.fix Unauthenticated.Stored.XSS HIGH" "post-list-with-featured-image No.known.fix Reflected.XSS HIGH" "play-ht No.known.fix Missing.Authorization MEDIUM" "play-ht No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "play-ht No.known.fix Missing.Authorization MEDIUM" "play-ht No.known.fix Cross-Site.Request.Forgery MEDIUM" "printfriendly 5.5.2 Admin+.Stored.XSS LOW" "printfriendly 5.2.3 Admin+.Stored.Cross-Site.Scripting LOW" "postaffiliatepro 1.26.10 Admin+.Stored.XSS LOW" "pixfields 0.7.1 Arbitrary.Settings.Update.via.CSRF MEDIUM" "pixfields No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "post-read-time No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "post-category-image-with-grid-and-slider 1.4.8 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "pagelayer 2.0.1 Reflected.Cross-Site.Scripting.via.login_url.Parameter MEDIUM" "pagelayer 2.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Link MEDIUM" "pagelayer 2.0.0 Missing.Authorization.to.Authenticated.(Contributor+).Post.Publication MEDIUM" "pagelayer 1.9.9 Authenticated.(Contributor+).Private.Post.Disclosure.in.pagelayer_builder_posts_shortcode MEDIUM" "pagelayer 1.9.9 Cross-Site.Request.Forgery.(CSRF).To.Post.Contents.Modification MEDIUM" "pagelayer 1.9.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pagelayer 1.9.0 Admin+.Stored.XSS LOW" "pagelayer 1.8.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "pagelayer 1.8.8 Admin+.Stored.XSS LOW" "pagelayer 1.8.2 Missing.Authorization MEDIUM" "pagelayer 1.8.5 Contributor+.Stored.XSS MEDIUM" "pagelayer 1.8.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Custom.Attributes MEDIUM" "pagelayer 1.8.3 Contributor+.Stored.XSS MEDIUM" "pagelayer 1.8.0 Author+.Stored.XSS LOW" "pagelayer 1.7.9 Contributor+.Stored.XSS MEDIUM" "pagelayer 1.8.1 Admin+.Stored.XSS LOW" "pagelayer 1.7.7 Unauthenticated.Stored.XSS HIGH" "pagelayer 1.7.8 Author+.Stored.XSS MEDIUM" "pagelayer 1.7.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pagelayer 1.3.5 Multiple.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "pagelayer 1.1.2 Drag.and.Drop.website.builder.<.1.1.2.-.CSRF.leading.to.XSS HIGH" "pagelayer 1.1.2 Drag.and.Drop.website.builder.<.1.1.2.-.Unprotected.AJAX's.leading.to.XSS HIGH" "plugins-list 2.5.1 Admin+.Stored.XSS LOW" "plugins-on-steroids No.known.fix Missing.Authorization MEDIUM" "plugins-on-steroids 4.1.3 Missing.Authorization.via.update_options MEDIUM" "pagepost-content-shortcode No.known.fix Contributor+.Arbitrary.Posts/Pages.Access MEDIUM" "post-slider-carousel 1.0.21 Admin+.Stored.XSS LOW" "pgall-for-woocommerce 5.3.3 Cross-Site.Request.Forgery MEDIUM" "pgall-for-woocommerce 5.2.2 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "pgall-for-woocommerce 5.2.3 Reflected.Cross-Site.Scripting.via.add_query_arg.Function MEDIUM" "pgall-for-woocommerce 5.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.pafw_instant_payment.Shortcode MEDIUM" "processing-projects No.known.fix Authenticated.(Shop.Manager+).Arbitrary.File.Upload HIGH" "processing-projects No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "powerpress 11.12.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting HIGH" "powerpress 11.12.6 Contributor+.Stored.XSS MEDIUM" "powerpress 11.12.7 Contributor+.SSRF LOW" "powerpress 11.9.18 Author+.XSS.via.Podcast.URL MEDIUM" "powerpress 11.9.19 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.skipto.Shortcode MEDIUM" "powerpress 11.9.18 Author+.XSS MEDIUM" "powerpress 11.9.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.media_url.Parameter MEDIUM" "powerpress 11.9.6 Injected.Backdoor CRITICAL" "powerpress 11.0.12 Contributor+.Stored.XSS HIGH" "powerpress 11.0.7 Contributor+.SSRF MEDIUM" "powerpress 10.0.2 Contributor+.Stored.XSS MEDIUM" "powerpress 10.0.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "powerpress 8.3.8 Authenticated.Arbitrary.File.Upload.leading.to.RCE CRITICAL" "powerpress 6.0.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "powerpress 6.0.1 Cross-Site.Scripting.(XSS) CRITICAL" "plainview-activity-monitor 20180826 Remote.Command.Execution.(RCE) HIGH" "postmagthemes-demo-import 1.0.8 Admin+.Arbitrary.File.Upload MEDIUM" "photo-image-gallery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pretix-widget 1.0.6 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "pixcodes 2.3.7 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.5.3 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.5.2 Missing.Authorization MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.5.1 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.4.9 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.4.6 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "profilegrid-user-profiles-groups-and-communities 5.9.4.5 Missing.Authorinzation.to.Authenticated.(Subscriber+).Join.Group.Requests.Management MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.4.8 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.4.4 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "profilegrid-user-profiles-groups-and-communities 5.9.4.3 Insecure.Direct.Object.Reference.to.Authenticated.(Subscriber+).Private.Messages.Disclosure MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.4.3 Authenticated.(Subscriber+).Limited.Server-Side.Request.Forgery MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.3.7 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.User.Meta.Deletion MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.3.1 Cross-Site.Request.Forgery MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.0 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.0 Authenticated.(Subscriber+).Authorization.Bypass.to.Privilege.Escalation HIGH" "profilegrid-user-profiles-groups-and-communities 5.8.8 Missing.Authorization MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.8.7 Missing.Authorization MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.7.2 Authenticated.(Contributor+).SQL.Injection MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.8.0 Insecure.Direct.Object.Reference MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.8.0 Insecure.Direct.Object.Reference MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.8.3 Bypass.Group.Members.Limit MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.8.4 Missing.Authorization MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.7.9 Cross-Site.Request.Forgery MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.7.7 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.7.9 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "profilegrid-user-profiles-groups-and-communities 5.7.9 Unauthenticated.SQL.Injection CRITICAL" "profilegrid-user-profiles-groups-and-communities 5.7.3 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.6.7 Missing.Authorization MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.7.2 Cross-Site.Request.Forgery MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.5.3 Group.Owner+.Unauthorized.Data.Modification HIGH" "profilegrid-user-profiles-groups-and-communities 5.5.2 Subscriber+.Unauthorized.Data.Modification MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.5.2 Subscriber+.Arbitrary.Option.Update HIGH" "profilegrid-user-profiles-groups-and-communities 5.3.1 Subscriber+.Arbitrary.Password.Reset HIGH" "profilegrid-user-profiles-groups-and-communities 5.1.8 Subscriber+.CSV.Injection MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.0.4 Subscriber+.Private.Message.Read/Edition MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.1.1 Reflected.Cross-Site.Scripting MEDIUM" "profilegrid-user-profiles-groups-and-communities 4.7.5 Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "profilegrid-user-profiles-groups-and-communities 2.8.6 Authenticated.Code.Execution HIGH" "premmerce-woocommerce-product-filter 3.7.3 Missing.Authorization MEDIUM" "premmerce-woocommerce-product-filter 3.7.2 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-product-filter 3.6.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "premmerce-woocommerce-product-filter 3.2 Subscriber+.Arbitrary.Option.Update CRITICAL" "product-visibility-by-country-for-woocommerce No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "premium-blocks-for-gutenberg 2.1.43 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "premium-blocks-for-gutenberg 2.1.34 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "premium-blocks-for-gutenberg 2.1.28 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "plugin-groups 2.0.7 Missing.Authorization.to.Unauthenticated.Denial.of.Service MEDIUM" "phonetrack-meu-site-manager No.known.fix Authenticated.Stored.XSS MEDIUM" "prenotazioni No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "pgs-core 5.9.0 Unauthenticated.PHP.Object.Injection CRITICAL" "pgs-core 5.9.0 Unauthenticated.SQL.Injection HIGH" "pgs-core 5.9.0 Missing.Authorization.via.Multiple.Functions HIGH" "photography-portfolio 1.4.9 Reflected.Cross-Site.Scripting MEDIUM" "pb-oembed-html5-audio-with-cache-support No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "postmash No.known.fix Reflected.Cross-Site.Scripting.via.m MEDIUM" "postmash No.known.fix Unauthenticated.SQL.Injection CRITICAL" "post-page-notes No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "product-filter-widget-for-elementor 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "pinterest-verify-meta-tag No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "payment-gateway-for-telcell 2.0.4 Unauthenticated.Open.Redirect MEDIUM" "postbox-email-logs 1.0.5 Missing.Authorization.to.Authenticated.(Subscriber+).Log.Export MEDIUM" "personalization-by-flowcraft No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "phastpress 1.111 Open.Redirect MEDIUM" "premmerce-woocommerce-variation-swatches 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-variation-swatches 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "premmerce-woocommerce-variation-swatches 1.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "pop-over-xyz No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pop-over-xyz No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pets 1.4.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "paypal-express-checkout No.known.fix Cross-Site.Request.Forgery MEDIUM" "payflex-payment-gateway 2.6.2 Open.Redirect MEDIUM" "payflex-payment-gateway 2.6.0 Missing.Authorization.to.Order.Status.Update MEDIUM" "post-block No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-block 6.0.1 Missing.Authorization.to.Authenticated.(Subscriber+).Shortcode.Export MEDIUM" "post-block 5.3.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "popup-builder 4.3.5 Admin+.Stored.XSS LOW" "popup-builder 4.3.7 Sensitive.Information.Exposure.via.Imported.Subscribers.CSV.File MEDIUM" "popup-builder 4.3.2 Missing.Authorization.in.Multiple.AJAX.Actions HIGH" "popup-builder 4.3.2 Missing.Authorization.and.Nonce.Exposure HIGH" "popup-builder 4.3.0 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Custom.JS MEDIUM" "popup-builder 4.2.7 Contributor.Stored.XSS MEDIUM" "popup-builder 4.2.6 Admin+.SSRF.&.File.Read MEDIUM" "popup-builder 4.2.3 Unauthenticated.Stored.XSS HIGH" "popup-builder 4.2.0 Admin+.Stored.Cross-Site.Scripting LOW" "popup-builder 4.1.12 Settings.Update.via.CSRF MEDIUM" "popup-builder 4.1.11 Admin+.Stored.Cross-Site.Scripting LOW" "popup-builder 4.1.1 Popup.Status.Change.via.CSRF MEDIUM" "popup-builder 4.1.1 SQL.Injection.to.Reflected.Cross-Site.Scripting MEDIUM" "popup-builder 4.0.7 Admin+.SQL.Injection MEDIUM" "popup-builder 4.0.7 LFI.to.RCE CRITICAL" "popup-builder 3.74 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "popup-builder 3.64.1 Multiple.Issues MEDIUM" "popup-builder 3.0 SQL.injection.via.PHP.Deserialization CRITICAL" "popup-builder 3.45 SQL.Injection CRITICAL" "png-to-jpg 4.1 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "productdyno 1.0.25 Reflected.Cross-Site.Scripting.via.'res'.Parameter MEDIUM" "productdyno 1.0.25 Reflected.Cross-Site.Scripting HIGH" "portugal-ctt-tracking-woocommerce 2.2 Reflected.Cross-Site.Scripting MEDIUM" "persian-fonts No.known.fix Admin+.Stored.XSS LOW" "pricingtable No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pmpro-member-directory 1.2.6 Member.Directory.Add.On.<.1.2.6.-.Contributor+.Sensitive.Information.Disclosure.and.SQLi MEDIUM" "protected-wp-login No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "postlists No.known.fix Reflected.XSS MEDIUM" "podamibe-twilio-private-call No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "product-subtitle-for-woocommerce 1.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.htmlTag.Parameter MEDIUM" "pdf-poster 2.1.22 Arbitrary.JavaScript.Execution MEDIUM" "pdf-poster 2.1.18 PDF.Embedder.Plugin.for.WordPress.<.2.1.18.-.Reflected.Cross-Site.Scripting MEDIUM" "publish-post-email-notification 1.0.2.4 Cross-Site.Request.Forgery MEDIUM" "publish-post-email-notification 1.0.2.3 Admin+.Stored.XSS LOW" "print-o-matic No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "print-o-matic No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "print-o-matic 2.1.8 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "print-o-matic 2.0.3 Admin+.Stored.Cross-Site.Scripting LOW" "product-carousel-slider-for-woocommerce No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "post-and-page-reactions No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "passwordless-login 1.1.3 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "playerjs 2.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "product-loops 1.7.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "page-specific-sidebars No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "pojo-forms 1.4.8 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution.via.form_preview_shortcode MEDIUM" "propertyshift No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "predict-when No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pagerestrict No.known.fix Unauthenticated.Protected.Post.Access MEDIUM" "pagerestrict No.known.fix Cross-Site.Request.Forgery.via.pr_admin_page MEDIUM" "password-protect-page 1.9.6 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "password-protect-page 1.9.0 .Protection.Mechanism.Bypass MEDIUM" "password-protect-page 1.8.6 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "personal-dictionary 1.3.4 Unauthenticated.SQLi HIGH" "posturinn 1.3.3 Reflected.XSS HIGH" "posts-search No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "posts-per-cat 1.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "paid-memberships-pro 3.0.6 Authenticated.(Administrator+).SQL.Injection CRITICAL" "paid-memberships-pro 3.0.5 Unauthenticated.Insecure.Direct.Object.Reference.to.Order.Status.Update MEDIUM" "paid-memberships-pro 3.0 Cross-Site.Request.Forgery.to.Membership.Modification MEDIUM" "paid-memberships-pro 3.0.2 Cross-Site.Request.Forgery MEDIUM" "paid-memberships-pro 3.0 Cross-Site.Request.Forgery MEDIUM" "paid-memberships-pro 2.12.9 Contributor+.Arbitrary.User.Custom.Field.Disclosure MEDIUM" "paid-memberships-pro 2.12.8 Cross-Site.Request.Forgery MEDIUM" "paid-memberships-pro 2.12.7 Information.Exposure.in.Debug.Logs MEDIUM" "paid-memberships-pro 2.12.6 Missing.Authorization.via.API MEDIUM" "paid-memberships-pro 2.12.4 Subscriber+.Arbitrary.File.Upload HIGH" "paid-memberships-pro 2.9.12 Subscriber+.SQL.Injection HIGH" "paid-memberships-pro 2.9.9 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "paid-memberships-pro 2.9.8 Unauthenticated.SQLi HIGH" "paid-memberships-pro 2.6.7 Unauthenticated.Blind.SQL.Injection CRITICAL" "paid-memberships-pro 2.6.6 Reflected.Cross-Site.Scripting HIGH" "paid-memberships-pro 2.5.10 Cross-Site.Scripting.(XSS) MEDIUM" "paid-memberships-pro 2.5.6 Authenticated.SQL.Injection MEDIUM" "paid-memberships-pro 2.5.3 Unauthorised.Order.Information.Disclosure MEDIUM" "paid-memberships-pro 2.5.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "paid-memberships-pro 2.4.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "paid-memberships-pro 2.4.3 Arbitrary.Settings.Update.via.CSRF MEDIUM" "paid-memberships-pro 2.3.3 Authenticated.SQL.Injection MEDIUM" "paid-memberships-pro 2.0.6 Authenticated.Open.Redirect MEDIUM" "provide-forex-signals No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pinblocks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pinblocks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "property 1.0.7 1.0.6.-.Missing.Authorization.to.Authenticated.(Author+).Privilege.Escalation.via.property_package_user_role.Metadata.in.PayPal.Registration HIGH" "poptin 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "portfolio-responsive-gallery 1.1.8 Authenticated.Blind.SQL.Injections HIGH" "portfolio-responsive-gallery 1.1.8 Reflected.Cross-Site.Scripting.(XSS) HIGH" "premium-blog-addons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "parsian-bank-gateway-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting HIGH" "popup-surveys No.known.fix Missing.Authorization MEDIUM" "plugnedit 6.2.0 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "pinterest-rss-widget No.known.fix Contributor+.Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "premmerce-woocommerce-product-bundles No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-product-bundles No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "post-lockdown 4.0.3 Missing.Authorization.to.Authenticated.(Subscriber+).Post.Disclosure MEDIUM" "paypal-promotions-and-insights No.known.fix Missing.Authorization MEDIUM" "pdf-builder-for-wpforms 1.2.117 Unauthenticated.Full.Path.Disclosure MEDIUM" "pdf-builder-for-wpforms 1.2.89 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "portfolio-slideshow No.known.fix Contributor+.XSS MEDIUM" "plugin-notes-plus 1.2.8 Authenticated.(Subscriber+).Arbitrary.Note.Deletion MEDIUM" "plugin-notes-plus 1.2.7 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "progress-planner 0.9.2 Missing.Authorization MEDIUM" "progress-planner 0.9.3 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "project-app No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "projectopia-core 5.1.18 Missing.Authorization MEDIUM" "projectopia-core 5.1.17 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Option.Deletion HIGH" "projectopia-core No.known.fix Unauthenticated.Privilege.Escalation.via.Account.Takeover CRITICAL" "projectopia-core 5.1.8 Missing.Authorization.to.Privilege.Escalation.via.pto_reset_password() CRITICAL" "projectopia-core 5.1.5 Reflected.Cross-Site.Scripting MEDIUM" "projectopia-core 5.0.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "propovoice-pro No.known.fix Unauthenticated.SQL.Injection CRITICAL" "profit-products-tables-for-woocommerce 1.0.6.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "profit-products-tables-for-woocommerce 1.0.6.8 .Unauthenticated.Arbitrary.Filter.Call HIGH" "profit-products-tables-for-woocommerce 1.0.6.7 Reflected.Cross-Site.Scripting MEDIUM" "profit-products-tables-for-woocommerce 1.0.6.6 Unauthenticated.Arbitrary.Shortcode.Execution.via.woot_get_smth HIGH" "profit-products-tables-for-woocommerce 1.0.6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.woot_button.Shortcode MEDIUM" "profit-products-tables-for-woocommerce 1.0.6.4 Reflected.Cross-Site.Scripting MEDIUM" "profit-products-tables-for-woocommerce 1.0.6.3 Missing.Authorization MEDIUM" "profit-products-tables-for-woocommerce 1.0.6.2 Cross-Site.Request.Forgery MEDIUM" "profit-products-tables-for-woocommerce 1.0.6.2 Missing.Authorization MEDIUM" "profit-products-tables-for-woocommerce 1.0.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "profit-products-tables-for-woocommerce 1.0.6.1 Unauthenticated.PHP.Object.Injection CRITICAL" "profit-products-tables-for-woocommerce 1.0.5 Reflected.Cross-Site-Scripting MEDIUM" "profit-products-tables-for-woocommerce 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "pi-woocommerce-order-date-time-and-type 3.0.20 Admin+.Stored.XSS LOW" "pixelyoursite-pro 10.4.3 Unauthenticated.Information.Exposure.and.Log.Deletion MEDIUM" "pixelyoursite-pro 9.6.2 Admin+.Stored.Cross-Site.Scripting LOW" "phone-orders-for-woocommerce 3.7.2 Subscriber+.Sensitive.Data.Exposure MEDIUM" "pixabay-images No.known.fix Authenticated.(Author+).Arbitrary.File.Upload HIGH" "post-highlights 2.6.1 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "portfolio-manager-powered-by-behance No.known.fix Missing.Authorization MEDIUM" "portfolio-manager-powered-by-behance No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "portfolio-manager-powered-by-behance No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "picture-gallery No.known.fix Unauthenticated.Stored.XSS HIGH" "picture-gallery 1.5.20 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "picture-gallery 1.5.23 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.videowhisper_picture_upload_guest.Shortcode MEDIUM" "picture-gallery 1.5.12 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "picture-gallery 1.4.4 Authenticated.Stored.XSS LOW" "pathomation No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pathomation No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "passwords-manager 1.5.1 Unauthenticated.SQL.Injection HIGH" "passwords-manager 1.5.1 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "passwords-manager 1.5.1 Missing.Authorization.to.Authenticated.(Subscriber+).Add.Password.+.Update.Encryption.Key HIGH" "peters-custom-anti-spam-image 3.2.4 Cross-Site.Request.Forgery.via.cas_register_post.Function MEDIUM" "peters-custom-anti-spam-image 3.2.3 Reflected.XSS HIGH" "portfolio 2.40 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "pdfjs-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "quickswish 1.1.0 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "quick-count No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "qodeblock No.known.fix Missing.Authorization MEDIUM" "qodeblock No.known.fix Missing.Authorization.to.Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "quiz-cat 3.0.9 Missing.Authorization MEDIUM" "quiz-cat 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "quick-license-manager 2.4.18 Reflected.Cross-Site.Scripting MEDIUM" "quttera-web-malware-scanner 3.4.2.1 Admin+.Path.Traversal MEDIUM" "quttera-web-malware-scanner 3.4.2.1 Directory.Listing.to.Sensitive.Data.Exposure MEDIUM" "quasar-form No.known.fix Subscriber+.SQLi HIGH" "quform 2.21.0 WordPress.Form.Builder.<.2.21.0.-.Unauthenticated.Sensitive.Information.Exposure MEDIUM" "quiz-tool-lite No.known.fix Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "quietly-insights No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "question-answer No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "question-answer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "question-answer No.known.fix Missing.Authorization MEDIUM" "quiz-expert No.known.fix Cross-Site.Request.Forgery MEDIUM" "quickcab No.known.fix Missing.Authorization MEDIUM" "quickcal No.known.fix Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "quickcal No.known.fix Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "qode-essential-addons 1.6.4 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "qode-essential-addons 1.5.3 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Plugin.Installation/Activation MEDIUM" "quick-localization No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "quote-comments No.known.fix Stored.XSS.via.CSRF HIGH" "quick-adsense 2.8.2 Subscriber+.Post.Stats.Reset MEDIUM" "quiz-maker 6.6.8.8 Unauthenticated.SQL.Injection HIGH" "quiz-maker 21.8.0.100 Unauthenticated.SQL.Injection.via.id HIGH" "quiz-maker 8.8.0.100 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "quiz-maker 31.8.0.100 Unauthenticated.Stored.XSS HIGH" "quiz-maker 8.8.0.100 Reflected.DOM.XSS.via.content HIGH" "quiz-maker 21.8.0.100 Reflected.DOM.XSS.via.content HIGH" "quiz-maker 31.8.0.100 Unauthenticated.SQL.Injection.via.id HIGH" "quiz-maker 31.8.0.100 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "quiz-maker 8.8.0.100 Unauthenticated.Stored.XSS HIGH" "quiz-maker 21.8.0.100 Unauthenticated.Stored.XSS HIGH" "quiz-maker 31.8.0.100 Reflected.DOM.XSS.via.content HIGH" "quiz-maker 8.8.0.100 Unauthenticated.SQL.Injection.via.id HIGH" "quiz-maker 21.8.0.100 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "quiz-maker 6.5.9.9 Admin+.Stored.XSS LOW" "quiz-maker 6.5.8.4 Unauthenticated.SQL.Injection.via.'ays_questions'.Parameter CRITICAL" "quiz-maker 6.5.2.5 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Quiz.Creation.&.Modification MEDIUM" "quiz-maker 6.5.2.5 Missing.Authorization.to.Unauthenticated.Quiz.Data.Retrieval MEDIUM" "quiz-maker 6.5.0.6 Denial.of.Service MEDIUM" "quiz-maker 6.5.1.2 Missing.Authorization MEDIUM" "quiz-maker 6.4.9.5 Unauthenticated.Email.Address.Disclosure MEDIUM" "quiz-maker 6.4.9.5 Reflected.Cross-Site.Scripting HIGH" "quiz-maker 6.4.2.7 Reflected.XSS MEDIUM" "quiz-maker 6.2.0.9 Multiple.Authenticated.Blind.SQL.Injections HIGH" "quick-restaurant-menu 2.1.0 Subscriber+.Arbitrary.Post.Deletion/Updating MEDIUM" "quick-restaurant-menu 2.1.0 .Menu.Items.Update.via.CSRF MEDIUM" "quick-restaurant-menu 2.1.0 Admin+.Stored.XSS LOW" "qr-code-tag No.known.fix Contributor+.Stored.XSS MEDIUM" "qr-redirector 1.6 Subscriber+.Arbitrary.QR.Redirect.Response.Status.Update MEDIUM" "qr-redirector 1.6.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "qr-master No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "q2w3-post-order No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "quick-code No.known.fix Stored.XSS.via.CSRF HIGH" "quick-restaurant-reservations 1.5.5 CSRF MEDIUM" "quick-restaurant-reservations 1.4.2 Reflected.Cross-Site.Scripting MEDIUM" "qi-addons-for-elementor 1.8.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "qi-addons-for-elementor 1.8.1 Sensitive.Information.Exposure MEDIUM" "qi-addons-for-elementor 1.7.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "qi-addons-for-elementor 1.7.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Widget MEDIUM" "qi-addons-for-elementor 1.7.1 Contributor+.Stored.XSS MEDIUM" "qi-addons-for-elementor 1.6.8 Contributor+.Stored.XSS MEDIUM" "qi-addons-for-elementor 1.6.4 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "qi-addons-for-elementor 1.6.5 Contributor+.Stored.XSS MEDIUM" "querywall No.known.fix Admin+.SQLi MEDIUM" "quran-shortcode No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "quotes-and-tips 1.45 Admin+.Arbitrary.File.Upload MEDIUM" "quotes-and-tips 1.32 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "quotes-and-tips 1.20 Cross-Site.Scripting.(XSS) MEDIUM" "qa-heatmap-analytics 4.1.1.2 Unauthenticated.Settings.Update MEDIUM" "qr-code-tag-for-wc-from-goaskle-com No.known.fix Cross-Site.Request.Forgery MEDIUM" "qtranslate-slug No.known.fix CSRF.Bypass.in.Multiple.Plugins MEDIUM" "qtranslate-slug No.known.fix Cross-Site.Request.Forgery MEDIUM" "qs-dark-mode No.known.fix Missing.Authorization MEDIUM" "qs-dark-mode 3.0 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "quote-me No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "qqworld-auto-save-images No.known.fix Missing.Authorization.to.Arbitrary.Post.Content.Retrieval MEDIUM" "quotemedia-tools No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "quick-contact-form 8.2.2 Reflected.Cross-Site.Scripting MEDIUM" "quick-contact-form 8.0.6.8 Reflected.Cross-Site.Scripting MEDIUM" "quick-contact-form 8.0.4 Admin+.Stored.XSS LOW" "quick-contact-form 8.0.4 Contributor+.Stored.XSS MEDIUM" "quick-contact-form 8.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "qubotchat 1.1.6 Unauthenticated.Stored.XSS HIGH" "qubotchat 1.1.6 Qubotchat.<.1,1,6.–.Admin+.Stored.XSS LOW" "quick-pagepost-redirect-plugin 5.2.4 Admin+.Stored.XSS LOW" "quick-pagepost-redirect-plugin 5.2.0 Authenticated.Settings.Update CRITICAL" "qr-code-composer 2.0.4 Subscriber+.Stored.XSS HIGH" "qt-kentharadio 2.0.2 Unauthenticated.RFI.and.SSRF MEDIUM" "qr-twitter-widget No.known.fix Contributor+.Stored.XSS MEDIUM" "quickiebar No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "qode-twitter-feed 2.0.1 Open.Redirect HIGH" "quentn-wp 1.2.9 Unauthenticated.SQL.Injection HIGH" "quentn-wp 1.2.9 Unauthenticated.Privilege.Escalation CRITICAL" "quizzin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "quick-audio-player No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "quick-audio-player No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "qe-seo-handyman No.known.fix Admin+.SQLi MEDIUM" "qe-seo-handyman No.known.fix Admin+.SQLi MEDIUM" "quote-post-type-plugin No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "qyrr-code 1.4.4 Reflected.Cross-Site.Scripting MEDIUM" "qyrr-code 0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "qyrr-code 0.7 Authenticated.(contributor+).Stored.XSS MEDIUM" "quizlord No.known.fix Admin+.Stored.XSS LOW" "quote-o-matic No.known.fix Admin+.SQLi MEDIUM" "qubely 1.8.14 Contributor+.Sensitive.Information.Exposure LOW" "qubely 1.8.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'align'.and.'UniqueID' MEDIUM" "qubely 1.8.6 Unauthenticated.Arbitrary.E-mail.Sending MEDIUM" "qubely 1.8.5 Contributor+.Stored.XSS MEDIUM" "qubely 1.8.1 Authenticated.Arbitrary.Settings.Update MEDIUM" "qubely 1.7.8 Subscriber+.Arbitrary.Post.Deletion MEDIUM" "qrcode-wprhe No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "quick-affiliate-store No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "quran-phrases-about-most-people-shortcodes 1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "quick-chat No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "quick-chat No.known.fix Authenticated.Stored.Cross-Site.Scripting HIGH" "quick-chat 4.00 SQL.Injection CRITICAL" "quicksand-jquery-post-filter No.known.fix Missing.Authorization.via.quicksand_admin_ajax CRITICAL" "quicksand-jquery-post-filter No.known.fix Cross-Site.Request.Forgery.via.renderAdmin MEDIUM" "quick-featured-images 13.7.1 Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.Thumbnail.Deletion/Setting MEDIUM" "quillforms 4.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "quillforms 3.8.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "quillforms 3.4.0 Cross-Site.Request.Forgery MEDIUM" "quotes-for-woocommerce 2.0.2 Quote.Status.Update./.Quote.Sending.via.CSRF MEDIUM" "quotes-for-woocommerce 2.0.2 Missing.Authorization MEDIUM" "q2w3-inc-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "quiz-organizer No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "qi-blocks 1.4 Contributor+.Stored.XSS.via.ToC.Block MEDIUM" "qi-blocks 1.4 Contributor+.Stored.XSS.via.Counter.Block MEDIUM" "qi-blocks 1.4 Contributor+.Stored.XSS.vi.Countdown.Block MEDIUM" "qi-blocks 1.3.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "qi-blocks 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "qi-blocks 1.3.0 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "qrmenu-lite No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "qmean No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "quote-press No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "quote-press No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "quote-tweet No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "query-wrangler 1.5.55 Cross-Site.Request.Forgery MEDIUM" "query-wrangler 1.5.52 Reflected.XSS HIGH" "quick-edit-template-link No.known.fix Cross-Site.Request.Forgery MEDIUM" "quote-requests-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "quote-requests-for-woocommerce 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "quotes-collection No.known.fix Admin+.SQL.Injection MEDIUM" "quotes-collection 2.0.6 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "quick-orders-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "quick-orders-for-woocommerce No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "quadmenu 3.2.1 Cross-Site.Request.Forgery.to.Limited.User.Meta.Update MEDIUM" "quadmenu 2.0.7 Unauthenticated.RCE.via.compiler_save CRITICAL" "quick-event-calendar No.known.fix Cross-Site.Request.Forgery MEDIUM" "qc-simple-link-directory No.known.fix Missing.Authorization MEDIUM" "qards No.known.fix Server.Side.Request.Forgery.(SSRF) MEDIUM" "quick-learn No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "qode-instagram-widget 2.0.2 Open.Redirect HIGH" "qtranslate-x No.known.fix Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "qtranslate-x 3.4.4 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "quiz-master-next 9.2.1 Author+.Stored.XSS MEDIUM" "quiz-master-next 9.1.3 Author+.Stored.XSS MEDIUM" "quiz-master-next 9.1.1 Contributor+.Stored.XSS MEDIUM" "quiz-master-next 9.1.0 Contributor+.Stored.XSS MEDIUM" "quiz-master-next 9.0.5 Contributor+.Stored.XSS MEDIUM" "quiz-master-next 9.0.2 Contributor+.SQLi MEDIUM" "quiz-master-next 9.0.2 Contributor+.Stored.XSS MEDIUM" "quiz-master-next 9.0.2 Authenticated.(Contributor+).SQL.Injection CRITICAL" "quiz-master-next 8.2.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "quiz-master-next 8.1.17 Unauthenticated.Unauthorised.Action MEDIUM" "quiz-master-next 8.1.19 Quiz.Results.Deletion.via.CSRF MEDIUM" "quiz-master-next 8.1.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "quiz-master-next 8.1.19 Multiple.Cross-Site.Request.Forgery MEDIUM" "quiz-master-next 8.1.16 Cross-Site.Request.Forgery.via.'display_results' MEDIUM" "quiz-master-next 8.1.11 Contributor+.Stored.XSS MEDIUM" "quiz-master-next 8.0.8 Text.Message.Setting.Update.via.CSRF MEDIUM" "quiz-master-next 8.0.9 Unauthenticated.Arbitrary.Media.File.Delete MEDIUM" "quiz-master-next 8.0.5 Improper.Input.Validation MEDIUM" "quiz-master-next 8.0.5 Unauthenticated.iFrame.Injection HIGH" "quiz-master-next 7.3.7 Multiple.Author+.IDOR LOW" "quiz-master-next 7.3.11 Sensitive.Information.Disclosure MEDIUM" "quiz-master-next 7.3.11 Subscriber+.XSS MEDIUM" "quiz-master-next 7.3.5 Admin+.SQL.Injection MEDIUM" "quiz-master-next 7.3.5 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "quiz-master-next 7.3.5 Contributor+.Stored.XSS MEDIUM" "quiz-master-next 7.3.11 Bypass MEDIUM" "quiz-master-next 7.3.5 Reflected.Cross-Site.Scripting MEDIUM" "quiz-master-next 7.3.5 Quiz.Update.via.IDOR LOW" "quiz-master-next 7.3.7 CSRF MEDIUM" "quiz-master-next 7.3.7 Low.Privilege.Stored.Cross-Site.Scripting MEDIUM" "quiz-master-next 7.3.7 Reflected.Cross-Site.Scripting MEDIUM" "quiz-master-next 7.3.2 Admin+.Stored.Cross-Site.Scripting LOW" "quiz-master-next 7.1.14 Reflected.Cross-Site.Scripting HIGH" "quiz-master-next 7.1.18 Reflected.Cross-Site.Scripting.(XSS) HIGH" "quiz-master-next 7.1.19 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "quiz-master-next 7.1.14 Authenticated.SQL.injection.via.Rest.API HIGH" "quiz-master-next 7.1.12 Authenticated.SQL.injection.via.shortcode HIGH" "quiz-master-next 7.0.2 Unauthenticated.Arbitrary.File.Upload HIGH" "quiz-master-next 7.0.1 Unauthenticated..Arbitrary.File.Deletion CRITICAL" "quiz-master-next 7.0.1 Arbitrary.File.Upload CRITICAL" "quiz-master-next 7.0.0 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "quiz-master-next 6.3.5 Authenticated.Reflected.XSS HIGH" "quiz-master-next 6.2.2 Authenticated.Cross-Site.Scripting.(XSS) HIGH" "quiz-master-next 4.7.9 Stored.Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "quiz-master-next 4.4.4 Authenticated.Blind.SQL.Injection MEDIUM" "quick-paypal-payments 5.7.28 Reflected.Cross-Site.Scripting MEDIUM" "quick-paypal-payments 5.7.26.4 Admin+.Stored.XSS LOW" "quick-paypal-payments 5.7.26 Contributor+.Stored.XSS MEDIUM" "quick-paypal-payments 5.7.26 Unauthenticated.Stored.XSS HIGH" "quick-paypal-payments 5.7.26 Unauthenticated.Payment.Message.Deletion/Update MEDIUM" "quick-paypal-payments 5.7.26 Admin+.Stored.XSS LOW" "quick-paypal-payments 5.7.22 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "qr-code-and-barcode-scanner-reader No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "quick-interest-slider No.known.fix Contributor+.Stored.XSS MEDIUM" "quick-interest-slider 2.9.5 Cross-Site.Request.Forgery MEDIUM" "quick-interest-slider 2.9.4 Admin+.Stored.XSS LOW" "quick-view-and-buy-now-for-woocommerce 1.5.9 Authenticated.(Shop.manager+).Stored.Cross-Site.Scripting.via.Custom.CSS.Code MEDIUM" "quick-adsense-reloaded 2.0.88 Unauthenticated.SQL.Injection HIGH" "quick-adsense-reloaded 2.0.88 Missing.Authorization MEDIUM" "quick-adsense-reloaded 2.0.85 Missing.Authorization MEDIUM" "quran-text-multilanguage 2.3.24 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "quran-text-multilanguage 2.3.22 Reflected.Cross-Site.Scripting.via.sourate.and.lang.Parameters MEDIUM" "quick-subscribe No.known.fix Arbitrary.Settings.Update.via.CSRF.to.Stored.XSS MEDIUM" "quotes-llama 3.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "quotes-llama 3.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "quotes-llama 3.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "quotes-llama 1.0.0 Admin+.Stored.Cross-Site.Scripting LOW" "quick-event-manager 9.8.5.3 Reflected.Cross-Site.Scripting MEDIUM" "quick-event-manager 9.6.5 Admin+.Stored.XSS LOW" "quick-event-manager 9.7.5 Registration.Deletion/Update.via.CSRF MEDIUM" "quick-event-manager 9.7.5 Unauthenticated.Stored.XSS HIGH" "quick-event-manager 9.7.5 Reflected.Cross-Site HIGH" "quick-event-manager 9.2.17 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "qwiz-online-quizzes-and-flashcards 3.62 Admin+.Stored.Cross.Site.Scripting LOW" "quick-call-button No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "remove-wp-update-nags 1.5.0 Reflected.Cross-Site.Scripting MEDIUM" "remove-wp-update-nags 1.4.0 Subscriber+.Arbitrary.Option.Update CRITICAL" "riovizual No.known.fix Cross-Site.Request.Forgery MEDIUM" "recipes-writer No.known.fix XSS MEDIUM" "responsive-accordion-tabs 1.4.3 Reflected.Cross-Site.Scripting MEDIUM" "redux-converter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "rescue-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rescue-shortcodes 3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.rescue_progressbar.Shortcode MEDIUM" "rescue-shortcodes 2.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "rescue-shortcodes 2.6 Contributor+.Stored.XSS MEDIUM" "responsive-tabs 4.0.11 Contributor+.Stored.XSS MEDIUM" "responsive-tabs 4.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive-tabs 4.0.7 Contributor+.Stored.XSS MEDIUM" "responsive-tabs 2.2.7 Editor+.Stored.Cross-Site.Scripting MEDIUM" "responsive-tabs 4.0.6 Authenticated.(Contributor+).Content.Injection MEDIUM" "responsive-tabs 4.0.6 Author+.Stored.Cross-Site.Scripting MEDIUM" "responsive-video No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "review-buddypress-groups 2.8.4 Subscriber+.Arbitrary.Settings.Update.&.Review.Modification MEDIUM" "review-buddypress-groups 2.8.1 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "robin-image-optimizer 1.7.0 Missing.Authorization MEDIUM" "responsive-owl-carousel-elementor 1.2.1 Local.File.Inclusion HIGH" "revive-so No.known.fix Missing.Authorization MEDIUM" "review-widgets-for-capterra 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "report-broken-links No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "report-broken-links No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "remove-footer-credit 1.0.14 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "remove-footer-credit 1.0.11 Admin+.Stored.Cross-Site.Scripting LOW" "remove-footer-credit 1.0.6 CSRF.to.Stored.Cross-Site.Scripting HIGH" "radio-forge No.known.fix Reflected.Cross-Site.Scripting HIGH" "rccp-free No.known.fix Stored.XSS.via.CSRF HIGH" "rs-wp-books-showcase No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "rs-wp-books-showcase No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "reservation-studio-widget 1.0.12 Admin+.Stored.XSS LOW" "reservation-studio-widget 1.0.12 Cross-Site.Request.Forgery MEDIUM" "rsfirewall 1.1.25 IP.Block.Bypass MEDIUM" "rss-filter No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "remove-schema 1.6 Cross-Site.Request.Forgery MEDIUM" "remove-schema 1.6 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "rvg-optimize-database 5.1 Missing.Authorization.via.'odb_csv_download' MEDIUM" "rvg-optimize-database 5.1.1 Database.Optimization.via.CSRF MEDIUM" "rover-idx 3.0.0.2905 Authenticated.(Subscriber+).Missing.Authorization.via.Multiple.Functions MEDIUM" "rover-idx 3.0.0.2906 Authenticated.(Subscriber+).Authentication.Bypass.to.Administrator HIGH" "remove-cpt-base 5.9 CPT.Deletion.via.CSRF MEDIUM" "rapidexpcart No.known.fix Stored.XSS.via.CSRF CRITICAL" "rotating-posts No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "roi-calculator 1.1 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "retain No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "rrdevs-for-elementor No.known.fix Authenticated.(Contributor+).Post.Disclosure MEDIUM" "rrdevs-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "related-posts 1.8.2 XSS MEDIUM" "reviewx 1.6.29 Insufficient.Rating.Validation MEDIUM" "reviewx 1.6.28 Missing.Authorization MEDIUM" "reviewx 1.6.22 Missing.Authorization MEDIUM" "reviewx 1.6.23 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "reviewx 1.6.14 Subscriber+.Privilege.Escalation HIGH" "reviewx 1.6.4 Subscriber+.SQLi HIGH" "reviewx 1.2.9 Unauthorised.AJAX.call.via.CSRF MEDIUM" "ruby-help-desk 1.3.4 Subscriber+.Ticket.Update.via.IDOR MEDIUM" "revampcrm-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "rating-widget 3.2.0 Reflected.Cross-Site.Scripting MEDIUM" "rating-widget 3.2.1 Contributor+.Stored.XSS MEDIUM" "rating-widget 3.1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rock-form-builder 2.5 Privilege.Escalation HIGH" "real-cookie-banner-pro 5.1.6 Admin+.Stored.XSS LOW" "reusable-text-blocks No.known.fix Author+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "rocket-addons No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "root-cookie No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "rock-convert 3.0.0 Admin+.Stored.XSS LOW" "rock-convert 2.6.0 Reflected.Cross-Site.Scripting MEDIUM" "rock-convert 2.11.0 Admin+.Stored.Cross-Site.Scripting LOW" "rewp 1.0.2 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "rise-blocks 3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.TitleTag.Parameter MEDIUM" "rise-blocks 3.2 Cross-Site.Request.Forgery MEDIUM" "redirect-after-login No.known.fix Admin+.Stored.XSS LOW" "rss-icon-widget No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "relevanssi-live-ajax-search 2.5 Unauthenticated.WP_Query.Argument.Injection MEDIUM" "reviews-widgets-for-yelp 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "radio-buttons-for-taxonomies 2.0.6 Cross-Site.Request.Forgery MEDIUM" "radio-buttons-for-taxonomies 2.0.6 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "reglevel No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "rustolat No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "randomtext No.known.fix Subscriber+.SQLi HIGH" "rsvpmaker 11.5.7 Authenticated.(Contributor+).SQL.Injection MEDIUM" "rsvpmaker No.known.fix Unauthenticated.SQL.Injection HIGH" "rsvpmaker 11.4.6 Missing.Authorization MEDIUM" "rsvpmaker 10.6.7 Improper.Neutralization.of.Special.Elements.used.in.an.SQL.Command.('SQL.Injection') LOW" "rsvpmaker 9.9.4 Improper.Neutralization.of.Special.Elements.used.in.an.SQL.Command.('SQL.Injection') CRITICAL" "rsvpmaker 10.6.7 Admin+.Stored.XSS HIGH" "rsvpmaker 10.6.7 Unauthenticated.PHP.Object.Injection HIGH" "rsvpmaker 10.6.7 Unauthenticated.Stored.XSS HIGH" "rsvpmaker 10.5.5 Admin+.SQL.Injection.(SQLi) HIGH" "rsvpmaker 9.2.7 Unauthenticated.SQLi MEDIUM" "rsvpmaker 9.2.6 Unauthenticated.SQLi CRITICAL" "rsvpmaker 8.7.3 Authenticated.(admin+).SSRF HIGH" "rsvpmaker 7.8.2 Unauthenticated.SQL.Injection HIGH" "rsvpmaker 6.2 SQL.Injection CRITICAL" "responsive-lightbox2 1.0.4 Contributor+.Stored.XSS MEDIUM" "responsive-lightbox2 1.0.3 Authenticated.Stored.Cross-Site.Scripting LOW" "remove-add-to-cart-button-for-woocommerce 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "remove-add-to-cart-button-for-woocommerce 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "realtyna-provisioning 1.2.3 Reflected.Cross-Site.Scripting MEDIUM" "real3d-flipbook-lite 4.8.5 Authenticated.(Author+).Arbitrary.File.Upload HIGH" "real3d-flipbook-lite 3.72 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "real3d-flipbook-lite 3.63 Reflected.Cross-Site.Scripting MEDIUM" "review-wave-google-places-reviews No.known.fix Cross-Site.Request.Forgery MEDIUM" "rara-one-click-demo-import 1.3.0 Arbitrary.File.Upload.via.CSRF HIGH" "read-more-login No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "responsive-video-embed 0.5.1 Contributor+.Stored.XSS MEDIUM" "rss-control 3.0.8 Reflected.Cross-Site.Scripting MEDIUM" "rss-control 2.0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "restricted-content 2.2.9 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "restricted-content 2.2.5 Reflected.XSS HIGH" "restricted-content 2.1.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "reset 1.7 Cross-Site.Request.Forgery.to.Database.Reset HIGH" "recently 3.0.5 Authenticated.Code.Injection HIGH" "recently 3.0.5 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "recaptcha-jetpack No.known.fix Cross-Site.Request.Forgery MEDIUM" "recaptcha-jetpack No.known.fix Settings.Update.via.CSRF MEDIUM" "recaptcha-jetpack No.known.fix Stored.XSS.via.CSRF HIGH" "random-quotes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "related-posts-via-taxonomies No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "resermy No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "resermy No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "resermy No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "related-videos-for-jw-player No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "redirect-to-welcome-or-landing-page No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "request-a-quote 2.4.1 Admin+.Stored.XSS LOW" "request-a-quote 2.3.9 Admin+.Stored.Cross-Site.Scripting LOW" "request-a-quote 2.3.9 Admin+.Stored.Cross-Site.Scripting LOW" "request-a-quote 2.3.4 Authenticated.Stored.XSS MEDIUM" "read-more-copy-link No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "resume-builder No.known.fix Subscriber+.Stored.XSS HIGH" "right-click-disable-or-ban 1.2.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "registered-user-sync-activecampaign No.known.fix Missing.Authorization MEDIUM" "random-sorting-order-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "random-sorting-order-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "random-sorting-order-for-woocommerce No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "rocket-font No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "review-stream 1.6.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "review-stream 1.6.6 Admin+.Stored.XSS LOW" "recent-backups No.known.fix Remote.File.Download HIGH" "recurwp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "recurwp No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "revslider 6.7.19 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "revslider 6.7.14 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "revslider 6.7.11 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Add.Layer.class,.id,.and.title.Attributes MEDIUM" "revslider 6.7.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Elementor.wrapperid.and.zindex MEDIUM" "revslider 6.7.0 Missing.Authorization MEDIUM" "revslider 6.7.11 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "revslider 6.7.8 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.htmltag.Parameter MEDIUM" "revslider 6.7.0 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "revslider 6.6.19 Author+.Insecure.Deserialization.leading.to.RCE HIGH" "revslider 6.6.16 Authenticated.(Author+).Arbitrary.File.Upload HIGH" "revslider 6.6.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "revslider 6.6.13 Author+.Remote.Code.Execution MEDIUM" "revslider 4.1.5 Local.File.Disclosure HIGH" "revslider 3.0.96 WordPress.Slider.Revolution.Shell.Upload CRITICAL" "read-more-excerpt-link 1.6.1 Settings.Update.via.CSRF MEDIUM" "read-more-excerpt-link 1.6.1 Settings.Update.via.CSRF MEDIUM" "revy No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "revy No.known.fix Unauthenticated.SQL.Injection HIGH" "revy No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "role-based-bulk-quantity-pricing 1.1.7 Reflected.Cross-Site.Scripting MEDIUM" "reviewpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "reviewpress No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "reviewpress No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "ragic-shortcode 1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "require-taxonomy-image-category-tag 1.27 Reflected.Cross-Site.Scripting MEDIUM" "real-estate-listing-realtyna-wpl 4.14.14 Admin+.Arbitrary.File.Upload MEDIUM" "real-estate-listing-realtyna-wpl 4.14.8 Reflected.XSS HIGH" "real-estate-listing-realtyna-wpl 4.14.8 Unauthenticated.SQLi HIGH" "restaurantconnect-reswidget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "rebuild-permalinks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "rich-snippets-vevents No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.Options.Update HIGH" "responsivevoice-text-to-speech 1.7.7 Contributor+.Stored.XSS MEDIUM" "realty-workstation No.known.fix Missing.Authorization MEDIUM" "realty-workstation No.known.fix Authentication.Bypass.to.Account.Takeover CRITICAL" "realty-workstation 1.0.15 Agent.SQLi HIGH" "rankology-seo-all-in-one-seo-analytics 2.2.5 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "responsive-cookie-consent 1.8 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "rimons-twitter-widget 1.3 XSS MEDIUM" "redirects No.known.fix Missing.Authorization.via.save MEDIUM" "redirects No.known.fix Missing.Authorization MEDIUM" "rss-in-page No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "realty 1.1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "realty 1.1.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "rss-import No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "raisely-donation-form 1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.raisely_donation_form.Shortcode MEDIUM" "robotcpa No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "responsive-youtube-videos No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "review-widgets-for-szallas-hu 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "reservit-hotel 3.0 Admin+.Stored.XSS LOW" "ruven-toolkit No.known.fix tinymce/popup.php.popup.Parameter.Reflected.XSS MEDIUM" "rps-include-content 1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "reviews-plus 1.3.5 Missing.Authorization.to.Notice.Dismissal MEDIUM" "reviews-plus 1.2.14 Subscriber+.Reviews.DoS LOW" "rankbear No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "rankbear No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "recapture-for-woocommerce 1.0.44 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "rw-divi-unite-gallery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "rw-divi-unite-gallery No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rw-divi-unite-gallery No.known.fix Security.Bypass.via.Outdated.Freemius CRITICAL" "real-estate-pro 1.7.1 Subscriber+.Privilege.Escalation CRITICAL" "restropress No.known.fix Reflected.Cross-Site.Scripting HIGH" "restropress No.known.fix Missing.Authorization MEDIUM" "restropress 3.1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "restropress 3.1.2.1 Cross-Site.Request.Forgery.via.rpress_orders_list_table_process_bulk_actions MEDIUM" "restropress 2.8.3 Cart.Manipulation.via.CSRF MEDIUM" "restropress 2.8.3.1 Unauthorised.AJAX.Calls HIGH" "redirect-404-error-page-to-homepage-or-custom-page 1.8.8 Authenticated.(Administrator+).SQL.Injection HIGH" "redirect-404-error-page-to-homepage-or-custom-page 1.8.0 Reflected.Cross-Site.Scripting MEDIUM" "redirect-404-error-page-to-homepage-or-custom-page 1.7.9 Log.Deletion.via.CSRF MEDIUM" "responsive-gallery-grid 2.3.15 Admin+.Stored.XSS LOW" "responsive-gallery-grid 2.3.11 Admin+.Stored.XSS LOW" "responsive-gallery-grid 2.3.14 Settings.Update.via.CSRF MEDIUM" "responsive-gallery-grid 2.3.9 Contributor+.Stored.XSS MEDIUM" "restrict-file-access No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Read MEDIUM" "rsvpmaker-excel No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "razorpay-payment-button-elementor 1.2.6 Reflected.Cross-Site.Scripting MEDIUM" "really-simple-under-construction No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "reviewstap 1.1.3 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "responsify-wp No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "rsvp 2.7.15 Authenticated.(Administrator+).SQL.Injection MEDIUM" "rsvp 2.7.14 Missing.Authorization MEDIUM" "rsvp 2.7.8 Unauthenticated.Entries.Export HIGH" "rsvp 2.7.5 Reflected.Cross-Site.Scripting MEDIUM" "rsvp 2.3.8 XSS MEDIUM" "rometheme-for-elementor 1.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rometheme-for-elementor 1.5.5 Authenticated.(Subscriber+).Arbitrary.Plugin.Installation/Activation HIGH" "rometheme-for-elementor 1.5.3 Missing.Authorization MEDIUM" "rometheme-for-elementor 1.5.3 Contributor+.Sensitive.Information.Exposure.via.Elementor.Templates MEDIUM" "rometheme-for-elementor 1.5.4 Missing.Authorization.in.save_options.and.reset_widgets MEDIUM" "rometheme-for-elementor 1.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rometheme-for-elementor 1.4.2 Missing.Authorization MEDIUM" "rometheme-for-elementor 1.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rolo-slider No.known.fix Missing.Authorization.to.Authenticated(Subscriber+).Settings.Change MEDIUM" "rsv-google-maps No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "reach-us-contact-form No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "reach-us-contact-form No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "reach-us-contact-form No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "rich-event-timeline No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "relentlosoftware No.known.fix Missing.Authorization MEDIUM" "rss-news-scroller No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ra-qrcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "review-widgets-for-tripadvisor 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "responsive-client-logo-carousel-slider 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rsvp-me No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "rsvp-me No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "rsvp-me No.known.fix Unauthenticated.SQL.Injection HIGH" "reactive-mortgage-calculator No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "real-kit No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "real-kit 5.1.1 Contributor+.Stored.XSS MEDIUM" "real-time-validation-for-gravity-forms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "real-time-validation-for-gravity-forms No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "real-time-validation-for-gravity-forms No.known.fix Cross-Site.Request.Forgery MEDIUM" "related-post-shortcode No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "responsive-facebook-and-twitter-widget No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rio-photo-gallery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "runners-log No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "read-more-without-refresh 3.2 Admin+.Stored.Cross-Site.Scripting LOW" "related-posts-line-up-exactry-by-milliard No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "reftagger-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive-addons-for-elementor 1.6.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'rael_title_tag' MEDIUM" "responsive-addons-for-elementor 1.6.9 Authenticated.(Contributor+).Sensitive.Information.Exposure MEDIUM" "responsive-addons-for-elementor 1.6.5 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "responsive-addons-for-elementor 1.6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive-addons-for-elementor 1.6.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "repayment-calculator No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "raphicon No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rng-refresh No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "really-simple-ssl-pro 9.1.2 9.1.1.1.-.Authentication.Bypass CRITICAL" "royal-core No.known.fix Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "review-schema 2.2.5 Authenticated.(Contributor+).Local.File.Inclusion.via.Post.Meta HIGH" "review-schema 2.2.0 Missing.Authorization.to.Arbitrary.Review.Update MEDIUM" "really-simple-google-tag-manager 1.0.7 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "responsive-css-editor No.known.fix Admin+.SQLi MEDIUM" "review-widgets-for-arukereso 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "residential-address-detection 2.5.5 Missing.Authorization MEDIUM" "residential-address-detection 2.5.5 Unauthenticated.Arbitrary.Options.Update CRITICAL" "review-widgets-for-opentable 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "responsive-coming-soon 2.2.2 Maintenance.Mode.Bypass MEDIUM" "responsive-coming-soon 1.8.2 Arbitrary.Settings.Reset MEDIUM" "responsive-filterable-portfolio 1.0.9 Authenticated.(Admin+).SQL.Injection MEDIUM" "responsive-filterable-portfolio 1.0.23 Server-Side.Request.Forgery MEDIUM" "responsive-filterable-portfolio 1.0.20 Reflected.XSS HIGH" "realtycandy-idx-broker-extended No.known.fix Cross-Site.Request.Forgery MEDIUM" "redi-restaurant-reservation 25.0513 Reflected.Cross-Site.Scripting MEDIUM" "redi-restaurant-reservation 24.1015 Reflected.Cross-Site.Scripting MEDIUM" "redi-restaurant-reservation 24.0712 Missing.Authorization MEDIUM" "redi-restaurant-reservation 24.0303 Cross-Site.Request.Forgery.via.redi_restaurant_admin_options_page() MEDIUM" "redi-restaurant-reservation 24.0303 Cross-Site.Request.Forgery.via.redi_restaurant_admin_options_page() MEDIUM" "redi-restaurant-reservation 24.0303 Reflected.Cross-Site.Scripting MEDIUM" "redi-restaurant-reservation 21.0426 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "reviewscouk-for-woocommerce 1.2.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive-jquery-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rsv-360-view No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "restaurant-reservations 2.6.30 Missing.Authorization MEDIUM" "restaurant-reservations 2.6.17 Missing.Authorization MEDIUM" "restaurant-reservations 2.6.8 Reflected.Cross-Site.Scripting HIGH" "restaurant-reservations 2.4.12 Unauthenticated.Arbitrary.Payment.Status.Update.to.Stored.XSS HIGH" "restaurant-reservations 2.4.8 Subscriber+.Stored.Cross-Site.Scripting HIGH" "role-and-customer-based-pricing-for-woocommerce 1.4.1 Reflected.Cross-Site.Scripting MEDIUM" "role-and-customer-based-pricing-for-woocommerce 1.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rename-author-slug No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "revolution-for-elementor No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "revolution-for-elementor No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "redirection-plus No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "related-posts-for-wp 2.2.2 Cross-Site.Request.Forgery MEDIUM" "related-posts-for-wp 2.0.5 Authenticated.Stored.XSS.&.XFS MEDIUM" "related-posts-for-wp 2.0.4 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "related-posts-for-wp 1.8.2 Cross-Site.Scripting.(XSS) CRITICAL" "realbig-media 1.0.7 Settings.Update.via.CSRF MEDIUM" "redirection 3.6.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "redirection 2.8 Authenticated.Local.File.Inclusion MEDIUM" "rockhoist-badges No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "raygun4wp 1.8.3 XSS MEDIUM" "raygun4wp 1.8.1 Unauthenticated.Reflected.XSS MEDIUM" "recipe-card-blocks-by-wpzoom 3.4.4 Insecure.Direct.Object.Reference.to.Authenticated.(Contributor+).Post.Disclosure MEDIUM" "recipe-card-blocks-by-wpzoom 3.3.2 Missing.Authorization MEDIUM" "recipe-card-blocks-by-wpzoom 2.8.1 Reflected.Cross-Site.Scripting HIGH" "recipe-card-blocks-by-wpzoom 2.8.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "robokassa 1.6.2 Reflected.Cross-Site.Scripting MEDIUM" "responsive-block-editor-addons 2.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive-block-editor-addons 2.0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive-block-editor-addons 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive-block-editor-addons 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.section_tag.Parameter MEDIUM" "responsive-block-editor-addons 1.9.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive-block-editor-addons 1.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rollbar No.known.fix Cross-Site.Request.Forgery MEDIUM" "reformer-elementor No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "restrict-content 3.2.14 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "restrict-content 3.2.9 Missing.Authorization MEDIUM" "restrict-content 3.2.8 Information.Exposure.via.legacy.log.file MEDIUM" "restrict-content 3.2.5 Reflected.Cross-Site.Scripting MEDIUM" "restrict-content 3.2.3 Restrict.Content.<.3.2.3.-.Reflected.XSS HIGH" "razorpay-payment-button 2.4.7 Reflected.Cross-Site.Scripting MEDIUM" "romancart-on-wordpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "rt-easy-builder-advanced-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-site.Scripting MEDIUM" "rt-easy-builder-advanced-addons-for-elementor 2.1 Missing.Authorization MEDIUM" "rt-easy-builder-advanced-addons-for-elementor 1.9 Reflected.Cross-Site.Scripting MEDIUM" "rt-easy-builder-advanced-addons-for-elementor 1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "random-featured-post-plugin No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "reportattacks 2.33 Authenticated.(Admin+).SQL.Injection MEDIUM" "reviews-widgets 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "rename-wp-login No.known.fix Secret.URL.Update.via.CSRF MEDIUM" "rich-counter 1.2.0 Cross-Site.Scripting.(XSS) MEDIUM" "responsive-coming-soon-page No.known.fix Unauthenticated.Information.Exposure MEDIUM" "responsive-coming-soon-page 1.6.0 Improper.Neutralization.of.Special.Elements.used.in.an.SQL.Command.('SQL.Injection') HIGH" "role-includer No.known.fix Reflected.Cross-Site.Scripting.via.user_id.Parameter MEDIUM" "role-includer No.known.fix Reflected.Cross-Site.Scripting.via.user_id.Parameter MEDIUM" "responsive-lightbox 2.5.2 Contributor+.Stored.XSS MEDIUM" "responsive-lightbox 2.5.1 Contributor+.Stored.XSS MEDIUM" "responsive-lightbox 2.4.8 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.Featherlight.js.JavaScript.Library MEDIUM" "responsive-lightbox 2.4.9 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "responsive-lightbox 2.4.9 Author+.Stored.XSS MEDIUM" "responsive-lightbox 2.4.8 Missing.Authorization MEDIUM" "responsive-lightbox 2.4.8 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.File.Upload MEDIUM" "responsive-lightbox 2.4.7 Information.Disclosure MEDIUM" "responsive-lightbox 2.4.6 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.name MEDIUM" "responsive-lightbox 1.7.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "rb-internal-links No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "review-widgets-for-amazon 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "relevanssi-premium 2.27.7 Unauthenticated.Stored.Cross-Site.Scripting.via.Excerpt.Highlights MEDIUM" "relevanssi-premium 2.27.5 Unauthenticated.SQL.Injection HIGH" "relevanssi-premium 2.25.2 Missing.Authorization.to.Unauthenticated.Count.Option.Update MEDIUM" "relevanssi-premium 2.25 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "relevanssi-premium 2.25.0 Unauthenticated.Private/Draft.Post.Disclosure MEDIUM" "relevanssi-premium 2.16.5 Subscriber+.Unauthorised.AJAX.Calls MEDIUM" "relevanssi-premium 1.14.6.1 SQL.Injection.&.PHP.Object.Injection HIGH" "review-manager No.known.fix Missing.Authorization MEDIUM" "revenueflex-easy-ads 1.5.1 Missing.Authorization.to.Authenticated.(Editor+).Settings.Update LOW" "request-call-back No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "revision-diet No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "remote-images-grabber No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "realia No.known.fix User.Email.Change.via.Cross-Site.Request.Forgery HIGH" "realia No.known.fix Unauthenticated.IDOR.leading.to.Arbitrary.Post.Deletion HIGH" "robo-gallery 5.0.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "robo-gallery 3.2.22 Contributor+.Stored.XSS MEDIUM" "robo-gallery 3.2.24 Admin+.Stored.XSS LOW" "robo-gallery 3.2.22 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "robo-gallery 3.2.22 Missing.Authorization.to.Authenticated.(Subscriber+).Private.Gallery.Title.Disclosure MEDIUM" "robo-gallery 3.2.22 Contributor+.Stored.XSS MEDIUM" "robo-gallery 3.2.20 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Gallery.Title MEDIUM" "robo-gallery 3.2.20 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Image.Title MEDIUM" "robo-gallery 3.2.20 Cross-Site.Request.Forgery.to.Post.Creation.and.Limited.Data.Loss HIGH" "robo-gallery 3.2.19 Unauthenticated.Information.Exposure MEDIUM" "robo-gallery 3.2.18 Author+.Stored.XSS MEDIUM" "robo-gallery 3.2.16 Admin+.Stored.XSS LOW" "robo-gallery 3.2.13 Contributor+.Stored.XSS MEDIUM" "robo-gallery 3.2.11 Plugin.Activation/Deactivation.via.CSRF MEDIUM" "robo-gallery 3.2.12 Cross-Site.Request.Forgery MEDIUM" "rig-elements No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rucy No.known.fix Cross-Site.Request.Forgery MEDIUM" "rucy No.known.fix CSRF.Bypass MEDIUM" "responsive-menu 4.1.8 Subscriber+.Arbitrary.File.Upload./.Theme.Deletion./.Plugin.Settings.Update HIGH" "responsive-menu 4.0.4 CSRF.to.Arbitrary.File.Upload HIGH" "responsive-menu 4.0.4 CSRF.to.Settings.Update MEDIUM" "responsive-menu 4.0.4 4.0.3.-.Authenticated.Arbitrary.File.Upload CRITICAL" "responsive-menu 3.1.4 XSS.and.CSRF HIGH" "recurring-bookings-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "recurring-bookings-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rate-limiting-for-contact-form-7 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rentsyst 2.0.93 Stored.XSS.via.CSRF HIGH" "real-time-find-and-replace 4.0.2 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting HIGH" "recent-posts-slider-responsive No.known.fix Cross-Site.Request.Forgery MEDIUM" "read-offline No.known.fix Folders.Disclosure.via.Outdated.jQueryFileTree.Library MEDIUM" "read-offline No.known.fix Reflected.Cross-Site.Scripting.via.PHPRelativePath.Library HIGH" "review-stars-count-for-woocommerce No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "rss-feed-widget 3.0.1 Reflected.XSS MEDIUM" "rss-feed-widget 3.0.0 Contributor+.Stored.XSS MEDIUM" "rss-feed-widget 3.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.rfw-youtube-videos.Shortcode MEDIUM" "rss-feed-widget 2.9.8 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "rss-feed-widget 2.8.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "reveal-template No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "royal-elementor-addons 1.7.1021 Contributor+.Stored.XSS MEDIUM" "royal-elementor-addons 1.7.1018 Contributor+.Stored.XSS MEDIUM" "royal-elementor-addons 1.7.1018 Contributor+.Stored.XSS MEDIUM" "royal-elementor-addons 1.3.979 Contributor+.Stored.XSS MEDIUM" "royal-elementor-addons 1.7.1013 Contributor+.DOM-Based.Stored.XSS MEDIUM" "royal-elementor-addons 1.7.1013 Contributor+.Stored.XSS MEDIUM" "royal-elementor-addons 1.7.1007 Admin+.SSRF LOW" "royal-elementor-addons 1.7.1008 Reflected.XSS HIGH" "royal-elementor-addons 1.7.1007 Stored.XSS.via.CSRF HIGH" "royal-elementor-addons 1.7.1002 Reflected.Cross-Site.Scripting HIGH" "royal-elementor-addons 1.7.1002 Missing.Authorization LOW" "royal-elementor-addons 1.7.1 Contributor+.Stored.XSS MEDIUM" "royal-elementor-addons 1.7.1004 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "royal-elementor-addons 1.7.1002 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Widget MEDIUM" "royal-elementor-addons 1.7.1002 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.Google.Maps.Widget MEDIUM" "royal-elementor-addons 1.7.1002 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.Form.Builder.Widget MEDIUM" "royal-elementor-addons 1.3.981 Authenticated.(Author+).External.Entity.Injection MEDIUM" "royal-elementor-addons 1.3.987 Authenticated.(Subscriber+).Private.Post.Disclosure MEDIUM" "royal-elementor-addons 1.3.987 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Team.Member.Widget MEDIUM" "royal-elementor-addons 1.3.985 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "royal-elementor-addons 1.3.981 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.Magazine.Grid/Slider.Widget MEDIUM" "royal-elementor-addons 1.3.977 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "royal-elementor-addons 1.3.977 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.Uploads MEDIUM" "royal-elementor-addons 1.3.976 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Back.to.Top.Widget MEDIUM" "royal-elementor-addons 1.3.976 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "royal-elementor-addons 1.3.975 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Form.Builder.Widget MEDIUM" "royal-elementor-addons 1.3.95 Unauthenticated.IP.Spoofing MEDIUM" "royal-elementor-addons 1.3.972 Contributor+.DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "royal-elementor-addons 1.3.972 Contributor+.Stored.Cross-Site.Scripting.via.Flip.Carousel,.Flip.Box,.Post.Grid,.and.Taxonomy.List.Widget.Attributes MEDIUM" "royal-elementor-addons 1.3.972 Contributor+.Stored.Cross-Site.Scripting.via.Advanced.Accordion.Title.Tags MEDIUM" "royal-elementor-addons 1.3.972 Contributor+.Stored.Cross-Site.Scripting.via.HTML.Tags MEDIUM" "royal-elementor-addons 1.3.95 Unauthenticated.Limited.File.Upload HIGH" "royal-elementor-addons 1.3.95 Contributor+.Stored.Cross-Site.Scriting MEDIUM" "royal-elementor-addons 1.3.92 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Logo.Widget MEDIUM" "royal-elementor-addons 1.3.88 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "royal-elementor-addons 1.3.88 Multiple.Cross-Site.Request.Forgery MEDIUM" "royal-elementor-addons 1.3.88 Missing.Authorization.via.wpr_update_form_action_meta MEDIUM" "royal-elementor-addons 1.3.81 Unauthenticated.Arbitrary.Post.Read MEDIUM" "royal-elementor-addons 1.7.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "royal-elementor-addons 1.3.79 Unauthenticated.Arbitrary.File.Upload CRITICAL" "royal-elementor-addons 1.3.71 Reflected.Cross-Site.Scripting MEDIUM" "royal-elementor-addons 1.3.71 Unauthenticated.API.Key.Disclosure MEDIUM" "royal-elementor-addons 1.3.60 Menu.Template.Creation.via.CSRF MEDIUM" "royal-elementor-addons 1.3.60 Subscriber+.Arbitrary.Template.Import MEDIUM" "royal-elementor-addons 1.3.60 Subscriber+.Mega.Menu.Settings.Update MEDIUM" "royal-elementor-addons 1.3.60 Subscriber+.Arbitrary.Import.Deletion MEDIUM" "royal-elementor-addons 1.3.60 Subscriber+.Arbitrary.Plugin.Deactivation MEDIUM" "royal-elementor-addons 1.3.60 Reflected.XSS HIGH" "royal-elementor-addons 1.3.60 Subscriber+.Template.Kit.Import MEDIUM" "royal-elementor-addons 1.3.60 Subscriber+.Template.Condition.Update MEDIUM" "royal-elementor-addons 1.3.60 Subscriber+.Arbitrary.Template.Activation MEDIUM" "royal-elementor-addons 1.3.60 Subscriber+.Arbitrary.Plugin.Activation MEDIUM" "royal-elementor-addons 1.3.60 Subscriber+.Arbitrary.Theme.Activation MEDIUM" "royal-elementor-addons 1.3.56 Subscriber+.Arbitrary.Post.Creation MEDIUM" "royal-elementor-addons 1.3.56 Subscriber+.Arbitrary.Post.Deletion HIGH" "royal-elementor-addons 1.3.33 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "remove-date-and-gravatar-under-comment No.known.fix Cross-Site.Request.Forgery MEDIUM" "rightmessage No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rss-manager No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "real-cookie-banner 5.1.6 Admin+.Stored.XSS LOW" "real-cookie-banner 3.4.10 Contributor+.Stored.XSS MEDIUM" "real-cookie-banner 2.18.2 Reflected.Cross-Site.Scripting MEDIUM" "real-cookie-banner 2.14.2 Settings.Reset.via.CSRF MEDIUM" "rate-my-post 4.2.5 Unauthenticated.Voting.On.Scheduled.Posts MEDIUM" "rate-my-post 3.4.5 Insecure.Direct.Object.Reference MEDIUM" "rate-my-post 3.4.3 IP.Spoofing MEDIUM" "rate-my-post 3.3.9 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "rate-my-post 3.3.5 Cross-Site.Request.Forgery MEDIUM" "rate-my-post 3.3.5 Subscriber+.Votes.Tampering.via.Race.Condition MEDIUM" "responsive-flipbooks No.known.fix Missing.Authorization MEDIUM" "responsive-data-table No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "rankchecker-io-integration No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "recipepress-reloaded No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "regpack No.known.fix Admin+.Stored.XSS LOW" "rac No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "review-engine No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "review-engine No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "review-engine No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "rumbletalk-chat-a-chat-with-themes 6.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rumbletalk-chat-a-chat-with-themes 6.2.0 Missing.Authorization.via.handleRequest HIGH" "rest-api-fns No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "rest-api-fns No.known.fix Privilege.Escalation CRITICAL" "recurring-donation 1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "r3w-instafeed No.known.fix Reflected.XSS HIGH" "role-scoper 1.3.67 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "razorpay-subscription-button-elementor 1.0.4 Reflected.Cross-Site.Scripting.via.add_query_arg.and.remove_query_arg.Functions MEDIUM" "revechat No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "rentpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "review-widgets-for-airbnb 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "rio-video-gallery No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "racar-clear-cart-for-woocommerce 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rj-quickcharts No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "rj-quickcharts No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "review-widgets-for-booking-com 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "rife-elementor-extensions 1.2.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Writing.Effect.Headline.Shortcode MEDIUM" "rife-elementor-extensions 1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Writing.Effect.Headline.Widget MEDIUM" "rife-elementor-extensions 1.1.6 Contributor+.Stored.XSS MEDIUM" "run-time-image-resizing No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "run-time-image-resizing No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "randomize No.known.fix Authenticated.(Contributor+).SQL.Injection HIGH" "resize-at-upload-plus No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "rearrange-woocommerce-products 3.0.8 Subscriber+.SQL.Injection HIGH" "restrict-user-access 2.6 Reflected.Cross-Site.Scripting MEDIUM" "restrict-user-access 2.6 Information.Exposure MEDIUM" "restrict-user-access 2.4.3 Reflected.Cross-Site.Scripting MEDIUM" "restrict-user-access 2.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "reciply No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "reciply 1.1.8 Unauthenticated.File.Upload MEDIUM" "reloaded-rezdy No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "revi-io-customer-and-product-reviews 5.8.0 Reflected.Cross-Site.Scripting MEDIUM" "restrict-anonymous-access 1.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "read-and-understood 2.2 Authenticated.Stored.XSS.&.CSRF HIGH" "restaurant-pickup-delivery-dine-in No.known.fix Admin+.Stored.XSS LOW" "rizzi-guestbook No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "rk-responsive-contact-form No.known.fix Authenticated.Blind.SQL.Injection CRITICAL" "rs-members No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "rocket-maintenance-mode 4.4 Admin+.Stored.XSS LOW" "rocket-maintenance-mode 4.4 Reflected.Cross-Site.Scripting MEDIUM" "rocket-maintenance-mode 4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rehub-framework 19.6.2 Authenticated.(Subscriber+).SQL.Injection HIGH" "rewrite No.known.fix Cross-Site.Request.Forgery MEDIUM" "redirect-redirection 1.2.0 Subscriber+.Unauthorised.Action.Calls MEDIUM" "redirect-redirection 1.1.4 Plugin.Installation.via.CSRF MEDIUM" "redirect-redirection 1.1.4 Subscriber+.Plugin.Installation MEDIUM" "redirect-redirection 1.1.5 Plugin.Reset.via.CSRF MEDIUM" "redirect-redirection 1.1.4 Redirect.Creation.via.CSRF MEDIUM" "radio-station 2.5.8 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "radio-station 2.5.0 Reflected.XSS HIGH" "radio-station 2.5.5 Reflected.Cross-Site.Scripting MEDIUM" "radio-station 2.4.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "responsive-flickr-gallery No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "rotatingtweets No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "role-based-pricing-for-woocommerce 1.6.3 Subscriber+.PHAR.Deserialization HIGH" "role-based-pricing-for-woocommerce 1.6.2 Subscriber+.Arbitrary.File.Upload HIGH" "real-estate-manager No.known.fix Unauthenticated.Remote.Code.Execution CRITICAL" "real-estate-manager No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "real-estate-manager No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "real-estate-manager No.known.fix CAPTCHA.Bypass MEDIUM" "real-estate-manager No.known.fix Subscriber+.Privilege.Escalation HIGH" "real-estate-manager 7.0 Subscriber+.Settings.Update MEDIUM" "responsive-menu-pro 4.0.4 CSRF.to.Arbitrary.File.Upload HIGH" "responsive-menu-pro 4.0.4 CSRF.to.Settings.Update MEDIUM" "responsive-menu-pro 4.0.4 4.0.3.-.Authenticated.Arbitrary.File.Upload CRITICAL" "radius-blocks No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "radius-blocks 2.2.0 Cross-Site.Request.Forgery MEDIUM" "radius-blocks 2.2.0 Contributor+.Stored.XSS MEDIUM" "restrict-usernames-emails-characters 3.1.4 Admin+.Stored.XSS LOW" "reflex-gallery 3.1.5 jQuery.prettyPhoto.DOM.Cross-Site.Scripting.(XSS) MEDIUM" "recently-viewed-and-most-viewed-products No.known.fix Authenticated.(Shop.Manager+).Stored.Cross-Site.Scripting MEDIUM" "rss-chimp 1.2.5 Reflected.Cross-Site.Scripting MEDIUM" "rss-chimp 1.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rate-own-post No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "recencio-book-reviews No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rest-routes 5.5.4 Reflected.Cross-Site.Scripting MEDIUM" "rest-routes 4.24.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "really-simple-featured-video 0.7.2 Reflected.Cross-Site.Scripting MEDIUM" "really-simple-featured-video 0.5.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "robo-maps No.known.fix Google.Maps.<=.1.0.6.-.Contributor+.Stored.XSS MEDIUM" "r-animated-icon No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "relevanssi 4.24.6 Unauthenticated.Stored.Cross-Site.Scripting.via.Excerpt.Highlights MEDIUM" "relevanssi 4.24.5 Unauthenticated.SQL.Injection HIGH" "relevanssi 4.24.4 Unauthenticated.Stored.Cross-Site.Scripting.via.Search.Highlights MEDIUM" "relevanssi 4.23.1 Contributor+.Stored.XSS MEDIUM" "relevanssi 4.23.0 Unauthenticated.Information.Exposure MEDIUM" "relevanssi 4.22.2 Missing.Authorization.to.Unauthenticated.Count.Option.Update MEDIUM" "relevanssi 4.22.1 Unauthenticated.Query.Log.Export MEDIUM" "relevanssi 4.22.0 Unauthenticated.Private/Draft.Post.Disclosure MEDIUM" "relevanssi 4.14.6 Subscriber+.Unauthorised.AJAX.Calls MEDIUM" "relevanssi 4.14.3 A.Better.Search.<.4.14.3.-.Unauthenticated.Stored.Cross-Site.Scripting HIGH" "relevanssi 4.0.5 Cross-Site.Scripting.(XSS) MEDIUM" "relevanssi 3.6.1 Authenticated.Admin.SQL.Injection MEDIUM" "revision-manager-tmc 2.8.20 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Email.Sending MEDIUM" "revision-manager-tmc 2.8.0 Folders.Disclosure.via.Outdated.jQueryFileTree.Library MEDIUM" "responsive-iframe No.known.fix Contributor+.Stored.XSS HIGH" "rduplicator No.known.fix Contributor+.SQLi HIGH" "related-posts-list-grid-and-slider-all-in-one No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "review-widgets-for-foursquare 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "resads No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "resads No.known.fix Reflected.Cross-Site.Scripting.via.Multiple.Parameters MEDIUM" "resads 1.0.2 .Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "remember-me-controls 2.1 Unauthenticated.Full.Path.Disclosure MEDIUM" "responsive-google-map No.known.fix Missing.Authorization MEDIUM" "rafflepress 1.12.17 Admin+.Stored.XSS LOW" "rafflepress 1.12.16 Editor+.Stored.XSS LOW" "rafflepress 1.12.14 Editor+.Stored.XSS LOW" "rafflepress 1.12.5 Missing.Authorization MEDIUM" "rafflepress 1.12.11 IP.Spoofing MEDIUM" "rafflepress 1.12.7 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "rafflepress 1.12.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "rafflepress 1.11.3 Contributor+.Stored.XSS MEDIUM" "responsive-flipbook No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "recent-posts-slider No.known.fix Cross-Site.Request.Forgery MEDIUM" "recent-posts-slider No.known.fix Unauthenticated.Stored.XSS HIGH" "renee-work-in-progress No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "renee-work-in-progress No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "relicwp-helper No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "rich-web-share-button No.known.fix Unauthenticated.SQL.Injection CRITICAL" "rich-web-share-button No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "rollover-tab No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rabbit-loader 2.21.1 Reflected.Cross-Site.Scripting MEDIUM" "rabbit-loader 2.19.14 Missing.Authorization.via.multiple.AJAX.actions MEDIUM" "replace-default-words No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "relogo No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "relevant 1.2.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "relevant 1.0.8 Cross-Site.Scripting.(XSS) MEDIUM" "restricted-site-access 7.3.2 Access.Bypass.via.IP.Spoofing MEDIUM" "redirect-404-to-parent 1.3.1 Reflected.Cross-Site.Scripting.(XSS) HIGH" "redirect-by-cookie 1.07 Reflected.Cross-Site.Scripting MEDIUM" "remote-content-shortcode No.known.fix Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "remote-content-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "remote-content-shortcode No.known.fix Authenticated(Contributor+).Local.File.Inclusion.via.shortcode MEDIUM" "real-wp-shop-lite No.known.fix Admin+.Stored.XSS LOW" "rsv-pdf-preview No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rename-media-files No.known.fix Authenticated.(Contributor+).Remote.Code.Execution HIGH" "rocket-media-library-mime-type No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "reactflow-session-replay-heatmap No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "rapid-cache No.known.fix Unauthenticated.Cache.Poisoning HIGH" "restaurant-cafe-addon-for-elementor 1.5.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "restaurant-cafe-addon-for-elementor 1.6.0 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "restaurant-cafe-addon-for-elementor 1.5.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "restaurant-cafe-addon-for-elementor 1.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "restaurant-cafe-addon-for-elementor 1.5.4 Missing.Authorization.via.multiple.AJAX.functions LOW" "restaurant-cafe-addon-for-elementor 1.5.3 Cross-Site.Request.Forgery MEDIUM" "restaurant-cafe-addon-for-elementor 1.5.3 Missing.Authorization MEDIUM" "restaurant-cafe-addon-for-elementor 1.4.8 Reflected.Cross-Site.Scripting MEDIUM" "restaurant-cafe-addon-for-elementor 1.4.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ratings-shorttags No.known.fix Stored.XSS.via.CSRF HIGH" "rsvpmaker-for-toastmasters 6.2.5 Unauthenticated.Arbitrary.File.Upload CRITICAL" "registrations-for-the-events-calendar 2.13.4 Admin+.Stored.XSS LOW" "registrations-for-the-events-calendar 2.12.4 Unauthenticated.Stored.XSS HIGH" "registrations-for-the-events-calendar 2.12.2 Missing.Authorization MEDIUM" "registrations-for-the-events-calendar 2.12.3 Authenticated.(Contributor+).SQL.Injection CRITICAL" "registrations-for-the-events-calendar 2.7.10 Reflected.Cross-Site.Scripting HIGH" "registrations-for-the-events-calendar 2.7.6 Unauthenticated.SQL.Injection HIGH" "registrations-for-the-events-calendar 2.7.5 Reflected.Cross-Site.Scripting HIGH" "rs-survey No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "restaurant-solutions-checklist No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "remove-duplicate-posts 1.3 Reflected.Cross-Site.Scripting MEDIUM" "recall-products No.known.fix Authenticated.Cross-Site.Scripting MEDIUM" "recall-products No.known.fix Authenticated.SQL.Injection MEDIUM" "revolut-gateway-for-woocommerce 4.17.4 Missing.Authorization.to.Unauthenticated.Order.Status.Update MEDIUM" "revolut-gateway-for-woocommerce 4.9.8 Missing.Authorization MEDIUM" "refer-a-friend-widget-for-wp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "rm-mailchimp-manager No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rm-mailchimp-manager No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "resmushit-image-optimizer 0.4.7 Multiple.CSRF MEDIUM" "resmushit-image-optimizer 0.4.4 Subscriber+.AJAX.Calls MEDIUM" "resmushit-image-optimizer 0.4.6 Admin+.Cross-Site.Scripting LOW" "restrict-taxonomies No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "recently-viewed-most-viewed-and-sold-products-for-woocommerce No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "radio-player 2.0.85 Unauthenticated.Server-Side.Request.Forgery HIGH" "radio-player 2.0.79 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.align.Attribute MEDIUM" "radio-player 2.0.74 Missing.Authorization.to.Player.Deletion MEDIUM" "radio-player 2.0.74 Missing.Authorization.to.Settings.Update MEDIUM" "radio-player 2.0.74 Missing.Authorization.to.Player.Update MEDIUM" "radio-player 2.0.74 Missing.Authorization MEDIUM" "radio-player 2.0.74 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "radio-player 2.0.74 Unauthenticated.Server-Side.Request.Forgery HIGH" "radio-player 2.0.74 Missing.Authorization.to.Authenticated.(Subscriber+).Information.Disclosure MEDIUM" "radio-player 2.0.74 Missing.Authorization.via.get_players MEDIUM" "radio-player 2.0.5 Reflected.Cross-Site.Scripting MEDIUM" "radio-player 1.0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "re-attacher 1.0.9 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "rss-for-yandex-turbo 1.31 Admin+.Stored.Cross-Site.Scripting LOW" "rss-for-yandex-turbo 1.30 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "rws-enquiry No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "rencontre 3.11 Unauthenticated.Arbitrary.File.Upload CRITICAL" "rencontre 3.11.2 Subscriber+.PHP.Object.Injection HIGH" "rencontre 3.11 Privilege.Escalation CRITICAL" "rencontre 3.2.3 Multiple.CSRF CRITICAL" "regenerate-post-permalinks No.known.fix Cross-Site.Request.Forgery MEDIUM" "restrict-categories No.known.fix Reflected.XSS HIGH" "reviews-feed 1.2.0 Cross-Site.Request.Forgery MEDIUM" "reviews-feed 1.2.0 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Settings.Update MEDIUM" "related-posts-via-categories No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "remove-old-slugspermalinks 2.7.0 Cross-Site.Request.Forgery MEDIUM" "restrict-for-elementor 1.0.8 Protection.Mechanism.Bypass MEDIUM" "restrict-for-elementor 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "random-banner No.known.fix Contributor+.Stored.XSS MEDIUM" "random-banner No.known.fix Admin+.Stored.XSS LOW" "random-banner 4.1.6 Admin+.Stored.Cross-Site.Scripting LOW" "random-banner 2.0 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "reverbnation-widgets No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "really-simple-ssl 9.2.0 Cross-Site.Request.Forgery MEDIUM" "really-simple-ssl 9.1.2 9.1.1.1.-.Authentication.Bypass CRITICAL" "really-simple-ssl 8.0.0 Admin+.Server-Side.Request.Forgery MEDIUM" "rich-reviews No.known.fix Arbitrary.Reviews.Deletion.via.CSRF MEDIUM" "rich-reviews 1.9.6 Admin+.SQL.Injection MEDIUM" "rich-table-of-content 1.4.1 Missing.Authorization MEDIUM" "rich-table-of-content 1.3.9 Contributor+.Stored.XSS MEDIUM" "really-simple-ssl-pro-multisite 9.1.2 9.1.1.1.-.Authentication.Bypass CRITICAL" "raychat 2.2.0 Missing.Authorization MEDIUM" "ratemyagent-official 1.5.0 Cross-Site.Request.Forgery.to.API.Key.Update MEDIUM" "responsive-horizontal-vertical-and-accordion-tabs 1.1.18 Authenticated.(Contributor+).SQL.Injection CRITICAL" "responsive-horizontal-vertical-and-accordion-tabs 1.1.18 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive-horizontal-vertical-and-accordion-tabs 1.1.16 Reflected.XSS HIGH" "responsive-horizontal-vertical-and-accordion-tabs 1.1.16 Reflected.Cross-Site.Scripting MEDIUM" "recover-wc-abandoned-cart No.known.fix Unauthenticated.SQL.Injection HIGH" "recover-wc-abandoned-cart 2.3 Cross-Site.Request.Forgery MEDIUM" "resume-upload-form No.known.fix Captcha.Bypass MEDIUM" "recently-purchased-products-for-woo 1.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.view.Parameter MEDIUM" "responsive-header-image-slider No.known.fix Contributor+.Stored.XSS MEDIUM" "romethemeform 1.1.6 Missing.Authorization.via.export_entries,.rtformnewform,.and.rtformupdate MEDIUM" "romethemeform 1.1.3 Missing.Authorization MEDIUM" "rating-bws No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "rating-bws 1.6 Rating.Denial.of.Service MEDIUM" "rating-bws 0.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "restrict-user-registration No.known.fix Restrict.User.Registration.<=.1,0,1..Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "radslide No.known.fix Missing.Authorization MEDIUM" "rselements-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "removehide-author-date-category-like-entry-meta No.known.fix Settings.Update.via.CSRF MEDIUM" "random-image-selector No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "republish-old-posts 1.27 Cross-Site.Request.Forgery.via.rop_options_page MEDIUM" "real-time-auto-find-and-replace 1.6.8 Missing.Authorization.to.Authenticated.(Subscriber+).Privilege.Escalation HIGH" "real-time-auto-find-and-replace 1.6.2 Unauthenticated.PHP.Object.Injection HIGH" "real-time-auto-find-and-replace 1.3.6 Admin+.SQLi MEDIUM" "real-time-auto-find-and-replace 1.2.9 Reflected.Cross-Site.Scripting HIGH" "rss-feed-post-generator-echo 5.4.8.2 Unauthenticated.Arbitrary.File.Upload CRITICAL" "rss-feed-post-generator-echo 5.4.7 Unauthenticated.Privilege.Escalation CRITICAL" "rough-chart No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "rrssb No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "real-media-library-lite 4.11.12 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "real-media-library-lite 4.22.8 Contributor+.Stored.XSS MEDIUM" "real-media-library-lite 4.18.29 Author+.Stored.XSS MEDIUM" "real-media-library-lite 4.14.2 Author.Stored.Cross-Site.Scripting MEDIUM" "responsive-column-widgets No.known.fix Reflected.XSS HIGH" "responsive-column-widgets No.known.fix Open.Redirect.via.responsive_column_widgets_link MEDIUM" "reset-course-progress-for-learndash No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "reset-course-progress-for-learndash No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "responsive-vector-maps 6.4.2 Responsive.Vector.Maps.<.6.4.2.-.Subscriber+.Arbitrary.File.Read HIGH" "royal-slider 3.2.7 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "rate-star-review 1.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rate-star-review 1.5.2 Reflected.Cross-Site.Scripting MEDIUM" "replace-image 1.1.11 Insecure.Direct.Object.Reference MEDIUM" "related-youtube-videos 1.9.9 CSRF.&.XSS HIGH" "read-more No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Read.More.Button.Deletion MEDIUM" "read-more No.known.fix Cross-Site.Request.Forgery MEDIUM" "referrer-detector No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "reader-mode No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "react-webcam No.known.fix Contributor+.Stored.XSS MEDIUM" "required-taxonomies 1.1.8 Reflected.Cross-Site.Scripting MEDIUM" "required-taxonomies 1.1.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "raise-prices-with-sales-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "raise-prices-with-sales-for-woocommerce 1.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "review-widgets-for-hotels-com 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "rocket-wp-mobile No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "rebrand-fluent-forms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "remove-add-to-cart-woocommerce 1.4.5 Settings.Update.via.CSRF MEDIUM" "remove-add-to-cart-woocommerce 1.4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ravpage 2.33 PHP.Object.Injection CRITICAL" "ravpage 2.25 Reflected.Cross-Site.Scripting MEDIUM" "rewardsystem No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "real-wysiwyg No.known.fix Reflected.Cross-Site.Scripting HIGH" "responsive-tabs-for-wpbakery No.known.fix Contributor+.Stored.XSS MEDIUM" "responsive-google-maps 1.2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "remove-slug-from-custom-post-type No.known.fix Settings.Update.via.CSRF MEDIUM" "replace-word No.known.fix Cross-Site.Request.Forgery MEDIUM" "rest-api-to-miniprogram No.known.fix Cross-Site.Request.Forgery MEDIUM" "rest-api-to-miniprogram 4.7.6 Unauthenticated.Arbitrary.User.Email.Update.and.Privilege.Escalation.via.Account.Takeover CRITICAL" "rest-api-to-miniprogram No.known.fix Unauthenticated.SQL.Injection HIGH" "rest-api-to-miniprogram No.known.fix Subscriber+.Attachment.Deletion MEDIUM" "risk-warning-bar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "recaptcha-for-all 2.27 Cross-Site.Request.Forgery MEDIUM" "recaptcha-for-all 2.23 Cross-Site.Request.Forgery MEDIUM" "rays-grid No.known.fix Cross-Site.Request.Forgery MEDIUM" "rays-grid 1.2.3 CSRF.Bypass MEDIUM" "related-post 2.0.60 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "related-post 2.0.59 Sensitive.Information.Exposure MEDIUM" "related-post 2.0.54 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rdp-linkedin-login No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "revisionary 3.5.16 Missing.Authorization.to.Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "revisionary 3.5.15 Reflected.Cross-Site.Scripting MEDIUM" "responsivity No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "readme-creator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "realteo 1.2.9 Real.Estate.Plugin.by.Purethemes.<.1.2.9.-.Authentication.Bypass.via.'do_register_user' CRITICAL" "realteo 1.2.4 Arbitrary.Property.Deletion.via.IDOR HIGH" "realteo 1.2.4 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "redux-framework 4.4.18 .4.4.17.-.Unauthenticated.JSON.File.Upload.to.Stored.Cross-Site.Scripting HIGH" "redux-framework 4.2.13 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "redux-framework 4.2.13 Contributor+.Arbitrary.Plugin.Installation.and.Post.Deletion HIGH" "redux-framework 4.1.24 4.1.23.-.CSRF.Nonce.Validation.Bypass MEDIUM" "redux-framework 4.1.21 CSRF.Nonce.Validation.Bypass MEDIUM" "rezgo 4.17.1 Unauthenticated.Local.File.Inclusion HIGH" "rezgo 4.1.8 Reflected.Cross-Site-Scripting MEDIUM" "rezgo 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "rdp-wiki-embed No.known.fix Cross-Site.Request.Forgery MEDIUM" "richtexteditor No.known.fix Missing.Authorization MEDIUM" "richtexteditor No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "rlm-elementor-widgets-pack 1.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rootspersona No.known.fix Cross-Site.Request.Forgery MEDIUM" "rootspersona No.known.fix Missing.Authorization MEDIUM" "rdp-ingroups No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "rsvpmaker-volunteer-roles No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "relais-2fa No.known.fix Authentication.Bypass CRITICAL" "responsive-add-ons 3.2.3 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "responsive-add-ons 3.2.1 Missing.Authorization MEDIUM" "responsive-add-ons 3.2.0 Missing.Authorization MEDIUM" "responsive-add-ons 3.1.5 Authenticated.(Contributor+).Blind.Server-Side.Request.Forgery.via.remote_request MEDIUM" "responsive-add-ons 3.0.6 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "responsive-add-ons 2.2.6 Unprotected.AJAX.Endpoints CRITICAL" "reaction-buttons No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "schedulicity-online-appointment-booking No.known.fix Easy.Online.Scheduling.<=.2.21.-.Contributor+.Stored.XSS MEDIUM" "sparkle-elementor-kit No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "sparkle-elementor-kit No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-tags 3.30.0 Admin+.Stored.XSS LOW" "simple-tags 3.20.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "simple-tags 3.6.5 Editor+.Stored.XSS LOW" "simple-tags 3.4.5 Reflected.Cross-Site.Scripting MEDIUM" "simple-tags 3.0.7.2 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "smoothness-slider-shortcode No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "searchwp 4.2.6 Subscriber+.Settings.Update MEDIUM" "simple-nested-menu No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-history 5.8.2 Admin+.Sensitive.Information.Exposure.via.Detective.Mode MEDIUM" "simple-history 3.4.0 Improper.Neutralization.of.Formula.Elements.in.a.CSV.File MEDIUM" "simple-cod-fee-for-woocommerce No.known.fix Missing.Authorization MEDIUM" "startklar-elmentor-forms-extwidgets No.known.fix Unauthenticated.Path.Traversal.to.Arbitrary.Directory.Deletion CRITICAL" "startklar-elmentor-forms-extwidgets 1.7.14 Unauthenticated.Arbitrary.File.Upload CRITICAL" "startklar-elmentor-forms-extwidgets 1.7.14 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "system-dashboard 2.8.19 Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "system-dashboard 2.8.18 Reflected.Cross-Site.Scripting.via.Filename.Parameter MEDIUM" "system-dashboard 2.8.15 Admin+.Path.Traversal MEDIUM" "system-dashboard 2.8.15 Unauthenticated.Stored.XSS HIGH" "system-dashboard 2.8.10 XSS.via.Header.Injection LOW" "system-dashboard 2.8.8 Missing.Authorization.to.Information.Disclosure.(sd_php_info) MEDIUM" "system-dashboard 2.8.8 Missing.Authorization.to.Information.Disclosure.(sd_global_value) MEDIUM" "system-dashboard 2.8.8 Missing.Authorization.to.Information.Disclosure.(sd_constants) MEDIUM" "system-dashboard 2.8.8 Missing.Authorization.to.Information.Disclosure.(sd_db_specs) MEDIUM" "system-dashboard 2.8.8 Missing.Authorization.to.Information.Disclosure.(sd_option_value) MEDIUM" "sola-testimonials No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.alignment.Parameter MEDIUM" "sola-testimonials No.known.fix Cross-Site.Request.Forgery MEDIUM" "shantz-wordpress-qotd No.known.fix Arbitrary.Setting.Update.via.CSRF MEDIUM" "support-x 1.1.8 Reflected.Cross-Site.Scripting MEDIUM" "support-x 1.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "support-x 1.1.6 Reflected.Cross-Site.Scripting MEDIUM" "show-website-content-in-wordpress-page-or-post 2024.04.09 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "seo-landing-page-generator 1.66.3 Reflected.Cross-Site.Scripting MEDIUM" "seo-landing-page-generator 1.62.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "shop-page-wp 1.2.8 Admin+.Stored.Cross-Site.Scripting MEDIUM" "spin360 No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "store-locator-le No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "store-locator-le 5.9 Authenticated.Privilege.Escalation CRITICAL" "store-locator-le 5.9 Unauthenticated.Stored.XSS HIGH" "scw-seat-reservation 3.4 Unauthenticated.SQL.Injection HIGH" "skaut-bazar 1.3.3 Reflected.Cross-Site.Scripting HIGH" "stream-status-for-twitch 2.1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-post-gallery No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "sw-contact-form No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "send-users-email 1.5.2 Unauthenticated.Information.Exposure MEDIUM" "send-users-email 1.4.4 Sensitive.Information.Exposure.via.Error.Logs MEDIUM" "send-users-email 1.4.1 Reflected.Cross-Site.Scripting MEDIUM" "sociable No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "simplistic-seo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sitemap 4.4 Contributor+.Stored.XSS MEDIUM" "smart-manager-for-wp-e-commerce 8.53.0 Authenticated.(Administrator+).SQL.Injection MEDIUM" "smart-manager-for-wp-e-commerce 8.46.0 Missing.Authorization MEDIUM" "smart-manager-for-wp-e-commerce 8.28.0 Admin+.SQL.Injection MEDIUM" "simple-schools-staff-directory No.known.fix Admin+.Arbitrary.File.Upload CRITICAL" "slim-seo 4.5.5 Authenticated.(Administrator+).SQL.Injection MEDIUM" "slim-seo 4.5.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.slim_seo_breadcrumbs.Shortcode MEDIUM" "simple-e-commerce-shopping-cart No.known.fix Sell.products.through.Paypal.<=.3.1.2.-.Reflected.Cross-Site.Scripting.via.monthly_sales_current_year.Parameter MEDIUM" "simple-e-commerce-shopping-cart No.known.fix Sell.products.through.Paypal.<=.3.1.2.-.Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update./.Data.Access MEDIUM" "simple-e-commerce-shopping-cart No.known.fix Arbitrary.File.Upload CRITICAL" "simpleform-contact-form-submissions No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-behace-portfolio No.known.fix Reflected.Cross-Site.Scripting HIGH" "simple-behace-portfolio No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "service-area-postcode-checker No.known.fix Admin+.Stored.XSS LOW" "seraphinite-post-docx-source 2.16.10 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "seraphinite-post-docx-source 2.16.10 Missing.Authorization MEDIUM" "seraphinite-post-docx-source 2.16.7 Settings.Update/Reset/Import.via.CSRF MEDIUM" "smdp-affiliate-platform No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "search-and-replace 3.2.3 Unauthenticated.PHP.Object.Injection MEDIUM" "search-and-replace 3.2.2 Administrator+.SQL.injection LOW" "search-and-replace 3.2.2 Admin+.SQL.injection MEDIUM" "sweepwidget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "seo-redirection 9.1 Multiple.CSRF MEDIUM" "seo-redirection 9.1 404.Error.&.History.Deletion.via.CSRF MEDIUM" "seo-redirection 8.2 Subscriber+.SQL.Injection HIGH" "seo-redirection 7.9 Arbitrary.Redirect.Deletion.via.CSRF MEDIUM" "seo-redirection 7.4 Reflected.Cross-Site.Scripting HIGH" "seo-redirection 7.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "seo-redirection 6.4 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "seo-redirection 4.3 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "seo-redirection 2.9 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "seo-redirection 2.3 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "stock-in No.known.fix Authenticated.SQL.Injection MEDIUM" "stock-in No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "simple-blueprint-installer 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "subway No.known.fix Improper.Access.Control.to.Sensitive.Information.Exposure.via.REST.API MEDIUM" "stockholm-core 2.4.2 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "stockholm-core 2.4.2 Reflected.Cross-Site.Scripting MEDIUM" "smart-variations-images 5.2.8 Reflected.Cross-Site.Scripting MEDIUM" "smart-variations-images 5.1.10 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "shortcodes-finder 1.5.5 Reflected.Cross-Site.Scripting MEDIUM" "shortcodes-finder 1.5.4 Reflected.XSS HIGH" "simple-woocommerce-csv-loader No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "smooth-gallery-replacement No.known.fix CSRF.to.Stored.XSS HIGH" "svgplus No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "shuffle No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "seriously-simple-stats 1.7.0 Reflected.Cross-Site.Scripting MEDIUM" "seriously-simple-stats 1.5.2 Reflected.XSS HIGH" "seriously-simple-stats 1.5.1 Podcast.Manager+.SQLi HIGH" "search-field-for-gravity-forms 0.6 Reflected.Cross-Site.Scripting MEDIUM" "scrollbar-by-webxapp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "synved-shortcodes No.known.fix Contributor+.Stored.XSS MEDIUM" "spider-contacts No.known.fix Reflected.XSS HIGH" "store-credit-for-woocommerce 1.0.49.47 Reflected.Cross-Site.Scripting MEDIUM" "sexbundle No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ship-depot No.known.fix Missing.Authorization MEDIUM" "style-tweaker No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "simple-payment 2.3.8 Reflected.Cross-Site.Scripting MEDIUM" "seo-optimized-images 2.1.4 Injected.Backdoor CRITICAL" "seo-optimized-images 2.1 Reflected.Cross-Site.Scripting MEDIUM" "salesmanago 3.2.5 Log.Injection.via.Weak.Authentication.Token MEDIUM" "simple-photo-sphere No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "seo-manager No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.Meta MEDIUM" "simple-video-management-system No.known.fix Admin+.Stored.XSS LOW" "simple-video-management-system No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-file-list 6.1.14 Missing.Authorization.to.Unauthenticated.Minor.Settings.Update MEDIUM" "simple-file-list 6.1.13 Reflected.Cross-Site.Scripting HIGH" "simple-file-list 6.1.10 Admin+.Stored.XSS LOW" "simple-file-list 6.1.10 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "simple-file-list 6.0.10 Admin+.Stored.XSS LOW" "simple-file-list 4.4.12 Admin+.Stored.Cross-Site.Scripting LOW" "simple-file-list 4.4.13 Page.Creation.via.CSRF MEDIUM" "simple-file-list 4.4.12 Reflected.Cross-Site.Scripting MEDIUM" "simple-file-list 4.2.8 Authenticated.Arbitrary.File.Deletion HIGH" "simple-file-list 4.2.3 Unauthenticated.Arbitrary.File.Upload.RCE CRITICAL" "simple-file-list 3.2.8 Unauthenticated.Arbitrary.File.Download HIGH" "stackable-ultimate-gutenberg-blocks 3.13.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "stackable-ultimate-gutenberg-blocks 3.13.7 Unauthenticated.CSS.Injection MEDIUM" "stackable-ultimate-gutenberg-blocks 3.13.2 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "stackable-ultimate-gutenberg-blocks 3.12.12 Contributor+.Stored.XSS.via.Posts.Block MEDIUM" "stackable-ultimate-gutenberg-blocks 3.9.1 Reflected.Cross-Site.Scripting MEDIUM" "stackable-ultimate-gutenberg-blocks 3.1.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "stock-market-charts-from-finviz 1.0.2 Admin+.Stored.XSS LOW" "sitepact-klaviyo-contact-form-7 3.0.0 Unauthenticated.SQL.Injection HIGH" "spiffy-calendar 4.9.14 Reflected.Cross-Site.Scripting MEDIUM" "spiffy-calendar 4.9.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "spiffy-calendar 4.9.13 Authenticated.(Admin+).SQL.Injection MEDIUM" "spiffy-calendar 4.9.12 Authenticated.(Administrator+).SQL.Injection CRITICAL" "spiffy-calendar 4.9.11 Missing.Authorization MEDIUM" "spiffy-calendar 4.9.10 Reflected.Cross-Site.Scripting MEDIUM" "spiffy-calendar 4.9.9 Broken.Access.Control LOW" "spiffy-calendar 4.9.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "spiffy-calendar 4.9.4 Reflected.XSS MEDIUM" "spiffy-calendar 4.9.2 SQL.Injection HIGH" "spiffy-calendar 4.9.1 Arbitrary.Event.Deletion.via.CSRF MEDIUM" "spiffy-calendar 4.9.1 Subscriber+.Arbitrary.Event.Edition/Deletion.via.IDOR MEDIUM" "spiffy-calendar 3.3.0 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "shopper 3.2.6 Unauthenticated.SQL.Injection HIGH" "sp-blog-designer No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "sp-blog-designer No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "simple-local-avatars 2.8.0 Missing.Authorization.to.Authenticated.(Subscriber+).User.Cache.Clearing MEDIUM" "simple-local-avatars 2.7.11 Cross-Site.Request.Forgery.via.save_default_avatar_file_id() MEDIUM" "simple-image-popup 2.5.3 Admin+.Stored.XSS LOW" "simple-image-popup 2.0.0 Admin+.Stored.XSS LOW" "storecontrl-wp-connection 4.1.4 Unauthenticated.Arbitrary.File.Download HIGH" "shalom-world-media-gallery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sb-random-posts-widget 1.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "streamweasels-youtube-integration 1.3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "streamweasels-youtube-integration 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sw-youtube-embed.Shortcode MEDIUM" "seed-fonts 2.4.0 Admin+.Stored.XSS LOW" "ship-per-product No.known.fix Missing.Authorization MEDIUM" "suki-sites-import No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "surbma-premium-wp 10.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "smartarget-message-bar No.known.fix Admin+.Stored.XSS LOW" "subscribers-text-counter 1.7.1 Settings.Update.via.CSRF.to.Stored.XSS HIGH" "s3bubble-amazon-s3-audio-streaming No.known.fix Arbitrary.File.Download HIGH" "social2blog No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "shipdeo-woo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "smart-scroll-posts 2.0.9 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "sitekit 1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sitekit 1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "sitekit 1.4 Contributor+.Stored.XSS MEDIUM" "sitekit 1.5 Contributor+.Stored.XSS MEDIUM" "seo-simple-pack 3.3.0 Information.Exposure MEDIUM" "simple-calendar-for-elementor 1.6.6 Cross-Site.Request.Forgery MEDIUM" "simple-calendar-for-elementor 1.6.5 Cross-Site.Request.Forgery MEDIUM" "security-antivirus-firewall No.known.fix IP.Address.Spoofing.to.Protection.Mechanism.Bypass MEDIUM" "smtp-amazon-ses 1.9 Unauthenticated.Stored.Cross-Site.Scripting.via.Email.Logs HIGH" "smtp-amazon-ses 1.9 Unauthenticated.Stored.Cross-Site.Scripting.via.Email.Logs HIGH" "site-audit No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "slide-banners No.known.fix Missing.Authorization MEDIUM" "simple-contact-forms No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "shopkeeper-extender 3.7 Contributor+.Stored.XSS MEDIUM" "social-media-engine No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shortpixel-critical-css 1.0.3 Missing.Authorization MEDIUM" "shopready-elementor-addon No.known.fix Contributor+.Local.File.Inclusion MEDIUM" "spider-faq No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sync-post-with-other-site 1.7 Missing.Authorization.to.Authenticated.(Subscriber+).Post.Creation.and.Update MEDIUM" "sync-post-with-other-site 1.5.2 Cross-Site.Request.Forgery MEDIUM" "sikshya 0.0.22 Reflected.Cross-Site.Scripting MEDIUM" "sikshya 0.0.22 Reflected.Cross-Site.Scripting.via.page.Parameter MEDIUM" "sp-rental-manager No.known.fix Unauthenticated.SQL.Injection HIGH" "singsong No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "simpul-events-by-esotech No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "support-svg 1.1.1 .Authenticated.(Author+).Stored.Cross-site.Scripting.via.SVG.File.Upload MEDIUM" "support-svg 1.1.0 Stored.XSS.via.SVG.Upload MEDIUM" "slider-factory 1.3.6 Subscriber+.Arbitrary.Post.Access MEDIUM" "slider-factory 1.3.2 Slider.Clone/Save/Delete.via.CSRF MEDIUM" "svt-simple No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "spiraclethemes-site-library No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simplegmaps No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "seraphinite-discount-for-woocommerce 2.4.7 Reflected.Cross-Site.Scripting MEDIUM" "social-sharing-toolkit No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "simple-project-managment No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "scrollsequence 1.5.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "scrollsequence 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "scrollsequence 1.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "superior-faq No.known.fix CSRF MEDIUM" "sb-elementor-contact-form-db 1.8.0 Reflected.Cross-Site.Scripting MEDIUM" "sb-elementor-contact-form-db 1.6 Plugin.Settings.Cross-Site.Request.Forgery MEDIUM" "sb-elementor-contact-form-db 1.6 Unauthenticated.&.Unauthorised.Form.Submissions.Export HIGH" "spotify-play-button-for-wordpress 2.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.spotifyplaybutton.Shortcode MEDIUM" "spotify-play-button-for-wordpress 2.11 Settings.Update.via.CSRF MEDIUM" "spotify-play-button-for-wordpress 2.08 Admin+.Stored.XSS LOW" "spotify-play-button-for-wordpress 2.06 Contributor+.Stored.XSS MEDIUM" "simple-membership-wp-user-import 1.8 Admin+.SQLi MEDIUM" "shopp No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "seo-local-rank 2.2.4 Unauthenticated.Arbitrary.File.Access.via.Path.Traversal HIGH" "scrollbar-customizer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "shopping-pages No.known.fix Stored.XSS.via.CSRF HIGH" "slickquiz No.known.fix Unauthenticated.Stored.XSS MEDIUM" "slickquiz No.known.fix Authenticated.SQL.Injection HIGH" "simple-post No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "sassy-social-share 3.3.76 Reflected.Cross-Site.Scripting.via.'heateor_mastodon_share'.Parameter MEDIUM" "sassy-social-share 3.3.74 Open.Redirect MEDIUM" "sassy-social-share 3.3.70 Reflected.Cross-Site.Scripting.via.heateor_mastodon_share.Parameter MEDIUM" "sassy-social-share 3.3.63 Sassy.social.share.<.3,3,63.Admin+.Stored.Cross-Site.scripting LOW" "sassy-social-share 3.3.61 Contributor+.Stored.XSS MEDIUM" "sassy-social-share 3.3.59 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "sassy-social-share 3.3.57 Contributor+.Stored.XSS MEDIUM" "sassy-social-share 3.3.45 Contributor+.Stored.XSS MEDIUM" "sassy-social-share 3.3.40 Reflected.Cross-Site.Scripting MEDIUM" "sassy-social-share 3.3.24 Missing.Access.Controls.to.PHP.Object.Injection MEDIUM" "scss-library No.known.fix Cross-Site.Request.Forgery MEDIUM" "st-gallery-wp No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "serped-net No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "serped-net 4.6 Authenticated.(Contributor+).SQL.Injection MEDIUM" "simpleschema-free No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "stock-sync-for-woocommerce 2.4.1 Reflected.XSS HIGH" "sequel No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "super-seo-content-cloner 1.0.2 Missing.Authorization MEDIUM" "smartemailing 2.2.6 Reflected.Cross-Site.Scripting MEDIUM" "shortcode-menu No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "service-boxs 2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sf-booking 6.0 Unauthenticated.Privilege.Escalation.via.'nsl_registration_store_extra_input' CRITICAL" "sf-booking 5.1 Unauthenticated.Privilege.Escalation.via.Account.Takeover CRITICAL" "sf-booking 3.2 Unauthenticated.Local.File.Disclosure HIGH" "slider-comparison-image-before-and-after No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "social-crowd No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "suremembers 1.10.7 Sensitive.Information.Exposure MEDIUM" "service-updates-for-customers No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "stop-wp-emails-going-to-spam 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "smart-cookie-kit 2.3.2 Contributor+.Stored.XSS MEDIUM" "super-testimonial 4.0.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "super-testimonial 3.0.9 Reflected.Cross-Site.Scripting MEDIUM" "super-testimonial 3.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "super-testimonial 3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "super-testimonial 2.7 Admin+.Stored.Cross-Site.Scripting LOW" "super-testimonial 2.7 Admin+.Stored.Cross-Site.Scripting LOW" "shopconstruct No.known.fix Admin+.Stored.XSS LOW" "stars-smtp-mailer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "stars-smtp-mailer No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "scoutnet-kalender No.known.fix Stored.Cross-Site.Scripting.(XSS) MEDIUM" "syncfields No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-spoiler No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-spoiler 1.4 1.3.-.Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "simple-spoiler 1.3 Admin+.Stored.XSS LOW" "soundy-background-music No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "social-media-buttons-toolbar No.known.fix Admin+.Stored.XSS MEDIUM" "shopsite-plugin 1.5.11 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "seo-wizard No.known.fix Unauthorised.AJAX.Calls HIGH" "seo-wizard No.known.fix Unauthorised.robots.txt.&..htaccess.Edit.via.CSRF HIGH" "stetic 1.0.9 CSRF.to.Stored.Cross-Site.Scripting HIGH" "simple-presenter 1.5.2 Reflected.Cross-Site.Scripting MEDIUM" "sis-handball No.known.fix Settings.Update.via.CSRF MEDIUM" "sureforms 1.4.4 Admin+.Stored.XSS LOW" "sureforms 1.4.4 Admin+.Stored.XSS LOW" "sureforms 1.4.4 Contributor+.Settings.Update MEDIUM" "sureforms 1.2.3 Missing.Authorization.to.Unauthenticated.Protected.Post.Disclosure MEDIUM" "skip-to No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "smart-blocks 2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sogrid 1.5.5 Cross-Site.Request.Forgery.to.Arbitrary.Options.Update HIGH" "sogrid 1.5.7 Unauthenticated.Local.File.Inclusion CRITICAL" "sogrid 1.5.7 Authenticated.(Admin+).Local.File.Inclusion HIGH" "showhide-shortcode 1.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "similar-posts No.known.fix Admin+.Stored.XSS LOW" "similar-posts 3.1.6 Admin+.Arbitrary.PHP.Code.Execution HIGH" "sidebar-manager 1.1.4 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "sidebar-manager 1.1.5 Cross-Site.Request.Forgery MEDIUM" "simple-google-icalendar-widget 2.6.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "splash-header 1.20.8 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "smartsupp-live-chat 3.7 Cross-Site.Request.Forgery MEDIUM" "smooth-page-scroll-updown-buttons 1.4.1 Authenticated.Stored.XSS.via.psb_positioning LOW" "smooth-page-scroll-updown-buttons 1.4 Authenticated.Stored.XSS MEDIUM" "secupress-pro 2.0 Unauthenticated.Arbitrary.IP.Ban MEDIUM" "searchterms-tagging-2 No.known.fix XSS.&.Authenticated.SQL.Injection HIGH" "ssl-zen 4.6.0 Unauthenticated.Private.Keys.Access MEDIUM" "ssl-zen 4.5.2 Reflected.Cross-Site.Scripting MEDIUM" "ssl-zen 4.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "similarity No.known.fix Plugin.Reset.via.CSRF MEDIUM" "similarity No.known.fix Stored.XSS.via.CSRF HIGH" "simple-custom-post-order 2.5.8 Missing.Authorization MEDIUM" "sip-reviews-shortcode-woocommerce No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "sip-reviews-shortcode-woocommerce No.known.fix Authenticated.(Contributor+).Cross-Site.Scripting MEDIUM" "social-analytics No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "sexy-contact-form 1.0.0 Shell.Upload CRITICAL" "schedule-posts-calendar 5.3 CSRF MEDIUM" "schedule-posts-calendar 5.3 Admin+.Stored.XSS LOW" "simple-embed-code 2.5.1 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "simple-embed-code 2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-embed-code 2.3.7 Authenticated(Contributor+).Denial.of.Service MEDIUM" "simplemap No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "supportboard 3.4.2 Multiple.Authenticated.SQLi HIGH" "supportboard 3.3.6 Arbitrary.File.Deletion.via.CSRF HIGH" "supportboard 3.3.5 Agent+.Stored.Cross-Site.Scripting MEDIUM" "supportboard 3.3.4 Multiple.Unauthenticated.SQL.Injections CRITICAL" "supportboard 1.2.9 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "supportboard 1.2.4 Stored.Cross-Site.Scripting MEDIUM" "spotim-comments 4.0.4 Multiple.Vulnerabilities MEDIUM" "serial-codes-generator-and-validator 2.7.8 Cross-Site.Request.Forgery.via.[placeholder] MEDIUM" "serial-codes-generator-and-validator 2.4.15 Admin+.Stored.XSS LOW" "simple-job-board 2.12.4 Authenticated.(Editor+).PHP.Object.Injection HIGH" "simple-job-board 2.12.2 Admin+.Stored.XSS LOW" "simple-job-board 2.12.6 Unauthenticated.Resumes.Download LOW" "simple-job-board 2.11.1 Unauthenticated.PHP.Object.Injection.via.Job.Application.Fields CRITICAL" "simple-job-board 2.11.0 Missing.Authorization.to.Unauthenticated.Information.Disclosure MEDIUM" "simple-job-board 2.10.7 Cross-Site.Request.Forgery MEDIUM" "simple-job-board 2.10.6 Missing.Authorization MEDIUM" "simple-job-board 2.10.4 Settings.Update.via.CSRF MEDIUM" "simple-job-board 2.10.0 Resume.Disclosure.via.Directory.Listing MEDIUM" "simple-job-board 2.9.5 Admin+.Stored.Cross-Site.Scripting LOW" "simple-job-board 2.9.4 Authenticated.Path.Traversal.Leading.to.Arbitrary.File.Download HIGH" "simple-job-board 2.4.4 Reflected.XSS MEDIUM" "security-safe 2.5.2 Reflected.Cross-Site.Scripting MEDIUM" "security-safe 2.4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "seo-meta-tags No.known.fix Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "social-link-pages No.known.fix Missing.Authorization.to.Arbitrary.Page.Creation.and.Cross-Site.Scripting HIGH" "subscriber 1.3.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "sharethis-share-buttons 2.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sharethis-inline-buttons.Shortcode MEDIUM" "secondary-title 2.1.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "stop-comment-spam 0.5.4 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "social-login-lite-for-woocommerce No.known.fix Authentication.Bypass CRITICAL" "sort-searchresult-by-title 11.0 CSRF MEDIUM" "securimage-wp-fixed No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "smartcrawl-seo 3.10.9 Unauthenticated.Full.Path.Disclosure MEDIUM" "smartcrawl-seo 3.10.3 Missing.Authorization MEDIUM" "smartcrawl-seo 3.8.3 Unauthenticated.Password.Protected.Post.Disclosure MEDIUM" "slick-popup 1.7.15 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "slick-popup 1.7.2 Privilege.Escalation HIGH" "smart-scroll-to-top-lite 1.0.4 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "simpleshop-cz 2.10.3 Missing.Authorization MEDIUM" "simpleshop-cz 2.10.1 Cross-Site.Request.Forgery MEDIUM" "show-all-comments-in-one-page No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "show-all-comments-in-one-page 7.0.1 Reflected.XSS HIGH" "simple-auto-tag No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "smart-agenda-prise-de-rendez-vous-en-ligne 4.8 Stored.XSS.via.CSRF HIGH" "smart-agenda-prise-de-rendez-vous-en-ligne 4.8 Stored.XSS.via.CSRF HIGH" "smart-agenda-prise-de-rendez-vous-en-ligne 4.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simpleform No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "search-exclude 2.5.0 Missing.Authorization.to.Unauthenticated.Plugin.Settings.Modification MEDIUM" "search-exclude 1.2.7 Author+.Stored.Cross-Site.Scripting MEDIUM" "search-exclude 1.2.4 Arbitrary.Settings.Change HIGH" "smartpay No.known.fix 2.7.13.-.Authenticated.(Subscriber+).Information.Exposure MEDIUM" "svs-pricing-tables No.known.fix Cross-Site.Request.Forgery.to.Pricing.Table.Edit/Creation MEDIUM" "svs-pricing-tables No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "svs-pricing-tables No.known.fix Cross-Site.Request.Forgery.to.Pricing.Table.Deletion MEDIUM" "selection-lite 1.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "selection-lite 1.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-image-popup-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "swifty-bar 1.2.11 Admin+.Stored.XSS LOW" "simple-cloudflare-turnstile 1.23.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "surbma-salesautopilot-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "side-menu 3.1.5 Authenticated.(admin+).SQL.Injection HIGH" "smart-donations No.known.fix Cross-Site.Request.Forgery MEDIUM" "smart-donations No.known.fix Smart.Donations.<=.4.0.12.-.Stored.XSS.via.CSRF HIGH" "smart-donations No.known.fix Smart.Donations.<=.4.0.12.-.Admin+.SQLi MEDIUM" "smart-donations No.known.fix Smart.Donations.<=.4.0.12.-.Reflected.XSS HIGH" "si-contact-form 4.0.38 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "social-autho-bio No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "security-malware-firewall 2.150 Unauthenticated.Arbitrary.File.Upload CRITICAL" "security-malware-firewall 2.145.1 Authorization.Bypass.via.Reverse.DNS.Spoofing.to.Unauthenticated.SQL.Injection HIGH" "security-malware-firewall 2.121 IP.Spoofing MEDIUM" "security-malware-firewall 2.51 Security.Nonce.Leak.leading.to.Unauthorised.AJAX.call HIGH" "shipping-labels-for-woo 2.3.9 Authenticated.(Shop.Manager+).Stored.Cross-Site.Scripting LOW" "style-manager No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "so-widgets-bundle 1.64.1 Missing.Authorization LOW" "so-widgets-bundle 1.62.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.in.Image.Grid.widget MEDIUM" "so-widgets-bundle 1.62.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.SiteOrigin.Blog.Widget MEDIUM" "so-widgets-bundle 1.61.0 Contributor+.Stored.XSS.via.siteorigin_widget.Shortcode MEDIUM" "so-widgets-bundle 1.58.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "so-widgets-bundle 1.58.4 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "so-widgets-bundle 1.58.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "so-widgets-bundle 1.58.2 Contributor+.Stored.XSS MEDIUM" "so-widgets-bundle 1.51.0 Admin+.Local.File.Inclusion MEDIUM" "simple-code-insert-shortcode No.known.fix Authenticated.(Contributor+).SQL.Injection HIGH" "shortpixel-adaptive-images 3.10.1 Missing.Authorization MEDIUM" "shortpixel-adaptive-images 3.8.4 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "shortpixel-adaptive-images 3.8.4 Cross-Site.Request.Forgery MEDIUM" "shortpixel-adaptive-images 3.8.3 Missing.Authorization.in.activate_ai_handler.and.deactivate_ai_handler MEDIUM" "shortpixel-adaptive-images 3.7.2 Settings.Update.via.CSRF MEDIUM" "shortpixel-adaptive-images 3.6.3 Reflected.XSS HIGH" "shortpixel-adaptive-images 3.4.0 Subscriber+.Arbitrary.Settings.Update MEDIUM" "smart-protect No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "smart-protect No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "storekeeper-for-woocommerce No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "shortcode-for-current-date 2.1.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "salon-booking-system No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.Post/Page.Deletion MEDIUM" "salon-booking-system No.known.fix Missing.Authorization MEDIUM" "salon-booking-system 10.15 Authenticated.Privilege.Escalation HIGH" "salon-booking-system 10.9.1 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "salon-booking-system 1.9.4 Admin+.Stored.XSS LOW" "salon-booking-system 10.9 Unauthenticated.Open.Redirect MEDIUM" "salon-booking-system 10.8 Authenticated.(Administrator+).SQL.Injection CRITICAL" "salon-booking-system 10.3 Unauthenticated.Arbitrary.File.Upload CRITICAL" "salon-booking-system 10.0 Missing.Authorization MEDIUM" "salon-booking-system 10.0 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "salon-booking-system 9.6.6 Settings.Update.via.CSRF MEDIUM" "salon-booking-system 9.6.6 Editor+.Stored.XSS LOW" "salon-booking-system 9.6.6 Editor+.Stored.XSS.via.Email.Settings LOW" "salon-booking-system 9.5.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "salon-booking-system 9.6.3 Unauthenticated.Stored.XSS HIGH" "salon-booking-system 9.6.3 Unauthenticated.Stored.XSS HIGH" "salon-booking-system 8.7 Authenticated.(Editor+).Privilege.Escalation HIGH" "salon-booking-system 8.4.9 Reflected.Cross-Site.Scripting MEDIUM" "salon-booking-system 8.4.8 User.Role.change.via.CSRF MEDIUM" "salon-booking-system 7.9.4 Reflected.Cross-Site.Scripting MEDIUM" "salon-booking-system 7.6.3 Customer+.Bookings/Customers.Data.Disclosure HIGH" "salon-booking-system 7.6.3 Unauthenticated.Sensitive.Data.Disclosure MEDIUM" "salon-booking-system 7.6.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "salon-booking-system 6.3.1 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "strategery-migrations No.known.fix Unauthenticated.Arbitrary.File.Deletion HIGH" "simple-gallery-odihost No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-gallery-odihost No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "shortcode-imdb No.known.fix Cross-Site.Request.Forgery MEDIUM" "shortcode-imdb No.known.fix Admin+.SQLi MEDIUM" "ssv-mailchimp No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "sell-with-razorpay No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "scripts-organizer 3.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "shortcode-ninja No.known.fix Unauthenticated.Reflected.XSS MEDIUM" "server-info No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "server-info 0.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "save-grab No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "save-grab No.known.fix Cross-Site.Request.Forgery MEDIUM" "story-chief 1.0.31 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "story-chief 1.0.31 Reflected.Cross-Site.Scripting.(XSS) HIGH" "swiftxr-3darvr-viewer No.known.fix Cross-Site.Request.Forgery MEDIUM" "squirrly-seo 12.4.06 Authenticated.(Contributor+).SQL.Injection MEDIUM" "squirrly-seo 12.4.06 Authenticated.(Subscriber+).SQL.Injection.via.search.Parameter MEDIUM" "squirrly-seo 12.4.08 Missing.Authorization MEDIUM" "squirrly-seo 12.3.21 Editor+.Stored.XSS LOW" "squirrly-seo 12.3.20 Contributor+.SQL.Injection.via.url.Parameter MEDIUM" "squirrly-seo 12.3.17 Reflected.Cross-Site.Scripting HIGH" "squirrly-seo 12.3.16 Admin+.Stored.XSS LOW" "squirrly-seo 12.1.21 Missing.Authorization MEDIUM" "squirrly-seo 12.1.21 Reflected.Cross-Site.Scripting HIGH" "squirrly-seo 12.1.11 Contributor+.Arbitrary.File.Upload CRITICAL" "squirrly-seo 11.1.12 Reflected.Cross-Site.Scripting MEDIUM" "seraphinite-accelerator 2.27.22 Cross-Site.Request.Forgery.to.Multiple.Administrative.Actions MEDIUM" "seraphinite-accelerator 2.22.16 Authenticated.(Subscriber+).Information.Exposure MEDIUM" "seraphinite-accelerator 2.21 Authenticated.(Subscriber+).Server-Side.Request.Forgery.in.OnAdminApi_HtmlCheck MEDIUM" "seraphinite-accelerator 2.20.48 Unauthenticated.Sensitive.Information.Exposure.via.Log.File MEDIUM" "seraphinite-accelerator 2.20.29 Reflected.Cross-Site.Scripting.via.rt MEDIUM" "seraphinite-accelerator 2.20.32 Unauthorised.Settings.Reset/Import MEDIUM" "seraphinite-accelerator 2.2.29 Authenticated.Arbitrary.Redirect MEDIUM" "seraphinite-accelerator 2.2.29 Reflected.XSS HIGH" "south-pole-the-offset-movement No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "south-pole-the-offset-movement 1.0.2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-al-slider No.known.fix Reflected.XSS HIGH" "speed-booster-pack 4.3.3.1 Admin+.SQL.Injection MEDIUM" "speed-booster-pack 4.2.0 Authenticated.(admin+).RCE CRITICAL" "supersaas-appointment-scheduling 2.1.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.after.Parameter MEDIUM" "supersaas-appointment-scheduling 2.1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-custom-website-data No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-custom-admin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "spam-stopper No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "surly No.known.fix Missing.Authorization MEDIUM" "sitesupercharger 5.2.0 Unauthenticated.SQLi HIGH" "social-warfare 4.5.6 Contributor+.Stored.XSS MEDIUM" "social-warfare 4.4.7.3 Injected.Backdoor CRITICAL" "social-warfare 4.4.6 Cross-Site.Request.Forgery MEDIUM" "social-warfare 4.4.6.2 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "social-warfare 4.4.4 Social.Warfare.<.4.4.4.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "social-warfare 4.3.1 Subscriber+.Post.Meta.Deletion MEDIUM" "social-warfare 4.4.0 Post.Meta.Deletion.via.CSRF MEDIUM" "social-warfare 3.5.3 Unauthenticated.Remote.Code.Execution.(RCE) MEDIUM" "stax-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "seedprod-coming-soon-pro-5 6.18.14 Authenticated.(Editor+).Remote.Code.Execution HIGH" "seedprod-coming-soon-pro-5 6.18.13 Authenticated.(Editor+).SQL.Injection MEDIUM" "seedprod-coming-soon-pro-5 6.18.13 Authenticated.(Administrator+).SQL.Injection MEDIUM" "screenshot-machine-shortcode 3.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "slideshow-gallery 1.8.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "slideshow-gallery 1.8.2 Authenticated.(Contributor+).SQL.Injection HIGH" "slideshow-gallery 1.8.1 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "slideshow-gallery 1.7.9 Contributor+.SQLi MEDIUM" "slideshow-gallery 1.7.9 Settings.Reset.via.CSRF MEDIUM" "slideshow-gallery 1.7.4 Admin+.Stored.Cross-Site.Scripting LOW" "slideshow-gallery 1.6.9 XSS.and.SQLi CRITICAL" "slideshow-gallery 1.6.6 Multiple.Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "smart-logo-showcase-lite No.known.fix Contributor+.Stored.XSS MEDIUM" "smart-logo-showcase-lite 1.1.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "section-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "section-slider No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "section-slider No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "scrollup No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sp-announcement 2.0.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "super-static-cache No.known.fix Cross-Site.Request.Forgery MEDIUM" "super-notes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "super-notes No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "staging-cdn No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simplelightbox No.known.fix Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.SimpleLightbox.JavaScript.Library MEDIUM" "social-link-groups No.known.fix Authenticated.(Contributor+).SQL.Injection HIGH" "slideshow-ck 1.4.10 Admin+.Stored.Cross-Site.Scripting LOW" "sharebar No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "sharebar 1.2.2 SQL.Injection.&.Cross.Site.Scripting CRITICAL" "share-this-image 2.02 Reflected.Cross-Site.Scripting MEDIUM" "share-this-image 2.04 Open.Redirect.via.link.Parameter HIGH" "share-this-image 2.03 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.STI.Buttons.Shortcode MEDIUM" "share-this-image 2.02 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.alignment.Parameter MEDIUM" "share-this-image 1.99 Open.Redirect MEDIUM" "share-this-image 1.81 Reflected.Cross-Site.Scripting MEDIUM" "share-this-image 1.67 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "share-this-image 1.20 Stored.XSS MEDIUM" "slicko-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "slick-sitemap No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "streamweasels-twitch-integration 1.8.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sw-twitch-embed.Shortcode MEDIUM" "streamweasels-twitch-integration 1.8.0 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "streamweasels-twitch-integration 1.7.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "streamweasels-twitch-integration 1.3.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sermon-browser No.known.fix Arbitrary.File.Upload.via.CSRF MEDIUM" "sermon-browser 0.45.16 Multiple.XSS MEDIUM" "simple-cart-solution No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-cart-solution 1.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "svg-captcha No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sendsms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "stray-quotes No.known.fix Reflected.XSS HIGH" "stray-quotes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "site-mode No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "spice-starter-sites No.known.fix Missing.Authorization.to.Unauthenticated.Demo.Content.Import MEDIUM" "spice-starter-sites No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "spice-starter-sites 1.1 Reflected.Cross-Site.Scripting MEDIUM" "skt-addons-for-elementor 3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "skt-addons-for-elementor 3.4 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "skt-addons-for-elementor 3.2 Contributor+.Stored.XSS MEDIUM" "skt-addons-for-elementor 2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Age.Gate.and.Creative.Slider.Widgets HIGH" "skt-addons-for-elementor 1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Widget.Page.Title MEDIUM" "skt-addons-for-elementor 1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Block MEDIUM" "sola-support-tickets No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Content.Deletion MEDIUM" "sola-support-tickets 3.13 XSS.&.Configuration.Change MEDIUM" "spectra-pro 1.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Block.IDs MEDIUM" "spectra-pro 1.1.6 Authenticated.(Author+).Privilege.Escalation HIGH" "simple-post-series No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "spice-post-slider 2.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "spice-post-slider 2.0.1 Reflected.Cross-Site.Scripting MEDIUM" "simple-amazon-affiliate No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sided No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "special-feed-items No.known.fix Stored.XSS.via.CSRF HIGH" "shortcode-gallery-for-matterport-showcase 2.2.0 Cross-Site.Request.Forgery MEDIUM" "shortcode-gallery-for-matterport-showcase 2.1.7 Reflected.XSS HIGH" "shortcode-gallery-for-matterport-showcase 2.1.8 Contributor+.Stored.XSS.via.shortcode MEDIUM" "shortcode-gallery-for-matterport-showcase 2.1.5 Contributor+.Stored.XSS MEDIUM" "soccer-live-scores No.known.fix Cross-Site.Request.Forgery MEDIUM" "simple-side-tab 2.2.0 Admin+.Stored.XSS LOW" "spreadr-for-woocomerce 1.0.5 Missing.Authorization.to.Arbitrary.Content.Deletion HIGH" "spreadr-for-woocomerce 1.0.5 Missing.Authorization MEDIUM" "showbizpro No.known.fix Shell.Upload CRITICAL" "storefront-footer-text No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "sidebar-adder No.known.fix Reflected.Cross-Site.Scripting HIGH" "seo-meta No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "social-pixel No.known.fix Admin+.Stored.XSS LOW" "skyword-plugin 2.5.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "solar-wizard-lite 1.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-shortcode-buttons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "spark-gf-failed-submissions 1.3.6 Reflected.Cross-Site.Scripting MEDIUM" "simple-media-directory 1.4.4 Contributor+.Stored.XSS MEDIUM" "simple-media-directory 1.4.3 Unauthenticated.SQLi HIGH" "seatreg 1.56.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-social-share-block No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "spacer No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Information.Disclosure LOW" "spacer 3.0.7 Admin+.Stored.XSS LOW" "sitebuilder-dynamic-components No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "sitebuilder-dynamic-components No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "stacks-mobile-app-builder No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "stacks-mobile-app-builder No.known.fix Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "stacks-mobile-app-builder No.known.fix Authentication.Bypass CRITICAL" "stopbadbots 10.24 Missing.Authorization.to.Information.Expsoure MEDIUM" "stopbadbots 7.32 Admin+.Stored.XSS LOW" "stopbadbots 7.24 Subscriber+.Arbitrary.Plugin.Installation HIGH" "stopbadbots 6.930 Unauthenticated.SQLi HIGH" "stopbadbots 6.88 Unauthenticated.SQLi HIGH" "stopbadbots 6.67 Unauthenticated.SQL.Injection CRITICAL" "stopbadbots 6.62 Reflected.Cross-Site.Scripting HIGH" "stopbadbots 6.60 Authenticated.SQL.Injections MEDIUM" "salat-times 3.2.2 Admin+.Stored.Cross-Site.Scripting LOW" "svg-vector-icon-plugin No.known.fix Admin+.Remote.Code.Execution.(RCE) MEDIUM" "svg-vector-icon-plugin 3.2.3 Cross-Site.Request.Forgery.(CSRF).leading.to.RCE HIGH" "siteorigin-panels 2.31.5 Contributor+.Stored.XSS MEDIUM" "siteorigin-panels 2.31.1 Contributor+.Stored.XSS.via.Row.Label.Parameter MEDIUM" "siteorigin-panels 2.29.16 Contributor+.Stored.XSS.via.siteorigin_widget.Shortcode MEDIUM" "siteorigin-panels 2.29.7 Contributor+.Stored.XSS MEDIUM" "siteorigin-panels 2.10.16 CSRF.to.Reflected.Cross-Site.Scripting.(XSS) HIGH" "spoki 2.15.16 Contributor+.Stored.XSS MEDIUM" "salesforce-wordpress-to-candidate No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-business-directory-pro No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "scss-wp-editor No.known.fix Cross-Site.Request.Forgery MEDIUM" "simple-header-and-footer No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "simple-membership 4.6.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "simple-membership 4.5.6 Exposure.of.Private.Personal.Information.to.an.Unauthorized.Actor MEDIUM" "simple-membership 4.5.4 Unauthenticated.Open.Redirect MEDIUM" "simple-membership 4.4.6 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "simple-membership 4.4.4 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "simple-membership 4.4.3 Unauthenticated.Stored.Self-Based.Cross-Site.Scripting MEDIUM" "simple-membership 4.4.2 Open.Redirect MEDIUM" "simple-membership 4.3.9 Reflected.Cross-Site.Scripting.Vulnerability.via.environment_mode MEDIUM" "simple-membership 4.3.5 Privilege.escalation.via.Registration HIGH" "simple-membership 4.3.5 Account.Takeover.via.Password.Reset HIGH" "simple-membership 4.3.6 Reflected.XSS HIGH" "simple-membership 4.2.2 Contributor+.Stored.XSS MEDIUM" "simple-membership 4.1.3 Unauthenticated.Membership.Privilege.Escalation MEDIUM" "simple-membership 4.1.3 Membership.Privilege.Escalation MEDIUM" "simple-membership 4.1.1 Reflected.Cross-Site.Scripting MEDIUM" "simple-membership 4.1.0 Arbitrary.Transaction.Deletion.via.CSRF MEDIUM" "simple-membership 4.0.9 Arbitrary.Member.Deletion.via.CSRF MEDIUM" "simple-membership 4.0.4 Authenticated.SQL.Injections CRITICAL" "simple-membership 3.8.5 Cross-Site.Request.Forgery.(CSRF) HIGH" "simple-membership 3.5.7 XSS MEDIUM" "simple-membership 3.3.3 Multiple.CSRF HIGH" "sv-posts 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "sv-posts 1.8.03 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "siteimprove 2.0.7 Cross-Site.Request.Forgery MEDIUM" "ssl-atlas-free-ssl-certificate-https-redirect 1.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simplebooklet 1.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simplebooklet 1.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "spoontalk-social-media-icons-widget No.known.fix Cross-Site.Request.Forgery MEDIUM" "saksh-escrow-system No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "simple-slider-ssp No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "simple-proxy No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "shortcode-variables 4.1.7 Authenticated.(Subscriber+).Shortcode.Deletion MEDIUM" "shortcode-variables 4.1.5 Cross-Site.Request.Forgery MEDIUM" "sprout-invoices 20.8.2 Missing.Authorization MEDIUM" "sprout-invoices 20.8.1 Insecure.Direct.Object.Reference MEDIUM" "sprout-invoices 20.5.4 Sensitive.Information.Exposure MEDIUM" "sprout-invoices 19.0.1 Reflected.Cross-Site.Scripting MEDIUM" "sprout-invoices 19.9.7 Admin+.Stored.Cross-Site.Scripting LOW" "simple-membership-after-login-redirection 1.7 Open.Redirect MEDIUM" "search-logger No.known.fix Admin+.SQLi MEDIUM" "small-package-quotes-ups-edition 4.5.17 Unauthenticated.SQL.Injection HIGH" "small-package-quotes-usps-edition 1.3.6 Unauthenticated.SQL.Injection HIGH" "staggs 2.12.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "staggs 2.1.0 Reflected.Cross-Site.Scripting MEDIUM" "staggs 1.4.2 Reflected.Cross-Site.Scripting MEDIUM" "simple-gallery-with-filter 2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "save-as-image-by-pdfcrowd 3.2.2 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "save-as-image-by-pdfcrowd 3.2.2 Admin+.Stored.XSS LOW" "save-as-image-by-pdfcrowd 2.16.1 Admin+.Stored.XSS LOW" "simplified-content 1.0.1 XSS MEDIUM" "shipworks-e-commerce-bridge 5.2.6 Cross-Site.Request.Forgery.to.Service.Password/Username.Update MEDIUM" "superb-slideshow-gallery 13.2 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "shine-pdf No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "surveyjs 1.12.33 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "surveyjs No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "surveyjs No.known.fix Missing.Authorization MEDIUM" "surveyjs 1.12.18 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Deletion.via.SurveyJS_DeleteFile HIGH" "surveyjs 1.12.4 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "send-pdf-for-contact-form-7 1.0.2.4 Missing.Authorization MEDIUM" "send-pdf-for-contact-form-7 0.9.9.2 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "software-license-manager 4.5.1 Arbitrary.Domain.Deletion.via.CSRF HIGH" "software-license-manager 4.5.0 Admin+.Stored.Cross-Site.Scripting LOW" "software-license-manager 4.4.8 Reflected.Cross-Site.Scripting HIGH" "software-license-manager 4.4.6 CSRF.to.Stored.XSS HIGH" "simple-table-manager 1.6.1 Admin+.Stored.Cross-Site.Scripting LOW" "sticky-buttons 4.1.2 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "sticky-buttons 3.2.4 Button.Deletion.via.CSRF MEDIUM" "sticky-buttons 3.2.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "sticky-buttons 3.1.1 Reflected.XSS MEDIUM" "swipehq-payment-gateway-wp-e-commerce No.known.fix Multiple.XSS.Issues MEDIUM" "simple-google-sitemap No.known.fix Cross-Site.Request.Forgery MEDIUM" "seo-slider 1.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "squirrly-seo-pack No.known.fix Advanced.Pack.<=.2.3.8.-.Authenticated(Administrator+).SQL.Injection MEDIUM" "safety-exit 1.7.1 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "sp-client-document-manager No.known.fix Authenticated.(Subscriber+).Directory.Traversal MEDIUM" "sp-client-document-manager No.known.fix Authenticated.(Subscriber+).Arbitrary.Folder.Name.Update MEDIUM" "sp-client-document-manager No.known.fix Missing.Authorization MEDIUM" "sp-client-document-manager No.known.fix Subscriber+.File.Download.via.IDOR MEDIUM" "sp-client-document-manager No.known.fix Data.Update.via.IDOR MEDIUM" "sp-client-document-manager No.known.fix Authenticated.(Author+).SQL.Injeciton CRITICAL" "sp-client-document-manager No.known.fix Missing.Authorization.Stored.Cross-Site.Scripting MEDIUM" "sp-client-document-manager 4.70 Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "sp-client-document-manager 4.68 Admin+.Stored.XSS LOW" "sp-client-document-manager 4.68 Subscriber+.SQLi HIGH" "sp-client-document-manager 4.68 Subscriber+.Insecure.Direct.Object.References HIGH" "sp-client-document-manager 4.62 Reflected.Cross-Site.Scripting MEDIUM" "sp-client-document-manager 4.58 Sensitive.File.Disclosure MEDIUM" "sp-client-document-manager 4.26 Reflected.Cross-Site.Scripting HIGH" "sp-client-document-manager 4.24 Subscriber+.Shell.Upload HIGH" "sp-client-document-manager 4.22 Authenticated.Shell.Upload MEDIUM" "statpresscn No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "section-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "section-widget No.known.fix Unauthenticated.Path.Traversal MEDIUM" "specific-content-for-mobile 0.5.4 Missing.Authorization MEDIUM" "specific-content-for-mobile 0.1.9.6 Reflected.Cross-Site.Scripting MEDIUM" "simple-theme-options 1.7 Admin+.Stored.Cross-Site.Scripting LOW" "slivery-extender No.known.fix Authenticated(Contributor+).Remote.Code.Execution.via.shortcode HIGH" "site-is-offline-plugin No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "structured-content 1.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "structured-content 1.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sc_fs_local_business.Shortcode MEDIUM" "structured-content 1.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "structured-content 1.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Classic.Editor.Shortcode MEDIUM" "structured-content 1.6 Contributor+.Stored.XSS MEDIUM" "structured-content 1.6 Contributor+.PHP.Object.Injection HIGH" "structured-content 1.5.1 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "suevafree-essential-kit 1.1.4 Contributor+.Stored.XSS MEDIUM" "slidedeck-lite-for-wordpress No.known.fix Reflected.XSS HIGH" "salon-booking-plugin-pro 7.6.3 Unauthenticated.Sensitive.Data.Disclosure MEDIUM" "salon-booking-plugin-pro 7.6.3 Customer+.Bookings/Customers.Data.Disclosure HIGH" "share-button 1.20 Reflected.Cross-Site.Scripting MEDIUM" "sell-digital-downloads No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shortcode-elementor 1.0.5 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "simple-feature-requests 2.2.5 Reflected.Cross-Site.Scripting MEDIUM" "simple-feature-requests 2.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "svegliat-buttons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "super-simple-subscriptions No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "sumome 1.35 Cross-Site.Request.Forgery MEDIUM" "stops-core-theme-and-plugin-updates 8.0.5 Insufficient.Restrictions.on.Option.Changes MEDIUM" "sticky-menu-or-anything-on-scroll 2.21 CSRF.&.XSS LOW" "scrollrevealjs-effects No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "sheetpress No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sheetpress No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "swifty-page-manager No.known.fix Page.Creation/Deletion.via.CSRF MEDIUM" "swifty-page-manager No.known.fix Admin+.Stored.XSS LOW" "smart-agreements 1.0.4 Unauthenticated.Local.File.Inclusion CRITICAL" "simple-basic-contact-form 20250114 Admin+.Stored.XSS LOW" "simple-basic-contact-form 20240511 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "simple-basic-contact-form 20240502 Reflected.Cross-Site.Scripting MEDIUM" "simple-basic-contact-form 20221201 Admin+.Stored.XSS LOW" "stylish-cost-calculator-premium 7.9.0 Unauthenticated.Stored.XSS HIGH" "super-block-slider 2.8 Missing.Authorization MEDIUM" "simple-events-calendar No.known.fix Authenticated.(admin+).SQL.Injection MEDIUM" "slazzer-background-changer No.known.fix Missing.Authorization MEDIUM" "simple-photoswipe No.known.fix Subscriber+.Arbitrary.Settings.Update MEDIUM" "simple-photoswipe No.known.fix Admin+.Stored.XSS LOW" "semalt No.known.fix Admin+.Stored.XSS LOW" "seznam-webmaster 1.4.8 Cross-Site.Request.Forgery MEDIUM" "spice-blocks No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "spice-blocks No.known.fix Missing.Authorization MEDIUM" "spice-blocks 1.3 Reflected.Cross-Site.Scripting MEDIUM" "shopwarden 1.0.12 Cross-Site.Request.Forgery.to.Arbitrary.Options.Update HIGH" "solace-extra 1.3.2 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "solace-extra 1.3.2 Subscriber+.Arbitrary.File.Upload HIGH" "solace-extra 1.3.1 Subscriber+.Arbitrary.File.Upload HIGH" "sender-net-automated-emails 2.6.16 Reflected.Cross-Site.Scripting MEDIUM" "sender-net-automated-emails 2.6.19 Cross-Site.Request.Forgery MEDIUM" "stafflist No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "stafflist No.known.fix Missing.Authorization MEDIUM" "stafflist 3.2.4 Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "stafflist 3.1.7 Reflected.Cross-Site.Scripting MEDIUM" "stafflist 3.1.6 Reflected.Cross-Site.Scripting MEDIUM" "stafflist 3.1.5 Admin+.SQLi MEDIUM" "stafflist 3.1.6 Arbitrary.Staff.Deletion.via.CSRF MEDIUM" "seo-301-meta No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "service-booking-manager No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "simple-lightbox-gallery No.known.fix Author+.Stored.XSS MEDIUM" "simple-lightbox-gallery 1.10.0 .Contributor+.PHP.Object.Injection MEDIUM" "swiss-toolkit-for-wp No.known.fix Missing.Authorization MEDIUM" "swiss-toolkit-for-wp 1.4.1 Missing.Authorization MEDIUM" "swiss-toolkit-for-wp 1.0.8 Contributor+.Authentication.Bypass HIGH" "searchie No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-testimonials-showcase No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "simple-testimonials-showcase No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-testimonials-showcase No.known.fix Cross-Site.Request.Forgery MEDIUM" "simple-fields No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "simple-fields 1.4.11 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "seo-blogger-to-wordpress-301-redirector No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "seraphinite-accelerator-ext 2.22.16 Authenticated.(Subscriber+).Information.Exposure MEDIUM" "seraphinite-accelerator-ext 2.21.13.1 Cross-Site.Request.Forgery.to.Arbitrary.File.Deletion MEDIUM" "spatialmatch-free-lifestyle-search No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "spatialmatch-free-lifestyle-search No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "simplemodal-contact-form-smcf No.known.fix Admin+.Stored.XSS LOW" "server-status-by-hostnameip No.known.fix Authenticated.SQL.Injection HIGH" "simple-business-manager No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "stream 4.1.0 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "stream 4.0.2 Cross-Site.Request.Forgery.to.Arbitrary.Options.Update HIGH" "stream 3.9.3 Missing.Authorization.via.load_alerts_settings MEDIUM" "stream 3.9.3 CSRF MEDIUM" "stream 3.9.2 Subscriber+.Alert.Creation MEDIUM" "stream 3.8.2 Admin+.SQL.Injection MEDIUM" "starter-templates No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.Plugin.Installation MEDIUM" "starter-templates No.known.fix Unauthenticated.Blind.Server-Side.Request.Forgery MEDIUM" "salert 1.2.2 Subscriber+.Missing.Authorization MEDIUM" "salert 1.2.2 Reflected.XSS HIGH" "skt-blocks 2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "skt-blocks 2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "skt-blocks 1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "skt-blocks 2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "skt-blocks 1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "skt-blocks 1.7 Contributor+.Stored.XSS MEDIUM" "sv-media-library 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "sv-media-library 1.8.01 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "soundcloud-ultimate No.known.fix Cross-Site.Request.Forgery MEDIUM" "simple-baseball-scoreboard No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "seo-by-10web No.known.fix Reflected.XSS HIGH" "seo-by-10web 1.2.7 Admin+.Stored.XSS LOW" "shortcodes-ui No.known.fix Contributor+.Stored.XSS MEDIUM" "shortcodes-ui No.known.fix CSRF MEDIUM" "slp-gravity-forms-locations No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "slp-gravity-forms-locations 5.9.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sinking-dropdowns No.known.fix Cross-Site.Request.Forgery HIGH" "scripts-n-styles 3.5.8 Admin+.Stored.XSS LOW" "shipping-manager-for-woocommerce 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "shipping-manager-for-woocommerce 1.3.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-org-chart 2.3.5 Unauthenticated.Tree.Settings.Update MEDIUM" "simple-org-chart 2.3.5 Settings.Update.via.CSRF MEDIUM" "stm-motors-events No.known.fix Events.<=.1.4.7.-.Unauthenticated.Local.File.Inclusion CRITICAL" "smartlink-dinamic-urls 1.1.1 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "soliloquy-lite 2.7.7 Missing.Authorization.to.Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "soliloquy-lite 2.7.3 Subscriber+.Slider.Data.Access MEDIUM" "set-admin-colour-on-staging-and-dev No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "set-admin-colour-on-staging-and-dev No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "scroll-post-excerpt No.known.fix Admin+.Stored.XSS LOW" "shortcode-collection No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "super-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "seo-booster 3.8.10 Cross-Site.Request.Forgery MEDIUM" "seo-booster 3.8.9 Reflected.Cross-Site.Scripting MEDIUM" "seo-booster 3.8.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "seo-booster 3.8 Admin+.SQL.Injection MEDIUM" "shortcodes-ultimate 7.4.0 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 7.3.4 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 7.3.0 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "shortcodes-ultimate 7.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.su_lightbox.Shortcode MEDIUM" "shortcodes-ultimate 7.1.6 Contributor+.Stored.XSS.via.su_members.Shortcode MEDIUM" "shortcodes-ultimate 7.1.3 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 7.1.2 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 7.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.su_lightbox MEDIUM" "shortcodes-ultimate 7.1.0 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 7.0.5 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 7.0.5 Contributor+.Stored.Cross-Site.Scripting.via.'note_color'.Shortcode MEDIUM" "shortcodes-ultimate 7.0.4 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 7.0.3 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 7.0.2 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "shortcodes-ultimate 7.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shortcodes-ultimate 7.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shortcodes-ultimate 7.0.0 Insecure.Direct.Object.Reference.to.Information.Disclosure MEDIUM" "shortcodes-ultimate 5.13.1 Reflected.Cross-Site.Scripting MEDIUM" "shortcodes-ultimate 5.12.8 Subscriber+.Arbitrary.Post.Access MEDIUM" "shortcodes-ultimate 5.12.8 Subscriber+.User.Meta.Disclosure MEDIUM" "shortcodes-ultimate 5.12.7 Subscriber+.SSRF MEDIUM" "shortcodes-ultimate 5.12.7 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 5.12.7 Subscriber+.Arbitrary.File.Access MEDIUM" "shortcodes-ultimate 5.12.1 Stored.XSS.via.CSRF MEDIUM" "shortcodes-ultimate 5.12.1 Settings.Preset.Update.via.CSRF MEDIUM" "shortcodes-ultimate 5.10.2 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 5.0.1 Authenticated.Contributor.Code.Execution CRITICAL" "shortcodes-ultimate 4.10.0 Authenticated.Directory.Traversal MEDIUM" "simple-jwt-login 3.2.1 Arbitrary.Settings.Update.to.Site.Takeover.via.CSRF HIGH" "simple-jwt-login 3.3.0 Insecure.Password.Creation LOW" "smtp-sendinblue 1.3 Unauthenticated.Stored.Cross-Site.Scripting.via.Email.Logs HIGH" "smart-tools-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "smart-tools-for-woocommerce 1.0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sign-up-sheets 2.3.1 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "sign-up-sheets 2.2.13 Reflected.XSS HIGH" "sign-up-sheets 2.2.13 Missing.Authorization MEDIUM" "sign-up-sheets 2.2.12 Cross-Site.Request.Forgery MEDIUM" "sign-up-sheets 2.2.9 Settings.Update/Reset.via.CSRF MEDIUM" "sign-up-sheets 1.0.14 Authenticated.CSV.Injection MEDIUM" "sign-up-sheets 1.0.14 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "stedb-forms No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "seers-cookie-consent-banner-privacy-policy 8.1.1 Cross-Site.Request.Forgery MEDIUM" "seers-cookie-consent-banner-privacy-policy 8.1.2 Unauthenticated.Cookie.Policy.Update MEDIUM" "slider-by-supsystic 1.8.11 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "slider-by-supsystic 1.8.11 Authenticated.(Admin+).SQL.Injection CRITICAL" "slider-by-supsystic 1.8.7 Missing.Authorization MEDIUM" "slider-by-supsystic 1.8.7 CSRF MEDIUM" "sticky-related-posts No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "sloth-logo-customizer No.known.fix Stored.XSS.via.CSRF HIGH" "sandbox No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Sandbox.Download MEDIUM" "sandbox No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-photo-gallery No.known.fix Admin+.SQLi MEDIUM" "skillbars 1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "slideshow-se 2.5.18 Authenticated.(Author+).Limited.Local.File.Inclusion HIGH" "slideshow-se No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "slideshow-se 2.5.6 Subscriber+.Stored.XSS HIGH" "slideshow-se 2.5.6 Author+.Stored.XSS MEDIUM" "sourceplay-navermap No.known.fix Missing.Authorization MEDIUM" "shabbos-and-yom-tov No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "simple-popup-plugin No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-popup-plugin 4.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-popup-plugin 4.5 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "sidebar-content-from-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "soundcloud-is-gold 2.3.2 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "smart-email-alerts No.known.fix Reflected.Cross-Site.Scripting HIGH" "sparrow No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sparrow No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "shipyaari-shipping-managment No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "s-dev-seo No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "stratum 1.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.Vulnerability.via.Image.Hotspot.Widget MEDIUM" "stratum 1.4.5 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Elementor.Templates MEDIUM" "stratum 1.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Widget MEDIUM" "stratum 1.3.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-catalogue No.known.fix Reflected.XSS HIGH" "stylish-cost-calculator 7.0.4 Subscriber+.Unauthorised.AJAX.Calls.to.Stored.XSS HIGH" "sh-email-alert No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "splitit-installment-payments 4.2.9 Missing.Authorization.to.Multiple.Administrative.Actions MEDIUM" "sales-page-addon No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sales-page-addon 1.4.1 Reflected.Cross-Site.Scripting MEDIUM" "sales-page-addon 1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ssv-events No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "slider-path No.known.fix Missing.Authorization MEDIUM" "splashscreen No.known.fix Settings.Update.via.CSRF MEDIUM" "simple-user-listing 1.9.3 Reflected.XSS HIGH" "sg-helper No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "snippy No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "super-progressive-web-apps 2.2.22 Missing.Authorization MEDIUM" "super-progressive-web-apps 2.1.13 Authenticated.(High.Privileged).Arbitrary.File.Upload.to.RCE HIGH" "super-progressive-web-apps 2.1.12 Authenticated.(Low.Privileged).Arbitrary.File.Upload.to.RCE HIGH" "starfish-reviews No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "starfish-reviews 3.1.0 Reflected.Cross-Site.Scripting MEDIUM" "starfish-reviews 3.0.26 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "starfish-reviews 2.0.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "scheduled-notification-bar No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "star-cloudprnt-for-woocommerce 2.0.4 Reflected.XSS HIGH" "star-cloudprnt-for-woocommerce No.known.fix Reflected.XSS HIGH" "string-locator 2.6.7 Unauthenticated.PHP.Object.Injection HIGH" "string-locator 2.6.6 Reflected.Cross-Site.Scripting MEDIUM" "string-locator 2.6.0 Authenticated.PHAR.Deserialization MEDIUM" "string-locator 2.5.0 Admin+.Arbitrary.File.Read LOW" "socialmark No.known.fix Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "socialmark 2.0.7 Reflected.Cross-Site.Scripting MEDIUM" "socialmark 2.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sendpulse-email-marketing-newsletter 2.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sendpulse-email-marketing-newsletter 2.1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "searchiq 4.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "searchiq 4.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "searchiq 4.7 Cross-Site.Request.Forgery MEDIUM" "searchiq 4.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "searchiq 4.6 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "searchiq 4.5 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "searchiq 3.9 Unauthenticated.Stored.XSS HIGH" "smart-countdown-fx No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "subscriptions-renewal-reminders No.known.fix Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "scan-external-links No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "smart-forms No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "smart-forms 2.6.92 Missing.Authorization.to.Notice.Dismissal MEDIUM" "smart-forms 2.6.96 Admin+.Stored.XSS LOW" "smart-forms 2.6.94 Subscriber+.Edit.Entries.via.Broken.Access.Control MEDIUM" "smart-forms 2.6.94 Edit.Entries.via.CSRF MEDIUM" "smart-forms 2.6.87 Subscriber+.Arbitrary.Entry.Deletion MEDIUM" "smart-forms 2.6.85 Subscriber+.Arbitrary.Options.Update HIGH" "smart-forms 2.6.71 Subscriber+.Form.Data.Download MEDIUM" "smart-forms 2.6.16 Cross-Site.Request.Forgery.(CSRF) HIGH" "smsify 6.1.0 Reflected.Cross-Site.Scripting MEDIUM" "simple-keyword-to-link No.known.fix Cross-Site.Request.Forgery MEDIUM" "so-pinyin-slugs 2.3.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "salavat-counter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sticky-ad-bar No.known.fix Admin+.Stored.XSS LOW" "shop-as-a-customer-for-woocommerce 1.2.4 Shop.Manager+.Privilege.Escalation CRITICAL" "shop-as-a-customer-for-woocommerce 1.1.8 Subscriber+.Privilege.Escalation CRITICAL" "social-photo-gallery No.known.fix Remote.Code.Execution.(RCE) HIGH" "sepa-girocode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "so-called-air-quotes No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "simple-owl-carousel No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "soumettre-fr 2.1.4 Missing.Authorization MEDIUM" "stagtools 2.3.8 Reflected.XSS HIGH" "stagtools 2.3.7 Contributor+.Stored.XSS MEDIUM" "supportflow 0.7 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "salvador-ai-image-generator No.known.fix Missing.Authorization MEDIUM" "sell-media No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sell-media 2.5.7.3 CSRF.Bypass MEDIUM" "sell-media 2.4.2 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "salesking 1.6.30 Unauthenticated.Sensitive.Information.Exposure HIGH" "salesking 1.6.30 Unauthenticated.Privilege.Escalation CRITICAL" "salesking 1.6.30 Missing.Authorization.to.Settings.Change MEDIUM" "simple-alert-boxes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Alert.Shortcode MEDIUM" "simple-download-counter 2.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-download-counter 2.1 Authenticated.(Author+).Arbitrary.File.Read MEDIUM" "simple-download-counter 1.6.1 Contributor+.Stored.XSS MEDIUM" "subpage-view No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simplified No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "simple-sortsearch No.known.fix Ccontributor+.Stored.XSS MEDIUM" "simple-goods No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sopa-blackout No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "social-share-with-floating-bar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "stylist No.known.fix Cross-Site.Request.Forgery MEDIUM" "subscribers-com 1.5.4 Free.Web.Push.Notifications.<.1.5.4.-.Admin+.Stored.XSS LOW" "syntaxhighlighter 3.7.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sticky-social-bar No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "salient-core 2.0.8 Authenticated.(Contributor+).Local.File.Inclusion.via.Shortcode HIGH" "salient-core 2.0.3 Reflected.Cross-Site.Scripting MEDIUM" "salient-core 2.0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-lightbox 2.9.4 Contributor+.Stored.XSS MEDIUM" "scribble-maps No.known.fix Reflected.Cross-Site.Scripting HIGH" "social-pug-author-box No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "smart-mockups No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "salt-shaker 1.4.2 Reflected.Cross-Site.Scripting MEDIUM" "social-stickers No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "safe-editor 1.2 Unauthenticated.CSS/JS-injection MEDIUM" "stax-buddy-builder 1.8.0 Contributor+.Post.Disclosure MEDIUM" "simple-event-planner 1.5.5 Contributor+.Stored.XSS LOW" "simple-event-planner 1.5.5 Author+.Stored.Cross-Site.Scripting MEDIUM" "scottcart No.known.fix Unauthenticated.Remote.Code.Execution CRITICAL" "smallerik-file-browser No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "shopperapproved-reviews 2.2 2.1.-..Subscriber+.Arbitrary.Options.Update HIGH" "sip-calculator No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "seatgeek-affiliate-tickets No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "shareaholic 9.7.12 Missing.Authorization.via.accept_terms_of_service MEDIUM" "shareaholic 9.7.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "shareaholic 9.7.6 Information.Disclosure MEDIUM" "setsail-membership 1.1 Authentication.Bypass CRITICAL" "seo-backlink-monitor 1.6.0 Reflected.Cross-Site.Scripting MEDIUM" "sb-core No.known.fix Authentication.Bypass CRITICAL" "shopengine 4.1.2 CSRF MEDIUM" "slideonline No.known.fix Contributor+.Stored.XSS MEDIUM" "simple-content-construction-kit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "social-pug 1.34.4 Admin+.Stored.XSS LOW" "social-pug 1.33.2 PHP.Object.Injection HIGH" "social-pug 1.33.1 Unauthenticated.Password.Protected.Posts.Access MEDIUM" "social-pug 1.32.0 Admin+.Stored.XSS LOW" "social-pug 1.30.1 Missing.Authorization.via.multiple.admin_init.actions MEDIUM" "social-pug 1.19.0 Reflected.Cross-Site.Scripting MEDIUM" "social-pug 1.2.6 Social.Pug.<=.1.2.5.-.Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "simplemodal No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "stockdio-historical-chart 2.8.19 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "stockdio-historical-chart 2.8.1 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "saoshyant-page-builder No.known.fix Missing.Authorization MEDIUM" "stars-menu No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "starbox 3.5.3 Contributor+.Stored.XSS MEDIUM" "starbox 3.5.2 Admin+.Stored.XSS LOW" "starbox 3.5.0 Contributor+.Stored.XSS MEDIUM" "starbox 3.5.0 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.Job.Settings MEDIUM" "starbox 3.5.0 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.Profile.Display.Name.and.Social.Settings MEDIUM" "starbox 3.4.8 Subscriber+.Plugin.Preferences./.User.Settings.Access.via.IDOR MEDIUM" "slider-pro-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "show-visitor-ip-address No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "scratch-win-giveaways-for-website-facebook 2.9.0 Missing.Authorization.to.Unauthenticated.Coupon.Creation MEDIUM" "scratch-win-giveaways-for-website-facebook 2.8.0 Cross-Site.Request.Forgery.via.reset_installation.Function MEDIUM" "scratch-win-giveaways-for-website-facebook 2.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "social-login-bws 0.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "stock-ticker 3.24.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.stock_ticker.Shortcode MEDIUM" "stock-ticker 3.23.5 Authenticated.(Contributor+).Stored.Cross-Site.Scritping MEDIUM" "stock-ticker 3.23.4 Reflected.XSS HIGH" "stock-ticker 3.23.3 Reflected.XSS HIGH" "stock-ticker 3.23.1 Missing.Authorization.in.AJAX.Actions MEDIUM" "streak-crm-for-gmail-integration-for-contact-form-7 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "streak-crm-for-gmail-integration-for-contact-form-7 No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "stock-sync-with-google-sheet-for-woocommerce 3.13.2 Authenticated.(Administrator+).SQL.Injection MEDIUM" "sell-media-file No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sermonaudio-widgets No.known.fix Authenticated.(Contributor+).SQL.Injection HIGH" "seo-checklist No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "seo-checklist No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "seo-site-auditor-agency 1.2.9 Reflected.Cross-Site.Scripting MEDIUM" "seo-site-auditor-agency 1.2.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sitemap-by-click5 1.0.36 Unauthenticated.Arbitrary.Options.Update CRITICAL" "simple-photo-feed 1.4.1 Missing.Authorization MEDIUM" "search-with-typesense 2.0.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "search-with-typesense 2.0.9 Authenticated.(Admin+).Path.Traversal LOW" "simple-google-photos-grid 1.6 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "sendpress No.known.fix Admin+.Stored.XSS.via.Settings LOW" "sendpress No.known.fix Admin+.Stored.XSS.via.Form.Settings LOW" "sendpress No.known.fix Reflected.XSS HIGH" "sendpress 1.23.11.6 Contributor+.Stored.XSS MEDIUM" "sendpress No.known.fix Admin+.Stored.XSS LOW" "sendpress No.known.fix CSRF MEDIUM" "sendpress 1.20.7.13 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "sendpress 1.2 Authenticated.SQL.Injection MEDIUM" "simple-link-directory 8.4.6 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "simple-link-directory 7.7.2 Unauthenticated.SQL.injection HIGH" "simple-link-directory 7.3.5 Cross-Site.Scripting.(XSS) MEDIUM" "smart-custom-fields 5.0.1 Contributor+.Stored.XSS MEDIUM" "smart-custom-fields 5.0.0 Missing.Authorization.to.Authenticated.(Subscriber+).Post.Content.Disclosure MEDIUM" "simple-slug-translate 2.7.3 Admin+.Stored.XSS LOW" "signup-page No.known.fix Unauthenticated.Arbitrary.Options.Update CRITICAL" "slope-widgets 4.2.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "snow-storm 1.4.7 Reflected.Cross-Site.Scripting MEDIUM" "snow-storm 1.4.7 Admin+.Stored.XSS LOW" "simple-blog-stats 20250423 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "smooth-streaming-player No.known.fix Cross-Site.Request.Forgery MEDIUM" "sunshine-photo-cart 3.4.12 Subscriber.Privilege.Escalation HIGH" "sunshine-photo-cart 3.4.11 Unauthenticated.PHP.Object.Injection CRITICAL" "sunshine-photo-cart 3.2.11 Open.Redirect MEDIUM" "sunshine-photo-cart 3.2.10 Missing.Authorization MEDIUM" "sunshine-photo-cart 3.2.9 Missing.Authorization MEDIUM" "sunshine-photo-cart 3.2.10 Missing.Authorization MEDIUM" "sunshine-photo-cart 3.2.6 Reflected.Cross-Site.Scripting MEDIUM" "sunshine-photo-cart 3.2.2 Missing.Authorization MEDIUM" "sunshine-photo-cart 3.1.2 Unauthenticated.PHP.Object.Injection CRITICAL" "sunshine-photo-cart 3.1.2 Reflected.Cross-Site.Scripting MEDIUM" "sunshine-photo-cart 3.1 Unauthenticated.Sensitive.Information.Exposure.via.Invoice MEDIUM" "sunshine-photo-cart 3.0 Insecure.Direct.Object.Reference.to.Order.Manipulation MEDIUM" "sunshine-photo-cart 2.9.15 Reflected.XSS HIGH" "sunshine-photo-cart 2.9.14 Image.Location.Update.via.CSRF MEDIUM" "sunshine-photo-cart 2.8.29 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "spider-facebook No.known.fix Cross-Site.Request.Forgery MEDIUM" "spider-facebook No.known.fix Reflected.XSS HIGH" "shopbuilder 2.1.13 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "shopbuilder 2.1.9 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "sync-ecommerce-neo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sync-ecommerce-neo No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "supra-csv-parser No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "seo-automatic-wp-core-tweaks No.known.fix Arbitrary.Admin.Account.Creation./.Admin.Email.Update.via.CSRF HIGH" "stepbyteservice-openstreetmap No.known.fix Use.of.Polyfill.io MEDIUM" "stepbyteservice-openstreetmap 1.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "share-one-drive 1.15.3 Reflected.Cross-Site.Scripting MEDIUM" "stm-megamenu 2.3.13 Unauthenticated.Local.File.Inclusion CRITICAL" "seo-alert No.known.fix Admin+.Stored.XSS LOW" "scroll-top 1.4.1 Admin+.Stored.Cross-Site.Scripting LOW" "seosamba-webmasters 1.0.6 Access.Key.Update.via.CSRF MEDIUM" "social-share-and-social-locker-arsocial No.known.fix Unauthenticated.SQL.Injection HIGH" "social-share-and-social-locker-arsocial No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "social-share-and-social-locker-arsocial 1.4.2 Admin+.Stored.XSS LOW" "splash-connector 2.0.8 Reflected.Cross-Site.Scripting MEDIUM" "slick-engagement 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.slick-grid.Shortcode MEDIUM" "staticpress No.known.fix Missing.Authorization MEDIUM" "slider-hero 8.7.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "slider-hero 8.4.4 Admin+.Stored.Cross-Site.Scripting LOW" "slider-hero 8.2.7 Contributor+.SQL.Injection CRITICAL" "slider-hero 8.2.1 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "small-package-quotes-wwe-edition 5.2.20 Missing.Authorization MEDIUM" "small-package-quotes-wwe-edition 5.2.19 Reflected.Cross-Site.Scripting MEDIUM" "small-package-quotes-wwe-edition 5.2.19 Unauthenticated.SQL.Injection HIGH" "small-package-quotes-wwe-edition 5.2.18 Unauthenticated.SQL.Injection HIGH" "shockingly-simple-favicon No.known.fix Settings.Update.via.CSRF MEDIUM" "slidedeck2 2.1.20130313 XSS.in.ZeroClipboard CRITICAL" "specia-companion No.known.fix Missing.Authorization MEDIUM" "setka-editor No.known.fix Cross-Site.Request.Forgery.via.handleRequest MEDIUM" "setka-editor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "setka-editor 2.1.17 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-user-profile No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "sakolawp-lite No.known.fix Cross-Site.Request.Forgery.to.Exam.Setting.Manipulation MEDIUM" "sakolawp-lite No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "solid-affiliate No.known.fix Sensitive.Information.Exposure MEDIUM" "social-tape No.known.fix CSRF.to.Stored.XSS HIGH" "security-ninja 5.159 Reflected.Cross-Site.Scripting MEDIUM" "security-ninja 5.135 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "seo-wordpress No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "swoop-password-free-authentication No.known.fix Authentication.Bypass CRITICAL" "stars-testimonials-with-slider-and-masonry-grid 3.3.4 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "stars-testimonials-with-slider-and-masonry-grid 3.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.stars_testimonials.Shortcode MEDIUM" "simple-travel-map No.known.fix Cross-Site.Request.Forgery MEDIUM" "seo-free No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "simple-dashboard No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "simple-job-manager No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "spostarbust 1.2.04.25 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "sitewide-notice-wp 2.3 Admin+.Stored.XSS LOW" "styler-for-ninja-forms-lite No.known.fix Authenticated.(Subscriber+).Arbitrary.Option.Deletion.via.deactivate_license MEDIUM" "seo-by-rank-math 1.0.236 Contributor+.Stored.XSS.via.Rank.Math.API MEDIUM" "seo-by-rank-math 1.0.236 Contributor+.Arbitrary.Schema.Deletion LOW" "seo-by-rank-math 1.0.232 Admin+.Remote.Code.Execution MEDIUM" "seo-by-rank-math 1.0.229 Unauthenticated.User.and.Term.Metadata.Insert/Update/Deletion MEDIUM" "seo-by-rank-math 1.0.229 Admin+.PHP.Object.Injection MEDIUM" "seo-by-rank-math 1.0.219 Authenticated.Stored.XSS LOW" "seo-by-rank-math 1.0.219-beta Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "seo-by-rank-math 1.0.218 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "seo-by-rank-math 1.0.217 Contributor+.Stored.Cross-Site.Scripting.via.'titleWrapper' MEDIUM" "seo-by-rank-math 1.0.215 Contributor+.Stored.XSS MEDIUM" "seo-by-rank-math 1.0.119.1 Contributor+.Stored.XSS MEDIUM" "seo-by-rank-math 1.0.107.3 Contributor+.LFI MEDIUM" "seo-by-rank-math 1.0.95.1 Unauthenticated.SSRF MEDIUM" "seo-by-rank-math 1.0.42.2 Authenticated.Missing.Access.Controls.to.Disable.Competitor.Plugins MEDIUM" "seo-by-rank-math 1.0.41 Rank.Math.<.1.0.41.-.Redirect.Creation.via.Unprotected.REST.API.Endpoint MEDIUM" "seo-by-rank-math 1.0.41 Rank.Math.<.1.0.41.-.Privilege.Escalation.via.Unprotected.REST.API.Endpoint CRITICAL" "seo-by-rank-math 1.0.27.1 Authenticated.Settings.Reset MEDIUM" "sydney-toolbox 1.32 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.aThemes:.Portfolio.Widget MEDIUM" "sydney-toolbox 1.31 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sydney-toolbox 1.29 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Filterable.Gallery MEDIUM" "sydney-toolbox 1.27 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via._id MEDIUM" "sydney-toolbox 1.26 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "smart-marketing-for-wp 5.0.5 Missing.Authorization MEDIUM" "smart-marketing-for-wp 2.0.0 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "simple-icons No.known.fix Missing.Authorization MEDIUM" "simple-icons 2.7.8 Simple.Icons.<.2.7.8.-.Contributor+.Stored.XSS MEDIUM" "seos-contact-form No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "snazzyadmin-wp-admin-theme No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "snazzyadmin-wp-admin-theme No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "snazzyadmin-wp-admin-theme No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "sticky-add-to-cart-woo No.known.fix Missing.Authorization MEDIUM" "super-interactive-maps 2.2 Unauthenticated.SQL.Injections CRITICAL" "super-interactive-maps 2.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "smtp-sendgrid 1.5 Unauthenticated.Stored.Cross-Site.Scripting.via.Email.Logs HIGH" "simple-bitcoin-faucets No.known.fix Unauthorised.AJAX.Call.to.Stored.XSS MEDIUM" "search-filter 1.2.16 Contributor+.Stored.XSS MEDIUM" "simple-matted-thumbnails No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "smtp-mailing-queue 1.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "smtp-mailing-queue 2.0.1 Admin+.Stored.XSS LOW" "short-tax-post No.known.fix Authenticated.(Subscriber+).Privilege.Escalation.via.Password.Update HIGH" "short-tax-post No.known.fix Unauthorized.User.Registration MEDIUM" "smooth-slider 2.8.7 Authenticated.SQL.Injection HIGH" "smooth-slider 2.7 Authenticated.SQL.Injection HIGH" "subscribe-to-comments 2.3.1 Reflected.Cross-Site.Scripting MEDIUM" "subscribe-to-comments 2.3 Authenticated.Local.File.Inclusion MEDIUM" "slider-image 2.8.7 Authenticated.Blind.SQL.Injection HIGH" "shopcred No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "snazzy-maps 1.1.5 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "sliced-invoices No.known.fix Missing.Authorization MEDIUM" "sliced-invoices 3.9.3 Missing.Authorization MEDIUM" "sliced-invoices 3.8.4 Multiple.Vulnerabilities HIGH" "small-package-quotes-unishippers-edition 2.4.10 Reflected.Cross-Site.Scripting MEDIUM" "small-package-quotes-unishippers-edition 2.4.10 Missing.Authorization MEDIUM" "small-package-quotes-unishippers-edition 2.4.9 Unauthenticated.SQL.Injection HIGH" "stellissimo-text-box No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "scancircle 2.9.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simply-static 3.1.4 Unauthenticated.Information.Exposure MEDIUM" "simply-static 3.1.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "sayfa-sayac No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "sayfa-sayac No.known.fix Unauthenticated.SQL.Injection CRITICAL" "slp-extenders No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "slp-extenders 5.9.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "shapepress-dsgvo 3.1.33 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "shapepress-dsgvo 3.1.24 Unauthenticated.Arbitrary.Post.Deletion HIGH" "shapepress-dsgvo 3.1.24 Unauthenticated.Plugin's.Settings.Update.to.Stored.Cross-Site.Scripting HIGH" "shapepress-dsgvo 2.2.19 Authenticated.Reflected.XSS MEDIUM" "social-links No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "social-links No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "simple-post-meta-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "saaspricing No.known.fix Contributor+.Stored.XSS MEDIUM" "seo-content-randomizer 3.28.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "smart-maintenance-countdown No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "soundy-audio-playlist No.known.fix XSS MEDIUM" "send-from No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "simple-301-redirects-addon-bulk-uploader 1.2.5 Multiple.Issues MEDIUM" "setup-default-feature-image 1.3 Missing.Authorization MEDIUM" "sermone-online-sermons-management No.known.fix Reflected.XSS HIGH" "sermone-online-sermons-management No.known.fix Contributor+.Stored.XSS MEDIUM" "social-locker-content No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "streamweasels-kick-integration 1.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.status-classic-offline-text.Parameter MEDIUM" "streamweasels-kick-integration 1.1.2 Blocks.and.Shortcodes.for.Embedding.Kick.Streams.<.1.1.2.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sw-kick-embed.Shortcode MEDIUM" "seo-automatic-seo-tools No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "seo-automatic-seo-tools No.known.fix Reflected.XSS HIGH" "sparkpost 2.3.6 Admin+.Stored.XSS LOW" "stop-user-enumeration 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "stop-user-enumeration 1.3.20 Subscriber+.Arbitrary.Option.Update CRITICAL" "stop-user-enumeration 1.3.9 REST.API.Bypass MEDIUM" "stop-user-enumeration 1.3.8 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "slicknav-mobile-menu 1.9.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "spam-control-xforwc 1.5.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "swatchly 1.4.1 1.4.0.-.Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Options.Update MEDIUM" "swatchly 1.2.1 Cross-Site.Request.Forgery MEDIUM" "scroll-baner No.known.fix CSRF.to.RCE CRITICAL" "scalable-vector-graphics-svg No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "superfast-mailgun-newsletter 1.1.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "share-woocommerce-email No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "site-reviews 7.2.5 Unauthenticated.Stored.XSS HIGH" "site-reviews 7.0.0 IP.Spoofing MEDIUM" "site-reviews 6.11.7 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "site-reviews 6.11.7 Authenticated(Subscriber+).Stored.Cross-Site.Scripting.via.display.name MEDIUM" "site-reviews 6.10.3 Missing.Authorization MEDIUM" "site-reviews 6.7.1 Admin+.Stored.XSS LOW" "site-reviews 6.6.0 Contributor+.Stored.XSS MEDIUM" "site-reviews 6.6.0 Contributor+.Stored.XSS MEDIUM" "site-reviews 6.4.0 Unauthenticated.CSV.Injection MEDIUM" "site-reviews 5.17.3 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "site-reviews 5.13.1 Admin+.Stored.XSS LOW" "site-reviews 2.15.3 Cross-Site.Scripting.(XSS) MEDIUM" "scroll-styler No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "sheet2site No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shortcode-support-for-elementor-templates No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "split-test-for-elementor No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "split-test-for-elementor 1.8.4 Editor+.SQLi MEDIUM" "split-test-for-elementor 1.7.0 Cross-Site.Request.Forgery MEDIUM" "st-daily-tip No.known.fix CSRF.to.Stored.Cross-Site.Scripting HIGH" "subscribe-to-download-lite 1.3.0 Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "subscribe-to-download-lite 1.3.0 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "simple-support-ticket-system 1.2.1 Unauthenticated.SQL.Injection CRITICAL" "simple-charts No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "social-auto-poster 5.3.16 Cross-Site.Request.Forgery MEDIUM" "social-auto-poster 5.3.16 Reflected.Cross-Site.Scripting MEDIUM" "social-auto-poster 5.3.15 Missing.Authorization.via.Multiple.Functions HIGH" "social-auto-poster 5.3.15 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "social-auto-poster 5.3.15 Cross-Site.Request.Forgery.via.Multiple.Functions MEDIUM" "social-auto-poster 5.3.15 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "social-auto-poster 5.3.15 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "social-auto-poster 5.3.15 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Meta.Update.via.wpw_auto_poster_update_tweet_template MEDIUM" "social-auto-poster 5.3.15 Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "shortcode-bootstrap-visuals No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-yearly-archive 2.1.9 Admin+.Stored.XSS LOW" "social-login-wp No.known.fix CSRF MEDIUM" "sticky-menu-block 1.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "side-cart-woocommerce 2.3 Admin+.Stored.XSS LOW" "side-cart-woocommerce 2.2 Settings.Reset.via.CSRF MEDIUM" "side-cart-woocommerce 2.1 Various.Versions.CSRF.to.Arbitrary.Options.Update HIGH" "site-pin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-email-subscriber No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "shortcode-addons No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "shortcode-addons No.known.fix Authenticated.(Admin+).Arbitrary.File.Upload CRITICAL" "shortcode-addons 3.2.0 Authenticated.Arbitrary.Options.Update MEDIUM" "shortcode-addons 3.1.0 Unauthenticated.Arbitrary.Option.Update CRITICAL" "simple-responsive-menu No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "sagepay-server-gateway-for-woocommerce 1.0.9 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "service-provider-profile-cpt No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "strx-magic-floating-sidebar-maker No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "studiocart 2.5.20 Reflected.Cross-Site.Scripting MEDIUM" "studiocart 2.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "search-analytics 1.4.11 Reflected.Cross-Site.Scripting MEDIUM" "search-analytics 1.4.10 Missing.Authorization MEDIUM" "search-analytics 1.4.8 Reflected.XSS HIGH" "search-analytics 1.4.6 Admin+.Stored.XSS LOW" "stax No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "stax 1.3.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ship-to-ecourier 1.0.2 Plugin's.Settings.Update.via.CSRF MEDIUM" "slotti-ajanvaraus 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "slotti-ajanvaraus 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "salient-shortcodes 1.5.4 Authenticated.(Contributor+).Local.File.Inclusion.via.Shortcode HIGH" "salient-shortcodes 1.5.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "saphali-woocommerce-lite 1.9.0 Settings.Update/Reset.via.CSRF MEDIUM" "station-pro 2.3.4 Reflected.Cross-Site.Scripting MEDIUM" "station-pro 2.2.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "station-pro 2.2.2 Reflected.Cross-Site.Scripting.(XSS) HIGH" "sastra-essential-addons-for-elementor 1.0.15 Missing.Authorization.to.Spexo.Theme.Install MEDIUM" "sastra-essential-addons-for-elementor 1.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "skyboot-portfolio-gallery No.known.fix Contributor+.Stored.XSS MEDIUM" "simple-responsive-image-gallery No.known.fix Reflected.Cross-Site.Scripting HIGH" "ssl-wireless-sms-notification 3.6.0 Unauthenticated.SQL.Injection HIGH" "ssl-wireless-sms-notification 3.7.0 Unauthenticated.Privilege.Escalation CRITICAL" "site-editor-google-map No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "social-lite 1.3.0 Reflected.Cross-Site.Scripting MEDIUM" "slp-extended-data-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "slp-extended-data-manager 5.9.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "spotbot No.known.fix Reflected.XSS HIGH" "sequential-order-numbers-for-woocommerce 3.6.3 Cross-Site.Request.Forgery MEDIUM" "symbiostock No.known.fix Authenticated.(Shop.Manager+).Arbitrary.File.Upload HIGH" "skt-nurcaptcha 3.6.0 Cross-Site.Request.Forgery..to.Stored.Cross-Site.Scripting MEDIUM" "surferseo 1.6.0.523 Authenticated.(Administrator+).SQL.Injection MEDIUM" "surferseo 1.3.3.379 Missing.Authorization MEDIUM" "shopelement 2.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sticky-banner 1.3.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "stop-referrer-spam 1.3.1 CSRF MEDIUM" "smartifw No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "shorten-url No.known.fix Subscriber+.SQLi HIGH" "shorten-url No.known.fix Cross-Site.Request.Forgery.via.configuration_page MEDIUM" "shorten-url No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "shorten-url No.known.fix Missing.Authorization.via.multiple.AJAX.functions MEDIUM" "shorten-url No.known.fix CSRF MEDIUM" "shorten-url 1.6.5 Admin+.Cross.Site.Scripting LOW" "shorten-url 1.6.5 Admin+.Stored.Cross-Site.Scripting MEDIUM" "shorten-url 1.6.5 Subscriber+.SQLi HIGH" "send-to-twitter No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "social-proof-testimonials-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.spslider-block.Shortcode MEDIUM" "social-proof-testimonials-slider 2.2.4 Admin+.Stored.XSS LOW" "schreikasten No.known.fix Author+.SQL.Injections HIGH" "simple-add-pages-or-posts No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "simple-add-pages-or-posts No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "simple-add-pages-or-posts 1.7 CSRF MEDIUM" "smartarget-popup No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "simple-image-sizes 3.2.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "semantic-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shoutcast-icecast-html5-radio-player No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "smtp2go 1.5.0 Admin+.Stored.XSS LOW" "show-notice-or-message-on-admin-area No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "sensei-lms 4.24.5 Missing.Authorization MEDIUM" "sensei-lms 4.24.4 Unauthenticated.sensei_email/sensei_message.Disclosure MEDIUM" "sensei-lms 4.24.2 Unauthenticated.Email.Template.Leak MEDIUM" "sensei-lms 4.24.0 Unauthenticated.Rewrite.Rules.Flushing MEDIUM" "sensei-lms 4.18.0 Contributor+.Stored.XSS MEDIUM" "sensei-lms 4.20.0 Teacher+.Users.Email.Address.Disclosure MEDIUM" "sensei-lms 4.5.0 Unauthenticated.Private.Messages.Disclosure.via.Rest.API MEDIUM" "sensei-lms 4.5.2 Arbitrary.Private.Message.Sending.via.IDOR LOW" "sendit No.known.fix Authenticated.(admin+).SQL.Injection MEDIUM" "subaccounts-for-woocommerce 1.6.7 Authenticated.(Subscriber+).Privilege.Escalation.via.Account.Takeover HIGH" "subaccounts-for-woocommerce 1.6.1 Reflected.Cross-Site.Scripting HIGH" "subaccounts-for-woocommerce 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "subscribe-to-comments-reloaded 240119 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "subscribe-to-comments-reloaded 220502 Multiple.CSRF MEDIUM" "subscribe-to-comments-reloaded 150820 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "sky-login-redirect 3.7.3 Reflected.Cross-Site.Scripting MEDIUM" "sky-login-redirect 3.6.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sync-qcloud-cos 2.0.1 Admin+.Stored.Cross-Site.Scripting LOW" "sumo-divi-modules No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sumo-divi-modules 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-headline-rotator No.known.fix Stored.XSS.via.CSRF HIGH" "smart-id 4.7 Reflected.Cross-Site.Scripting MEDIUM" "simplepress No.known.fix Missing.Authorization MEDIUM" "simplepress No.known.fix Cross-Site.Request.Forgery.to.Unauthorized.Post.Editing MEDIUM" "simplepress 6.10.11 Reflected.XSS HIGH" "simplepress 6.10.12 Reflected.Cross-Site.Scripting MEDIUM" "simplepress 6.8.1 Unauthenticated.Stored.XSS.via.Forum.Replies HIGH" "simplepress 6.8.1 Admin+.Arbitrary.File.Update LOW" "simplepress 6.8.1 Subscriber+.Arbitrary.File.Deletion HIGH" "simplepress 6.8.1 Subscriber+.Stored.XSS.via.Profile.Signatures MEDIUM" "simplepress 6.6.1 Broken.Access.Control.leading.to.RCE CRITICAL" "sender 1.2.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "share-buttons No.known.fix Admin+.Stored.XSS LOW" "share-buttons No.known.fix Unauthenticated.Image.Upload.&.Path.Traversal MEDIUM" "sms-alert 3.8.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sa_verify.Shortcode MEDIUM" "sms-alert 3.8.2 Authenticated.(Subscriber+).Privilege.Escalation.via.handleWpLoginCreateUserAction.Function HIGH" "sms-alert 3.8.2 Unauthenticated.SQL.Injection HIGH" "sms-alert 3.8.0 Unauthenticated.Account.Takeover/Privilege.Escalation CRITICAL" "sms-alert 3.7.9 Unauthenticated.SQL.Injection HIGH" "sms-alert 3.7.9 Reflected.Cross-Site.Scripting MEDIUM" "sms-alert 3.7.7 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "sms-alert 3.7.6 WooCommerce.<.3.7.6.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sa_subscribe.Shortcode MEDIUM" "sms-alert 3.7.0 Cross-Site.Request.Forgery MEDIUM" "sms-alert 3.4.7 SMS.Alert.Order.Notifications.–.WooCommerce.<.3,4,7.Authenticated.Cross.Site.Scripting LOW" "site-launcher No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-share-buttons-adder 8.5.1 Admin+.Stored.XSS LOW" "simple-share-buttons-adder 8.4.12 Authenticated(Administrator+).Stored.Cross-Site.Scripting.via.CSS.Settings MEDIUM" "simple-share-buttons-adder 8.5.1 CSRF MEDIUM" "simple-share-buttons-adder 6.0.1 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "skype-online-status No.known.fix Contributor+.Stored.XSS MEDIUM" "srbtranslatin No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "srbtranslatin 2.4.1 Cross-Site.Scripting.From.Third-party.Library HIGH" "srbtranslatin 1.47 Stored.XSS.&.CSRF HIGH" "snow-monkey-forms 5.0.7 Unauthenticated.Path.Traversal MEDIUM" "sexy-author-bio No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sexy-author-bio No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "simple-sitemap 3.6.1 Missing.Authorization MEDIUM" "simple-sitemap 3.5.14 Cross-Site.Request.Forgery.via.admin_notices MEDIUM" "simple-sitemap 3.5.10 Reflected.Cross-Site.Scripting MEDIUM" "simple-sitemap 3.5.8 Contributor+.Stored.XSS MEDIUM" "simple-sitemap 3.5.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "spotlight-social-photo-feeds-premium 1.7.2 Social.Media.Feeds.(Premium).<.1.7.2.-.Unauthenticated.Information.Exposure MEDIUM" "smsa-shipping-for-woocommerce 1.0.5 Subscriber+.Arbitrary.File.Download HIGH" "supportcandy 3.3.1 Support.Ticket.Attachments.Download.via.IDOR MEDIUM" "supportcandy 3.2.4 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "supportcandy 3.1.7 Subscriber+.SQLi HIGH" "supportcandy 3.1.7 Admin+.SQLi MEDIUM" "supportcandy 3.1.5 Unauthenticated.SQLi HIGH" "supportcandy 2.2.7 Arbitrary.Ticket.Deletion.via.CSRF HIGH" "supportcandy 2.2.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "supportcandy 2.2.7 Reflected.Cross-Site.Scripting MEDIUM" "supportcandy 2.2.5 Unauthenticated.Arbitrary.Ticket.Deletion HIGH" "supportcandy 2.2.7 CSRF.to.Cross-Site.Scripting MEDIUM" "supportcandy 2.0.1 Arbitrary.File.Upload CRITICAL" "subscriptions-memberships-for-paypal 1.1.7 Cross-Site.Request.Forgery.to.Arbitrary.Post.Deletion MEDIUM" "subscriptions-memberships-for-paypal 1.1.3 Reflected.Cross-Site.Scripting.via.page.Parameter HIGH" "simple-social-share No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "shipengine-shipping-quotes 1.0.8 Unauthenticated.SQL.Injection HIGH" "sabai-discuss 1.4.14 Reflected.Cross.Site.Scripting MEDIUM" "simple-pdf-viewer No.known.fix Contributor+.XSS MEDIUM" "social-web-suite 4.1.12 Directory.Traversal.to.Arbitrary.File.Download HIGH" "steel No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.btn.Shortcode MEDIUM" "sticky-chat-button No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "simple-image-manipulator No.known.fix Remote.File.Download HIGH" "sportspress 2.7.22 Admin+.Stored.XSS LOW" "sportspress 2.7.21 Missing.Authorization.to.Notice.Dismissal LOW" "sportspress 2.7.18 Missing.Authorization.to.Unauthenticated.Event.Permalink.Update MEDIUM" "sportspress 2.7.9 Reflected.Cross-Site.Scripting HIGH" "sportspress 2.7.2 Authenticated.Stored.Cross-Site.Scripting HIGH" "social-testimonials-and-reviews-widget 5.22 Missing.Authorization MEDIUM" "social-testimonials-and-reviews-widget 5.21 Authenticated.(Contributor+).Stored.Cross-Site.Scripting HIGH" "social-testimonials-and-reviews-widget 5.00 Missing.Authorization MEDIUM" "social-testimonials-and-reviews-widget 5.02 CSRF MEDIUM" "service No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "sheets-to-wp-table-live-sync 3.7.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "simple-banner 3.0.5 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "simple-banner 3.0.4 Admin+.Stored.XSS LOW" "simple-banner 2.12.0 Admin+.Stored.Cross.Site.Scripting LOW" "simple-banner 2.12.0 Admin+.Stored.Cross-Site.Scripting LOW" "simple-banner 2.10.4 Admin+.Stored.XSS MEDIUM" "simple-news No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.news.Shortcode MEDIUM" "social-media-builder No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "send-e-mail No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "seo-dashboard-by-gutewebsites-de No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "sola-newsletters No.known.fix CSRF.to.Stored.XSS HIGH" "slider-slideshow No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "slider-slideshow No.known.fix Contributor+.Stored.XSS MEDIUM" "slider-slideshow No.known.fix Cross-Site.Request.Forgery HIGH" "shortcodehub 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "simple-restrict 1.2.8 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "simple-restrict 1.2.7 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "simple-ajax-chat 20240412 Admin+.Stored.XSS LOW" "simple-ajax-chat 20240223 .Unauthenticated.Stored.Cross-Site.Scripting HIGH" "simple-ajax-chat 20240216 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "simple-ajax-chat 20240223 Unauthenticated.Stored.XSS HIGH" "simple-ajax-chat 20220216 Log.Clearing.&.Arbitrary.Chat.Message.Deletion.via.CSRF MEDIUM" "simple-ajax-chat 20220216 Sensitive.Information.Disclosure MEDIUM" "simple-ajax-chat 20220216 Unauthenticated.Stored.XSS MEDIUM" "sleekplan No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "s2member 250424 Administrator+.Local.File.Inclusion MEDIUM" "s2member 250214 Reflected.Cross-Site.Scripting MEDIUM" "s2member 250214 Reflected.Cross-Site.Scripting MEDIUM" "s2member 241216 Authenticated.(Contributor+).Sensitive.Information.Exposure HIGH" "s2member 241216 Unauthenticated.Remote.Code.Execution HIGH" "s2member 240325 Limited.Privilege.Escalation MEDIUM" "s2member 240315 Information.Exposure MEDIUM" "social-stream-design No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "smm-api No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "skt-builder 4.8 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "skt-builder 4.2 Missing.Authorization.to.Authenticated(Subscriber+).Content.Injection MEDIUM" "superlogoshowcase-wp 2.3 Unauthenticated.Arbitrary.File.Upload CRITICAL" "slider-blocks 2.7.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-custom-author-profiles No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "spotify-play-button No.known.fix Contributor+.Stored.XSS MEDIUM" "seur 2.2.24 Unauthenticated.Local.File.Inclusion CRITICAL" "seur 2.2.12 Reflected.Cross-Site.Scripting MEDIUM" "seur 2.2.11 Unauthenticated.SQL.Injection HIGH" "seur 1.7.2 Admin+.Arbitrary.File.Download MEDIUM" "seur 1.7.0 Admin+.Stored.Cross-Site.Scripting MEDIUM" "svg-support 2.5.9 Stored.Cross-Site.Scripting.via.Vulnerability.Dependency MEDIUM" "svg-support 2.5.11 Author+.Stored.XSS.via.SVG.File.Upload MEDIUM" "svg-support 2.5.8 Author+.Cross-Site.Scripting.via.SVG MEDIUM" "svg-support 2.5.2 Author+.Stored.XSS MEDIUM" "svg-support 2.5 Author+.Stored.Cross-Site.Scripting MEDIUM" "svg-support 2.3.20 Admin+.Stored.Cross-Site.Scripting LOW" "slider-bws 1.1.1 Authenticated.(Administrator+).SQL.Injection MEDIUM" "smart-maintenance-mode 1.5.3 Reflected.Cross-Site.Scripting.via.setstatus.Parameter MEDIUM" "smart-maintenance-mode 1.5.2 Admin+.Stored.XSS LOW" "smart-maintenance-mode 1.5.2 Admin+.Stored.XSS LOW" "smart-maintenance-mode No.known.fix Cross-Site.Request.Forgery MEDIUM" "sitetweet-tweets-user-behaviors-on-your-site-on-twitter No.known.fix Stored.XSS.via.CSRF HIGH" "simple-file-downloader No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "sql-chart-builder No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "simply-show-hooks No.known.fix Injected.Backdoor CRITICAL" "soisy-pagamento-rateale No.known.fix Missing.Authorization.to.Sensitive.Information.Exposure HIGH" "sv-columns-manager 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "sv-columns-manager 1.8.02 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-login-log 1.1.2 Authenticated.SQL.Injection CRITICAL" "sms-ovh No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "side-menu-lite 5.3.2 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "side-menu-lite 4.2.1 Menu.Deletion.via.CSRF MEDIUM" "side-menu-lite 4.0.2 Reflected.XSS MEDIUM" "side-menu-lite 2.2.6 Authenticated.SQL.Injection HIGH" "side-menu-lite 2.2.1 Authenticated.SQL.Injection LOW" "show-posts 1.8.1 Admin+.PHP.Object.Injection LOW" "show-posts 1.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "social-bookmarking-reloaded No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "sidebar-manager-light No.known.fix Cross-Site.Request.Forgery MEDIUM" "sidebar-manager-light No.known.fix Cross-Site.Request.Forgery MEDIUM" "simple-real-estate-pack-4 No.known.fix Admin+.Stored.Cross.Site.Scripting LOW" "simple-buttons-creator No.known.fix Aribtrary.Button.Deletion.via.CSRF MEDIUM" "simple-buttons-creator No.known.fix Unauthenticated.Stored.XSS HIGH" "speedycache 1.1.9 Cross-Site.Request.Forgery MEDIUM" "speedycache 1.1.4 Missing.Authorization.to.Plugin.Options.Update MEDIUM" "speedycache 1.1.3 .Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "simple-tweet No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "simple-tweet No.known.fix Admin+.Stored.XSS LOW" "simpel-reserveren No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "sonawp-simple-payment-block 1.0.1 Reflected.Cross-Site.Scripting MEDIUM" "simple-form 2.12.2 Admin+.Stored.XSS LOW" "showeblogin-facebook-page-like-box No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "site-mailer 1.2.4 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "safe-svg 2.2.6 Author+.SVG.Sanitisation.Bypass MEDIUM" "safe-svg 1.9.10 SVG.Sanitisation.Bypass MEDIUM" "safe-svg 1.9.6 XSS.Protection.Bypass HIGH" "simple-popup-newsletter No.known.fix Reflected.Cross-Site.Scripting HIGH" "social-share-buttons-by-supsystic 2.2.4 Subscriber+.Unauthorised.Actions MEDIUM" "social-share-buttons-by-supsystic 2.2.4 Subscriber+.SQLi HIGH" "social-share-buttons-by-supsystic 2.2.4 Multiple.CSRF MEDIUM" "simple-comment-editing 3.1.0 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "services-section 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simply-excerpts No.known.fix Admin+.Stored.XSS LOW" "searchwp-live-ajax-search 1.6.3 Unauthenticated.Local.File.Inclusion MEDIUM" "searchwp-live-ajax-search 1.6.2 Unauthenticated.Arbitrary.Post.Title.Disclosure MEDIUM" "sugar-calendar-lite 3.4.0 Reflected.Cross-Site.Scripting MEDIUM" "startend-subscription-add-on-for-gravityforms 4.0.6 Reflected.Cross-Site.Scripting MEDIUM" "saoshyant-slider No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "simple-downloads-list 1.4.3 Authenticated.(Contributor+).SQL.Injection MEDIUM" "steam-group-viewer No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "scroll-triggered-animations 3.0.16 Reflected.Cross-Site.Scripting HIGH" "scroll-triggered-animations 3.0.11 Missing.Authorization.to.Plugin.Settings.Update MEDIUM" "simply-gallery-block 3.2.6 Contributor+.Stored.XSS MEDIUM" "simply-gallery-block 3.2.4.3 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "simply-gallery-block 3.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.galleryID.and.className.Parameters MEDIUM" "simply-gallery-block 3.1.5 Reflected.Cross-Site.Scripting MEDIUM" "simply-gallery-block 3.0.8 Subscriber+.Arbitrary.Options.Update HIGH" "simply-gallery-block 2.3.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simply-gallery-block 2.2.1 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "soundcloud-shortcode 4.0.2 Contributor+.Stored.XSS MEDIUM" "soundcloud-shortcode 4.0.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "search-meter 2.13.3 CSV.Injection MEDIUM" "spider-elements No.known.fix Missing.Authorization MEDIUM" "spider-elements No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sell-photo 1.0.6 Authenticated.Stored.Cross-Site.Scripting LOW" "static-html-output-plugin 6.0 Reflected.Cross-Site.Scripting MEDIUM" "skt-skill-bar 2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "skt-skill-bar 2.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "skt-skill-bar 2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sangar-slider-lite No.known.fix Cross-Site.Request.Forgery MEDIUM" "search-console 2.1.2 Reflected.Cross-Site.Scripting MEDIUM" "smoothscroller No.known.fix Admin+.Stored.XSS LOW" "support-chat No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "support-chat 2.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpsaio_snapchat.Shortcode MEDIUM" "simple-video-embedder No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "slickr-flickr No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "small-package-quotes-fedex-edition 4.3.2 Unauthenticated.SQL.Injection HIGH" "sharespine-woocommerce-connector 4.8.56 Missing.Authorization MEDIUM" "sparkle-demo-importer 1.4.8 Missing.Authorization.to.Authorized(Subscriber+).Post/Pages/Attachements.Deletion.and.Demo.Data.Import MEDIUM" "shariff 4.6.14 Unauthenticated.Local.File.Inclusion CRITICAL" "shariff 4.6.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "shariff 4.6.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shariff 4.6.10 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "shariff 4.6.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shariff 4.6.10 Admin+.Stored.XSS LOW" "social-media-sharing No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "spotlight-social-photo-feeds 1.7.2 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "spotlight-social-photo-feeds 1.6.11 Cross-Site.Request.Forgery MEDIUM" "spotlight-social-photo-feeds 1.6.1 Reflected.Cross-Site.Scripting MEDIUM" "spotlight-social-photo-feeds 1.4.3 Contributor+.Stored.XSS MEDIUM" "spotlight-social-photo-feeds 0.10.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "seo-beginner-auto-post No.known.fix Missing.Authorization.to.File.Overwrite/Upload.(Remote.Code.Execution) CRITICAL" "smartsoftbutton-widget-de-botones-de-chat No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF HIGH" "sg-security 1.5.1 Missing.Authorization.via.hide_notice() MEDIUM" "sg-security 1.3.1 Admin+.SQLi MEDIUM" "sg-security 1.2.6 Authentication.Bypass.via.2-FA.Authentication.Setup CRITICAL" "sg-security 1.2.6 Authorization.Weakness.to.Authentication.Bypass.via.2-FA.Back-up.Codes HIGH" "sportspress-tv No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sharable-password-protected-posts 1.1.1 Unauthenticated.Password.Protect.Post.Access HIGH" "slider-responsive-slideshow 1.4.2 Missing.Authorization MEDIUM" "slider-responsive-slideshow 1.4.0 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "sv-forms No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sv-forms 2.0.2 Reflected.Cross-Site.Scripting MEDIUM" "sv-forms 1.8.10 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "stout-google-calendar No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "simple-notification No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "simple-notification No.known.fix Missing.Authorization MEDIUM" "simple-quotation No.known.fix Quote.Creation/Edition.via.CSRF.to.Stored.Cross-Site.Scripting MEDIUM" "simple-quotation No.known.fix Subscriber+.SQL.injection HIGH" "scw-bus-seat-reservation No.known.fix Unauthenticated.SQL.Injection HIGH" "show-hidecollapse-expand 1.3.0 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "show-hidecollapse-expand No.known.fix Subscriber+.Settings.Update MEDIUM" "simple-certain-time-to-show-content 1.3.1 Reflected.XSS HIGH" "super-socializer 7.14.1 Unauthenticated.Limited.SQL.Injection.via.'SuperSocializerKey' MEDIUM" "super-socializer 7.14 Authentication.Bypass HIGH" "super-socializer 7.13.64 Editor+.Stored.XSS MEDIUM" "super-socializer 7.13.55 Missing.Authorization MEDIUM" "super-socializer 1.13.53 Contributor+.Stored.XSS MEDIUM" "super-socializer 7.13.52 Reflected.XSS HIGH" "super-socializer 7.13.44 Contributor+.Stored.XSS MEDIUM" "super-socializer 7.13.30 Reflected.Cross-Site.Scripting MEDIUM" "super-socializer 7.11 Authentication.Bypass CRITICAL" "single-sign-on-client No.known.fix Authentication.Bypass HIGH" "seo-automatic-links No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "sku-for-woocommerce 1.6.3 Reflected.Cross-Site.Scripting MEDIUM" "sku-for-woocommerce 1.6.3 Reflected.Cross-Site.Scripting MEDIUM" "sensly-online-presence No.known.fix Admin+.Stored.XSS LOW" "suretriggers 1.0.83 Unauthenticated.Privilege.Escalation CRITICAL" "suretriggers 1.0.79 Unauthenticated.Admin.User.Creation HIGH" "suretriggers 1.0.48 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Trigger.Link.Shortcode MEDIUM" "suretriggers 1.0.24 Cross-Site.Request.Forgery MEDIUM" "seo-help No.known.fix Admin+.SSRF MEDIUM" "seo-help No.known.fix Missing.Authorization MEDIUM" "seo-help 6.1.4 Reflected.Cross-Site.Scripting MEDIUM" "safe-ai-malware-protection-for-wp No.known.fix Missing.Authorization MEDIUM" "safe-ai-malware-protection-for-wp 1.0.18 Missing.Authorization.to.Unauthenticated.Database.Export HIGH" "style-admin No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "slide No.known.fix Missing.Authorization.to.Content.Injection MEDIUM" "slide No.known.fix Missing.Authorization MEDIUM" "slide No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "seamless-donations 5.1.9 Arbitrary.Settings.Update.via.CSRF MEDIUM" "shmapper-by-teplitsa 1.5.1 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "shmapper-by-teplitsa 1.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-select-all-text-box No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "social-polls-by-opinionstage 19.10.0 Incorrect.Authorization.to.Authenticated.(Contributor+).Plugin.Settings.Update MEDIUM" "schedule No.known.fix Unauthenticated.SQL.Injection HIGH" "schedule No.known.fix Reflected.XSS HIGH" "spam-byebye No.known.fix Cross-Site.Request.Forgery MEDIUM" "spam-byebye 2.2.2 Cross-Site.Scripting.(XSS) MEDIUM" "store-manager-connector No.known.fix Unauthenticated.Arbitrary.File.Upload.via.set_image() CRITICAL" "store-manager-connector No.known.fix Unauthenticated.Arbitrary.File.Read MEDIUM" "store-manager-connector No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "store-manager-connector No.known.fix Unauthenticated.Arbitrary.File.Upload.via.set_file() HIGH" "svgator 1.3.3 Stored.XSS.via.SVG.Upload MEDIUM" "svgator 1.2.5 API.Token.Update/Deletion.&.Import.Projects.via.CSRF MEDIUM" "sheet-to-wp-table-for-google-sheet 1.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.STWT_Sheet_Table.Shortcode MEDIUM" "simple-urls 121 Arbitrary.Actions.via.CSRF MEDIUM" "simple-urls 118 Reflected.XSS HIGH" "simple-urls 115 Subscriber+.SQLi HIGH" "simple-urls 115 Multiple.Reflected.XSS HIGH" "secure-admin-ip No.known.fix Missing.Authorization.via.'saveSettings' MEDIUM" "sp-news-and-widget 4.0.1 Reflected.Cross-Site.Scripting MEDIUM" "social-counter 2.1 Authenticated.(Administrator+).PHP.Object.Injection MEDIUM" "s3bubble-amazon-s3-html-5-video-with-adverts No.known.fix Directory.Traversal.leading.to.Arbitrary.File.Access HIGH" "simple-post-expiration No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-posts-ticker 1.1.6 Admin+.Stored.XSS LOW" "simple-posts-ticker 1.1.6 Contributor+.Stored.XSS MEDIUM" "soj-soundslides No.known.fix Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "simple-youtube-responsive 3.0 Contributor+.Stored.XSS MEDIUM" "simple-mobile-url-redirect No.known.fix Cross-Site.Request.Forgery MEDIUM" "supreme-modules-for-divi 2.5.52 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "supreme-modules-for-divi 2.5.4 Contrib+.DOM-Based.Cross-Site.Scripting MEDIUM" "sticky-add-to-cart-for-woo No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "solidres No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "solidres No.known.fix Reflected.XSS HIGH" "solidres No.known.fix Admin+.Stored.XSS LOW" "solidres No.known.fix Multiple.Reflected.XSS HIGH" "store-locator-widget 2025r3 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "store-locator-widget 2025r2 Contributor+.Stored.XSS MEDIUM" "social-metrics No.known.fix Admin+.Stored.XSS LOW" "subscribe-to-category No.known.fix Unauthenticated.SQLi HIGH" "syncee-global-dropshipping 1.0.10 Global.Dropshipping.<.1.0.10.-.Authentication.Token.Disclosure HIGH" "sticky-header-oceanwp No.known.fix CSRF MEDIUM" "shiptimize-for-woocommerce No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "shiptimize-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-tour-guide 1.0.6 Reflected.Cross-Site.Scripting MEDIUM" "sidebartabs No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "seo-bulk-editor No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "social-locker No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "social-locker 4.2.5 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "searchpro 2.1.2 Reflected.Cross-Site.Scripting MEDIUM" "searchpro 1.7.7 Unauthenticated.Arbitrary.File.Uplaod CRITICAL" "searchpro 1.7.6 Unauthenticated.Server-Side.Request.Forgery HIGH" "spoiler-block No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "sliderpro 4.8.7 Missing.Authorization.via.AJAX.actions MEDIUM" "stklcode-liveticker 1.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-post-notes 1.7.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "simple-post-notes 1.7.7 Cross-Site.Request.Forgery MEDIUM" "simple-post-notes 1.7.6 Admin+.Stored.Cross-Site.Scripting LOW" "subscribe-sidebar No.known.fix Authenticated.Reflected.Cross-Site.Scripting CRITICAL" "stock-exporter-for-woocommerce 1.2.0 Reflected.XSS HIGH" "starterblocks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "starterblocks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "smart-wishlist-for-more-convert 1.9.2 Reflected.Cross-Site.Scripting MEDIUM" "smart-wishlist-for-more-convert 1.9.0 Authenticated.(Administrator+).SQL.Injection MEDIUM" "smart-wishlist-for-more-convert 1.8.8 Unauthenticated.Wishlist.Disclosure.via.download_pdf_file.Function HIGH" "smart-wishlist-for-more-convert 1.7.3 Missing.Authorization MEDIUM" "smart-wishlist-for-more-convert 1.7.9 Missing.Authorization MEDIUM" "small-package-quotes-purolator-edition 3.6.5 Unauthenticated.SQL.Injection HIGH" "send-email-only-on-reply-to-my-comment No.known.fix Stored.XSS.via.CSRF HIGH" "send-email-only-on-reply-to-my-comment No.known.fix Reflected.XSS HIGH" "sell-downloads 1.0.8 Insufficient.Restrictions.when.Brute-Force.Purchase.IDs HIGH" "s2member-pro 250419 Authenticated.(Contributor+).Local.File.Inclusion.to.Remote.Code.Execution.via.Shortcode HIGH" "s2member-pro 250214 Unauthenticated.PHP.Object.Injection CRITICAL" "snapwidget-wp-instagram-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "support-genix-lite 1.4.12 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "support-genix-lite 1.2.4 Missing.Authorization MEDIUM" "simple-portfolio-gallery No.known.fix Admin+.Stored.XSS MEDIUM" "salon-booking-plugin-pro-cc No.known.fix Missing.Authorization MEDIUM" "shockingly-big-ie6-warning No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "school-management-pro No.known.fix Authenticated.(School.Admin+).SQL.Injection CRITICAL" "school-management-pro 9.9.7 Unauthenticated.RCE.via.REST.api CRITICAL" "sh-slideshow No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "spendino No.known.fix Unauthenticated.Arbitrary.Options.Update CRITICAL" "shortcoder 6.3.1 Subscriber+.Unauthorised.AJAX.Call MEDIUM" "subscribe-to-unlock-lite 1.3.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "seo-by-rank-math-pro 3.0.36 Unauthenticated.Reflected.XSS MEDIUM" "simple-signup-form No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "sirv 7.5.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sirv 7.3.1 Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.Option.Deletion HIGH" "sirv 7.3.0 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "sirv 7.2.8 Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "sirv 7.2.8 Authenticated(Subscriber+).Missing.Authorization.to.Plugin.Settings.Update MEDIUM" "sirv 7.2.7 Authenticated.(Contributor+).Arbitrary.File.Upload CRITICAL" "sirv 7.2.3 Missing.Authorization.to.Arbitrary.Options.Update CRITICAL" "sirv 7.2.1 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "sirv 7.2.1 Missing.Authorization MEDIUM" "sirv 7.1.3 Missing.Authorization.via.sirv_disconnect MEDIUM" "sirv 6.8.1 Admin+.Stored.XSS LOW" "sirv 1.3.2 Authenticated.SQL.Injection HIGH" "super-social-content-locker-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-author-box 2.52 Contributor+.Arbitrary.User.Information.Disclosure.via.IDOR LOW" "simple-author-box 2.4 Reflected.Cross-Site.Scripting MEDIUM" "snap-pixel No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "snap-pixel No.known.fix Admin+.Stored.XSS LOW" "simple-vertical-timeline No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sema-api 5.30 Reflected.Cross-Site.Scripting.via.catid.Parameter MEDIUM" "sema-api 4.02 Unauthenticated.SQLi HIGH" "s3-video No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "securimage-wp No.known.fix Cross-Site.Request.Forgery MEDIUM" "sellsy 2.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "security-force No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "social-connect No.known.fix Authentication.Bypass CRITICAL" "scand-multi-mailer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "scand-multi-mailer No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "subscriptiondna 2.2 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "simple-optimizer No.known.fix Cross-Site.Request.Forgery MEDIUM" "simple-popup-manager No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "smsa-shipping-official 2.4 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "super-forms-bundle 4.9.703 Unauthenticated.PHP.File.Upload.to.RCE CRITICAL" "sv100-companion No.known.fix Missing.Authorization.to.Unuathenticated.Arbitrary.Options.Update CRITICAL" "sv100-companion 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "sv100-companion 1.8.12 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ssquiz No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "site-editor No.known.fix Local.File.Inclusion.(LFI) HIGH" "site-search-360 No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "site-search-360 2.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sv-gravity-forms-enhancer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sv-gravity-forms-enhancer 1.8.00 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "securesubmit No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "securesubmit No.known.fix Missing.Authorization MEDIUM" "simple-page-access-restriction 1.0.32 Cross-Site.Request.Forgery.via.Multiple.Parameters MEDIUM" "simple-page-access-restriction 1.0.30 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "simple-page-access-restriction 1.0.23 Improper.Access.Control.to.Sensitive.Information.Exposure.via.REST.API MEDIUM" "select-all-categories-and-taxonomies-change-checkbox-to-radio-buttons 1.3.2 Reflected.Cross-Site.Scripting.(XSS) HIGH" "superfly-menu 5.0.30 Cross-Site.Request.Forgery.to.Arbitrary.File.Deletion HIGH" "superfly-menu No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "saragna-social-stream No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sv-tracking-manager 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "sv-tracking-manager 1.8.02 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "shoutcast-and-icecast-html5-web-radio-player-by-yesstreaming-com No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "secure-captcha No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "strong-testimonials 3.2.4 Missing.Authorization MEDIUM" "strong-testimonials 3.1.17 Missing.Authorization MEDIUM" "strong-testimonials 3.1.13 Authenticated(Contributor+).Improper.Authorization.to.Views.Modification MEDIUM" "strong-testimonials 3.1.12 Contributor+.Stored.XSS MEDIUM" "strong-testimonials 3.1.11 Settings.Update.via.CSRF MEDIUM" "strong-testimonials 3.0.3 Contributor+.Stored.XSS MEDIUM" "strong-testimonials 3.0.3 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "strong-testimonials 2.51.3 Unauthorised.AJAX.Call MEDIUM" "strong-testimonials 2.40.1 Stored.Cross.Site.Scripting.(XSS) MEDIUM" "sahu-tiktok-pixel No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "simply-schedule-appointments 1.6.8.32 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Shortcodes MEDIUM" "simply-schedule-appointments 1.6.8.7 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "simply-schedule-appointments 1.6.8.5 Reflected.Cross-Site.Scripting MEDIUM" "simply-schedule-appointments 1.6.7.55 Admin+.Stored.XSS LOW" "simply-schedule-appointments 1.6.7.55 Admin+.Stored.XSS LOW" "simply-schedule-appointments 1.6.7.43 Admin+.Template.Injection.to.RCE MEDIUM" "simply-schedule-appointments 1.6.7.18 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simply-schedule-appointments 1.6.6.24 Reflected.Cross-Site.Scripting MEDIUM" "simply-schedule-appointments 1.6.7.9 Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "simply-schedule-appointments 1.6.7.9 Authenticated.(Subscriber+).SQL.Injection HIGH" "simply-schedule-appointments 1.6.6.24 Cross-Site.Request.Forgery.to.Plugin.Data.Reset MEDIUM" "simply-schedule-appointments 1.6.6.1 Authenticated(Administrator+).SQL.Injection MEDIUM" "simply-schedule-appointments 1.5.7.7 Unauthenticated.Email.Address.Disclosure MEDIUM" "simply-schedule-appointments 1.5.7.7 Admin+.Stored.Cross-Site.Scripting LOW" "sticky-social-icons No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "sticky-social-icons No.known.fix Admin+.Stored.XSS LOW" "script-compressor No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "simple-google-maps-short-code 1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "stop-spam-comments No.known.fix Access.Token.Bypass LOW" "sponsors-carousel No.known.fix Admin+.Stored.XSS LOW" "simple-301-redirects 2.0.8 Missing.Authorization.via.clicked MEDIUM" "simple-301-redirects 2.0.8 Cross-Site.Request.Forgery.via.'clicked' MEDIUM" "simple-301-redirects 2.0.4 2.0.0.–.2.0.3.-.Arbitrary.Plugin.Activation HIGH" "simple-301-redirects 2.0.4 2.0.0.–.2.0.3.-.Unauthenticated.Redirect.Import CRITICAL" "simple-301-redirects 2.0.4 2.0.0.–.2.0.3.-.Update.and.Retrieve.Wildcard.Value MEDIUM" "simple-301-redirects 2.0.4 2.0.0.–.2.0.3.-.Unauthenticated.Redirect.Export CRITICAL" "simple-301-redirects 2.0.4 2.0.0.–.2.0.3.-.Arbitrary.Plugin.Installation HIGH" "site-notes No.known.fix Admin.Note.Deletion.via.CSRF MEDIUM" "site-favicon 0.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "svg-shortcode No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.Upload MEDIUM" "simple-popup No.known.fix Admin+.Stored.XSS LOW" "site-table-of-contents No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "slider-wd 1.2.62 Contributor+.Stored.XSS MEDIUM" "slider-wd 1.2.62 Admin+.Stored.XSS.via.Widget LOW" "slider-wd 1.2.59 Admin+.Stored.XSS LOW" "slider-wd 1.2.58 Authenticated.(Contributor+).SQL.Injection.via.id.Parameter HIGH" "slider-wd 1.2.57 Editor+.Stored.XSS LOW" "slider-wd 1.2.56 Editor+.Stored.XSS LOW" "slider-wd 1.2.55 Reflected.Cross-Site.Scripting MEDIUM" "slider-wd 1.2.53 Admin+.Stored.XSS LOW" "slider-wd 1.2.52 Admin+.Stored.Cross-Site.Scripting LOW" "slider-wd 1.2.36 Multiple.Authenticated.SQL.Injection HIGH" "s3bubble-amazon-web-services-oembed-media-streaming-support No.known.fix Reflected.XSS HIGH" "social-kit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "social-kit No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "square-thumbnails 1.1.2 Missing.Authorization MEDIUM" "sailthru-triggermail No.known.fix Subscriber+.Stored.XSS HIGH" "sailthru-triggermail No.known.fix Reflected.XSS HIGH" "sailthru-triggermail No.known.fix Admin+.Stored.XSS LOW" "social-network-tabs No.known.fix Social.Media.API.Key.Leakage CRITICAL" "simple-student-result 1.7.5 Stored.Cross.Site.Scripting.via.CSRF MEDIUM" "simple-student-result 1.8.0 Unauthorised.REST.Calls MEDIUM" "simple-student-result 1.6.4 Auth.Bypass CRITICAL" "store-locator No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "store-locator No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "store-locator 3.98.8 Settings.Update.via.CSRF MEDIUM" "store-locator 3.34 SQL.Injection CRITICAL" "spiderpowa-embed-pdf No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sitepress-multilingual-cms 4.7.4 4.7.3.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpml_language_switcher.Shortcode MEDIUM" "sitepress-multilingual-cms 4.6.13 Contributor+.RCE.via.Twig.Server-Side.Template.Injection CRITICAL" "sitepress-multilingual-cms 4.6.1 Reflected.Cross-Site.Scripting HIGH" "sitepress-multilingual-cms 4.5.14 CSRF MEDIUM" "sitepress-multilingual-cms 4.5.11 Subscriber+.Translation.Job.Status.Update MEDIUM" "sitepress-multilingual-cms 4.5.11 Subscriber+.Settings.Update MEDIUM" "sitepress-multilingual-cms 4.3.7 Authenticated.Cross.Site.Request.Forgery.leading.to.Remote.Code.Execution HIGH" "sitepress-multilingual-cms 4.0 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "sitepress-multilingual-cms 3.2.7 Cross-Site.Scripting.(XSS).in.Accept-Language.Header MEDIUM" "slick-contact-forms No.known.fix Contributor+.Stored.XSS MEDIUM" "stylish-internal-links No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-mail-address-encoder 1.7 Reflected.Authenticated.XSS MEDIUM" "slider-for-writers No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "show-me-the-cookies No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "smart-seo-tool 3.0.6 Reflected.Cross-Site.Scripting MEDIUM" "shortcode-factory 2.8 Local.File.Inclusion CRITICAL" "shortcode-factory 1.1.1 XSS MEDIUM" "social-media-feather 2.1.4 Subscriber+.Unauthorised.Action MEDIUM" "social-media-feather 2.0.5 Admin+.Stored.Cross-Site.Scripting LOW" "simple-ldap-login 1.6.1 Reflected.Cross-Site.Scripting MEDIUM" "seo-for-local 9.2.1 Reflected.Cross-Site.Scripting MEDIUM" "seo-for-local 9.1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sync-posts No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "simple-page-transition No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "slingblocks 1.6.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "slingblocks 1.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sliderspack-all-in-one-image-sliders 2.4 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "sticky-social-link No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "shortcode-to-display-post-and-user-data 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.vg_display_data MEDIUM" "shortcode-to-display-post-and-user-data 1.3.0 Insecure.Direct.Object.Reference.to.Authenticated.(Contributor+).Post.Meta.Disclosure MEDIUM" "shortcode-to-display-post-and-user-data 1.3.0 Authenticated.(Contributor+).Code.Injection HIGH" "step-by-step No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sports-rankings-lists No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "streamcast 2.2.4 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "streamcast 2.1.9 Reflected.Cross-Site.Scripting MEDIUM" "streamcast 2.1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "streamcast 2.1.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "seo-keywords No.known.fix Reflected.Cross-Site.Scripting.via.google_error.Parameter MEDIUM" "simple-trackback-disabler No.known.fix Cross-Site.Request.Forgery MEDIUM" "speakpipe-voicemail-for-websites No.known.fix Cross-Site.Request.Forgery MEDIUM" "seguro-viagem 3.0.0 Stored.XSS.via.CSRF HIGH" "seo-backlinks No.known.fix CSRF.to.Stored.XSS HIGH" "smartarget-contact-us No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "smpl-shortcodes No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "sc-simple-zazzle No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "scrollto-top No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "sign-in-with-google No.known.fix Authentication.Bypass.in.authenticate_user CRITICAL" "smart-phone-field-for-gravity-forms 2.1 Reflected.Cross-Site.Scripting MEDIUM" "surbma-magyar-woocommerce 2022.0.3 Reflected.Cross-Site.Scripting MEDIUM" "surbma-magyar-woocommerce 30.3.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "spicebox 2.2 Reflected.Cross-Site.Scripting MEDIUM" "site-notify No.known.fix Missing.Authorization MEDIUM" "simple-staff-list 2.2.5 Missing.Authorization.via.ajax_flush_rewrite_rules.and.staff_member_export MEDIUM" "simple-staff-list 2.2.4 Editor+.Stored.XSS MEDIUM" "simple-staff-list 2.2.3 Contributor+.Stored.XSS MEDIUM" "svg-uploads-support No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "sideblog No.known.fix Arbitrary.Settings.Update.via.CSRF.to.Stored.XSS MEDIUM" "swipehq-payment-gateway-woocommerce No.known.fix Unauthenticated.Reflected.XSS MEDIUM" "super-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shortcodes-ultimate-pro 7.2.1 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate-pro 7.1.5 Contributor+.Stored.Cross-Site.Scripting.XSS MEDIUM" "surbma-font-awesome 3.1 Contributor+.Stored.XSS MEDIUM" "shop-assistant-for-woocommerce-jarvis 2.9.2 Missing.Authorization MEDIUM" "seo-nutrition-and-print-for-recipes-by-edamam No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "surveys No.known.fix Authenticated.SQL.Injection CRITICAL" "seekxl-snapr No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sticky-header-on-scroll No.known.fix Missing.Authorization MEDIUM" "secure-file-manager No.known.fix Admin+.RCE MEDIUM" "secure-file-manager No.known.fix Admin+.Arbitrary.File.Upload MEDIUM" "secure-file-manager No.known.fix Admin+.RCE MEDIUM" "secure-file-manager 2.8.2 Authenticated.Remote.Code.Execution CRITICAL" "shopello No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "shared-files 1.7.49 Unauthenticated.Stored.Cross-Site.Scripting.via.sanitize_file.Function HIGH" "shared-files 1.7.43 Limited.Unauthenticated.Stored.Cross-Site.Scripting.via.File.Upload HIGH" "shared-files 1.7.29 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "shared-files 1.7.20 Missing.Authorization MEDIUM" "shared-files 1.7.17 Missing.Authorization.to.Notice.Dismissal MEDIUM" "shared-files 1.7.6 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "shared-files 1.7.1 Reflected.Cross-Site.Scripting MEDIUM" "shared-files 1.6.72 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "shared-files 1.6.61 Admin+.Stored.Cross-Site.Scripting LOW" "shared-files 1.6.57 Admin+.Stored.Cross-Site.Scripting LOW" "showtime-slideshow No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "stock-locations-for-woocommerce 2.8.7 Missing.Authorization MEDIUM" "stock-locations-for-woocommerce 2.6.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "surbma-gdpr-proof-google-analytics 17.8.2 Reflected.Cross-Site.Scripting MEDIUM" "surbma-gdpr-proof-google-analytics 17.6.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "surbma-gdpr-proof-google-analytics 17.5.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "search-order-by-product-sku-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "stockists-manager No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "sync-wc-google 9.0 Unauthenticated.SQL.Injection HIGH" "sync-wc-google 9.0 Cross-Site.Request.Forgery MEDIUM" "simple-wp-events 1.9.0 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "simple-wp-events 1.9.0 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "simple-wp-events 1.9.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shiftcontroller 4.9.67 Reflected.Cross-Site.Scripting MEDIUM" "shiftcontroller 4.9.65 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "shiftcontroller 4.9.58 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "shiftcontroller 4.9.24 CSRF MEDIUM" "shiftcontroller 4.9.26 Reflected.Cross-Site.Scripting MEDIUM" "special-box-for-content No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "softtemplates-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sb-child-list No.known.fix Settings.Update.via.CSRF MEDIUM" "seo-title-tag No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "seo-for-woocommerce 1.6.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "sitemap-index No.known.fix Admin+.XSS LOW" "shortcodes-anywhere No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "super-forms 6.0.4 Reflected.Cross-Site.Scripting MEDIUM" "super-forms 4.9.703 Unauthenticated.PHP.File.Upload.to.RCE CRITICAL" "soccer-engine-lite 1.13 Cross-Site.Request.Forgery MEDIUM" "secure-copy-content-protection 4.5.6 Admin+.Stored.XSS LOW" "secure-copy-content-protection 4.4.5 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "secure-copy-content-protection 4.4.8 Missing.Authorization.to.Unauthenticated.User.Email.Retrieval.via.ays_sccp_reports_user_search.Function MEDIUM" "secure-copy-content-protection 4.2.4 Reflected.Cross-Site.Scripting MEDIUM" "secure-copy-content-protection 4.1.7 Admin+.Stored.XSS LOW" "secure-copy-content-protection 4.1.7 Admin+.Stored.XSS LOW" "secure-copy-content-protection 4.0.9 Admin+.Stored.XSS LOW" "secure-copy-content-protection 3.9.1 Missing.Authorization MEDIUM" "secure-copy-content-protection 3.7.2 Missing.Authorization MEDIUM" "secure-copy-content-protection 2.8.2 Unauthenticated.SQL.Injection HIGH" "secure-copy-content-protection 2.6.7 Authenticated.Blind.SQL.Injections HIGH" "sa-post-author-filter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "smart-youtube No.known.fix Cross-Site.Request.Forgery MEDIUM" "spreadshirt-rss-3d-cube-flash-gallery No.known.fix Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "superstorefinder-wp 7.5 Unauthenticated.SQL.Injection HIGH" "superstorefinder-wp 7.1 Unauthenticated.SQL.Injection.to.Stored.Cross-Site.Scripting HIGH" "superstorefinder-wp 6.9.8 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "superstorefinder-wp 6.9.8 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "superstorefinder-wp 6.9.8 Unauthenticated.SQL.Injection CRITICAL" "superstorefinder-wp 6.9.4 Unauthenticated.Email.Creation/Sending MEDIUM" "superstorefinder-wp 6.5 Unauthenticated.SQL.Injections CRITICAL" "superstorefinder-wp 6.2 Unauthenticated.Arbitrary.File.Upload CRITICAL" "simplelender-by-umatidocs-com No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "smtp-mail 1.3.21 Cross.Site.Request.Forgery MEDIUM" "smtp-mail 1.3.43 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "smtp-mail 1.2 Reflected.Cross-Site.Scripting.(XSS) HIGH" "smtp-mail 1.2.2 Authenticated.SQL.Injections MEDIUM" "surecart 2.29.4 Reflected.Cross-Site.Scripting MEDIUM" "surecart 2.5.1 Admin+.Stored.XSS LOW" "scrollto-bottom No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "simple-iframe 1.2.0 Contributor+.Stored.XSS MEDIUM" "social-button No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "supportbubble No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "supportbubble No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "social-gallery-lite No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "social-gallery-lite No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "shortcode-for-redirection No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "schema-and-structured-data-for-wp 1.36 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "schema-and-structured-data-for-wp 1.34.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.url.Attribute MEDIUM" "schema-and-structured-data-for-wp 1.30 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.How.To.and.FAQ.Blocks MEDIUM" "schema-and-structured-data-for-wp 1.27 Contributor+.reCaptcha.Key.Update MEDIUM" "schema-and-structured-data-for-wp 1.27 Authenticated.Stored.XSS MEDIUM" "schema-and-structured-data-for-wp 1.26 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "schema-and-structured-data-for-wp 1.24 Contributor+.Stored.XSS MEDIUM" "secure-downloads 1.2.3 Admin+.Arbitrary.File.Download MEDIUM" "socialsnap 1.4 Admin+.Stored.XSS LOW" "socialsnap 1.3.6 Missing.Authorization MEDIUM" "syndicate-out No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "stripe-payments 2.0.87 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.accept_stripe_payment_ng.Shortcode MEDIUM" "stripe-payments 2.0.80 Insecure.Direct.Object.Reference MEDIUM" "stripe-payments 2.0.64 Admin+.Stored.Cross-Site.Scripting LOW" "stripe-payments 2.0.40 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "staff-directory-pro No.known.fix Reflected.Cross-Site.Scripting.via.add_query_arg.Function MEDIUM" "staff-directory-pro No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "staff-directory-pro 4.0 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "staff-directory-pro 4.0 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "share-on-diaspora 0.7.2 XSS MEDIUM" "smooth-dynamic-slider No.known.fix Reflected.Cross-Site.Scriptign MEDIUM" "shiny-buttons No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "slide-anything 2.4.9 Author+.Stored.XSS MEDIUM" "slide-anything 2.3.47 Author+.Cross.Site.Scripting.in.slide.title MEDIUM" "slide-anything 2.3.44 Editor+.Stored.Cross-Site.Scripting LOW" "slide-anything 2.3.41 Contributor+.SQLi HIGH" "seraphinite-old-slugs-mgr 1.4 Cross-Site.Request.Forgery MEDIUM" "speakout 4.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "speakout 2.14.15.1 Unauthenticated.SQLi HIGH" "speakout 2.13.3 Reflected.Cross-Site.Scripting HIGH" "simple-load-more No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sk-wp-settings-backup No.known.fix Cross-Site.Request.Forgery.to.PHP.Object.Injection HIGH" "speedsize-ai-image-optimizer 1.5.2 Cross-Site.Request.Forgery.to.Clear.Cache MEDIUM" "show-google-analytics-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "spamreferrerblock No.known.fix Admin+.Stored.XSS LOW" "spamreferrerblock No.known.fix Cross-Site.Request.Forgery MEDIUM" "shortcode-in-comment No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "svg-block 1.1.25 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "svg-block 1.1.20 Author+.Stored.XSS.via.SVG.File.Upload MEDIUM" "snipe-nginx-cache No.known.fix Missing.Authorization MEDIUM" "sky-elementor-addons 3.0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sky-elementor-addons 2.6.3 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Arbitrary.Options.Update HIGH" "sky-elementor-addons 2.6.2 Cross-Site.Request.Forgery.to.Limited.Arbitrary.Options.Update HIGH" "sky-elementor-addons 2.6.2 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Content.Switcher.Widget.Elementor.Template MEDIUM" "sky-elementor-addons 2.5.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sky-elementor-addons 2.5.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sky-elementor-addons 2.5.8 Contributor+.Stored.XSS MEDIUM" "sky-elementor-addons 2.5.0 Authenticated(Contributor+).Stored.Cross-site.scripting.via.Wrapper.Link.URL MEDIUM" "sb-chart-block 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.className.Parameter MEDIUM" "sliding-widgets No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "schema-app-structured-data-for-schemaorg 2.2.5 Reflected.Cross-Site.Scripting MEDIUM" "schema-app-structured-data-for-schemaorg 2.2.1 Cross-Site.Request.Forgery MEDIUM" "schema-app-structured-data-for-schemaorg 2.2.1 Missing.Authorization MEDIUM" "schema-app-structured-data-for-schemaorg 1.22.4 Missing.Authorization.via.page_init MEDIUM" "smarty-for-wordpress No.known.fix Admin+.Stored.XSS LOW" "smarty-for-wordpress No.known.fix Settings.Update.via.CSRF MEDIUM" "saan-world-clock No.known.fix Contributor+.Stored.XSS MEDIUM" "shared-counts 1.5.0 Missing.Authorization.to.Arbitrary.Email.Sending MEDIUM" "sheetdb No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "smart-slider-3 3.5.1.23 Contributor+.Stored.XSS.via.SVG.Upload MEDIUM" "smart-slider-3 3.5.1.14 Contributor+.Stored.XSS MEDIUM" "smart-slider-3 3.5.1.11 Contributor+.Stored.XSS MEDIUM" "smart-slider-3 3.5.1.11 PHP.Object.Injection MEDIUM" "smart-slider-3 3.5.0.9 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "sr-partner No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "scheduled-announcements-widget 1.0 Contributor+.Stored.XSS MEDIUM" "social-media-widget 4.0.9 Admin+.Stored.XSS LOW" "svg-complete No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "sksdev-toolkit No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shibboleth 1.8 Cross-Site.Scripting.(XSS) MEDIUM" "simple-google-static-map No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-long-form No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "spotlightr 0.1.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "secupress 2.3.10 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Plugin.Installation MEDIUM" "secupress 2.2.5.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "secupress 2.3 Missing.Authorization MEDIUM" "secupress 2.3 Contributor+.Stored.XSS MEDIUM" "secupress 2.2.5.2 Cross-Site.Request.Forgery.to.Banned.IP.Address MEDIUM" "secupress 2.0 Unauthenticated.Arbitrary.IP.Ban MEDIUM" "social-media-links No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "shiftnav-responsive-mobile-menu 1.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shiftnav-responsive-mobile-menu 1.7.2 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "slash-admin 3.8.2 Cross-Site.Request.Forgery MEDIUM" "skt-templates 6.15 Reflected.Cross-Site.Scripting MEDIUM" "skt-templates 4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-pricing-table No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "slideshow-jquery-image-gallery No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "slideshow-jquery-image-gallery No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "slideshow-jquery-image-gallery 2.2.22 Option.Value.Disclosure HIGH" "saoshyant-element No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-pricing-tables-vc-extension No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-ads-manager No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "simple-ads-manager 2.9.5.118 SQL.Injection MEDIUM" "single-user-chat No.known.fix Authenticated.(Subscriber+).Limited.Options.Update HIGH" "sfwd-lms 4.20.0.3 Missing.Authorization MEDIUM" "sfwd-lms 4.10.2 Sensitive.Information.Exposure.via.assignments MEDIUM" "sfwd-lms 4.10.2 Sensitive.Information.Exposure.via.API MEDIUM" "sfwd-lms 4.10.3 Sensitive.Information.Exposure.via.API MEDIUM" "sfwd-lms 4.5.3.1 SQL.Injection MEDIUM" "sfwd-lms 4.6.0.1 User.Account.Takeover.via.Insecure.Direct.Object.References HIGH" "sfwd-lms 3.1.6 Unauthenticated.SQL.Injection CRITICAL" "sfwd-lms 3.1.2 Reflected.Cross.Site.Scripting.(XSS).issue.on.the.[ld_profile].search.field. MEDIUM" "sfwd-lms 2.5.4 Unauthenticated.Arbitrary.File.Upload CRITICAL" "spider-event-calendar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "spider-event-calendar 1.5.52 Admin+.SQL.injection MEDIUM" "spider-event-calendar 1.5.52 Authenticated.Blind.SQL.Injection CRITICAL" "spider-event-calendar 1.4.14 Unauthenticated.SQL.Injection HIGH" "sprout-clients 3.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sprout-clients No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sprout-clients 3.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sprout-clients 3.2 Subscriber+.Arbitrary.Option.Update CRITICAL" "szechenyi-2020-logo No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "smart-app-banner 1.1.4 Admin+.Stored.XSS LOW" "smart-app-banner 1.1.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "search-filter-pro 2.5.20 Missing.Authorization.to.Authenticated.(Subscriber+).Post.Meta.Exposure MEDIUM" "search-filter-pro 2.5.18 Admin+.Stored.XSS LOW" "smio-push-notification No.known.fix Unauthenticated.SQL.Injection HIGH" "simple-facebook-plugin 1.5.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "simple-facebook-plugin 1.5.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "simple-social-buttons 6.0.0 Admin+.Stored.XSS LOW" "simple-social-buttons 5.1.1 Unauthenticated.Password.Protected.Post.Access MEDIUM" "simple-social-buttons 3.2.4 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "simple-social-buttons 3.2.3 Contributor+.Stored.XSS MEDIUM" "simple-social-buttons 3.2.1 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "simple-social-buttons 3.2.0 Reflected.Cross-Site.Scripting CRITICAL" "simple-social-buttons 2.0.22 Authenticated.Option.Injection HIGH" "sql-reporting-services No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sql-reporting-services No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simply-exclude No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "stop-spammer-registrations-plugin No.known.fix Cross-Site.Request.Forgery.to.Multiple.Administrative.Actions MEDIUM" "stop-spammer-registrations-plugin 2024.5 Cross-Site.Request.Forgery.(CSRF).via.sfs_process MEDIUM" "stop-spammer-registrations-plugin 2023 Admin+.Stored.XSS LOW" "stop-spammer-registrations-plugin 2023 Reflected.XSS HIGH" "stop-spammer-registrations-plugin 2022.6 Unauthenticated.PHP.Object.Injection MEDIUM" "stop-spammer-registrations-plugin 2021.18 Authenticated.Stored.XSS LOW" "stop-spammer-registrations-plugin 2021.9 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "seed-social 2.0.4 Admin+.Stored.XSS LOW" "safetymails-forms No.known.fix Cross-Site.Request.Forgery HIGH" "shopp-arrange No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "script-planner No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "script-planner No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "smart-shopify-product No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Content.Deletion MEDIUM" "srs-simple-hits-counter 1.1.1 Settings.Update.via.CSRF MEDIUM" "srs-simple-hits-counter 1.1.0 1.0.4.-.Unauthenticated.Blind.SQL.Injection CRITICAL" "slider-video 1.4.8 Slider.Carousel.<.1.4.8.-.Admin+.Stored.Cross-Site.Scripting LOW" "super-video-player 1.6.13 Reflected.Cross-Site.Scripting MEDIUM" "super-video-player 1.6.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "stripe-manager No.known.fix Authenticated.(Administrator+).SQL.Injection HIGH" "sticky-chat-widget 1.1.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "shayanweb-admin-fontchanger No.known.fix Cross-Site.Request.Forgery MEDIUM" "social-networks-auto-poster-facebook-twitter-g No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "social-networks-auto-poster-facebook-twitter-g 4.4.4 Cross-Site.Request.Forgery.to.Arbitrary.Post.Deletion MEDIUM" "social-networks-auto-poster-facebook-twitter-g 4.4.4 Unauthenticated.Stored.Cross-Site.Scripting.via.User.Agent MEDIUM" "social-networks-auto-poster-facebook-twitter-g 4.4.4 Subscriber+.Sensitive.Information.Exposure MEDIUM" "social-networks-auto-poster-facebook-twitter-g 4.4.3 Reflected.Cross-Site.Scripting.via.code MEDIUM" "social-networks-auto-poster-facebook-twitter-g 4.3.26 Reflected.Cross-Site.Scripting MEDIUM" "social-networks-auto-poster-facebook-twitter-g 4.3.25 Arbitrary.Post.Deletion.via.CSRF MEDIUM" "social-networks-auto-poster-facebook-twitter-g 4.3.24 Unauthenticated.Stored.XSS HIGH" "social-networks-auto-poster-facebook-twitter-g 4.3.21 Reflected.Cross-Site.Scripting HIGH" "social-networks-auto-poster-facebook-twitter-g 4.3.18 Insufficient.Privilege.Validation HIGH" "social-networks-auto-poster-facebook-twitter-g 4.2.8 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "social-networks-auto-poster-facebook-twitter-g 3.4.18 CSRF.to.Stored.XSS MEDIUM" "seo-automated-link-building 2.5.3 Missing.Authorization MEDIUM" "seo-automated-link-building 2.1.1 Multiple.Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "simple-audioplayer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "scriptless-social-sharing No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "scriptless-social-sharing 3.2.2 Contributor+.Stored.XSS MEDIUM" "simple-sponsorships No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-sponsorships 1.8.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "smaily-for-wp No.known.fix Cross-Site.Request.Forgery MEDIUM" "smaily-for-wp 3.1.6 Contributor+.Stored.XSS MEDIUM" "simplesamlphp-authentication No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sv-provenexpert 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "sv-provenexpert 1.8.01 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "send-booking-invites-to-friends No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "siteguard 1.7.7 Login.Page.Disclosure MEDIUM" "smart-grid-gallery 1.1.5 Vimeo.and.YouTube.Gallery.<.1.1.5.-.Admin+.Stored.Cross-Site.Scripting LOW" "simple-site-verify 1.0.8 Admin+.Stored.XSS LOW" "simple-blog-card 1.32 Subscriber+.Arbitrary.Post.Access MEDIUM" "simple-blog-card 1.31 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "single-post-exporter No.known.fix Plugin's.Settings.Update.via.CSRF MEDIUM" "smart-product-gallery-slider No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "school-management No.known.fix Authenticated.(Student+).Local.File.Inclusion HIGH" "school-management No.known.fix Unauthenticated.SQL.Injection HIGH" "school-management No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "school-management No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "school-management 93.0.0 Authenticated.(Subscriber+).SQL.Injection.via.'mj_smgt_show_event_task' MEDIUM" "school-management No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "school-management No.known.fix Student+.Account.Takeover.and.Privilege.Escalation HIGH" "school-management No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "school-management 93.0.0 Authenticated.(Student+).SQL.Injection.via.'view-attendance' MEDIUM" "school-management 92.0.0 Authenticated.(Student+).Arbitrary.File.Upload HIGH" "school-management 92.0.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "smart-popup-blaster No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "smart-popup-blaster No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "survey-maker 5.1.6.4 Unauthenticated.Authorization.Bypass MEDIUM" "survey-maker 5.1.3.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "survey-maker 5.1.3.4 Authenticated.(Admin+).Stored.Cross-Site.Scripting.via.Survey.Question MEDIUM" "survey-maker 5.0.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "survey-maker 4.9.6 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "survey-maker 4.2.9 Admin+.Stored.XSS.via.Plugin.Settings LOW" "survey-maker 3.6.4 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "survey-maker 4.1.0 IP.Address.Spoofing MEDIUM" "survey-maker 4.0.7 Reflected.Cross-Site.Scripting MEDIUM" "survey-maker 4.0.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "survey-maker 3.4.7 Reflected.XSS HIGH" "survey-maker 3.1.2 Subscriber+.SQLi HIGH" "survey-maker 3.1.4 Unauthenticated.Stored.XSS HIGH" "survey-maker 2.0.7 Unauthenticated.Store.Cross-Site.Scripting MEDIUM" "survey-maker 1.5.6 Authenticated.Blind.SQL.Injections HIGH" "survey-maker 1.5.6 Reflected.Cross-Site.Scripting.(XSS) HIGH" "save-import-image-from-url No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "slick-social-share-buttons No.known.fix Authenticated.(Subscriber+).Arbitrary.Option.Update HIGH" "squeeze 1.6.1 Authenticated.(Admin+).Full.Path.Disclosure LOW" "squeeze 1.6.1 Authenticated.(Admin+).Arbitrary.File.Upload HIGH" "squeeze 1.4.1 Authenticated.(Admin+).Arbitrary.File.Upload CRITICAL" "smoove-elementor 4.2.0 Reflected.Cross-Site.Scripting MEDIUM" "scheduled No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "selar-co-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-download-button-shortcode No.known.fix Sensitive.Data.Disclosure MEDIUM" "sendgrid-email-delivery-simplified No.known.fix Authenticated.Authorization.Bypass MEDIUM" "seofy-core No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "simple-map-no-api No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-map-no-api No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.width.Parameter MEDIUM" "smooth-scrolling-links-ssl No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "simple-download-monitor 3.9.26 Authenticated.(Administrator+).SQL.Injection MEDIUM" "simple-download-monitor 3.9.11 Contributor+.Stored.Cross-Site.Scripting.via.Shortcodes MEDIUM" "simple-download-monitor 3.9.9 Multiple.CSRF MEDIUM" "simple-download-monitor 3.9.6 Arbitrary.Thumbnails.Removal MEDIUM" "simple-download-monitor 3.9.5 Reflected.Cross-Site.Scripting HIGH" "simple-download-monitor 3.9.6 Unauthorised.Log.Reset MEDIUM" "simple-download-monitor 3.9.6 Unauthenticated.Log.Access MEDIUM" "simple-download-monitor 3.9.5 Contributor+.Stored.Cross-Site.Scripting.via.File.Thumbnail MEDIUM" "simple-download-monitor 3.9.5 Contributor+.Arbitrary.File.Download.via.Path.Traversal MEDIUM" "simple-download-monitor 3.8.9 Unauthenticated.Cross-Site.Scripting MEDIUM" "simple-download-monitor 3.8.9 SQL.Injection MEDIUM" "simple-download-monitor 3.5.4 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "subscribe2 10.44 Unauthenticated.Stored.Cross-Site.Scripting.via.IP.Parameter HIGH" "subscribe2 10.41 Sending.Emails.via.CSRF MEDIUM" "subscribe2 10.41 Missing.Access.Controls MEDIUM" "subscribe2 10.38 User.Deletion.via.CSRF HIGH" "subscribe2 10.16 XSS MEDIUM" "silvasoft-boekhouden No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "silvasoft-boekhouden No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "simple-facebook-twitter-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-facebook-twitter-widget No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "smartsearchwp 2.4.6 Unauthenticated.OpenAI.Key.Disclosure MEDIUM" "smartsearchwp 2.4.5 Unauthenticated.Log.Purge MEDIUM" "smartsearchwp 2.4.5 Unauthenticated.SQLi HIGH" "smartsearchwp 2.4.5 Unauthenticated.Stored.XSS HIGH" "swift-performance-lite 2.3.7.2 Unauthenticated.Local.PHP.File.Inclusion.via.'ajaxify' HIGH" "swift-performance-lite 2.3.6.21 Cross-Site.Request.Forgery MEDIUM" "swift-performance-lite 2.3.6.19 Subscriber+.Settings.Update MEDIUM" "swift-performance-lite 2.3.6.15 Unauthenticated.Configuration.Export MEDIUM" "super-testimonial-pro 1.0.8 Admin+.Stored.Cross-Site.Scripting LOW" "simple-revisions-delete 1.5.4 Cross-Site.Request.Forgery MEDIUM" "simple-responsive-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "spiritual-gifts-survey No.known.fix Unauthenticated.CSRF.to.XSS MEDIUM" "spiritual-gifts-survey No.known.fix Unauthenticated.CSRF.to.XSS MEDIUM" "standout-color-boxes-and-buttons No.known.fix Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "starcat-review No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "starcat-review 0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "save-as-pdf-by-pdfcrowd 4.4.1 Unauthenticated.PHP.Object.Injection HIGH" "save-as-pdf-by-pdfcrowd 4.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "save-as-pdf-by-pdfcrowd 4.0.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "save-as-pdf-by-pdfcrowd 3.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "save-as-pdf-by-pdfcrowd 3.2.1 Missing.Authorization MEDIUM" "save-as-pdf-by-pdfcrowd 3.2.0 Admin+.Stored.XSS LOW" "save-as-pdf-by-pdfcrowd 3.2.2 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "save-as-pdf-by-pdfcrowd 2.16.1 Admin+.Stored.XSS LOW" "srs-player No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "social-media-shortcodes 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "social-rocket No.known.fix Missing.Authorization.to.Settings.Update MEDIUM" "social-rocket No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "social-rocket 1.3.4 Reflected.Cross-Site.Scripting MEDIUM" "social-rocket 1.3.3 Admin+.Stored.Cross-Site.Scripting LOW" "social-rocket 1.2.10 Cross-Site.Request.Forgery.in.Settings MEDIUM" "spideranalyse No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "swift-framework No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Content.Update MEDIUM" "swift-framework No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcodes MEDIUM" "stencies No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "school-management-system 4.2 Admin+.SQLi MEDIUM" "scroll-to-top-builder No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-website-logo No.known.fix Missing.Authorization MEDIUM" "shortcode-for-font-awesome 1.4.1 Contributor+.Stored.XSS MEDIUM" "stylish-price-list 7.1.12 Contributor+.Stored.XSS MEDIUM" "stylish-price-list 7.1.8 Contributor+.Stored.XSS MEDIUM" "stylish-price-list 7.0.18 Missing.Authorization MEDIUM" "stylish-price-list 6.9.1 Subscriber+.Arbitrary.Image.Upload MEDIUM" "stylish-price-list 6.9.0 Unauthenticated.Arbitrary.Image.Upload MEDIUM" "social-icons-widget-by-wpzoom 4.2.18 Admin+.Stored.XSS LOW" "social-icons-widget-by-wpzoom 4.2.16 Missing.Authorization MEDIUM" "simply-rets No.known.fix Reflected.Cross-Site.Scripting HIGH" "simply-rets No.known.fix Cross-Site.Request.Forgery MEDIUM" "simply-rets 3.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sovratec-case-management No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "svgmagic No.known.fix Stored.XSS.via.SVG.Upload MEDIUM" "stars-rating 3.5.1 Comments.Denial.of.Service MEDIUM" "sendpulse-web-push 1.3.7 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "sendpulse-web-push 1.3.2 CSRF MEDIUM" "sight 1.1.3 Missing.Authorization.to.Sensitive.Information.Exposure.in.handler_post_title MEDIUM" "smart-admin-menu-filter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "smart-admin-menu-filter No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "snapshot-backup No.known.fix Stored.XSS.via.CSRF HIGH" "super-transactional-emails-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "super-transactional-emails-for-woocommerce 1.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "seriously-simple-podcasting 3.10.0 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "seriously-simple-podcasting 3.6.0 Reflected.Cross-Site.Scripting.via.add_query_arg.Parameter MEDIUM" "seriously-simple-podcasting 3.3.0 Admin+.Stored.XSS LOW" "seriously-simple-podcasting 3.1.0 Reflected.Cross-Site.Scripting MEDIUM" "seriously-simple-podcasting 3.0.0 Unauthenticated.Administrator.Email.Disclosure MEDIUM" "seriously-simple-podcasting 2.19.1 Contributor+.Stored.XSS MEDIUM" "seriously-simple-podcasting 2.16.1 Arbitrary.Settings.Update.via.CSRF MEDIUM" "smart-google-code-inserter 3.5 Unauthenticated.Cross-Site.Scripting.(XSS) CRITICAL" "smart-google-code-inserter 3.5 Unauthenticated.SQL.Injection CRITICAL" "shortpixel-image-optimiser 5.6.4 Authenticated.(Editor+).SQL.Injection MEDIUM" "shortpixel-image-optimiser 5.6.4 Missing.Authorization MEDIUM" "shortpixel-image-optimiser 5.4.2 Authenticated(Editor+).PHP.Object.Injection MEDIUM" "shortpixel-image-optimiser 4.22.10 Reflected.Cross-Site.Scripting MEDIUM" "simple-youtube-gdpr No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-youtube-gdpr No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "secure-ip-logins No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "secure-ip-logins No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "songkick-concerts-and-festivals 0.10.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "shortcut-macros No.known.fix Subscriber+.Arbitrary.Settings.Update MEDIUM" "simple-rating No.known.fix Cross-Site.Request.Forgery MEDIUM" "squelch-tabs-and-accordions-shortcodes 0.4.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.tab.Shortcode MEDIUM" "squelch-tabs-and-accordions-shortcodes 0.4.8 Cross-Site.Request.Forgery MEDIUM" "squelch-tabs-and-accordions-shortcodes 0.4.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.accordions.Shortcode MEDIUM" "sucuri-scanner 1.8.34 Event.log.Entry.Creation.via.CSRF MEDIUM" "social-share-boost No.known.fix Plugin.Settings.Update.via.CSRF MEDIUM" "social-share-boost 4.5 Admin+.Stored.XSS LOW" "social-share-boost 4.5 Contributor+.Stored.XSS MEDIUM" "shortlinkspro 1.0.8 Authenticated.(Administrator+).SQL.Injection MEDIUM" "stageshow No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.anchor.Parameter MEDIUM" "stageshow 10.0 Reflected.Cross-Site.Scripting MEDIUM" "smart-dofollow No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "sina-extension-for-elementor 3.7.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "sina-extension-for-elementor 3.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Fancy.Text,.Countdown.Widget,.and.Login.Form.Shortcodes MEDIUM" "sina-extension-for-elementor 3.6.0 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.Sina.Image.Differ MEDIUM" "sina-extension-for-elementor 3.5.8 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Sina.Modal.Box.Widget.Elementor.Template MEDIUM" "sina-extension-for-elementor 3.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.read_more_text.Parameter MEDIUM" "sina-extension-for-elementor 3.5.5 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "sina-extension-for-elementor 3.5.4 Authenticated.(Contributor+).Stored.Cross-site.Scriping.via.'Sina.Particle.Layer' MEDIUM" "sina-extension-for-elementor 3.5.4 Authenticated.(Contributor+).DOM-Based.Cross-Site.Scripting MEDIUM" "sina-extension-for-elementor 3.5.2 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "sina-extension-for-elementor 3.5.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Sina.Fancy.Text.Widget MEDIUM" "sina-extension-for-elementor 3.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sina-extension-for-elementor 3.3.12 Contributor+.Stored.XSS MEDIUM" "sina-extension-for-elementor 2.2.1 LFI HIGH" "sticky-popup No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "simple-locator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-locator 2.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "site-offline 1.5.7 Admin+.Stored.XSS LOW" "site-offline 1.5.3 Access.Bypass MEDIUM" "site-offline 1.4.4 Multiple.Cross-Site.Request.Forgery MEDIUM" "shortcode-cleaner-lite No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Export MEDIUM" "shortcodes-for-amp-web-stories-and-elementor-widget 1.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simply-featured-video No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "social-buttons-pack 1.1.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "stylish-google-sheet-reader 4.1 Reflected.XSS HIGH" "stylish-google-sheet-reader 4.1 Reflected.Cross-Site.Scripting HIGH" "sellkit 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "sellkit 1.8.3 Authenticated.(Subscriber+).Arbitrary.File.Download MEDIUM" "scroll-top-advanced No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "share-print-pdf-woocommerce 2.8.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "svg-flags-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "svg-flags-lite 0.9.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-membership-custom-messages 2.5 Reflected.Cross-Site.Scripting MEDIUM" "simple-nav-archives No.known.fix Settings.Update.via.CSRF MEDIUM" "sully 4.3.1 Admin+.Stored.XSS LOW" "sully 4.3.1 Admin+.Stored.XSS.via.CSRF HIGH" "sully 4.3.1 Reflected.XSS HIGH" "sully 4.3.1 Plugin.Reset.via.CSRF MEDIUM" "send-prebuilt-emails No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "send-prebuilt-emails No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "standard-box-sizes 1.6.14 Missing.Authorization MEDIUM" "stock-quotes-list 2.9.12 Contributor+.Stored.XSS MEDIUM" "slider-range-htapps 1.1.6 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "stop-registration-spam No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "stop-registration-spam 1.24 Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "slicewp 1.1.24 Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "slicewp 1.1.19 Reflected.Cross-Site.Scripting MEDIUM" "slicewp 1.1.21 Reflected.Cross-Site.Scripting MEDIUM" "slicewp 1.1.11 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "slicewp 1.0.46 Reflected.Cross-Site.Scripting.(XSS) HIGH" "simplr-registration-form No.known.fix Subscriber+.Arbitrary.User.Password.Change.via.IDOR HIGH" "same-but-different No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-tooltips No.known.fix Admin+.Stored.XSS LOW" "simple-tooltips 2.1.4 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "soundrise-music 1.7.1 Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "simple-booking-widget No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "syndication-links 1.0.2.1 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "socialdriver-framework 2024.04.30 Contributor+.Stored.XSS MEDIUM" "socialdriver-framework 2024.04.30 Reflected.XSS HIGH" "socialdriver-framework 2024.04.30 Admin+.Stored.XSS.via.Settings LOW" "socialdriver-framework 2024.0.0 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "send-emails-with-mandrill 1.4.2 Missing.Authorization MEDIUM" "simplemortgage No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "smart-recent-posts-widget No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "search-everything 8.1.7 SQL.Injection CRITICAL" "search-everything 8.1.6 SQL.Injection CRITICAL" "sketchfab-oembed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-admin-language-change 2.0.2 Arbitrary.User.Locale.Change MEDIUM" "tidyro No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "the-plus-addons-for-block-editor 4.0.8 Missing.Authorization MEDIUM" "the-plus-addons-for-block-editor 4.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-plus-addons-for-block-editor 4.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-plus-addons-for-block-editor 3.2.6 Missing.Authorization MEDIUM" "the-plus-addons-for-block-editor 3.2.6 Reflected.Cross-Site.Scripting MEDIUM" "ttv-easy-embed-player 2.1.1 Admin+.Stored.XSS LOW" "tax-report-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "targetfirst-wordpress-plugin 1.0 Unauthenticated.Stored.XSS.via.Licence.Key HIGH" "tutor 3.4.1 Subscriber+.HTML.Injection MEDIUM" "tutor 2.7.7 User.Registration.Setting.Bypass.to.Unauthorized.User.Registration MEDIUM" "tutor 2.7.7 Unauthenticated.SQL.Injection.via.rating_filter HIGH" "tutor 2.7.5 Cross-Site.Request.Forgery.via.'addon_enable_disable' MEDIUM" "tutor 2.7.3 Authenticated.(Administrator+).SQL.Injection HIGH" "tutor 2.7.4 Authenticated.(Instructor+).Stored.Cross-Site.Scripting MEDIUM" "tutor 2.7.4 Missing.Authorization MEDIUM" "tutor 2.7.3 Cross-Site.Request.Forgery MEDIUM" "tutor 2.7.3 Authenticated.(Tutor.Instructor+).Stored.Cross-Site.Scripting MEDIUM" "tutor 2.7.2 Authenticated.(Admin+).Path.Traversal LOW" "tutor 2.7.2 Tutor.LMS.–.eLearning.and.online.course.solution.<.2,7,2.-Authenticated.(Administrator+).SQL.Injection HIGH" "tutor 2.7.2 Authenticated.(Instructor+).Insecure.Direct.Object.Reference.to.Arbitrary.Quiz.Attempt.Deletion MEDIUM" "tutor 2.7.1 Authenticated.(Instructor+).SQL.Injection HIGH" "tutor 2.7.1 Authenticated.(Instructor+).Insecure.Direct.Object.Reference.to.Arbitrary.Course.Deletion MEDIUM" "tutor 2.7.1 Missing.Authorization CRITICAL" "tutor 2.7.0 Missing.Authorization.to.Unauthenticated.Limited.Options.Update MEDIUM" "tutor 2.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'tutor_instructor_list'.Shortcode MEDIUM" "tutor 2.6.2 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Deletion MEDIUM" "tutor 2.6.2 Cross-Site.Request.Forgery.to.Plugin.Deactivation.and.Data.Erase MEDIUM" "tutor 2.6.2 Authenticated.(Subscriber+).SQL.Injection HIGH" "tutor 2.6.1 Missing.Authorization MEDIUM" "tutor 2.6.1 Student+.HTML.Injection.via.Q&A MEDIUM" "tutor 2.3.0 Admin+.Stored.XSS LOW" "tutor 2.3.0 Subscriber+.Stored.Cross-Site.Scripting HIGH" "tutor 2.2.1 Unauthenticated.Access.to.Tutor.LMS.Lesson.Resources.via.REST.API MEDIUM" "tutor 2.2.0 Unauthenticate.SQL.Injection HIGH" "tutor 2.2.1 Student+.SQL.Injection HIGH" "tutor 2.2.0 Instructor+.SQL.Injection MEDIUM" "tutor 2.0.10 Reflected.Cross-Site.Scripting HIGH" "tutor 2.0.10 Admin+.Stored.Cross-Site.Scripting LOW" "tutor 2.0.9 Reflected.Cross-Site.Scripting MEDIUM" "tutor 1.9.13 Reflected.Cross-Site.Scripting MEDIUM" "tutor 1.9.12 Subscriber+.Stored.Cross-Site.Scripting HIGH" "tutor 1.9.12 Reflected.Cross-Site.Scripting HIGH" "tutor 1.9.11 Reflected.Cross-Site.Scripting MEDIUM" "tutor 1.9.9 Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "tutor 1.9.6 Reflected.Cross-Site.Scripting HIGH" "tutor 1.9.2 Authenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "tutor 1.8.8 Authenticated.Local.File.Inclusion MEDIUM" "tutor 1.7.7 SQL.Injection.via.tutor_mark_answer_as_correct MEDIUM" "tutor 1.8.3 SQL.Injection.via.tutor_quiz_builder_get_question_form MEDIUM" "tutor 1.7.7 SQL.Injection.via.tutor_place_rating MEDIUM" "tutor 1.8.3 SQL.Injection.via.tutor_quiz_builder_get_answers_by_question MEDIUM" "tutor 1.7.7 Unprotected.AJAX.including.Privilege.Escalation HIGH" "tutor 1.8.3 SQL.Injection.via.tutor_answering_quiz_question/get_answer_by_id MEDIUM" "tutor 1.5.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "testimonial-rotator No.known.fix Authenticated.Stored.Cross-Site.Scripting HIGH" "testimonial-rotator 3.0.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "tabulate No.known.fix Reflected.XSS HIGH" "translatepress-multilingual 2.9.7 Admin+.PHP.Object.Injection MEDIUM" "translatepress-multilingual 2.3.3 Admin+.SQLi MEDIUM" "translatepress-multilingual 2.0.9 Authenticated.Stored.Cross-Site.Scripting LOW" "titan-framework No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "titan-framework 1.6 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "timer-countdown No.known.fix Reflected.XSS HIGH" "tier-pricing-table 3.5.1 Reflected.Cross-Site.Scripting MEDIUM" "tier-pricing-table 2.6.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "testimonial-slider-and-showcase 2.3.8 Admin+.Stored.XSS LOW" "testimonial-slider-and-showcase 2.3.7 Author+.Settings.Update LOW" "tablepress 3.1.3 Contributor+.DOM-Based.Stored.XSS.via.Multiple.Parameters MEDIUM" "tablepress 3.1 Author+.Stored.XSS MEDIUM" "tablepress 2.4.3 Author+.Stored.XSS MEDIUM" "tablepress 2.4.3 XXE.Injection MEDIUM" "tablepress 2.3.2 Authenticated.(Author+).Server-Side.Request.Forgery.via.DNS.Rebind MEDIUM" "tablepress 2.2.5 Authenticated(Author+).Server.Side.Request.Forgery(SSRF).via._get_import_files MEDIUM" "tablepress 2.1.5 Reflected.Cross-Site.Scripting MEDIUM" "tablepress 1.8.1 Authenticated.XML.External.Entity.(XXE) MEDIUM" "tradedoubler-affiliate-tracker 2.0.22 Unauthenticated.LFI HIGH" "taxonomy-discounts-woocommerce 5.2 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "tourmaster 5.3.9 Unauthenticated.Local.File.Inclusion CRITICAL" "tourmaster 5.4.1 Reflected.Cross-Site.Scripting MEDIUM" "tourmaster 5.3.8 Tour.Booking,.Travel,.Hotel.<.5.3.8.-.Authenticated.(Subscriber+).SQL.Injection.via.review_id.Parameter MEDIUM" "tourmaster 5.3.5 Reflected.XSS HIGH" "tourmaster 5.3.4 Unauthenticated.Stored.XSS.via.Room.Booking HIGH" "triberr-wordpress-plugin 4.1.2 Admin+.Stored.XSS LOW" "tm-woocommerce-compare-wishlist No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "template-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "template-manager No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "tax-rate-upload No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tax-rate-upload No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tiny-bar 2.1 Reflected.Cross-Site.Scripting MEDIUM" "thrive-ultimatum 2.3.9.4 Unauthenticated.Option.Update MEDIUM" "testimonial 2.0.14 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "testimonial 2.3.8 Admin+.Stored.Cross-Site.Scripting LOW" "tt-custom-post-type-creator No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "total-donations No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "total-donations No.known.fix Update.Arbitrary.WordPress.Option.Values CRITICAL" "tcd-google-maps No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "talkback-secure-linkback-protocol No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "third-party-cookie-eraser No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "tiny-carousel-horizontal-slider No.known.fix Admin+.Stored.XSS LOW" "the-holiday-calendar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-holiday-calendar 1.11.3 Cross-Site.Scripting.(XSS) MEDIUM" "team-rosters No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "team-rosters No.known.fix Reflected.Cross-Site.Scripting.via.'tab' MEDIUM" "team-rosters No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "timely-booking-button No.known.fix Admin+.Stored.XSS LOW" "tweet-wheel 1.0.3.3 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "temporary-login-without-password 1.7.1 Subscriber+.Plugin's.Settings.Update MEDIUM" "thrive-quiz-builder 2.3.9.4 Unauthenticated.Option.Update MEDIUM" "tree-website-map 3.1 Arbitrary.Plugin.Installation/Activation.via.CSRF CRITICAL" "tree-website-map 2.9 Arbitrary.Plugin.Installation/Activation.via.Low.Privilege.User CRITICAL" "tour-operator 2.0.0 Author+.Stored.XSS.via.SVG.File.Upload MEDIUM" "taxonomy-filter 2.2.10 Settings.Update.via.CSRF MEDIUM" "table-maker No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "td-subscription 1.7.1 Authenticated.(Subscriber+).SQL.Injection.via.subscriptionCouponId.Parameter MEDIUM" "td-subscription 1.5 Authenticated.(Admin+).SQL.Injection HIGH" "td-subscription 1.5 Authenticated.(Admin+).SQL.Injection HIGH" "timeline-awesome No.known.fix Author+.Stored.Cross-Site.Scripting LOW" "theme-options-z No.known.fix Cross-Site.Request.Forgery MEDIUM" "tune-library 1.5.5 SQL.Injection HIGH" "twitter-plugin 2.55 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "theme-switcha 3.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "theme-switcha 3.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "truenorth-srcset No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "todo-custom-field No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ti-woocommerce-wishlist-premium 1.40.1 Unauthenticated.Blind.SQL.Injection HIGH" "ti-woocommerce-wishlist-premium 1.21.5 Authenticated.WP.Options.Change HIGH" "timber-library 1.23.1 Authenticated.(Admin+).PHP.Object.Injection HIGH" "taskbuilder No.known.fix Missing.Authorization MEDIUM" "taskbuilder 4.0.2 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "taskbuilder 3.0.7 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "taskbuilder 3.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wppm_tasks.Shortcode MEDIUM" "taskbuilder 3.0.5 Admin+.SQL.Injection MEDIUM" "taskbuilder 3.0.9 Admin+.SQL.Injection MEDIUM" "taskbuilder 1.0.8 Subscriber+.Stored.XSS.via.SVG.file.upload MEDIUM" "typekit No.known.fix Cross-Site.Request.Forgery MEDIUM" "templates-patterns-collection 1.2.3 Sensitive.Information.Exposure.via.Log.File MEDIUM" "telephone-number-linker No.known.fix Contributor+.Stored.XSS MEDIUM" "tidekey No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tori-ajax No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "team-builder-for-wpbakery-page-builder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "team-builder-for-wpbakery-page-builder No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "taobaoke No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tochat-be 1.3.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "traveler-layout-essential-for-elementor 1.4 Unauthenticated.Server-Side.Request.Forgery HIGH" "time-clock-pro 1.1.5 Unauthenticated.(Limited).Remote.Code.Execution HIGH" "trackship-for-woocommerce 1.9.2 Authenticated.(Shop.manager+).SQL.Injection MEDIUM" "trackship-for-woocommerce 1.7.6 Missing.Authorization MEDIUM" "testimonial-slider-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "testimonial-slider-shortcode 1.1.9 Contributor+.Stored.XSS MEDIUM" "tock-widget 1.2 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "testimonials-carousel-elementor 10.2.3 Contributor+.Stored.XSS MEDIUM" "testimonials-carousel-elementor 10.2.1 Missing.Authorization.to.Limited.Setting.Update MEDIUM" "testimonials-carousel-elementor 10.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "translit-it No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "travelpayouts 1.1.17 Open.Redirect MEDIUM" "travelpayouts 1.1.13 Settings.Update.via.CSRF MEDIUM" "travelpayouts 1.1.14 Reflected.XSS HIGH" "travelpayouts 1.0.17 CSRF.Bypass.due.to.Outdated.Redux.Framework MEDIUM" "tp-gallery-slider No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "track-page-scroll No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tagesteller No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "traffic-monitor 3.2.3 Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "tubepressnet No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "thank-me-later No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "themehunk-megamenu-plus No.known.fix Missing.Authorization MEDIUM" "themehunk-megamenu-plus 1.1.1 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "themehunk-megamenu-plus 1.1.0 .Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Updates MEDIUM" "turbo-addons-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tarteaucitronjs 1.9.5 Contributor+.Stored.XSS MEDIUM" "tarteaucitronjs 1.6.1 Cookies.legislation.&.GDPR.<.1.6.1.-.Admin.+.Stored.Cross-Site.Scripting LOW" "tarteaucitronjs 1.6 Cookies.legislation.&.GDPR.<.1.6.-.CSRF.to.Stored.Cross-Site.Scripting MEDIUM" "taboola 2.0.2 CSRF MEDIUM" "traveler-code 3.1.2 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "traveler-code 3.1.2 Unauthenticated.Arbitrary.SQL.Injection HIGH" "totop-link No.known.fix Unauthenticated.PHP.Object.Injection MEDIUM" "tk-smugmug-slideshow-shortcode No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tk-smugmug-slideshow-shortcode No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "traffic-manager No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "traffic-manager No.known.fix Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "testimonials-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "testimonials-widget No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.testimonials.Shortcode MEDIUM" "testimonials-widget 4.0.0 Multiple.Authenticated.Stored.XSS MEDIUM" "tags-cloud-manager No.known.fix Reflected.XSS HIGH" "this-day-in-history No.known.fix Unauthenticated.Reflected.XSS HIGH" "tabbed-login No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "totalpoll-lite 4.10.0 Missing.Authorization MEDIUM" "tourfic 2.15.4 Authenticated.(Admin+).Arbitrary.File.Upload HIGH" "tourfic 2.15.4 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "tourfic 2.11.21 Cross-Site.Request.Forgery.in.Multiple.Functions MEDIUM" "tourfic 2.11.8 Reflected.Cross-Site.Scripting MEDIUM" "tourfic 2.11.16 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "tourfic 2.11.19 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "tourfic 2.11.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "textme-sms-integration 1.9.2 Missing.Authorization MEDIUM" "textme-sms-integration 1.9.1 Subscriber+.Settings.Update MEDIUM" "textme-sms-integration 1.8.9 Authenticated.Stored.XSS LOW" "telegram-bot No.known.fix Cross-Site.Request.Forgery MEDIUM" "telegram-bot 3.6.3 Admin+.Stored.XSS LOW" "themify-portfolio-post 1.2.5 Editor+.Stored.XSS LOW" "themify-portfolio-post 1.2.2 Contributor+.Stored.XSS MEDIUM" "themify-portfolio-post 1.2.1 Contributor+.Stored.XSS MEDIUM" "themify-portfolio-post 1.1.7 Reflected.Cross-Site.Scripting MEDIUM" "themify-portfolio-post 1.1.6 Authenticated.Stored.Cross-Site.Scripting HIGH" "tutor-pro 2.7.3 Missing.Authorization.to.Authenticated.(Subscriber+).Insecure.Direct.Object.Reference HIGH" "tutor-pro 2.7.1 Missing.Authorization HIGH" "tutor-pro 2.7.1 Missing.Authorization.to.Privilege.Escalation HIGH" "tutor-pro 2.7.1 Missing.Authorization.to.SQL.Injection HIGH" "total-cost-input-for-woocommerce 1.0.1 Reflected.Cross-Site.Scripting MEDIUM" "twispay No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tutor-lms-migration-tool No.known.fix Missing.Authorization.in.tutor_lp_export_xml MEDIUM" "tutor-lms-migration-tool No.known.fix Missing.Authorization.in.tutor_import_from_xml MEDIUM" "total-gdpr-compliance-lite 1.0.5 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "toolbar-to-share No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "timed-content 2.73 Contributor+.Stored.XSS MEDIUM" "tgg-wp-optimizer No.known.fix Admin+.Stored.XSS LOW" "team 1.22.26 Reflected.Cross-Site.Scripting HIGH" "team 1.22.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "team 1.22.16 Authenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "team 1.22.16 PHP.Object.Injection HIGH" "testimonials No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "themereps-helper No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "timthumb-vulnerability-scanner No.known.fix Scan.Initialisation.via.CSRF MEDIUM" "twentyfourth-wp-scraper No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "twentyfourth-wp-scraper No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "timeline-and-history-slider 2.4 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "testimonial-widgets 1.4.4 Authenticated.(Contributor+).SQL.Injection HIGH" "testimonial-widgets 1.4.3 Widget.Deletion.via.CSRF MEDIUM" "tamara-checkout 1.9.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-loops No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "texteller No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "team-display No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "team-display No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "themify-ptb 2.1.1 Reflected.Cross-Site.Scripting HIGH" "themify-ptb 2.1.4 Subscriber+.Arbitrary.Post/Page.Creation MEDIUM" "turn-off-comments-for-all-posts No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "teleadmin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "table-genie No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "table-genie No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "theme-tweaker-lite No.known.fix Cross-Site.Request.Forgery MEDIUM" "twitter-real-time-search-scrolling No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "training No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "team-members 5.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "team-members 5.3.2 Author+.Stored.XSS MEDIUM" "team-members 5.2.1 Editor+.Stored.XSS LOW" "team-members 5.1.1 Admin+.Stored.Cross-Site.Scripting LOW" "team-members 5.0.4 Authenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "timeline-event-history No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "timeline-event-history 3.2 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "theme-my-login 7.1.8 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "theme-my-login 7.1.7 Missing.Authorization.to.Notice.Dismissal MEDIUM" "tcbd-tooltip No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tajer No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "two-factor-authentication 1.3.13 Disable.Two.Factor.Authentication.CSRF HIGH" "two-factor-authentication 1.1.10 XSS MEDIUM" "timeline-for-beaver-builder 1.1.4 Editor+.Stored.XSS LOW" "twitterpost No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "th-variation-swatches 1.3.3 1.3.2.-.Cross-Site.Request.Forgery.to.Plugin.Settings.Reset MEDIUM" "twentytwenty No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "typebot 3.6.1 Contributor+.Stored.XSS MEDIUM" "typebot 1.4.3 Admin+.Stored.Cross.Site.Scripting LOW" "transfinanz No.known.fix Reflected.XSS HIGH" "travel-light No.known.fix CSRF.Bypass MEDIUM" "toggles-shortcode-and-widget No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "tcbd-popover No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themify-wc-product-filter 1.5.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "themify-wc-product-filter 1.5.0 WooCommerce.Product.Filter.<.1.5.0.-.Unauthenticated.SQL.Injection.via.conditions.Parameter CRITICAL" "themify-wc-product-filter 1.4.4 Reflected.XSS HIGH" "themify-wc-product-filter 1.4.4 Filter.Deletion.via.CSRF MEDIUM" "themify-wc-product-filter 1.4.4 Admin+.Stored.XSS LOW" "themify-wc-product-filter 1.3.8 WooCommerce.Product.Filter.<.1.3.8.-.Reflected.Cross-Site.Scripting MEDIUM" "tracked-tweets No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "tracked-tweets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "torod 1.8 Missing.Authorization.to.Unauthenticated.Plugin.Settings.Update MEDIUM" "theme-blvd-sliders No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "twb-woocommerce-reviews 1.7.8 Cross-Site.Request.Forgery MEDIUM" "twb-woocommerce-reviews 1.7.6 Admin+.Stored.XSS LOW" "top-bar 3.0.4 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "top-bar 3.0.5 Admin+.Stored.XSS LOW" "top-bar 3.0.4 Admin+.Stored.Cross-Site.Scripting LOW" "terms-dictionary No.known.fix Reflected.Cross-Site.Scripting HIGH" "tcs3 No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "thecartpress No.known.fix Unauthenticated.Arbitrary.Admin.Account.Creation CRITICAL" "thecartpress 1.3.9.3 Multiple.Vulnerabilities HIGH" "tigris-flexplatform No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "trust-payments-hosted-payment-pages-integration No.known.fix Unauthenticated.SQL.Injection HIGH" "tecslider 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "tecslider 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "totalcontest-lite 2.9.0 Reflected.XSS HIGH" "team-showcase-ultimate No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ttt-crop No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "toggle-box No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tournamatch 4.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tournamatch No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tournamatch 4.6.1 Subscriber+.Stored.XSS HIGH" "tournamatch 4.6.1 Admin+.Stored.XSS.via.Ladders LOW" "template-events-calendar 2.3.2 Authenticated.(Contributor+).SQL.Injection.via.shortcode HIGH" "template-events-calendar 2.0 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "template-events-calendar 1.7.2 Reflected.Cross-Site.Scripting.(XSS) HIGH" "tagmaker No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tags-to-meta-keywords 1.0.2 Cross-Site.Request.Forgery.to.Stored.Cross-site.Scripting MEDIUM" "transcoder 1.3.6 Cross-Site.Request.Forgery MEDIUM" "tb-testimonials No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "templines-helper-core 2.8 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "telecash-ricaricaweb No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "thrive-ovation 2.4.5 Unauthenticated.Option.Update MEDIUM" "title-field-validation No.known.fix Unauthorised.AJAX.Calls HIGH" "team-members-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "team-showcase 2.2 Contributor+.Stored.XSS MEDIUM" "thrive-headline-optimizer 1.3.7.3 Unauthenticated.Option.Update MEDIUM" "textboxes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tz-plus-gallery No.known.fix Cross-Site.Request.Forgery MEDIUM" "thrive-dashboard 2.3.9.3 Unauthenticated.Option.Update MEDIUM" "twitter-shortcode No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "treepress 3.0.1 Reflected.Cross-Site.Scripting MEDIUM" "treepress 3.0.0 Admin+.Stored.Cross-Site.Scripting LOW" "treepress 2.0.21 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "tin-canny-learndash-reporting 4.3.0.8 Reflected.Cross-Site.Scripting MEDIUM" "themarketer No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "track-logins No.known.fix Admin+.SQL.Injection MEDIUM" "twigify No.known.fix Vulnerable.Twig.Package MEDIUM" "ts-comfort-database No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "theme-file-duplicator No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Download MEDIUM" "theme-file-duplicator No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "tarteaucitron-wp 0.3.0 Author+.Stored.XSS MEDIUM" "tarteaucitron-wp 0.3.0 Stored.XSS.via.CSRF HIGH" "time-based-greeting No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "the-buffer-button No.known.fix Authenticated.Stored.Cross.Site.Scripting.(XSS) MEDIUM" "ticketsource-events 3.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "thrive-automator 1.17.1 Cross-Site.Request.Forgery MEDIUM" "taketin-to-wp-membership No.known.fix Subscriber+.PHP.Object.Injection HIGH" "thumbs-rating No.known.fix Unauthenticated.Insecure.Direct.Object.Reference MEDIUM" "turitop-booking-system No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "turitop-booking-system No.known.fix Missing.Authorization MEDIUM" "the-very-simple-vimeo-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "team-showcase-cm 25.05.13 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "team-showcase-cm 25.05.13 Missing.Authorization MEDIUM" "tabs-pro 1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "tidy-up No.known.fix Cross-Site.Request.Forgery MEDIUM" "tubepress 1.6.5 XSS MEDIUM" "torro-forms No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "td-cloud-library 2.7 Unauthenticated.Arbitrary.User.Metadata.Update.to.Privilege.Escalation CRITICAL" "themify-builder 7.6.6 Reflected.Cross-Site.Scripting MEDIUM" "themify-builder 7.6.5 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "themify-builder 7.6.6 Contributor+.Stored.XSS MEDIUM" "themify-builder 7.6.3 Reflected.Cross-Site.Scripting MEDIUM" "themify-builder 7.6.2 Missing.Authorization.to.Authenticated.(Contributor+).Post.Duplication MEDIUM" "themify-builder 7.5.8 Open.Redirect MEDIUM" "themify-builder 7.0.6 Cross-Site.Request.Forgery MEDIUM" "themify-builder 5.3.2 Reflected.Cross-Site.Scripting HIGH" "td-composer 5.4 Reflected.Cross-Site.Scripting.via.'data' MEDIUM" "td-composer 5.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Shortcodes MEDIUM" "td-composer 5.4 Unauthenticated.Arbitrary.PHP.Object.Instantiation CRITICAL" "td-composer 5.4 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "td-composer 5.4 Reflected.Cross-Site.Scripting.via.'account_id'.and.'account_username' MEDIUM" "td-composer 5.1 Reflected.Cross-Site.Scripting.via.envato_code[] MEDIUM" "td-composer 5.1 Reflected.Cross-Site.Scripting.via.envato_code[] MEDIUM" "td-composer 4.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.button.Shortcode MEDIUM" "td-composer 4.9 Authenticated.(Contributor+).Local.File.Inclusion.via.Shortcode HIGH" "td-composer 4.9 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Attachment.Meta MEDIUM" "td-composer 4.2 Admin+.Stored.XSS LOW" "td-composer 4.2 Unauthenticated.Stored.XSS HIGH" "td-composer 4.0 Reflected.Cross-site.Scripting HIGH" "td-composer 3.5 Unauthenticated.Account.Takeover CRITICAL" "themify-store-locator 1.2.0 Cross-Site.Request.Forgery MEDIUM" "tm-islamic-helper No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tweeple No.known.fix Reflected.XSS HIGH" "total-sales-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "thesography No.known.fix Admin+.Stored.XSS LOW" "tabgarb No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "tc-ecommerce 1.4.0 Unauthenticated.SQLi HIGH" "tc-ecommerce No.known.fix Password.Change/Account.Takeover/Privilege.Escalation CRITICAL" "text-hover 4.2 Admin+.Stored.Cross-Site.Scripting. LOW" "telegram-for-wp No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "tutor-lms-elementor-addons 2.1.6 Missing.Authorization MEDIUM" "tutor-lms-elementor-addons 2.1.6 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Plugin.Installation MEDIUM" "tutor-lms-elementor-addons 2.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Course.Carousel.Widget MEDIUM" "tutor-lms-elementor-addons 2.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-moneytizer 10.0.1 Missing.Authorization.via.multiple.AJAX.actions HIGH" "the-moneytizer 10.0.1 Cross-Site.Request.Forgery.via.multiple.AJAX.actions HIGH" "the-moneytizer 9.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-post-grid 7.7.18 Contributor+.Local.File.Inclusion HIGH" "the-post-grid 7.5.0 Editor+.Stored.XSS.via.Grid.Creation LOW" "the-post-grid 7.7.12 Authenticated.(Contributor+).Information.Disclosure MEDIUM" "the-post-grid 7.7.5 Missing.Authorization.via.save_block_css MEDIUM" "the-post-grid 7.7.5 Missing.Authorization.via.REST.API MEDIUM" "the-post-grid 7.7.5 Missing.Authorization.via.AJAX MEDIUM" "the-post-grid 7.7.2 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.section.title.tag MEDIUM" "the-post-grid 7.7.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-post-grid 7.7.0 Missing.Authorization MEDIUM" "the-post-grid 7.2.8 Block.CSS.Update.via.CSRF MEDIUM" "the-post-grid 5.0.5 Settings.Update.via.CSRF MEDIUM" "tayori No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "themify-audio-dock 2.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "truebooker-appointment-booking 1.0.8 Cross-Site.Request.Forgery MEDIUM" "truebooker-appointment-booking 1.0.3 Multiple.Unauthenticated.SQLi HIGH" "truebooker-appointment-booking 1.0.3 Settings.Update.via.CSRF MEDIUM" "tippy No.known.fix Contributor+.Stored.XSS MEDIUM" "track-geolocation-of-users-using-contact-form-7 2.1 Admin+.Stored.XSS LOW" "telefication No.known.fix Open.Relay.&.Server-Side.Request.Forgery MEDIUM" "tockify-events-calendar 2.3.0 Contributor+.Stored.XSS MEDIUM" "totalprocessing-card-payments 7.1.8 Shop.Manager+.Arbitrary.File.Download MEDIUM" "totalprocessing-card-payments 7.1.7 Reflected.Cross-Site.Scripting MEDIUM" "totalprocessing-card-payments 7.1.6 Authenticated.(Subscriber+).Arbitrary.File.Download HIGH" "templatespare 2.4.3 Missing.Authorization.to.Authenticated.(Subscriber+).Theme.Update MEDIUM" "twitter-anywhere-plus No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "themeisle-companion 2.10.45 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themeisle-companion 2.10.44 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.title_tag.Parameter MEDIUM" "themeisle-companion 2.10.44 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Pricing.Table.Widget MEDIUM" "themeisle-companion 2.10.37 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "themeisle-companion 2.10.35 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Services.and.Post.Type.Grid.Widgets MEDIUM" "themeisle-companion 2.10.33 Authenticated.(Contributor+).Stored.Cross-Site.Scripiting.via.Registration.Form.Widget MEDIUM" "themeisle-companion 2.10.31 Contributor+.Stored.XSS.via.Form.Widget MEDIUM" "themeisle-companion 2.10.32 Contributor+.Stored.XSS.via.Post.Type.Grid.Widget MEDIUM" "themeisle-companion 2.10.31 Contributor+.Stored.XSS.via.Pricing.Table.Widget MEDIUM" "themeisle-companion 2.10.30 Connected.API.Keys.Update.via.CSRF MEDIUM" "themeisle-companion 2.10.29 Unauthenticated.Connected.API.Keys.Update MEDIUM" "themeisle-companion 2.10.28 Contributor+.Stored.XSS MEDIUM" "themeisle-companion 2.10.27 Contributor+.Stored.XSS MEDIUM" "themeisle-companion 2.10.24 Author+.Server-Side.Request.Forgery MEDIUM" "themeisle-companion 2.10.3 Authenticated.Privilege.Escalation CRITICAL" "themeisle-companion 2.10.3 Authenticated.Stored.Cross.Site.Scripting MEDIUM" "token-login No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "terms-and-conditions-per-product 1.2.16 Missing.Authorization MEDIUM" "terms-and-conditions-per-product 1.2.6 Reflected.Cross-Site.Scripting MEDIUM" "thrive-clever-widgets 1.57.1 Unauthenticated.Option.Update MEDIUM" "tida-url-screenshot 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "tube-video-ads-lite No.known.fix Reflected.XSS HIGH" "terminal-africa No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tuxedo-big-file-uploads 2.1.3 Authenticated.(Author+).Full.Path.Disclosure MEDIUM" "tuxedo-big-file-uploads 2.1.2 Cross-Site.Request.Forgery.via.actions MEDIUM" "tableberg No.known.fix Contributor+.Stored.XSS MEDIUM" "twitter-cards-meta 2.5.0 CSRF.and.XSS HIGH" "tooltip-ck No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "throws-spam-away 3.3.1 Comment.Deletion.via.CSRF MEDIUM" "themefuse-maintenance-mode No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "theasys No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ts-webfonts-for-sakura 3.1.3 Font.Settings.Change.via.CSRF MEDIUM" "ts-webfonts-for-sakura 3.1.1 Admin+.Stored.Cross-Site.Scripting LOW" "ts-webfonts-for-sakura 3.1.3 Font.Type.Settings.Change.via.CSRF MEDIUM" "typer-core No.known.fix Authenticated.(Contributor+).Post.Disclosure MEDIUM" "tidio-gallery No.known.fix .Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "tidio-form No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "tab-my-content No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "themify-event-post 1.3.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "themify-event-post 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themify-event-post 1.2.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "tabs-maker No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tweet-old-custom-post No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "templatesnext-toolkit No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "templatesnext-toolkit No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "templatesnext-toolkit 3.2.9 Contributor+.Stored.XSS MEDIUM" "templatesnext-toolkit 3.2.8 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "templatesnext-toolkit 3.2.8 Contributor+.Stored.XSS MEDIUM" "tp-education 4.5 Contributor+.Stored.XSS MEDIUM" "tk-event-weather No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tk-event-weather No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "timetics 1.0.30 Missing.Authorization MEDIUM" "timetics 1.0.28 AI-powered.Appointment.Booking.Calendar.and.Online.Scheduling.Plugin.<.1.0.28.-.Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.User.Deletion MEDIUM" "timetics 1.0.26 AI-powered.Appointment.Booking.Calendar.and.Online.Scheduling.Plugin.<.1.0.26.-.Insecure.Direct.Object.Reference.to.Unauthenticated.Arbitrary.User.Password/Email.Reset/Account.Takeover CRITICAL" "timetics 1.0.24 Authorization.Bypass MEDIUM" "timetics 1.0.22 AI-powered.Appointment.Booking.with.Visual.Seat.Plan.and.ultimate.Calendar.Scheduling.Plugin.<.1.0.22.-.Missing.Authorization.to.Limited.Privilege.Escalation HIGH" "the-events-calendar-pro 6.4.0.1 Contributor+.Missing.Authorization.to.Authenticated.Arbitrary.Events.Access MEDIUM" "tracking-code-manager 2.4.0 Contributor+.Stored.XSS MEDIUM" "tracking-code-manager 2.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tracking-code-manager 2.3.0 Admin+.Stored.Cross-Site.Scripting LOW" "tracking-code-manager 2.1.0 Tracking.Code.Manager.<.2,1,0.-Admin+.Stored.Cross-Site.Scripting MEDIUM" "toolbar-extras No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "twitter-follow 0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.username.Parameter MEDIUM" "transbank-webpay-plus-rest 1.6.7 Admin+.SQLi MEDIUM" "travelers-map 2.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "typing-text No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "typing-text 1.2.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tk-google-fonts 2.2.12 Missing.Authorization.to.Font.Deletion MEDIUM" "tk-google-fonts 2.2.11 Reflected.Cross-Site.Scripting MEDIUM" "tk-google-fonts 2.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "tx-onepager No.known.fix Admin+.SQLi MEDIUM" "tours 1.0.1 Missing.Authorization MEDIUM" "trusty-woo-products-filter No.known.fix Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "trackserver 5.1.1 Contributor+.Stored.XSS MEDIUM" "trackserver 5.0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "turbosmtp 4.7 Reflected.Cross-Site.Scripting MEDIUM" "turbosmtp 4.7 Reflected.Cross-Site.Scripting.via.'page' MEDIUM" "t-countdown No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "toocheke-companion 1.167 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "tranzly No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tranzly 1.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "trinity-audio 5.20.1 Missing.Authorization MEDIUM" "two-factor-login-telegram 3.1 Authenticated.(Subscriber+).Authentication.Bypass HIGH" "two-factor-login-telegram 3.1 Two-Factor.Authentication.Bypass MEDIUM" "taxonomy-chain-menu 2.0.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.pn_chain_menu.Shortcode MEDIUM" "translation-exchange No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "tc-custom-javascript 1.2.2 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "tangible-loops-and-logic 4.1.5 Reflected.Cross-Site.Scripting MEDIUM" "tinymce-custom-styles 1.1.4 Admin+.Stored.Cross-Site.Scripting LOW" "tinymce-custom-styles 1.1.3 Admin+.Stored.XSS LOW" "theme-my-ontraport-smartform No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "to-top 2.3 Unauthorised.Plugin's.Setting.Change MEDIUM" "threepress 1.7.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tinymce-advanced-qtranslate-fix-editor-problems No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "tradetracker-store 4.6.60 Admin+.SQL.Injection MEDIUM" "tcbd-auto-refresher No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-world No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "theme-duplicator No.known.fix Cross-Site.Request.Forgery MEDIUM" "typea-ftc-disclosure No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "typea-ftc-disclosure No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "thrive-leads 2.3.9.4 Unauthenticated.Option.Update MEDIUM" "trustmate-io-integration-for-woocommerce 1.7.1 Subscriber+.Arbitrary.Blog.Option.Update HIGH" "trustmate-io-integration-for-woocommerce 1.8.12 Subscriber+.Arbitrary.Plugin's.Settings.Update HIGH" "templately 3.1.6 Missing.Authorization MEDIUM" "templately 3.1.6 Missing.Authorization.via.AJAX.actions MEDIUM" "templately 3.1.3 Missing.Authorization MEDIUM" "templately 2.2.6 Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "top-25-social-icons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "the-pack-addon No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-pack-addon 2.1.2 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "the-pack-addon 2.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-pack-addon 2.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-pack-addon 2.1.0 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "the-pack-addon 2.0.9 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "the-pack-addon 2.0.8.7 Authenticated.(contributor+).Local.File.Inclusion HIGH" "the-pack-addon 2.0.8.4 Reflected.Cross-Site.Scripting MEDIUM" "the-pack-addon 2.0.8.3 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "typofr No.known.fix Reflected.Cross-Site.Scripting HIGH" "tripplan 2.0.0 Contributor+.Stored.XSS MEDIUM" "the-plus-addons-for-elementor-page-builder 6.2.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-plus-addons-for-elementor-page-builder 6.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "the-plus-addons-for-elementor-page-builder 6.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-plus-addons-for-elementor-page-builder 6.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-plus-addons-for-elementor-page-builder 6.0.4 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Elementor.Templates MEDIUM" "the-plus-addons-for-elementor-page-builder 5.6.12 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.content_template MEDIUM" "the-plus-addons-for-elementor-page-builder 5.6.3 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "the-plus-addons-for-elementor-page-builder 5.6.3 Missing.Authorization MEDIUM" "the-plus-addons-for-elementor-page-builder 5.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Testimonials.Widget.Settings MEDIUM" "the-plus-addons-for-elementor-page-builder 5.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Video.Widget MEDIUM" "the-plus-addons-for-elementor-page-builder 5.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.TP.Page.Scroll.Widget MEDIUM" "the-plus-addons-for-elementor-page-builder 5.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Widget MEDIUM" "the-plus-addons-for-elementor-page-builder 5.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-plus-addons-for-elementor-page-builder 5.5.3 Contributor+.Stored.XSS MEDIUM" "the-plus-addons-for-elementor-page-builder 5.5.5 Contributor+.Stored.XSS.in.Widgets MEDIUM" "the-plus-addons-for-elementor-page-builder 5.5.3 Contributor+.Stored.XSS MEDIUM" "the-plus-addons-for-elementor-page-builder 5.5.5 Contributor+.Stored.XSS.via.Hover.Card.Widget MEDIUM" "the-plus-addons-for-elementor-page-builder 5.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Age.Gate MEDIUM" "the-plus-addons-for-elementor-page-builder 5.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-plus-addons-for-elementor-page-builder 5.5.0 Contributor+.Stored.Cross-Site.Scripting.via.Countdown.Widget MEDIUM" "the-plus-addons-for-elementor-page-builder 5.4.2 Contributor+.LFI MEDIUM" "the-plus-addons-for-elementor-page-builder 5.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.Header.Meta.Content.Widget MEDIUM" "the-plus-addons-for-elementor-page-builder 5.3.4 Contributor+.Stored.XSS MEDIUM" "the-plus-addons-for-elementor-page-builder 2.0.7 Contributor+.Arbitrary.File.Access MEDIUM" "the-plus-addons-for-elementor-page-builder 2.0.7 Contributor+.Privilege.Escalation HIGH" "the-plus-addons-for-elementor-page-builder 2.0.6 Contributor+.Stored.XSS MEDIUM" "theme-changer 1.5 Cross-Site.Request.Forgery MEDIUM" "twitter-card-generator No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "teachpress No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "teachpress No.known.fix Cross-Site.Request.Forgery.to.Import.Delete MEDIUM" "teachpress 9.0.8 Authenticated.(Contributor+).SQL.Injection MEDIUM" "teachpress 9.0.6 Cross-Site.Request.Forgery.via.delete_database() MEDIUM" "teachpress 9.0.5 Cross-Site.Request.Forgery MEDIUM" "teachpress 9.0.3 Reflected.Cross-Site.Scripting HIGH" "teachpress 8.1.9 Reflected.Cross-Site.Scripting HIGH" "top-comments No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "twitter-news-feed No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "thumbnail-grid 6.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "transition-slider-lite No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "toggle-the-title No.known.fix XSS MEDIUM" "trademe-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "timeline-pro 1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.[placeholder] MEDIUM" "tabs-shortcode-and-widget No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "trash-duplicate-and-301-redirect No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Deletion HIGH" "total-security 3.4.1 XSS.&.Settings.Change MEDIUM" "tinymce-and-tinymce-advanced-professsional-formats-and-styles No.known.fix Cross-Site.Request.Forgery.via.bb_taps_backend_page MEDIUM" "tabs-for-visual-composer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tagembed-widget 5.9 Missing.Authorization MEDIUM" "tagembed-widget 4.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "twenty20 No.known.fix Contributor+.Stored.XSS MEDIUM" "themedy-toolbox No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themedy-toolbox 1.0.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Shortcodes MEDIUM" "titan-labs-security-audit No.known.fix Admin+.Stored.Cross.Site.Scripting LOW" "telsender 1.14.12 Subscriber+.Settings.Update MEDIUM" "tinymce-annotate No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "tinymce-annotate No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "timeline-designer No.known.fix Authenticated.(Admin+).SQL.Injection MEDIUM" "terms-popup-on-user-login No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "temp-mail 1.0.1 Reflected.Cross-Site.Scripting MEDIUM" "twitter-bootstrap-collapse-aka-accordian-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "twitter-bootstrap-collapse-aka-accordian-shortcode No.known.fix Stored.XSS.via.Shortcode HIGH" "testimonials-showcase 1.9.18 Missing.Authorization MEDIUM" "tlp-portfolio 2.8.11 WordPress.Portfolio.<.2.8.11.-.Contributor+.Stored.XSS MEDIUM" "track-the-click 0.3.12 Author+.Time-Based.Blind.SQL.Injection HIGH" "templatesnext-onepager No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "term-and-category-based-posts-widget 4.9.13 Admin+.Stored.XSS LOW" "ticket-tailor 1.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "testimonial-builder 1.6.2 Editor+.Stored.Cross-Site.Scripting LOW" "testimonial-builder 1.6.0 Admin+.Stored.Cross-Site.Scripting LOW" "template-kit-export 1.0.22 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "timeline-calendar No.known.fix Authenticated.(admin+).SQL.Injection HIGH" "tabbed 1.3.2 Accordion,.FAQ.<.1.3.2.-.Unauthenticated.AJAX.Calls CRITICAL" "ts-webfonts-for-conoha 2.0.4 Admin+.Stored.XSS LOW" "termin-kalender 1.00.04 Missing.Authorization.to.Authenticated.(Subscriber+) MEDIUM" "tera-charts No.known.fix Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "top-flash-embed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "task-scheduler No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "task-scheduler 1.6.1 Folders.Disclosure.via.Outdated.jQueryFileTree.Library MEDIUM" "tour-booking-manager 1.8.8 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "tour-booking-manager 1.8.8 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "tour-booking-manager 1.8.6 Missing.Authorization MEDIUM" "tour-booking-manager 1.7.8 Missing.Authorization MEDIUM" "tour-booking-manager 1.7.2 Missing.Authorization.via.ttbm_new_place_save MEDIUM" "tour-booking-manager 1.6.1 Cross-Site.Request.Forgery MEDIUM" "travelfic-toolkit 1.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "terms-of-use-2 No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "transients-manager 2.0.7 Cross-Site.Request.Forgery MEDIUM" "taggbox-widget No.known.fix Cross-Site.Request.Forgery MEDIUM" "taggbox-widget 3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "taggbox-widget 3.2 Unauthenticated.PHP.Object.Injection CRITICAL" "taggbox-widget No.known.fix Missing.Authorization MEDIUM" "taggbox-widget No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "taggbox-widget No.known.fix Cross-Site.Request.Forgery MEDIUM" "tumult-hype-animations 1.9.16 Authenticated.(Author+).Arbitrary.File.Upload.via.hypeanimations_panel.Function CRITICAL" "tumult-hype-animations 1.9.15 Missing.Authorization MEDIUM" "tumult-hype-animations 1.9.12 Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "tumult-hype-animations 1.9.13 Authenticated.(Author+).Arbitrary.File.Upload HIGH" "themesflat-addons-for-elementor 2.2.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themesflat-addons-for-elementor No.known.fix Contributor+.Stored.XSS MEDIUM" "themesflat-addons-for-elementor 2.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themesflat-addons-for-elementor 2.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themesflat-addons-for-elementor 2.2.2 Contributor+.Stored.XSS MEDIUM" "themesflat-addons-for-elementor 2.2.2 Contributor+.Information.Exposure LOW" "themesflat-addons-for-elementor 2.2.2 Contributor+.Stored.XSS MEDIUM" "themesflat-addons-for-elementor 2.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Widget.Tags MEDIUM" "themesflat-addons-for-elementor 2.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.URLs MEDIUM" "themesflat-addons-for-elementor 2.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.in.Multiple.Widgets MEDIUM" "themesflat-addons-for-elementor 2.1.3 Contributor+.Stored.XSS.via.Widget.Titles MEDIUM" "themify-ptb-search 1.4.0 Post.Type.Builder.Search.Addon.<.1.4.0.-.Reflected.Cross-Site.Scripting MEDIUM" "tag-groups 2.0.5 Reflected.Cross-Site.Scripting MEDIUM" "tag-groups 2.0.4 Missing.Authorization.to.Information.Exposure MEDIUM" "tag-groups 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "tag-groups 1.43.10.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "tripay-payment-gateway 3.2.8 Admin+.Stored.XSS LOW" "text-selection-color No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "target-notifications No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tailored-tools No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-sorter No.known.fix Authenticated.SQL.Injection MEDIUM" "template-kit-import 1.0.15 Author+.Stored.XSS MEDIUM" "testimonial-slider-showcase-pro No.known.fix Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "testimonial-slider-showcase-pro No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "twitter-friends-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "thinktwit 1.7.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "tapfiliate 3.0.13 Admin+.Stored.XSS LOW" "theme-editor 2.9 Authenticated.(Admin+).PHAR.Deserialization HIGH" "theme-editor 2.8 Admin+.Arbitrary.File.Upload HIGH" "theme-editor 2.6 Authenticated.Arbitrary.File.Download MEDIUM" "theme-editor 2.2 Multiple.Vulnerabilities CRITICAL" "tatsu 3.3.12 Unauthenticated.RCE CRITICAL" "tr-easy-google-analytics No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "twitter-posts No.known.fix Settings.Update.via.CSRF MEDIUM" "tiny-compress-images 3.4.4 Cross-Site.Request.Forgery MEDIUM" "timesheet 0.1.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "thrive-comments 1.4.15.3 Unauthenticated.Option.Update MEDIUM" "tweet-old-post 9.0.11 PHP.Object.Injection LOW" "team-118group-agent No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Content.Deletion MEDIUM" "theme-blvd-responsive-google-maps No.known.fix Contributor+.XSS MEDIUM" "terms-descriptions 3.4.7 Reflected.Cross-Site.Scripting MEDIUM" "terms-descriptions 2.4.8 Admin+.Stored.XSS LOW" "terms-descriptions 3.4.5 Reflected.XSS HIGH" "team-showcase-supreme 7.5 Editor+.Local.File.Inclusion HIGH" "team-showcase-supreme 4.5 Editor+.Stored.Cross-Site.Scripting LOW" "trust-form 2.0.1 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "themify-shortcodes 2.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themify-shortcodes 2.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themify-shortcodes 2.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.themify_button.Shortcode MEDIUM" "themify-shortcodes 2.0.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themify-shortcodes 2.0.8 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "tenweb-speed-optimizer 2.24.18 Unauthenticated.Arbitrary.Option.Deletion HIGH" "ti-woocommerce-wishlist 2.10.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "ti-woocommerce-wishlist 2.10.0 Contributor+.Stored.XSS MEDIUM" "ti-woocommerce-wishlist 2.9.2 Unauthenticated.Plugin.Setup.Wizard.Access HIGH" "ti-woocommerce-wishlist 2.9.1 Unauthenticated.SQL.Injection.via.lang.parameters HIGH" "ti-woocommerce-wishlist 2.9.0 Unauthenticated.SQL.Injection HIGH" "ti-woocommerce-wishlist 1.7.0 Reflected.Cross-Site.Scripting MEDIUM" "ti-woocommerce-wishlist 1.40.1 Unauthenticated.Blind.SQL.Injection HIGH" "ti-woocommerce-wishlist 1.21.12 Authenticated.WP.Options.Change HIGH" "terraclassifieds No.known.fix TerraClassifieds.<=.2,0,3.Unauthenticated.Arbitrary.File.Upload CRITICAL" "terraclassifieds No.known.fix Cross-Site.Request.Forgery HIGH" "team-section 1.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tlp-food-menu 5.2.0 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "tablesome 1.0.34 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "tablesome 1.0.26 Cross-Site.Request.Forgery MEDIUM" "tablesome 1.0.28 Reflected.Cross-Site.Scripting MEDIUM" "tablesome 1.0.15 Reflected.Cross-Site.Scripting MEDIUM" "tablesome 1.0.9 Reflected.XSS MEDIUM" "tablesome 0.6.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "theme-builder-for-elementor 1.2.3 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "tilda-publishing 0.3.24 Subscriber+.Unauthorised.Action MEDIUM" "theme-blvd-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "tailpress No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "tinycode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tweetscroll-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "text-advertisements No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tf-numbers-number-counter-animaton 2.0.1 Subscriber+.Arbitrary.Option.Update HIGH" "thrive-apprentice 2.3.9.4 Unauthenticated.Option.Update MEDIUM" "turisbook-booking-system No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tripetto 8.0.10 Cross-Site.Request.Forgery.to.Arbitrary.Results.Deletion MEDIUM" "tripetto 8.0.10 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "tripetto 8.0.9 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "tripetto 8.0.7 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "tripetto No.known.fix Unauthentiated.Stored.Cross-Site.Scripting.via.Form.File.Upload HIGH" "tripetto 7.0.1 Reflected.Cross-Site.Scripting MEDIUM" "tripetto 5.2.0 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "tripetto 5.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "theme-demo-import 1.1.1 Admin+.Arbitrary.File.Upload MEDIUM" "themify-icons 2.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tabs-shortcode No.known.fix Contributor+.XSS.via.Shortcode MEDIUM" "theatre No.known.fix Missing.Authorization MEDIUM" "theatre 0.18.7 Reflected.Cross-Site.Scripting MEDIUM" "theatre 0.18.4 Admin+.Stored.XSS LOW" "tiny-carousel-horizontal-slider-plus No.known.fix Admin+.Stored.XSS MEDIUM" "teaser-maker-standard No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "tml-2fa 1.2 .Lack.of.Rate.Limiting MEDIUM" "tsb-occasion-editor No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "themes4wp-youtube-external-subtitles No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "top-10 4.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "top-10 3.2.5 Admin+.Stored.XSS LOW" "top-10 3.2.3 Contributor+.Stored.XSS MEDIUM" "top-10 2.9.5 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "testimonial-slider 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "testimonial-slider 1.3.2 Stored.XSS.via.CSRF MEDIUM" "testimonial-slider 1.2.5 Authenticated.SQL.Injection HIGH" "testimonial-slider 1.3.2 Authenticated.Stored.Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "tawkto-live-chat 0.6.0 Subscriber+.Visitor.Monitoring.&.Chat.Removal HIGH" "teamleader-form-integration 2.1.0 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "tainacan 0.21.15 Unauthenticated.Arbitrary.File.Deletion MEDIUM" "tainacan 0.21.13 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "tainacan 0.21.11 Reflected.Cross-Site.Scripting MEDIUM" "tainacan 0.21.9 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "tainacan 0.21.8 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Read MEDIUM" "tainacan 0.21.4 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "tainacan 0.21.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tainacan 0.20.8 Missing.Authorization MEDIUM" "tainacan 0.20.7 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "tainacan 0.20.5 Reflected.Cross-Site.Scripting MEDIUM" "thoughtful-comments 0.3.6 Missing.Authorization LOW" "table-of-contents-plus 2411.1 Admin+.Stored.XSS LOW" "table-of-contents-plus 2411 Cross-Site.Request.Forgery MEDIUM" "table-of-contents-plus 2309 Settings.Update.via.CSRF MEDIUM" "table-of-contents-plus 2309 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "table-of-contents-plus 2212 Contributor+.Stored.XSS MEDIUM" "tube-video-curator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "timeline-block-block 1.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themeshark-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "twittee-text-tweet No.known.fix Reflected.XSS HIGH" "taeggie-feed 0.1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "thrive-visual-editor 2.6.7.4 Unauthenticated.Option.Update MEDIUM" "trustist-reviewer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tabs-responsive 2.2.8 Editor+.Stored.Cross-Site.Scripting LOW" "themeegg-toolkit No.known.fix Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "tiempocom No.known.fix Stored.XSS.via.CSRF HIGH" "tiempocom No.known.fix Reflected.XSS HIGH" "tiempocom No.known.fix Shortcode.Deletion.via.CSRF MEDIUM" "ticket-help-desk-system-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tickera-event-ticketing-system 3.5.5.3 Missing.Authorization MEDIUM" "tickera-event-ticketing-system 3.5.4.9 Unauthenticated.Customer.Data.Exposure MEDIUM" "tickera-event-ticketing-system 3.5.4.6 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "tickera-event-ticketing-system 3.5.2.9 Missing.Authorization.to.Authenticated.(Susbcriber+).Ticket.Deletion MEDIUM" "tickera-event-ticketing-system 3.5.2.7 Missing.Authorization MEDIUM" "tickera-event-ticketing-system 3.5.2.5 Ticket.leakage.through.IDOR MEDIUM" "tickera-event-ticketing-system 3.5.1.0 Plugin.Data.Deletion.via.CSRF LOW" "tickera-event-ticketing-system 3.4.9.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "tickera-event-ticketing-system 3.4.8.3 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "tickera-event-ticketing-system 3.4.6.9 Unauthenticated.Sensitive.Data.Exposure HIGH" "tagregator No.known.fix Stored.XSS MEDIUM" "tablesearch No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "timeslot 1.3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "transportersio 2.1.2 Stored.XSS.via.CSRF HIGH" "table-addons-for-elementor 2.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via._id.Parameter MEDIUM" "thrive-ab-page-testing 1.4.13.3 Unauthenticated.Option.Update MEDIUM" "thirstyaffiliates 3.10.5 Subscriber+.unauthorized.image.upload.+.CSRF LOW" "thirstyaffiliates 3.10.5 Subscriber+.Arbitrary.Affiliate.Links.Creation LOW" "thirstyaffiliates 3.9.3 Authenticated.Stored.XSS MEDIUM" "twchat No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "twchat 3.1.5 Multiple.CSRF MEDIUM" "twchat 3.1.5 Admin+.Local.File.Inclusion LOW" "teleport No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ts-tree No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Content.Deletion MEDIUM" "timeline-widget-addon-for-elementor 1.5.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "testimonial-free 3.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "testimonial-free 2.6.0 Contributor+.Stored.XSS MEDIUM" "testimonial-free 2.1.7 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "threewp-broadcast 51.02 Reflected.Cross-Site.Scripting MEDIUM" "tiger-form 2.1.0 Reflected.XSS HIGH" "time-clock 1.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "time-clock 1.2.3 Unauthenticated.(Limited).Remote.Code.Execution HIGH" "theme-junkie-shortcodes No.known.fix Contributor+.Stored.XSS.via.Shortcodes MEDIUM" "toast-stick-anything No.known.fix Missing.Authorization HIGH" "toast-stick-anything No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "the-permalinker 1.9.0 Contributor+.Stored.XSS MEDIUM" "thinkific-uploader No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "tedwp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tedwp 0.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "time-sheets 1.29.3 Admin+.Stored.XSS LOW" "time-sheets 1.5.2 Multiple.XSS MEDIUM" "translation-pro No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "the-logo-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tinymce-extended-config No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "theperfectweddingnl-widget 2.9 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting HIGH" "terms-before-download No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "thesis-openhook 4.3.1 Subscriber+.Remote.Code.Execution CRITICAL" "tiny-contact-form No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "task-manager-pro 3.6.34 Follower+.SQLi HIGH" "task-manager-pro 3.6.34 Multiple.Cross-Site.Scripting MEDIUM" "the-events-calendar 6.13.2.1 Contributor+.DOM-Based.Stored.XSS MEDIUM" "the-events-calendar 6.12.0 Subscriber+.Import.Creation MEDIUM" "the-events-calendar 6.9.1 Contributor+.Stored.XSS MEDIUM" "the-events-calendar 6.8.2.1 Unauthenticated.Password.Protected.Event.Disclosure MEDIUM" "the-events-calendar 6.7.1 Trashed.Events.Restoration.via.CSRF MEDIUM" "the-events-calendar 6.6.4.1 Unauthenticated.SQL.Injection MEDIUM" "the-events-calendar 6.6.4 Admin+.Stored.XSS LOW" "the-events-calendar 6.5.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "the-events-calendar 6.5.1.5 Cross-Site.Request.Forgery.via.action_restore_events MEDIUM" "the-events-calendar 6.4.0.1 Contributor+.Arbitrary.Events.Access LOW" "the-events-calendar 6.4.0.1 Contributor+.Missing.Authorization.to.Authenticated.Arbitrary.Events.Access MEDIUM" "the-events-calendar 6.4.0.1 Reflected.XSS HIGH" "the-events-calendar 6.2.9 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "the-events-calendar 6.2.8.1 Unauthenticated.Arbitrary.Password.Protected.Post.Read MEDIUM" "the-events-calendar 6.1.0 Reflected.Cross-Site.Scripting MEDIUM" "the-events-calendar 5.14.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "the-events-calendar 5.14.0 Reflected.Cross-Site.Scripting MEDIUM" "the-events-calendar 4.8.2 XSS MEDIUM" "tpg-get-posts No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tito No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "transposh-translation-filter-for-wordpress No.known.fix Settings.Update.via.Authorization.Bypass MEDIUM" "transposh-translation-filter-for-wordpress No.known.fix Admin+.SQL.Injection MEDIUM" "transposh-translation-filter-for-wordpress No.known.fix Subscriber+.Unauthorised.Calls MEDIUM" "transposh-translation-filter-for-wordpress No.known.fix Unauthenticated.Settings.Change MEDIUM" "transposh-translation-filter-for-wordpress No.known.fix Usernames.Disclosure MEDIUM" "transposh-translation-filter-for-wordpress 1.0.8 Reflected.Cross-Site.Scripting MEDIUM" "transposh-translation-filter-for-wordpress 1.0.8 Stored.Cross-Site.Scripting MEDIUM" "transposh-translation-filter-for-wordpress 1.0.8 Admin+.RCE MEDIUM" "transposh-translation-filter-for-wordpress 1.0.8 CSRF.to.Stored.XSS HIGH" "tlp-team 5.0.0 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "tlp-team 4.4.2 Editor+.Stored.XSS LOW" "tlp-team 4.1.2 Subscriber+.Arbitrary.File.Read.and.Deletion CRITICAL" "turbo-widgets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "turbo-widgets No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "turbo-widgets No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "tabs-with-posts No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tabs-with-posts No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "th23-social No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "the-visitor-counter No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "trustmary 1.0.10 Contributor+.Stored.XSS MEDIUM" "topbar-id-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tec-subscriber-addons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tec-subscriber-addons 2.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "taggator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "truepush-free-web-push-notifications No.known.fix Missing.Authorization MEDIUM" "total-team-lite 1.1.2 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "tax-switch-for-woocommerce 1.4.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.class-name.Parameter MEDIUM" "thim-elementor-kit 1.2.9 Missing.Authorization MEDIUM" "thim-elementor-kit 1.2.9.1 Contributor+.Stored.XSS MEDIUM" "thim-elementor-kit 1.1.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "thim-elementor-kit 1.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "theme-per-user 1.0.2 Unauthenticated.PHP.Object.Injection HIGH" "tipsacarrier 1.5.0.5 Unauthenticated.SQLi HIGH" "tipsacarrier 1.5.0.5 Unauthenticated.Orders.Disclosure MEDIUM" "table-of-contents No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tribute-testimonial-gridslider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "trendy-restaurant-menu No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "testimonial-add 3.5.8.5 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "telugu-bible-verse-daily No.known.fix CSRF.to.Stored.XSS HIGH" "translator No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ultimate-flipbox-addon-for-elementor 1.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "underconstruction 1.22 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "underconstruction 1.20 Construction.Mode.Deactivation.via.CSRF MEDIUM" "underconstruction 1.21 Admin+.Stored.Cross-Site.Scripting LOW" "underconstruction 1.19 Reflected.Cross-Site.Scripting HIGH" "ultimate-addons-for-contact-form-7 3.5.13 Authenticated.(Administrator+).Arbitrary.File.Upload.via.'save_options' HIGH" "ultimate-addons-for-contact-form-7 3.2.1 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-addons-for-contact-form-7 3.2.11 Missing.Authorization MEDIUM" "ultimate-addons-for-contact-form-7 3.2.1 Reflected.XSS HIGH" "ultimate-addons-for-contact-form-7 3.1.29 Reflected.XSS HIGH" "ultimate-addons-for-contact-form-7 3.1.29 Admin+.Stored.XSS LOW" "ultimate-addons-for-contact-form-7 3.1.24 Subscriber+.SQL.Injection HIGH" "ultimate-addons-for-contact-form-7 3.1.24 Subscriber+.SQLi HIGH" "ultimate-addons-for-contact-form-7 3.1.24 Unauthenticated.SQLi HIGH" "ultimate-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-addons-for-elementor 1.9 Missing.Authorization MEDIUM" "uix-page-builder 1.7.5 Reflected.Cross-Site.Scripting MEDIUM" "user-magic No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "user-avatar 1.4.12 Reflected.XSS HIGH" "uncanny-automator-pro 5.3.0.1 Reflected.Cross-Site.Scripting MEDIUM" "uncanny-automator-pro 5.3.0.1 Cross-Site.Request.Forgery.to.License.Setting.Reset MEDIUM" "uncanny-automator-pro 5.3.0.1 Missing.Authorization.to.Unauthenticated.License.Setting.Reset MEDIUM" "unusedcss 2.4.5 Missing.Authorization MEDIUM" "unusedcss 2.4.5 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Setting.Reset MEDIUM" "unusedcss 2.4.3 Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Settings.Modification.and.SQL.Injection HIGH" "unusedcss 2.2.12 Unauthenticated.Server-Side.Request.Forgery HIGH" "unusedcss 1.7.2 Multiple.Subscriber+.Unauthorised.AJAX.Calls MEDIUM" "unusedcss 1.7.2 Unauthorised.AJAX.Calls MEDIUM" "unusedcss 1.6.36 Subscriber+.SQLi HIGH" "users-customers-import-export-for-wp-woocommerce 2.6.3 Directory.Traversal.to.Authenticated.(Administrator+).Limited.Arbitrary.File.Read.via.download_file.Function MEDIUM" "users-customers-import-export-for-wp-woocommerce 2.6.3 Directory.Traversal.to.Authenticated.(Administrator+).Limited.Arbitrary.File.Deletion.via.admin_log_page.Function LOW" "users-customers-import-export-for-wp-woocommerce 2.6.3 Authenticated.(Admin+).PHP.Object.Injection.via.form_data.Parameter HIGH" "users-customers-import-export-for-wp-woocommerce 2.6.3 Authenticated.(Administrator+).Server-Side.Request.Forgery.via.validate_file.Function HIGH" "users-customers-import-export-for-wp-woocommerce 2.5.4 Authenticated.(Admin+).PHP.Object.Injection HIGH" "users-customers-import-export-for-wp-woocommerce 2.5.3 Authenticated.(Shop.Manager+).Path.Traversal LOW" "users-customers-import-export-for-wp-woocommerce 2.4.9 Shop.Manager+.Arbitrary.File.Upload HIGH" "users-customers-import-export-for-wp-woocommerce 2.4.2 Shop.Manager+.Privilege.Escalation HIGH" "users-customers-import-export-for-wp-woocommerce 1.3.9 Authenticated.Arbitrary.User.Creation HIGH" "users-customers-import-export-for-wp-woocommerce 1.3.2 CSV.Injection HIGH" "user-spam-remover 1.1 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "uptime-robot No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "uncanny-learndash-toolkit 3.7.0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "uncanny-learndash-toolkit 3.7.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "uncanny-learndash-toolkit 3.6.4.2 Cross-Site.Request.Forgery.(CSRF) HIGH" "user-login-history 2.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "user-login-history 1.6 Cross-Site.Scripting.(XSS) MEDIUM" "userbase-access-control No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "universal-analytics 1.3.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-blocks 3.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "ultimate-blocks 3.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-blocks 3.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-blocks 3.2.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-blocks 3.2.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.content.Parameter MEDIUM" "ultimate-blocks 3.2.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-blocks 3.2.4 Contributor+.Stored.XSS MEDIUM" "ultimate-blocks 3.2.2 Contributor+.Stored.XSS MEDIUM" "ultimate-blocks 3.2.0 Contributor+.Stored.XSS MEDIUM" "ultimate-blocks 3.2.0 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Blocks MEDIUM" "ultimate-blocks 3.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.title.tag.attribute MEDIUM" "ultimate-blocks 3.1.9 Contributor+.Stored.XSS MEDIUM" "ultimate-blocks 3.1.1 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.metabox MEDIUM" "ultimate-blocks 3.1.7 Contributor+.Stored.XSS MEDIUM" "ultimate-blocks 3.0.1 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-blocks 2.4.13 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "unlimited-popups No.known.fix Author+.SQL.Injection HIGH" "user-toolkit 1.2.4 Authenticated.(Subscriber+).Authentication.Bypass HIGH" "user-session-synchronizer No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ut-demo-importer No.known.fix Cross-Site.Request.Forgery.to.Remote.Code.Execution HIGH" "uptodown-apk-download-widget 0.1.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "useinfluence No.known.fix Cross-Site.Request.Forgery MEDIUM" "unlock-addons-for-elementor No.known.fix Contributor+.Stored.XSS MEDIUM" "ultimate-live-cricket-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "uncanny-automator 6.5.0 Missing.Authorization MEDIUM" "uncanny-automator 6.4.0.2 Unauthenticated.PHP.Object.Injection.in.automator_api_decode_message.Function CRITICAL" "uncanny-automator 6.5.0 Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Settings.Update MEDIUM" "uncanny-automator 6.4.0 Subscriber+.Privilege.Escalation HIGH" "uncanny-automator 6.3 Authenticated.(Admin+).Server-Side.Request.Forgery.via.Webhook MEDIUM" "uncanny-automator 5.1.0.3 Sensitive.Information.Exposure.via.Log.File MEDIUM" "user-meta-manager No.known.fix Reflected.XSS HIGH" "user-meta-manager No.known.fix CSRF MEDIUM" "user-meta No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "user-meta No.known.fix Insecure.Direct.Object.Reference.to.Sensitive.Information.Exposure MEDIUM" "user-meta 3.1 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "user-meta 2.4.4 Subscriber+.Local.File.Enumeration.via.Path.Traversal LOW" "user-meta 2.4.3 Admin+.Stored.Cross-Site.Scripting LOW" "url-shortify 1.10.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "url-shortify 1.7.9.1 Admin+.Stored.XSS LOW" "url-shortify 1.7.6 Unauthenticated.Stored.XSS.via.referer.header CRITICAL" "url-shortify 1.7.3 Reflected.Cross-Site.Scripting MEDIUM" "url-shortify 1.7.0 Admin+.Cross.Site.Scripting LOW" "url-shortify 1.5.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "url-shortify 1.5.1 Arbitrary.Link/Group.Deletion.via.CSRF MEDIUM" "ultimate-carousel-for-elementor No.known.fix Contributor+.Stored.XSS MEDIUM" "ultimate-member 2.10.4 Admin+.Arbitrary.Function.Call MEDIUM" "ultimate-member 2.10.2 Unauthenticated.Blind.SQL.Injection HIGH" "ultimate-member 2.10.1 Unauthenticated.SQLi HIGH" "ultimate-member 2.10.0 Authenticated.SQL.Injection MEDIUM" "ultimate-member 2.9.2 Information.Exposure MEDIUM" "ultimate-member 2.9.2 Unauthenticated.SQL.Injection HIGH" "ultimate-member 2.9.0 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.User.Profile.Picture.Update MEDIUM" "ultimate-member 2.8.7 Cross-Site.Request.Forgery.to.Membership.Status.Change MEDIUM" "ultimate-member 2.8.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-member 2.8.4 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "ultimate-member 2.8.3 2.8.2.-.Unauthenticated.SQL.Injection MEDIUM" "ultimate-member 2.6.7 Unauthenticated.Privilege.Escalation CRITICAL" "ultimate-member 2.6.1 Form.Duplication.via.CSRF MEDIUM" "ultimate-member 2.5.1 Admin+.RCE MEDIUM" "ultimate-member 2.5.1 Admin+.LFI.via.Traversal LOW" "ultimate-member 2.5.1 Subscriber+.RCE HIGH" "ultimate-member 2.5.1 Contributor+.LFI.via.Traversal MEDIUM" "ultimate-member 2.4.0 Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "ultimate-member 2.3.2 Open.Redirect MEDIUM" "ultimate-member 2.1.20 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-member 2.1.12 Unauthenticated.Privilege.Escalation.via.User.Roles CRITICAL" "ultimate-member 2.1.12 Unauthenticated.Privilege.Escalation.via.User.Meta CRITICAL" "ultimate-member 2.1.12 Authenticated.Privilege.Escalation.via.Profile.Update CRITICAL" "ultimate-member 2.1.7 Unauthenticated.Open.Redirect MEDIUM" "ultimate-member 2.1.3 Insecure.Direct.Object.Reference.(IDOR) MEDIUM" "ultimate-member 2.0.54 Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-member 2.0.52 CSRF.and.Stored.XSS.issues MEDIUM" "ultimate-member 2.0.46 Multiple.Vulnerabilities HIGH" "ultimate-member 2.0.40 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "ultimate-member 2.0.33 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "ultimate-member 2.0.28 Multiple.XSS MEDIUM" "ultimate-member 2.0.22 Authenticated.Cross-Site.Scripting.(XSS) HIGH" "ultimate-member 2.0.22 Unauthenticated.Arbitrary.File.Upload HIGH" "ultimate-member 2.0.18 Authenticated.Cross-Site.Scripting.(XSS) HIGH" "ultimate-member 2.0.4 Multiple.Issues HIGH" "ultimate-member 2.0.7 Multiple.Cross-Site.Request.Forgery.Issues HIGH" "ultimate-member 2.0.4 Multiple.XSS MEDIUM" "ultimate-member 1.3.76 Unauthenticated.Change.Passwords HIGH" "ultimate-member 1.3.65 Local.File.Inclusion MEDIUM" "ultimate-member 1.3.40 Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-member 1.3.29 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-member 1.3.18 Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-member 1.2.995 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-member 1.0.84 Multiple.Vulnerabilities HIGH" "upqode-google-maps No.known.fix Contributor+.Stored.XSS MEDIUM" "ultimatewoo No.known.fix PHP.Object.Injection MEDIUM" "under-construction-page 3.97 Multiple.CSRF MEDIUM" "under-construction-page 3.86 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "user-ip-and-location 2.2.1 Contributor+.Stored.XSS MEDIUM" "ultimate-bootstrap-elements-for-elementor 1.5.0 Unauthenticated.Local.File.Inclusion CRITICAL" "ultimate-bootstrap-elements-for-elementor 1.4.7 Authenticated.(Contributor+).Sensitive.Information.Exposure MEDIUM" "ultimate-bootstrap-elements-for-elementor 1.4.5 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "ultimate-bootstrap-elements-for-elementor 1.4.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "ultimate-bootstrap-elements-for-elementor 1.3.7 Contributor+.Stored.XSS MEDIUM" "upfiv-complete-all-in-one-seo-wizard No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "upfiv-complete-all-in-one-seo-wizard No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "under-construction-maintenance-mode 1.1.2 Server.Side.Request.Forgery.(SSRF) MEDIUM" "under-construction-maintenance-mode 1.1.2 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "universal-email-preference-center No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "userlike 2.3 Admin+.Stored.Cross-Site.Scripting LOW" "uji-popup No.known.fix Contributor+.Stored.XSS MEDIUM" "ultimate-responsive-image-slider 3.5.12 Ultimate.Responsive.Image.Slider.<.3.5.12.-.Subscriber+.Arbitrary.Post.Access MEDIUM" "ubermenu 3.8.4 Cross-Site.Request.Forgery.to.Settings.Reset HIGH" "ubermenu 3.8.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Shortcodes MEDIUM" "ultimate-sms-notifications 1.9.9.6 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-sms-notifications 1.8.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ultimate-sms-notifications 1.4.2 CSV.Injection MEDIUM" "ultimate-posts-widget 2.3.1 Admin+.Stored.XSS LOW" "ultimate-posts-widget 2.2.5 Subscriber+.Plugin.Installation MEDIUM" "ultimate-posts-widget 2.2.5 Plugin.Installation.via.CSRF MEDIUM" "url-coupons-for-woocommerce-by-algoritmika 1.7.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "user-profile-meta No.known.fix Cross-Site.Request.Forgery.to.Privilege.Escalation MEDIUM" "ultimate-addons-for-beaver-builder-lite 1.5.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-addons-for-beaver-builder-lite 1.5.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Advanced.Icons.Widget MEDIUM" "ultimate-addons-for-beaver-builder-lite 1.5.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Separator.Widget MEDIUM" "ultimate-addons-for-beaver-builder-lite 1.5.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Info.Table.Widget MEDIUM" "ultimate-addons-for-beaver-builder-lite 1.5.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Heading.Widget MEDIUM" "ultimate-addons-for-beaver-builder-lite 1.5.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Widget MEDIUM" "uncanny-learndash-groups 6.1.1 Missing.Authorization.to.Authenticated.(Group.Leader+).User.Group.Add LOW" "uncanny-learndash-groups 6.1.1 Authenticated.(Group.Leader+).Privilege.Escalation HIGH" "userpro-mediamanager No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Options.Update CRITICAL" "userpro-mediamanager No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "uncode-core 2.9.1.7 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution.in.uncode_get_medias MEDIUM" "uncode-core 2.8.7 Reflected.Cross-Site.Scripting MEDIUM" "uncode-core 2.8.9 Privilege.Escalation HIGH" "uncode-core 2.8.9 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "ultimate-social-media-plus 3.6.3 Missing.Authorization.to.Notice.Dismissal MEDIUM" "ultimate-social-media-plus 3.5.8 Subscriber+.Plugin.Installation MEDIUM" "ultimate-social-media-plus 3.5.8 Plugin.Installation.via.CSRF MEDIUM" "ultimate-social-media-plus 3.2.8 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-social-media-plus 3.0.4 Subscriber+.Arbitrary.Option.Update CRITICAL" "username-updater 1.0.5 Arbitrary.Username.Update.via.CSRF MEDIUM" "uber-classic No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "ultimate-noindex-nofollow-tool No.known.fix Settings.Update.via.CSRF MEDIUM" "update-theme-and-plugins-from-zip-file No.known.fix CSRF MEDIUM" "ultimate-addons-for-gutenberg 2.19.1 Contributor+.Stored.XSS MEDIUM" "ultimate-addons-for-gutenberg 2.16.3 Contributor+.Stored.XSS.via.Team.Widget MEDIUM" "ultimate-addons-for-gutenberg 2.15.1 Authenticated.(Contributor+).Stored.Cross-site.Scripting MEDIUM" "ultimate-addons-for-gutenberg 2.13.8 Missing.Authorization.via.generate_ai_content MEDIUM" "ultimate-addons-for-gutenberg 2.13.1 Author+.Stored.XSS MEDIUM" "ultimate-addons-for-gutenberg 2.12.9 Contributor+.Stored.XSS.via.Image.Gallery.Block MEDIUM" "ultimate-addons-for-gutenberg 2.12.9 Contributor+.Stored.XSS.via.Testimonial.Block MEDIUM" "ultimate-addons-for-gutenberg 2.12.7 Contributor+.Path.Traversal MEDIUM" "ultimate-addons-for-gutenberg 2.10.4 Authenticated(Contributor+).Cross-Site.Scripting.via.Custom.CSS MEDIUM" "ultimate-addons-for-gutenberg 2.7.10 Contributor+.Stored.XSS MEDIUM" "ultimate-addons-for-gutenberg 1.15.0 Contributor+.Stored.Cross-Side.Scripting MEDIUM" "ultimate-addons-for-gutenberg 1.25.6 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-accordion No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "user-domain-whitelist 1.5 .user-domain-whitelist.php.Domain.Whitelisting.Manipulation.CSRF HIGH" "user-menus 1.3.2 Reflected.Cross-Site.Scripting MEDIUM" "user-menus 1.2.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "user-role-editor 4.64.4 Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "unitimetable No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "ultimeter 2.8.3 Reflected.Cross-Site.Scripting MEDIUM" "ultimeter 2.7.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ultimeter 1.9.3 Subscriber+.Arbitrary.Option.Update CRITICAL" "user-files No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "ultimate-infinite-scroll 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "uber-grid No.known.fix Missing.Authorization.to.Unauthenticated.Portfolio.Update MEDIUM" "uber-grid No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "uber-grid No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "uber-grid No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "user-verification 1.0.94 Authentication.Bypass CRITICAL" "user-referral-free No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "urbango-membership 1.1 Unauthenticated.Privilege.Escalation CRITICAL" "ultimate-dashboard 3.8.6 Admin+.Stored.XSS LOW" "ultimate-dashboard 3.8.6 Admin+.Stored.XSS LOW" "ultimate-dashboard 3.8.6 Admin+.Stored.XSS LOW" "ultimate-dashboard 3.8.8 Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Modules.Activation/Deactivation MEDIUM" "ultimate-dashboard 3.7.12 Admin+.Stored.XSS LOW" "ultimate-dashboard 3.7.11 Login.Page.Disclosure.on.Multi-site MEDIUM" "ultimate-dashboard 3.7.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.plugin.settings MEDIUM" "ultimate-dashboard 3.7.6 Admin+.Stored.XSS LOW" "ulisting No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "ulisting No.known.fix Admin+.SQL.Injection MEDIUM" "ulisting No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Meta.Update.and.PHP.Object.Injection HIGH" "ulisting No.known.fix Subscriber+.Privilege.Escalation HIGH" "ulisting 2.1.7 Authenticated.(Contributor+).SQL.Injection MEDIUM" "ulisting 2.1.7 Unauthenticated.SQL.Injection HIGH" "ulisting 2.1.6 Unauthenticated.Information.Exposure MEDIUM" "ulisting 2.0.9 Arbitrary.Blog.Option.Update.via.CSRF HIGH" "ulisting 2.0.6 Reflected.Cross-Site.Scripting MEDIUM" "ulisting 2.0.6 Modify.User.Roles.via.CSRF MEDIUM" "ulisting 2.0.6 Unauthenticated.Privilege.Escalation MEDIUM" "ulisting 2.0.6 Authenticated.IDOR MEDIUM" "ulisting 2.0.6 Multiple.CSRF MEDIUM" "ulisting 2.0.6 Settings.Update.via.CSRF MEDIUM" "ulisting 2.0.4 Unauthenticated.SQL.Injection HIGH" "ulisting 1.7 Unauthenticated.Arbitrary.Account.Creation CRITICAL" "ulisting 1.7 Unauthenticated.WordPress.Options.Change CRITICAL" "ulisting 1.7 Unauthenticated.Arbitrary.Roles.and.Capabilities.Creation/Deletion MEDIUM" "ulisting 1.7 Unauthenticated.Arbitrary.Post/Page.Deletion HIGH" "ulisting 1.7 Missing.Access.Controls CRITICAL" "ulisting 1.7 Unauthenticated.Arbitrary.Account.Change HIGH" "ulisting 1.7 Unauthenticated.Information.Disclosure HIGH" "ulisting 1.7 Unauthenticated.SQL.Injections CRITICAL" "user-activation-email No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ultimate-widgets-light No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ultimate-widgets-light No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ultimate-widgets-light No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "universam-demo 8.59 Reflected.Cross-Site.Scripting MEDIUM" "use-your-drive 1.18.3 Reflected.Cross-Site.Scripting MEDIUM" "ulp-duplicate-post-sql-timebased 3.9.1 Authenticated.(Administrator+).SQL.Injection.via.post_id.Parameter MEDIUM" "ultimate-wp-mail 1.3.6 Missing.Authorization MEDIUM" "ultimate-wp-mail 1.3.5 Cross-Site.Request.Forgery MEDIUM" "ultimate-wp-mail 1.3.5 Authenticated.(Contributor+).SQL.Injection MEDIUM" "ultimate-wp-mail No.known.fix Open.Redirect MEDIUM" "ultimate-coming-soon 1.1.0 Cross-Site.Request.Forgery MEDIUM" "ultimate-coming-soon 1.1.0 Unauthenticated.Template.Activation MEDIUM" "ultimate-coming-soon 1.1.0 Subscriber+.Template.Name.Update MEDIUM" "uipress-lite 3.5.08 Authenticated.(Subscriber+).Remote.Code.Execution HIGH" "uipress-lite 3.5.05 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "uipress-lite 3.4.07 Authenticated.(Administrator+).SQL.Injection CRITICAL" "ucat-next-story No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ultimate-410 1.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "url-rewrite-analyzer 1.3.4 Missing.Authorization MEDIUM" "unite-gallery-lite No.known.fix Authenticated.(Contributor+).SQL.Injection CRITICAL" "unite-gallery-lite 1.7.62 Admin+.Stored.XSS LOW" "unite-gallery-lite 1.7.60 Admin+.Local.File.Inclusion MEDIUM" "unite-gallery-lite 1.5 CSRF.&.Authenticated.SQL.Injection HIGH" "up-down-image-slideshow-gallery 12.1 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "utilities-for-mtg No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "utm-tracker No.known.fix Admin+.Stored.XSS LOW" "ultimate-under-construction 1.9.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "user-location-and-ip No.known.fix Contributor+.Stored.XSS MEDIUM" "ultimate-appointment-scheduling 1.1.10 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-gutenberg No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ultimate-gutenberg No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "userplus No.known.fix Privilege.Escalation CRITICAL" "userplus No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "userplus No.known.fix Editor+.Registration.Form.Update.to.Privilege.Escalation HIGH" "userplus No.known.fix Missing.Authorization.via.Multiple.Functions MEDIUM" "userplus No.known.fix Stored.XSS.via.CSRF HIGH" "ultimate-custom-scrollbar 1.2 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-facebook-comments No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-gallery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ultimate-post-kit 3.11.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Social.Count.(Static).Widget MEDIUM" "ultimate-post-kit 3.6.4 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-post-kit 2.9.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ucontext No.known.fix Stored.Cross-Site.Scripting.via.CSRF HIGH" "udraw 3.3.3 Unauthenticated.Arbitrary.File.Access HIGH" "uleak-security-dashboard No.known.fix Subscriber+.Stored.Cross-Site.Scripting HIGH" "unlimited-timeline 1.6.1 Missing.Authorization MEDIUM" "utilitify 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "utilitify 1.0.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ucontext-for-amazon No.known.fix Stored.Cross-Site.Scripting.via.CSRF HIGH" "ukuupeople-the-simple-crm No.known.fix Unauthorised.Favourite.Addition/Deletion MEDIUM" "uncomplicated-seo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "upcasted-s3-offload 3.0.4 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "upcasted-s3-offload 3.0.3 Reflected.Cross-Site.Scripting MEDIUM" "upcasted-s3-offload 3.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ua-marketplace No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ua-marketplace 1.4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "university-quizzes-online No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "upload-quota-per-user No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "user-role 1.6.7 Privilege.Escalation.via.CSRF HIGH" "user-role 1.5.6 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "unilevel-mlm-plan No.known.fix Reflected.Cross-Site.Scripting.via.'page' MEDIUM" "updraftplus 1.25.1 Backup/Restore.<.1.25.1.-.Reflected.XSS HIGH" "updraftplus 1.24.12 Unauthenticated.PHP.Object.Injection HIGH" "updraftplus 1.23.11 Google.Drive.Storage.Update.via.CSRF MEDIUM" "updraftplus 1.23.4 CSRF MEDIUM" "updraftplus 1.22.9 Reflected.Cross-Site.Scripting MEDIUM" "updraftplus 1.22.3 Subscriber+.Backup.Download HIGH" "updraftplus 1.16.69 Reflected.Cross-Site.Scripting HIGH" "updraftplus 1.16.66 Reflected.Cross-Site.Scripting HIGH" "updraftplus 1.16.59 Admin+.Local.File.Inclusion MEDIUM" "updraftplus 1.6.59 Admin+.Stored.Cross-Site.Scripting LOW" "updraftplus 1.13.5 XSS MEDIUM" "updraftplus 1.9.64 XSS MEDIUM" "upsell-order-bump-offer-for-woocommerce 3.0.1 Unauthenticated.Order.Manipulation MEDIUM" "ut-elementor-addons-lite 1.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ut-elementor-addons-lite 1.1.9 Authenticated.(Contributor+).Restricted.Post.Disclosure MEDIUM" "ultimate-auction 4.3.0 Contributor+.Arbitrary.Post.Deletion MEDIUM" "ultimate-auction 4.2.8 Missing.Authorization.to.Unauthenticated.Email.Creation MEDIUM" "ultimate-auction 4.2.6 Cross-Site.Request.Forgery MEDIUM" "ubigeo-peru 3.6.4 Unauthenticated.SQLi HIGH" "userheat 1.1.11 Settings.Update.via.CSRF MEDIUM" "user-messages No.known.fix Reflected.XSS HIGH" "user-shortcodes-plus No.known.fix Insecure.Direct.Object.Reference.to.Authenticated.(Contributor+).Sensitive.Information.Disclosure.via.user_meta.Shortcode MEDIUM" "useful-banner-manager No.known.fix Modify.banners.via.CSRF MEDIUM" "ultimate-carousel-for-visual-composer No.known.fix Contributor+.Stored.XSS MEDIUM" "ukrainian-currency No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "utubevideo-gallery 2.0.8 Contributor+.Stored.XSS MEDIUM" "user-drop-down-roles-in-registration No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "umich-oidc-login No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "use-memcached No.known.fix Settings.Update.via.CSRF MEDIUM" "user-export-with-their-meta-data No.known.fix Subscriber+.CSV.Injection LOW" "user-export-with-their-meta-data 0.6.5 Admin+.SQLi MEDIUM" "unlimited-theme-addons 1.2.3 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "unlimited-theme-addons 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-social-media-icons 2.9.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-social-media-icons 2.9.1 Admin+.Stored.XSS LOW" "ultimate-social-media-icons 2.8.9 Admin+.Stored.XSS.via.settings LOW" "ultimate-social-media-icons 2.8.6 Arbitrary.Settings.Update.via.CSRF MEDIUM" "ultimate-social-media-icons 2.8.6 Subscriber+.Sensitive.Information.Exposure MEDIUM" "ultimate-social-media-icons 2.8.4 Reflected.XSS HIGH" "ultimate-social-media-icons 2.8.2 Plugin.Installation.via.CSRF MEDIUM" "ultimate-social-media-icons 2.8.2 Subscriber+.Plugin.Installation MEDIUM" "ultimate-social-media-icons 2.8.2 Admin+.Stored.XSS LOW" "useragent-spy No.known.fix Admin+.Stored.XSS LOW" "updraft No.known.fix Reflected.XSS HIGH" "ultimate-shortcodes-creator No.known.fix Reflected.Cross-Site.Scripting.via.'page' MEDIUM" "ultimate-shortcodes-creator No.known.fix Reflected.Cross-Site.Scripting.via._wpnonce MEDIUM" "ultimate-shortcodes-creator 2.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "user-list No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "user-registration-using-contact-form-7 No.known.fix Cross-Site.Request.Forgery MEDIUM" "ultimate-image-hover-effects No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "upload-fields-for-wpforms No.known.fix Missing.Authorization MEDIUM" "uix-slideshow 1.6.6 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "user-activity-log-pro No.known.fix Missing.Authorization MEDIUM" "user-activity-log-pro No.known.fix Authenticated.(Subscriber+).SQL.Injection CRITICAL" "user-activity-log-pro 2.3.4 Unauthenticated.Stored.Cross-Site.Scripting.via.User.Agent HIGH" "user-activity-log-pro 2.3.4 IP.Spoofing MEDIUM" "upload-scanner No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "uw-freelancer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "urvanov-syntax-highlighter 2.8.34 Highlighting.Blocks.Mgt.via.CSRF MEDIUM" "ultimate-push-notifications No.known.fix Reflected.Cross-Site.Scripting HIGH" "ultimate-push-notifications No.known.fix Subscriber+.SQL.Injection HIGH" "uptime-robot-monitor No.known.fix Cross-Site.Request.Forgery MEDIUM" "uptime-robot-monitor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "uptime-robot-monitor No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "ungallery No.known.fix Stored.XSS.via.CSRF HIGH" "ultimate-woocommerce-auction-pro 1.5.3 Unauthenticated.SQL.Injection.via.'auction_id' HIGH" "unlimited-elements-for-elementor 1.5.143 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "unlimited-elements-for-elementor 1.5.141 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Transparent.Split.Hero.Widget MEDIUM" "unlimited-elements-for-elementor 1.5.136 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "unlimited-elements-for-elementor 1.5.127 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "unlimited-elements-for-elementor 1.5.122 Authenticated.(Editor+).Remote.Code.Execution HIGH" "unlimited-elements-for-elementor 1.5.122 Reflected.Cross-Site.Scripting MEDIUM" "unlimited-elements-for-elementor 1.5.113 IP.Address.Spoofing.to.Antispam.Bypass MEDIUM" "unlimited-elements-for-elementor 1.5.113 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'email' MEDIUM" "unlimited-elements-for-elementor 1.5.113 Authenticated.(Contributor+).Time-Based.SQL.Injection HIGH" "unlimited-elements-for-elementor 1.5.113 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'username' MEDIUM" "unlimited-elements-for-elementor 1.5.110 Authenticated.(Contributor+).Blind.SQL.Injection.via.data[addonID].Parameter HIGH" "unlimited-elements-for-elementor 1.5.110 Authenticated.(Contributor+).Information.Exposure MEDIUM" "unlimited-elements-for-elementor 1.5.108 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Text.Field MEDIUM" "unlimited-elements-for-elementor 1.5.91 Contributor+.Remote.Code.Execution.via.template.import HIGH" "unlimited-elements-for-elementor 1.5.108 Contributor+.SQLi MEDIUM" "unlimited-elements-for-elementor 1.5.105 Contributor+.SQL.Injection HIGH" "unlimited-elements-for-elementor 1.5.103 Admin+.Command.Injection MEDIUM" "unlimited-elements-for-elementor 1.5.103 Reflected.Cross-Site.Scripting MEDIUM" "unlimited-elements-for-elementor 1.5.97 Contributor+.Stored.XSS MEDIUM" "unlimited-elements-for-elementor 1.5.94 Reflected.Cross-Site.Scripting HIGH" "unlimited-elements-for-elementor 1.5.75 Reflected.Cross-Site.Scripting MEDIUM" "unlimited-elements-for-elementor 1.5.67 Contributor+.Arbitrary.File.Upload HIGH" "unlimited-elements-for-elementor 1.5.49 Admin+.Stored.XSS LOW" "unlimited-elements-for-elementor 1.5.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "user-password-reset No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ultimate-instagram-feed No.known.fix Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "updater 1.35 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "unsafe-mimetypes No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "userpro-messaging No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "userpro-messaging No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "ultimate-noindex-nofollow-tool-ii 1.3.6 Admin+.Stored.XSS LOW" "ultimate-noindex-nofollow-tool-ii 1.3.4 Settings.Update.via.CSRF MEDIUM" "ultimate-downloadable-products-for-woocommerce 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "universal-analytics-injector No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "uniconsent-cmp 1.4.4 Admin+.Stored.XSS LOW" "ultimate-security-checker No.known.fix Cross-Site.Request.Forgery MEDIUM" "ultimate-post 4.1.26 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-post 4.1.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-post 4.1.17 Missing.Authorization.to.Arbitrary.Plugin.Installation/Activation HIGH" "ultimate-post 4.1.16 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-post 4.1.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-post 4.1.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-post 4.1.3 Missing.Authorization.to.Arbitrary.Options.Update HIGH" "ultimate-post 4.1.0 Authenticated.(Contributor+).Stored.Cross=Site.Scripting MEDIUM" "ultimate-post 4.1.0 Contributor+.Stored.XSS MEDIUM" "ultimate-post 4.0.2 Contributor+.Stored.XSS MEDIUM" "ultimate-post 4.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-post 3.2.4 Incorrect.Authorization MEDIUM" "ultimate-post 3.0.6 Gutenberg.Post.Grid.Blocks.<.3.0.6.-.Reflected.Cross-Site.Scripting HIGH" "ultimate-post 2.9.10 Gutenberg.Blocks.for.Post.Grid.<.2.9.10.-.Reflected.Cross-Site.Scripting HIGH" "ultimate-post 2.4.10 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "ultimate-post 2.4.10 Private.Content.Disclosure MEDIUM" "ultimate-post 2.4.10 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "ultimate-post 2.4.10 Missing.Access.Controls MEDIUM" "users-control No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "usc-e-shop 2.11.14 Authenticated.(Editor+).Arbitrary.File.Deletion MEDIUM" "usc-e-shop 2.11.10 Unauthenticated.Stored.Cross-Site.Scripting.via.name.Parameter HIGH" "usc-e-shop 2.11.2 Authenticated.(Admin+).SQL.Injection MEDIUM" "usc-e-shop 2.10.0 Missing.Authorization MEDIUM" "usc-e-shop 2.9.4 Authenticated(Editor+).SQL.Injection HIGH" "usc-e-shop 2.9.7 Authenticated.(Administrator+).Directory.Traversal MEDIUM" "usc-e-shop 2.9.6 Admin+.PHP.Object.Injection HIGH" "usc-e-shop 2.9.5 Cross-Site.Request.Forgery HIGH" "usc-e-shop 2.9.5 Subscriber+.Arbitrary.File.Upload HIGH" "usc-e-shop 2.9.5 Reflected.XSS HIGH" "usc-e-shop 2.9.5 Unauthenticated.PHP.Object.Injection HIGH" "usc-e-shop 2.8.22 Author+.SQL.Injection MEDIUM" "usc-e-shop 2.8.22 Author+.Path.Traversal MEDIUM" "usc-e-shop 2.8.22 Editor+.SQL.Injection MEDIUM" "usc-e-shop 2.8.22 Multiple.XSS MEDIUM" "usc-e-shop 2.8.22 Editor+.Arbitrary.File.Upload LOW" "usc-e-shop 2.8.11 Reflected.XSS HIGH" "usc-e-shop 2.8.9 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "usc-e-shop 2.8.5 Unauthenticated.Arbitrary.File.Access HIGH" "usc-e-shop 2.8.6 Subscriber+.PHAR.Deserialisation HIGH" "usc-e-shop 2.8.5 Subscriber+.Arbitrary.File.Access HIGH" "usc-e-shop 2.8.4 Subscriber+.Arbitrary.Shipping.Method.Creation/Update/Deletion MEDIUM" "usc-e-shop 2.8.4 Multiple.Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "usc-e-shop 2.7.8 Unauthenticated.Arbitrary.File.Access HIGH" "usc-e-shop 2.2.8 Authenticated.System.Information.Disclosure MEDIUM" "usc-e-shop 2.2.8 Unauthenticated.Information.Disclosure HIGH" "usc-e-shop 2.2.4 Cross-Site.Scripting.(XSS) MEDIUM" "usc-e-shop 2.1.1 Authenticated.SQL.Injection MEDIUM" "usc-e-shop 1.9.36 Authenticated.PHP.Object.Injection HIGH" "usc-e-shop 1.8.3 Cross-Site.Scripting.(XSS) MEDIUM" "usc-e-shop 1.8.3 PHP.Object.Injection MEDIUM" "usc-e-shop 1.8.3 Session.Management MEDIUM" "usc-e-shop 1.5.3 SQL.Injection MEDIUM" "usc-e-shop 1.4.18 Multiple.Vulnerabilities LOW" "usc-e-shop 1.5 purchase_limit.Parameter.DOM-based.XSS MEDIUM" "usc-e-shop 1.5 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "usc-e-shop 1.5 SQL.Injection CRITICAL" "unlimited-addons-for-wpbakery-page-builder No.known.fix Authenticated.(Editor+).Arbitrary.File.Upload HIGH" "user-avatar-reloaded 1.2.2 Reloaded.<.1.2.2.-.Contributor+.Stored.XSS MEDIUM" "uk-cookie-consent 3.2.1 Missing.Authorization.via.handle_consent_toggle() MEDIUM" "uk-cookie-consent 2.3.10 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "unlimited-addon-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "uicore-elements 1.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "ultimate-reviews 3.2.15 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-reviews 3.2.9 Unauthenticated.stored.Cross-Site.Scripting.via.reviews MEDIUM" "ultimate-reviews 3.0.16 Admin+.Stored.Cross-Site.Scripting LOW" "ultimate-reviews 2.1.33 Unauthenticated.PHP.Object.Injection MEDIUM" "ultimate-popup-creator No.known.fix Unauthenticated.SQL.Injection HIGH" "ultimate-popup-creator No.known.fix Missing.Authorization.to.Unauthenticated.DB.Table.Truncation MEDIUM" "update-urls 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "uninstall No.known.fix WordPress.Deletion.via.CSRF HIGH" "ultimate-elementor 1.36.32 Authenticated.(Contributor+).Privilege.Escalation HIGH" "ultimate-elementor 1.30.0 Contributor+.Stored.XSS MEDIUM" "ultimate-elementor 1.24.2 Registration.Bypass HIGH" "ultimate-elementor 1.20.1 Authentication.Bypass CRITICAL" "universal-video-player-and-bg No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "urdu-formatter-shamil No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "userfeedback-lite 1.0.16 Unauthenticated.Stored.Cross-Site.Scripting.via.Name.Parameter HIGH" "userfeedback-lite 1.0.14 Unauthenticated.Stored.XSS MEDIUM" "userfeedback-lite 1.0.10 Unauthenticated.Stored.XSS HIGH" "userfeedback-lite 1.0.8 Unauthenticated.Stored.XSS HIGH" "ultimate-tables No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "user-roles No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "usersnap 4.17 Admin+.Stored.XSS LOW" "ux-flat 4.5 Contributor+.Stored.XSS MEDIUM" "ultimate-bar No.known.fix Missing.Authorization MEDIUM" "url-media-uploader 1.0.1 Authenticated.(Author+).Server-Side.Request.Forgery.via.DNS.Rebinding MEDIUM" "uploading-svgwebp-and-ico-files No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "uploading-svgwebp-and-ico-files No.known.fix Admin+.Arbitrary.File.Upload MEDIUM" "uploading-svgwebp-and-ico-files No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "users-ultra No.known.fix Unauthenticated.SQL.Injection HIGH" "users-ultra 1.5.64 Authenticated.Blind.SQL.Injection HIGH" "users-ultra 1.5.63 Authenticated.Stored.Cross-Site.Scripting.(XSS).&.CSRF HIGH" "users-ultra 1.5.59 Unrestricted.File.Upload HIGH" "ultimate-events No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "user-activity No.known.fix IP.Spoofing MEDIUM" "ultimate-store-kit 2.5.0 Cross-Site.Request.Forgery.to.Limited.User.Meta.Update MEDIUM" "ultimate-store-kit 2.4.1 Unauthenticated.PHP.Object.Injection CRITICAL" "ultimate-store-kit 2.6.0 Contributor+.Stored.XSS MEDIUM" "ultimate-store-kit 2.3.1 Missing.Authorization MEDIUM" "ultimate-store-kit 2.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-store-kit 2.0.4 Unauthenticated.PHP.Object.Injection CRITICAL" "ultimate-store-kit 2.0.0 Unauthenticated.PHP.Object.Injection CRITICAL" "ultimate-store-kit 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-store-kit 2.0.4 Unauthenticated.PHP.Object.Injection MEDIUM" "ultimate-store-kit 1.6.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-taxonomy-manager No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "ultimate-taxonomy-manager No.known.fix Reflected.XSS HIGH" "usermaven 1.2.2 Cross-Site.Request.Forgery MEDIUM" "uncanny-toolkit-pro 4.1.4.1 Cross-Site.Request.Forgery MEDIUM" "uncanny-toolkit-pro 4.1.4.1 Missing.Authorization.to.Arbitrary.Page/Post.Duplication MEDIUM" "uncanny-toolkit-pro 4.1.4.1 Reflected.Cross-Site.Scripting MEDIUM" "userback 1.0.14 Arbitrary.Settings.Update.via.CSRF MEDIUM" "ultimate-bulk-seo-noindex-nofollow No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ultimate-youtube-video-player No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Setting.Exposure MEDIUM" "ultimate-youtube-video-player No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Playlist/Video.Deletion MEDIUM" "ultimate-tinymce No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "user-activity-tracking-and-log 4.1.4 IP.Spoofing MEDIUM" "user-activity-tracking-and-log 4.0.9 License.Update/Deactivation.via.CSRF MEDIUM" "user-rights-access-manager No.known.fix Missing.Authorization MEDIUM" "user-rights-access-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "user-rights-access-manager 1.0.8 Access.Restriction.Bypass MEDIUM" "user-rights-access-manager 1.0.4 Improper.Access.Controls MEDIUM" "user-private-files 2.1.4 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "user-private-files 2.1.1 Insecure.Direct.Object.Reference.to.Authenticated.(Subscriber+).Private.File.Access MEDIUM" "user-private-files 2.0.5 Subscriber+.Sensitive.Data.and.Files.Exposure.via.IDOR MEDIUM" "user-private-files 2.0.4 Admin+.Stored.XSS MEDIUM" "user-private-files 1.1.3 Subscriber+.Arbitrary.File.Upload CRITICAL" "ultimate-product-catalogue 5.2.16 Cross-Site.Request.Forgery.via.reset_settings() MEDIUM" "ultimate-product-catalogue 5.2.6 Admin+.Stored.XSS LOW" "ultimate-product-catalogue 5.0.26 Subscriber+.Arbitrary.Product.Creation.&.Settings.Update MEDIUM" "use-any-font 6.3.09 Cross-Site.Request.Forgery MEDIUM" "use-any-font 6.2.1 API.Key.Deactivation.via.CSRF MEDIUM" "use-any-font 6.2.1 Unauthenticated.Arbitrary.CSS.Appending HIGH" "ultimate-wp-query-search-filter No.known.fix Contributor+.XSS MEDIUM" "url-params 2.5 Contributor+.Stored.XSS MEDIUM" "unique-ux No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "upc-ean-barcode-generator No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "uploadcare 3.1.0 Cross-Site.Request.Forgery MEDIUM" "utech-world-time-for-wp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-author-box-lite 1.1.3 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "update-notifications No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "user-registration-pro 5.2.0 Cross-Site.Request.Forgery.to.User.Deletion MEDIUM" "user-registration-pro 5.1.3 Authentication.Bypass HIGH" "user-registration-pro 5.1.2 Unauthenticated.Privilege.Escalation HIGH" "ultra-companion 1.2.0 Contributor+.Stored.XSS MEDIUM" "ultimate-maps-by-supsystic 1.2.17 Cross-Site.Request.Forgery MEDIUM" "ultimate-maps-by-supsystic 1.2.16 .Admin+.Stored.XSS LOW" "ultimate-maps-by-supsystic 1.2.5 Reflected.Cross-Site.scripting.(XSS) HIGH" "ultimate-maps-by-supsystic 1.1.17 Authenticated.SQL.Injections CRITICAL" "ultimate-form-builder-lite 1.5.1 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "ultimate-form-builder-lite 1.3.8 Multiple.Vulnerabilities CRITICAL" "user-profile 2.0.21 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "ultraaddons-elementor-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultraaddons-elementor-lite No.known.fix Cross-Site.Request.Forgery MEDIUM" "ultraaddons-elementor-lite 1.1.9 Insecure.Direct.Object.Reference.to.Sensitive.Information.Exposure.via.UA_Template.Shortcode MEDIUM" "ultraaddons-elementor-lite No.known.fix Author+.Stored.XSS MEDIUM" "ultraaddons-elementor-lite 1.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "ultraaddons-elementor-lite 1.1.0 Reflected.Cross-Site.Scripting MEDIUM" "user-activity-log 2.0 Admin+.SQL.Injection MEDIUM" "user-activity-log 1.6.7 IP.Spoofing MEDIUM" "user-activity-log 1.6.6 Subscriber+.Log.Export MEDIUM" "user-activity-log 1.6.5 Unauthenticated.SQLi HIGH" "user-activity-log 1.6.3 Admin+.SQLi MEDIUM" "user-activity-log 1.6.3 Admin+.SQL.Injection MEDIUM" "user-activity-log 1.4.7 Reflected.Cross.Site.Scripting.via.Query.String MEDIUM" "user-activity-log 1.4.7 Reflected.Cross-Site.Scripting HIGH" "upload-file-type-settings-plugin No.known.fix Admin+.Stored.XSS LOW" "ut-shortcodes 5.1.7 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "ut-shortcodes 5.0.5 Reflected.Cross-Site.Scripting MEDIUM" "upload-media-by-url 1.0.8 Stored.XSS.via.CSRF MEDIUM" "ultimate-carousel-for-divi 4.5.1 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-carousel-for-divi 4.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ux-sniff No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "uni-woo-custom-product-options 4.9.27 Reflected.Cross-Site.Scripting MEDIUM" "uni-woo-custom-product-options 4.9.14 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ultraembed-advanced-iframe No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "unlimited-page-sidebars 0.2.7 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ultimate-faqs 2.1.2 Subscriber+.Arbitrary.FAQ.Creation MEDIUM" "ultimate-faqs 1.8.30 Unauthenticated.Reflected.XSS MEDIUM" "ultimate-faqs 1.8.25 Unauthenticated.Options.Import/Export HIGH" "ultimate-faqs 1.8.22 Cross-Site.Scripting.(XSS) MEDIUM" "universal-star-rating No.known.fix CSRF MEDIUM" "upunzipper No.known.fix Authenticated.(Admin+).Arbitrary.File.Deletion MEDIUM" "ultra-elementor-addons No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "userpro No.known.fix Community.and.User.Profile.WordPress.Plugin.<=.5.1.10.-.Unauthenticated.Arbitrary.File.Read MEDIUM" "userpro No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "userpro No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "userpro No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "userpro No.known.fix Missing.Authorization MEDIUM" "userpro 5.1.9 Unauthenticated.Account.Takeover.to.Privilege.Escalation CRITICAL" "userpro 5.1.7 Disabled.Membership.Registration.Bypass MEDIUM" "userpro 5.1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "userpro 5.1.5 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "userpro 5.1.2 Sensitive.Information.Disclosure.via.Shortcode MEDIUM" "userpro 5.1.1 Cross-Site.Request.Forgery.to.PHP.Object.Injection HIGH" "userpro 5.1.2 Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "userpro 5.1.1 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting.via.userpro_save_userdata MEDIUM" "userpro 5.1.2 Insecure.Password.Reset.Mechanism CRITICAL" "userpro 5.1.2 Cross-Site.Request.Forgery.to.Sensitive.Information.Exposure MEDIUM" "userpro 5.1.2 Cross-Site.Request.Forgery.via.multiple.functions MEDIUM" "userpro 5.1.2 Missing.Authorization.via.multiple.functions HIGH" "userpro 5.1.5 Missing.Authorization.to.Arbitrary.Shortcode.Execution.via.userpro_shortcode_template MEDIUM" "userpro 5.1.2 Authentication.Bypass.to.Administrator CRITICAL" "userpro 4.9.35.1 Unauthenticated.Reflected.XSS MEDIUM" "userpro 4.9.28 User.Registration.With.Administrator.Role MEDIUM" "userpro 4.9.24 Unauthenticated.Cross-Site.Scripting.(XSS) CRITICAL" "ui-slider-filter-by-price No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ui-slider-filter-by-price No.known.fix Cross-Site.Request.Forgery MEDIUM" "userswp 1.2.16 Missing.Authorization MEDIUM" "userswp 1.2.12 Users.Information.Disclosure MEDIUM" "userswp 1.2.11 Unauthenticated.SQL.Injection.via.'uwp_sort_by' CRITICAL" "userswp 1.2.6 Cross-Site.Request.Forgery MEDIUM" "userswp 1.2.7 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "userswp 1.2.3.23 Profile.Picture.Deletion.via.CSRF MEDIUM" "userswp 1.2.3.1 Subscriber+.User.Avatar.Override MEDIUM" "userswp 1.2.2.29 Reflected.Cross-Site.Scripting MEDIUM" "user-access-manager 2.2.18 IP.Spoofing LOW" "user-access-manager 2.0.9 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "ultimate-subscribe No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "unyson 2.7.31 Cross-Site.Request.Forgery MEDIUM" "unyson No.known.fix Missing.Authorization MEDIUM" "unyson 2.7.27 Reflected.Cross-Site.Scripting MEDIUM" "user-meta-shortcodes No.known.fix Contributor+.Unauthorized.Arbitrary.User.Metadata.Access HIGH" "utech-spinning-earth No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "unlimited-blocks No.known.fix Contributor+.Stored.XSS MEDIUM" "user-registration 4.2.2 Insecure.Direct.Object.Reference.to.Unauthenticated.Limited.User.Deletion MEDIUM" "user-registration 4.2.0 Reflected.Cross-Site.Scripting MEDIUM" "user-registration 4.1.4 Insecure.Direct.Object.Reference.to.Authenticated.(Subscriber+).User.Password.Update MEDIUM" "user-registration 4.1.4 Insecure.Direct.Object.Reference.to.Unauthenticated.Membership.Modification MEDIUM" "user-registration 4.1.3 Authentication.Bypass HIGH" "user-registration 4.0.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "user-registration 4.1.2 Unauthenticated.Privilege.Escalation HIGH" "user-registration 4.1.0 Reflected.Cross-Site.Scripting MEDIUM" "user-registration 3.2.1 Missing.Authorization.to.Privilege.Escalation HIGH" "user-registration 3.2.0 Missing.Authorization.to.Authenticated.(Subscriber+).Privilege.Escalation HIGH" "user-registration 3.2.0 Missing.Authorization.to.Unauthenticated.Media.Deletion MEDIUM" "user-registration 3.1.5 Unauthenticated.Stored.Self-Based.Cross-Site.Scripting MEDIUM" "user-registration 3.0.4.2 Admin+.Stored.XSS LOW" "user-registration 3.0.2.1 Subscriber+.Arbitrary.File.Upload.Leading.to.RCE CRITICAL" "user-registration 3.0.2.1 Subscriber+.Arbitrary.File.Upload CRITICAL" "user-registration 3.0.2 Subscriber+.PHP.Object.Injection HIGH" "user-registration 2.3.3 Subscriber+.PHP.Object.Injection HIGH" "user-registration 2.3.1 Admin+.Stored.XSS LOW" "user-registration 2.2.4.1 Subscriber+.Arbitrary.File.Upload CRITICAL" "user-registration 2.0.2 Low.Privilege.Stored.Cross-Site.Scripting MEDIUM" "ultimate-category-excluder 1.2 Cross-Site.Request.Forgery MEDIUM" "ultimate-weather-plugin No.known.fix Unauthenticated.Reflected.XSS MEDIUM" "user-management No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "user-management 1.2 Subscriber+.Arbitrary.File.Upload HIGH" "update-alt-attribute No.known.fix Reflected.XSS HIGH" "update-alt-attribute No.known.fix Cross-Site.Request.Forgery MEDIUM" "uji-countdown 2.3.1 Admin+.Stored.XSS LOW" "uji-countdown 2.0.7 Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-classified-listings 1.5 Ultimate.Classified.Listings.<.1,5.Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Title.Parameter MEDIUM" "ultimate-classified-listings 1.6 Cross-Site.Request.Forgery.to.Account.Takeover HIGH" "ultimate-classified-listings No.known.fix Subscriber+.Stored.XSS HIGH" "ultimate-classified-listings No.known.fix Contributor+.Local.File.Inclusion HIGH" "ultimate-classified-listings 1.4 Reflected.XSS HIGH" "ultimate-classified-listings 1.3 Reflected.XSS HIGH" "ultimate-classified-listings 1.3 Unauthenticated.LFI HIGH" "user-submitted-posts 20250327 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "user-submitted-posts 20240516 Admin+.Stored.XSS LOW" "user-submitted-posts 20230914 Unauthenticated.Arbitrary.File.Upload CRITICAL" "user-submitted-posts 20230902 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "user-submitted-posts 20230901 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "user-submitted-posts 20230811 Unauthenticated.Stored.XSS HIGH" "user-submitted-posts 20190501 Arbitrary.File.Upload MEDIUM" "updownupdown-postcomment-voting No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "uix-shortcodes 2.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "uix-shortcodes 2.0.4 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "uix-shortcodes 2.0.0 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "vk-all-in-one-expansion-unit 9.99.2.0 Contributor+.Stored.XSS MEDIUM" "vk-all-in-one-expansion-unit 9.96.0.0 Unauthenticated.Password.Protected.Content.Access MEDIUM" "vk-all-in-one-expansion-unit 9.97.0.0 Contributor+.Stored.XSS MEDIUM" "vk-all-in-one-expansion-unit 9.88.2 Multiple.Stored.XSS MEDIUM" "vk-all-in-one-expansion-unit 9.87.1.0 Reflected.XSS MEDIUM" "vk-all-in-one-expansion-unit 9.86.0.0 Contributor+.Stored.XSS MEDIUM" "vegas-fullscreen-background-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "vasaio-qr-code No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "viral-loops-wp-integration No.known.fix Missing.Authorization MEDIUM" "viral-loops-wp-integration No.known.fix Missing.Authorization LOW" "viral-loops-wp-integration No.known.fix Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "vigilantor 1.3.11 Admin+.Stored.XSS LOW" "vimeo-video-autoplay-automute No.known.fix Contributor+.Stored.XSS MEDIUM" "visual-form-builder 3.0.8 Entries.Deletion/Restoration.via.CSRF MEDIUM" "visual-form-builder 3.0.7 Admin+.Stored.Cross-Site.Scripting LOW" "visual-form-builder 3.0.6 CSV.Injection LOW" "visual-form-builder 3.0.6 Unauthenticated.Information.Disclosure MEDIUM" "visual-form-builder 3.0.4 Admin+.Stored.Cross-Site.Scripting LOW" "videowhisper-live-streaming-integration 6.2.5 Cross-Site.Request.Forgery MEDIUM" "videowhisper-live-streaming-integration 6.2.1 Unauthenticated.Arbitrary.File.Read HIGH" "videowhisper-live-streaming-integration 6.2.1 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "videowhisper-live-streaming-integration 6.1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "videowhisper-live-streaming-integration 4.27.4 Cross-Site.Scripting.(XSS) MEDIUM" "videowhisper-live-streaming-integration 4.29.5 Multiple.Vulnerabilities CRITICAL" "videowhisper-live-streaming-integration 4.29.10 videowhisper_streaming.php.Multiple.Parameter.XSS HIGH" "videowhisper-live-streaming-integration 4.67.17 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "video-thumbnails No.known.fix Admin+.Stored.XSS LOW" "virtual-bot No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "virtual-bot No.known.fix Unauthenticated.SQL.Injection HIGH" "vp-sitemap No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "video-popup 1.1.4 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "visitors-traffic-real-time-statistics 7.3 Missing.Authorization.via.multiple.AJAX.actions MEDIUM" "visitors-traffic-real-time-statistics 3.9 Subscriber+.SQL.Injection HIGH" "visitors-traffic-real-time-statistics 2.12 Arbitrary.Plugin.Installation/Activation.via.Low.Privilege.User CRITICAL" "visitors-traffic-real-time-statistics 2.13 Arbitrary.Plugin.Installation/Activation.via.CSRF CRITICAL" "visitors-traffic-real-time-statistics 1.13 CSRF.to.Stored.XSS/SQLi HIGH" "visitors-app No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "viet-nam-affiliate No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "visualmodo-elements No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "visual-link-preview 2.2.3 Unauthorised.AJAX.Calls MEDIUM" "visual-sound No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "visual-sound No.known.fix Settings.Update.via.CSRF MEDIUM" "vertical-marquee-plugin 7.2 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "vertical-marquee-plugin No.known.fix Admin+.Stored.XSS LOW" "video-embed-thumbnail-generator 4.8.11 Reflected.Cross-Site.Scripting MEDIUM" "video-embed-thumbnail-generator 4.7.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "viral-signup No.known.fix Unauthenticated.SQLi HIGH" "viral-signup No.known.fix Admin+.Stored.XSS LOW" "voting-record No.known.fix Settings.Update.to.Stored.XSS.via.CSRF HIGH" "voting-record No.known.fix Subscriber+.Stored.XSS HIGH" "visual-text-editor No.known.fix Authenticated.(Contributor+).Remote.Code.Execution HIGH" "video-grid 1.22 Reflected.XSS HIGH" "vidseo 1.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "verowa-connect 3.0.5 Reflected.Cross-Site.Scripting MEDIUM" "verowa-connect 3.1.0 Admin+.SQL.Injection MEDIUM" "verowa-connect 3.0.2 Unauthenticated.SQL.Injection HIGH" "vr-calendar-sync 2.4.5 Unauthenticated.Local.File.Inclusion CRITICAL" "vr-calendar-sync 2.3.4 Calendar.Deletion/Update.&.Settings.Update.via.CSRF MEDIUM" "vr-calendar-sync 2.4.5 LFI.via.CSRF HIGH" "vr-calendar-sync 2.3.1 Reflected.Cross-Site.Scripting MEDIUM" "vr-calendar-sync 2.3.2 Unauthenticated.Arbitrary.Function.Call HIGH" "visibility-logic-elementor 2.3.5 Cross-Site.Request.Forgery MEDIUM" "vertical-response-newsletter-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "vidorev-extensions 2.9.9.9.9.9.6 Missing.Authorization.to.Unauthenticated.Youtube.Video.Import MEDIUM" "vkontakte-cross-post No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "viperbar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "visitors-online 1.0.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "visitors-online 0.4 SQL.Injection CRITICAL" "variable-product-swatches No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "variable-product-swatches 1.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "videojs-html5-video-player-for-wordpress No.known.fix HTML5.Video.Player.for.WordPress.<=.4.5.0.-.Contributor+.Stored.XSS.via.Shortcode MEDIUM" "v-form 3.1.15 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "v-form 3.1.10 Reflected.Cross-Site.Scripting MEDIUM" "v-form 3.0.7 Missing.Authorization MEDIUM" "v-form 3.0.1 Reflected.Cross-Site.Scripting MEDIUM" "v-form 2.1.6 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "validar-certificados-de-cursos No.known.fix Cross-Site.Request.Forgery MEDIUM" "validar-certificados-de-cursos 1.6.2 Cross-Site.Request.Forgery MEDIUM" "vignete-ads No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "vimeography 2.4.5 Sensitive.Information.Exposure MEDIUM" "vimeography 2.4.2 Cross-Site.Request.Forgery MEDIUM" "vimeography 2.3.3 Contributor+.PHP.Object.Injection HIGH" "vm-backups No.known.fix CSRF.to.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "vm-backups No.known.fix CSRF.to.Database.Backup.Download MEDIUM" "vc-tabs No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "vc-tabs 3.7.2 Admin+.Stored.Cross-Site.Scripting LOW" "vc-tabs 3.6.0 Unauthenticated.Arbitrary.Option.Update CRITICAL" "vc-tabs 3.7.0 Authenticated.Arbitrary.Options.Update MEDIUM" "vitepos-lite 3.1.8 Missing.Authorization MEDIUM" "vitepos-lite 3.1.5 Missing.Authorization MEDIUM" "vitepos-lite 3.1.4 Missing.Authorization MEDIUM" "vitepos-lite 3.0.2 Missing.Authorization MEDIUM" "vk-filter-search No.known.fix Contributor+.Stored.XSS MEDIUM" "vk-filter-search 2.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "vbsso-lite No.known.fix Missing.Authorization.to.Privilege.Escalation CRITICAL" "very-simple-google-maps 2.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "very-simple-google-maps 2.9 Contributor+.Stored.XSS MEDIUM" "video-conferencing-with-zoom-api 4.4.5 Open.Redirect MEDIUM" "video-conferencing-with-zoom-api 4.4.6 Sensitive.Information.Exposure MEDIUM" "video-conferencing-with-zoom-api 4.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "video-conferencing-with-zoom-api 4.3.0 Sensitive.Data.Disclosure LOW" "video-conferencing-with-zoom-api 4.0.10 Contributor+.Stored.XSS MEDIUM" "video-conferencing-with-zoom-api 3.9.3 Reflected.Cross-Site.Scripting MEDIUM" "video-conferencing-with-zoom-api 3.8.17 E-mail.Address.Disclosure MEDIUM" "video-conferencing-with-zoom-api 3.8.16 Reflected.Cross-Site.Scripting HIGH" "virim No.known.fix Unauthenticated.Object.Injection CRITICAL" "vrview No.known.fix Outdated.VRView.Library.Used,.Leading.to.Reflected.XSS HIGH" "verbalize-wp No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "vdocipher 1.30 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "video-embed-box No.known.fix Authenticated.(subscriber+).SQL.Injection CRITICAL" "variation-swatches-and-gallery 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "variation-swatches-for-woocommerce 2.1.2 Subscriber+.Stored.Cross-Site.Scripting HIGH" "vertical-carousel-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "vr-frases No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "vr-frases No.known.fix Authenticated.(Admin+).SQL.Injection MEDIUM" "vr-frases 4.0 Reflected.XSS HIGH" "visualizer 3.11.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Import.Data.From.File MEDIUM" "visualizer 3.11.2 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "visualizer 3.11.0 Missing.Authorization.to.Arbitrary.SQL.Execution HIGH" "visualizer 3.10.6 Reflected.Cross-Site.Scripting MEDIUM" "visualizer 3.9.5 Contributor+.Stored.XSS MEDIUM" "visualizer 3.9.2 Contributor+.Stored.XSS MEDIUM" "visualizer 3.7.10 Contributor+.PHAR.Deserialization HIGH" "visualizer 3.7.7 Reflected.Cross-Site.Scripting MEDIUM" "visualizer 3.3.1 Blind.Server-Side.Request.Forgery.(SSRF) CRITICAL" "visualizer 3.3.1 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "videojs-html5-player 1.1.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.videojs_video.Shortcode MEDIUM" "videojs-html5-player 1.1.9 Contributor+.Stored.XSS MEDIUM" "video-sidebar-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "visual-footer-credit-remover 1.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "vk-blocks 1.95.0.3 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "vk-blocks 1.64.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Block MEDIUM" "vk-blocks 1.57.1.0 Contributor+.Settings.Update.via.REST.API MEDIUM" "vk-blocks 1.58.0.0 Contributor+.Settings.Update.via.REST.API MEDIUM" "vk-blocks 1.54.0 Multiple.Stored.XSS MEDIUM" "vo-locator-the-wp-store-locator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "vo-locator-the-wp-store-locator No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "viet-affiliate-link No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "vertical-diamond-flipbook-flash No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "vikinghammer-tweet No.known.fix Stored.XSS.via.CSRF HIGH" "vcos No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "video-posts-webcam-recorder 3.2.4 Authenticated.Reflected.XSS MEDIUM" "video-posts-webcam-recorder 1.55.5 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "verge3d 4.9.5 Missing.Authorization MEDIUM" "verge3d 4.9.4 Reflected.Cross-Site.Scripting MEDIUM" "verge3d 4.9.3 Cross-Site.Request.Forgery MEDIUM" "verge3d 4.8.3 Cross-Site.Request.Forgery MEDIUM" "verge3d 4.8.1 Reflected.Cross-Site.Scripting MEDIUM" "verge3d 4.5.3 Subscriber+.Arbitrary.File.Upload HIGH" "vdz-call-back 1.1.4.6 Authenticated.Stored.XSS MEDIUM" "variable-inspector No.known.fix Missing.Authorization MEDIUM" "variable-inspector 2.6.3 Reflected.Cross-Site.Scripting MEDIUM" "variable-inspector 2.4.0 Reflected.Cross-Site.Scripting MEDIUM" "vrpconnector No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "visualcomposer 45.12.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "visualcomposer 45.11.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "visualcomposer 45.9.0 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "visualcomposer 45.7.0 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "visualcomposer 45.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "visualcomposer 45.0.1 Authenticated.Stored.XSS.via.Text.Block MEDIUM" "visualcomposer 45.0.1 Authenticated.Stored.XSS.via.Title MEDIUM" "visualcomposer 27.0 Multiple.Authenticated.Cross-Site.Scripting.Issues HIGH" "very-simple-contact-form 14.8 CAPTCHA.Bypass MEDIUM" "very-simple-contact-form 14.0 Missing.Authorization MEDIUM" "very-simple-contact-form 11.6 Captcha.bypass MEDIUM" "void-visual-whmcs-element No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "void-visual-whmcs-element 1.0.4.1 Contributor+.Stored.XSS MEDIUM" "vibebp 1.9.9.7.7 Unauthenticated.SQL.Injection HIGH" "vibebp 1.9.9.5.1 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "vibebp 1.9.9.5 Unauthenticated.Privilege.Escalation CRITICAL" "vod-infomaniak 1.5.10 Missing.Authorization MEDIUM" "vod-infomaniak 1.5.8 Cross-Site.Request.Forgery MEDIUM" "vod-infomaniak 1.5.7 Reflected.Cross-Site.Scripting HIGH" "video-embeds No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "viewmedica No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "viewmedica No.known.fix Cross-Site.Request.Forgery.to.SQL.Injection MEDIUM" "viewmedica No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "video-contest No.known.fix Admin+.Stored.XSS LOW" "video-contest No.known.fix Cross-Site.Request.Forgery MEDIUM" "vk-blocks-pro 1.54.0 Multiple.Stored.XSS MEDIUM" "vmax-project-manager No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "vikrentcar 1.4.3 Cross-Site.Request.Forgery.to.Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "vikrentcar 1.4.1 Unauthenticated.SQL.Injection CRITICAL" "vikrentcar 1.3.2 Cross.Site.Request.Forgery MEDIUM" "vikrentcar 1.3.3 Information.Exposure MEDIUM" "vikrentcar 1.3.1 Admin+.Stored.XSS MEDIUM" "vikrentcar 1.1.10 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "vikrentcar 1.1.7 CSRF.to.Stored.XSS HIGH" "vg-woocarousel No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "vdz-google-analytics 1.4.9 Authenticated.Stored.XSS LOW" "vdz-google-analytics 1.6.0 Authenticated.Stored.XSS LOW" "valvepress-rankie No.known.fix Missing.Authorization MEDIUM" "video-embed-optimizer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "video-central No.known.fix Contributor+.Stored.XSS MEDIUM" "video-synchro-pdf No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "video-synchro-pdf No.known.fix Unauthenticated.LFI MEDIUM" "video-slider-with-thumbnails 1.0.11 Reflected.XSS HIGH" "visucom-smart-sections No.known.fix WPBakery.Page.Builder.Addon.<=.1.7.8.-.Unauthenticated.PHP.Object.Injection CRITICAL" "visitors-details No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "vertical-scroll-recent-post No.known.fix Cross-Site.Request.Forgery.via.vsrp_admin_options MEDIUM" "vertical-scroll-recent-post No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "vertical-scroll-recent-post 14.0 Reflected.Cross-Site.Scripting MEDIUM" "video-list-manager No.known.fix Admin+.SQL.Injection MEDIUM" "vc-addons-by-bit14 No.known.fix Editor+.Stored.XSS LOW" "vc-addons-by-bit14 1.4.6 Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Settings.Modification MEDIUM" "verification-sms-targetsms No.known.fix Unauthenticated.Limited.Remote.Code.Execution HIGH" "views-for-wpforms-lite 3.2.3 Missing.Authorization.via.get_form_fields MEDIUM" "views-for-wpforms-lite 3.2.3 Missing.Authorization.via.save_view MEDIUM" "views-for-wpforms-lite 3.2.3 Cross-Site.Request.Forgery.via.save_view MEDIUM" "views-for-wpforms-lite 3.2.3 Cross-Site.Request.Forgery.via.create_view MEDIUM" "views-for-wpforms-lite 3.2.3 Missing.Authorization.via.create_view MEDIUM" "visual-portfolio 3.3.10 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "visual-portfolio 3.3.3 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.title_tag.Parameter MEDIUM" "visual-portfolio 2.18.0 Unauthenticated.CSS.Injection MEDIUM" "visual-portfolio 2.19.0 Contributor+.CSS.Injection MEDIUM" "vit-website-reviews No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "video-embed-privacy 1.3 Reflected.Cross-Site.Scripting MEDIUM" "video-comments-webcam-recorder 1.92 Unauthenticated.Reflected.XSS MEDIUM" "vagonic-sortable No.known.fix Missing.Authorization MEDIUM" "videojs-hls-player No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "void-elementor-post-grid-addon-for-elementor-page-builder 2.4 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "vampire-character No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "vk-block-patterns 1.31.1.1 Missing.Authorization MEDIUM" "vk-block-patterns 1.31.2.0 Cross-Site.Request.Forgery MEDIUM" "videos No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "vk-poster-group No.known.fix Reflected.Cross-Site.Scripting.via.vkp_repost MEDIUM" "visit-site-link-enhanced No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "vayu-blocks 1.3.2 Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.containerWidth.Parameter MEDIUM" "vayu-blocks 1.2.2 1.2.1.-.Missing.Authorization.to.Unauthenticated.Limited.Arbitrary.Options.Update MEDIUM" "vayu-blocks No.known.fix Contributor+.Stored.XSS MEDIUM" "vayu-blocks 1.2.0 Missing.Authorization.to.Unauthenticated.Arbitrary.Plugin.Installation/Activation CRITICAL" "vikrestaurants 1.4 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "video-playlist-and-gallery-plugin 1.160 Settings.Update.via.CSRF MEDIUM" "vikbooking 1.7.3 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "vikbooking 1.7.3 Cross-Site.Request.Forgery.to.Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "vikbooking 1.7.2 Admin+.Stored.XSS LOW" "vikbooking 1.6.8 Insecure.Direct.Object.References MEDIUM" "vikbooking 1.6.8 Broken.Access.Control MEDIUM" "vikbooking 1.6.8 Reflected.Cross-Site.Scripting MEDIUM" "vikbooking 1.6.0 Multiple.CSRF LOW" "vikbooking 1.5.12 Admin+.Stored.XSS MEDIUM" "vikbooking 1.5.9 Reflected.Cross-Site.Scripting MEDIUM" "vikbooking 1.5.7 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "vikbooking 1.5.8 Admin+.PHP.File.Upload LOW" "vikbooking 1.5.8 Admin+.Stored.Cross-Site.Scripting MEDIUM" "vikbooking 1.5.4 Booking.Data.Disclosure CRITICAL" "video-wc-gallery 1.32 Missing.Authorization.to.Unauthenticated.Limited.File.Deletion MEDIUM" "vision 1.7.2 Missing.Authorization MEDIUM" "vision 1.5.4 Contributor+.Stored.XSS MEDIUM" "vision 1.5.2 Reflected.Cross-Site.Scripting HIGH" "vg-postcarousel No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "videowhisper-video-conference-integration No.known.fix Remote.File.Upload CRITICAL" "videowhisper-video-presentation No.known.fix Remote.File.Upload CRITICAL" "virtual-hdm-for-taxservice-am No.known.fix Unauthenticated.SQL.Injection HIGH" "visual-builder 1.3 Missing.Authorization MEDIUM" "video-widget No.known.fix Admin+.Stored.XSS.via.Widget LOW" "vstemplate-creator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "very-simple-quiz No.known.fix Multiple.Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "vite-coupon No.known.fix Remote.Code.Execution.via.CSRF HIGH" "visual-recent-posts No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "vdz-verification 1.4 Authenticated.Stored.XSS MEDIUM" "varnish-wp No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "vr-views No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "vehica-core 1.0.98 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "video-share-vod No.known.fix Reflected.Cross-Site.Scripting HIGH" "video-share-vod 2.6.32 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "video-share-vod 2.6.31 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "vanguard No.known.fix Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "video-player-for-wpbakery 1.0.2 Contributor+.Stored.XSS MEDIUM" "video-reviews 1.3.5 Reflected.Cross-Site.Scripting MEDIUM" "video-reviews 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "visual-sound-widget-for-soundcloud-and-artistplugme-visualdreams No.known.fix Settings.Update.via.CSRF MEDIUM" "venture-event-manager 3.2.5 Reflected.Cross-Site.Scripting.(XSS) HIGH" "vospari-forms 1.4 Cross-Site.Scripting.(XSS) MEDIUM" "vertical-news-scroller 1.17 Authenticated.Reflected.Cross-Site.Scripting.(XSS) CRITICAL" "vice-versa No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "visual-header 1.5 Missing.Authorization MEDIUM" "verse-o-matic No.known.fix CSRF.to.Stored.XSS HIGH" "vkontakte-wall-post No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "visitor-info No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "visitor-info No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "vendor 1.1.1 Unauthenticated.Information.Disclosure MEDIUM" "very-simple-breadcrumb No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "void-elementor-whmcs-elements 2.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "visitor-analytics-io 1.3.0 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "video-embedder 1.8 Stored.XSS.via.CSRF HIGH" "vslider No.known.fix Cross-Site.Request.Forgery MEDIUM" "vslider No.known.fix Contributor+.Stored.XSS MEDIUM" "video-sidebar-widgets No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "vikappointments 1.2.17 Cross-Site.Request.Forgery MEDIUM" "vrm360 No.known.fix Contributor+.Arbitrary.File.Upload.Leading.to.RCE HIGH" "vrm360 No.known.fix Full.Path.Disclosure MEDIUM" "video-background 2.7.5 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "vision-pro 1.5.2 Reflected.Cross-Site.Scripting HIGH" "video-playlist-for-youtube No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "video-playlist-for-youtube 6.2 CSRF MEDIUM" "video-analytics-for-cloudflare-stream 1.2 Reflected.Cross-Site.Scripting MEDIUM" "wp-font-awesome No.known.fix Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-font-awesome 1.7.9 Contributor+.Stored.XSS MEDIUM" "woo-clover-gateway-by-zaytech 1.3.2 Missing.Authorization.via.callback_handler MEDIUM" "wp-popup-lite No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "woo-refund-and-exchange-lite 4.4.6 Unauthenticated.Sensitive.Information.Exposure.Through.Unprotected.Directory MEDIUM" "woo-refund-and-exchange-lite 4.4.6 Subscriber+.IDOR MEDIUM" "woo-refund-and-exchange-lite 4.0.9 Unauthenticated.Arbitrary.File.Upload CRITICAL" "woocommerce-jetpack 7.2.5 7.2.4.-.Unauthenticated.Stored.Cross-Site.Scripting HIGH" "woocommerce-jetpack 7.2.5 7.2.4.-.Unauthenticated.Arbitrary.File.Upload HIGH" "woocommerce-jetpack 7.2.5 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "woocommerce-jetpack 7.2.4 Authenticated.(ShopManager+).Stored.Cross-Site.Scripting.via.wcj_product_meta.Shortcode MEDIUM" "woocommerce-jetpack 7.2.4 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-jetpack 7.1.9 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "woocommerce-jetpack 7.1.8 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-jetpack 7.1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortocde MEDIUM" "woocommerce-jetpack 7.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-jetpack 7.1.3 Missing.Authorization.to.Product.Creation/Modification MEDIUM" "woocommerce-jetpack 7.1.2 Missing.Authorization.to.Authenticated.(Subscriber+).Order.Information.Disclosure MEDIUM" "woocommerce-jetpack 7.1.3 Contributor+.Stored.XSS MEDIUM" "woocommerce-jetpack 7.1.2 Authenticated.(Subscriber+).Information.Disclosure.via.Shortcode MEDIUM" "woocommerce-jetpack 7.1.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "woocommerce-jetpack 7.1.1 Subscriber+.Sensitive.Information.Disclosure MEDIUM" "woocommerce-jetpack 7.1.0 Shop.Manager+.Missing.Authorization.to.Arbitrary.Options.Update MEDIUM" "woocommerce-jetpack 6.0.1 Multiple.CSRF MEDIUM" "woocommerce-jetpack 5.6.3 Reflected.Cross-Site.Scripting HIGH" "woocommerce-jetpack 5.6.7 Custom.Role.Creation/Deletion.via.CSRF MEDIUM" "woocommerce-jetpack 5.6.7 Checkout.Files.Deletion.via.CSRF LOW" "woocommerce-jetpack 5.6.7 ShopManager+.Arbitrary.File.Download MEDIUM" "woocommerce-jetpack 5.6.7 Settings.Reset.via.CSRF MEDIUM" "woocommerce-jetpack 5.6.3 Subscriber+.Order.Status.Update MEDIUM" "woocommerce-jetpack 5.6.2 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-jetpack 5.4.9 Reflected.Cross-Site.Scripting.in.Product.XML.Feeds.Module HIGH" "woocommerce-jetpack 5.4.9 Reflected.Cross-Site.Scripting.in.General.Module HIGH" "woocommerce-jetpack 5.4.9 Reflected.Cross-Site.Scripting.in.PDF.Invoicing.Module HIGH" "woocommerce-jetpack 5.4.4 Authentication.Bypass CRITICAL" "woocommerce-jetpack 3.8.0 XSS MEDIUM" "woocommerce-booking 6.10.0 Subscriber+.Arbitrary.Option.Update HIGH" "wp-easycart 5.7.9 Missing.Authorization.to.Order.Updates MEDIUM" "wp-easycart 5.7.3 Authenticated.(Contributor+).SQL.Injection.via.model_number.Parameter HIGH" "wp-easycart 5.6.0 Missing.Authorization MEDIUM" "wp-easycart 5.6.5 Sensitive.Information.Exposure MEDIUM" "wp-easycart 5.6.0 Cross-Site.Request.Forgery MEDIUM" "wp-easycart 5.6.4 Contributor+.SQL.Injection MEDIUM" "wp-easycart 5.4.11 Administrator+.Time-based.SQL.Injection HIGH" "wp-easycart 5.4.9 Product.Deletion.via.CSRF MEDIUM" "wp-easycart 5.4.9 Multiple.CSRFs MEDIUM" "wp-easycart 5.4.3 Admin+.LFI MEDIUM" "wp-easycart 5.2.5 Arbitrary.Design.Settings.Update.via.CSRF MEDIUM" "wp-easycart 5.1.1 CSRF.to.Stored.Cross-Site.Scripting HIGH" "wp-easycart 3.0.21 3.0.20.-.Privilege.Escalation HIGH" "wptf-image-gallery No.known.fix Remote.File.Download HIGH" "woocommerce-extra-charges-to-payment-gateways No.known.fix Unauthorised.Arbitrary.Plugin.Settings.Change.to.Stored.XSS CRITICAL" "woocommerce-ninjaforms-product-addons 1.7.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-user No.known.fix Unauthenticated.SQLi HIGH" "wp-user No.known.fix Admin+.Stored.XSS LOW" "wp-user 7.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-setup-wizard 1.0.8.2 Authenticated.(Subscriber+).Full.Database.Download MEDIUM" "wd-facebook-feed No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wd-facebook-feed 1.2.9 Reflected.XSS MEDIUM" "wd-facebook-feed 1.1.27 Authenticated.SQL.Injection MEDIUM" "wp-mailster 1.8.21.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-mailster 1.8.18.0 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "wp-mailster 1.8.18.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-mailster 1.8.18.0 Cross-Site.Request.Forgery MEDIUM" "wp-mailster 1.8.17.0 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "wp-mailster 1.8.18.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-mailster 1.8.17.0 Missing.Authorization HIGH" "wp-mailster 1.8.17.0 Authenticated.(Contributor+).SQL.Injection.via.orderby HIGH" "wp-mailster 1.8.17.0 Missing.Authorization MEDIUM" "wp-mailster 1.8.17.0 Unauthenticated.Information.Exposure MEDIUM" "wp-mailster 1.8.16.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-mailster 1.8.17.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-mailster 1.5.5 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "wp-maintenance-mode-site-under-construction 4.4 Cross-Site.Request.Forgery MEDIUM" "wp-maintenance-mode-site-under-construction 1.9 Arbitrary.Plugin.Installation/Activation.via.CSRF CRITICAL" "wp-maintenance-mode-site-under-construction 1.8.2 Arbitrary.Plugin.Installation/Activation.via.Low.Privilege.User CRITICAL" "wp-cookiechoise No.known.fix CSRF.to.Stored.Cross-Site.Scripting HIGH" "wp-login-control No.known.fix Reflected.XSS HIGH" "wen-responsive-columns 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wm-zoom No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-parallax-content-slider No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wc-product-table-lite 3.9.6 Missing.Authorization MEDIUM" "wc-product-table-lite 3.9.5 Unauthenticated.Arbitrary.Shortcode.Execution.&.Reflected.Cross-Site.Scripting HIGH" "wc-product-table-lite 3.9.0 Missing.Authorization MEDIUM" "wc-product-table-lite 3.8.7 Unauthenticated.Arbitrary.Shortcode.Execution.&.Reflected.Cross-Site.Scripting HIGH" "wc-product-table-lite 3.8.6 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "wc-product-table-lite 3.8.6 Missing.Authorization.to.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wc-product-table-lite 3.1.0 CSRF MEDIUM" "wc-product-table-lite 2.4.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-downloadmanager 1.68.11 Authenticated.(Administrator+).Arbitrary.File.Read MEDIUM" "wp-downloadmanager 1.68.11 Admin+.Arbitrary.File.Deletion MEDIUM" "wp-downloadmanager 1.68.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-downloadmanager 1.68.7 Admin+.Stored.Cross-Site.Scripting LOW" "wp-downloadmanager 1.68.7 Reflected.Cross-Site.Scripting MEDIUM" "wp-downloadmanager 1.68.5 Server-Side.Request.Forgery.(SSRF) MEDIUM" "wordpress-logging-service No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-video-robot No.known.fix The.Ultimate.Video.Importer.<=.1.20.0.-.Reflected.Cross-Site.Scripting MEDIUM" "wp-video-robot No.known.fix .Authenticated.(Subscriber+).Privilege.Escalation.via.User.Meta.Update HIGH" "wp-video-robot No.known.fix The.Ultimate.Video.Importer.<=.1.20.0.-.Unauthenticated.SQL.Injection HIGH" "woo-customers-order-history No.known.fix Missing.Authorization MEDIUM" "woo-customers-order-history 5.2.2 Reflected.Cross-Site.Scripting MEDIUM" "woo-customers-order-history 5.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-front-end-login-and-register No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-opening-hours No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-simple-slideshow No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-get-personal-lite No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpzoom-addons-for-beaver-builder 1.3.6 Authenticated.(Editor+).Local.File.Inclusion HIGH" "wpzoom-addons-for-beaver-builder 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Testimonials.Widget MEDIUM" "wpzoom-addons-for-beaver-builder 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Widget MEDIUM" "wpzoom-addons-for-beaver-builder 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Heading.Widget MEDIUM" "wpzoom-addons-for-beaver-builder 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Box.Widget MEDIUM" "wpzoom-addons-for-beaver-builder 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Team.Members.Widget MEDIUM" "woocommerce-order-status-change-notifier No.known.fix Subscriber+.Arbitrary.Order.Status.Update MEDIUM" "wp-yadisk-files No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-yadisk-files No.known.fix Admin+.Stored.XSS LOW" "wpo365-msgraphmailer 3.3 Open.Redirect.via.'redirect_to'.Parameter MEDIUM" "web3-coin-gate No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-ukrposhta 1.18.0 Reflected.Cross-Site.Scripting.via.order,.post,.and.idd.Parameters MEDIUM" "woo-ukrposhta 1.17.0 Reflected.Cross-Site.Scripting MEDIUM" "woo-ukrposhta 1.6.18 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-tooltip No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-cookies-alert No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "whatsapp No.known.fix Contributor+.Stored.XSS MEDIUM" "wordpress-backup-to-dropbox 4.1 Reflected.XSS MEDIUM" "wp-programmmanager No.known.fix Reflected.XSS HIGH" "wp-programmmanager No.known.fix Category.Deletion.via.CSRF MEDIUM" "wp-programmmanager No.known.fix Admin+.SQL.Injection MEDIUM" "wp-job-manager-resumes 2.2.0 Resume.Manager.<.2.2.0.-.Missing.Authorization MEDIUM" "wp-job-manager-resumes 2.2.0 Resume.Manager.<.2.2.0.-.Cross-Site.Request.Forgery MEDIUM" "wp-docs 2.2.7 Missing.Authorization MEDIUM" "wp-docs 2.2.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-docs 2.2.1 Authenticated.(Subscriber+).Time-Based.SQL.Injection.via.'dir_id' MEDIUM" "wp-docs 2.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-docs 2.1.4 Reflected.Cross-Site.Scripting MEDIUM" "wp-docs 2.0.0 Reflected.XSS HIGH" "wordpress-popular-posts 7.2.0 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "wordpress-popular-posts 6.3.3 Contributor+.Stored.XSS MEDIUM" "wordpress-popular-posts 6.1.0 Unauthenticated.Views.Manipulation MEDIUM" "wordpress-popular-posts 6.0.0 Reflected.Cross-Site.Scripting MEDIUM" "wordpress-popular-posts 5.3.4 Admin+.Stored.Cross-Site.Scripting LOW" "wordpress-popular-posts 5.3.3 Authenticated.Code.Injection HIGH" "wordpress-popular-posts 5.3.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-post-list-table 1.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-blogs-planetarium No.known.fix Settings.Update.via.CSRF MEDIUM" "ws-force-login-page 3.0.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-time-machine No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wpbulky-wp-bulk-edit-post-types 1.0.10 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wp-super-cache 1.9 Unauthenticated.Cache.Poisoning MEDIUM" "wp-super-cache 1.7.3 Authenticated.Remote.Code.Execution HIGH" "wp-super-cache 1.7.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-super-cache 1.7.2 Authenticated.Remote.Code.Execution.(RCE) HIGH" "wp-super-cache 1.4.9 Cross-Site.Scripting.(XSS) MEDIUM" "wp-super-cache 1.4.5 PHP.Object.Injection HIGH" "wp-super-cache 1.4.3 Stored.Cross-Site.Scripting.(XSS) HIGH" "wp-super-cache 1.3.1 trunk/plugins/badbehaviour.php.URI.XSS MEDIUM" "wp-super-cache 1.3.1 trunk/plugins/domain-mapping.php.URI.XSS MEDIUM" "wp-super-cache 1.3.1 trunk/plugins/awaitingmoderation.php.URI.XSS MEDIUM" "wp-super-cache 1.3.1 trunk/wp-cache.php.wp_nonce_url.Function.URI.XSS MEDIUM" "wp-super-cache 1.3.1 trunk/plugins/searchengine.php.URI.XSS MEDIUM" "wp-super-cache 1.3.1 trunk/plugins/wptouch.php.URI.XSS MEDIUM" "wp-super-cache 1.3.2 Remote.Code.Execution HIGH" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.6 Authenticated.(Contributor+).SQL.Injection MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.5 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.4 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.4 Authenticated.(Contributor+).SQL.Injection CRITICAL" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.3 Unauthenticated.Arbitrary.Shortcode.Execution CRITICAL" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.1 Missing.Authorization MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.2 Cross-Site.Request.Forgery MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.1 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.1 Reflected.XSS HIGH" "wp-meta-data-filter-and-taxonomy-filter 1.2.8 Arbitrary.Settings.Update.via.CSRF MEDIUM" "wp-mailer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-tweet-walls 1.0.4 Cross-Site.Request.Forgery MEDIUM" "wp-link-preview No.known.fix Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "woo-vietnam-checkout 2.0.8 Authenticated.(Shop.manager+).Stored.Cross-Site.Scripting MEDIUM" "woo-vietnam-checkout 2.0.8 Admin+.Stored.Cross-Site.Scripting MEDIUM" "woo-vietnam-checkout 2.0.6 Unauthenticated.Stored.XSS HIGH" "woo-vietnam-checkout 2.0.5 Reflected.XSS HIGH" "woo-conditional-payment-gateways 1.16.0 Reflected.Cross-Site.Scripting MEDIUM" "woo-conditional-payment-gateways 1.13.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-elegant-testimonial No.known.fix Multiple.Authenticated.Stored.Cross-Site.Scripting LOW" "wibstats-statistics-for-wordpress-mu No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-performance-pack No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-performance-pack 2.5.4 Missing.Authorization MEDIUM" "wp-ajax-contact-form No.known.fix Arbitrary.Email.Deletion.via.CSRF MEDIUM" "wp-ajax-contact-form No.known.fix Reflected.Cross-Site.Scripting HIGH" "woo-gift-cards-lite 3.1.5 Authenticated.(Administrator+).SQL.Injection.via.wps_wgm_save_post.Function MEDIUM" "woo-gift-cards-lite 3.0.7 Missing.Authorization.to.Infinite.Money.Glitch HIGH" "woo-gift-cards-lite 2.6.7 Missing.Authorization.to.Unauthenticated.Information.Exposure MEDIUM" "woo-gift-cards-lite 2.1.2 Cross-Site.Request.Forgery MEDIUM" "woo-gift-cards-lite 2.1.2 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "wpsimpletools-log-viewer No.known.fix Cross-Site.Request.Forgery.via.wpst_lw_viewer MEDIUM" "woo-cart-abandonment-recovery 1.2.27 Templates/Abandoned.Orders.Deletion.via.CSRF MEDIUM" "wp-ticket-ultra No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "wp-simple-events No.known.fix Admin+.Cross.Site.Scripting MEDIUM" "wp-register-profile-with-shortcode 3.6.0 Cross-Site.Request.Forgery.to.User.Password.Reset HIGH" "wp-register-profile-with-shortcode 3.5.9 Admin+.Stored.XSS LOW" "wc-serial-numbers 2.1.1 Missing.Authorization MEDIUM" "wc-serial-numbers 1.6.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "wpsol No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "woolentor-addons 3.1.3 Unauthenticated.Server-Side.Request.Forgery.via.URL.Parameter MEDIUM" "woolentor-addons 3.1.1 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.Flash.Sale.Countdown.Module MEDIUM" "woolentor-addons 2.9.9 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.WL:.FAQ.Widget.Elementor.Template MEDIUM" "woolentor-addons 2.9.8 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "woolentor-addons 2.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.WL.Product.Horizontal.Filter.Widget MEDIUM" "woolentor-addons 2.8.9 Authenticated.Option.Update MEDIUM" "woolentor-addons 2.8.9 Contributor+.Stored.XSS.via.woolentorsearch.Shortcode MEDIUM" "woolentor-addons 2.8.8 Contributor+.Stored.XSS MEDIUM" "woolentor-addons 2.8.8 Missing.Authorization MEDIUM" "woolentor-addons 2.8.8 Contributor+.Stored.XSS MEDIUM" "woolentor-addons 2.8.2 Contributor+.Stored.XSS MEDIUM" "woolentor-addons 2.8.2 Contributor+.Template.Reset LOW" "woolentor-addons 2.8.5 Authenticated.(Contributor+).Stored.Cross-site.Scripting.via.QR.Code.Widget MEDIUM" "woolentor-addons 2.8.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.WL.Universal.Product.Layout MEDIUM" "woolentor-addons 2.8.2 Contributor+.Stored.Cross-Site.Scripting.via.Banner.Link MEDIUM" "woolentor-addons 2.6.3 Settings.Update.via.CSRF MEDIUM" "woolentor-addons 2.5.2 Settings.Update.via.CSRF MEDIUM" "woolentor-addons 2.5.4 Contributor+.Stored.XSS MEDIUM" "woolentor-addons 2.5.4 PHP.Object.Injection MEDIUM" "woolentor-addons 1.8.6 WooCommerce.Elementor.Addons.+.Builder.<.1.8.6.-.Contributor+.Stored.XSS MEDIUM" "websand-subscription-form No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-contact-form7-email-spam-blocker No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-soononline-page No.known.fix Cross-Site.Request.Forgery MEDIUM" "watu 3.4.4 Authenticated.(Administrator+).SQL.Injection MEDIUM" "watu 3.4.3 Reflected.Cross-Site.Scripting MEDIUM" "watu 3.4.1.3 Authenticated.(Contributor+).SQL.Injection MEDIUM" "watu 3.4.1.2 Author+.Stored.XSS MEDIUM" "watu 3.4.1.1 Sensitive.Information.Disclosure MEDIUM" "watu 3.4.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "watu 3.3.9.3 Reflected.XSS HIGH" "watu 3.3.9.1 Reflected.XSS HIGH" "watu 3.3.8.1 Admin+.Stored.XSS LOW" "watu 3.3.8.3 Admin+.Stored.XSS LOW" "watu 3.3.8.2 Reflected.XSS HIGH" "watu 3.1.2.6 Reflected.XSS.via.question-form.html.php HIGH" "wp-better-emails No.known.fix Admin+.Stored.XSS LOW" "wpide 3.5.0 Unauthenticated.Full.Path.Dislcosure MEDIUM" "wpide 3.4.7 Reflected.Cross-Site.Scripting MEDIUM" "wpide 3.0 Admin+.Arbitrary.File.Read MEDIUM" "wpide 3.0 Admin+.Arbitrary.File.Edit.&.Upload MEDIUM" "wpide 3.0 Admin+.Local.File.Inclusion LOW" "wp-security-master No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-font-awesome-share-icons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-limit-failed-login-attempts 5.6 Unauthenticated.SQL.Injeciton HIGH" "wp-limit-failed-login-attempts 5.4 IP.Address.Spoofing.to.Protection.Mechanism.Bypass MEDIUM" "wp-limit-failed-login-attempts 5.1 Unauthenticated.SQLi HIGH" "wp-limit-failed-login-attempts 2.9 Arbitrary.Plugin.Installation/Activation.via.Low.Privilege.User CRITICAL" "wp-limit-failed-login-attempts 3.1 Arbitrary.Plugin.Installation/Activation.via.CSRF CRITICAL" "wp-abstracts-manuscripts-manager No.known.fix Stored.XSS.via.CSRF HIGH" "wp-abstracts-manuscripts-manager 2.7.4 Cross-Site.Request.Forgery.to.Arbitrary.Account.Deletion HIGH" "wp-abstracts-manuscripts-manager 2.7.3 Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "wp-abstracts-manuscripts-manager 2.7.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-abstracts-manuscripts-manager 2.7.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-abstracts-manuscripts-manager 2.6.4 Admin+.Stored.XSS LOW" "wp-abstracts-manuscripts-manager 2.6.3 Cross-Site.Request.Forgery MEDIUM" "wp-abstracts-manuscripts-manager 2.6.4 Reflected.XSS HIGH" "wp-enable-svg No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "wp-geometa No.known.fix 0.3.5.-.Subscriber+.Privilege.Escalation HIGH" "wpfront-notification-bar 3.4 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "wpfront-notification-bar 3.4 Admin+.Stored.XSS MEDIUM" "wpfront-notification-bar 2.1.0.08087 Authenticated.Stored.XSS LOW" "wpfront-notification-bar 2.0.0.07176 Authenticated.Stored.XSS MEDIUM" "woocommerce-es 2.1 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-es 2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wowrestro 1.1 CSRF.Bypass MEDIUM" "woocommerce-compare-products No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-compare-products No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "waymark 1.5.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "waymark 1.5.3 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "waymark 1.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "waymark 1.4.2 Reflected.Cross-Site.Scripting.via.'content' MEDIUM" "widget-twitter No.known.fix Contributor+.SQLi MEDIUM" "wp-logo-showcase 1.3.37 Editor.Plugin's.Settings.Update LOW" "wp-admin-custom-page No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wpf-ultimate-carousel No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpexperts-square-for-give 1.3.2 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "wpexperts-square-for-give 1.3.2 Subscriber+.SQL.Injection HIGH" "wordpress-simple-paypal-shopping-cart 5.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wordpress-simple-paypal-shopping-cart 5.1.4 Insecure.Direct.Object.Reference.via.'quantity' MEDIUM" "wordpress-simple-paypal-shopping-cart 5.1.4 Insecure.Direct.Object.Reference MEDIUM" "wordpress-simple-paypal-shopping-cart 5.1.3 Unauthenticated.Information.Exposure.via.file_url.Parameter HIGH" "wordpress-simple-paypal-shopping-cart 5.1.3 Unauthenticated.Product.Price.Manipulation HIGH" "wordpress-simple-paypal-shopping-cart 5.0.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wordpress-simple-paypal-shopping-cart 4.7.2 Authenticated(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wordpress-simple-paypal-shopping-cart 4.6.4 Unauthenticated.PII.Disclosure MEDIUM" "wordpress-simple-paypal-shopping-cart 4.6.2 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-category-dropdown 1.9 Contributor+.Stored.XSS MEDIUM" "wp-users-disable No.known.fix Unauthenticated.Settings.Update MEDIUM" "wordpress-mobile-pack No.known.fix Cross-Site.Request.Forgery MEDIUM" "wordpress-mobile-pack 2.1.3 Information.Disclosure HIGH" "wp-courses 3.2.22 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.User.Meta.Update HIGH" "wp-courses 3.2.4 Cross-Site.Request.Forgery MEDIUM" "wp-courses 3.2.4 Missing.Authorization MEDIUM" "wp-courses 3.2.4 Subscriber+.Arbitrary.Options.Update HIGH" "wp-courses 2.0.44 Authenticated.Stored.XSS.via.Video.Embed.Code LOW" "wp-courses 2.0.44 Reflected.Cross-Site.Scripting HIGH" "wp-courses 2.0.29 Broken.Access.Controls.leading.to.Courses.Content.Disclosure HIGH" "wordpress-notification-bar No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wpbenchmark 1.3.7 Cross-Site.Request.Forgery.via.execute_plugin() MEDIUM" "woo-customers-spreadsheet-bulk-edit 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "woo-customers-spreadsheet-bulk-edit 1.0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-flipclock No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-flipclock 1.8 Contributor+.Stored.XSS MEDIUM" "wp-calameo 2.1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wordpress-plugin-for-simple-google-adsense-insertion 2.1 Inject.ads.and.javascript.via.CSRF MEDIUM" "wp-backup-manager No.known.fix Reflected.XSS HIGH" "wp-editor 1.2.9.2 Authenticated.(Administrator+).Directory.Traversal.to.Arbitrary.File.Read MEDIUM" "wp-editor 1.2.9.2 Authenticated.(Administrator+).Directory.Traversal.to.Arbitrary.File.Update HIGH" "wp-editor 1.2.9.1 Authenticated.(Admin+).PHAR.Deserialization HIGH" "wp-editor 1.2.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-editor 1.2.8 Sensitive.Information.Exposure.via.log.file MEDIUM" "wp-editor 1.2.7 Authenticated.SQL.injection CRITICAL" "wp-editor 1.2.6.3 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "wp-editor 1.2.6 CSRF.&.Incorrect.Permissions CRITICAL" "wc-basic-slider 2.1.0 CSRF.Bypass MEDIUM" "wp-hide-pages No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-private-message 1.0.6 Private.Message.Disclosure.via.IDOR MEDIUM" "wp-geshi-highlight No.known.fix Author+.ReDoS LOW" "woocommerce-shipping-per-product 2.5.5 Missing.Authorization MEDIUM" "wpcomplete 2.9.5 Reflected.Cross-Site.Scripting HIGH" "wp-social-stream No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-tools-divi-product-carousel 1.5.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-tools-divi-product-carousel 1.5.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-responsive-video-gallery-with-lightbox 1.0.7 Authenticated.(Admin+).SQL.Injection MEDIUM" "wp-responsive-video-gallery-with-lightbox 1.0.1 Cross-Site.Request.Forgery MEDIUM" "wp-responsive-video-gallery-with-lightbox 1.0.23 Reflected.XSS HIGH" "wp-planet No.known.fix Unauthenticated.Reflected.XSS MEDIUM" "woo-floating-cart-lite 2.8.3 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "woo-floating-cart-lite 2.7.4 Reflected.Cross-Site.Scripting MEDIUM" "woo-floating-cart-lite 2.6.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-advanced-shipment-tracking 3.5.3 CSRF MEDIUM" "woo-advanced-shipment-tracking 3.2.7 Authenticated.Options.Change CRITICAL" "wp-widget-bundle No.known.fix Unauthencated.Reflected.XSS MEDIUM" "wp-widget-bundle No.known.fix Widget.Disable/Enable.via.CSRF MEDIUM" "wp-widget-bundle No.known.fix Admin+.Stored.XSS LOW" "wordpress-custom-sidebar No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "wp-spacecontent No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wc-estimate-and-quote No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "widgets-for-ebay-reviews 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "wp-chinese-conversion No.known.fix Reflected.XSS HIGH" "wp-seo-tdk No.known.fix Unauthenticated.Setting.Update.to.Stored.XSS HIGH" "wpfilesearch No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-plugin-contact-form-7 No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-feature-box No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-t-wap No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-better-customer-list No.known.fix Reflected.Cross-Site.Scripting HIGH" "wonderplugin-slider-lite 14.0 Reflected.Cross-Site.Scripting.via.'page' MEDIUM" "wp-bookmarks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-mylinks 1.0.7 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-conversion-tracking 2.0.12 Subscriber+.Addon.Installation MEDIUM" "woocommerce-conversion-tracking 2.0.12 Subscriber+.happy-elementor-addons.Installation.&.Activation MEDIUM" "wpdevart-vertical-menu 1.5.9 Theme.Deletion.via.CSRF MEDIUM" "wpdevart-vertical-menu 1.5.9 Admin+.Stored.XSS LOW" "woo-custom-cart-button No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpdoodlez No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "wp-affiliate-platform 6.5.2 Affiliate.Deletion.via.CSRF MEDIUM" "wp-affiliate-platform 6.5.1 Reflected.XSS.via.Lead.Editing HIGH" "wp-affiliate-platform 6.5.1 Profile.Update.via.CSRF MEDIUM" "wp-affiliate-platform 6.5.1 Reflected.XSS.via.Banner.Editing HIGH" "wp-affiliate-platform 6.5.1 Reflected.XSS.via.Registration.Form HIGH" "wp-affiliate-platform 6.5.1 Stored.XSS.via.CSRF HIGH" "wp-affiliate-platform 6.5.1 POST.Reflected.XSS MEDIUM" "wp-affiliate-platform 6.5.1 Reflected.XSS.via.Affiliate.Editing HIGH" "wp-affiliate-platform 6.4.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-affiliate-platform 6.4.0 Affiliate.Record.Deletion.via.CSRF MEDIUM" "wp-affiliate-platform 6.4.0 Admin+.Stored.XSS LOW" "wgauge No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wgauge No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-auctions No.known.fix Authenticated.(Editor+).SQL.Injection MEDIUM" "wp-auctions No.known.fix Editor+.SQL.Injection MEDIUM" "wp-auctions No.known.fix Editor+.Stored.XSS LOW" "wp-auctions No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "wp-auctions No.known.fix Unauthenticated.SQL.Injection HIGH" "wpsection 1.3.9 Authenticated.(Contributor+).Local.File.Inlcusion HIGH" "woo-fattureincloud 2.6.8 Reflected.Cross-Site.Scripting MEDIUM" "wp-rest-api-authentication 3.6.4 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Options.Update MEDIUM" "wp-rest-api-authentication 2.4.1 Settings.Update.via.CSRF MEDIUM" "wp-dark-mode 5.0.5 Missing.Authorization MEDIUM" "wp-dark-mode 4.0.8 Subscriber+.Local.File.Inclusion MEDIUM" "wp-dark-mode 4.0.0 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "wprequal 8.3.1 Cross-Site.Request.Forgery.to.Settings.Reset MEDIUM" "wp-e-customers No.known.fix Reflected.XSS HIGH" "wp-mailing-group 3.0.5 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "wp-mailing-group 3.0.0 Reflected.Cross-Site.Scripting HIGH" "wp-mailing-group 3.0.0 Admin+.SQL.Injection MEDIUM" "wp-symposium No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-blocks-hub No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "wp-turnstile-cloudflare-captcha No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-beta-tester 2.2.4 Admin+.SQLi MEDIUM" "wp-currency-exchange-rates 1.3.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-original-media-path 2.4.1 Admin+.Stored.XSS LOW" "wp-vk 1.3.4 Cross-Site.Request.Forgery.via.AJAX.actions MEDIUM" "wpex-replace No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-store-toolkit 2.3.9 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-store-toolkit 2.3.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-store-toolkit 2.3.2 Reflected.Cross-Site.Scripting HIGH" "woocommerce-store-toolkit 1.5.8 Privilege.Escalation CRITICAL" "woocommerce-store-toolkit 1.5.7 Store.Toolkit.Plugin.<=.1.5.6.-.Privilege.Escalation CRITICAL" "wp-user-merger 1.5.3 Admin+.SQLi.via.ID MEDIUM" "wp-user-merger 1.5.3 Admin+.SQLi.via.user_id MEDIUM" "wp-user-merger 1.5.3 Admin+.SQLi.via.wpsu_user_id MEDIUM" "wordpress-tooltips 9.5.3 Cross-Site.Request.Forgery MEDIUM" "wordpress-tooltips 9.4.5 Authenticated.(Contributor+).SQL.Injection CRITICAL" "wp-client-reports 1.0.23 Cross-Site.Request.Forgery MEDIUM" "wp-timelines 3.6.8 Unauthenticated.Local.File.Inclusion CRITICAL" "wp-timelines 3.6.8 Reflected.Cross-Site.Scripting MEDIUM" "wp-timelines 3.6.8 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-quick-front-end-editor No.known.fix Authenticated.Content.Injection MEDIUM" "wp-quick-front-end-editor No.known.fix Authenticated.Settings.Change.leading.to.Stored.XSS CRITICAL" "wp-carousel-free 2.7.4 Admin+.Stored.XSS LOW" "wp-carousel-free 2.6.9 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "wp-carousel-free 2.6.4 Authenticated.(Admin+).PHP.Object.Injection HIGH" "wp-carousel-free 2.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'sp_wp_carousel_shortcode' MEDIUM" "wp-carousel-free 2.6.9 Editor+.Stored.XSS LOW" "wp-carousel-free 2.5.3 Contributor+.Stored.XSS MEDIUM" "wc-remove-tabs-and-fields 1.68 Reflected.Cross-Site.Scripting MEDIUM" "woo-product-gallery-slider 2.2.9 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wp-dummy-content-generator 3.3.0 Unauthenticated.Code.Injection CRITICAL" "wp-dummy-content-generator 3.1.3 Missing.Authorization MEDIUM" "wp-dummy-content-generator 3.0.0 Cross-Site.Request.Forgery MEDIUM" "widgets-for-zillow-reviews 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "wp-stacker No.known.fix Stored.XSS.via.CSRF HIGH" "woo-shipping-display-mode 3.7.7 Reflected.Cross-Site.Scripting MEDIUM" "woo-shipping-display-mode 3.7.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-social-login No.known.fix Cross-Site.Request.Forgery MEDIUM" "woo-social-login 2.7.8 WordPress./.WooCommerce.Plugin.<.2.7.8.-.Authentication.Bypass HIGH" "woo-social-login 2.7.6 Social.Login.<.2.7.6.-.Authentication.Bypass.to.Account.Takeover CRITICAL" "woo-social-login 2.7.4 Social.Login.<.2.7.4.-.Missing.Authorization.to.Unauthenticated.Privilege.Escalation CRITICAL" "woo-social-login 2.7.4 Social.Login.<.2.7.4.-.Unauthenticated.Privilege.Escalation.via.One-Time.Password HIGH" "woo-social-login 2.7.4 Social.Login.<.2.7.4.-.Unauthenticated.Authentication.Bypass HIGH" "woo-social-login 2.7.0 Unauthenticated.PHP.Object.Injection CRITICAL" "woo-social-login 2.6.3 Social.Login.<.2.6.3.-.Email.Verification.due.to.Insufficient.Randomness MEDIUM" "woo-social-login 2.6.3 Social.Login.<.2.6.3.-.Unauthenticated.PHP.Object.Injection CRITICAL" "world-travel-information No.known.fix Reflected.Cross-Site.Scripting HIGH" "wp-ticketbai 3.21 Unauthenticated.SQL.Injection HIGH" "wp-ticketbai No.known.fix Missing.Authorization MEDIUM" "wp-ticketbai 3.19 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "wp2appir No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wholesale-pricing-woocommerce No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wholesale-pricing-woocommerce 3.8.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-editormd No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-editormd 10.0.4 Cross-Site.Scripting.(XSS) MEDIUM" "web-push No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wordpress-users No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-video-gallery-free No.known.fix Unauthenticated.SQLi HIGH" "wpshare247-elementor-addons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wck-custom-fields-and-custom-post-types-creator 2.3.3 Admin+.Stored.XSS LOW" "wp-smtp 2.1.6 Unauthenticated.Stored.Cross-Site.Scripting.via.Email HIGH" "wp-smtp 1.2.7 1.2.6.-.Authenticated.(Admin+).SQL.Injection HIGH" "wicked-folders 2.18.17 Folder.Structure.Update.via.CSRF MEDIUM" "wicked-folders 2.18.17 Subscriber+.Folder.Structure.Update MEDIUM" "wicked-folders 2.8.10 Subscriber+.SQL.Injection HIGH" "wp-date-and-time-shortcode 2.6.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-sort-order 1.3.2 Missing.Authorization MEDIUM" "wc-myparcel-belgium 4.5.6 Reflected.Cross-Site.Scripting MEDIUM" "woo-tumblog No.known.fix Missing.Authorization.to.Unauthenticated.Content.Injection MEDIUM" "wc-affiliate No.known.fix Subscriber+.PHP.Object.Injection HIGH" "wc-affiliate 2.6 Missing.Authorization.to.Authenticated.(Subscriber+).Sensitive.Information.Exposure.via.wf-export-all MEDIUM" "wc-affiliate 2.5 Reflected.Cross-Site.Scripting MEDIUM" "wc-affiliate 2.4 Reflected.XSS HIGH" "wp-sendfox No.known.fix Unauthenticated.Information.Disclosure MEDIUM" "wp-sendfox 1.3.1 Missing.Authorization MEDIUM" "wp-panoramio No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wpschoolpress No.known.fix Missing.Authorization.to.Arbitrary.User.Deletion MEDIUM" "wpschoolpress No.known.fix Authenticated.(Parent+).SQL.Injection MEDIUM" "wpschoolpress No.known.fix Missing.Authorization.to.Privilege.Escalation.via.Account.Takeover HIGH" "wpschoolpress No.known.fix Authenticated.(Teacher+).SQL.Injection MEDIUM" "wpschoolpress No.known.fix Authenticated.(Student/Parent+).SQL.Injection MEDIUM" "wpschoolpress 2.2.11 Insecure.Direct.Object.Reference.to.Authenticated.(Teacher+).Account.Takeover/Privilege.Escalation HIGH" "wpschoolpress 2.2.5 Teacher+.SQLi MEDIUM" "wpschoolpress 2.2.5 Cross-Site.Request.Forgery MEDIUM" "wpschoolpress 2.1.17 Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "wpschoolpress 2.1.10 Multiple.Authenticated.SQL.Injections HIGH" "wpschoolpress 2.1.10 Reflected.Cross-Site.Scripting HIGH" "woo-enviopack No.known.fix Reflected.Cross-Site.Scripting HIGH" "wp-rollback 1.2.3 Cross-Site.Scripting.(XSS).&.CSRF HIGH" "webd-woocommerce-advanced-reporting-statistics No.known.fix Unauthenticated.SQL.Injection HIGH" "wp-statistics 14.13.4 Subscriber+.Arbitrary.Plugin.Settings.Update MEDIUM" "wp-statistics 14.5.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-statistics 14.0 Authenticated.SQLi HIGH" "wp-statistics 13.2.11 Subscriber+.SQLi HIGH" "wp-statistics 13.2.9 Authenticated.SQLi HIGH" "wp-statistics 13.2.2 Admin+.Stored.Cross-Site.Scripting LOW" "wp-statistics 13.2.2 Reflected.Cross-Site.Scripting LOW" "wp-statistics 13.1.6 Multiple.Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-statistics 13.1.6 Unauthenticated.Blind.SQL.Injection.via.current_page_id CRITICAL" "wp-statistics 13.1.6 Unauthenticated.Blind.SQL.Injection.via.IP CRITICAL" "wp-statistics 13.1.6 Unauthenticated.Blind.SQL.Injection.via.current_page_type CRITICAL" "wp-statistics 13.1.6 Reflected.Cross-Site.Scripting MEDIUM" "wp-statistics 13.1.5 Unauthenticated.Blind.SQL.Injection CRITICAL" "wp-statistics 13.1.2 Arbitrary.Plugin.Activation/Deactivation.via.CSRF MEDIUM" "wp-statistics 13.1 Reflected.Cross-Site.Scripting.(XSS) HIGH" "wp-statistics 13.0.8 Unauthenticated.SQL.Injection HIGH" "wp-statistics 12.6.7 Unauthenticated.Stored.XSS.Under.Certain.Configurations CRITICAL" "wp-statistics 12.6.7 Unauthenticated.Blind.SQL.Injection MEDIUM" "wp-statistics 12.6.6.1 Authenticated.Stored.XSS MEDIUM" "wp-statistics 12.6.4 Referer.Cross-Site.Scripting.(XSS) MEDIUM" "wp-statistics 12.0.10 Authenticated.Cross-Site.Scripting.(XSS) CRITICAL" "wp-statistics 12.0.9 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-dream-carousel No.known.fix Reflected.XSS HIGH" "wp-jquery-lightbox 2.3.4 Contributor+.Stored.XSS MEDIUM" "wp-jquery-lightbox 1.5.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.title.Attribute MEDIUM" "wc-cashapp 6.0.3 Reflected.Cross-Site.Scripting MEDIUM" "wc-cashapp 5.3 Reflected.Cross-Site.Scripting MEDIUM" "woo-product-table 5.0.0 Reflected.XSS HIGH" "woo-product-table 3.5.2 Information.Exposure MEDIUM" "woo-product-table 3.1.2 Unauthenticated.Arbitrary.Function.Call CRITICAL" "woo-product-enquiry No.known.fix Unauthenticated.Stored.XSS HIGH" "wc-thanks-redirect 3.1 Reflected.Cross-Site.Scripting MEDIUM" "wc-thanks-redirect 3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp2leads No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp2leads 3.4.7 Reflected.Cross-Site.Scripting MEDIUM" "wp2leads 3.4.3 Reflected.Cross-Site.Scripting MEDIUM" "wp2leads 3.3.4 Reflected.Cross-Site.Scripting MEDIUM" "wp2leads 3.2.8 Missing.Authorization MEDIUM" "wp-latest-posts 5.0.8 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "wp-latest-posts 3.7.5 XSS MEDIUM" "wp-facebook-feed No.known.fix Reflected.XSS HIGH" "wp-facebook-feed No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-stats-manager 7.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-stats-manager 7.6 Missing.Authorization MEDIUM" "wp-stats-manager 6.9.5 Sensitive.Information.Exposure.via.Log.File MEDIUM" "wp-stats-manager 6.9 Unauthenticated.SQLi HIGH" "wp-stats-manager 6.5 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-stats-manager 5.8 Unauthenticated.SQLi HIGH" "wp-stats-manager 5.6 .Subscriber+.SQL.Injection HIGH" "wp-stats-manager 5.5 Arbitrary.IP.Address.Exclusion.to.Stored.XSS HIGH" "wp-stats-manager 4.8 Subscriber+.SQL.Injection HIGH" "wordpress-video No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-display-users No.known.fix Authenticated.SQL.Injection MEDIUM" "wp-masquerade No.known.fix Subscriber+.Account.Takeover HIGH" "wp-recipe-maker 9.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-recipe-maker 9.7.0 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.'tooltip' MEDIUM" "wp-recipe-maker 9.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'group_tag' MEDIUM" "wp-recipe-maker 9.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wprm-recipe-roundup-item.Shortcode MEDIUM" "wp-recipe-maker 9.3.0 Authenticated.Stored.Cross-Site.Scripting.via.Video.Embed MEDIUM" "wp-recipe-maker 9.2.0 Missing.Authorization.to.Authenticated.(Subscriber+).SQL.Injecton HIGH" "wp-recipe-maker 9.1.1 Reflected.Cross-Site.Scripting.via.Referer MEDIUM" "wp-recipe-maker 9.1.1 Contributor+.Stored.Cross-Site.Scripting.via.icon_color MEDIUM" "wp-recipe-maker 9.1.1 Contributor+.Stored.Cross-Site.Scripting.via.'tag' MEDIUM" "wp-recipe-maker 9.1.1 Contributor+.Stored.Cross-Site.Scripting.via.header_tag MEDIUM" "wp-recipe-maker 9.1.1 Directory.Traversal MEDIUM" "wp-recipe-maker 9.1.1 Contributor+.Stored.Cross-Site.Scripting.via.Recipe.Notes MEDIUM" "wp-recipe-maker 9.1.1 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-recipe-maker 8.6.1 Contributor+.Stored.XSS MEDIUM" "wp-taxonomy-import No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-touch-slider No.known.fix Reflected.XSS HIGH" "wp-attest No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-attest No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpb-show-core 2.7 Reflected.XSS HIGH" "wpb-show-core 2.6 Reflected.XSS HIGH" "wpb-show-core 2.7 Reflected.XSS HIGH" "wpb-show-core No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "wpb-show-core No.known.fix Unauthenticated.Server.Side.Request.Forgery MEDIUM" "wpb-show-core No.known.fix Reflected.Cross-Site.Scripting HIGH" "wp-music-player No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "wp-show-more No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.show_more.Shortcode MEDIUM" "woosquare 4.3 Reflected.Cross-Site.Scripting MEDIUM" "woosquare 4.2.9 Reflected.Cross-Site.Scripting MEDIUM" "woosquare 4.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-multiple-free-gift No.known.fix Insufficient.Server-Side.Validation.to.Arbitrary.Gift.Adding MEDIUM" "wpsimpletools-upload-limit No.known.fix Reflected.XSS HIGH" "woocommerce-bulk-stock-management 2.2.34 Reflected.XSS HIGH" "wpworx-faq No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpworx-faq No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-food No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "wordpress-seo 22.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wordpress-seo 22.6 Reflected.Cross-Site.Scripting MEDIUM" "wordpress-seo 21.1 Authenticated.(Seo.Manager+).Stored.Cross-Site.Scripting MEDIUM" "wordpress-seo 17.3 Unauthenticated.Full.Path.Disclosure NONE" "wordpress-seo 11.6 Authenticated.Stored.XSS CRITICAL" "wordpress-seo 9.2 Authenticated.Race.Condition MEDIUM" "wordpress-seo 5.8 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "wordpress-seo 3.4.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-photo-sphere No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-migrate-db-pro 2.6.11 Unauthenticated.PHP.Object.Injection CRITICAL" "wpify-woo 4.0.11 Reflected.Cross-Site.Scripting MEDIUM" "wpify-woo 4.0.9 Missing.Authorization MEDIUM" "wpify-woo 3.5.7 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-cloudflare-page-cache 4.7.6 Cross-Site.Request.Forgery MEDIUM" "wp-powerplaygallery No.known.fix Arbitrary.File.Upload.&.SQL.Injection HIGH" "wooms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-secure-by-sitesecuritymonitorcom No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-checkout-for-digital-goods 3.7.1 Reflected.Cross-Site.Scripting MEDIUM" "woo-checkout-for-digital-goods 3.6.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-checkout-for-digital-goods 2.2 CSRF.to.Settings.Change MEDIUM" "woo-myghpay-payment-gateway No.known.fix Reflected.Cross-Site.Scripting HIGH" "wp-ultimate-recipe 3.12.7 Authenticated.Stored.XSS MEDIUM" "wplegalpages 3.2.8 Cross-Site.Request.Forgery MEDIUM" "wplegalpages 2.9.3 Contributor+.Stored.XSS MEDIUM" "wplegalpages 2.7.1 Subscriber+.Arbitrary.Settings.Update.to.Stored.XSS MEDIUM" "wplegalpages 1.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-disable-sitemap 1.1.6.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-disable-sitemap 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-paypal 1.2.3.36 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wc-price-history 2.1.5 Authenticated.(Shop.manager+).PHP.Object.Injection HIGH" "wc-price-history 2.1.4 Missing.Authorization MEDIUM" "wp-ride-booking No.known.fix Cross-Site.Request.Forgery MEDIUM" "wpmastertoolkit 2.6.0 Authenticated.(Administrator+).to.Arbitrary.File.Read.and.Write HIGH" "wpmastertoolkit 1.14.0 Authenticated.(Admin+).Arbitrary.File.Download MEDIUM" "wpmastertoolkit 1.14.0 Authenticated.(Admin+).Arbitrary.File.Upload HIGH" "woo-ecommerce-tracking-for-google-and-facebook 3.7.2 CSRF MEDIUM" "woo-ecommerce-tracking-for-google-and-facebook 3.7.1 Reflected.Cross-Site.Scripting MEDIUM" "woo-ecommerce-tracking-for-google-and-facebook 3.6.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-html-sitemap No.known.fix wp-html-sitemap.html.Sitemap.Deletion.CSRF MEDIUM" "wp-payeezy-pay 2.98 Local.File.Inclusion CRITICAL" "woocommerce-checkout-cielo No.known.fix Insufficient.Verification.of.Data.Authenticity.to.Order.Payment.Status.Update MEDIUM" "wp-donate No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "wp-donate 1.5 Unauthenticated.SQL.Injection HIGH" "wp-meteor 3.4.4 Unauthenticated.Full.Path.Disclosure MEDIUM" "wp-championship 9.3 Multiple.CSRF MEDIUM" "wp-shopify No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-back-button No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "webmaster-tools No.known.fix Admin+.Stored.XSS LOW" "webmaster-tools No.known.fix Settings.Update.to.Stored.XSS.via.CSRF HIGH" "woocommerce-to-google-merchant-center No.known.fix Missing.Authorization MEDIUM" "wp-dpe-ges 1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-seo-keyword-optimizer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-seo-keyword-optimizer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-seo-keyword-optimizer 2.1.9.8 Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-members 3.5.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpmem_user_memberships.Shortcode MEDIUM" "wp-members 3.4.9.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpmem_loginout.Shortcode MEDIUM" "wp-members 3.4.9.6 Reflected.Cross-Site.Scripting MEDIUM" "wp-members 3.4.9.4 Unprotected.Storage.of.Potentially.Sensitive.Files MEDIUM" "wp-members 3.4.9.3 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-members 3.4.9.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-members 3.4.9 Contributor+.Sensitive.Information.Exposure MEDIUM" "wp-members 3.4.8 Subscriber+.Unauthorized.Plugin.Settings.Update MEDIUM" "wp-members 3.2.8.1 Cross-Site.Request.Forgery.(CSRF) HIGH" "wp-members 3.1.8 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "woo-abandoned-cart-recovery 1.0.4.1 Cross-Site.Request.Forgery MEDIUM" "woo-abandoned-cart-recovery 1.0.4.1 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "wp-slide-categorywise No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woothemes-sensei 4.24.0.1.24.0 Unauthenticated.Rewrite.Rules.Flushing MEDIUM" "woothemes-sensei 4.24.0.1.24.0 Authenticated.(Student+).Stored.Cross-Site.Scripting MEDIUM" "wp-airbnb-review-slider 4.0 Authenticated.(Administrator+).SQL.Injection MEDIUM" "wp-airbnb-review-slider 3.3 Subscriber+.SQLi HIGH" "wp-airbnb-review-slider 3.3 CSRF MEDIUM" "wp-system No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "webo-facto-connector 1.41 Unauthenticated.Privilege.Escalation CRITICAL" "wp-copysafe-web 4.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-copysafe-web 3.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-copysafe-web 3.14 Unauthenticated.Reflected.XSS HIGH" "wp-copysafe-web 2.6 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wp-media-folder 5.7.3 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wp-media-folder 5.7.3 Missing.Authorization.to.Authenticated(Subscriber+).Plugin.settings.change MEDIUM" "wp-media-folder 5.7.3 Missing.Authorization.to.Authenticated(Subscriber+).Title.Modification MEDIUM" "wp-translate No.known.fix Missing.Authorization MEDIUM" "webinar-and-video-conference-with-jitsi-meet 2.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "widgets-for-alibaba-reviews 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "wp-domain-redirect No.known.fix Authenticated.SQL.Injection MEDIUM" "woo-point-of-sale 6.2.0 Insecure.Direct.Object.Reference.to.Privilege.Escalation.via.Arbitrary.User.Email.Change CRITICAL" "wp-management-controller No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-open-street-map 1.30 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woocommerce-multilingual 5.3.9 Missing.Authorization MEDIUM" "woocommerce-multilingual 5.3.8 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-multilingual 5.3.7 Missing.Authorization MEDIUM" "woocommerce-multilingual 5.3.4 Shop.Manager+.SQL.Injection MEDIUM" "woocommerce-multilingual 5.3.4 Shop.Manager+.SQL.Injection MEDIUM" "woocommerce-multilingual 5.3.4 Shop.Manager+.SQL.Injection MEDIUM" "woocommerce-multilingual 5.3.4 Shop.Manager+.SQL.Injection MEDIUM" "woocommerce-multilingual 5.3.5 Missing.Authorization MEDIUM" "wp-fountain No.known.fix Reflected.Cross-Site.Scripting HIGH" "wpgenealogy No.known.fix Missing.Authorization MEDIUM" "wpgenealogy 0.1.5 Reflected.Cross-Site.Scripting MEDIUM" "wpgenealogy 0.1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "web-stat 1.4.1 API.Key.Disclosure HIGH" "wc-pickupp No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "wp-query-console No.known.fix Unauthenticated.Remote.Code.Execution CRITICAL" "wp-custom-taxonomy-meta No.known.fix Cross-Site.Request.Forgery.to.Taxonomy.Meta.Add/Delete MEDIUM" "wp-custom-taxonomy-meta No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-custom-taxonomy-meta No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "wplms-plugin 1.9.9.5.3 Unauthenticated.SQL.Injection HIGH" "wp-gmappity-easy-google-maps No.known.fix Subscriber+.SQL.Injection HIGH" "wp-to-twitter 3.3.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-to-twitter 3.3.0 Subscriber+.Arbitrary.Option.Update CRITICAL" "woocommerce-order-address-print No.known.fix Reflected.XSS HIGH" "wp-scraper 5.8.1 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "wp-scraper 5.8 Missing.Authorization.to.Arbitrary.Page/Post.Creation MEDIUM" "wp-eMember 10.7.0 Stored.XSS.via.CSRF HIGH" "wp-eMember 10.6.7 Reflected.XSS MEDIUM" "wp-eMember 10.6.6 Admin+.Arbitrary.File.Upload MEDIUM" "wp-eMember 10.6.6 Reflected.XSS HIGH" "wp-eMember 10.6.6 Bulk.Delete.via.CSRF MEDIUM" "wp-eMember 10.6.7 Reflected.XSS.via.Member.Edit HIGH" "wp-eMember 10.6.7 Unauthenticated.Stored.XSS.via.Member.Registration HIGH" "wp-eMember 10.6.6 Reflected.XSS HIGH" "wp-eMember 10.6.6 Stored.XSS.in.Blacklist.via.CSRF HIGH" "wp-eMember 10.3.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-eMember 10.3.9 Reflected.XSS HIGH" "wow-entrance-effects-wee No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wrapper-link-elementor 1.0.5 Injected.Backdoor CRITICAL" "wn-flipbox-pro 2.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-options-editor No.known.fix Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "wcsm-search-merchandising No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wcsm-search-merchandising No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-gateway-stripe 7.6.2 Unauthenticated.Order.Deletion.via.IDOR LOW" "woocommerce-gateway-stripe 7.6.1 Cross-Site.Request.Forgery MEDIUM" "woocommerce-gateway-stripe 7.4.1 Subscriber+.Order.Intent.Update MEDIUM" "woocommerce-gateway-stripe 7.4.1 Unauthenticated.PII.Disclosure.via.IDOR HIGH" "wp-bulk-delete 1.3.2 Reflected.Cross-Site.Scripting MEDIUM" "widget4call No.known.fix Reflected.XSS HIGH" "widget4call No.known.fix Reflected.XSS HIGH" "wpradio No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-condition No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-heyloyalty No.known.fix Unauthenticated.RCE.via.PHPUnit CRITICAL" "woo-product-variation-swatches 2.3.8 Reflected.Cross-Site.Scripting HIGH" "woocommerce-products-filter 1.3.6.5 Subscriber+.Local.File.Inclusion HIGH" "woocommerce-products-filter 1.3.6.6 Unauthenticated.Local.File.Inclusion CRITICAL" "woocommerce-products-filter 1.3.6.4 Reflected.Cross-Site.Scripting.via.really_curr_tax.Parameter MEDIUM" "woocommerce-products-filter 1.3.6.2 Insecure.Direct.Object.Reference.to.Unsubscribe MEDIUM" "woocommerce-products-filter 1.3.6.2 Authenticated.(Shop.Manager+).Arbitrary.Options.Update HIGH" "woocommerce-products-filter 1.3.6.1 Products.Filter.Professional.for.WooCommerce.<.1.3.6.1.-.Unauthenticated.Time-Based.SQL.Injection CRITICAL" "woocommerce-products-filter 1.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "woocommerce-products-filter 1.3.5.3 Subscriber+..Remote.Code.Execution CRITICAL" "woocommerce-products-filter 1.3.5.2 Cross-Site.Request.Forgery MEDIUM" "woocommerce-products-filter 1.3.5.3 Admin+.Local.File.Inclusion MEDIUM" "woocommerce-products-filter 1.3.5.2 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "woocommerce-products-filter 1.3.5.3 Contributor+.SQL.Injection HIGH" "woocommerce-products-filter 1.3.4.4 Multiple.Connections/Stats.CSRF MEDIUM" "woocommerce-products-filter 1.3.4.3 Unauthenticated.SQL.Injection.via.search.terms CRITICAL" "woocommerce-products-filter 1.3.4.3 Missing.Authorization.via.woof_meta_get_keys() MEDIUM" "woocommerce-products-filter 1.3.2 Products.Filter.for.WooCommerce.<.1.3.2.-.Admin+.PHP.Object.Injection LOW" "woocommerce-products-filter 1.2.6.3 Products.Filter.for.WooCommerce.<.1.2.6.3.-.Reflected.Cross-Site.Scripting HIGH" "woocommerce-products-filter 1.2.0 Multiple.Issues CRITICAL" "wc-peach-payments-gateway 3.2.0 Missing.Authorization.via.peach_core_version_rollback() MEDIUM" "wp-shamsi No.known.fix Subscriber+.Attachment.Deletion MEDIUM" "wp-shamsi 4.1.1 Unauthenticated.Arbitrary.Plugin.Deactivation MEDIUM" "wp-shamsi 4.2.0 Subscriber+.Settings.Update MEDIUM" "wp-athletics No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-athletics No.known.fix Subscriber+.Stored.Cross-Site.Scripting HIGH" "wp-config-file-editor No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-hide-categories No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-about-author 1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "weekly-schedule 3.4.3 Authenticated.Stored.XSS MEDIUM" "wpfunnels 3.5.19 Unauthenticated.PHP.Object.Injection CRITICAL" "wpfunnels 3.5.6 Reflected.Cross-Site.Scripting MEDIUM" "wpfunnels 3.0.7 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wpfunnels 2.7.17 Reflected.Cross-Site.Scripting HIGH" "wpfunnels 2.6.9 Contributor+.Stored.XSS MEDIUM" "wpforo-advanced-attachments 3.2.0 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-login-attempt-log No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "webtoffee-product-feed 2.2.9 Missing.Authorization MEDIUM" "wholesale-market-for-woocommerce 2.0.0 Admin+.Arbitrary.Log.Download MEDIUM" "wholesale-market-for-woocommerce 2.0.1 Settings.Update.via.CSRF MEDIUM" "wholesale-market-for-woocommerce 1.0.7 Unauthenticated.Arbitrary.File.Download HIGH" "wholesale-market-for-woocommerce 1.0.8 Admin+.Arbitrary.File.Download MEDIUM" "wti-like-post No.known.fix IP.Spoofing MEDIUM" "wti-like-post 1.4.6 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "wti-like-post 1.4.3 Unauthenticated.Blind.SQL.Injection CRITICAL" "wp-easy-poll-afo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wt-display-breeze 1.2.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.cal_size.Parameter MEDIUM" "webmaster-tools-verification No.known.fix Unauthenticated.Arbitrary.Plugin.Deactivation HIGH" "wp-google-street-view 1.1.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-google-street-view 1.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-google-street-view 1.0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-google-my-business-auto-publish 3.8 Multiple.CSRF MEDIUM" "wp-google-my-business-auto-publish 3.4 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "woo-altcoin-payment-gateway No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-altcoin-payment-gateway No.known.fix Unauthenticated.SQL.Injection HIGH" "woo-altcoin-payment-gateway 1.7.3 Unauthenticated.SQLi HIGH" "woo-altcoin-payment-gateway 1.6.1 Reflected.Cross-Site.Scripting HIGH" "wp-comment-fields 5.1 Missing.Authorization MEDIUM" "wp-comment-fields 5.1 Cross-Site.Request.Forgery MEDIUM" "wp-comment-fields 4.1 Admin+.Stored.Cross-Site.Scripting LOW" "woo-payment-gateway-for-piraeus-bank 1.7.0 Unauthenticated.SQL.Injection CRITICAL" "wp-inquiries No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "wpachievements-free No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-like-button No.known.fix Missing.Authorization.via.crublabFBLBAjax LOW" "wp-like-button No.known.fix Button.Settings.Update.via.CSRF MEDIUM" "wp-like-button 1.6.4 Auth.Bypass MEDIUM" "wp-commentnavi 1.12.2 Admin+.Stored.XSS LOW" "wp-ever-accounting 2.1.6 Cross-Site.Request.Forgery MEDIUM" "woolementor No.known.fix Author+.Stored.XSS MEDIUM" "woolementor 4.5 Unauthenticated.PHP.Object.Injection CRITICAL" "woolementor 4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "wp-fb-messenger-button-lite 2.0.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wovax-idx No.known.fix Missing.Authorization.to.Privilege.Escalation HIGH" "woo-billingo-plus 4.4.5.4 Multiple.CSRF MEDIUM" "wp-proposals No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "wordpress-gdpr 2.0.3 Missing.Authorization.to.Unauthenticated.Arbitrary.User.Deletion MEDIUM" "wordpress-gdpr 2.0.3 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wordpress-gdpr 1.9.27 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "wordpress-gdpr 1.9.26 Authenticated.Reflected.Cross-Site.Scripting MEDIUM" "webappick-product-feed-for-woocommerce 6.5.7 Shop.Manager+.Arbitrary.Options.Update HIGH" "webappick-product-feed-for-woocommerce 3.1.15 Authenticated.Reflected.XSS MEDIUM" "woo-related-products-refresh-on-reload 3.3.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-twitter-button No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-opt-in No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "weaverx-theme-support 6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.div.Shortcode MEDIUM" "weaverx-theme-support 6.3.1 Admin+.PHP.Object.Injection LOW" "weaverx-theme-support 6.2.7 Contributor+.Stored.XSS MEDIUM" "woo-login-redirect No.known.fix Cross-Site.Request.Forgery MEDIUM" "woo-login-redirect No.known.fix CSRF MEDIUM" "wp-sticky-social 1.0.2 Stored.XSS.via.CSRF HIGH" "wordpress-sql-backup No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-email-debug No.known.fix 1.1.0.-.Missing.Authorization.to.Unauthenticated.Privilege.Escalation.via.Password.Reset CRITICAL" "wp-job-board-pro No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "wp-autokeyword No.known.fix Missing.Authorization MEDIUM" "wp-autokeyword No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-autokeyword No.known.fix Missing.Authorization.to.Arbitrary.Content.Deletion MEDIUM" "wp-autokeyword No.known.fix Unauthenticated.SQL.Injection HIGH" "wp-responsive-tabs 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wordpress-tabs-slides No.known.fix CSRF MEDIUM" "wpformify No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpformify 1.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-multiple-addresses No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "wc-support-system 1.2.3 Unauthenticated.Ticket.Deletion/Update,.Settings.Update.etc MEDIUM" "wc-support-system 1.2.2 Admin+.SQLi MEDIUM" "wp-image-seo No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-central No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-central 1.5.1 Improper.Access.Control.to.Privilege.Escalation HIGH" "wp-additional-logins No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-announcements No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-swimteam 1.45 Local.File.Inclusion MEDIUM" "wordable 3.1.2 Plugin's.Authentication.Bypass HIGH" "wp-js No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wordpress-data-guards No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-fade-in-text-news 12.1 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "wplite No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "wp-wc-affiliate-program 8.5.0 Authentication.Bypass.to.Account.Takeover.and.Privilege.Escalation CRITICAL" "woo-manage-fraud-orders No.known.fix Unauthenticated.Information.Exposure.via.Log.Files MEDIUM" "woo-manage-fraud-orders No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpvivid-backuprestore 0.9.113 Admin+.Arbitrary.File.Upload HIGH" "wpvivid-backuprestore 0.9.107 Missing.Authorization MEDIUM" "wpvivid-backuprestore 0.9.108 Unauthenticated.PHP.Object.Injection HIGH" "wpvivid-backuprestore 0.9.106 Unauthenticated.Sensitive.Data.Exposure HIGH" "wpvivid-backuprestore 0.9.100 Admin+.PHAR.Deserialization HIGH" "wpvivid-backuprestore 0.9.69 Unauthenticated.SQLi.&.DoS HIGH" "wpvivid-backuprestore 0.9.95 Missing.Authorization MEDIUM" "wpvivid-backuprestore 0.9.92 WPvivid.<.0.9.92.-.Unauthenticated.Sensitive.Information.Exposure HIGH" "wpvivid-backuprestore 0.9.90 Admin+.Stored.XSS MEDIUM" "wpvivid-backuprestore 0.9.90 Admin+.Arbitrary.Directory.Deletion.via.Path.Traversal HIGH" "wpvivid-backuprestore 0.9.90 Admin+.Stored.XSS MEDIUM" "wpvivid-backuprestore 0.9.91 Missing.Authorization.via.'start_staging'.and.'get_staging_progress' HIGH" "wpvivid-backuprestore 0.9.77 Admin+.Arbitrary.File.Deletion MEDIUM" "wpvivid-backuprestore 0.9.76 Admin+.Arbitrary.File.Read MEDIUM" "wpvivid-backuprestore 0.9.75 Admin+.PHAR.Deserialization MEDIUM" "wpvivid-backuprestore 0.9.71 Admin+.Arbitrary.File.Download LOW" "wpvivid-backuprestore 0.9.70 Reflected.Cross-Site.Scripting MEDIUM" "wpvivid-backuprestore 0.9.69 Unauthenticated.Stored.Cross-Site.Scripting CRITICAL" "wpvivid-backuprestore 0.9.56 Reflected.Cross-Site.Scripting HIGH" "wp-show-stats No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-dropbox-dropins No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-testing No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "whizzy No.known.fix Missing.Authorization MEDIUM" "whizzy No.known.fix Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "wp-extra-file-types 0.5.1 CSRF.to.Stored.Cross-Site.Scripting HIGH" "wpantiddos No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-featured-screenshot No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-mail-smtp-pro 3.8.1 Unauthenticated.Email.Address.Disclosure MEDIUM" "woocommerce-gateway-amazon-payments-advanced 2.0.1 Reflected.Cross-Site.Scripting MEDIUM" "wholesalex 1.3.3 Unauthenticated.Privilege.Escalation MEDIUM" "wholesalex 1.3.2 Sensitive.Information.Exposure.via.export_users MEDIUM" "wholesalex 1.3.3 Unauthenticated.PHP.Object.Injection CRITICAL" "wholesalex 1.3.2 Authenticated(Subscriber+).Missing.Authorization.via.multiple.AJAX.actions MEDIUM" "wp-contact-form-iii No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-ultimate-review 2.3.0 Unauthenticated.Review.Restriction.Bypass MEDIUM" "wp-ultimate-review 2.3.0 Missing.Authorization MEDIUM" "wp-ultimate-review 2.3.0 Unauthenticated.Insecure.Direct.Object.Reference MEDIUM" "wp-ultimate-review No.known.fix IP.Spoofing MEDIUM" "wp-ultimate-review 2.3.1 Settings.Update.via.CSRF MEDIUM" "wp-ultimate-review 2.1.0 Admin+.Stored.XSS LOW" "wp-ultimate-review 2.1.0 Settings.Update.via.CSRF MEDIUM" "w3swoozoho 1.3.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-page-loading 1.0.7 Cross-Site.Request.Forgery MEDIUM" "wc-cross-seller No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wc-cross-seller No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-coupons-bulk-editor 1.3.40 Reflected.Cross-Site.Scripting MEDIUM" "woo-coupons-bulk-editor 1.3.28 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp125 1.5.5 Arbitrary.Ad.Deletion.via.CSRF MEDIUM" "wp-health 2.17.1 Unauthenticated.Local.File.Inclusion CRITICAL" "wp-custom-cms-block No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-monalisa 6.5 Cross-Site.Request.Forgery MEDIUM" "wp-maintenance 6.1.9.8 Authenticated.(Administrator+).PHP.Object.Injection HIGH" "wp-maintenance 6.1.9.3 IP.Spoofing.to.Maintenance.Mode.Bypass MEDIUM" "wp-maintenance 6.1.7 Information.Exposure MEDIUM" "wp-maintenance 6.1.4 IP.Restriction.Bypass MEDIUM" "wp-maintenance 6.0.8 Admin+.Stored.Cross-Site.Scripting LOW" "wp-maintenance 6.0.6 Admin+.Stored.Cross-Site.Scripting LOW" "wp-maintenance 5.0.7 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting HIGH" "wp-extra-fields No.known.fix Reflected.XSS HIGH" "wte-elementor-widgets 1.3.8 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wc-wallet No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Content.Deletion MEDIUM" "wpdeepl 2.4.1.2 Log.Pruning.via.CSRF MEDIUM" "wpdeepl 1.7.5 API.Key.Disclosure MEDIUM" "wise-chat 3.3.5 Unauthenticated.Stored.Cross-Site.Scripting.via.X-Forwarded-For.Header HIGH" "wise-chat 3.3.4 Unauthenticated.Sensitive.Information.Exposure.Through.Unprotected.Directory HIGH" "wise-chat 2.8.4 CSV.Injection HIGH" "wise-chat 2.7 Reverse.Tabnabbing MEDIUM" "wordpressplugin-upgrade-time-out-plugin No.known.fix Stored.XSS.via.CSRF HIGH" "woostify-sites-library 1.4.8 Subscriber+.Arbitrary.Options.Update.to.DoS HIGH" "wp-politic 2.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-politic 2.3.8 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "woo-multi-currency 2.2.6 Unauthenticated.Arbitrary.Shortcode.Execution.via.get_products_price.Function HIGH" "woo-multi-currency 2.2.4 Reflected.Cross-Site.Scripting MEDIUM" "woo-multi-currency 2.1.18 Reflected.Cross-Site.Scripting MEDIUM" "wp-media-file-type-manager No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "wp-imap-authentication No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "webico-slider-flatsome-addons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wbc_image.Shortcode MEDIUM" "woo-conditional-discount-rules-for-checkout 2.4.1 CSRF MEDIUM" "woo-conditional-discount-rules-for-checkout 2.3.3.1 Reflected.Cross-Site.Scripting MEDIUM" "woo-conditional-discount-rules-for-checkout 2.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-recargo-de-equivalencia No.known.fix Cross-Site.Request.Forgery MEDIUM" "wot-elementor-widgets No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpr-admin-amplify No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-auto-republish 1.5.6.1 Subscriber+.Settings.Update/Access MEDIUM" "wp-auto-republish 1.5.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-auto-republish 1.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-job-portal 2.3.3 Unauthenticated.SQL.Injection HIGH" "wp-job-portal 2.3.3 Unauthenticated.Arbitrary.File.Download HIGH" "wp-job-portal 2.3.3 Unauthenticated.Insecure.Direct.Object.Reference MEDIUM" "wp-job-portal 2.3.2 Unauthenticated.Local.File.Inclusion CRITICAL" "wp-job-portal 2.2.9 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-job-portal 2.2.9 Insecure.Direct.Object.Reference.to.Authenticated.(Subscriber+).User.Photo.Disconnection MEDIUM" "wp-job-portal 2.2.7 Insecure.Direct.Object.Reference.to.Authenticated.(Employer+).Arbitrary.Company.Deletion MEDIUM" "wp-job-portal 2.2.7 Missing.Authorization.to.Unauthenticated.Arbitrary.Email.Sending MEDIUM" "wp-job-portal 2.2.7 Insecure.Direct.Object.Reference.to.Authenticated.(Employer+).Arbitrary.Job.Deletion MEDIUM" "wp-job-portal 2.2.7 Insecure.Direct.Object.Reference.to.Unauthenticated.Company.Logo.Deletion MEDIUM" "wp-job-portal 2.2.7 Insecure.Direct.Object.Reference.to.Unauthenticated.Arbitrary.Resume.Download MEDIUM" "wp-job-portal 2.2.6 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "wp-job-portal 2.2.5 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "wp-job-portal 2.2.3 Missing.Authorization.to.Limited.Privilege.Escalation MEDIUM" "wp-job-portal 2.2.3 Authenticated.(Admin+).SQL.Injection.via.getFieldsForVisibleCombobox() MEDIUM" "wp-job-portal 2.2.3 Authenticated.(Admin+).SQL.Injection MEDIUM" "wp-job-portal 2.2.3 Authenticated.(Admin+).SQL.Injection.via.wpjobportal_deactivate() MEDIUM" "wp-job-portal 2.2.3 Unauthenticated.SQL.Injection HIGH" "wp-job-portal 2.2.3 Missing.Authorization.to.Unauthenticated.Arbitrary.Resume.Download MEDIUM" "wp-job-portal 2.2.1 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wp-job-portal 2.1.7 Missing.Authorization.to.Unauthenticated.Local.File.Inclusion,.Arbitrary.Settings.Update,.and.User.Creation CRITICAL" "wp-job-portal 2.1.9 Subscriber+.Insecure.Direct.Object.Reference MEDIUM" "wp-job-portal 2.1.4 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-job-portal 2.1.4 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-job-portal 2.0.7 Cross-Site.Request.Forgery MEDIUM" "wp-job-portal 2.0.6 Unauthenticated.SQLi HIGH" "wp-job-portal 2.0.2 Unauthenticated.Settings.Update MEDIUM" "wp-job-portal 2.0.6 Subscriber+.Stored.XSS HIGH" "webpushr-web-push-notifications 4.36.0 Reflected.Cross-Site.Scripting MEDIUM" "webpushr-web-push-notifications 4.35.0 Unauthenticated.Stored.XSS HIGH" "webpushr-web-push-notifications 4.35.0 LFI.via.CSRF MEDIUM" "wcp-openweather No.known.fix Cross-Site.Request.Forgery MEDIUM" "wcp-openweather No.known.fix Reflected.XSS HIGH" "wp-geonames 1.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-geonames 1.9 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-photo-reviews No.known.fix Review.Reminders.-.Review.for.Discounts.<=.1.3.13.-.Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-photo-reviews 1.3.14 Authentication.Bypass.to.Account.Takeover.and.Privilege.Escalation CRITICAL" "woorocks-magic-content-for-siteorigins-pagebuilder No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woorocks-magic-content-for-siteorigins-pagebuilder No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "wordsurvey No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.sounding_title.Parameter MEDIUM" "wp-force-ssl 1.67 Missing.Authorization.to.Settings.Update MEDIUM" "wp-scrippets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-cafe 2.2.33 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-cafe 2.2.32 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-cafe 2.2.29 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-cafe 2.2.28 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-cafe 2.2.26 Authenticated.(Contributor+).File.inclusion.via.Shortcode HIGH" "wp-cafe 2.2.26 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Reservation.Form.Shortcode MEDIUM" "wp-cafe 2.2.24 Unauthenticated.Blind.Server-Side.Request.Forgery MEDIUM" "wp-cafe 2.2.23 Missing.Authorization MEDIUM" "walker-core 1.3.6 Reflected.Cross-Site.Scripting MEDIUM" "walker-core 1.1.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpfront-user-role-editor 4.2.2 Cross-Site.Request.Forgery.to.Privilege.Escalation.via.whitelist_options.Function HIGH" "wpfront-user-role-editor 4.1.0 Limited.Information.Exposure MEDIUM" "wpfront-user-role-editor 3.2.1.11184 Reflected.Cross-Site.Scripting MEDIUM" "wc-order-limit-lite 3.0.3 Missing.Authorization MEDIUM" "wc-order-limit-lite 2.0.1 Missing.Authorization MEDIUM" "wallet-system-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wallet-system-for-woocommerce 2.6.3 Cross-Site.Request.Forgery MEDIUM" "wallet-system-for-woocommerce 2.6.3 Missing.Authorization MEDIUM" "wallet-system-for-woocommerce 2.5.14 Information.Exposure.via.Log.Files MEDIUM" "wallet-system-for-woocommerce 2.5.10 Cross-Site.Request.Forgery MEDIUM" "wcc-seo-keyword-research No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wcc-seo-keyword-research No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpdm-premium-packages No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpdm-premium-packages 5.9.7 Authenticated.(Administrator+).SQL.Injection MEDIUM" "wpdm-premium-packages 5.9.4 Reflected.Cross-Site.Scripting.via.add_query_arg MEDIUM" "wpdm-premium-packages 5.9.4 Sell.Digital.Products.Securely.<.5.9.4.-.Contributor+.Stored.Cross-Site.Scripting.via.wpdmpp_pay_link.Shortcode MEDIUM" "wpdm-premium-packages No.known.fix Admin+.SQL.Injection MEDIUM" "wpdm-premium-packages 5.9.2 Cross-Site.Request.Forgery MEDIUM" "wpdm-premium-packages 5.8.3 Reflected.Cross-Site.Scripting MEDIUM" "wpdm-premium-packages 5.7.5 Sell.Digital.Products.Securely.<.5.7.5.-.Subscriber+.Privilege.Escalation HIGH" "wp-awesome-import-export No.known.fix Import.&.Export.WordPress.Data.<=.4.1.1.-.Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.SQL.Execution/Privilege.Escalation HIGH" "wooshark-aliexpress-importer 2.2.5 Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "wooshark-aliexpress-importer 2.2.5 Unauthenticated.Settings.&.Products.Update MEDIUM" "wp-etracker No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpgsi-professional 3.6.0 CSRF.Bypass MEDIUM" "wpgsi-professional 3.6.0 Reflected.Cross-Site.Scripting HIGH" "wp-hijri No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-hijri 1.5.2 Reflected.XSS HIGH" "wp-nerd-toolkit No.known.fix Unauthenticated.Information.Exposure MEDIUM" "wp-strava No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-azure-offload No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-linkedin-auto-publish 8.12 Missing.Authorization MEDIUM" "wp-less 1.9.7 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "woocommerce-payu-paisa No.known.fix Price.Tampering MEDIUM" "wpdirectorykit 1.3.6 Reflected.Cross-Site.Scripting MEDIUM" "wpdirectorykit 1.3.1 Authenticated.(Subscriber+).SQL.Injection HIGH" "wpdirectorykit 1.3.0 Reflected.Cross-Site.Scripting MEDIUM" "wpdirectorykit 1.2.7 Missing.Authorization MEDIUM" "wpdirectorykit 1.2.4 Missing.Authorization.for.Plugin.Settings.Update MEDIUM" "wpdirectorykit 1.2.4 Reflected.Cross-Site.Scripting.via.search.parameter MEDIUM" "wpdirectorykit 1.2.0 Unauthenticated.Local.File.Inclusion HIGH" "wpdirectorykit 1.2.3 Unauthenticated.Arbitrary.Settings.Update MEDIUM" "wpdirectorykit 1.2.2 Cross-Site.Request.Forgery.to.Plugin.Settings.Update MEDIUM" "wpdirectorykit 1.2.0 Cross-Site.Request.Forgery MEDIUM" "wpdirectorykit 1.2.0 Open.Redirect MEDIUM" "wp-clone-by-wp-academy 2.4.7 Unauthenticated.PHP.Object.Injection.via.'recursive_unserialized_replace' HIGH" "wp-clone-by-wp-academy 2.4.6 Missing.Authorization MEDIUM" "wp-clone-by-wp-academy 2.4.4 Subscriber+.Unauthorised.Action.Calls MEDIUM" "wp-clone-by-wp-academy 2.4.3 Unauthenticated.Backup.Download HIGH" "wp-clone-by-wp-academy 2.3.8 Plugin.Installation.via.CSRF MEDIUM" "wp-clone-by-wp-academy 2.3.8 Subscriber+.Plugin.Installation MEDIUM" "wp-custom-post-rss-feed No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-desklite No.known.fix Reflected.XSS HIGH" "wookit No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-data-logger 2.2.1 Missing.Authorization MEDIUM" "wp-customer-reviews 3.7.1 Malicious.Redirect.via.HTTP-EQUIV.Injection LOW" "wp-customer-reviews 3.6.7 Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "wp-customer-reviews 3.6.7 Admin+.Stored.XSS MEDIUM" "wp-customer-reviews 3.5.6 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-customer-reviews 3.4.3 Multiple.Unauthenticated.and.Low.Priv.Authenticated.Stored.XSS CRITICAL" "wp-customer-reviews 3.0.9 CSRF.&.XSS HIGH" "wp-e-commerce-style-email No.known.fix Cross-Site.Request.Forgery.to.Remote.Code.Execution HIGH" "wp-e-commerce-style-email No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wa11y No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wpc-composite-products 7.2.8 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wordpress-countdown-widget 3.1.9.3 Admin+.Stored.XSS LOW" "widget-for-contact-form-7 No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-contest No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-contest No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "woocommerce-basic-ordernumbers No.known.fix Missing.Authorization MEDIUM" "wp-flybox No.known.fix CSRF MEDIUM" "wp-shapes No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "wp-meta-and-date-remover 2.3.1 Cross-Site.Request.Forgery.via.updateSettings MEDIUM" "wp-meta-and-date-remover 2.2.0 Subscriber+.Stored.XSS HIGH" "wp-meta-and-date-remover 1.9.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-mobile-detector 3.6 Unauthenticated.Arbitrary.File.Upload CRITICAL" "webtoffee-gdpr-cookie-consent 2.6.1 Bulk.Delete.via.CSRF MEDIUM" "webtoffee-gdpr-cookie-consent 2.6.1 Unauthenticated.Stored.XSS HIGH" "woo-category-slider-by-pluginever 4.3.5 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wr-age-verification No.known.fix Unauthenticated.SQL.Injection HIGH" "wr-age-verification No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "wr-age-verification 2.0.0 Reflected.Cross-Site.Scripting.(XSS) HIGH" "wesecur-security No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "widgets-controller No.known.fix Unauthenticated.Cross-Site.Scripting MEDIUM" "wp-registration 6.0 Missing.Authorization.to.User.Deletion CRITICAL" "wp-registration No.known.fix Unauthenticated.Account.Takeover CRITICAL" "woocommerce-inventory-management No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-users-masquerade No.known.fix Authentication.Bypass HIGH" "wbcom-designs-buddypress-ads 1.3.1 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "wps-telegram-chat No.known.fix Authenticated.(Subscriber+).Unauthorized.Access.to.Telegram.Bot.API MEDIUM" "wps-telegram-chat No.known.fix Missing.Authorization.to.Information.Exposure MEDIUM" "widget-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-facebook-group No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-facebook-group No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-meetup No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "woocommerce-ajax-filters 1.6.8.2 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-ajax-filters 1.5.4.7 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "wp-gallery-metabox No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-remote-users-sync 1.2.13 Subscriber+.SSRF HIGH" "wp-remote-users-sync 1.2.12 Subscriber+.Log.Access MEDIUM" "web2application No.known.fix Reflected.Cross-Site.Scripting HIGH" "wp-gdpr-core No.known.fix Multiple.Unauthenticated.Issues HIGH" "wpsso 18.18.2 Missing.Authorization MEDIUM" "wp-all-import 3.7.3 Admin+.Arbitrary.File.Upload.to.RCE MEDIUM" "wp-all-import 3.6.9 Admin+.Directory.traversal.via.file.upload MEDIUM" "wp-all-import 3.6.9 Admin+.Arbitrary.File.Upload.to.RCE MEDIUM" "wp-all-import 3.6.8 Admin+.Arbitrary.File.Upload MEDIUM" "wp-all-import 3.6.8 Admin+.Arbitrary.Code.Execution MEDIUM" "wp-all-import 3.6.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-all-import 3.6.3 Admin+.Stored.Cross-Site.Scripting LOW" "wp-all-import 3.4.7 Cross-Site.Scripting.(XSS) MEDIUM" "wp-all-import 3.4.6 Cross-Site.Scripting.(XSS) MEDIUM" "wp-all-import 3.4.6 Cross-Site.Scripting.(XSS) MEDIUM" "wp-all-import 3.2.5 Multiple.Vulnerabilities CRITICAL" "wp-all-import 3.2.4 RCE HIGH" "wp-responsive-menu 3.1.7.1 Subscriber+.Settings.Update.to.Stored.XSS HIGH" "woowgallery 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "woowgallery 1.1.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-extended-search 2.1.2 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wpbits-addons-for-elementor 1.6 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "wpbits-addons-for-elementor 1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpbits-addons-for-elementor 1.6 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "wpbits-addons-for-elementor 1.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "wpbits-addons-for-elementor 1.5 Contributor+.Stored.XSS MEDIUM" "wpbits-addons-for-elementor 1.3.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-crm-system 3.4.3 Missing.Authorization MEDIUM" "wp-crm-system No.known.fix Authenticated.(Administrator+).PHP.Object.Injection HIGH" "wp-crm-system 3.4.0 Unauthenticated.Duplicate.Contact.Settings.Update MEDIUM" "wp-crm-system 3.2.9.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "woo-easy-duplicate-product 0.3.0.8 Missing.Authorization.via.wedp_duplicate_product_action MEDIUM" "woo-easy-duplicate-product 0.3.0.1 Reflected.XSS HIGH" "wp-query-creator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-hr-gdpr No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-hr-gdpr 0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-product-finder 1.4.2 Reflected.Cross-Site.Scripting MEDIUM" "woo-badge-designer-lite 1.1.1 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wp-image-mask 3.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-weixin-robot No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-edit-username 1.0.6 Admin+.Stored.XSS LOW" "wp-edit-username 1.0.6 Admin+.Stored.XSS LOW" "wp-travel-engine 6.5.2 Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Deletion HIGH" "wp-travel-engine 6.5.2 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-travel-engine 6.3.6 Unauthenticated.Local.File.Inclusion CRITICAL" "wp-travel-engine 6.3.6 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-travel-engine 6.2.2 Missing.Authorization.to.Authenticated.(Contributor+).Plugin.Settings.Update MEDIUM" "wp-travel-engine 5.9.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-travel-engine 5.8.1 Unauthenticated.Price.Manipulation MEDIUM" "wp-travel-engine 5.8.0 Authenticated.(Administrator+).SQL.Injection CRITICAL" "wp-travel-engine 5.8.0 Unauthenticated.SQL.Injection CRITICAL" "wp-travel-engine 5.7.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-travel-engine 5.3.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-travel-engine 5.3.1 Editor+.Stored.Cross-Site.Scripting LOW" "wp-contact-slider 2.4.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-contact-slider 2.4.8 Admin+.Stored.Cross-Site.Scripting LOW" "wp-contact-slider 2.4.7 Editor+.Stored.Cross-Site.Scripting LOW" "wp-contact-slider 2.4.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "widget-logic No.known.fix Contributor+.Remote.Code.Execution HIGH" "widget-logic 5.10.3 CSRF.and.Lack.of.Authorisation HIGH" "widget-logic 5.10.2 CSRF.to.RCE HIGH" "wp-quicklatex 3.8.8 Admin+.Stored.XSS LOW" "wp-quicklatex 3.8.7 Admin+.Stored.XSS.in.Background.Color.field LOW" "wp-htpasswd No.known.fix Admin+.Stored.XSS LOW" "wp-news-magazine 1.2.0 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "wp-ulike No.known.fix Missing.Authorization.to.Unauthenticated.Content.Spoofing MEDIUM" "wp-ulike 4.7.7 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-ulike 4.7.6 Admin+.Stored.XSS LOW" "wp-ulike 4.7.5 Admin+.Stored.XSS.via.Widgets LOW" "wp-ulike 4.7.5 Cross-Site.Request.Forgery.to.Statistic.Deletion MEDIUM" "wp-ulike 4.7.4 Admin+.Stored.XSS LOW" "wp-ulike 4.7.2.1 Subscriber+.Stored-XSS HIGH" "wp-ulike 4.7.1 Admin+.Stored.XSS LOW" "wp-ulike 4.7.0 Authenticated.(Contributor+).SQL.Injection.via.Shortcodes HIGH" "wp-ulike 4.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-ulike 2.7.0 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wp-ulike 4.6.9 Contributor+.Stored.Cross.Site.Scripting.via.Shortcode MEDIUM" "wp-ulike 4.6.5 Unauthenticated.Rating.Tampering.via.Race.Condition LOW" "wcs-qr-code-generator No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-support-ticket-system 17.9 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Deletion.and.Information.Exposure MEDIUM" "woocommerce-support-ticket-system 17.8 Unauthenticated.Arbitrary.File.Upload CRITICAL" "woocommerce-support-ticket-system 17.8 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "woocommerce-support-ticket-system 17.8 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "wc-ja-ja-pagamentos-multicaixa-express No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-aparat 2.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-foft-loader 2.1.29 Reflected.Cross-Site.Scripting MEDIUM" "wp-foft-loader 2.1.21 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpzon No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-online-users-stats No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting.via.hk_dataset_results.Function MEDIUM" "wp-online-users-stats No.known.fix Authenticated.(Editor+).SQL.Injection.via.table_name.Parameter MEDIUM" "wp-online-users-stats No.known.fix Unauthenticated.SQL.Injection HIGH" "wp-olivecart No.known.fix Admin+.Stored.XSS LOW" "website-testimonials 6.1.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-letsencrypt-ssl 7.1.0 Sensitive.Information.Exposure.via.insufficiently.protected.files HIGH" "wp-letsencrypt-ssl 6.3.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-letsencrypt-ssl 5.7.10 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "widgetize-pages-light No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "widgetize-pages-light No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "widgetize-pages-light No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "workreap 3.3.3 Authenticated.(Subscriber+).Arbitrary.File.Upload.via.'workreap_temp_upload_to_media' HIGH" "workreap 3.3.2 Authentication.Bypass.via.'workreap_verify_user_account' HIGH" "workreap 3.2.6 Unauthenticated.Privilege.Escalation CRITICAL" "wp-auto-affiliate-links 6.4.7 Admin+.SQL.Injection MEDIUM" "wp-auto-affiliate-links 6.4.4 Authenticated.(Editor+).SQL.Injection CRITICAL" "wp-auto-affiliate-links 6.4.3.1 Missing.Authorization.via.aalAddLink MEDIUM" "wp-auto-affiliate-links 6.4.2.8 Cross-Site.Request.Forgery MEDIUM" "wp-auto-affiliate-links 6.4.2.6 Cross-Site.Request.Forgery MEDIUM" "wp-auto-affiliate-links 6.4.2.5 Settings.Update.to.Stored.XSS.via.CSRF HIGH" "wp-auto-affiliate-links 6.3.0.3 Settings.Update.via.CSRF MEDIUM" "wp-compare-tables No.known.fix Cross-Site.Request.Forgery MEDIUM" "wordpress-form-manager 1.7.3 Authenticated.Remote.Command.Execution.(RCE) CRITICAL" "wc-qr-codes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-club-manager 2.2.12 Missing.Authorization MEDIUM" "wp-club-manager 2.2.12 Authenticated.(Player+).Stored.Cross-Site.Scripting MEDIUM" "wp-club-manager 2.2.11 Missing.Authorization.to.Unauthenticated.Event.Permalink.Update MEDIUM" "woocommerce-checkout-field-editor 1.7.5 Checkout.Fields.Update.via.CSRF MEDIUM" "woocommerce-checkout-field-editor 1.7.5 Cross-Site.Request.Forgery.to.Checkout.Fields.Update MEDIUM" "woocommerce-checkout-field-editor 1.7.5 Cross-Site.Request.Forgery MEDIUM" "wc4bp-groups 1.1.1 Reflected.Cross-Site.Scripting MEDIUM" "w-dalil No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "w2s-migrate-woo-to-shopify 1.3.0 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Read MEDIUM" "wp-worthy 1.7.0-0cde1c2 Cross-Site.Request.Forgery MEDIUM" "woocommerce-pay-per-post 3.1.11 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-pay-per-post 3.0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wc-j-upsellator 2.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-notes-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-cfm 1.7.9 Cross-Site.Request.Forgery.via.multiple.AJAX.functions MEDIUM" "woocommerce-pos 1.7.9 Missing.Authorization MEDIUM" "woocommerce-pos 1.4.12 Insufficient.Verification.of.Data.Authenticity.to.Authenticated.(Customer+).Information.Disclosure MEDIUM" "woocommerce-loyal-customer No.known.fix Missing.Authorization MEDIUM" "wp-tiles No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-tiles No.known.fix Subscriber+.Draft/Private.Post.Title.Disclosure MEDIUM" "wp-tiles No.known.fix Contributor+.Stored.XSS HIGH" "woodiscuz-woocommerce-comments No.known.fix Cross-Site.Request.Forgery MEDIUM" "woodiscuz-woocommerce-comments No.known.fix Admin+.Stored.XSS LOW" "wp-image-compression No.known.fix Cross-Site.Request.Forgery MEDIUM" "wc-frontend-manager 6.7.13 Insecure.Direct.Object.Reference.to.Account.Takeover/Privilege.Escalation HIGH" "wc-frontend-manager 6.7.9 Authenticated.(Shop.manager+).Stored.Cross-Site.Scripting MEDIUM" "wc-frontend-manager 6.6.0 Multiple.CSRF MEDIUM" "wc-frontend-manager 6.6.1 Subscriber+.Unauthorised.AJAX.Calls MEDIUM" "wc-frontend-manager 6.5.12 Frontend.Manager.for.WooCommerce.<.6.5.12.-.Customer/Subscriber+.SQL.Injection HIGH" "wpqa 6.1.1 Contributor+.Stored.XSS MEDIUM" "wpqa 6.1.1 Arbitrary.Category.and.Tag.Follow/Unfollow.via.CSRF MEDIUM" "wpqa 5.9.3 Missing.validation.lead.to.functionality.abuse LOW" "wpqa 5.9 Follow/Unfollow.via.CSRF MEDIUM" "wpqa 5.7 Subscriber+.Private.Message.Disclosure.via.IDOR MEDIUM" "wpqa 5.5 Unauthenticated.Private.Message.Disclosure MEDIUM" "wpqa 5.4 Reflected.Cross-Site.Scripting MEDIUM" "wpqa 5.2 Subscriber+.Private.Message.Disclosure.via.IDOR MEDIUM" "wpqa 5.2 Subscriber+.Stored.Cross-Site.Scripting.via.Profile.fields MEDIUM" "wpqa 5.2 Subscriber+.Arbitrary.Profile.Picture.Deletion.via.IDOR MEDIUM" "woocommerce-gateway-certification-de-facture-et-gestion-de-pdf-kiwiz No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "woocommerce-product-addon 33.0.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-product-addon 32.0.21 Unauthenticated.Content.Injection.Vulnerability MEDIUM" "woocommerce-product-addon 32.0.19 Unauthenticated.Arbitrary.File.Upload.via.ppom_upload_file CRITICAL" "woocommerce-product-addon 32.0.7 Reflected.Cross-Site.Scripting HIGH" "woocommerce-product-addon 32.0.6 Admin+.Stored.Cross-Site.Scripting LOW" "woocommerce-product-addon 24.0 Subscriber+.Settings.Update.to.Stored.XSS MEDIUM" "woocommerce-product-addon 18.4 Authenticated.Stored.XSS MEDIUM" "wp-jitsi-shortcodes No.known.fix Admin+.Stored.XSS LOW" "wp-jitsi-shortcodes No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-file-manager 7.2.8 Missing.Authorization MEDIUM" "wp-file-manager 7.2.6 Authenticated.(Administrator+).Directory.Traversal MEDIUM" "wp-file-manager 7.2.5 Cross-Site.Request.Forgery.to.Local.JS.File.Inclusion HIGH" "wp-file-manager 7.2.2 Directory.Traversal CRITICAL" "wp-file-manager 7.2.2 Sensitive.Information.Exposure.via.Backup.Filenames HIGH" "wp-file-manager 7.1 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-file-manager 6.9 Unauthenticated.Arbitrary.File.Upload.leading.to.RCE CRITICAL" "wp-file-manager 6.5 Backup.File.Directory.Listing MEDIUM" "wp-file-manager 5.2 Multiple.Vulnerabilities HIGH" "wp-file-manager 3.1 CSRF.to.Stored.Cross-Site.Scripting MEDIUM" "wp-file-manager 3.0 Authenticated.Reflected.Cross-Site.Scripting.(XSS) CRITICAL" "wp-not-login-hide-wpnlh No.known.fix Admin+.Stored.XSS LOW" "wp-hashtags No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-responsive-slab-text 0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-ticket 5.10.4 Admin+.Stored.Cross-Site.Scripting LOW" "wp-ticket 5.6.0 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wpsite-follow-us-badges No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpsite-follow-us-badges 3.1.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpsite_follow_us_badges.Shortcode MEDIUM" "wp-social-links No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpfavicon No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting LOW" "wp-pdf-generator 1.2.3 Cross-Site.Request.Forgery MEDIUM" "woo-codice-fiscale No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-lightbox-2 3.0.6.8 Unauthenticated.Stored.XSS HIGH" "wp-lightbox-2 3.0.6.7 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "wp-lightbox-2 3.0.6.6 Admin+.Stored.XSS LOW" "wp-chrono No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-all-export 1.4.1 Remote.Code.Execution.via.CSRF CRITICAL" "wp-all-export 1.4.1 Author+.PHAR.Deserialization.via.CSRF HIGH" "wp-all-export 1.4.0 Admin+.RCE MEDIUM" "wp-all-export 1.3.6 Reflected.Cross-Site.Scripting MEDIUM" "wp-all-export 1.3.5 Admin+.SQL.Injection MEDIUM" "wp-all-export 1.3.1 Admin+.Stored.Cross-Site.Scripting LOW" "woo-pdf-invoice-builder 1.2.137 Reflected.Cross-Site.Scripting MEDIUM" "woo-pdf-invoice-builder 1.2.102 Cross-Site.Request.Forgery MEDIUM" "woo-pdf-invoice-builder 1.2.104 Reflected.XSS HIGH" "woo-pdf-invoice-builder 1.2.91 Admin+.Stored.XSS LOW" "woo-pdf-invoice-builder 1.2.92 Subscriber+.Arbitrary.Invoice.Access MEDIUM" "woo-pdf-invoice-builder 1.2.91 Invoice.Fields.Creation.via.CSRF MEDIUM" "woo-pdf-invoice-builder 1.2.90 Subscriber+.SQLi HIGH" "woo-pdf-invoice-builder 1.2.91 Invoice.Update.via.CSRF MEDIUM" "watchtowerhq 3.10.4 Authentication.Bypass.to.Administrator.due.to.Missing.Empty.Value.Check CRITICAL" "watchtowerhq 3.6.16 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "watchtowerhq 3.6.16 Unauthenticated.Arbitrary.File.Access HIGH" "wp-image-uploader No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-image-uploader No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Deletion HIGH" "wp-image-uploader No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "wp-d3 No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-d3 2.4.1 Cross-Site.Request.Forgery.(CSRF) HIGH" "wpadverts 2.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpadverts 2.2.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpadverts 2.2.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wpadverts 2.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpadverts 2.1.8 Reflected.Cross-Site.Scripting MEDIUM" "wpadverts 2.1.7 Unauthenticated.Stored.Cross-Site.Scripting.via.adverts_add.Shortcode HIGH" "wpadverts 2.1.3 Cross-Site.Request.Forgery MEDIUM" "woocommerce-cvr-payment-gateway 6.1.0 Missing.Authorization.to.Authenticated.(Contributor+).CVR.Update MEDIUM" "wp-simple-html-sitemap No.known.fix Missing.Authorization MEDIUM" "wp-simple-html-sitemap 3.2 Authenticated.(Admin+).SQL.Injection CRITICAL" "wp-simple-html-sitemap 2.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-simple-html-sitemap 2.8 Missing.Authorization MEDIUM" "wp-simple-html-sitemap 2.3 Reflected.XSS HIGH" "wp-simple-html-sitemap 2.6 Contributor+.Stored.XSS MEDIUM" "wpdevtool No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-product-gallery-lite 1.1.3 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "woosms-sms-module-for-woocommerce 3.0.3 Missing.Authorization.via.Multiple.AJAX.Actions MEDIUM" "woocommerce-superfaktura 1.40.4 Authenticated.(Subscriber+).Blind.Server-Side.Request.Forgery MEDIUM" "wadi-addons-for-elementor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wdes-responsive-mobile-menu No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "wp-social-buttons No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "wufoo-shortcode 1.52 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-express-checkout 2.3.8 Unauthenticated.Price.Manipulation MEDIUM" "wp-express-checkout 2.2.9 Admin+.Stored.XSS LOW" "website-file-changes-monitor 2.1.0 Admin+.Authenticated.SQL.Injection MEDIUM" "website-file-changes-monitor 2.1.1 Authenticated.SQL.Injection MEDIUM" "website-file-changes-monitor 1.8.3 Admin+.SQLi MEDIUM" "wp-able-player No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-listings-pro No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-copyprotect No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-login-customizer No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-login-box No.known.fix Admin+.Stored.XSS LOW" "wp-event-partners No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-event-partners No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-dialog No.known.fix Authenticated.Stored.Cross-Site.Scripting LOW" "wp-structuring-markup No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "woocommerce-dropshipping No.known.fix Unauthenticated.Arbitrary.Email.Send MEDIUM" "woocommerce-dropshipping 4.4 Unauthenticated.SQLi HIGH" "website-monetization-by-magenet 1.0.29.2 Cross-Site.Request.Forgery MEDIUM" "wpc-smart-messages 4.2.2 Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "wpc-smart-messages 4.2.2 Missing.Authorization.to.Authenticated.(Subscriber+).Message.Activation/Deactivation MEDIUM" "wp-admin-ui-customize 1.5.14 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-admin-ui-customize 1.5.13 Admin+.Stored.XSS LOW" "wp-compress-mainwp No.known.fix Missing.Authorization MEDIUM" "wp-compress-mainwp 6.30.06 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "wbounce No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpstream 4.5.5 Local.Event.Settings.Update.via.CSRF MEDIUM" "wpstream 4.4.10.6 Settings.Update.via.CSRF MEDIUM" "wp-security-hardening 1.2.7 Unauthenticated.Security.Feature.Bypass.to.Username.Enumeration MEDIUM" "wp-security-hardening 1.2.2 Reflected.XSS.via.historyvalue HIGH" "wp-security-hardening 1.2.2 Reflected.XSS.via.URI MEDIUM" "wp-subscribe 1.2.13 Admin+.Stored.Cross-Site.Scripting LOW" "whmpress No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "whmpress No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "whmpress 6.3-revision-1 Unauthenticated.Local.File.Inclusion.to.Arbitrary.Options.Update CRITICAL" "whmpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "whmpress No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "wp-clone-any-post-type No.known.fix Open.Redirect MEDIUM" "wp-clone-any-post-type No.known.fix Missing.Authorization MEDIUM" "wp-cassify 2.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-custom-countdown No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpagecontact No.known.fix Authenticated.(editor+).SQL.Injection HIGH" "wpforms-lite 1.9.5.1 Contributor+.Stored.XSS.via.'start_timestamp'.Parameter MEDIUM" "wpforms-lite 1.9.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.fieldHTML.Parameter MEDIUM" "wpforms-lite 1.9.2.3 Contributor+.Custom.Form.Theme.Creation LOW" "wpforms-lite 1.9.2.2 1.9.2.1.-.Missing.Authorization.to.Authenticated.(Subscriber+).Payment.Refund.and.Subscription.Cancellation HIGH" "wpforms-lite 1.9.2.3 Admin+.Stored.XSS LOW" "wpforms-lite 1.9.2.1 Cross-Site.Request.Forgery.(CSRF).to.Plugin's.Log.Deletion MEDIUM" "wpforms-lite 1.9.1.6 Admin+.Stored.XSS LOW" "wpforms-lite 1.8.8.2 Unauthenticated.Price.Manipulation MEDIUM" "wpforms-lite 1.8.1.3 Reflected.XSS MEDIUM" "wpforms-lite 1.7.5.5 Admin+.Arbitrary.File.Access MEDIUM" "wpforms-lite 1.6.0.2 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wpforms-lite 1.5.9 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "wpforms-lite 1.4.8.1 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "wpforms-lite 1.4.8 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wpvivid-backup-mainwp 0.9.34 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wpvivid-backup-mainwp 0.9.33 Reflected.Cross-Site.Scripting MEDIUM" "wp-best-quiz No.known.fix Author+.Stored.XSS MEDIUM" "wp-hr-manager 3.2.0 Reflected.XSS HIGH" "wp-hr-manager 3.0.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-hr-manager 3.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-tools-divi-blog-carousel 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-tools-divi-blog-carousel 1.3.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-product-feed-manager 2.9.0 Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.Feed.Actions MEDIUM" "wp-product-feed-manager 2.6.0 Authenticated.(Admin+).SQL.Injection.to.Reflected.Cross-Site.Scripting HIGH" "wp-product-feed-manager 2.3.0 Authenticated.(Shop.manager+).Stored.Cross-Site.Scripting MEDIUM" "wp-sms 6.9.4 Missing.Authorization MEDIUM" "wp-sms 6.5.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-sms 6.6.3 Cross-Site.Request.Forgery MEDIUM" "wp-sms 6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-sms 6.5.3 Reflected.Cross-Site.Scripting.via.'page' MEDIUM" "wp-sms 6.5.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wp-sms 6.5.1 Cross-Site.Request.Forgery.to.Subscriber.Deletion MEDIUM" "wp-sms 6.5.1 Contributor+.SQLi.to.Reflected.XSS HIGH" "wp-sms 6.2.0 User.Unsubscribe.via.CSRF MEDIUM" "wp-sms 6.1.5 Reflected.XSS HIGH" "wp-sms 6.0.4.1 Information.Disclosure.via.REST.API MEDIUM" "wp-sms 5.4.13 Authenticated.Stored.Cross-Site.Scripting LOW" "wp-sms 5.4.9.1 Reflected.Cross-Site.Scripting.(XSS) HIGH" "wpc-admin-columns 2.1.1 2.1.0.-.Authenticated.(Subscriber+).Privilege.Escalation.via.User.Meta.Update HIGH" "wp-subscription-forms 1.2.4 Missing.Authorization MEDIUM" "wp-subscription-forms 1.2.5 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-subscription-forms 1.2.4 Authenticated.(Contributor+).SQL.Injection MEDIUM" "woo-bought-together 7.2.0 Missing.Authorization MEDIUM" "woo-bought-together 7.0.4 Missing.Authorization MEDIUM" "wp-ical-availability No.known.fix Missing.Authorization MEDIUM" "wp-ical-availability No.known.fix Settings.Update.via.CSRF MEDIUM" "woo-pdf-invoices-bulk-download No.known.fix Reflected.Cross-Site.Scripting.via.PHPRelativePath.Library HIGH" "woo-tranzila-gateway No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "wp-xintaoke No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-smushit 3.17.1 Admin+.Directory.Traversal LOW" "wp-smushit 3.16.5 Subscriber+.Resmush.List.Deletion MEDIUM" "wp-smushit 3.9.9 Admin+.Reflected.Cross-Site.Scripting LOW" "wp-smushit 3.0.0 Authenticated.Phar.Deserialization MEDIUM" "wp-smushit 2.7.6 File.Transversal HIGH" "wp-ban-user No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "wp-limit-login-attempts No.known.fix IP.Spoofing MEDIUM" "wha-crossword No.known.fix Contributor+.Stored.XSS MEDIUM" "wha-crossword No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wp-special-textboxes 6.2.5 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "wp-special-textboxes 5.9.110 Admin+.Stored.Cross-Site.Scripting LOW" "wp-bing-search 2.6.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-bing-search 2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wiseagentleadform 3.0 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-google-dynamic-retargeting-tag 1.7.17 Reflected.Cross-Site.Scripting MEDIUM" "wpsyncsheets-woocommerce 1.9 Missing.Authorization MEDIUM" "wordpress-filter No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-popup-banners No.known.fix Subscriber+.SQLi HIGH" "wp-popup-banners No.known.fix Subscriber+.SQLi HIGH" "wp-popup-banners 1.2.4 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "word-count-analysis No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wplike2get No.known.fix Unauthenticated.Information.Exposure MEDIUM" "widget-settings-importexport No.known.fix Authenticated.Stored.XSS HIGH" "wp-url-shortener No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-sitemap No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "woo-paylate 1.5 Reflected.Cross-Site.Scripting MEDIUM" "woo-paylate 1.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wysija-newsletters 2.8.2 Spam.Vulnerability MEDIUM" "woo-product-carousel-slider-and-grid-ultimate 1.10.1 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "woo-product-carousel-slider-and-grid-ultimate 1.10.0 Authenticated.(Contributor+).Local.File.Inclusion.via.'theme' HIGH" "woo-product-carousel-slider-and-grid-ultimate 1.10.0 Contributor+.Local.File.Inclusion HIGH" "woo-product-carousel-slider-and-grid-ultimate 1.9.8 Authenticated(Contributor+).PHP.Object.Injection HIGH" "wp-video-playlist No.known.fix Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "wp-terms-popup 2.6.1 Admin+.Stored.XSS LOW" "wpbot-pro 13.7.0 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "wpbot-pro No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "wpbot-pro 13.5.6 Missing.Authorization.to.Authenticated.(Subscriber+).Simple.Text.Response.Creation MEDIUM" "wpbot-pro 13.5.6 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-multisite-content-copier 2.0.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-rss-aggregator 4.23.13 Missing.Authorization MEDIUM" "wp-rss-aggregator 4.23.12 Missing.Authorization.to.Authenticated.(Subscriber+).Feed.State.Update MEDIUM" "wp-rss-aggregator 4.23.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-rss-aggregator 4.23.6 Authenticated.(Admin+).Server-Side.Request.Forgery.via.RSS.Feed.Source LOW" "wp-rss-aggregator 4.23.5 Admin+.Stored.XSS MEDIUM" "wp-rss-aggregator 4.20 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-rss-aggregator 4.19.3 Subscriber+.Stored.Cross-Site.Scripting HIGH" "wp-rss-aggregator 4.19.2 Admin+.Stored.Cross-Site.Scripting LOW" "wpadcenter 2.5.9 Contributor+.Stored.XSS MEDIUM" "wpadcenter 2.5.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpadcenter_ad.Shortcode MEDIUM" "wpadcenter 2.5.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.ad_alignment.Attribute MEDIUM" "wp-songbook No.known.fix Reflected.Cross-Site.Scripting HIGH" "wp-vr-view No.known.fix Outdated.VRView.Library.Used,.Leading.to.Reflected.XSS HIGH" "woocommerce-cloak-affiliate-links 1.0.36 Cross-Site.Request.Forgery MEDIUM" "woocommerce-cloak-affiliate-links 1.0.34 Missing.Authorization.to.Unauthenticated.Permalink.Modification HIGH" "wp-postratings 1.91.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-postratings 1.90 Ratings.Tempering.via.Race.Condition MEDIUM" "wp-postratings 1.86.1 Admin+.Stored.Cross-Site.Scripting LOW" "wp-postratings 1.62 Authenticated.SQL.Injection CRITICAL" "wp-emember 10.6.6 Authenticated.(Admin+).Arbitrary.File.Upload MEDIUM" "webflow-pages 1.1.0 Missing.Authorization MEDIUM" "wp-reroute-email 1.4.8 Improper.Neutralization.of.Special.Elements.used.in.an.SQL.Command.('SQL.Injection') MEDIUM" "wp-reroute-email 1.4.8 Cross-Site.Request.Forgery HIGH" "wp-plugin-manager 1.1.8 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "wp-sponsors No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-sponsors No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-w3all-phpbb-integration No.known.fix Stored.XSS.via.CSRF HIGH" "wp-w3all-phpbb-integration 2.9.9 Cross-Site.Request.Forgery MEDIUM" "wp-file-checker No.known.fix Authenticated.(Admin+).Arbitrary.File.Deletion MEDIUM" "wc-quantity-plus-minus-button 1.2.0 Quantity.Plus.Minus.Button.for.WooCommerce.by.CodeAstrology.<.1,2,0.Settings.Update.via.CSRF MEDIUM" "wp-slimstat 5.2.7 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-slimstat 5.1.4 Subscriber+.Stored.XSS HIGH" "wp-slimstat 5.0.10 Contributor+.SQL.Injection MEDIUM" "wp-slimstat 5.0.9 Admin+.Stored.XSS LOW" "wp-slimstat 5.0.10 Contributor+.Stored.XSS MEDIUM" "wp-slimstat 5.0.5 Admin+.SQLi MEDIUM" "wp-slimstat 5.0.5 Reflected.XSS HIGH" "wp-slimstat 4.9.4 Subscriber+.SQL.Injection HIGH" "wp-slimstat 4.9.3.3 Subscriber+.SQL.Injection HIGH" "wp-slimstat 4.9.3 Unauthenticated.Stored.XSS HIGH" "wp-slimstat 4.8.4 CSRF.to.Stored.XSS.and.Setting.Updates MEDIUM" "wp-slimstat 4.8.1 Unauthenticated.Stored.XSS.from.Visitors MEDIUM" "wp-content-filter 3.1.0 Admin+.Stored.Cross.Site.Scripting LOW" "woo-checkout-field-editor-pro 2.0.4 Reflected.Cross-Site.Scripting.via.render_review_request_notice MEDIUM" "woo-checkout-field-editor-pro 1.8.0 Admin+.PHP.Object.Injection MEDIUM" "weebotlite No.known.fix Admin+.Stored.XSS LOW" "wp-basic-elements 5.3.0 Settings.Update.via.CSRF MEDIUM" "wp-ispconfig3 No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-counter-up 3.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-counter-up 2.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wootrello 3.2.6 Reflected.Cross-Site.Scripting MEDIUM" "wootrello 2.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-hubspot-woocommerce 1.0.5 Reflected.Cross-Site.Scripting HIGH" "wp-user-extra-fields 16.7 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "wp-user-extra-fields 16.7 Missing.Authorization.to.Authenticated.(Subscriber+).Privilege.Escalation HIGH" "wp-user-extra-fields 16.6 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-event-manager No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "wp-event-manager No.known.fix Missing.Authorization MEDIUM" "wp-event-manager 3.1.44 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'events'.Shortcode MEDIUM" "wp-event-manager 3.1.42 Reflected.Cross-Site.Scripting.via.plugin MEDIUM" "wp-event-manager 3.1.42 Editor+.Stored.XSS LOW" "wp-event-manager 3.1.43 Reflected.XSS HIGH" "wp-event-manager 3.1.38 Admin+.Stored.XSS MEDIUM" "wp-event-manager 3.1.28 Reflected.Cross-Site.Scripting MEDIUM" "wp-event-manager 3.1.23 Admin+.Stored.Cross-Site.Scripting LOW" "which-template-file 5.1.0 Reflected.XSS HIGH" "which-template-file 4.9 Arbitrary.Settings.Update.via.CSRF MEDIUM" "wpdiscuz 7.6.25 Authentication.Bypass CRITICAL" "wpdiscuz 7.6.22 Unauthenticated.HTML.Injection MEDIUM" "wpdiscuz 7.6.19 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpdiscuz 7.6.16 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Uploaded.Image.Alternative.Text MEDIUM" "wpdiscuz 7.6.13 Admin+.Stored.XSS LOW" "wpdiscuz 7.6.12 Cross-Site.Request.Forgery MEDIUM" "wpdiscuz 7.6.12 Unauthenticated.Stored.XSS HIGH" "wpdiscuz 7.6.11 Unauthenticated.Content.Injection MEDIUM" "wpdiscuz 7.6.4 Author+.IDOR LOW" "wpdiscuz 7.6.11 Insufficient.Authorization.to.Comment.Submission.on.Deleted.Posts MEDIUM" "wpdiscuz 7.6.12 Missing.Authorization.in.AJAX.Actions MEDIUM" "wpdiscuz 7.6.6 Unauthenticated.SQL.Injection HIGH" "wpdiscuz 7.6.6 Unauthenticated.SQL.Injection HIGH" "wpdiscuz 7.6.4 Post.Rating.Increase/Decrease.iva.IDOR MEDIUM" "wpdiscuz 7.6.4 Unauthenticated.Data.Modification.via.IDOR MEDIUM" "wpdiscuz 7.5 wpDiscuz.7.4.2.-.Subscriber+.IDOR MEDIUM" "wpdiscuz 7.3.12 Sensitive.Information.Disclosure LOW" "wpdiscuz 7.3.4 Arbitrary.Comment.Addition/Edition/Deletion.via.CSRF MEDIUM" "wpdiscuz 7.3.2 wpDiscuz.<.7.3.2.-.Admin+.Stored.Cross-Site.Scripting LOW" "wpdiscuz 7.0.5 wpDiscuz.7.0.0.-.7.0.4.-.Unauthenticated.Arbitrary.File.Upload CRITICAL" "wpdiscuz 5.3.6 Unauthenticated.SQL.Injection CRITICAL" "wp-fancybox 1.0.2 Authenticated.Stored.Cross-Site.Scripting LOW" "wooswipe 3.0.0 Subscriber+.Settings.Update MEDIUM" "woocommerce-html5-video No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-video-posts No.known.fix Cross-Site.Request.Forgery.to.Remote.Code.Execution HIGH" "wp-video-posts No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wizhi-multi-filters No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-log-action 0.52 Reflected.XSS HIGH" "wp-polls 2.77.3 Unauthenticated.SQL.Injection.to.Stored.Cross-Site.Scripting MEDIUM" "wp-polls 2.76.0 IP.Validation.Bypass MEDIUM" "wp-polls 2.77.0 Subscriber+.Race.Condition MEDIUM" "wp-polls 2.73.1 Authenticated.Reflected.Cross-Site.Scripting.(XSS) CRITICAL" "wp-polls 2.72 SQL.Injection CRITICAL" "wp-simple-galleries No.known.fix Contributor+.PHP.Object.Injection HIGH" "wp-quick-shop 1.3.2 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-paypal-payments 2.0.5 Merchant.ID.Details.Update.via.CSRF MEDIUM" "wp-featured-entries No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "wp-e-commerce No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Creation MEDIUM" "wp-e-commerce No.known.fix Unauthenticated.SQL.Injection CRITICAL" "woo-mailerlite 2.0.9 Cross-Site.Request.Forgery.via.Multiple.AJAX.Functions MEDIUM" "woo-mailerlite 2.0.9 Missing.Authorization.via.Multiple.Functions MEDIUM" "wp-site-protector No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-parsidate 5.1.2 Reflected.Cross-Site.Scripting.via.add_query_arg.Parameter MEDIUM" "wp-parsidate 4.0.2 Reflected.Cross-Site.Scripting MEDIUM" "wp-pagebuilder No.known.fix Admin+.Stored.Cross-Site LOW" "wp-pagebuilder 1.2.7 Author+.Stored.XSS MEDIUM" "wp-pagebuilder 1.2.4 Insecure.default.configuration.Allows.Subscribers.Editing.Access.to.Posts MEDIUM" "wp-pagebuilder 1.2.4 Multiple.Stored.Cross-Site.scripting.(XSS) MEDIUM" "wordpress-country-selector 1.6.6 Reflected.Cross-Site.Scripting MEDIUM" "wp-popups-lite 2.2.0.2 Unauthenticated.Full.Path.Disclosure MEDIUM" "wp-popups-lite 2.1.5.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-popups-lite 2.1.5.1 Contributor+.Stored.XSS MEDIUM" "wp-popups-lite 2.1.4.9 Contributor+.Stored.XSS MEDIUM" "wp-popups-lite 2.1.4.8 Contributor+.Stored.XSS MEDIUM" "wp-ultra-simple-paypal-shopping-cart 4.5 Cross-Site.Request.Forgery.(CSRF) HIGH" "workbox-video-from-vimeo-youtube-plugin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-smart-editor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-product-category-discount 4.13 Missing.Authorization.via.wpcd_save_discount() MEDIUM" "wp-pipes 1.4.3 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "wp-pipes No.known.fix Authenticated.(Administrator+).Server-Side.Request.Forgery MEDIUM" "wp-pipes 1.4.2 Reflected.Cross-Site.Scripting.via.x1.Parameter MEDIUM" "wp-pipes 1.4.1 CSRF MEDIUM" "wp-pipes 1.4.0 Admin+.SQLi MEDIUM" "websimon-tables No.known.fix Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wpgform No.known.fix Admin+.Stored.XSS LOW" "wpgform 0.94 Eval.Injection HIGH" "wpjournal No.known.fix Missing.Authorization MEDIUM" "wechat-subscribers-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-remote-site-search 1.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-google-places-review-slider 16.1 Cross-Site.Request.Forgery.to.SQL.Injection MEDIUM" "wp-google-places-review-slider 15.6 Admin+.Stored.XSS LOW" "wp-google-places-review-slider 13.6 Admin+.Stored.XSS LOW" "wp-google-places-review-slider 12.6 Reflected.Cross-Site.Scripting MEDIUM" "wp-google-places-review-slider 11.8 Subscriber+.SQLi HIGH" "wp-google-places-review-slider 11.6 Admin+.Stored.XSS LOW" "web-disrupt-funnelmentals No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "web-disrupt-funnelmentals No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "web-disrupt-funnelmentals No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "wowhead-tooltips No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-spell-check No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-spell-check 9.18 Cross-Site.Request.Forgery MEDIUM" "wp-spell-check 9.13 Admin+.Stored.Cross-Site.Scripting LOW" "wp-spell-check 9.13 Ignored.Word.Deletion.via.CSRF MEDIUM" "wp-spell-check 9.3 Reflected.Cross-Site.Scripting HIGH" "wp-spell-check 7.1.10 Cross-Site.Request.Forgery.(CSRF) HIGH" "wp-cards No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpgetapi 2.25.1 Authenticated.(Administrator+).Server-Side.Request.Forgery MEDIUM" "wpgetapi 2.2.2 2.2.1.-.Authenticated.(Subscriber+).Arbitrary.Options.Update MEDIUM" "woocommerce-brands 1.6.50 Cross-Site.Request.Forgery MEDIUM" "woocommerce-brands 1.6.46 Contributor+.Stored.XSS MEDIUM" "woo-dynamic-pricing-discounts-lite No.known.fix Cross-Site.Request.Forgery MEDIUM" "woocommerce-maintenance-mode No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-menu-extension No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-attachments 5.1 Reflected.Cross-Site.Scripting.via.attachment_id.Parameter MEDIUM" "wp-attachments 5.0.12 Arbitrary.Settings.Update.via.CSRF MEDIUM" "wp-attachments 5.0.6 Admin+.Stored.XSS LOW" "wp-attachments 5.0.5 Admin+.Stored.Cross-Site.Scripting LOW" "wp-expand-tabs-free No.known.fix Admin+.PHP.Object.Injection MEDIUM" "wp-expand-tabs-free 2.2.7 Admin+.Stored.XSS LOW" "wp-expand-tabs-free 2.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-expand-tabs-free 2.1.17 Contributor+.Stored.XSS MEDIUM" "wp-expand-tabs-free 2.1.15 Multiple.CSRF MEDIUM" "wip-woocarousel-lite 1.1.8 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wip-woocarousel-lite 1.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-notification-bell 1.3.13 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-address-book 1.6.0 CSRF HIGH" "wp-custom-author-url 1.0.5 Admin+.Stored.XSS LOW" "woo-shipping-dpd-baltic 1.2.84 Reflected.Cross-Site.Scripting HIGH" "woo-shipping-dpd-baltic 1.2.57 DPD.baltic.<.1.2.57.-.Subscriber+.Arbitrary.Options.Deletion HIGH" "woo-shipping-dpd-baltic 1.2.11 DPD.baltic.<.1.2.11.-.Admin+.Stored.XSS MEDIUM" "woo-customers-manager 1.1.14 Reflected.Cross-Site.Scripting MEDIUM" "woo-customers-manager 1.1.13 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpp-customization No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "woo-variation-swatches 1.0.62 Reflected.XSS MEDIUM" "wpmozo-addons-lite-for-elementor 1.1.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wpmozo-addons-lite-for-elementor 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-google-fonts 3.1.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-recaptcha-bp No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-maximum-upload-file-size 1.1.4 Authenticated.(Author+).Full.Path.Disclosure MEDIUM" "widget-or-sidebar-per-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-download-codes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "widget-google-reviews 3.2 Contributor+.Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "widget-google-reviews 2.2.4 Subscriber+.SQLi HIGH" "widget-google-reviews 2.2.3 Subscriber+.Widget.Creation MEDIUM" "whats-new-genarator No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-box-office 1.2.3 Missing.Authorization MEDIUM" "woocommerce-box-office 1.1.51 Contributor+.Stored.XSS MEDIUM" "woocommerce-box-office 1.1.52 Unauthenticated.Ticket.Barcode.Update MEDIUM" "windows-live-writer No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wppizza 3.19.5 Reflected.Cross-Site.Scripting MEDIUM" "wppizza 3.18.14 Reflected.Cross-Site.Scripting MEDIUM" "wppizza 3.18.11 Missing.Authorization MEDIUM" "wppizza 3.18.3 Reflected.XSS HIGH" "wppizza 3.17.2 Reflected.XSS HIGH" "wp-inimat No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp2android-turn-wp-site-into-android-app No.known.fix Unauthenticated.File.Upload CRITICAL" "weblizar-pinterest-feeds 1.1.2 Authenticated.XSS.&.CSRF HIGH" "wc-multivendor-membership 2.11.0 Unauthenticated.Arbitrary.Password.Update.via.IDOR CRITICAL" "wc-multivendor-membership 2.10.1 Unauthenticated.AJAX.Calls HIGH" "wc-multivendor-membership 2.10.1 Unauthenticated.Privilege.Escalation CRITICAL" "wc-multivendor-membership 2.10.0 Multiple.CSRF MEDIUM" "wp-embed-facebook No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-embed-facebook 3.1.2 Contributor+.Stored.XSS.via.shortcode MEDIUM" "wp-awesome-login No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "woo-tuner No.known.fix Missing.Authorization MEDIUM" "wp-autosearch No.known.fix Unauthenticated.SQLi HIGH" "wp-crm No.known.fix CSV.Injection LOW" "woocommerce-subscriptions 5.8.0 Missing.Authorization MEDIUM" "woocommerce-subscriptions 4.6.0 Cross-Site.Request.Forgery MEDIUM" "woocommerce-subscriptions 4.6.0 Subscription.Suspension/Activation.via.CSRF MEDIUM" "woocommerce-subscriptions 2.6.3 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "woocommerce-subscriptions 3.0.3 CSRF.to.Cancel/Re-Activate.Subscription LOW" "wp-clean-up No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wp-performance-score-booster 2.1 Settings.Change.via.CSRF MEDIUM" "wppedia No.known.fix Authenticated.(Administrator+).PHP.Object.Injection HIGH" "woocommerce-pre-orders 2.0.3 Arbitrary.Pre-Order.Canceling.via.CSRF MEDIUM" "woocommerce-pre-orders 2.0.3 Unauthorised.Actions.via.CSRF MEDIUM" "woocommerce-pre-orders 2.0.2 Reflected.XSS HIGH" "woocommerce-pre-orders 2.0.1 Contributor+.Stored.XSS MEDIUM" "woocommerce-pre-orders 2.0.0 Reflected.XSS HIGH" "wpzoom-elementor-addons 1.1.39 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Team.Members.Widget MEDIUM" "wpzoom-elementor-addons 1.1.38 Unauthenticated.Local.File.Inclusion CRITICAL" "wpzoom-elementor-addons 1.1.37 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Box.Widget MEDIUM" "wpzoom-elementor-addons 1.1.36 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "widgetkit-for-elementor 2.5.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "widgetkit-for-elementor No.known.fix Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Elementor.Templates MEDIUM" "widgetkit-for-elementor 2.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "widgetkit-for-elementor 2.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "widgetkit-for-elementor 2.5.5 Missing.Authorization.to.Notice.Dismissal NONE" "widgetkit-for-elementor No.known.fix Contributor+.Stored.XSS MEDIUM" "widgetkit-for-elementor 2.4.4 WidgetKit.<.2.4.4.-.Admin+.Stored.XSS LOW" "widgetkit-for-elementor 2.3.10 WidgetKit.<.2.3.10.-.Contributor+.Stored.XSS MEDIUM" "wp-image-slideshow 12.1 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "woocommerce-payments 6.7.0 Unauthenticated.Order.Deletion.via.IDOR LOW" "woocommerce-payments 5.9.1 Shop.Manager+.SQLi MEDIUM" "woocommerce-payments 6.5.0 Contributor+.Cross-Site.Scripting MEDIUM" "woocommerce-payments 4.9.0 Subscription.Suspension/Activation.via.CSRF MEDIUM" "woocommerce-payments 4.5.1 Intent.Parameter.Tampering HIGH" "woocommerce-payments 5.6.2 Unauthenticated.Privilege.Escalation CRITICAL" "webp-svg-support No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "wonderplugin-video-embed 2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wonderplugin-video-embed 1.8 Contributor+.Stored.XSS MEDIUM" "weluka-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woo-viet 1.5.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-roadmap 1.0.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wpcasa-mail-alert 3.3.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-login-and-logout-redirect 2.0 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wpcasa 1.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpcasa 1.3.0 Insecure.Direct.Object.Reference MEDIUM" "wc-zelle 3.1.1 Reflected.Cross-Site.Scripting MEDIUM" "wc-zelle 2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-oscommerce-sync No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "woo-variation-gallery 1.1.29 Authenticated.Stored.XSS MEDIUM" "wp-code-highlightjs No.known.fix Undisclosed.Cross-Site.Scripting.(XSS) MEDIUM" "wp-code-highlightjs 0.6.3 CSRF.to.Stored.XSS MEDIUM" "wc-tabs No.known.fix Authentiated.(Shop.Manager+).PHP.Object.Injection.in.product_has_custom_tabs HIGH" "wp-perfect-plugin 1.8.6 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-ecommerce-shop-styling No.known.fix Unauthenticated.Dompdf.Local.File.Inclusion.(LFI) HIGH" "wpcodefactory-helper 1.7.1 .Reflected.Cross-Site.Scripting MEDIUM" "wpcodefactory-helper 1.5.3 Reflected.Cross-Site.Scripting HIGH" "wp-notcaptcha No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wrc-pricing-tables 2.3.8 Missing.Authorization MEDIUM" "wrc-pricing-tables 2.3.9 Admin+.Stored.XSS LOW" "woo-thank-you-page-customizer 1.1.3 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "woo-thank-you-page-customizer 1.1.3 Missing.Authorization.to.Authenticated.(Subscriber+).Data.Export MEDIUM" "woo-thank-you-page-customizer 1.0.14 CSRF MEDIUM" "wp-sentry No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "wordpress-gallery-plugin No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-inventory-manager 2.3.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-inventory-manager 2.1.0.14 Inventory.Items.Deletion.via.CSRF MEDIUM" "wp-inventory-manager 2.1.0.13 Reflected.Cross-Site.Scripting HIGH" "wp-inventory-manager 2.1.0.12 Reflected.XSS HIGH" "woo-advance-search No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-advance-search No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-advance-search 1.1 Multiple.XSS MEDIUM" "wp-calendar No.known.fix Contributor+.Stored.XSS MEDIUM" "woocommerce-all-currencies No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-mail-options No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-store-locator-extenders 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-store-locator-extenders 1.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-forecast 9.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-forecast 7.6 Admin+.Stored.Cross-Site.Scripting LOW" "woo-custom-checkout-fields No.known.fix Reflected.Cross-Site.Scripting HIGH" "wp-bannerize-pro 1.9.1 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "wp-bannerize-pro 1.7.0 Reflected.XSS HIGH" "widget-options 4.1.1 Contributor+.Remote.Code.Execution HIGH" "widget-options 4.0.9 Missing.Authorization.to.Notice.Dismissal MEDIUM" "widget-options 4.0.8 Missing.Authorization MEDIUM" "widget-options 4.0.8 Contributor+.Remote.Code.Execution CRITICAL" "widget-options 4.0.2 Extended.<=.5.1.0.&..Widget.Options.<=.4.0.1.-.Authenticated.(Subscriber+).Information.Disclosure MEDIUM" "writersblok-ai 1.3.20 Reflected.Cross-Site.Scripting MEDIUM" "wezido-elementor-addon-based-on-easy-digital-downloads No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-helper-lite 4.6.2 Missing.Authorization.in.whp_smtp_send_mail_test MEDIUM" "wp-helper-lite 4.6.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-helper-lite 4.5.2 Cross-Site.Request.Forgery.via.whp_fields MEDIUM" "wp-helper-lite 4.3 Reflected.Cross-Site.Scripting HIGH" "wp-db-backup 2.5.2 Arbitrary.Schedule.Settings.Update.via.CSRF MEDIUM" "wp-db-backup 2.5.1 Admin+.SQL.Injection MEDIUM" "wp-db-backup 2.4 Authenticated.Persistent.Cross-Site.Scripting.(XSS) MEDIUM" "wp-db-backup 2.3.0 Backup.Filename.Brute.Forcing HIGH" "wp-youtube-live 1.8.3 Admin+.Stored.Cross.Site.Scripting LOW" "wp-youtube-live 1.7.22 Authenticated.Reflected.Cross-Site.Scripting MEDIUM" "wp-custom-google-search No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-instance-rename No.known.fix Arbitrary.File.Download MEDIUM" "wupo-group-attributes 2.3.3 Reflected.Cross-Site.Scripting MEDIUM" "wupo-group-attributes 2.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-simpleweather No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-useronline 2.88.3 Unauthenticated.Stored.XSS HIGH" "wp-useronline 2.88.1 Admin+.Stored.Cross-Site.Scripting LOW" "wp-useronline 2.88.0 Admin+.Stored.Cross-Site.Scripting LOW" "wappointment 2.6.1 Admin+.SSRF MEDIUM" "wappointment 2.2.5 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wordpress-admin-bar-improved No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "woo-quick-view 1.1.3 Unauthenticated.Information.Disclosure MEDIUM" "wp-payment-form 4.2.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-payment-form 4.2.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-quiz No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpc-smart-linked-products 1.3.6 Contributor+.Privilege.Escalation HIGH" "wp-disable 1.5.17 Reflected.Cross-Site.Scripting MEDIUM" "wp-svg-images 4.3 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG MEDIUM" "wp-svg-images 3.4 Authenticated.(author+).Stored.XSS.via.SVG MEDIUM" "woo-availability-date No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "widgets-for-aliexpress-reviews 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "woocommerce-hss-extension-for-streaming-video No.known.fix Reflected.Cross-Site.Scripting.via.videolink.Parameter MEDIUM" "wp-pocket-urls 1.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-pocket-urls 1.0.3 Reflected.Cross-Site.Scripting HIGH" "wp-youtube-lyte 1.7.16 Authenticated.Stored.XSS MEDIUM" "wp-sticky-side-buttons No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-social-widget 2.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-social-widget 2.2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-social-widget 2.2.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "wp-social-widget 2.2.4 Contributor+.Stored.XSS MEDIUM" "wens-responsive-column-layout-shortcodes No.known.fix Contributor+.Stored.XSS MEDIUM" "woocommerce-mercadopago 7.6.2 7.6.1.-.Authenticated.(Subscriber+).Arbitrary.File.Download MEDIUM" "woocommerce-mercadopago 6.4.0 CSRF MEDIUM" "welcome-email-editor 5.0.7 Cross-Site.Request.Forgery MEDIUM" "welcome-email-editor 5.0.7 Subscriber+.Email.Sending MEDIUM" "woo-save-abandoned-carts 8.2.1 Cross-Site.Request.Forgery MEDIUM" "woorousell 1.1.1 Contributor+.Stored.XSS MEDIUM" "woorousell 1.0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpupper-share-buttons 3.52 Cross-Site.Request.Forgery.to.Custom.CSS.Update MEDIUM" "wpupper-share-buttons 3.50 Missing.Authorization MEDIUM" "wpupper-share-buttons 3.43 Admin+.Stored.XSS LOW" "word-replacer-ultra No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Content.Update MEDIUM" "word-replacer-ultra No.known.fix Missing.Authorization MEDIUM" "wp-lister-for-amazon 2.6.17 Reflected.Cross-Site.Scripting MEDIUM" "wp-lister-for-amazon 2.6.12 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-lister-for-amazon 2.6.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-lister-for-amazon 2.4.4 Reflected.XSS HIGH" "wp-zillow-review-slider 2.4 Admin+.Stored.Cross-Site.Scripting LOW" "wplingo No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Content.Deletion MEDIUM" "wp-migration-duplicator 1.4.9 Missing.Authorization.to.Directory.Traversal MEDIUM" "wp-migration-duplicator 1.4.8 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "wp-migration-duplicator 1.4.5 Subscriber+.Stored.XSS HIGH" "wp-migration-duplicator 1.4.4 Subscriber+.Plugin.Settings.Update MEDIUM" "wp-migration-duplicator 1.4.2 Missing.Authorization.to.Settings.and.Schedule.Modification MEDIUM" "wp-facebook-reviews 12.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-facebook-reviews 13.0 Admin+.Stored.XSS LOW" "wp-facebook-reviews 3.6 Reflected.Cross-Site.Scripting MEDIUM" "wp-facebook-reviews 12.2 Subscriber+.SQLi HIGH" "wp-facebook-reviews 11.0 Admin+.SQL.Injection MEDIUM" "wp-seopress 8.2 Missing.Authorization MEDIUM" "wp-seopress 8.2 Missing.Authorization MEDIUM" "wp-seopress 8.2 Missing.Authorization MEDIUM" "wp-seopress 8.2 Reflected.Cross-Site.Scripting MEDIUM" "wp-seopress 7.9.1 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Social.Image.URL MEDIUM" "wp-seopress 7.9 Unauthenticated.Object.Injection HIGH" "wp-seopress 7.8 Contributor+.Stored.XSS MEDIUM" "wp-seopress 7.8 Contributor+.Open.Redirect LOW" "wp-seopress 7.6 Contributor+.Stored.XSS MEDIUM" "wp-seopress 7.7 Information.Exposure MEDIUM" "wp-seopress 7.6 Author+.Stored.Cross-Site.Scripting MEDIUM" "wp-seopress 7.3 Admin+.Stored.XSS LOW" "wp-seopress 6.5.0.3 Admin+.PHP.Object.Injection MEDIUM" "wp-seopress 5.0.4 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "wordpress-easy-allopass No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-from-email No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-frontend-submit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-nice-loader No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-user-control No.known.fix Unauthenticated.password.reset MEDIUM" "wp-support-plus-responsive-ticket-system 9.1.2 Stored.XSS MEDIUM" "wp-support-plus-responsive-ticket-system 9.0.3 Multiple.Authenticated.SQL.Injection CRITICAL" "wp-support-plus-responsive-ticket-system 8.0.8 Remote.Code.Execution CRITICAL" "wp-support-plus-responsive-ticket-system 8.0.8 Remote.Code.Execution.(RCE) CRITICAL" "wp-support-plus-responsive-ticket-system 8.0.0 Privilege.Escalation CRITICAL" "wp-support-plus-responsive-ticket-system 8.0.0 WP.Support.Plus.Responsive.Ticket.System.<.8,0,0.–.Authenticated.SQL.Injection MEDIUM" "woo-preview-emails 2.2.2 Reflected.Cross-Site.Scripting MEDIUM" "woo-preview-emails 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "wishlist-member-x No.known.fix Unauthenticated.Denial.of.Service MEDIUM" "wishlist-member-x No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "wishlist-member-x No.known.fix Missing.Authorization.to.Stored.Cross-Site.Scripting HIGH" "wishlist-member-x No.known.fix Missing.Authorization.to.Information.Disclosure MEDIUM" "wishlist-member-x No.known.fix Unauthenticated.Arbitrary.SQL.Execution CRITICAL" "wishlist-member-x No.known.fix Unauthenticated.Information.Exposure MEDIUM" "wishlist-member-x No.known.fix Authenticated.(Subscriber+).Remote.Code.Execution CRITICAL" "wishlist-member-x No.known.fix Subscriber+.Privilege.Escalation HIGH" "wp-csv-exporter 1.3.7 CSV.Injection LOW" "wp-csv-exporter 1.3.7 Admin+.SQLi MEDIUM" "wp-business-intelligence 1.6.3 SQL.Injection CRITICAL" "wp-eggdrop No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "wp-eggdrop No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wplistcal No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "wp-triggers-lite No.known.fix Admin+.SQL.Injection MEDIUM" "wp-triggers-lite No.known.fix Reflected.XSS HIGH" "wp-mobile-themes No.known.fix Cross-Site.Request.Forgery MEDIUM" "woocommerce 9.9.4 Shop.manager+.SQLi MEDIUM" "woocommerce 9.7.1 Shop.Manager+.Stored.XSS.via.New.Product.Form MEDIUM" "woocommerce 9.4.3 Unauthenticated.Order.Creation MEDIUM" "woocommerce 9.4.3 Reflected.XSS HIGH" "woocommerce 9.1.0 Unauthenticated.HTML.Injection MEDIUM" "woocommerce 9.2 Contributor+.Stored.XSS MEDIUM" "woocommerce 9.1.4 Stored.XSS LOW" "woocommerce 9.0.0 Shop.Manager+.Content.Injection LOW" "woocommerce 8.9.3 8.9.2.-.Reflected.XSS HIGH" "woocommerce 8.6.0 Cross-Site.Request.Forgery MEDIUM" "woocommerce 8.6 Contributor+.Private/Draft.Products.Access LOW" "woocommerce 8.4.0 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce 8.3.0 Cross-Site.Request.Forgery MEDIUM" "woocommerce 8.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Featured.Image.alt.Attribute MEDIUM" "woocommerce 7.0.1 Authenticated(Shop.Manager+).Sensitive.Information.Exposure MEDIUM" "woocommerce 8.1.1 Shop.Manager+.User.Metadata.Disclosure MEDIUM" "woocommerce 7.9 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "woocommerce 7.9.0 Sensitive.Information.Exposure MEDIUM" "woocommerce 6.6.0 Admin+.Stored.HTML.Injection LOW" "woocommerce 6.3.1 Orders.Marked.as.Paid.(via.PayPal.Standard.Gateway) LOW" "woocommerce 6.2.1 Path.Traversal.via.Importers MEDIUM" "woocommerce 6.2.1 Subscriber+.Arbitrary.Comment.Deletion MEDIUM" "woocommerce 5.7.0 Analytics.Report.Leaks MEDIUM" "woocommerce 5.5.1 Authenticated.Blind.SQL.Injection HIGH" "woocommerce 5.2.0 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "woocommerce 4.7.0 Arbitrary.Order.Status.Disclosure.via.IDOR MEDIUM" "woocommerce 4.6.2 Guest.Account.Creation MEDIUM" "woocommerce 4.2.1 Potential.Cross-Site.Scripting.(XSS).via.SelectWoo MEDIUM" "woocommerce 4.1.0 Unescaped.Metadata.when.Duplicating.Products LOW" "woocommerce 3.6.5 Cross-Site.Request.Forgery.(CSRF).&.File.Type.Check MEDIUM" "woocommerce 3.5.5 Stored.Cross-Site.Scripting.(XSS) HIGH" "woocommerce 3.5.1 Authenticated.Stored.XSS HIGH" "woocommerce 3.4.6 Authenticated.Stored.XSS MEDIUM" "woocommerce 3.4.6 Authenticated.Phar.Deserialization MEDIUM" "web-stories 1.38.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "web-stories 1.32 Author+.Auth.Bypass LOW" "web-stories 1.25.0 Subscriber+.Server.Side.Request.Forgery MEDIUM" "wp-donimedia-carousel No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "woocommerce-multi-currency No.known.fix Missing.Authorization.to.Arbitrary.Shortcode.Execution MEDIUM" "woocommerce-multi-currency 2.3.7 WooCommerce.Multi.Currency.-.Currency.Switcher.<.2.3.7.-.Unauthenticated.SQL.Injection HIGH" "woocommerce-multi-currency 2.1.18 Authenticated.Product.Price.Change MEDIUM" "wp-svg No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "worpit-admin-dashboard-plugin 4.5.0 Unauthenticated.PHP.Object.Injection CRITICAL" "wp-social-feed No.known.fix Reflected.XSS HIGH" "wp-upg No.known.fix Unauthenticated.RCE CRITICAL" "wp-headmaster No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "widgets-for-siteorigin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "widgets-for-siteorigin No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "widgets-for-siteorigin 1.4.3 Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-post-to-pdf-enhanced No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-tarteaucitron-js-self-hosted No.known.fix Running.a.Vulnerable.Dependency MEDIUM" "woo-gutenberg-products-block 11.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Featured.Image.alt.Attribute MEDIUM" "woo-gutenberg-products-block 5.5.1 Unauthenticated.SQL.Injection CRITICAL" "woo-gutenberg-products-block 3.7.1 Guest.Account.Creation MEDIUM" "wp-jquery-datatable No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-jquery-datatable 4.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-jquery-datatable 4.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-cart-for-digital-products 8.5.6 Reflected.XSS.in.Product.Editing HIGH" "wp-cart-for-digital-products 8.5.6 Reflected.XSS.in.Customer.Search HIGH" "wp-cart-for-digital-products 8.5.6 Settings.Reset.via.CSRF MEDIUM" "wp-cart-for-digital-products 8.5.5 Reflected.XSS.via.$_SERVER['REQUEST_URI'] MEDIUM" "wp-cart-for-digital-products 8.5.5 Reflected.XSS.in.Customer.Editing HIGH" "wp-cart-for-digital-products 8.5.5 Reflected.XSS.in.Category.Editing HIGH" "wp-cart-for-digital-products 8.5.5 Reflected.XSS.in.Discount.Editing HIGH" "wp-cart-for-digital-products 8.5.5 Coupon.Deletion.via.CSRF MEDIUM" "ws-bootstrap-vc No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wordpress-seo-premium 11.6 Authenticated.Stored.XSS CRITICAL" "wplr-sync 6.4.1 Missing.Authorization MEDIUM" "wplr-sync 6.3.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "wp-ultimate-post-grid 4.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpupg-grid-with-filters.Shortcode MEDIUM" "wp-ultimate-post-grid 3.9.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpupg-text.Shortcode MEDIUM" "wc-product-author 1.0.8 Cross-Site.Request.Forgery MEDIUM" "wc-product-author 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "wc-product-author 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "webriti-companion 1.9.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-contacts-manager No.known.fix Unauthenticated.SQLi CRITICAL" "wp-maintenance-mode 2.6.9 Subscriber+.Page.design.Update MEDIUM" "wp-maintenance-mode 2.4.5 Subscribed.Users.Deletion.via.CSRF MEDIUM" "wp-maintenance-mode 2.0.7 Subscriber.Information.Disclosure MEDIUM" "wp-maintenance-mode 2.0.7 Authenticated.Multisite.Remote.Code.Execution HIGH" "wp-maintenance-mode 2.0.7 Missing.Settings.Authorization MEDIUM" "wp-conference-schedule 1.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-dev-powers-acf-color-coded-field-types No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-child-theme-generator 1.1.2 Missing.Authorization.to.Unauthenticated.Child.Theme.Creation/Activation MEDIUM" "wp-child-theme-generator 1.1.3 Admin+.Arbitrary.File.Upload MEDIUM" "wp-tools-gravity-forms-divi-module 7.1.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-tools-gravity-forms-divi-module 6.6.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-smart-contracts No.known.fix Unauthenticated.SQL.Injection HIGH" "wp-smart-contracts 1.3.12 Author+.SQLi MEDIUM" "woo-discount-rules 2.6.6 Reflected.Cross-Site.Scripting MEDIUM" "woo-discount-rules 2.4.2 Reflected.Cross-Site.Scripting MEDIUM" "woo-discount-rules 2.2.1 Multiple.Authorization.Bypass HIGH" "woo-discount-rules 2.1.0 Multiple.Vulnerabilities CRITICAL" "wp-profitshare No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-profitshare No.known.fix Authenticated.(Editor+).SQL.Injection MEDIUM" "wp-database-optimizer No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-database-optimizer No.known.fix Cross-Site.Request.Forgery MEDIUM" "wpcrm No.known.fix CRM.for.Contact.form.CF7.&.WooCommerce.<=.3.2.0.-.Unauthenticated.SQL.Injection HIGH" "wp-colorful-tag-cloud No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-affiliate-disclosure 1.2.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.$id MEDIUM" "wp-affiliate-disclosure 1.2.7 Cross-Site.Request.Forgery.via.check_capability MEDIUM" "wp-affiliate-disclosure 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-affiliate-disclosure 1.1.4 Subscriber+.Arbitrary.Option.Update CRITICAL" "wd-google-maps No.known.fix Authenticated.(Administrator+).SQL.Injection CRITICAL" "wd-google-maps 1.0.74 Missing.Authorization.to.Notice.Dismissal MEDIUM" "wd-google-maps 1.0.74 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "wd-google-maps 1.0.73 Unauthenticated.SQLi HIGH" "wd-google-maps 1.0.72 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wd-google-maps 1.0.70 Authenticated.Stored.XSS MEDIUM" "wpcs-wp-custom-search No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-supersized No.known.fix Cross-Site.Request.Forgery MEDIUM" "woocommerce-product-category-selection-widget No.known.fix Reflected.XSS HIGH" "wp-security-questions No.known.fix Cross-Site.Request.Forgery HIGH" "wp-security-questions No.known.fix CSRF.Bypass MEDIUM" "wp-order-by No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-paginate 2.1.9 Admin+.Stored.Cross-Site.Scripting LOW" "wp-paginate 2.1.4 Admin+.Stored.Cross-Site.Scripting LOW" "wp-eis No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "w3speedster-wp No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "w3speedster-wp 7.27 Cross-Site.Request.Forgery MEDIUM" "w3speedster-wp 7.27 Admin+.RCE MEDIUM" "w3speedster-wp 7.20 Settings.Update.via.CSRF MEDIUM" "ws-form 1.10.36 Missing.Authorization.to.Unauthenticated.Sensitive.Information.Exposure MEDIUM" "ws-form 1.10.14 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "ws-form 1.9.245 Reflected.Cross-Site.Scripting.via.URL MEDIUM" "ws-form 1.9.244 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "ws-form 1.9.218 Unauthenticated.CSV.Injection MEDIUM" "ws-form 1.9.171 Authenticated(Administrator+).SQL.Injection MEDIUM" "ws-form 1.8.176 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "ws-form 1.8.176 Admin+.Stored.Cross-Site.Scripting LOW" "wp-fiddle No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-ds-blog-map No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "woocommerce-digital-content-delivery-with-drm-flickrocket No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-base-booking-of-appointments-services-and-events 5.0.0 Reflected.XSS HIGH" "wp-base-booking-of-appointments-services-and-events 5.1.0 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-base-booking-of-appointments-services-and-events 5.0.0 Missing.Authorization.to.Authenticated.(Subscriber+).Sensitive.Information.Exposure.via.app_export_db MEDIUM" "wp-base-booking-of-appointments-services-and-events 4.9.2 Reflected.Cross-Site.Scripting.via.status.Parameter MEDIUM" "wp-datepicker 2.1.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-datepicker 2.1.2 Missing.Authorization MEDIUM" "wp-datepicker 2.1.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-datepicker 2.1.1 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "wc-gallery No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "woo-wallet 1.5.7 Subscriber+.Funds.Creation MEDIUM" "woo-wallet 1.5.5 Authenticated.(Subscriber+).SQL.Injection.via.'search[value]' HIGH" "woo-wallet 1.5.1 Authenticated.(Shop.Manager+).Stored.Cross-Site.Scripting MEDIUM" "woo-wallet 1.4.11 Missing.Authorization.to.Authenticated.(Subscriber+).User.Email.Export MEDIUM" "woo-wallet 1.4.4 For.WooCommerce.<.1.4.4.-.Subscriber+.Arbitrary.Wallet.Lock/Unlock.via.IDOR MEDIUM" "woo-wallet 1.4.0 Settings.Update.via.CSRF MEDIUM" "woo-whatsapp-request-quote No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "wp-login-security-and-history No.known.fix CSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "wp-blog-and-widgets 2.3.1 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-super-minify 1.6 Settings.Update.via.CSRF MEDIUM" "wp01 No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Download MEDIUM" "wp-map-route-planner No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-popup-builder 1.3.6 Unauthenticated.Arbitrary.Shortcode.Execution.via.wp_ajax_nopriv_shortcode_Api_Add HIGH" "wp-popup-builder 1.3.0 Subscriber+.Arbitrary.Popup.Deletion MEDIUM" "wp-popup-builder 1.2.9 Reflected.Cross-Site.Scripting MEDIUM" "woo-bookings-calendar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpmu-prefill-post No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "wemanage-app-worker 1.2.3 Subscriber+.Arbitrary.File.Upload HIGH" "wp-vipergb 1.6.2 Cross-Site.Request.Forgery MEDIUM" "wp-vipergb 1.13.16 XSS MEDIUM" "wp-persistent-login 2.0.15 Reflected.Cross-Site.Scripting MEDIUM" "wp-persistent-login 2.0.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-testimonial-widget No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-testimonial-widget No.known.fix Authenticated.(Admin+).SQL.Injection CRITICAL" "wp-testimonial-widget No.known.fix Missing.Authorization MEDIUM" "wp-staging 3.5.0 Admin+.Arbitrary.File.Upload MEDIUM" "wp-staging 3.5.0 Admin+.SSRF MEDIUM" "wp-staging 3.5.0 Sensitive.Information.Exposure.via.Log.File MEDIUM" "wp-staging 3.4.0 Admin+.Stored.XSS LOW" "wp-staging 3.2.0 Unauthorized.Sensitive.Data.Exposure HIGH" "wp-staging 3.1.3 Unauthenticated.Backup.Download HIGH" "wp-staging 2.9.18 Admin+.Stored.Cross-Site.Scripting LOW" "w4-post-list 2.4.6 Subscriber+.Password.Protected.Post.Content.Disclosure MEDIUM" "w4-post-list 2.4.6 Reflected.XSS HIGH" "w4-post-list 2.4.6 Contributor+.Stored.XSS MEDIUM" "w4-post-list 2.4.5 Contributor+.Stored.XSS MEDIUM" "wp-appbox 4.5.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.appbox.Shortcode MEDIUM" "wp-appbox 4.5.4 Reflected.Cross-Site.Scripting MEDIUM" "wp-appbox 4.4.0 Admin+.Stored.Cross-Site.Scripting LOW" "wp-appbox 4.3.18 Authenticated.Local.File.Inclusion LOW" "wip-custom-login 1.3.0 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wp-survey-and-poll No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "wp-survey-and-poll No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-lister-for-ebay 3.6.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-lister-for-ebay 3.6.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-lister-for-ebay 3.6.0 Authenticated.(Shop.Manager+).Arbitrary.File.Upload HIGH" "wp-lister-for-ebay 3.6.0 Authenticated.(Shop.Manager+).Stored.Cross-Site.Scripting MEDIUM" "wp-lister-for-ebay 3.5.8 Reflected.Cross-Site.Scripting.via.'s' MEDIUM" "wordpress-easy-paypal-payment-or-donation-accept-plugin 5.0 Missing.Authorization MEDIUM" "wordpress-easy-paypal-payment-or-donation-accept-plugin 4.9.10 Contributor+.Stored.XSS MEDIUM" "wp-pexels-free-stock-photos No.known.fix Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "wp-pexels-free-stock-photos No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-pinterest-automatic No.known.fix Missing.Authorization MEDIUM" "wp-pinterest-automatic 4.14.4 Unauthenticated.Arbitrary.Options.Update CRITICAL" "wp-visited-countries-reloaded 3.1.1 Reflected.Cross-Site.Scripting HIGH" "wp-table-pixie 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-s3 1.6 Reflected.XSS HIGH" "wp-categories-widget 2.3 Reflected.XSS HIGH" "woo-razorpay 4.5.7 Transfers.Manipulation.via.CSRF MEDIUM" "woo-razorpay 4.5.7 Subscriber+.Transfers.Manipulation MEDIUM" "wp-post-block No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-super-popup No.known.fix Admin+.Stored.XSS LOW" "wp-advance-comment No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-advance-comment No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-advance-comment No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "wpdatatables 6.3.2 Tables.&.Table.Charts.(Premium).<.6.3.2.-.Unauthenticated.SQL.Injection CRITICAL" "wpdatatables 6.4 Tables.&.Table.Charts.(Premium).<.6.4.-.Missing.Authorization.to.DataTable.Access.&.Modification HIGH" "wpdatatables 3.4.2.14 Unauthenticated.Stored.Cross-Site.Scripting.via.CSV.Import MEDIUM" "wpdatatables 3.4.2.5 Reflected.Cross-Site.Scripting. MEDIUM" "wpdatatables 2.1.66 Admin+.PHP.Object.Injection MEDIUM" "wpdatatables 2.1.50 Contributor+.Stored.XSS MEDIUM" "wpdatatables 2.1.28 Admin+.Stored.Cross-Site.Scripting LOW" "wpdatatables 2.1.28 Admin+.Stored.Cross-Site.Scripting LOW" "wpdatatables 3.4.2 Improper.Access.Control.leading.to.Table.Data.Deletion MEDIUM" "wpdatatables 3.4.2 Blind.SQL.Injection.via.length.Parameter CRITICAL" "wpdatatables 3.4.2 Improper.Access.Control.leading.to.Table.Permission.Takeover HIGH" "wpdatatables 3.4.2 Blind.SQL.Injection.via.start.Parameter CRITICAL" "wpdatatables 3.4.1 Unauthenticated.SQL.Injection CRITICAL" "wpdatatables 2.0.12 Cross-Site.Scripting.(XSS).&.SQL.Injection HIGH" "wpdatatables 1.5.4 Unauthenticated.SQL.Injection CRITICAL" "wpdatatables 1.5.4 Unauthenticated.Shell.Upload CRITICAL" "waitlist-woocommerce 2.7.6 Reflected.Cross-Site.Scripting MEDIUM" "waitlist-woocommerce 2.6.1 Missing.Authorization MEDIUM" "waitlist-woocommerce 2.5.3 Settings.Reset.via.CSRF MEDIUM" "waitlist-woocommerce 2.5.1 Various.Versions.CSRF.to.Arbitrary.Options.Update HIGH" "wp2syslog No.known.fix Admin+.Stored.XSS LOW" "wonder-fontawesome No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-s3-smart-upload 1.5.1 Missing.Authorization MEDIUM" "wp-search-filter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-search-filter No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-postratings-cheater No.known.fix Cross-Site.Request.Forgery MEDIUM" "woopra 1.4.3.2 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-hide-post No.known.fix Arbitrary.Post.Hiding.via.CSRF MEDIUM" "wxsync 2.8.1 Contributor+.Stored.XSS MEDIUM" "wb-custom-product-tabs-for-woocommerce 1.2.5 Authenticated.(Shop.Manager+).PHP.Object.Injection HIGH" "wp-shop-original No.known.fix Unauthenticated.Settings.Update MEDIUM" "wp-custom-fields-search No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpcfs-preset.Shortcode MEDIUM" "wp-custom-fields-search 1.2.35 Admin+.Stored.XSS LOW" "wp-custom-fields-search 1.0 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-social-sharing No.known.fix Admin+.Stored.XSS LOW" "wp-skitter-slideshow No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-product-recommendations 2.3.0 CSRF MEDIUM" "wp-simple-booking-calendar 2.0.14 Missing.Authorization MEDIUM" "wp-simple-booking-calendar 2.0.11 Reflected.Cross-Site.Scripting MEDIUM" "wp-simple-booking-calendar 2.0.8.5 Cross-Site.Request.Forgery MEDIUM" "wp-simple-booking-calendar 2.0.6 Authenticated.SQL.Injection MEDIUM" "woo-wholesale-pricing 1.6.5 Reflected.Cross-Site.Scripting MEDIUM" "woo-wholesale-pricing 1.6.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-church-center No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-upload-restriction 2.2.5 Missing.Access.Control.in.deleteCustomType MEDIUM" "wp-upload-restriction No.known.fix Authenticated.Stored.XSS MEDIUM" "wp-upload-restriction 2.2.5 Missing.Access.Control.in.getSelectedMimeTypesByRole MEDIUM" "wpbookit 1.0.3 Insecure.Direct.Object.Reference.to.Unauthenticated.Privilege.Escalation.via.Email.Update CRITICAL" "wpbookit 1.0.3 Insecure.Direct.Object.Reference.to.Unauthenticated.Privilege.Escalation.via.Account.Takeover CRITICAL" "wpbookit No.known.fix Missing.Authorization MEDIUM" "wpbookit 1.0.2 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wpbookit 1.6.10 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wpbookit 1.6.6 Unauthenticated.Arbitrary.User.Password.Change CRITICAL" "wpbookit No.known.fix Unauthenticated.SQL.Injection HIGH" "woo-order-splitter 5.3.1 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "webcamconsult 1.6.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "webriti-smtp-mail No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "wp-leads-builder-any-crm No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "wp-leads-builder-any-crm 3.1 Authenticated.(Contributor+).SQL.Injection MEDIUM" "wp-ban 1.69.1 Admin+.Stored.XSS LOW" "wp-catalogue No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "wp-line-notify 1.4.5 Reflected.XSS HIGH" "wp-google-analytics-events 2.8.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-gotowebinar 15.8 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-gotowebinar 15.7 Missing.Authorization MEDIUM" "wp-gotowebinar 15.8 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wp-gotowebinar 15.1 Missing.Authorization MEDIUM" "wp-gotowebinar 14.46 Admin+.Stored.XSS LOW" "wp-rss-images No.known.fix Cross-Site.Request.Forgery MEDIUM" "wecantrack No.known.fix Open.Redirect MEDIUM" "woocommerce-pdf-invoices-packing-slips 3.8.7 Missing.Authorization MEDIUM" "woocommerce-pdf-invoices-packing-slips 3.8.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "woocommerce-pdf-invoices-packing-slips 3.8.1 Unauthenticated.Server-Side.Request.Forgery MEDIUM" "woocommerce-pdf-invoices-packing-slips 3.7.6 Shop.Manager+.SQL.Injection HIGH" "woocommerce-pdf-invoices-packing-slips 3.0.1 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-pdf-invoices-packing-slips 2.16.0 Reflected.Cross-Site.Scripting LOW" "woocommerce-pdf-invoices-packing-slips 2.15.0 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-pdf-invoices-packing-slips 2.10.5 Reflected.Cross-Site.Scripting HIGH" "woocommerce-pdf-invoices-packing-slips 2.0.13 XSS MEDIUM" "wp-ecommerce-quickpay No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "widgets-on-pages 1.8.0 Reflected.Cross-Site.Scripting MEDIUM" "widgets-on-pages 1.8.0 Contributor+.Stored.XSS MEDIUM" "widgets-on-pages 1.6.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-armour-extended 1.32 Cross-Site.Request.Forgery MEDIUM" "wp-armour-extended 1.32 Reflected.Cross-Site.Scripting MEDIUM" "wp-asambleas No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "wp-asambleas No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-csv No.known.fix Reflected.XSS.via.CSV.Import MEDIUM" "wp-anything-slider 9.2 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "wp-bootscraper 4.0.0 Unauthenticated.Local.File.Inclusion CRITICAL" "wp-addpub No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "woo-qiwi-payment-gateway No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wooemailreport No.known.fix Reflected.XSS HIGH" "woocommerce-add-to-cart-custom-redirect 1.2.14 Authenticated(Contributor+).Missing.Authorization.to.Limited.Arbitrary.Options.Update HIGH" "wpcs-content-scheduler No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpcs-content-scheduler 1.2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpkoi-templates-for-elementor 3.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpkoi-templates-for-elementor 3.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpkoi-templates-for-elementor 2.5.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Parameters MEDIUM" "wpkoi-templates-for-elementor 2.5.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Advanced.Heading.Widget MEDIUM" "wp-board No.known.fix Unauthenticated.SQL.Injection CRITICAL" "wp-quick-setup No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Plugin/Theme.Installation HIGH" "world-cup-predictor No.known.fix Reflected.Cross-Site.Scripting HIGH" "wechat-broadcast No.known.fix Local/Remote.File.Inclusion CRITICAL" "wpsolr-free 24.0.1 Privilege.Escalation.via.CSRF HIGH" "wp-post-corrector No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "wp-post-corrector No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-awesome-buttons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.btn2.Shortcode MEDIUM" "woocustomizer 2.3.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-responsive-photo-gallery 1.0.16 Authenticated.(Subscriber+).Limited.Server-Side.Request.Forgery MEDIUM" "wp-responsive-photo-gallery 1.0.4 Authenticated.(Admin+).SQL.Injection MEDIUM" "wp-responsive-photo-gallery 1.0.14 Reflected.XSS HIGH" "wp-responsive-photo-gallery 1.0.14 Reflected.Cross-Site.Scripting MEDIUM" "woo-tools 1.2.10 Missing.Authorization.to.Authenticated.(Subscriber+)..Plugin.Module.Deactivation MEDIUM" "wp-player No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woo-moneybird No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-travel-blocks 3.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-travel-blocks 3.6.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-foodbakery No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "wp-foodbakery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-foodbakery No.known.fix Authentication.Bypass CRITICAL" "wp-foodbakery 4.8 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-foodbakery 4.8 Unauthenticated.Privilege.Escalation.in.foodbakery_registration_validation CRITICAL" "wp-foodbakery 2.2 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wppdf No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpeventticketing No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-fpo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-delete-user-accounts 1.2.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-service-payment-form-with-authorizenet No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "wp-service-payment-form-with-authorizenet No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-topbar No.known.fix CSRF MEDIUM" "wp-topbar No.known.fix Admin+.SQLi MEDIUM" "wp-secure-maintainance 1.7 Admin+.Stored.XSS LOW" "wp-githuber-md No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-githuber-md 1.16.3 Authenticated.(Author+).Arbitrary.File.Upload HIGH" "wp-gpx-maps No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sgpx.Shortcode MEDIUM" "wp-gpx-maps 1.7.06 Missing.Authorization MEDIUM" "wp-migrate-2-aws 5.2.2 Reflected.Cross-Site.Scripting MEDIUM" "white-page-publication No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "woocommerce-gateway-gocardless 2.5.7 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "wpforms 1.8.5.4 Unauthenticated.Stored.Cross-Site.Scripting.via.Form.Submission HIGH" "wpforms 1.7.7 CSV.Injection MEDIUM" "widgets-for-thumbtack-reviews 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "wp-coupons-and-deals 3.1.19 Reflected.Cross-Site.Scripting MEDIUM" "wp-coupons-and-deals 3.1.12 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-advanced-product-information 1.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-pro-quiz No.known.fix Arbitrary.Quiz.Deletion.via.CSRF MEDIUM" "wpc-shop-as-customer 1.2.9 Authentication.Bypass.Due.to.Insufficiently.Unique.Key HIGH" "wpc-shop-as-customer 1.2.7 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "wedesin-html-sitemap No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wedesin-html-sitemap No.known.fix Reflected.Cross-Site.Scripting.via.'channel' MEDIUM" "wtyczka-seopilot-dla-wp No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wsify-widget No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "woo-additional-fees-on-checkout-wordpress 1.4.8 Reflected.Cross-Site.Scripting.via.'number' MEDIUM" "wisdm-reports-for-learndash 1.8.2.2 Reports.Free.<.1.8.2.2.-.Missing.Authorization.to.Plugin.Settings.Update MEDIUM" "wp-content-copy-protector 3.6.1 Cross-Site.Request.Forgery MEDIUM" "wp-content-copy-protector 3.5.6 Admin+.Stored.XSS LOW" "wp-content-copy-protector 3.4.5 Settings.Update.via.CSRF MEDIUM" "wp-content-copy-protector 3.1.5 Arbitrary.Plugin.Installation/Activation.via.Low.Privilege.User CRITICAL" "wp-content-copy-protector 3.4 Arbitrary.Plugin.Installation/Activation.via.CSRF CRITICAL" "wp-content-pilot 1.3.4 Authenticated.(Contributor+).Content.Injection MEDIUM" "wp-books-gallery 4.5.4 Reflected.Cross-Site.Scripting MEDIUM" "wp-books-gallery 4.4.9 CSRF MEDIUM" "wp-books-gallery 3.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-post-category-notifications No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-lead-stream No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-lead-stream No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-travel 10.1.4 Author+.SQL.Injection MEDIUM" "wp-travel No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "wp-travel 9.7.0 Missing.Authorization MEDIUM" "wp-travel 9.4.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-travel 7.8.1 Unauthenticated.AJAX.Calls MEDIUM" "wp-travel 4.2.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-travel 4.4.7 CSRF.Nonce.Bypasses MEDIUM" "wp-travel 4.4.7 Cross-Site.Request.Forgery MEDIUM" "wc-planzer-shipping 1.0.26 Reflected.Cross-Site.Scripting.via.processed-ids MEDIUM" "wp-meta-keywords-meta-description No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "wp-responsive-thumbnail-slider 1.0.5 Authenticated.(Admin+).SQL.Injection MEDIUM" "wp-responsive-thumbnail-slider 1.0.1 Cross-Site.Request.Forgery.to.Mass.Slider.Deletion MEDIUM" "wp-responsive-thumbnail-slider 1.1.10 Reflected.XSS HIGH" "wp-responsive-thumbnail-slider 1.0.1 Authenticated.Shell.Upload.&.CSRF HIGH" "wp-responsive-thumbnail-slider 1.0.1 Stored.Cross-Site.Scripting.(XSS).&.CSRF HIGH" "wptelegram-widget 2.1.28 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-repost No.known.fix Admin+.Stored.XSS LOW" "wp-fastest-cache 1.2.7 Admin+.Arbitrary.File.Deletion MEDIUM" "wp-fastest-cache 1.2.2 Unauthenticated.SQL.Injection HIGH" "wp-fastest-cache 1.1.5 Blind.SSRF.via.CSRF LOW" "wp-fastest-cache 1.1.3 Multiple.CSRF LOW" "wp-fastest-cache 0.9.5 CSRF.to.Stored.Cross-Site.Scripting HIGH" "wp-fastest-cache 0.9.5 Subscriber+.SQL.Injection HIGH" "wp-fastest-cache 0.9.1.7 Authenticated.Arbitrary.File.Deletion.via.Path.Traversal LOW" "wp-fastest-cache 0.9.0.3 Cross-Site.Request.Forgery.(CSRF).Arbitrary.File.Deletion CRITICAL" "wp-fastest-cache 0.8.9.6 Directory.Traversal MEDIUM" "wp-fastest-cache 0.8.9.1 Unauthenticated.Arbitrary.File.Deletion HIGH" "wp-fastest-cache 0.8.8.6 CSRF.and.multiple.XSS CRITICAL" "wp-fastest-cache 0.8.7.5 Blind.SQL.Injection HIGH" "wp-rest-user No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-rest-user No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "widget-detector-elementor 1.2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-2fa 2.6.4 Unauthenticated.Information.Exposure.via.Log.File MEDIUM" "wp-2fa 2.6.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-2fa 2.6.0 Arbitrary.Email.Sending.via.CSRF MEDIUM" "wp-2fa 2.6.0 Subscriber+.Arbitrary.Email.Sending MEDIUM" "wp-2fa 2.3.0 Time-Based.Side-Channel.Attack MEDIUM" "wp-2fa 2.2.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-2fa 2.2.0 Arbitrary.2FA.Disabling.via.IDOR MEDIUM" "wp-duplicate-page 1.3 Admin+.Stored.Cross.Site.Scripting LOW" "wp-block-pack No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-fb-autoconnect 4.6.3 Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "wp-fb-autoconnect 4.6.2 Cross-Site.Request.Forgery MEDIUM" "woo-document-preview 1.4.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "webba-booking-lite 5.0.50 Missing.Authorization.to.Authenticated.(Subscriber+).CSS.Settings.Update MEDIUM" "webba-booking-lite 5.0 Cross-Site.Request.Forgery MEDIUM" "webba-booking-lite 4.5.31 Reflected.Cross-Site.Scripting MEDIUM" "webba-booking-lite 4.2.22 Admin+.Stored.Cross-Site.Scripting LOW" "webba-booking-lite 4.2.18 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-products-slider 1.13.51 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-products-slider 1.13.42 Contributor+.Stored.XSS MEDIUM" "woocommerce-products-slider 1.13.22 Reflected.Cross-Site.Scripting.(XSS) HIGH" "wp-listings No.known.fix Missing.Authorization MEDIUM" "wp-listings No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-listings 2.0.2 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "weekly-class-schedule No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-js-impress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpc-grouped-product 4.4.3 Missing.Authorization MEDIUM" "wp-cookie-user-info 1.0.9 Admin+.SQL.Injection MEDIUM" "wp-cookie-user-info 1.0.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "woocommerce-display-products-by-tags No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-security-audit-log-premium 4.6.4.1 Authenticated.(Subscriber+).SQL.Injection HIGH" "woc-open-close No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "woc-open-close 4.9.2 Missing.Authorization MEDIUM" "wp-hide-security-enhancer 2.5.2 Missing.Authorization.to.Unauthenticated.Arbitrary.File.Contents.Deletion HIGH" "wp-hide-security-enhancer 1.8 Reflected.Cross-Site.Scripting MEDIUM" "wp-webauthn 1.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-webauthn 1.3.4 Contributor+.Stored.XSS.via.wwa_login_form.Shortcode MEDIUM" "wp-woo-commerce-sync-for-g-sheet No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpyog-documents No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-custom-admin-interface 7.32 Missing.Authorization.via.wpcai_pro_notice_disable MEDIUM" "wp-custom-admin-interface 7.33 Missing.Authorization.to.Transients.Deletion MEDIUM" "wp-custom-admin-interface 7.29 Admin+.PHP.Object.Injection MEDIUM" "wp-cookies-enabler No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "widgets-reset No.known.fix Settings.Update.via.CSRF MEDIUM" "weather-in-any-city-widget 1.1.41 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpseo-local 15.0 Contributor+.Stored.XSS MEDIUM" "wpseo-local 15.0 Contributor+.Stored.XSS MEDIUM" "wpseo-local 14.9 Reflected.XSS HIGH" "wpseo-local 14.9 CSRF MEDIUM" "woo-binary-mlm No.known.fix Reflected.Cross-Site.Scripting.via.'page' MEDIUM" "woo-binary-mlm No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wptools 5.25 Cross-Site.Request.Forgery MEDIUM" "wptools 5.19 Cross-Site.Request.Forgery.to.Arbitrary.File.Renaming MEDIUM" "wptools 3.43 Subscriber+.Arbitrary.Plugin.Installation HIGH" "wp-mini-program No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "webwinkelkeur 3.25 Cross-Site.Request.Forgery MEDIUM" "woocommerce-product-payments 3.5.9 Missing.Authorization MEDIUM" "woocommerce-product-payments 3.2.8 Reflected.XSS HIGH" "woocommerce-product-payments 3.2.7 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-product-payments 3.1.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "weforms 1.6.24 Use.of.Polyfill.io MEDIUM" "weforms 1.6.21 Missing.Authorization MEDIUM" "weforms 1.6.22 Unauthenticated.Stored.Cross-Site.Scripting.via.Referer HIGH" "weforms 1.6.19 Missing.Authorization.via.export_form_entries MEDIUM" "weforms 1.6.18 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "weforms 1.6.14 Admin+.Stored.Cross-Site.Scripting LOW" "weforms 1.6.4 CSV.Injection MEDIUM" "waiting No.known.fix Subscriber+.Stored.XSS HIGH" "waiting No.known.fix Subscriber+.SQLi HIGH" "waiting No.known.fix Missing.Authorization MEDIUM" "waiting No.known.fix Admin+.Cross-Site.Scripting LOW" "waiting No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-plotly 1.0.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-live-chat-support 8.2.0 Authenticated.Stored.Cross-Site.Scripting LOW" "wp-live-chat-support 8.0.33 Missing.Permission.Checks.on.some.REST.API.Calls CRITICAL" "wp-live-chat-support 8.0.27 Unauthenticated.Stored.XSS MEDIUM" "wp-live-chat-support 8.0.18 Cross-Site.Scripting.(XSS) MEDIUM" "wp-live-chat-support 8.0.08 Cross-Site.Scripting.(XSS) MEDIUM" "wp-live-chat-support 8.0.06 Unauthenticated.Stored.XSS MEDIUM" "wp-live-chat-support 7.1.05 Cross-Site.Scripting.(XSS) MEDIUM" "wp-live-chat-support 1.7.03 XSS MEDIUM" "wp-live-chat-support 7.0.07 Cross-Site.Scripting.(XSS) MEDIUM" "wp-live-chat-support 6.2.04 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-live-chat-support 6.2.02 Stored.Cross-Site.Scripting MEDIUM" "wadi-survey No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wadi-survey No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-products-without-featured-images No.known.fix Cross-Site.Request.Forgery MEDIUM" "woo-ups-pickup No.known.fix Missing.Authorization MEDIUM" "woo-ups-pickup 2.6.6 Reflected.XSS HIGH" "webbricks-addons 1.1.11 Contributor+.Stored.XSS MEDIUM" "web-instant-messenger No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "wedocs 2.1.5 Missing.Authorization MEDIUM" "wpfront-scroll-top 2.0.6.07225 Admin+.Stored.XSS MEDIUM" "wp-system-log No.known.fix Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "wp-header-images 2.0.1 Reflected.Cross-Site.Scripting HIGH" "wc-multishipping 2.3.8 Subscriber+.Arbitrary.Account.Credentials.Test MEDIUM" "wc-multishipping 2.3.6 Missing.Authorization.to.Log.Export MEDIUM" "woo-simple-frontend-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-simple-frontend-manager 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-noexternallinks 4.3 Backdoored MEDIUM" "woo-quick-cart-for-multiple-variations No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-quick-cart-for-multiple-variations No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wc-payment-gateway-per-category No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "webparex No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpview No.known.fix Admin+.Stored.XSS LOW" "woo-stripe-payment 3.3.10 3.3.9.-.Missing.Authorization.Controls.to.Financial.Account.Hijacking MEDIUM" "wp-show-login-form No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wphrm 1.1 Authenticated.SQL.Injection HIGH" "wpbrutalai 2.06 Admin+.Stored.XSS LOW" "wpbrutalai 2.0.1 Admin+.Reflected.XSS HIGH" "wpbrutalai 2.0.0 SQL.Injection.via.CSRF HIGH" "wp-users-media No.known.fix Cross-Site.Request.Forgery.in.wpusme_save_settings MEDIUM" "wp-users-media No.known.fix Missing.Authorization.via.wpusme_save_settings MEDIUM" "web-testimonials No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-krpano No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "who-hit-the-page-hit-counter No.known.fix Authenticated.(Administrator+).SQL.Injection HIGH" "who-hit-the-page-hit-counter No.known.fix CSRF MEDIUM" "who-hit-the-page-hit-counter No.known.fix Hit.Counter.<=.1.4.14.3.-.Reflected.XSS HIGH" "where-i-was-where-i-will-be No.known.fix Unauthenticated.Remote.File.Inclusion CRITICAL" "wp-emoji-one No.known.fix Settings.Update.via.CSRF MEDIUM" "wc-rest-payment No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wc-rest-payment No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-twitter-mega-fan-box No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-data-access 5.5.37 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-data-access 5.5.23 Unauthenticated.SQL.Injection HIGH" "wp-data-access 5.5.9 Cross-Site.Request.Forgery MEDIUM" "wp-data-access 5.3.11 Reflected.Cross-Site.Scripting MEDIUM" "wp-data-access 5.3.8 Subscriber+.Privilege.Escalation HIGH" "wp-data-access 5.1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-data-access 5.0.0 Admin+.SQL.Injection HIGH" "wp-replicate-post 4.1 Contributor+.SQL.Injection MEDIUM" "wc-multivendor-marketplace 3.6.12 Reflected.Cross-Site.Scripting MEDIUM" "wc-multivendor-marketplace 3.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wc-multivendor-marketplace 3.5.0 Multiple.CSRF MEDIUM" "wc-multivendor-marketplace 3.4.12 Subscriber+.Unauthorised.AJAX.Calls HIGH" "wc-multivendor-marketplace 3.4.12 WooCommerce.Multivendor.Marketplace.<.3.4.12.-.Unauthenticated.SQL.Injection HIGH" "woffice-core 5.4.22 Cross-Site.Request.Forgery.to.User.Registration.Approval MEDIUM" "woffice-core 5.4.22 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "woffice-core 5.4.9 Missing.Authorization MEDIUM" "woffice-core 5.4.9 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-myparcel 4.24.2 Reflected.Cross-Site.Scripting MEDIUM" "wp-guppy No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "wp-guppy 1.3 Sensitive.Information.Disclosure HIGH" "wp-gcalendar No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "wsecure No.known.fix Admin+.Stored.XSS LOW" "wsecure 2.4 Remote.Code.Execution.(RCE) HIGH" "wp-fsqm-pro 4.19.1 WordPress.Form.Builder.<.4.19.1.-.Reflected.Cross-Site.Scripting MEDIUM" "wp-fsqm-pro 4.19 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-gpx-map 1.1.23 Arbitrary.File.Upload CRITICAL" "wp-publications No.known.fix Admin+.Stored.XSS LOW" "wp-publications No.known.fix Local.File.Inclusion HIGH" "wooreviews-importer No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "wish-list-for-woocommerce 3.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wish-list-for-woocommerce 3.1.8 Cross-Site.Request.Forgery.to.Cross-Site.Scriping.via.Wishlist.Name MEDIUM" "wish-list-for-woocommerce 3.1.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-mail-bank 3.0.13 Reflected.Cross-Site.Scripting MEDIUM" "wp-with-spritz No.known.fix Unauthenticated.File.Inclusion CRITICAL" "woo-product-slider 2.6.4 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "woo-product-slider 2.5.7 Subscriber+.Arbitrary.Options.Deletion HIGH" "wp-extra 6.5 Cross-Site.Request.Forgery.ToolImport MEDIUM" "wp-extra 6.3 Missing.Authorization.to.Arbitrary.Email.Sending MEDIUM" "wp-extra 6.3 Subscriber+..htaccess.File.Modification HIGH" "wp-extra 6.3 Missing.Authorization.to.Export.Settings MEDIUM" "wp-html-mail 3.4.2 Test.Email.Sending.via.CSRF MEDIUM" "wp-html-mail 3.1.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-html-mail 3.1 Unprotected.REST-API.Endpoint MEDIUM" "wp-html-mail 3.0.8 CSRF.to.XSS MEDIUM" "woosaleskit-bar No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "wemail 1.14.14 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "wemail 1.14.6 Reflected.Cross-Site.Scripting MEDIUM" "wemail 1.14.3 Missing.Authorization.to.Notice.Dismissal MEDIUM" "wp-free-ssl No.known.fix Missing.Authorization MEDIUM" "wp-free-ssl 1.2.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-quote-calculator-order No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "woo-quote-calculator-order No.known.fix Unauthenticated.SQL.Injection HIGH" "wp-photo-effects 1.2.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-photo-effects 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-photo-effects 1.2.3 Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-stripe-donation 3.2.4 Missing.Authorization MEDIUM" "wp-stripe-donation 3.2.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-stripe-donation 3.1.6 AidWP.<.3.1.6.-.CSRF MEDIUM" "wp-stripe-donation 2.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wc-product-customer-list 3.1.5 Reflected.Cross-Site.Scripting MEDIUM" "wc-product-customer-list 3.0.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-smart-import 1.1.4 Unauthenticated.Local.File.Inclusion CRITICAL" "wp-smart-import 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-smart-import 1.1.0 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "wp-smart-import 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-smart-import 1.0.3 Reflected.Cross-Ste.Scripting MEDIUM" "wp-smart-import 1.0.1 Auhenticated.Server-side.Request.Forgery MEDIUM" "winning-portfolio No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-browser-update 4.6 Admin+.Stored.XSS LOW" "wp-browser-update 4.5 Settings.Update.via.CSRF MEDIUM" "woo-direct-checkout-lite No.known.fix Missing.Authorization MEDIUM" "woo-inpost No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.File.Read.and.Delete CRITICAL" "wp-table-reloaded No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-meta-seo 4.5.14 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-meta-seo 4.5.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-meta-seo 4.5.13 Unauthenticated.Password.Protected.Content.Access MEDIUM" "wp-meta-seo 4.5.13 Unauthenticated.Stored.Cross-Site.Scripting.via.Referer.header HIGH" "wp-meta-seo 4.5.5 Author+.PHAR.Deserialization HIGH" "wp-meta-seo 4.5.3 Subscriber+.Improper.Authorization.causing.Arbitrary.Redirect MEDIUM" "wp-meta-seo 4.5.3 Subscriber+.SQLi HIGH" "wp-meta-seo 4.5.4 Subscriber+.Google.Analytics.Settings.Update MEDIUM" "wp-meta-seo 4.5.4 Subscriber+.SiteMap.Settings.Update MEDIUM" "wp-meta-seo 4.4.9 Social.Settings.Update.via.CSRF MEDIUM" "wp-meta-seo 4.4.7 Admin+.Stored.Cross-Site.Scripting.via.breadcrumbs LOW" "wp-insurance 2.1.4 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "wp-staging-pro 6.1.3 Unauthenticated.Information.Exposure.via.getOutdatedPluginsRequest.Function MEDIUM" "wp-staging-pro 5.6.1 Backup.Duplicator.&.Migration.<.5.6.1.-.Cross-Site.Request.Forgery.to.Limited.Local.File.Inclusion HIGH" "wp-staging-pro 5.5.0 Sensitive.Information.Exposure.via.Log.File MEDIUM" "wp-staging-pro 5.4.0 Admin+.Stored.XSS LOW" "wp-staging-pro 5.1.3 Unauthenticated.Backup.Download HIGH" "woo-slider-pro-drag-drop-slider-builder-for-woocommerce No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Content.Deletion MEDIUM" "woo-slider-pro-drag-drop-slider-builder-for-woocommerce No.known.fix Drag.Drop.Slider.Builder.For.WooCommerce.<=.1.12.-.Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Deletion MEDIUM" "wp-hide-that No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-simple-anchors-links No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpanchor.Shortcode MEDIUM" "woocommerce-products-designer No.known.fix CSRF MEDIUM" "wp-shieldon 1.6.4 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "wp-photo-album-plus 8.9.01.001 Unauthenticated.Arbitrary.Shortcode.Execution.via.getshortcodedrenderedfenodelay HIGH" "wp-photo-album-plus 8.8.07.004 Reflected.Cross-Site.Scripting MEDIUM" "wp-photo-album-plus 8.8.02.003 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wp-photo-album-plus 8.8.00.003 Reflected.Cross-Site.Scripting MEDIUM" "wp-photo-album-plus 8.7.00.004 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "wp-photo-album-plus 8.7.01.002 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-photo-album-plus 8.6.03.005 Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "wp-photo-album-plus 8.6.01.003 Insecure.Direct.Object.Reference MEDIUM" "wp-photo-album-plus 8.6.01.005 .Cross-Site.Scripting MEDIUM" "wp-photo-album-plus 8.6.01.005 IP.Spoofing MEDIUM" "wp-photo-album-plus 8.0.10 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wd-instagram-feed 1.4.29 Reflected.Cross-Site.Scripting.(XSS) HIGH" "wd-instagram-feed 1.3.1 XSS MEDIUM" "woocommerce-delivery-date No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "whatshelp-chat-button 1.8.10 Admin+.Stored.XSS LOW" "wp-retina-2x 6.4.6 Sensitive.Information.Exposure MEDIUM" "wp-retina-2x 5.2.3 Cross-Site.Scripting.(XSS) MEDIUM" "wp-dispensary No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woo-pensopay 6.3.2 Reflected.XSS HIGH" "wp-htaccess-control No.known.fix Admin+.Stored.XSS LOW" "wp-page-widget 4.0 Settings.Update.via.CSRF MEDIUM" "wp-news-sliders No.known.fix Missing.Authorization MEDIUM" "wpmm-memory-meter 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-mail-logging 1.11.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-mail-logging 1.10.0 Outdated.Redux.Framework MEDIUM" "wh-cache-and-security No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-min-max-quantity-step-control-single 4.6 Reflected.XSS HIGH" "woocommerce-bulk-order-form 3.6.0 Shop.Manager+.Stored.XSS MEDIUM" "woocommerce-product-addons 6.2.0 Shop.Manager+.PHP.Object.Injection HIGH" "woocommerce-product-addons 6.2.0 Cross-Site.Request.Forgery MEDIUM" "wp-map-block 2.0.3 Contributor+.Stored.XSS.via.Marker MEDIUM" "wp-map-block 1.2.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wordpress-access-control No.known.fix Improper.Access.Control.to.Sensitive.Information.Exposure.via.REST.API MEDIUM" "wp-total-branding 1.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.title.Parameter MEDIUM" "wordpress-twitterbot No.known.fix Settings.Update.to.Stored.XSS.via.CSRF HIGH" "wp-rocket 2.10.4 Local.File.Inclusion.(LFI) HIGH" "woo-authorize-net-gateway-aim 6.0.4 Reflected.Cross-Site.Scripting MEDIUM" "woo-authorize-net-gateway-aim 5.1.27 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-downgrade 1.2.3 Admin+.Stored.Cross-Site.Scripting LOW" "woo-confirmation-email No.known.fix Reflected.XSS HIGH" "woo-confirmation-email No.known.fix Authentication.bypass.via.weak.token.generation HIGH" "woo-confirmation-email 3.4.0 CSRF.leading.to.Option.Update CRITICAL" "wp-admin-logo-changer No.known.fix Plugin's.Settings.Update.via.CSRF MEDIUM" "wp-odoo-form-integrator No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wc-pagaleve 1.6.10 Pagaleve.<.1.6.10.-.Unauthenticated.PHP.Object.Injection CRITICAL" "wpextended 3.0.16 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "wpextended 3.0.15 Reflected.Cross-Site.Scripting MEDIUM" "wpextended 3.0.14 Missing.Authorization.to.Unauthenticated.Post.Order.Manipulation MEDIUM" "wpextended 3.0.13 Unauthenticated.SQL.Injection.via.Login.Attempts.Module HIGH" "wpextended 3.0.12 Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting HIGH" "wpextended 3.0.12 Missing.Authorization.to.Authenticated.(Subscriber+).Remote.Code.Execution HIGH" "wpextended 3.0.10 Reflected.Cross-Site.Scripting MEDIUM" "wpextended 3.0.9 Reflected.Cross-Site.Scripting MEDIUM" "wpextended 3.0.9 Reflected.Cross-Site.Scripting.via.selected_option MEDIUM" "wpextended 3.0.9 Reflected.Cross-Site.Scripting.via.page MEDIUM" "wpextended 3.0.9 Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "wpextended 3.0.9 Missing.Authorization.to.Admin.Username.Change MEDIUM" "wpextended 3.0.9 Directory.Traversal.to.Authenticated.(Subscriber+).Arbitrary.File.Download HIGH" "wpextended 3.0.9 Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "wpextended 3.0.9 Insecure.Direct.Object.Reference MEDIUM" "wpextended 3.0.0 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "wp-my-admin-bar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-my-admin-bar No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-word-count No.known.fix Missing.Authorization.via.calculate_statistics MEDIUM" "wp-word-count 3.2.4 Admin+.Stored.Cross-Site.Scripting LOW" "wp-custom-widget-area No.known.fix Subscriber+.Menus.Creation/Deletion/Update MEDIUM" "wp-custom-widget-area No.known.fix Missing.Authorization MEDIUM" "wpspeed No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-multisite-content-copier-pro 2.1.2 Reflected.Cross-Site.Scripting MEDIUM" "wp-multisite-content-copier-pro 2.1.0 Reflected.Cross-Site.Scripting MEDIUM" "wf-cookie-consent 1.1.4 Authenticated.Persistent.Cross-Site.Scripting.(XSS) MEDIUM" "www-xml-sitemap-generator-org 2.0.4 Reflected.Cross-Site.Scripting MEDIUM" "wordpress-nextgen-galleryview No.known.fix Reflected.XSS HIGH" "wordpress-nextgen-galleryview No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-links-page 4.9.6 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Image.Update MEDIUM" "wp-links-page 4.9.5 Cross-Site.Request.Forgery.via.wplf_ajax_update_screenshots MEDIUM" "wp-links-page 4.9.4 Contributor+.Stored.XSS MEDIUM" "wp-total-hacks No.known.fix Subscriber+.Arbitrary.Options.Update.to.Stored.XSS HIGH" "wp-youtube-video-optimizer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-power-stats No.known.fix CSRF MEDIUM" "wooCommerce-order-proposal 2.0.6 Authenticated.(Shop.Manager+).Privilege.Escalation.via.Order.Proposal HIGH" "wp-whatsapp-chat 6.0.5 Admin+.Stored.Cross-Site.Scripting LOW" "wp-shortcode 1.4.17 CSRF MEDIUM" "wp-less-compiler No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-coming-soon-booster 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "wc-sms 2.8.1.1 Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "wc-sms 2.7 Reflected.Cross-Site.Scripting MEDIUM" "wp-event-aggregator 1.8.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-event-aggregator 1.8.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-event-aggregator 1.7.7 Cross-Site.Request.Forgery.via.wpea_deauthorize_user() MEDIUM" "wpperformancetester No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-gdpr-compliance No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-gdpr-compliance 2.0.23 Subscriber+.Arbitrary.Options.Update HIGH" "wp-gdpr-compliance 2.0.8 Reflected.Cross-Site.Scripting MEDIUM" "wp-gdpr-compliance 1.5.6 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "wp-gdpr-compliance 1.4.3 Unauthenticated.Call.Any.Action.or.Update.Any.Option CRITICAL" "woo-advanced-extra-fees-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-imagezoom No.known.fix Reflected.XSS HIGH" "woocommerce-for-japan 2.6.41 Cross-Site.Request.Forgery MEDIUM" "woocommerce-for-japan 2.6.5 Missing.Authorization MEDIUM" "woocommerce-for-japan 2.5.8 Reflected.XSS MEDIUM" "woocommerce-for-japan 2.5.5 Reflected.XSS HIGH" "woocommerce-customers-manager 31.4 Missing.Authorization.to.Authenticated.(Subscriber+).Privilege.Escalation HIGH" "woocommerce-customers-manager 30.2 Subscriber+.Stored.XSS HIGH" "woocommerce-customers-manager 30.1 Bulk.Action.via.CSRF MEDIUM" "woocommerce-customers-manager 30.1 User.Deletion.via.CSRF LOW" "woocommerce-customers-manager 29.8 Reflected.XSS HIGH" "woocommerce-customers-manager 29.8 Subscriber+.Email.Disclosure MEDIUM" "woocommerce-customers-manager 29.7 Subscriber+.SQL.Injection HIGH" "woocommerce-customers-manager 26.6 Arbitrary.Account.Creation/Update.via.CSRF HIGH" "woocommerce-customers-manager 26.6 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "woocommerce-customers-manager 26.5 Arbitrary.Account.Creation/Update.by.Low.Privilege.Users HIGH" "wpsynchro 1.11.3 Cross-Site.Request.Forgery MEDIUM" "wpsynchro 1.10.0 Settings.Update.via.CSRF MEDIUM" "wp-analytify 6.0.0 Missing.Authorization.to.Authenticated.(Subscriber+).Minor.Settings.Update MEDIUM" "wp-analytify 5.5.1 Missing.Authorization MEDIUM" "wp-analytify 5.5.0 Missing.Authorization MEDIUM" "wp-analytify 5.4.0 Cross-Site.Request.Forgery.to.Opt-out MEDIUM" "wp-analytify 5.2.4 Cross-Site.Request.Forgery MEDIUM" "wp-analytify 5.2.4 Missing.Authorization MEDIUM" "wp-analytify 5.2.4 Missing.Authorization.to.Unauthenticated.Google.Analytics.Tracking.ID.Modification MEDIUM" "wp-analytify 5.2.0 Cross-Site.Request.Forgery MEDIUM" "wp-analytify 5.1.1 Missing.Authorization.to.Opt-In MEDIUM" "wp-analytify 4.2.3 Cache.Deletion.via.CSRF MEDIUM" "wp-analytify 4.2.1 Reflected.Cross-Site.Scripting MEDIUM" "wordpress-activity-o-meter No.known.fix Reflected.XSS HIGH" "wp-reply-notify No.known.fix Settings.Update.via.CSRF MEDIUM" "wux-blog-editor No.known.fix Authentication.Bypass.to.Administrator CRITICAL" "wux-blog-editor No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-plugin-lister No.known.fix Settings.Update.to.Stored.XSS.via.CSRF HIGH" "woorocks-magic-content No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woorocks-magic-content No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "w3-total-cache 2.8.2 Subscriber+.Server-Side.Request.Forgery HIGH" "w3-total-cache 2.8.2 Unauthenticated.Plugin.Deactivation.and.Extensions.Activation/Deactivation MEDIUM" "w3-total-cache 2.8.2 Information.Exposure.via.Log.Files LOW" "w3-total-cache 2.7.6 Sensitive.Credentials.Stored.in.Plaintext LOW" "w3-total-cache 2.1.5 Reflected.XSS.in.Extensions.Page.(JS.Context) HIGH" "w3-total-cache 2.1.4 Reflected.XSS.in.Extensions.Page.(Attribute.Context) CRITICAL" "w3-total-cache 2.1.3 Authenticated.Stored.XSS MEDIUM" "w3-total-cache 0.9.7.4 Cryptographic.Signature.Bypass HIGH" "w3-total-cache 0.9.7.4 Blind.SSRF.and.RCE.via.phar HIGH" "w3-total-cache 0.9.7.4 Cross-Site.Scripting.(XSS) HIGH" "w3-total-cache 0.9.5 Information.Disclosure.Race.Condition CRITICAL" "woo-advanced-product-size-chart 2.4.6 Missing.Authorization MEDIUM" "woo-advanced-product-size-chart 2.4.3.1 Reflected.Cross-Site.Scripting MEDIUM" "woo-advanced-product-size-chart 2.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wordlift No.known.fix Missing.Authorization MEDIUM" "wordlift No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "wordlift 3.37.2 Admin+.Stored.Cross-Site.Scripting LOW" "webappick-pdf-invoice-for-woocommerce 3.7.59 Cross-Site.Request.Forgery.to.Arbitrary.Options.Update HIGH" "wp-debugging 2.11.7 Subscriber+.Arbitrary.Plugin.Activation MEDIUM" "wp-debugging 2.11.7 Arbitrary.Plugin.Installation.from.Dependency.via.CSRF LOW" "wp-debugging 2.11.0 Unauthenticated.Plugin's.Settings.Update MEDIUM" "wp-bannerize No.known.fix 4.0.2.-.Authenticated.SQL.Injection HIGH" "wpdtol-database-table-overview-logs 1.1.0 Reflected.Cross-Site.Scripting MEDIUM" "woo-coupon-usage 6.3.1 Reflected.Cross-Site.Scripting.via.'commission_summary'.Parameter MEDIUM" "woo-coupon-usage 5.16.7.2 Unauthenticated.Arbitrary.Shortcode.Execution.and.Reflected.Cross-Site.Scripting MEDIUM" "woo-coupon-usage 5.12.8 Reflected.Cross-Site.Scripting MEDIUM" "woo-coupon-usage 5.5.1.3 Reflected.Cross-Site.Scripting MEDIUM" "woo-coupon-usage 5.4.4 Unauthenticated.Reflected.XSS HIGH" "woo-coupon-usage 5.4.6 Reflected.XSS HIGH" "woo-coupon-usage 4.16.4.5 Unauthenticated.Stored.XSS HIGH" "woo-coupon-usage 4.16.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-coupon-usage 4.11.3.4 Arbitrary.Referral.Visits.Deletion.via.CSRF MEDIUM" "woo-coupon-usage 4.11.0.2 Reflected.Cross-Site.Scripting HIGH" "wp-basics No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wordpress-signature No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "woo-extra-flat-rate 4.2.0 Reflected.Cross-Site.Scripting MEDIUM" "woo-extra-flat-rate 4.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-academic-people No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-comment-designer-lite 2.0.4 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wp-background-tile No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-affiliate-links No.known.fix Reflected.XSS HIGH" "wp-live-chat-support-pro 8.0.32 File.Upload.Bypass CRITICAL" "wp-live-chat-support-pro 8.0.0.7 Unauthenticated.RCE CRITICAL" "wp-mermaid No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woo-remove-cart-and-query-button No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-remove-cart-and-query-button No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-social-broadcast No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-file-get-contents 2.7.1 Contributor+.SSRF MEDIUM" "wow-moodboard-lite No.known.fix Open.Redirect MEDIUM" "wapppress-builds-android-app-for-website 6.0.5 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wapppress-builds-android-app-for-website 6.0.5 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "wapppress-builds-android-app-for-website 6.0.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-seo-structured-data-schema 2.8.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Plugin.Settings MEDIUM" "wp-client-logo-carousel No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-cloud-server 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "wpglobus-translate-options No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wpglobus-translate-options 2.2.0 Reflected.XSS HIGH" "wp-imageflow2 5.2.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-imageflow2 5.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpshop No.known.fix 2.6.0.-.Authenticated.(Subscriber+).Privilege.Escalation.via.Account.Takeover HIGH" "wpshop No.known.fix 2.6.0.-.Insecure.Direct.Object.Reference.to.Authenticated.(Subscriber+).Arbitrary.User.Key.Generation MEDIUM" "wpshop No.known.fix Arbitrary.File.Upload.via.CSRF HIGH" "wp-pagseguro-payments No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-intro-js-tours No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-image-carousel No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-optin-wheel 1.4.8 Admin+.SSRF MEDIUM" "wp-optin-wheel 1.4.3 Sensitive.Information.Exposure.via.Log.File MEDIUM" "webling No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-course-manager No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wps-hide-login 1.9.16.4 Hidden.Login.Page.Disclosure LOW" "wps-hide-login 1.9.16 Login.Page.Disclosure MEDIUM" "wps-hide-login 1.9.12 Hidden.Login.Page.Location.Disclosure LOW" "wps-hide-login 1.9.1 Protection.Bypass.with.Referer-Header MEDIUM" "wps-hide-login 1.5.5 Secret.Login.Page.Disclosure CRITICAL" "wps-hide-login 1.5.3 Multiples.Issues HIGH" "wp-ultimate-reviews-free No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-post-disclaimer 1.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "webp-express 0.14.8 Authenticated.Stored.XSS MEDIUM" "webp-express 0.14.11 Multiple.Issues HIGH" "white-label-cms 2.7.5 Reflected.Cross-Site.Scripting MEDIUM" "white-label-cms 2.7.4 Missing.Authorization.to.Plugin.Settings.Reset MEDIUM" "white-label-cms 2.5 Admin+.PHP.Object.Injection LOW" "white-label-cms 2.2.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-signals 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-backpack No.known.fix Admin+.Stored.XSS LOW" "wp-custom-taxonomy-image No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "wp-auto-spinner No.known.fix Missing.Authorization MEDIUM" "wc1c-main No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-recall No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-recall No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-recall 16.26.12 Admin+.Stored.XSS LOW" "wp-recall 16.26.12 Unauthenticated.SQL.Injection HIGH" "wp-recall 16.26.12 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Shortcode.Exeuction MEDIUM" "wp-recall 16.26.12 Authenticated.(Contributor+).Protected.Post.Disclosure MEDIUM" "wp-recall 16.26.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-recall 16.26.12 Admin+.SQL.Injection MEDIUM" "wp-recall 16.26.9 Insecure.Direct.Object.Reference.to.Unauthenticated.Arbitrary.Password.Update CRITICAL" "wp-recall 16.26.7 Unauthenticated.Payment.Deletion.via.delete_payment MEDIUM" "wp-recall 16.26.7 Cross-Site.Request.Forgery MEDIUM" "wp-recall 16.26.6 Unauthenticated.SQL.Injection CRITICAL" "wp-recall 16.26.6 Authenticated.(Contributor+).SQL.Injection CRITICAL" "wp-recall 16.26.6 Insecure.Direct.Object.Reference MEDIUM" "wp-recall 16.24.48 Reflected.Cross-Site.Scripting HIGH" "wp-visual-adverts No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ws-contact-form 1.3.8 Admin+.Stored.XSS LOW" "wp-post-columns No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-bugbot No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-bugbot No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-sexylightbox No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "woo-product-slider-and-carousel-with-category 2.8 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wpdbspringclean No.known.fix Reflected.XSS HIGH" "wpg-videos No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-shipping-canada-post 2.8.4 Unauthenticated.Unauthorised.Action MEDIUM" "woocommerce-shipping-canada-post 2.8.4 Cross-Site.Request.Forgery MEDIUM" "woo-product-filter 2.8.0 Unauthenticated.SQL.Injection.via.filtersDataBackend.Parameter HIGH" "woo-product-filter 2.7.1 Authenticated.(Administrator+).SQL.Injection MEDIUM" "woo-product-filter 2.5.1 Subscriber+.Table.Data.Access MEDIUM" "wp-business-intelligence-lite 1.6.3 SQL.Injection CRITICAL" "wp-google-map-gold 5.8.5 Missing.Authorization MEDIUM" "wordpress-meta-robots No.known.fix Authenticated.Blind.SQL.Injection HIGH" "woo-audio-preview 1.4.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "wp-import-export 3.9.16 Unauthenticated.Sensitive.Data.Disclosure HIGH" "wp-easy-booking 2.4.5 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "wp-pricing-table No.known.fix Reflected.XSS HIGH" "wp-structured-data-schema 4.0.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-structured-data-schema 4.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp24-domain-check 1.10.15 Reflected.Cross-Site.Scripting MEDIUM" "wp24-domain-check 1.6.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-glossary No.known.fix Missing.Authorization MEDIUM" "wp-glossary No.known.fix Contributor+.Stored.XSS MEDIUM" "woo-cart-count-shortcode 1.1.0 Contributor+.XSS MEDIUM" "woo-cart-count-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-file-upload 4.25.3 Cross-Site.Request.Forgery.in.wfu_file_details MEDIUM" "wp-file-upload 4.24.14 Unuathenticated.Remote.Code.Execution CRITICAL" "wp-file-upload 4.25.0 Unauthenticated.Remote.Code.Execution,.Arbitrary.File.Read,.and.Arbitrary.File.Deletion CRITICAL" "wp-file-upload 4.24.14 Unauthenticated.Path.Traversal.to.Arbitrary.File.Read.in.wfu_file_downloader.php HIGH" "wp-file-upload 4.25.0 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Path.Traversal MEDIUM" "wp-file-upload 4.24.12 Unauthenticated.Path.Traversal.to.Arbitrary.File.Read.and.Deletion.in.wfu_file_downloader.php CRITICAL" "wp-file-upload 4.24.9 Unauthenticated.Stored.Cross-Site.Scripting.via.SVG.File.Upload HIGH" "wp-file-upload 4.24.8 Missing.Authorization MEDIUM" "wp-file-upload 4.24.8 Unauthenticated.Stored.XSS HIGH" "wp-file-upload 4.24.8 Reflected.XSS HIGH" "wp-file-upload 4.24.8 Authenticated.(Contributor+).Directory.Traversal MEDIUM" "wp-file-upload 4.24.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-file-upload 4.24.1 Cross-Site.Request.Forgery MEDIUM" "wp-file-upload 4.23.3 Author+.Stored.Cross-Site.Scripting LOW" "wp-file-upload 4.19.2 Admin+.Path.Traversal MEDIUM" "wp-file-upload 4.19.2 Admin+.Stored.Cross-Site.Scripting MEDIUM" "wp-file-upload 4.16.3 Contributor+.Path.Traversal.to.RCE CRITICAL" "wp-file-upload 4.16.3 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-file-upload 4.16.3 Contributor+.Stored.Cross-Site.Scripting.via.Malicious.SVG MEDIUM" "wp-file-upload 4.13.0 Directory.Traversal.to.RCE CRITICAL" "wp-file-upload 4.3.4 Cross-Site.Scripting.(XSS) MEDIUM" "wp-file-upload 4.3.3 Security.Issue.in.Shortcodes MEDIUM" "wp-file-upload 3.9.0 Insufficient.File.Extension.Blacklisting HIGH" "wp-file-upload 3.4.1 Unauthenticated.Malicious.File.Upload HIGH" "wp-file-upload 3.0.0 Multiple.Vulnerabilities HIGH" "wp-file-upload 2.7.1 JS.File.Upload HIGH" "wppricing-builder-lite-responsive-pricing-table-builder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpshopgermany-protectedshops 2.1 Admin+.Stored.XSS LOW" "woocommerce-frontend-shop-manager 4.7.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "woocommerce-help-scout 2.9.1 Unauthenticated.Arbitrary.File.Upload.leading.to.RCE CRITICAL" "woocommerce-pdf-vouchers 4.9.9 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-pdf-vouchers 4.9.9 Authentication.Bypass CRITICAL" "woocommerce-pdf-vouchers 4.9.5 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-pdf-vouchers 4.9.5 Missing.Authorization MEDIUM" "woocommerce-pdf-vouchers 4.9.5 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "woocommerce-pdf-vouchers 4.9.4 PDF.Vouchers.<.4.9.4.-.Authentication.Bypass.to.Voucher.Vendor HIGH" "wa-sticky-button 1.4.1 Unauthenticated.Arbitrary.Settings.Update.to.Stored.XSS HIGH" "wpvr 8.5.27 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "wpvr 8.5.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpvr 8.5.6 Missing.Authorization MEDIUM" "wpvr 8.5.5 Missing.Authorization MEDIUM" "wpvr 8.3.15 Unauthenticated.Plugin.Downgrade.leading.to.XSS HIGH" "wpvr 8.3.5 Reflected.XSS HIGH" "wpvr 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "wpvr 8.3.0 Subscriber+.Arbitrary.Tour.Update MEDIUM" "wpvr 8.2.9 Reflected.XSS HIGH" "wpvr 8.2.8 Subscriber+.Settings.Update MEDIUM" "wpvr 8.2.7 Contributor+.Stored.XSS MEDIUM" "wp-reset 2.03 Missing.Authorization.to.License.Key.Modification MEDIUM" "wp-reset 2.0 Sensitive.Information.Exposure.due.to.Insufficient.Randomness MEDIUM" "wp-reset 5.99 Database.Reset.via.CSRF CRITICAL" "wp-reset 5.99 Subscriber+.Database.Reset CRITICAL" "wp-reset 1.90 Authenticated.Stored.XSS MEDIUM" "wp-private-content-plus 3.6.2 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "wp-private-content-plus 3.6.1 Unauthenticated.Protected.Post.Access MEDIUM" "wp-private-content-plus 3.2 Cross-Site.Request.Forgery HIGH" "wp-private-content-plus 3.2 CSRF.Nonce.Bypass HIGH" "wp-private-content-plus 2.0 Unauthenticated.Options.Change HIGH" "wp-time-slots-booking-form 1.2.31 Cross-Site.Request.Forgery MEDIUM" "wp-time-slots-booking-form 1.2.12 Missing.Authorization MEDIUM" "wp-time-slots-booking-form 1.2.11 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-time-slots-booking-form 1.2.07 Unauthenticated.Price.Manipulation MEDIUM" "wp-time-slots-booking-form 1.1.82 Admin+.Stored.XSS LOW" "wp-time-slots-booking-form 1.1.63 Admin+.Stored.Cross-Site.Scripting LOW" "wp-hosting-performance-check No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wordpress-database-reset 3.23 Cross-Site.Request.Forgery.to.WP.Reset.Plugin.Installation MEDIUM" "wordpress-database-reset 3.15 Unauthenticated.Database.Reset CRITICAL" "wordpress-database-reset 3.15 Privilege.Escalation HIGH" "wp-invoice No.known.fix Arbitrary.Settings.Update.via.CSRF HIGH" "wp-invoice No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "wp-invoice 4.1.1 Multiple.Vulnerabilities MEDIUM" "wp-dbmanager 2.80.8 Admin+.Remote.Command.Execution MEDIUM" "wp-dbmanager 2.79.2 Arbitrary.File.Delete HIGH" "wp-posturl No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "wp-category-meta No.known.fix CSRF MEDIUM" "wp-full-stripe-free 7.0.18 Settings.Update.via.CSRF MEDIUM" "wp-full-stripe-free 7.0.6 Admin+.Stored.XSS LOW" "wp-full-stripe-free 7.0.6 Admin+.Stored.Cross-Site.Scripting MEDIUM" "wp-simple-maintenance-mode 1.5.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-dev-powers-element-selector-jquery-powers No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-product-design No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "woo-product-design No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "woo-product-design No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "wc-sales-notification 1.2.3 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "wp-to-hootsuite 1.6.0 Cross-Site.Request.Forgery MEDIUM" "wp-to-hootsuite 1.3.9 Reflected.Cross-Site.Scripting HIGH" "wp-all-import-pro 4.9.8 Cross-Site.Request.Forgery.to.Imported.Content.Deletion MEDIUM" "wp-all-import-pro 4.9.8 Authenticated.(Administrator+).PHP.Object.Injection.via.Import.File HIGH" "wp-all-import-pro 4.9.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "wp-all-import-pro 4.9.4 Authenticated.(Administrator+).Server-Side.Request.Forgery.via.File.Import HIGH" "wp-all-import-pro 4.1.2 Multiple.Vulnerabilities CRITICAL" "wp-all-import-pro 4.1.1 RCE HIGH" "wp-post-modules-el No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "w3s-cf7-zoho No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "w3s-cf7-zoho 2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "w3s-cf7-zoho 2.1.0 Reflected.Cross-Site.Scripting.(XSS) HIGH" "wc-dynamic-pricing-and-discounts 2.4.2 Unauthenticated.Settings.Export MEDIUM" "wc-dynamic-pricing-and-discounts 2.4.2 Unauthenticated.Settings.Import.to.Stored.XSS HIGH" "wpgateway No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "wpsolr-search-engine 8.7 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-lister-ebay 2.0.21 jQueryFileTree.-.Unauthenticated.Path.Traversal MEDIUM" "wphelpful No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-product-review 3.7.6 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "woo-edit-templates No.known.fix Reflected.Cross-Site.Scripting.via.page MEDIUM" "woo-edit-templates 1.1.2 Reflected.XSS HIGH" "wp-simple-sitemap No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "woocommerce-exporter 2.7.5 Reflected.Cross-Site.Scripting HIGH" "woocommerce-exporter 2.7.3 Reflected.Cross-Site.Scripting HIGH" "woocommerce-exporter 2.7.2.1 Store.Exporter.<.2.7.2.1.-.Reflected.XSS HIGH" "woocommerce-exporter 2.7.1 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "woocommerce-exporter 2.4 Store.Exporter.<.2.4.-.CSV.Injection CRITICAL" "woo-billing-with-invoicexpress 3.0.3 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "woo-conditional-product-fees-for-checkout 3.9.3.2 Reflected.Cross-Site.Scripting MEDIUM" "woo-conditional-product-fees-for-checkout 3.8.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-cleanup-and-basic-functions No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "wp-import-export-lite 3.9.28 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "wp-import-export-lite 3.9.27 Authenticated.(Administrator+).PHP.Object.Injection HIGH" "wp-import-export-lite 3.9.16 Unauthenticated.Sensitive.Data.Disclosure HIGH" "wp-import-export-lite 3.9.5 Subscriber+.Extensions.Update MEDIUM" "wp-import-export-lite 3.9.5 Subscriber+.Arbitrary.Blog.Options.Update HIGH" "wp-event-solution 4.0.27 Unauthenticated.Arbitrary.File.Read HIGH" "wp-event-solution 4.0.27 Missing.Authorization.to.Unauthenticated.Privilege.Escalation CRITICAL" "wp-event-solution 4.0.26 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-event-solution 4.0.25 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-event-solution 4.0.25 Missing.Authorization.to.Unauthenticated.Payment.Status.Update MEDIUM" "wp-event-solution 4.0.21 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-event-solution 4.0.9 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-event-solution 4.0.9 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-event-solution 4.0.6 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "wp-event-solution 4.0.5 Missing.Authorization.to.Authenticated.(Contributor+).Event.Data.Import MEDIUM" "wp-event-solution 4.0.0 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "wp-event-solution 3.3.51 Missing.Authorization.to.Unauthenticated.Events.Export MEDIUM" "woo-events 4.1.3 Unauthenticated.Arbitrary.File.Overwrite CRITICAL" "woocommerce-delivery-notes 5.6.0 Cross-Site.Request.Forgery MEDIUM" "woocommerce-delivery-notes 5.5.0 Unauthenticated.Sensitive.Information.Exposure.Through.Unprotected.Directory MEDIUM" "woocommerce-delivery-notes 5.4.1 Missing.Authorization.to.Authenticated.(Subscriber+).Logo.Deletion MEDIUM" "woocommerce-delivery-notes 4.9.0 Missing.Authorization.to.Notice.Dismissal MEDIUM" "woocommerce-delivery-notes 4.7.2 Reflected.XSS HIGH" "wpcf7-redirect 3.0.0 Missing.Authorization MEDIUM" "wpcf7-redirect 2.9.0 Reflected.Cross-Site.Scripting MEDIUM" "wpcf7-redirect 2.6.0 Unauthenticated.Options.Update.to.Stored.XSS HIGH" "wpcf7-redirect 2.5.0 Reflected.Cross-Site.Scripting MEDIUM" "wpcf7-redirect 2.5.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpcf7-redirect 2.3.4 Unauthenticated.Arbitrary.Nonce.Generation MEDIUM" "wpcf7-redirect 2.3.4 Authenticated.PHP.Object.Injection HIGH" "wpcf7-redirect 2.3.4 Unprotected.AJAX.Actions MEDIUM" "wpcf7-redirect 2.3.4 Authenticated.Arbitrary.Plugin.Installation MEDIUM" "wpcf7-redirect 2.3.4 Authenticated.Arbitrary.Post.Deletion MEDIUM" "wp2wb No.known.fix Cross-Site.Request.Forgery MEDIUM" "wsm-downloader No.known.fix Domain.Name.Restriction.Bypass LOW" "wsm-downloader No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "wp-stats-dashboard No.known.fix Authenticated.Blind.SQL.Injection HIGH" "wordpress-multisite-user-sync 2.1.2 Reflected.Cross-Site.Scripting MEDIUM" "wati-chat-and-notification 1.1.5 Stored.XSS.via.CSRF HIGH" "wp-table-editor 1.6.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpc-badge-management 2.4.1 Missing.Authorization MEDIUM" "we-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-customize-login-page No.known.fix Missing.Authorization MEDIUM" "wp-customize-login-page No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "woo-pricing-table 1.1.0 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp2speed No.known.fix Unauthenticated.Information.Exposure MEDIUM" "wp2speed No.known.fix Improper.Authorization.due.to.use.of.Hardcoded.Credentials MEDIUM" "woo-total-sales No.known.fix Missing.Authorization.to.Unauthenticated.Sales.Report.Retrieval MEDIUM" "wp-lijit-wijit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-ptviewer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-order-searching No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-search-keyword-redirect No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wonderm00ns-simple-facebook-open-graph-tags 2.2.4.2 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "wp-graphql 1.14.6 Editor+.SSRF MEDIUM" "wp-graphql 1.3.6 Denial.of.Service HIGH" "wp-graphql 0.3.5 Improper.Access.Control MEDIUM" "wp-graphql 0.3.0 Multiple.Vulnerabilities CRITICAL" "wpstickybar-sticky-bar-sticky-header No.known.fix Unauthenticated.SQLi HIGH" "wpstickybar-sticky-bar-sticky-header No.known.fix Reflected.XSS HIGH" "wp-to-buffer 3.7.5 Reflected.Cross-Site.Scripting HIGH" "woo-custom-and-sequential-order-number No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-user-manager 2.9.12 Missing.Authorization.to.Carbon.Fields.Custom.Sidebar.Addition/Removal MEDIUM" "wp-user-manager 2.9.12 Missing.Authorization.to.Authenticated.(Subscriber+).User.Meta.Key.Enumeration MEDIUM" "wp-user-manager 2.9.11 Cross-Site.Request.Forgery MEDIUM" "wp-user-manager 2.6.3 Arbitrary.User.Password.Reset.to.Account.Compromise HIGH" "wp-action-network No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "wp-action-network 1.4.4 Admin+.SQLi MEDIUM" "wp-action-network 1.4.3 Reflected.Cross-Site.Scripting.via.'search' MEDIUM" "watermark-reloaded No.known.fix Cross-Site.Request.Forgery.via.optionsPage HIGH" "wp-flipkart-importer No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wptouch 4.3.61 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wptouch 4.3.45 Admin+.Arbitrary.File.Upload MEDIUM" "wptouch 4.3.45 Admin+.PHP.Object.Injection MEDIUM" "wptouch 4.3.44 Reflected.Cross-Site.Scripting MEDIUM" "web-stories-enhancer 1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woo-one-click-upsell-funnel 3.4.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wps_wocuf_pro_yes.Shortcode MEDIUM" "wp-baidu-map No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-nested-pages 3.2.13 Contributor+.Stored.XSS MEDIUM" "wp-nested-pages 3.2.10 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-nested-pages 3.2.9 Editor+.Stored.XSS LOW" "wp-nested-pages 3.2.8 Cross-Site.Request.Forgery.to.Local.File.Inclusion HIGH" "wp-nested-pages 3.2.7 Admin+.Stored.XSS LOW" "wp-nested-pages 3.2.4 Editor+.Plugin.Settings.Reset LOW" "wp-nested-pages 3.1.21 Admin+.Stored.Cross.Site.Scripting LOW" "wp-nested-pages 3.1.16 Open.Redirect MEDIUM" "wp-nested-pages 3.1.16 CSRF.to.Arbitrary.Post.Deletion.and.Modification HIGH" "woocommerce-order-barcodes 1.6.5 Cross-Site.Request.Forgery MEDIUM" "wp-modal-popup-with-cookie-integration No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wpoptin No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "wpoptin 2.0.2 Unauthenticated.Local.File.Inclusion HIGH" "wpoptin 1.2.7 Reflected.Cross-Site.Scripting MEDIUM" "wpoptin 1.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wep-demo-import 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "wp-email-capture 3.11 Unauthenticated.Email.Capture.Download MEDIUM" "wp-email-capture 3.10 Email.Captures.Update.via.CSRF MEDIUM" "wp-email-capture 3.10 Admin+.Stored.XSS LOW" "woo-auto-coupons 3.0.15 Reflected.Cross-Site.Scripting MEDIUM" "wise-forms No.known.fix Unauthenticated.Stored.XSS HIGH" "wptobe-signinup No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-survey-plus No.known.fix Subscriber+.AJAX.Calls HIGH" "wp-dynamic-keywords-injector 2.3.22 Reflected.Cross-Site.Scripting MEDIUM" "wp-dynamic-keywords-injector 2.3.16 Settings.Update.via.CSRF MEDIUM" "wt-woocommerce-wishlist 2.1.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wah-forms No.known.fix Missing.Authorization MEDIUM" "woomotiv 3.6.3 Unauthenticated.SQL.Injection HIGH" "woomotiv 3.5.0 Review.Count.Reset.via.CSRF MEDIUM" "woomotiv 3.4.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-media-category-management 2.4.0 2.3.3.-.Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "wp-media-category-management 2.3.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-media-category-management 2.1.3 Reflected.Cross-Site.Scripting MEDIUM" "wpcal 0.9.5.9 Cross-Site.Request.Forgery MEDIUM" "wp-coder 3.6.1 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-coder 3.5.1 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "wp-coder 2.5.6 Reflected.XSS MEDIUM" "wp-coder 2.5.4 Admin+.SQLi MEDIUM" "wp-coder 2.5.3 Code.Deletion.via.CSRF MEDIUM" "wp-coder 2.5.2 RFI.leading.to.RCE.via.CSRF HIGH" "wp-spotlight-search 1.1.2 Cross-Site.Request.Forgery MEDIUM" "wcp-contact-form No.known.fix Reflected.XSS HIGH" "winterlock 1.2.5 Cross-Site.Request.Forgery MEDIUM" "winterlock 1.0.23 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "winterlock 1.0.21 Unauthenticated.Stored.Cross-Site.Scripting CRITICAL" "wp-viewstl No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-simple-post-view 2.0.1 Post.View.Data.Reset.via.CSRF MEDIUM" "wc-bulk-assign-linked-products No.known.fix Missing.Authorization MEDIUM" "wp-remote-thumbnail No.known.fix Contributor+.Arbitrary.File.Upload HIGH" "woo-custom-emails No.known.fix Reflected.XSS HIGH" "woo-custom-emails No.known.fix Reflected.XSS HIGH" "woo-custom-emails No.known.fix Unauthenticated.Email.Settings.Update MEDIUM" "wp-custom-cursors No.known.fix Admin+.Stored.XSS LOW" "wp-custom-cursors 3.2 Admin+.SQLi MEDIUM" "wp-custom-cursors 3.0.1 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "wp-custom-cursors 3.0.1 Arbitrary.Cursor.Deletion.via.CSRF MEDIUM" "wp-custom-cursors 3.2 Admin+.SQLi MEDIUM" "wp-datatable 0.2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "wp-curriculo-vitae No.known.fix Unauthenticated.Arbitrary.File.Upload.to.RCE CRITICAL" "wp-logs-book No.known.fix Log.Clearing.via.CSRF MEDIUM" "wp-logs-book No.known.fix Disable.Logging.via.CSRF MEDIUM" "wp-logs-book No.known.fix Unauthenticated.Stored.XSS HIGH" "wp-whatsapp 3.6.9 Missing.Authorization.to.Authenticated.(Subscriber+).Filebird.Plugin.Installation MEDIUM" "wp-whatsapp 3.6.5 Admin+.Stored.XSS LOW" "wp-whatsapp 3.6.4 Admin+.Stored.XSS LOW" "wp-whatsapp 3.6.3 Contributor+.Stored.XSS MEDIUM" "wp-whatsapp 3.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Block.Attributes MEDIUM" "wp-whatsapp 3.4.5 Admin+.Stored.XSS LOW" "wp-user-avatar 4.15.20 Admin+.Stored.XSS LOW" "wp-user-avatar 4.15.20 Admin+.Stored.XSS LOW" "wp-user-avatar 4.15.20 Admin+.Stored.XSS LOW" "wp-user-avatar 4.15.19 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "wp-user-avatar 4.15.15 Admin+.Stored.XSS LOW" "wp-user-avatar 4.15.15 Admin+.Stored.XSS LOW" "wp-user-avatar 4.15.9 Contributor+.Stored.XSS MEDIUM" "wp-user-avatar 4.15.5 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wp-user-avatar 4.15.6 Contributor+.Stored.Cross-Site.Scripting.via.'reg-single-checkbox' MEDIUM" "wp-user-avatar 4.15.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wp-user-avatar 4.15.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.profilepress-edit-profile.Shortcode MEDIUM" "wp-user-avatar 4.15.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.[reg-select-role].Shortcode MEDIUM" "wp-user-avatar 4.15.0 Contributor+.Stored.XSS MEDIUM" "wp-user-avatar 4.15.0 Unauthenticated.Stored.XSS MEDIUM" "wp-user-avatar 4.15.0 Contributor+.Stored.XSS MEDIUM" "wp-user-avatar 4.14.4 Contributor+.Stored.XSS MEDIUM" "wp-user-avatar 4.13.3 Information.Disclosure.via.Debug.Log MEDIUM" "wp-user-avatar 4.13.2 Limited.Privilege.Escalation.via.'acceptable_defined_roles' HIGH" "wp-user-avatar 4.13.2 ProfilePress.<.4,13,2.Cross-Site.Request.Forgery.via.'admin_notice' MEDIUM" "wp-user-avatar 4.5.5 Reflected.XSS HIGH" "wp-user-avatar 4.5.5 Reflected.XSS HIGH" "wp-user-avatar 4.5.5 Contributor+.Stored.XSS MEDIUM" "wp-user-avatar 4.5.4 Admin+.Stored.XSS LOW" "wp-user-avatar 4.5.1 Admin+.Stored.Cross-Site.Scripting.via.Form.Settings LOW" "wp-user-avatar 4.5.1 Admin+.Stored.Cross-Site.Scripting LOW" "wp-user-avatar 3.2.3 Reflected.Cross-Site.Scripting HIGH" "wp-user-avatar 3.2.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-user-avatar 3.1.11 Unauthenticated.Cross-Site.Scripting.(XSS).in.tabbed.login/register.widget MEDIUM" "wp-user-avatar 3.1.11 Multiple.Vulnerabilities MEDIUM" "wp-user-avatar 3.1.8 Authenticated.Stored.XSS CRITICAL" "wp-user-avatar 3.1.4 3.1.3.-.Authenticated.Privilege.Escalation CRITICAL" "wp-user-avatar 3.1.4 3.1.3.-.Arbitrary.File.Upload.in.File.Uploader.Component CRITICAL" "wp-user-avatar 3.1.4 3.1.3.-.Unauthenticated.Privilege.Escalation CRITICAL" "web3-authentication 3.0.0 Authentication.Bypass HIGH" "web3-authentication 2.7.0 Authentication.Bypass CRITICAL" "wordpress-ping-optimizer No.known.fix Log.Clearing.via.CSRF MEDIUM" "wordpress-ping-optimizer 2.35.1.3.0 Arbitrary.Settings.Update.via.CSRF MEDIUM" "wp-booking-system 2.0.19.11 Missing.Authorization.via.wpbs_refresh_calendar_editor MEDIUM" "wp-booking-system 2.0.19.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-booking-system 2.0.19.3 Missing.Authorization MEDIUM" "wp-booking-system 2.0.18.1 Admin+.Stored.XSS LOW" "wp-booking-system 2.0.15 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-booking-system 1.5.2 CSRF.to.Authenticated.SQL.Injection HIGH" "wp-booking-system 1.4 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-reactions-lite 1.3.9 CSRF LOW" "wp-link-bio No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-link-bio No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wiredminds-leadlab No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-mail-catcher 2.1.10 Reflected.Cross-Site.Scripting MEDIUM" "wp-mail-catcher 2.1.7 Cross-Site.Request.Forgery MEDIUM" "wp-mail-catcher 2.1.4 WP.Mail.Catcher.<.2.1.4.-.Admin+.SQLi MEDIUM" "wp-mail-catcher 2.1.3 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-user-profile-avatar 1.0.6 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "wp-user-profile-avatar 1.0.2 Contributor+.Stored.XSS MEDIUM" "wp-user-profile-avatar 1.0.1 Author+.Avatar.Deletion/Update.via.IDOR LOW" "wp-user-profile-avatar 1.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woo-update-variations-in-cart No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wp-hotjar No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wps-team No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wps-team No.known.fix Contributor+.PHP.Object.Injection HIGH" "wps-team 2.8.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-automatic 3.116.0 AI.content.generator.and.auto.poster.plugin.<.3.116.0.-.Authenticated.(Author+).Arbitrary.File.Upload HIGH" "wp-automatic 3.95.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.autoplay.Parameter MEDIUM" "wp-automatic 3.93.0 WordPress.Automatic.Plugin.<.3,93,0.Cross-Site.Request.Forgery MEDIUM" "wp-automatic 3.92.1 Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "wp-automatic 3.92.1 Unauthenticated.SQL.Injection CRITICAL" "wp-automatic 3.92.1 Unauthenticated.Arbitrary.File.Download.and.Server-Side.Request.Forgery CRITICAL" "wp-automatic 3.53.3 Unauthenticated.Arbitrary.Options.Update CRITICAL" "wordpress-file-upload-pro 4.16.3 Contributor+.Path.Traversal.to.RCE CRITICAL" "wordpress-file-upload-pro 4.16.3 Contributor+.Stored.Cross-Site.Scripting.via.Malicious.SVG MEDIUM" "wordpress-file-upload-pro 4.16.3 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-facebook-review-showcase-lite 1.0.9 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wp-multi-store-locator No.known.fix Unauthenticated.SQL.Injection HIGH" "wp-multi-store-locator No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-multi-store-locator 2.5.2 Unauthenticated.SQL.Injection HIGH" "wp-multi-store-locator 2.5.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-multi-store-locator 2.4.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-multi-store-locator 2.5.1 Contributor+.Stored.XSS MEDIUM" "wpcalc No.known.fix Authenticated.SQL.Injection MEDIUM" "wp-table-manager 4.1.4 Missing.Authorization.to.Authenticated.(Subscriber+).Directory.Traversal.to.Folder/File.Name.Disclosure MEDIUM" "wp-table-manager 3.5.3 Contributor+.Stored.XSS MEDIUM" "wpguppy-lite 1.1.4 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "wpguppy-lite 1.1.1 Authorization.Bypass MEDIUM" "wpguppy-lite 1.1.1 Subscriber+.Privilege.Escalation HIGH" "wpguppy-lite 1.1.1 Unauthenticated.PHP.Object.Injection CRITICAL" "wc-venipak-shipping 1.19.6 Reflected.Cross-Site.Scripting.via.'venipak_labels_link' MEDIUM" "wp-job-manager-colors No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-plugin-info-card 5.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.containerid.Parameter MEDIUM" "wp-plugin-info-card 5.3.1 Contributor+.Stored.XSS MEDIUM" "woo-extra-cost No.known.fix CSRF.Bypass MEDIUM" "woo-products-widgets-for-elementor No.known.fix Contributor+.Local.File.Inclusion HIGH" "woo-products-widgets-for-elementor 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "woo-products-widgets-for-elementor 1.0.8 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "woo-products-widgets-for-elementor 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-humanstxt No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "wp-employee-attendance-system No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "wp-education 1.2.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.text_html_tag MEDIUM" "wp-education 1.2.7 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "wp-media-manager-lite 1.1.3 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wc-partial-shipment No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "wc-return-warrranty No.known.fix Reflected.Cross-Site.Scripting HIGH" "wp-fixtag No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpappninja 11.57 Open.Redirect.via.'redirect'.Parameter HIGH" "wpappninja 11.53 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "wpappninja 11.51 Reflected.Cross-Site.Scripting MEDIUM" "wpappninja 11.49 Reflected.Cross-Site.Scripting MEDIUM" "wpappninja 11.42 Reflected.Cross-Site.Scripting MEDIUM" "wpappninja 11.21 Admin+.Stored.XSS LOW" "wpappninja 11.19 Admin+.Stored.XSS LOW" "wpappninja 11.14 Contributor+.Stored.XSS MEDIUM" "wp-compress-image-optimizer 6.30.31 Cross-Site.Request.Forgery MEDIUM" "wp-compress-image-optimizer 6.30.16 Authenticated.(Subscriber+).Missing.Authorization.via.Multiple.Functions HIGH" "wp-compress-image-optimizer 6.30.16 Unauthenticated.Server-Side.Request.Forgery.via.init.Function MEDIUM" "wp-compress-image-optimizer 6.30.04 Reflected.Cross-Site.Scripting.via.custom_server.Parameter MEDIUM" "wp-compress-image-optimizer 6.21.01 Reflected.Cross-Site.Scripting MEDIUM" "wp-compress-image-optimizer 6.20.02 Missing.Authorization MEDIUM" "wp-compress-image-optimizer 6.20.02 Open.Redirect.via.css MEDIUM" "wp-compress-image-optimizer 6.11.01 Cross-Site.Request.Forgery MEDIUM" "wp-compress-image-optimizer 6.11.11 Missing.Authorization.to.Unauthenticated.CDN.Modification HIGH" "wp-compress-image-optimizer 6.10.34 Unauthenticated.Arbitrary.File.Read HIGH" "wp-whois-domain No.known.fix Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "woocommerce-predictive-search 6.1.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-category-posts-list No.known.fix Cross-Site.Request.Forgery.via.gen_set_page MEDIUM" "wp-category-posts-list No.known.fix Contributor+.Stored.XSS MEDIUM" "wpcleaner No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-cufon No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "woo-giftcards No.known.fix Missing.Authorization MEDIUM" "wp-all-export-pro 1.9.2 Authenticated.(ShopManager+).Arbtirary.Options.Update MEDIUM" "wp-all-export-pro 1.9.2 Unauthenticated.Remote.Code.Execution.via.Custom.Export.Fields HIGH" "wp-all-export-pro 1.8.6 Admin+.RCE MEDIUM" "wp-all-export-pro 1.8.6 Remote.Code.Execution.via.CSRF CRITICAL" "wp-all-export-pro 1.8.6 Author+.PHAR.Deserialization.via.CSRF HIGH" "wp-all-export-pro 1.7.9 Authenticated.SQLi MEDIUM" "wp-all-export-pro 1.7.9 Authenticated.Code.Injection CRITICAL" "wha-puzzle No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-user-frontend 4.0.8 Authenticated.(Administrator+).SQL.Injection CRITICAL" "wp-user-frontend 4.0.8 Use.of.Polyfill.io MEDIUM" "wp-user-frontend 3.6.6 Authenticated.(Author+).Privilege.Escalation HIGH" "wp-user-frontend 3.6.9 Missing.Authorization.via.AJAX.actions MEDIUM" "wp-user-frontend 3.5.29 Obscure.Registration.as.Admin MEDIUM" "wp-user-frontend 3.5.26 SQL.Injection.to.Reflected.Cross-Site.Scripting HIGH" "wp-user-frontend 3.5.25 Admin+.SQL.Injection MEDIUM" "whmcs-bridge 6.4b Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "whmcs-bridge 6.3 Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "wp-mapit 3.0.0 Contributor+.Stored.XSS MEDIUM" "wp-svg-upload No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "wpcargo No.known.fix Authenticated.(Contributor+).Insecure.Direct.Object.Reference MEDIUM" "wpcargo No.known.fix Subscriber+.Settings.Update MEDIUM" "wpcargo No.known.fix Unauthenticated.SQL.Injection HIGH" "wpcargo 6.9.5 Admin+.Stored.Cross.Site.Scripting LOW" "wpcargo 6.9.5 Reflected.Cross.Site.Scripting MEDIUM" "wpcargo 6.9.0 Unauthenticated.RCE CRITICAL" "wp-ada-compliance-check-basic 3.1.4 Cross-Site.Request.Forgery MEDIUM" "woocommerce-anti-fraud 3.9 Unauthenticated.Order.Status.Manipulation MEDIUM" "wpremote 4.65 Reflected.Cross-Site.Scripting MEDIUM" "weaver-themes-shortcode-compatibility No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "we-testimonial-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-graphql-woocommerce 0.12.4 Unauthenticated.Coupon.Codes.Disclosure MEDIUM" "wp-schema-pro 2.7.16 Contributor+.Custom.Field.Access LOW" "wishsuite 1.4.5 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wishsuite 1.3.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wishsuite 1.3.5 Admin+.Stored.XSS LOW" "wishsuite 1.3.4 Cross-Site.Request.Forgery MEDIUM" "wp-stripe-global-payments 3.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-stripe-global-payments 3.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-colorbox 1.1.5 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wpcom-member 1.7.8 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wpcom-member 1.7.7 Unauthenticated.Time-Based.SQL.Injection HIGH" "wpcom-member 1.7.6 Authentication.Bypass.via.'user_phone' CRITICAL" "wpcom-member 1.5.4.1 Reflected.Cross-Site.Scripting MEDIUM" "wpcom-member 1.5.3 Unauthenticated.Privilege.Escalation.via.User.Meta CRITICAL" "woo-custom-profile-picture No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "wp-cloudy 4.4.9 Admin+.SQL.Injection MEDIUM" "wp-fundraising-donation 1.7.4 Cross-Site.Request.Forgery MEDIUM" "wp-fundraising-donation 1.7.1 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "wp-fundraising-donation 1.7.0 Missing.Authorization MEDIUM" "wp-fundraising-donation 1.5.0 Unauthenticated.SQLi HIGH" "wp-insert 2.5.1 Admin+.Stored.XSS MEDIUM" "wp-team-manager 2.2.0 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-team-manager 2.1.13 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-team-manager 2.0.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wp-keyword-monitor No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-connect No.known.fix Stored.XSS.via.CSRF HIGH" "wp-easy-gallery No.known.fix Authenticated.(Contributor+).SQL.Injection.via.key.Parameter HIGH" "wp-easy-gallery No.known.fix Authenticated.(Subscriber+).SQL.Injection CRITICAL" "wp-easy-gallery No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Gallery.Manipulation MEDIUM" "wp-edit-menu No.known.fix Arbitrary.Post.Deletion.via.CSRF MEDIUM" "wp-edit-menu 1.5.0 Unauthenticated.Arbitrary.Post.Deletion HIGH" "wp-hide-backed-notices 1.3.1 Missing.Authorization.to.Authenticated(Contributor+).Plugin.Settings.Modification MEDIUM" "wp-hide-backed-notices 1.3 Cross-Site.Request.Forgery MEDIUM" "wordpress-importer 0.8.4 Admin+.PHP.Object.Injection MEDIUM" "woocommerce-wholesale-pricing 2.3.1 Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "woocommerce-wholesale-pricing 2.3.1 Unauthenticated.Information.Exposure MEDIUM" "wp-db-table-editor No.known.fix Missing.Authorization.to.Authenticated(Contributor+).Database.Access HIGH" "woo-category-slider-grid 1.4.16 Missing.Authorization.via.notice.dismissal.functionality MEDIUM" "wp-featherlight No.known.fix Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.Featherlight.js.JavaScript.Library MEDIUM" "wp-twilio-core 1.5.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-twilio-core 1.3.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-cookie-law-info No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "woo-product-reviews-shortcode 1.01.6 Missing.Authorization MEDIUM" "woo-product-reviews-shortcode 1.01.4 Cross-Site.Request.Forgery MEDIUM" "woo-product-reviews-shortcode 1.0.21 Reflected.Cross-Site.Scripting MEDIUM" "woo-product-reviews-shortcode 1.0.17 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-optimize 4.2.0 Admin+.SQLi MEDIUM" "wp-optimize 3.2.13 Cross-Site.Scripting.From.Third-party.Library HIGH" "wheel-of-life 1.1.9 Missing.Authorization MEDIUM" "wheel-of-life 1.1.8 Missing.Authorization.on.Several.AJAX.Endpoints MEDIUM" "wordlive-livecall-addon-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-fullcalendar 1.6 Contributor+.Stored.XSS MEDIUM" "wp-fullcalendar 1.5 Unauthenticated.Arbitrary.Post.Access HIGH" "wp-google-maps-pro 8.1.12 Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "wp-live-tv No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-live-tv No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wip-incoming-lite 1.1.2 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wps-child-theme-generator 1.2 Path.Traversal CRITICAL" "wp-user-switch No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "wp-user-switch 1.0.3 Subscriber+.Authentication.Bypass HIGH" "wp-realestate 1.6.27 Authentication.Bypass.via.'process_register' CRITICAL" "wp-download-mirror-counter No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "wp-flickr-press No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "webp-converter-for-media 4.0.3 Unauthenticated.Open.redirect MEDIUM" "webp-converter-for-media 1.0.3 Cross-Site.Request.Forgery.(CSRF) HIGH" "wc-shipos-delivery 2.2.0 Reflected.Cross-Site.Scripting MEDIUM" "wc-shipos-delivery No.known.fix Reflected.Cross-Site.Scripting.via.dvsfw_bulk_label_url.Parameter MEDIUM" "woocommerce-currency-switcher 1.4.2.3 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "woocommerce-currency-switcher 1.4.2.2 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "woocommerce-currency-switcher 1.4.2.1 Missing.Authorization MEDIUM" "woocommerce-currency-switcher 1.4.1.9 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "woocommerce-currency-switcher 1.4.1.8 Cross-Site.Request.Forgery MEDIUM" "woocommerce-currency-switcher 1.4.1.7 Subscriber+.Stored.XSS MEDIUM" "woocommerce-currency-switcher 1.4.1.5 Cross-Site.Request.Forgery.via.delete_profiles_data MEDIUM" "woocommerce-currency-switcher 1.3.9.4 Contributor+.Stored.XSS MEDIUM" "woocommerce-currency-switcher 1.3.9.3 Contributor+.Stored.XSS MEDIUM" "woocommerce-currency-switcher 1.3.7.5 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-currency-switcher 1.3.7.3 Reflected.Cross-Site.Scripting HIGH" "woocommerce-currency-switcher 1.3.7.1 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-currency-switcher 1.3.7 Authenticated.(Low.Privilege).Local.File.Inclusion CRITICAL" "wpo365-login 28.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.pintra.Shortcode MEDIUM" "wpo365-login 15.4 Unauthenticated.Stored.Cross-Site.Scripting CRITICAL" "wpo365-login 11.7 JWT.Signature.Verification.Bypass HIGH" "wp-tithely No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "woocommerce-country-based-payments 1.4.4 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-country-based-payments 1.4.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-website-creator No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wd-google-analytics No.known.fix Missing.Authorization.via.gawd_wd_bp_install_notice_status MEDIUM" "wd-google-analytics 1.2.9 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wp-asset-clean-up 1.3.9.9 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "wp-asset-clean-up 1.3.9.4 Missing.Authorization MEDIUM" "wp-asset-clean-up 1.3.5.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-asset-clean-up 1.3.8.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-asset-clean-up 1.3.8.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-asset-clean-up 1.3.8.5 Reflected.Cross-Site.Scripting.via.AJAX.Action HIGH" "wp-asset-clean-up 1.3.6.7 CSRF.&.XSS LOW" "wp-accessibility-helper 0.6.2.9 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Settings.Update MEDIUM" "wp-accessibility-helper 0.6.3 Missing.Authorization MEDIUM" "wp-accessibility-helper 0.6.2.6 Missing.Authorization MEDIUM" "wp-accessibility-helper 0.6.2.5 Missing.Authorization.via.AJAX.action MEDIUM" "wp-accessibility-helper 0.6.0.7 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-donottrack No.known.fix Authenticated.(admin+).Stored.XSS MEDIUM" "wpematico 2.6.12 Admin+.Stored.Cross-Site.Scripting LOW" "wp-attachment-export 0.2.4 Unauthenticated.Posts.Download HIGH" "wp-businessdirectory 3.1.3 Reflected.Cross-Site.Scripting HIGH" "wp-businessdirectory 3.1.3 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "wordpress-feed-statistics No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "wordpress-feed-statistics 4.0 Open.Redirect MEDIUM" "woo-direct-checkout-button No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-recaptcha-integration 1.2.6 Reflected.Cross-Site.Scripting MEDIUM" "wp-recaptcha-integration No.known.fix Admin+.Stored.XSS LOW" "woo-tbc-payment-gateway No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-email-newsletter No.known.fix Reflected.XSS HIGH" "wp-database-backup 7.4 Unauthenticated.Database.Back-Up.Exposure HIGH" "wp-database-backup 5.9 Admin+.Stored.Cross-Site.Scripting LOW" "wp-database-backup 5.2 Unauthenticated.OS.Command.Injection MEDIUM" "wp-database-backup 5.1.2 XSS HIGH" "wp-database-backup 4.3.6 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wp-email-users No.known.fix Subscriber+.SQL.Injection HIGH" "wordprezi 0.9 Contributor+.Strored.XSS MEDIUM" "wp-better-permalinks 3.0.5 CSRF.allowing.Option.Update HIGH" "wp-user-profiles No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "wp-file-manager-pro 8.3.10 Unauthenticated.Limited.JavaScript.File.Upload HIGH" "wp-file-manager-pro 8.3.10 Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "wp-file-manager-pro 8.3.10 Unauthenticated.Backup.File.Download.and.Upload HIGH" "wp-file-manager-pro 8.3.8 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wp-file-manager-pro 8.3.5 Directory.Traversal CRITICAL" "wp-file-manager-pro 8.3.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-file-manager-pro 8.3.5 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "woocommerce-aweber-newsletter-subscription 4.0.3 Missing.Authorization.to.Access.Token.Modification MEDIUM" "wp-jobsearch No.known.fix Authentication.Bypass.via.Social.Logins HIGH" "wp-jobsearch 2.6.8 Unauthenticated.Privilege.Escalation CRITICAL" "wp-jobsearch 2.6.8 Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "wp-jobsearch 2.6.8 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-jobsearch 2.6.1 Unauthenticated.PHP.Object.Injection CRITICAL" "wp-jobsearch 2.6.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-jobsearch 2.5.4 Cross-Site.Request.Forgery MEDIUM" "wp-jobsearch 2.5.4 Unauthenticated.PHP.Object.Injection CRITICAL" "wp-jobsearch 2.5.6 Missing.Authorization MEDIUM" "wp-jobsearch 2.5.6 Missing.Authorization MEDIUM" "wp-jobsearch No.known.fix Authentication.Bypass.to.Account.Takeover CRITICAL" "wp-jobsearch 2.3.4 Authentication.Bypass CRITICAL" "wp-jobsearch 2.3.4 Arbitrary.File.Upload.to.RCE CRITICAL" "wp-jobsearch 1.8.2 Unauthenticated.Plugin's.Settings.Update MEDIUM" "wp-jobsearch 1.8.2 Subscriber+.Arbitrary.Blog.Options.Update HIGH" "wp-jobsearch 1.8.2 Subscriber+.Add/Update.Schedule.Calls MEDIUM" "wp-jobsearch 1.7.4 Authenticated.Stored.XSS MEDIUM" "wp-jobsearch 1.5.6 Unauthenticated.Reflected.XSS MEDIUM" "wp-jobsearch 1.5.5 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "wp-jobsearch 1.5.3 Multiple.Cross-Site.Scripting.Issues MEDIUM" "wp-jobsearch 1.5.1 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "woocommerce-abandoned-cart-pro 5.2.0 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "where-did-they-go-from-here 3.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "where-did-they-go-from-here 2.1.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-shoutbox-live-chat No.known.fix Unauthenticated.SQLi HIGH" "wp-shoutbox-live-chat No.known.fix Unauthenticated.Stored.XSS HIGH" "widget-post-slider 1.3.6 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-job-openings 3.4.3 Sensitive.Data.Exposure.via.Directory.Listing MEDIUM" "wp-server-stats 1.7.8 Injected.Backdoor CRITICAL" "wp-server-stats 1.7.4 Cross-Site.Request.Forgery MEDIUM" "wp-server-stats 1.7.0 Admin+.Stored.Cross-Site.Scripting LOW" "wpshopgermany-it-recht-kanzlei 2.1 Cross-Site.Request.Forgery MEDIUM" "wpshopgermany-it-recht-kanzlei 1.8 Admin+.Stored.XSS LOW" "wp-github No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-ecards-invites 1.3.905 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-smart-export No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-smart-export No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-native-articles 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "woobox No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woobox No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wc-pre-order No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-seo-content-randomizer-addon 1.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-rss-by-publishers No.known.fix Admin+.SQLi MEDIUM" "wp-rss-by-publishers No.known.fix Admin+.SQLi MEDIUM" "wp-rss-by-publishers No.known.fix Admin+.SQLi MEDIUM" "wpslacksync 1.8.6 Slack.Access.Token.Disclosure HIGH" "wp-auto-top No.known.fix Cross-Site.Request.Forgery MEDIUM" "widgets-on-pages-and-posts No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "widgets-on-pages-and-posts No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-amazon-shop No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wpbricks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpbricks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wh-testimonials No.known.fix Unauthenticated.Stored.XSS HIGH" "wp-automedic No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-automedic 1.5.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-amaps No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-fail2ban 5.1.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-fail2ban 4.4.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-fail2ban 4.0.5 Subscriber+.Arbitrary.Option.Update CRITICAL" "wptables No.known.fix Reflected.XSS HIGH" "wp-report-post No.known.fix Reflected.XSS HIGH" "wp-tripadvisor-review-slider 12.7 Authenticated.(Administrator+).SQL.Injection CRITICAL" "wp-tripadvisor-review-slider 11.9 Admin+.Stored.XSS LOW" "wp-tripadvisor-review-slider 11.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-tripadvisor-review-slider 10.8 Subscriber+.SQLi HIGH" "woocommerce-discounts-plus 3.4.5 Reflected.Cross-Site.Scripting HIGH" "wp-responsive-slider-with-lightbox 1.0.1 Arbitrary.File.Upload.via.CSRF HIGH" "wp-responsive-slider-with-lightbox 1.0.1 Admin+.Stored.XSS MEDIUM" "wp-responsive-slider-with-lightbox 1.0.1 Image.Lightboxes.via.CSRF MEDIUM" "woocommerce-menu-bar-cart 2.12.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-custom-login-page No.known.fix Admin+.Stored.XSS LOW" "woocommerce-product-sort-and-display 2.4.2 Missing.Authorization MEDIUM" "wc-fields-factory 4.1.7 ShopManager+.SQLi MEDIUM" "wp-bulletin-board No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-warranty 2.3.0 Missing.Authorization MEDIUM" "woocommerce-warranty 2.3.0 Missing.Authorization MEDIUM" "woocommerce-warranty 2.1.7 Reflected.XSS HIGH" "woolook No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "wpop-elementor-addons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-scribd-list No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-contact-form No.known.fix Cross-Site.Request.Forgery.via.wpcf_adminpage MEDIUM" "wha-wordsearch No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "wha-wordsearch No.known.fix Contributor+.Stored.XSS MEDIUM" "wptemplata 1.0.8 Reflected.Cross-Site.Scripting MEDIUM" "woo-orders-tracking 1.2.11 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "woo-orders-tracking 1.2.6 Admin+.Arbitrary.File.Access/Read MEDIUM" "woo-orders-tracking 1.1.10 Reflected.Cross-Site.Scripting HIGH" "wp-jump-menu No.known.fix Admin+.Stored.XSS LOW" "woo-product-feed-pro 13.3.2 Sensitive.Information.Exposure.via.Log.Files MEDIUM" "woo-product-feed-pro 13.2.6 Reflected.Cross-Site.Scripting MEDIUM" "woo-product-feed-pro 12.4.5 Multiple.CSRF MEDIUM" "woo-product-feed-pro 11.2.3 Reflected.Cross-Site.Scripting MEDIUM" "woo-product-feed-pro 11.0.7 Subscriber+.Settings.Update.to.Stored.XSS HIGH" "wc-payphone-gateway 3.2.1 Reflected.Cross-Site.Scripting MEDIUM" "widget-manager-light No.known.fix Missing.Authorization MEDIUM" "wp-sendgrid-mailer No.known.fix Missing.Authorization MEDIUM" "wp-sendgrid-mailer No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Log.Deletion MEDIUM" "wp-sendgrid-mailer No.known.fix Unauthenticated.SQL.Injection CRITICAL" "wp-job-manager-companies 1.8 Reflected.Cross-Site.Scripting MEDIUM" "wp-ultimate-exporter 2.14 Unauthenticated.PHP.Object.Injection CRITICAL" "wp-ultimate-exporter 2.10 Information.Disclosure.Through.Unprotected.Directory HIGH" "wp-ultimate-exporter 2.9.1 Authenticated.(Admin+).Arbitrary.File.Read MEDIUM" "wp-ultimate-exporter 2.9.2 Authenticated.(Admin+).Remote.Code.Execution MEDIUM" "wp-ultimate-exporter 2.4.2 Unauthenticated.Information.Disclosure MEDIUM" "wp-ultimate-exporter 1.4.2 CSRF HIGH" "wp-ultimate-exporter 1.2 Unauthenticated.SQL.Injection CRITICAL" "webd-woocommerce-product-excel-importer-bulk-edit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-add-active-class-to-menu-item No.known.fix Cross-Site.Request.Forgery MEDIUM" "woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers 2.1.6 Settings.Update.via.CSRF MEDIUM" "woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers 2.1.4.1 Reflected.Cross-Site.Scripting MEDIUM" "woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers 2.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-order-notes 1.5.3 Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "wpgsi 3.8.3 Cross-Site.Request.Forgery.to.Arbitrary.Post.Publish MEDIUM" "wpgsi 3.8.1 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "wpgsi 3.7.9 Reflected.Cross-Site.Scripting MEDIUM" "wpgsi 3.6.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpgsi 3.6.0 CSRF.Bypass MEDIUM" "wpgsi 3.6.0 Reflected.Cross-Site.Scripting HIGH" "wp-easy-contact 4.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-easy-contact 3.8 Admin+.Stored.Cross-Site.Scripting LOW" "woocommerce-product-vendors 2.2.3 Missing.Authorization MEDIUM" "woocommerce-product-vendors 2.2.2 Missing.Authorization MEDIUM" "woocommerce-product-vendors 2.1.77 Reflected.XSS HIGH" "woocommerce-product-vendors 2.1.77 Vendor.Admin+.SQLi MEDIUM" "woocommerce-product-vendors 2.1.79 ShopManager+.SQLi MEDIUM" "woocommerce-product-vendors 2.1.77 Unauthenticated.Reflected.XSS HIGH" "woocommerce-product-vendors 2.1.69 Vendor.Commission.Percentage.Update.via.IDOR MEDIUM" "woocommerce-product-vendors 2.1.66 Note.Creation.via.IDOR LOW" "woocommerce-product-vendors 2.1.66 Unauthenticated.Blind.SQLi HIGH" "wp-ad-guru No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-html-author-bio-by-ahmad-awais No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "wp-stripe-express 1.12.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-stripe-express 1.7.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wordpress-gallery-transformation No.known.fix Blind.SQL.Injection CRITICAL" "woocommerce-warranties-and-returns 5.3.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "wp-cirrus No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "woocommerce-woocart-popup-lite No.known.fix Cross-Site.Request.Forgery MEDIUM" "woocommerce-bookings 2.2.5 Unauthenticated.Bookings.Products.Data.and.Metadata.Disclosure.via.REST.API MEDIUM" "woocommerce-bookings 2.0.4 Cross-Site.Request.Forgery MEDIUM" "wp-google-map-plugin 4.7.2 Admin+.Stored.XSS LOW" "wp-google-map-plugin 4.7.2 Admin+.Stored.XSS LOW" "wp-google-map-plugin 4.7.2 Admin+.Stored.XSS LOW" "wp-google-map-plugin 4.6.2 Authenticated.(Contributor+).SQL.Injection HIGH" "wp-google-map-plugin 4.4.0 Editor+.Stored.XSS LOW" "wp-google-map-plugin 4.4.3 Category/Location/Map.Deletion.via.CSRF MEDIUM" "wp-google-map-plugin 4.2.4 Marker.Category/Map.Deletion.via.CSRF MEDIUM" "wp-google-map-plugin 4.1.5 Authenticated.SQL.Injection MEDIUM" "wp-google-map-plugin 4.1.0 CSRF.to.Unauthenticated.PHP.Object.Injection HIGH" "wp-google-map-plugin 4.0.4 XSS MEDIUM" "wp-google-map-plugin 3.1.2 XSS MEDIUM" "wp-google-map-plugin 2.3.10 Multiple.CSRF MEDIUM" "wp-google-map-plugin 3.0.0 CSRF.to.Authenticated.Cross-Site.Scripting.(XSS) HIGH" "wp-google-map-plugin 2.3.7 XSS MEDIUM" "wpecounter 2.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-social 3.1.1 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "wp-social 3.0.8 Authentication.Bypass CRITICAL" "wp-social 3.0.1 Missing.Authorization.to.Unauthenticated.Social.Login/Share.Status.Update MEDIUM" "wp-pano No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-chgfontsize No.known.fix Arbitrary.Settings.Update.via.CSRF.to.Stored.XSS MEDIUM" "woo-product-bundle 7.3.2 Cross-Site.Request.Forgery MEDIUM" "ws-facebook-likebox No.known.fix Contributor+.Stored.XSS MEDIUM" "wordpress-mu-secure-invites No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "web3-token-gate 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-newsletter-subscription No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "woocommerce-composite-products 8.7.6 Reflected.XSS MEDIUM" "woocommerce-stock-manager 2.11.0 Cross-Site.Request.Forgery MEDIUM" "woocommerce-stock-manager 2.6.0 CSRF.to.Arbitrary.File.Upload HIGH" "wc-captcha No.known.fix Admin+.Stored.XSS LOW" "website-toolbox-forums 2.0.2 Reflected.Cross-Site.Scripting.via.websitetoolbox_username MEDIUM" "wp-video-lightbox 1.9.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.width.Parameter MEDIUM" "wp-video-lightbox 1.9.7 Contributor+.Stored.XSS MEDIUM" "wp-video-lightbox 1.9.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-video-lightbox 1.9.6 Admin+.Stored.Cross-Site.Scripting LOW" "wp-video-lightbox 1.9.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wp-tao No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-product-attachment 2.2.0 Checkout.Attachements.Update.via.CSRF MEDIUM" "woo-product-attachment 2.1.8 Reflected.Cross-Site.Scripting MEDIUM" "woo-product-attachment 2.1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "while-it-is-loading No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-access-areas 1.5.20 Reflected.Cross-Site.Scripting MEDIUM" "wordpress-23-related-posts-plugin No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wordpress-23-related-posts-plugin 2.7.2 Cross-Site.Request.Forgery MEDIUM" "wpvn-username-changer No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-film-studio 1.3.5 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "woo-seo-addon 2.1.6 Reflected.Cross-Site.Scripting MEDIUM" "woo-seo-addon 2.1.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-concours No.known.fix Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "widget-extend-builtin-query 1.06 Reflected.Cross-Site.Scripting MEDIUM" "weglot 4.2.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Block.Attributes MEDIUM" "weglot 1.9.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-church-donation No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-church-donation No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-visual-slidebox-builder No.known.fix Subscriber+.SQLi HIGH" "wpmovielibrary No.known.fix Reflected.XSS HIGH" "wc-gsheetconnector 1.3.12 Missing.Authorization MEDIUM" "wc-gsheetconnector 1.3.5 Reflected.Cross-Site.Scripting MEDIUM" "wc-gsheetconnector 1.3.6 Access.Code.Update.via.CSRF MEDIUM" "wc-gsheetconnector 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-easy-menu No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "woostagram-connect No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "wpjqp-datepicker No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wc-builder 1.0.19 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ws-form-pro 1.9.218 Unauthenticated.CSV.Injection MEDIUM" "ws-form-pro 1.8.176 Admin+.Stored.Cross-Site.Scripting LOW" "ws-form-pro 1.8.176 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wcfm-marketplace-rest-api 1.6.3 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "wcfm-marketplace-rest-api 1.6.0 Subscriber+.Arbitrary.Orders.Item.And.Notes.Update MEDIUM" "wp-backgrounds-lite No.known.fix CSRF.Bypass MEDIUM" "wp-school-calendar-lite 3.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-cron-status-checker 1.2.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-cron-status-checker 1.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "webriti-custom-login-page No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-upload-files 84.4 Unauthenticated.Arbitrary.File.Upload CRITICAL" "woocommerce-upload-files 59.4 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-test-email 1.1.9 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-test-email 1.1.8 Reflected.Cross-Site.Scripting MEDIUM" "wp-expert-agent-xml-feed No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woofilter-pro No.known.fix Unauthenticated.SQL.Injection HIGH" "wp-buddha-free-adwords No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-buddha-free-adwords No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "woo-currency 1.6.6 Admin+.Stored.XSS LOW" "wp-cors 0.2.2 Admin+.Stored.XSS LOW" "wp-voting-contest 3.0 Reflected.Cross-Site.Scripting MEDIUM" "watupro 5.5.3.7 SQL.Injection CRITICAL" "watupro 4.9.0.8 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "widgetkit-pro No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-webinarsystem No.known.fix Authenticated.(Administrator+).Server-Side.Request.Forgery MEDIUM" "wp-webinarsystem No.known.fix Open.Redirect MEDIUM" "wp-webinarsystem No.known.fix Missing.Authorization MEDIUM" "wp-webinarsystem No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-webinarsystem 1.33.25 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Creation HIGH" "wp-webinarsystem 1.33.25 Missing.Authorization.to.Authenticated.(Subscriber+).Webinar.Updates HIGH" "wp-webinarsystem 1.33.21 Cross-Site.Request.Forgery MEDIUM" "wp-webinarsystem 1.33.21 Cross-Site.Request.Forgery MEDIUM" "wp-webinarsystem 1.33.10 Reflected.Cross-Site.Scripting MEDIUM" "wp-html-page-sitemap No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting HIGH" "wp-opensearch No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-multilang 2.4.19.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-update-mail-notification 1.2.0 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "wp-hotel-booking 2.2.0 Cross-Site.Request.Forgery MEDIUM" "wp-hotel-booking 2.1.7 Missing.Authorization.to.Authenticated.(Subscriber+).User.Email.Retrieval MEDIUM" "wp-hotel-booking 2.1.6 Missing.Authorization MEDIUM" "wp-hotel-booking No.known.fix Contributor+.Local.File.Inclusion HIGH" "wp-hotel-booking 2.1.3 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wp-hotel-booking 2.1.1 Unauthenticated.SQL.Injection CRITICAL" "wp-hotel-booking 2.0.9.3 Missing.Authorization MEDIUM" "wp-hotel-booking 2.0.9.3 Improper.Authorization.on.Multiple.REST.API.Routes MEDIUM" "wp-hotel-booking 2.0.8 Unauthenticated.SQLi HIGH" "wp-hotel-booking 2.0.9 Contributor+.Arbitrary.Post.Deletion MEDIUM" "wp-hotel-booking 2.0.8 Subscriber+.Arbitrary.Post.Deletion MEDIUM" "wp-hotel-booking 2.0.1 Unauthenticated.Arbitrary.Settings.Update HIGH" "wp-hotel-booking 1.10.6 CSRF MEDIUM" "wp-hotel-booking 1.10.4 Unauthenticated.PHP.Object.Injection HIGH" "wp-hotel-booking 1.10.2 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wp-tell-a-friend-popup-form No.known.fix Admin+.Stored.XSS LOW" "wp-tell-a-friend-popup-form No.known.fix Settings.Update.via.CSRF MEDIUM" "woocommerce-sendinblue-newsletter-subscription 4.0.18 Authenticated.(Editor+).Arbitrary.File.Download.and.Deletion HIGH" "woocommerce-upcoming-product No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-upcoming-product No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-copy-media-url No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-mmenu-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-favorite-posts No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-favorite-posts 1.6.6 Cross-Site.Scripting.(XSS) MEDIUM" "wpmarketplace No.known.fix Arbitrary.File.Upload HIGH" "wp-paytm-pay No.known.fix Donation.Plugin.<=.1.3.2.-.Authenticated.(admin+).SQL.Injection MEDIUM" "website-article-monetization-by-magenet 1.0.12 Unauthenticated.Stored.XSS HIGH" "woocommerce-social-media-share-buttons No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "wp-404-auto-redirect-to-similar-post 1.0.5 Reflected.Cross-Site.Scripting.via.Debug.Mode.URI MEDIUM" "wp-404-auto-redirect-to-similar-post 1.0.4 Reflected.Cross-Site.Scripting.via.request MEDIUM" "wp-404-auto-redirect-to-similar-post 1.0.4 Admin+.Stored.XSS LOW" "wp-smart-tv 2.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "word-freshener No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "woo-fiscalita-italiana No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-fiscalita-italiana 1.3.23 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "what-would-seth-godin-do 2.1.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wc-sudan-payment-gateway No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "woocommerce-product-importer No.known.fix Product.Importer.<=.1.5.2.-.Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-checkout-manager 7.3.1 Missing.Authorization MEDIUM" "woocommerce-checkout-manager 5.5.7 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-checkout-manager 4.3 Arbitrary.File.Upload HIGH" "wp-captcha No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-captcha No.known.fix Captcha.Bypass MEDIUM" "wp-gallery-exporter No.known.fix Authenticated.(Administrator+).Arbitrary.File.Download LOW" "ws-audio-player No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wbcom-designs-buddypress-search No.known.fix Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "wp-subtitle 3.4.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "woo-esto 2.23.2 Settings.Update.via.CSRF MEDIUM" "wp-easy-recipe No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-marketing-automations 3.6.0 Missing.Authorization.to.Unauthenticated.Arbitrary.Plugin.Installation CRITICAL" "wp-marketing-automations 3.6.1 Open.Redirect MEDIUM" "wp-marketing-automations 3.5.2 Open.Redirect HIGH" "wp-marketing-automations 3.5.2 Unauthenticated.SQL.Injection.via.'automationId' HIGH" "wp-marketing-automations 3.3.0 Unauthenticated.SQLi HIGH" "wp-marketing-automations 3.2.0 Authenticated.(Administrator+).SQL.Injection MEDIUM" "wp-marketing-automations 2.8.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-marketing-automations 2.7.0 Authenticated(Administrator+).SQL.Injection MEDIUM" "wp-marketing-automations 2.1.2 Subscriber+.Automation.Creation MEDIUM" "wp-greet 6.3 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-bulk-post-duplicator No.known.fix Cross-Site.Request.Forgery MEDIUM" "wpmailer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "windsor-strava-athlete No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "windsor-strava-athlete No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-inquiry No.known.fix Unauthenticated.SQL.Injection CRITICAL" "wp-csv-to-database No.known.fix CSRF LOW" "woo-admin-product-notes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-admin-product-notes No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-admin-product-notes No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "wsb-brands 1.2 Admin+.Stored.XSS LOW" "wp-stateless 3.4.1 Missing.Authorization.to.Limited.Arbitrary.Options.Update HIGH" "wp-clap No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-raptor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-todo No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting.via.Task.Comments MEDIUM" "wp-todo No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-todo No.known.fix Cross-Site.Request.Forgery.via.wptodo_addcomment MEDIUM" "wp-todo No.known.fix Cross-Site.Request.Forgery.via.wptodo_manage() MEDIUM" "wp-todo No.known.fix Cross-Site.Request.Forgery.via.wptodo_settings MEDIUM" "wp-todo No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting.via.Settings MEDIUM" "wp-todo 1.2.9 Contributor+.Stored.XSS MEDIUM" "weather-atlas No.known.fix Unauthenticated.Cross-Site.Scripting MEDIUM" "weather-atlas 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wpb-popup-for-contact-form-7 1.7.6 Unauthenticated.Arbitrary.Shortcode.Execution.via.wpb_pcf_fire_contact_form HIGH" "wphelpkit 1.1 Reflected.Cross-Site.Scripting MEDIUM" "wphelpkit 1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-gravity-forms-spreadsheets 1.1.1 Reflected.Cross-Site.Scripting HIGH" "wassup No.known.fix Unauthenticated.Stored.XSS HIGH" "wassup 1.9.1 Cross.Site.Scripting MEDIUM" "wpzoom-portfolio 1.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.align.Attribute MEDIUM" "wpzoom-portfolio 1.2.2 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-phone-message No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-phone-message No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-alidropship 1.1.1 Unauthenticated.Sensitive.Data.Exposure HIGH" "woocommerce-collections 1.7.0 Missing.Authorization.to.Unauthenticated.Arbitrary.Post/Page.Deletion MEDIUM" "woocommerce-collections 1.7.0 Unauthenticated.SQL.Injection CRITICAL" "wp-featured-content-slider No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "webhotelier 1.10.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "webhotelier 1.6.1 Reflected.Cross-Site.Scripting.(XSS) HIGH" "wdesignkit 1.2.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wdesignkit 1.1.0 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "wiser-notify 2.6 Missing.Authorization MEDIUM" "woocommerce-germanized 3.9.5 Reflected.Cross-Site.Scripting MEDIUM" "wpt-whatsapp No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "woo-add-to-quote 1.5.0 Reflected.Cross-Site.Scripting MEDIUM" "woo-add-to-quote 1.4.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wccp-pro 15.3 Open.Redirect MEDIUM" "wccp-pro 15.3 Admin+.Stored.XSS LOW" "woocommerce-shipping-multiple-addresses 3.8.10 Missing.Authorization MEDIUM" "woocommerce-shipping-multiple-addresses 3.8.6 Cross-Site.Request.Forgery MEDIUM" "woocommerce-shipping-multiple-addresses 3.8.6 Reflected.Cross-Site.Scripting HIGH" "woocommerce-shipping-multiple-addresses 3.8.6 Customer+.Shipping.Address.Update MEDIUM" "woocommerce-shipping-multiple-addresses 3.8.6 Billing.Address.Update.via.CSRF MEDIUM" "woocommerce-shipping-multiple-addresses 3.8.4 Subscriber+.Shipping.Address.Disclosure.via.IDOR MEDIUM" "woocommerce-shipping-multiple-addresses 3.7.2 Address.Creation/Update/Deletion.via.CSRF MEDIUM" "woocommerce-shipping-multiple-addresses 3.7.2 Reflected.Cross-Site.Scripting HIGH" "wp-design-maps-places No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-transactions 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "woo-order-status-per-product No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-order-status-per-product No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-email 2.69.1 Admin+.Stored.Cross-Site.Scripting LOW" "wp-email 2.69.0 Anti-Spam.Protection.Bypass.via.IP.Spoofing MEDIUM" "wp-email 2.69.0 Log.Deletion.via.CSRF MEDIUM" "wordpress-flash-uploader 3.1.3 Arbitrary.Comm&.Execution CRITICAL" "wp-editor-bootstrap-blocks 2.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woo-recent-purchases No.known.fix Authenticated.(Admin+).Local.File.Inclusion HIGH" "woo-smart-quick-view 4.1.2 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "woo-smart-quick-view 4.0.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-security-pro 4.2.1 Admin+.Stored.Cross-Site.Scripting LOW" "wholesale-market 2.2.1 Unauthenticated.Arbitrary.File.Download HIGH" "wholesale-market 2.2.2 Settings.Update.via.CSRF MEDIUM" "wp-post-styling 1.3.1 Multiple.CSRF MEDIUM" "web-application-firewall 2.1.3 IP.Address.Spoofing.to.Protection.Mechanism.Bypass MEDIUM" "web-application-firewall 2.1.2 Unauthenticated.Privilege.Escalation CRITICAL" "woo-rfq-for-woocommerce 1.9.180 Insecure.Direct.Object.Reference.to.Unauthenticated.Sensitive.Information.Disclosure HIGH" "wp-youtube-gallery 2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "wowpth No.known.fix Reflected.XSS HIGH" "wowpth No.known.fix Reflected.XSS HIGH" "we-client-logo-carousel No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-fusion-lite 3.43.0 Information.Exposure MEDIUM" "wp-fusion-lite 3.42.10 Authenticated.(Contributor+).Remote.Code.Execution HIGH" "wp-fusion-lite 3.37.31 Reflected.Cross-Site.Scripting.(XSS) HIGH" "wp-fusion-lite 3.37.30 CSRF.to.Data.Deletion MEDIUM" "wp-fusion-lite 3.37.30 Reflected.Cross-Site.Scripting.(XSS) HIGH" "weblibrarian No.known.fix Reflected.XSS HIGH" "weblibrarian 3.5.5 SQL.Injection MEDIUM" "weblibrarian 3.4.8.7 XSS MEDIUM" "weblibrarian 3.4.8.6 XSS MEDIUM" "wp-default-feature-image No.known.fix Admin+.Stored.XSS LOW" "wpeventplus No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "wpeventplus No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-multitasking No.known.fix Header/Footer/Body.Script.Update.via.CSRF MEDIUM" "wp-multitasking No.known.fix Permalink.Suffix.Update.via.CSRF MEDIUM" "wp-multitasking 0.1.18 WP.Utilities.<.0.1.18.-.Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-multitasking No.known.fix Reflected.XSS.via.Shortcode MEDIUM" "wp-multitasking No.known.fix SMTP.Settings.Update.via.CSRF MEDIUM" "wp-multitasking No.known.fix Exit.Popup.Update.via.CSRF MEDIUM" "wp-multitasking No.known.fix Welcome.Popup.Update.via.CSRF MEDIUM" "wp-multitasking No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-live-chat-software-for-wordpress 4.5.16 Cross-Site.Request.Forgery MEDIUM" "wp-codemirror-block 2.0.0 Contributor+.Stored.XSS MEDIUM" "wp-custom-post-template No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-file-download-light No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "wpmandrill No.known.fix Missing.Authorization.via.getAjaxStats MEDIUM" "wp-email-delivery No.known.fix Reflected.XSS HIGH" "wpb-elementor-addons 1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpb-elementor-addons 1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.url.Parameter MEDIUM" "wpb-elementor-addons 1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woo-order-export-lite 3.5.6 Unauthenticated.PHP.Object.Injection.via.Order.Details HIGH" "woo-order-export-lite 3.4.5 Shop.Manager+.Remote.Code.Execution CRITICAL" "woo-order-export-lite 3.3.3 Export.Files.via.CSRF MEDIUM" "woo-order-export-lite 3.3.2 Reflected.Cross-Site.Scripting MEDIUM" "woo-order-export-lite 3.1.8 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "woo-order-export-lite 3.1.4 Authenticated.Cross-Site.Scripting.(XSS) LOW" "woo-order-export-lite 1.5.5 CSV.Injection HIGH" "wp-cleanfix 5.7.0 Subscriber+.Post/Comment/Post.Meta.Content.Replacement MEDIUM" "wp-cleanfix 3.0.2 Remote.Comm&.Execution,.CSRF.&.XSS HIGH" "wp-smart-crm-invoices-free No.known.fix Authenticated.Stored.Cross-Site.Scripting MEDIUM" "wp-offers No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-offers 1.1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpforo 2.4.4 Subscriber+.Privilege.Escalation HIGH" "wpforo 2.4.2 Subscriber+.Arbitrary.File.Read MEDIUM" "wpforo 2.3.5 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "wpforo 2.3.5 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "wpforo 2.3.4 Authenticated.(Contributor+).SQL.Injection CRITICAL" "wpforo 2.2.4 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wpforo 2.2.6 Subscriber+.Content.Injection MEDIUM" "wpforo 2.1.9 Reflected.Cross-Site.Scripting HIGH" "wpforo 2.1.8 Subscriber+.Arbitrary.File.Read,.Author+.PHAR.Deserialization,.and.Subscriber+.Server-Side.Request.Forgery.via.file_get_contents HIGH" "wpforo 2.0.6 Subscriber+.Forum.Post.Set.as.Private/Public.via.IDOR MEDIUM" "wpforo 2.1.0 Arbitrary.User.Deletion.via.CSRF HIGH" "wpforo 2.1.0 Subscriber+.Arbitrary.File.Upload CRITICAL" "wpforo 2.0.6 Subscriber+.Forum.Post.Set.as.Solved/Unsolved.via.IDOR MEDIUM" "wpforo 2.0.6 Topic.Deletion.via.CSRF MEDIUM" "wpforo 2.0.6 Cross-Site.Request.Forgery MEDIUM" "wpforo 1.9.7 Open.Redirect MEDIUM" "wpforo 1.7.0 New.Users.Set.as.Admin.via.CSRF HIGH" "wpforo 1.7.0 Reflected.Cross-Site.Scripting.(XSS).via.langid.Parameter HIGH" "wpforo 1.7.0 Reflected.Cross-Site.Scripting.(XSS).via.s.Parameter HIGH" "wpforo 1.7.0 Reflected.Cross-Site.Scripting.(XSS).via.User.Agent MEDIUM" "wpforo 1.5.2 Privilege.Escalation CRITICAL" "wpforo 1.4.12 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wpforo 1.4.11 Unauthenticated.SQL.Injection CRITICAL" "wpml-string-translation 3.2.6 Admin+.SQLi MEDIUM" "wp-cookie No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "woo-add-to-cart-text-change 2.1 Add.to.cart.Text.Update.via.CSRF MEDIUM" "woofunnels-aero-checkout 3.11.0 Subscriber+.Arbitrary.Plugin.Activation MEDIUM" "woofunnels-aero-checkout 3.11.0 Unauthenticated.Arbitrary.Content.Deletion MEDIUM" "woofunnels-aero-checkout 3.11.0 Subscriber+.Settings.Update MEDIUM" "wp-front-end-profile 1.3.2 Unauthenticated.Privilege.Escalation CRITICAL" "wp-front-end-profile 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-front-end-profile 1.2.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-front-end-profile 1.2.2 CSRF.Check.Incorrectly.Implemented LOW" "wp-front-end-profile 0.2.2 Privilege.Escalation.&.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "widget-countdown 2.7.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "widget-countdown 2.7.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-easy-pay 4.2.4 Missing.Authorization.to.Unauthenticated.Service.Disconnection MEDIUM" "wp-easy-pay 4.2b1 Reflected.Cross-Site.Scripting MEDIUM" "wp-easy-pay 4.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-easy-pay 4.1 CSRF MEDIUM" "wp-easy-pay 4.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-easy-pay 3.2.1 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "wp-easy-pay 3.2.3 Cross-Site.Request.Forgery MEDIUM" "weight-based-shipping-for-woocommerce 5.5.0 Settings.Update.via.CSRF MEDIUM" "wp-find-your-nearest No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-find-your-nearest No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woo-store-mode No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wechat-social-login No.known.fix Authentication.Bypass CRITICAL" "wechat-social-login No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp2html No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "weather-layer No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "woo-salesforce-plugin-crm-perks 1.7.6 Open.Redirect MEDIUM" "woo-salesforce-plugin-crm-perks 1.5.9 Reflected.Cross-Site.Scripting HIGH" "wp-log-viewer No.known.fix Missing.Authorization MEDIUM" "wordpress-toolbar No.known.fix Open.Redirect MEDIUM" "woo-merchantx No.known.fix CSRF.Bypass MEDIUM" "wc-multi-currency 1.5.6 Missing.Authorization MEDIUM" "wc-multi-currency 1.5.6 Cross-Site.Request.Forgery MEDIUM" "wordpress-social-login No.known.fix Contributor+.Stored.XSS MEDIUM" "wordpress-social-login No.known.fix Reflected.XSS HIGH" "wordpress-social-login No.known.fix Admin+.Stored.XSS LOW" "wc-recently-viewed-products No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-hide-admin-bar No.known.fix Cross-Site.Request.Forgery MEDIUM" "woo-tipdonation No.known.fix Shop.Manager+.Stored.XSS MEDIUM" "white-label 2.9.1 Cross-Site.Request.Forgery.via.white_label_reset_wl_admins MEDIUM" "wayne-audio-player No.known.fix Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "wpgenious-job-listing No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "wp-post-modal No.known.fix Admin+.Stored.XSS LOW" "wp-seo-tags No.known.fix Reflected.Cross-Site.Scripting HIGH" "wp-social-bookmark-menu No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-seo-redirect-301 2.3.2 Redirect.Deletion.via.CSRF MEDIUM" "wp-estimation-form 10.1.76 Reflected.Cross-Site.Scripting MEDIUM" "wp-estimation-form 10.1.77 Missing.Authorization MEDIUM" "wp-estimation-form 10.1.76 Authenticated.(Contributor+).SQL.Injection CRITICAL" "wp-click-info No.known.fix Reflected.XSS HIGH" "woocommerce-wholesale-prices 2.2.0 Missing.Authorization MEDIUM" "woocommerce-wholesale-prices 2.1.5.1 Cross-Site.Request.Forgery MEDIUM" "woocommerce-wholesale-prices 2.1.5.1 Subscriber+.Missing.Authorization.for.Plugin.Settings.Change MEDIUM" "woocommerce-wholesale-prices 2.1.5.1 Subscriber+.Stored.Cross-Site.Scripting HIGH" "wp-post-author 3.8.3 Authenticated.(Administrator+).SQL.Injection MEDIUM" "wp-post-author 3.8.2 Authenticated.(Administrator+).SQL.Injection HIGH" "wp-post-author 3.6.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-post-author 3.7.5 Missing.Authorization MEDIUM" "wp-post-author 3.6.5 Subscriber+.Rating.Manipulation MEDIUM" "woocommerce-check-pincode-zipcode-for-shipping No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "wp-infusionsoft-woocommerce 1.0.9 Reflected.Cross-Site.Scripting HIGH" "wp-pro-counter No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-pro-counter No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-reviews-plugin-for-google 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "wp-reviews-plugin-for-google 10.9.1 Arbitrary.Settings.Update.via.CSRF MEDIUM" "wp-reviews-plugin-for-google 9.8 Contributor+.Stored.XSS MEDIUM" "wp-mlm No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "wp-mlm No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-wiki-tooltip No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wumii-related-posts No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-ogp No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-ean-payment-gateway 6.1.0 Missing.Authorization.to.Authenticated.(Contributor+).EAN.Update MEDIUM" "wp-orphanage-extended 1.3 Cross-Site.Request.Forgery.to.Orphan.Account.Privilege.Escalation HIGH" "wishlist No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wishlist 1.0.44 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wishlist No.known.fix Missing.Authorization MEDIUM" "wishlist No.known.fix Authenticated.(Subscriber+).Information.Exposure MEDIUM" "wishlist No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "wishlist No.known.fix Cross-Site.Request.Forgery MEDIUM" "wishlist 1.0.44 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wishlist 1.0.42 Authenticated.(Contributor+).SQL.Injection MEDIUM" "wp-baidu-submit No.known.fix Admin+.Stored.XSS LOW" "wp-mail-smtp 4.1.0 Admin+.SMTP.Password.Exposure LOW" "wp-admin-notification-center 2.3.3 Settings.Update.via.CSRF MEDIUM" "wpjobboard 5.11.1 Cross-Site.Request.Forgery.to.Remote.Code.Execution HIGH" "wpjobboard 5.11.1 Authenticated.(Subscriber+).Path.Traversal MEDIUM" "wpjobboard 5.11.1 Cross-Site.Request.Forgery MEDIUM" "wpjobboard 5.11.1 Reflected.Cross-Site.Scripting MEDIUM" "wpjobboard 5.7.0 Unauthenticated.SQL.Injection CRITICAL" "wpjobboard 5.7.0 Unauthenticated.Reflected.XSS.&.XFS MEDIUM" "wpjobboard 5.6.0 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wpjobboard 4.5 Multiple.SQL.Injections HIGH" "wpjobboard 5.0 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "wp-home-page-menu 3.1 Admin+.Stored.Cross-Site.Scripting LOW" "wp-easy-guide No.known.fix Unauthenticated.SQL.Injection HIGH" "wa-chatbox-manager 1.2.3 Missing.Authorization MEDIUM" "wp-ultimate-csv-importer 7.20.1 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wp-ultimate-csv-importer 7.19.1 Subscriber+.Arbitrary.File.Deletion HIGH" "wp-ultimate-csv-importer 7.9.9 Author+.RCE MEDIUM" "wp-ultimate-csv-importer 7.9.9 Imported.Files.Disclosure MEDIUM" "wp-ultimate-csv-importer 7.9.9 Author+.Privilege.Escalation MEDIUM" "wp-ultimate-csv-importer 6.5.8 Admin+.SQLi MEDIUM" "wp-ultimate-csv-importer 6.5.8 Missing.Authorisation LOW" "wp-ultimate-csv-importer 6.5.3 Admin+.Blind.SSRF MEDIUM" "wp-ultimate-csv-importer 6.4.3 Admin+.Stored.Cross-Site.Scripting LOW" "wp-ultimate-csv-importer 6.4.2 Subscriber+.Arbitrary.Option.Deletion HIGH" "wp-ultimate-csv-importer 6.4.1 Subscriber+.Arbitrary.File.Upload CRITICAL" "wp-ultimate-csv-importer 5.6.1 CSRF HIGH" "wp-ultimate-csv-importer 3.8.8 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-ultimate-csv-importer 3.8.1 XSS MEDIUM" "wp-discourse 2.5.2 Missing.Authorization MEDIUM" "wp-hide No.known.fix Unauthenticated.Settings.Update MEDIUM" "wp-simple-firewall 20.0.6 Reflected.XSS HIGH" "wp-simple-firewall 19.1.11 Cross-Site.Request.Forgery MEDIUM" "wp-simple-firewall 18.5.10 Unauthenticated.Local.File.Inclusion CRITICAL" "wp-simple-firewall 18.5.8 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-simple-firewall 17.0.18 Unauthenticated.Stored.XSS HIGH" "wp-simple-firewall 17.0.18 Subscriber+.Arbitrary.Log.Entry.Creation MEDIUM" "wp-simple-firewall 13.0.6 Admin+.Stored.Cross-Site.Scripting LOW" "wats 1.0.64 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "wp-post-page-clone 1.2 Unauthorised.Post.Access MEDIUM" "wp-post-page-clone 1.1 SQL.Injections.due.to.Duplicated.Snippets HIGH" "webcam-2way-videochat 5.2.8 Reflected.Cross-Site.Scripting HIGH" "webcam-2way-videochat 4.41.2 Cross-Site.Scripting.(XSS) MEDIUM" "wp-sliding-logindashboard-panel No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "wp-1-slider 1.3.0 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wm-options-import-export No.known.fix Unauthenticated.Information.Exposure MEDIUM" "wpgt-google-translate No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpgt-google-translate No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpc-smart-upsell-funnel 3.0.5 Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "woozone 14.1.0 Missing.Authorization MEDIUM" "woozone 14.0.31 Unauthenticated.SQL.Injection HIGH" "woozone 14.1.0 Missing.Authorization MEDIUM" "woozone 14.1.0 Reflected.Cross-Site.Scripting HIGH" "woozone No.known.fix Subscriber+.SQL.Injection HIGH" "woozone 14.1.0 Subscriber+.Privilege.Escalation HIGH" "wp-top-news 2.3.7 Reflected.Cross-Site.Scripting MEDIUM" "wp-top-news 2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-bulk-editor 1.1.4.5 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "woo-bulk-editor 1.1.4.2 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "woo-bulk-editor 1.1.4.4 Missing.Authorization MEDIUM" "woo-bulk-editor 1.1.4.3 Reflected.Cross-Site.Scripting MEDIUM" "woo-bulk-editor 1.1.4.1 Authenticated.(Shop.manager+).Stored.Cross-Site.Scripting.via.Plugin.Options MEDIUM" "woo-bulk-editor 1.1.4.1 Missing.Authorization.via.Several.Functions MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.3.2 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wp-phpmyadmin-extension 5.2.0.4 Reflected.Cross-Site.Scripting MEDIUM" "wp-phpmyadmin-extension 5.2.0.4 Admin+.Stored.Cross-Site.Scripting LOW" "wp-bulk-sms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-media-library-categories 2.0.1 Admin+.Stored.XSS LOW" "wp-media-library-categories 2.0.0 Admin+.Stored.XSS LOW" "wp-crontrol 1.16.2 Remote.Code.Execution MEDIUM" "wp-conditional-post-restrictions 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "wp-conditional-post-restrictions 1.2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-openpos 7.0.1 Unauthenticated.SQL.Injection HIGH" "woocommerce-openpos 7.0.2 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "woocommerce-openpos 7.0.1 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "wpzoom-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.box.Shortcode MEDIUM" "wpzoom-shortcodes 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "wp-mail-log 1.1.3 Contributor+.Arbitrary.File.Upload HIGH" "wp-mail-log 1.1.3 WP.Mail.Log.<.1,1,3.–.Incorrect.Authorization.in.REST.API.Endpoints LOW" "wp-mail-log 1.1.3 WP.Mail.Log.<.1,1,3.–.Contributor+.SQL.Injection.in.wml_logs/send_mail.endpoint MEDIUM" "wp-mail-log 1.1.3 WP.Mail.Log.<.1,1,3.–.Contributor+.Arbitrary.File.Upload.to.RCE CRITICAL" "wp-mail-log 1.1.3 WP.Mail.Log.<.1,1,3.–.Contributor+.SQL.Injection.in.wml_logs.endpoint MEDIUM" "wp-mail-log 1.1.3 WP.Mail.Log.<.1,1,3.–.Contributor+.LFI.in.wml_logs/send_mail.endpoint MEDIUM" "wp-mail-log 1.1.3 Editor+.SQL.Injection.via.id HIGH" "wp-mail-log 1.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-mail-log 1.1.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "woo-country-restrictions-advanced 1.14.3 Reflected.Cross-Site.Scripting MEDIUM" "woo-country-restrictions-advanced 1.13.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-translitera No.known.fix Settings.Update.via.CSRF MEDIUM" "woocommerce-catalog-enquiry 5.0.6 Cross-Site.Request.Forgery.via.REST.API MEDIUM" "woocommerce-catalog-enquiry 5.0.3 Unauthenticated.Stored.XSS.via.Arbitrary.Setting.Update HIGH" "woocommerce-catalog-enquiry 5.0.3 Unauthenticated.Inquiry.Saving.&.Sensitive.Information.Disclosure MEDIUM" "woocommerce-catalog-enquiry 3.1.0 Arbitrary.File.Upload HIGH" "wp-content-security-policy No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.via.CSP-Report.Fields HIGH" "woozap No.known.fix Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "writer-helper No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wp-sheet-editor-bulk-spreadsheet-editor-for-posts-and-pages 2.25.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-sheet-editor-bulk-spreadsheet-editor-for-posts-and-pages 2.24.13 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-openagenda 1.9.0 Reflected.Cross-Site.Scripting MEDIUM" "wpspx No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "wpforms-user-registration 2.1.2 Missing.Authorization.to.Authenticated.(Contributor+).Privilege.Escalation HIGH" "wedevs-project-manager 2.6.23 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "wedevs-project-manager 2.6.23 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "wedevs-project-manager No.known.fix Cross-Site.Request.Forgery MEDIUM" "wedevs-project-manager 2.6.18 Authenticated.(Subscriber+).SQL.Injection.via.orderby.Parameter MEDIUM" "wedevs-project-manager 2.6.18 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Arbitrary.Options.Update MEDIUM" "wedevs-project-manager 2.6.23 Admin+.Stored.XSS LOW" "wedevs-project-manager 2.6.17 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "wedevs-project-manager 2.6.16 Authenticated.(Subscriber+).Sensitive.Information.Exposure.via.Project.Task.List.REST.API MEDIUM" "wedevs-project-manager No.known.fix Authenticated.(Project.Manager+).SQL.Injection MEDIUM" "wedevs-project-manager 2.6.15 Missing.Authorization.to.Project.Milestone.and.Task.Creation/Deletion MEDIUM" "wedevs-project-manager 2.6.14 Insecure.Direct.Object.Reference.to.Unauthenticated.Authorization.Bypass HIGH" "wedevs-project-manager 2.6.9 Subscriber+.Stored.XSS HIGH" "wedevs-project-manager 2.6.8 Missing.Authorization MEDIUM" "wedevs-project-manager 2.6.1 Subscriber+.SQLi HIGH" "wedevs-project-manager 2.6.5 Subscriber+.Privilege.Escalation HIGH" "wedevs-project-manager 2.4.14 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "wedevs-project-manager 2.4.10 CSRF.Nonce.Bypasses MEDIUM" "wedevs-project-manager 2.4.1 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wedevs-project-manager 2.4.1 Cross-Site.Request.Forgery MEDIUM" "wppageflip No.known.fix index.php.pageflipbook_language.Parameter.Traversal.Local.File.Inclusion CRITICAL" "wc-ciudades-y-regiones-de-chile No.known.fix Cross-Site.Request.Forgery.via.multiple.functions MEDIUM" "woocommerce-abandon-cart-pro 9.17.0 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wp-mediatagger No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-mediatagger No.known.fix Reflected.XSS HIGH" "wp-directorybox-manager No.known.fix Authentication.Bypass CRITICAL" "wp-directorybox-manager No.known.fix Authentication.Bypass CRITICAL" "wp-relevant-ads No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-relevant-ads No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-relevant-ads No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-splashing-images 2.1.1 Authenticated.PHP.Object.Injection HIGH" "wp-splashing-images 2.1.1 Cross-Site.Scripting.(XSS) MEDIUM" "wordapp No.known.fix Missing.Authorization MEDIUM" "wordapp No.known.fix Authorization.Bypass.via.Insufficiently.Unique.Cryptographic.Signature CRITICAL" "woocommerce-orders-customers-exporter No.known.fix Authenticated.(Subscriber+).Information.Exposure MEDIUM" "wp-propagator No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-membership 1.6.3 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-membership 1.5.7 Subscriber+.Privilege.Escalation CRITICAL" "wp-membership No.known.fix Multiple.Vulnerabilities MEDIUM" "wp-vertical-image-slider 1.2.17 .Reflected.XSS HIGH" "wp-vertical-image-slider 1.2.17 Reflected.Cross-Site.Scripting MEDIUM" "wp-vertical-image-slider 1.2 Cross-Site.Scripting.&.CSRF CRITICAL" "wpdm-gutenberg-blocks 2.1.9 Contributor+.XSS MEDIUM" "wp-projects-portfolio No.known.fix Stored.XSS.via.CSRF HIGH" "wp-projects-portfolio No.known.fix Reflected.XSS HIGH" "wpheka-request-for-quote 1.3 CSRF.Bypass MEDIUM" "woocommerce-simple-registration 1.5.7 Unauthenticated.Privilege.Escalation CRITICAL" "wp-users-exporter No.known.fix CSV.Injection MEDIUM" "woocommerce-payplug No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-payplug No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-tradingview No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-gateway-nab-dp 2.1.2 NAB.Transact.<.2.1.2.-.Payment.Bypass HIGH" "wiki-embed 1.4.7 Cross-Site.Request.Forgery MEDIUM" "wp-lister-amazon 0.9.6.36 jQueryFileTree.-.Unauthenticated.Path.Traversal MEDIUM" "woocommerce-amazon-affiliates-light-version No.known.fix Lite.<=.3.1.-.CSRF MEDIUM" "woocommerce-eu-vat-assistant 2.1.2.230718 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-eu-vat-assistant 2.0.28.220224 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-crowdfunding 2.1.16 Contributor+.Stored.XSS MEDIUM" "wp-crowdfunding 2.1.15 Missing.Authorization.to.Authenticated.(Subscriber+).Post.Content.Download MEDIUM" "wp-crowdfunding 2.1.13 Missing.Authorization.to.Authenticated.(Subscriber+).WooCommerce.Installation MEDIUM" "wp-crowdfunding 2.1.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-crowdfunding 2.1.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpcf_donate.Shortcode MEDIUM" "wp-crowdfunding 2.1.11 Missing.Authorization.to.Authenticated.(Subscriber+).to.Enable/Disable.Addons MEDIUM" "wp-crowdfunding 2.1.10 Admin+.Stored.XSS LOW" "wp-crowdfunding 2.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-crowdfunding 2.1.9 Reflected.XSS HIGH" "wp-crowdfunding 2.1.8 Admin+.Stored.XSS LOW" "wp-crowdfunding 2.1.7 Reflected.XSS HIGH" "wp-crowdfunding 2.1.6 Cross-Site.Request.Forgery MEDIUM" "wp-crowdfunding 2.1.5 Missing.Authorization.via.settings_reset MEDIUM" "wp-rest-filter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-rest-filter No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "widgets-for-sourceforge-reviews 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "wp-smart-preloader 1.15.1 Admin+.Stored.XSS LOW" "wp-review No.known.fix Authenticated.(Contributor+).Local.File.Inclusion.via.Post.Custom.Fields HIGH" "wp-prayers-request No.known.fix Email.Settings.Update.via.CSRF MEDIUM" "wp-prayers-request No.known.fix Settings.Update.via.CSRF MEDIUM" "woo-swatches-manager No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-security-audit-log 5.3.3 Authenticated.(Admin+).PHP.Object.Injection MEDIUM" "wp-security-audit-log 5.3.0 Unauthenticated.Stored.XSS HIGH" "wp-security-audit-log 5.2.2 Unauthenticated.Stored.Cross-Site.Scripting.via.User_id.Parameter HIGH" "wp-security-audit-log 4.6.2 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "wp-security-audit-log 4.4.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-security-audit-log 4.5.2 Subscriber+.Information.Leak MEDIUM" "wp-security-audit-log 4.4.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-security-audit-log 4.1.5 SQL.Injection.in.External.Database.Module HIGH" "wp-security-audit-log 4.0.2 Broken.Access.Control.in.First-Time.Install.Wizard CRITICAL" "wp-security-audit-log 3.3.1.2 Subscriber+.Arbitrary.Option.Update MEDIUM" "wp-jobhunt No.known.fix Unauthenticated.Insecure.Direct.Object.Reference HIGH" "wp-jobhunt No.known.fix Unauthenticated.Privilege.Escalation.via.Email.Update/Account.Takeover CRITICAL" "wp-jobhunt No.known.fix Authentication.Bypass CRITICAL" "wp-jobhunt No.known.fix Unauthenticated.Privilege.Escalation.via.Password.Reset/Account.Takeover CRITICAL" "wp-jobhunt No.known.fix Authentication.Bypass.to.Candidate HIGH" "wp-jobhunt 2.4 User.enumeration.&.Reset.password CRITICAL" "woo-product-tables 2.1.5 Reflected.Cross-Site.Scripting MEDIUM" "woo-product-tables 2.1.3 Unuthenticated.SQL.Injection HIGH" "woo-product-tables 2.0.2 Unauthenticated.Remote.Code.Execution CRITICAL" "woo-product-tables 1.8.7 Cross-Site.Request.Forgery.via.saveGroup MEDIUM" "woocommerce-custom-product-tabs-lite 1.9.1 Authenticated.(Shop.Manager+).PHP.Object.Injection HIGH" "wptools-masonry-gallery-posts-for-divi 3.5.1 Reflected.Cross-Site.Scripting MEDIUM" "wptools-masonry-gallery-posts-for-divi 3.1.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wizshop No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "wp-text-expander No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "wp-socializer 7.3 Admin+.Stored.Cross-Site.Scripting LOW" "wp-forms-puzzle-captcha No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "wp-forms-puzzle-captcha No.known.fix Captcha.Bypass MEDIUM" "wp-forms-puzzle-captcha No.known.fix CSRF MEDIUM" "woo-bulk-edit-products 1.8.3 Reflected.Cross-Site.Scripting MEDIUM" "woo-bulk-edit-products 1.7.13 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-google-adwords-conversion-tracking-tag 1.49.1 Authenticated.(Contributor+).Cross-Site.Scripting.via.Shortcode MEDIUM" "woocommerce-google-adwords-conversion-tracking-tag 1.43.4 Use.of.Polyfill.io MEDIUM" "woocommerce-google-adwords-conversion-tracking-tag 1.32.3 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-google-adwords-conversion-tracking-tag 1.14.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-smart-tool-tip No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wc-vendors 2.5.7 Authenticated.(Administrator+).SQL.Injection MEDIUM" "wc-vendors 2.4.7.1 Authenticated.(Shop.manager+).SQL.Injection.via.search.dates HIGH" "wc-vendors 2.4.5 Contributor+.Stored.XSS MEDIUM" "whizz 1.1.1 Cross-Site.Request.Forgery.(CSRF) HIGH" "whizz 1.0.8 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-login-with-ajax No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-load-gallery No.known.fix Authenticated.(Author+).Arbitrary.File.Upload HIGH" "wplyrics No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-hrm-lite-human-resource-management-system No.known.fix Unauthenticated.SQL.Injection HIGH" "wp-dtree-30 No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-dtree-30 No.known.fix Reflected.XSS HIGH" "wp-dtree-30 No.known.fix Admin+.Stored.XSS LOW" "wp-sheet-editor-edd-downloads 1.0.61 Reflected.Cross-Site.Scripting MEDIUM" "wp-sheet-editor-edd-downloads 1.0.49 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-product-variation-gallery 2.3.4 Reflected.Cross-Site.Scripting HIGH" "wp-database-admin No.known.fix Unauthenticated.SQL.Injection HIGH" "wp-revive-adserver No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-revive-adserver No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-table-builder 2.0.7 Cross-Site.Request.Forgery MEDIUM" "wp-table-builder 2.0.6 Reflected.Cross-Site.Scripting HIGH" "wp-table-builder 1.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-table-builder 1.6.0 Admin+.Stored.XSS LOW" "wp-table-builder 1.4.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-table-builder 1.4.10 Reflected.Cross-Site.Scripting MEDIUM" "wp-table-builder 1.4.7 Admin+.Stored.XSS MEDIUM" "wp-table-builder 1.3.16 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-table-builder 1.3.10 Reflected.Cross-Site.Scripting HIGH" "wp-last-modified-info 1.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.lmt-post-modified-info.Shortcode MEDIUM" "wired-impact-volunteer-management 2.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-menu-image 2.3 Unauthenticated.Menu.Image.Deletion MEDIUM" "wp-menu-image 2.3 Missing.Authorization.to.Unauthenticated.Menu.Image.Deletion MEDIUM" "wp-experiments-free No.known.fix Missing.Authorization MEDIUM" "wp-experiments-free No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-experiments-free 9.0.1 Unauthenticated.SQLi HIGH" "wp-biographia No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-abandoned-cart 5.16.2 Multiple.CSRF MEDIUM" "woocommerce-abandoned-cart 5.16.2 Missing.Authorization.via.multiple.AJAX.functions MEDIUM" "woocommerce-abandoned-cart 5.16.1 Improper.Authorization.via.wcal_delete_expired_used_coupon_code LOW" "woocommerce-abandoned-cart 5.16.1 Improper.Authorization.via.wcal_preview_emails LOW" "woocommerce-abandoned-cart 5.16.0 Admin+.Stored.XSS LOW" "woocommerce-abandoned-cart 5.15.0 Authentication.Bypass CRITICAL" "woocommerce-abandoned-cart 5.8.6 CSRF.Nonce.Bypasses MEDIUM" "woocommerce-abandoned-cart 5.8.3 Unauthenticated.SQL.Injection CRITICAL" "woocommerce-abandoned-cart 5.2.0 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "woocommerce-abandoned-cart 1.9 Authenticated.Blind.SQL.Injection CRITICAL" "wp-image-zoooom 1.47 Local.File.Inclusion MEDIUM" "wp-file-download 6.2.6 Reflected.XSS HIGH" "wibiya No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "woocommerce-follow-up-emails 4.9.50 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "woocommerce-follow-up-emails 4.9.50 Unauthenticated.Reflected.XSS HIGH" "wp-backitup No.known.fix Cross-Site.Request.Forgery.to.Backup.Trigger MEDIUM" "wp-backitup No.known.fix Missing.Authorization MEDIUM" "wp-backitup No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-backitup No.known.fix Missing.Authorization MEDIUM" "wp-backitup 1.50 Unauthenticated.Sensitive.Data.Exposure HIGH" "wp-discord-post No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "webapp-builder No.known.fix Unauthenticated.File.Upload CRITICAL" "woocommerce-multiple-customer-addresses 21.7 Arbitrary.Address.Creation/Deletion/Access/Update.via.IDOR HIGH" "wp-automatic-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-intercom-slack No.known.fix Slack.Access.Token.Disclosure HIGH" "woorewards 5.3.1 Missing.Authorization MEDIUM" "wp-google-maps 9.0.41 Cross-Site.Request.Forgery MEDIUM" "wp-google-maps 9.0.39 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-google-maps 9.0.37 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-google-maps 9.0.30 Reflected.Cross-Site.Scripting HIGH" "wp-google-maps 9.0.35 Information.Exposure.to.Potential.Denial.of.Service MEDIUM" "wp-google-maps 9.0.33 Admin+.Stored.Cross-Site.Scripting MEDIUM" "wp-google-maps 9.0.33 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-google-maps 9.0.29 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "wp-google-maps 9.0.28 Unauthenticated.Stored.XSS HIGH" "wp-google-maps 9.0.16 Admin+.Path.Traversal LOW" "wp-google-maps 8.1.13 Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "wp-google-maps 8.1.12 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-google-maps 7.11.35 CSRF.to.Stored.XSS MEDIUM" "wp-google-maps 7.11.28 Admin.Settings.CSRF CRITICAL" "wp-google-maps 7.11.18 Unauthenticated.SQL.Injection MEDIUM" "wp-social-bookmarking-light No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wp-social-bookmarking-light 1.7.10 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-map No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wp-headers-and-footers 3.1.2 Arbitrary.Options.Update.via.CSRF HIGH" "welcome-popup No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-fevents-book No.known.fix Subscriber+.Stored.XSS HIGH" "wp-fevents-book No.known.fix Subscriber+.Arbitrary.Booking.Manipulation.via.IDOR MEDIUM" "woo-vipps 1.14.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-megamenu No.known.fix Authenticated.(Administrator+).PHP.Object.Injection HIGH" "wp-megamenu 1.4.0 Unauthenticated.Arbitrary.Post.Access HIGH" "wp-megamenu 1.4.1 Subscriber+.Arbitrary.Post.Access MEDIUM" "wp-megamenu 1.4.1 Reflected.Cross-Site.Scripting MEDIUM" "woo-thank-you-page-nextmove-lite 2.20.0 Missing.Authorization.to.Authenticated.(Subscriber+).Deactivation.Reason.Submission MEDIUM" "woo-thank-you-page-nextmove-lite 2.18.2 Cross-Site.Request.Forgery MEDIUM" "woo-thank-you-page-nextmove-lite 2.18.1 Missing.Authorization.to.Unauthenticated.System.Information.Disclosure MEDIUM" "woo-thank-you-page-nextmove-lite 2.18.0 Subscriber+.Arbitrary.Plugin.Installation/Activation HIGH" "wp-radio No.known.fix Missing.Authorization.via.multiple.AJAX.actions MEDIUM" "wp-radio No.known.fix Authenticated(Subscriber+).Stored.Cross-Site.Scripting.via.Settings MEDIUM" "wp-radio No.known.fix CSRF MEDIUM" "wp-radio No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-radio 3.1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wolfnet-idx-for-wordpress No.known.fix Admin+.Stored.XSS LOW" "wp-stats 2.52 CSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "woo-producttables-pro No.known.fix Unauthenticated.SQL.Injection HIGH" "woo-producttables-pro 1.9.5 Unauthenticated.Arbitrary.SQL.Execution CRITICAL" "wc4bp 3.4.25 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Settings.Update MEDIUM" "wc4bp 3.4.26 Cross-Site.Request.Forgery.to.Limited.Settings.Update MEDIUM" "wc4bp 3.4.20 Missing.Authorization MEDIUM" "wc4bp 3.4.21 Authenticated.(Subscriber+).PHP.Object.Injection.in.get_simple_request HIGH" "wc4bp 3.4.16 Reflected.Cross-Site.Scripting MEDIUM" "wc4bp 3.4.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wc4bp 3.2.6 Subscriber+.Arbitrary.Option.Update CRITICAL" "woo-permalink-manager 2.3.11 Unauthenticated.Local.File.Inclusion CRITICAL" "woo-permalink-manager 2.3.9 Reflected.Cross-Site.Scripting MEDIUM" "woo-permalink-manager 2.3.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-facebook-messenger No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-mathjax-plus No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-user-frontend-pro 4.1.4 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "wp-user-frontend-pro 4.1.4 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wp-stripe-checkout 1.2.2.42 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-stripe-checkout 1.2.2.38 Sensitive.Information.Exposure.via.Debug.Log HIGH" "wp-stripe-checkout 1.2.2.21 Contributor+.Stored.XSS MEDIUM" "wp-cookie-consent No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-mis-report No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "weixin-robot-advanced No.known.fix Reflected.XSS HIGH" "wp-blog-post-layouts 1.1.4 Authenticated.(Contributor+).Local.File.Inlcusion HIGH" "wp-cerber 9.5 IP.Protection.Bypass MEDIUM" "wp-cerber 9.2 Unauthenticated.Stored.XSS HIGH" "wp-cerber 9.3.3 User.Enumeration.Bypass.via.Rest.API LOW" "wp-cerber 9.1 Username.Enumeration.Bypass MEDIUM" "wp-cerber 8.9.6 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-cerber 8.9.3 2FA.Authentication.Bypass MEDIUM" "wp-cerber 8.9.3 Rest-API.Protection.Bypass MEDIUM" "wp-cerber 2.7 Unauthenticated.Stored.XSS MEDIUM" "wp-scrive 1.2.4 Reflected.Cross-Site.Scripting MEDIUM" "wp-scrive 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-time-capsule 1.22.24 Reflected.Cross-Site.Scripting MEDIUM" "wp-time-capsule 1.22.22 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-time-capsule 1.22.22 Authenticated.(Administrator+).PHP.Object.Injection HIGH" "wp-time-capsule 1.22.22 Authenticated.(Contributor+).SQL.Injection MEDIUM" "wp-time-capsule 1.22.21 Authentication.Bypass.to.Account.Takeover CRITICAL" "wp-time-capsule 1.22.7 Reflected.Cross-Site.Scripting HIGH" "wp-time-capsule 1.21.16 Authentication.Bypass CRITICAL" "wpm-news-api No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wpdb-to-sql No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "wp-dashboard-notes 1.0.12 Subscriber+.Stored.XSS HIGH" "wp-dashboard-notes 1.0.11 Contributor+.Arbitrary.Private.Notes.Update.via.IDOR LOW" "wp-dashboard-notes 1.0.11 Unauthorised.Deletion.of.Private.Notes LOW" "wp-filter-post-categories No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-last-modified No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-ecommerce-paypal 2.0.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-ecommerce-paypal 1.9.1 Unauthenticated.Open.Redirect HIGH" "wp-ecommerce-paypal 1.9 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "wp-ecommerce-paypal 1.8.2 Cross-Site.Request.Forgery MEDIUM" "wp-ecommerce-paypal 1.7.4 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "wp-ecommerce-paypal 1.7.3 CSRF.to.Stored.Cross-Site.Scripting HIGH" "woo-zoho 1.2.4 Reflected.Cross-Site.Scripting HIGH" "webful-simple-grocery-shop No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpdash-notes No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "wp-mpdf 3.8 Reflected.Cross-Site.Scripting MEDIUM" "wp-mpdf 3.5.2 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "wp-munich-blocks 0.10.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-munich-blocks 0.11.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-munich-blocks 0.7.3 Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-advanced-search No.known.fix Authenticated.(Admin+).Arbitrary.File.Upload HIGH" "wp-advanced-search 3.3.9.3 Admin+.Stored.XSS LOW" "wp-advanced-search 3.3.9.2 Unauthenticated.SQL.Injection HIGH" "wp-advanced-search 3.3.9 Settings.Update.via.CSRF MEDIUM" "wp-advanced-search 3.3.7 Authenticated.SQL.Injection HIGH" "wpmbytplayer No.known.fix Missing.Authorization MEDIUM" "wp-icommerce No.known.fix Authenticated.(contributor+).SQL.Injection HIGH" "wp-change-email-sender 2.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-eventpress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-inject No.known.fix Admin+.Stored.XSS LOW" "wp-inject 1.16 Stored.XSS.&.CSRF HIGH" "wc-place-order-without-payment 2.6.8 Unauthenticated.Local.File.Inclusion CRITICAL" "wc-place-order-without-payment 2.5 Reflected.Cross-Site.Scripting MEDIUM" "wc-place-order-without-payment 2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wordpress-theme-demo-bar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "webtexttool 3.6.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "webtexttool 3.6.2 Missing.Authorization MEDIUM" "wp-spid-italia 2.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-spid-italia 2.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-spid-italia 2.3.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-piwik 1.0.29 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-piwik 1.0.28 Admin+.Stored.XSS LOW" "wp-piwik 1.0.27 Plugin.Settings.Reset.via.CSRF MEDIUM" "wp-piwik 1.0.10 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-poll No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.via.form_data.Parameter HIGH" "wp-poll 3.3.78 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-poll 3.3.77 Information.Exposure MEDIUM" "wp-events-manager 2.2.0 Authenticated.(Subscriber+).Time-Based.SQL.Injection HIGH" "wordpress-popup 7.8.6 Missing.Authorization.to.Unauthorized.Form.Submission MEDIUM" "wordpress-popup 7.8.6 Missing.Authorization.to.Unpublished.Form.Exposure MEDIUM" "wordpress-popup 7.8.5 Admin+.Stored.XSS LOW" "wordpress-popup 6.0.8.1 Unauthenticated.CSV.Injection HIGH" "wc-customer-source 1.3.2 Authenticated.(Shop.Manager+).Stored.Cross-Site.Scripting MEDIUM" "woc-order-alert 3.2.2 Unauthenticated.SQLi HIGH" "wp-cyr-cho No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-google-tag-manager No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wwm-social-share-on-image-hover No.known.fix Admin+.Stored.XSS LOW" "wp-show-posts 1.1.6 Improper.Authorization.to.Information.Exposure MEDIUM" "wp-show-posts 1.1.5 Information.Exposure MEDIUM" "wp-show-posts 1.1.4 Contributor+.Stored.XSS MEDIUM" "wp-freemind No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-gratify No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "weaver-for-bbpress 1.7.1 Reflected.Cross-Site.Scripting.via._wpnonce.Parameter MEDIUM" "wd-image-magnifier-xoss No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woo-exfood 3.3.3 Restaurant.Menu.&.Food.ordering.<.3.3.3.-.Unauthenticated.Arbitrary.Shortcode.Execution.via.ids HIGH" "wp-agenda No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-magazine-modules-lite 1.1.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-bitly No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "wp-bitly 2.7.3 Missing.Authorization MEDIUM" "wp-bitly 2.7.2 Contributor+.Stored.XSS MEDIUM" "woo-addon-uploads 1.7.2 Unauthenticated.Sensitive.Information.Exposure.Through.Unprotected.Directory HIGH" "wp-discord-invite No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-discord-invite 2.5.2 Admin+.Stored.Cross.Site.Scripting LOW" "wp-discord-invite 2.5.1 Arbitrary.Settings.Update.via.CSRF HIGH" "wp-discord-invite 2.5.1 Reflected.Cross-Site.Scripting.via.webhook MEDIUM" "windsor-strava-club No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpeform-lite 1.6.5 Reflected.Cross-Site.Scripting MEDIUM" "wpeform-lite 1.6.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-charts No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-finance No.known.fix Stored.XSS.via.CSRF HIGH" "wp-finance No.known.fix Reflected.XSS HIGH" "word-balloon 4.22.0 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "word-balloon 4.20.3 Avatar.Removal.via.CSRF MEDIUM" "word-balloon 4.19.3 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "webinar-ignition 3.06.0 Cross-Site.Request.Forgery MEDIUM" "webinar-ignition 3.05.1 Unauthenticated.SQL.Injection CRITICAL" "webinar-ignition 3.05.1 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "webinar-ignition 3.05.1 Missing.Authorization.to.Unauthenticated.Privilege.Escalation CRITICAL" "webinar-ignition 3.1.2 Reflected.Cross-Site.Scripting MEDIUM" "webinar-ignition 2.14.3 Admin+.Stored.XSS LOW" "webinar-ignition 2.8.12 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-blog-manager-lite 1.1.2 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wonderplugin-pdf-embed 1.7 Contributor+.Stored.XSS MEDIUM" "wp-food-manager 1.0.4 Admin+.Stored.XSS LOW" "wpjam-basic 6.2.1.1 Contributor+.Stored.XSS MEDIUM" "wpsitemap No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-chained-products 2.12.0 Unauthenticated.Arbitrary.Options.Update.to.'no' MEDIUM" "woocommerce-shipping-gateway-per-product 2.3.3 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-shipping-gateway-per-product 2.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-yelp-review-slider 8.2 Authenticated.(Administrator+).SQL.Injection MEDIUM" "wp-yelp-review-slider 7.1 Subscriber+.SQLi HIGH" "woo-nmi-three-step No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-nmi-three-step No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-nmi-three-step No.known.fix CSRF.Bypass MEDIUM" "wp-job-manager 2.3.0 Unauthenticated.Information.Exposure MEDIUM" "wp-job-manager 2.1.0 Unauthenticated.Job.Status.Update MEDIUM" "wp-job-manager 2.1.0 Cross-Site.Request.Forgery MEDIUM" "wp-job-manager 1.31.3 Phar.Deserialization MEDIUM" "wp-job-manager 1.29.3 Unauthenticated.Object.Injection CRITICAL" "wp-job-manager 1.26.2 Unauthenticated.Arbitrary.File.Upload HIGH" "wp-galleria No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "widget-for-eventbrite-api 6.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "widget-for-eventbrite-api 5.3.1 Reflected.Cross-Site.Scripting MEDIUM" "widget-for-eventbrite-api 4.4.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wechat-reward No.known.fix CSRF.to.Stored.Cross-Site.Scripting HIGH" "wp-joomag No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woo-checkout-regsiter-field-editor 2.1.9 Cross-Site.Request.Forgery MEDIUM" "wp-mapa-politico-spain 3.8.1 Cross-Site.Request.Forgery MEDIUM" "wp-mapa-politico-spain 3.7.0 Authenticated.Stored.Cross-Site.Scripting LOW" "wp-private-media No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-private-media No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-private-media No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "wordapp-mobile-app No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wordapp-mobile-app No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wish-list-for-woocommerce-pro 3.1.3 3.1.2.-.Reflected.Cross-Site.Scripting.via.wtab.Parameter MEDIUM" "wp-ses 1.4.5 Stored.Cross-Site.Scripting.(XSS) HIGH" "woocommerce-ultimate-gift-card No.known.fix Create,.Sell.and.Manage.Gift.Cards.with.Customized.Email.Templates.<=.2.8.10.-.Unauthenticated.SQL.Injection HIGH" "woocommerce-ultimate-gift-card No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "woocommerce-ultimate-gift-card 2.9.1 Create,.Sell.and.Manage.Gift.Cards.with.Customized.Email.Templates.<.2.9.1.-.Reflected.Cross-Site.Scripting MEDIUM" "wp-page-post-widget-clone No.known.fix Missing.Authorization MEDIUM" "weather-effect 1.3.6 Admin+.Stored.Cross-Site.Scripting LOW" "weather-effect 1.3.4 CSRF.to.Stored.Cross-Site.Scripting HIGH" "wooexim No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "wooexim No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "wooexim No.known.fix CSRF.to.Reflected.XSS MEDIUM" "wp-knowledgebase No.known.fix CSRF MEDIUM" "wp-social-seo-booster No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-mailto-links 3.1.4 Contributor+.Stored.XSS MEDIUM" "workscout-core 1.3.4 Authenticated.Stored.XSS.&.XFS HIGH" "wp-sitemap-page 1.7.0 Admin+.Stored.Cross.Site.Scripting LOW" "wp-share-buttons-analytics-by-getsocial No.known.fix Missing.Authorization MEDIUM" "wp-share-buttons-analytics-by-getsocial 4.4 Admin+.Stored.XSS LOW" "woo-quick-reports No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-quick-reports No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wishlist-and-compare 1.0.5 Unauthorised.AJAX.call HIGH" "wetterwarner 2.8 Admin+.Stored.XSS LOW" "wp-woocommerce-quickbooks 1.3.2 Cross-Site.Request.Forgery MEDIUM" "wp-woocommerce-quickbooks 1.1.9 Reflected.Cross-Site.Scripting HIGH" "white-label-branding-elementor No.known.fix Admin+.Stored.XSS LOW" "web-invoice No.known.fix Authenticated.SQLi HIGH" "web-invoice No.known.fix Authenticated.SQLi HIGH" "world-prayer-time No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "wp-admin-style No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "woocommerce-admin 2.6.4 Analytics.Report.Leaks MEDIUM" "woo-smart-wishlist 4.7.2 Add/Remove.Wishlist.Items.via.CSRF MEDIUM" "woo-smart-wishlist 2.9.9 Reflected.Cross-Site.Scripting MEDIUM" "woo-smart-wishlist 2.9.4 Reflected.Cross-Site.Scripting MEDIUM" "woo-parcel-pro 1.9.0 Reflected.Cross-Site.Scripting MEDIUM" "woo-parcel-pro 1.6.12 Cross-Site.Request.Forgery MEDIUM" "woo-parcel-pro 1.6.12 Open.Redirect MEDIUM" "wp-scheduled-posts 5.1.4 Unauthenticated.Full.Path.Disclosure MEDIUM" "wp-scheduled-posts 5.0.9 Missing.Authorization MEDIUM" "wp-scheduled-posts 5.0.5 Contributor+.Arbitrary.Post.Update/Deletion LOW" "woocommerce-checkout-field-editor-pro 3.6.3 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "wp-testimonials No.known.fix Authenticated.SQL.Injection HIGH" "wp-media-optimizer-webp No.known.fix Reflected.Cross-Site.Scripting.via.wpmowebp-css-resources.and.wpmowebp-js-resources.Parameters MEDIUM" "woocommerce-role-pricing No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-floating-menu 1.4.5 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wp-floating-menu 1.4.1 Authenticated.Reflected.Cross-Site.Scripting CRITICAL" "wpaudio-mp3-player No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-ultimate-search No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-database-error-manager No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-dev-powers-display-screen-dimensions-to-admin No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-podcasts-manager No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-broken-images No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-showhide 1.05 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-manutencao 1.0.7 IP.Spoofing.to.Maintenance.Mode.Bypass MEDIUM" "wp-identicon No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wordpress-gallery No.known.fix "load".Remote.File.Inclusion CRITICAL" "woo-bulk-price-update 2.2.2 Reflected.XSS HIGH" "wp-header-notification No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wow-carousel-for-divi-lite 2.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Carousel.and.Logo.Carousel.Widgets MEDIUM" "wow-carousel-for-divi-lite 1.2.12 Reflected.Cross-Site.Scripting MEDIUM" "wp-prayer No.known.fix Arbitrary.Prayer.Deletion.via.CSRF MEDIUM" "wp-prayer No.known.fix Email.Settings.Update.via.CSRF MEDIUM" "wp-prayer No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-prayer 1.9.7 Admin+.Stored.XSS LOW" "wp-prayer 1.5.5 Unauthorised.AJAX.call.via.CSRF MEDIUM" "wp-prayer 1.6.7 Arbitrary.Plugin.Settings.Update.via.CSRF MEDIUM" "wp-prayer 1.6.6 Cross-Site.Request.Forgery MEDIUM" "wp-prayer 1.6.2 Authenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "wp-bibtex No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-bibtex 3.0.2 Cross-Site.Request.Forgery.to.Stored.and.Reflected.Cross-Site.Scripting MEDIUM" "wp-responsive-testimonials-slider-and-widget No.known.fix Contributor+.Stored.XSS MEDIUM" "wpglobus 1.9.7 Stored.XSS.&.CSRF HIGH" "wr-price-list-for-woocommerce No.known.fix Missing.Authorization.to.Arbitrary.Content.Deletion MEDIUM" "wr-price-list-for-woocommerce No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wpsyncsheets-wpforms 1.6.1 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Reset MEDIUM" "wp-no-bot-question No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-photo-text-slider-50 No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-photo-text-slider-50 8.1 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "wp-spreadplugin No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-syntax No.known.fix Author+.Potential.ReDoS LOW" "woocommerce-2checkout-payment No.known.fix Missing.Authorization.via.sniff_ins MEDIUM" "wordfence 7.6.1 Admin+.Stored.Cross-Site.Scripting LOW" "wordfence 7.1.14 Username.Enumeration.Prevention.Bypass MEDIUM" "wordfence 5.1.5 Cross-Site.Scripting.(XSS) MEDIUM" "wp-realestate-manager No.known.fix Authentication.Bypass CRITICAL" "wp-jobs 1.7 XSS MEDIUM" "wp-jobs 1.5 Authenticated.SQL.Injection HIGH" "wp-nssuser-register No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "wphobby-demo-import No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-next-post-navi No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-ad-management No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-planification No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-blackcheck No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-memory 2.46 Subscriber+.Arbitrary.Plugin.Installation HIGH" "wp-limits No.known.fix Plugin's.Settings.Update.via.CSRF MEDIUM" "wp-born-babies No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "web-directory-free 1.7.9 Reflected.Cross-Site.Scripting MEDIUM" "web-directory-free 1.7.8 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "web-directory-free 1.7.7 Unauthenticated.SQL.Injection HIGH" "web-directory-free 1.7.4 Reflected.Cross-Site.Scripting MEDIUM" "web-directory-free 1.7.3 Unauthenticated.LFI HIGH" "web-directory-free 1.7.2 Reflected.XSS HIGH" "web-directory-free 1.7.0 Unauthenticated.SQL.Injection HIGH" "wp-awesome-faq No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-awesome-faq 4.1.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpfrom-email 1.8.9 Admin+.Stored.XSS LOW" "wp-social-bookmarking No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-page-duplicator No.known.fix Missing.Authorization.to.Unauthenticated.Post/Page.Duplication MEDIUM" "wp-posts-carousel 1.3.13 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "wp-posts-carousel 1.3.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-posts-carousel 1.3.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-posts-carousel 1.3.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-posts-carousel 1.3.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.auto_play_timeout.Parameter MEDIUM" "woo-aliexpress-dropshipping 2.1.2 Unauthenticated.Arbitrary.Content.Deletion MEDIUM" "woo-aliexpress-dropshipping No.known.fix Missing.Authorization MEDIUM" "wp-custom-field-for-gutenberg-editor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-custom-field-for-gutenberg-editor No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpb-advanced-faq No.known.fix Contributor+.Stored.XSS MEDIUM" "wc-checkout-getnet 1.8.0 Reflected.Cross-Site.Scripting MEDIUM" "wc-checkout-getnet 1.8.1 Reflected.XSS MEDIUM" "wc-checkout-getnet 1.8.1 Admin+.Stored.XSS LOW" "xml-sitemaps-for-videos No.known.fix CSRF MEDIUM" "xola-bookings-for-tours-activities No.known.fix Missing.Authorization MEDIUM" "xo-event-calendar 2.3.7 Reflected.Cross-Site.Scripting HIGH" "xml-sitemap-feed 5.4.9 Unauthenticated.Local.File.Inclusion HIGH" "xtremelocator No.known.fix Xtreme.Locator.Dealer.Locator.Plugin.1,5.–.Authenticated.SQL.Injection HIGH" "xavins-list-subpages No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "xpro-elementor-addons 1.4.11 Contributor+.Stored.XSS MEDIUM" "xpro-elementor-addons 1.4.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'Site.Title'.widget MEDIUM" "xpro-elementor-addons 1.4.6.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "xpro-elementor-addons 1.4.6.3 Authenticated.(Contributor+).Post.Disclosure.via.Post.Duplication MEDIUM" "xpro-elementor-addons 1.4.6.6 Contributor+.Stored.XSS MEDIUM" "xpro-elementor-addons 1.4.6.1 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Elementor.Template MEDIUM" "xpro-elementor-addons 1.4.4.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.Grid.Widget MEDIUM" "xpro-elementor-addons 1.4.4.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "xpro-elementor-addons 1.4.3.2 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "xpro-elementor-addons 1.4.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "xpro-elementor-addons 1.4.3.1 Authenticated.(Admin+).Cross.Site.Scripting MEDIUM" "xpro-elementor-addons 1.4.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "xcloner-backup-and-restore 4.7.4 Unauthenticated.Full.Path.Disclosure MEDIUM" "xcloner-backup-and-restore 4.3.6 Plugin.Settings.Reset MEDIUM" "xcloner-backup-and-restore 4.2.13 4.2.12.-.Unprotected.AJAX.Action CRITICAL" "xcloner-backup-and-restore 4.2.153 Cross-Site.Request.Forgery CRITICAL" "xcloner-backup-and-restore 3.1.5 Backup.and.Restore.<.3.1.5.-.Authenticated.Path.Traversal MEDIUM" "xcloner-backup-and-restore 3.1.3 Backup.and.Restore.3.1.2.-.XSS.&.Command.Execution MEDIUM" "xcloner-backup-and-restore 3.1.2 Backup.and.Restore.<.3.1.2.-.Multiple.Vulnerabilities.(RCE.&.LFI) HIGH" "xcloner-backup-and-restore 3.1.1 Backup.and.Restore.<.3.1.1.-.Multiple.Actions.CSRF HIGH" "x-forms-express No.known.fix Stored.Cross-Site.Scripting.(XSS) MEDIUM" "xagio-seo 7.1.0.17 Unauthenticated.Stored.Cross-Site.Scripting.via.'HTTP_REFERER' HIGH" "xagio-seo 7.0.0.21 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "xt-woo-ajax-add-to-cart 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "xt-woo-ajax-add-to-cart 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "xt-woo-ajax-add-to-cart 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "xt-woo-points-rewards 1.6.6 Reflected.Cross-Site.Scripting MEDIUM" "xt-woo-points-rewards 1.4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "xpd-reduce-image-filesize No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "xelion-webchat 9.2.0 Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "xelion-webchat 9.2.0 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "xili-language 2.21.3 Reflected.Cross-Site.Scripting MEDIUM" "xpresslane-integration-for-woocommerce No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "xlsx-viewer No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "xt-facebook-events 1.1.8 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "x-addons-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "xavins-review-ratings No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "xc-woo-google-cloud-print No.known.fix Insecure.Direct.Object.Reference.to.Authenticated.(Subscriber+).Order.Information.Disclosure MEDIUM" "xllentech-english-islamic-calendar 2.6.8 Authenticated.SQL.Injection MEDIUM" "xt-woo-quick-view-lite 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "xt-woo-quick-view-lite 1.9.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "xml-for-google-merchant-center 3.0.12 Reflected.Cross-Site.Scripting MEDIUM" "xml-for-google-merchant-center 3.0.2 Reflected.XSS HIGH" "xorbin-analog-flash-clock No.known.fix Flash-based.XSS MEDIUM" "xml-multilanguage-sitemap-generator No.known.fix Missing.Authorization MEDIUM" "xpro-elementor-addons-pro 1.4.10 Pro.<.1.4.10.-.Authenticated.(Contributor+).Remote.Code.Execution HIGH" "xl-tab 1.5 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "xl-tab 1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "xpert-tab No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "xv-random-quotes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "xv-random-quotes No.known.fix Unauthenticated.SQL.Injection HIGH" "xv-random-quotes No.known.fix Reflected.XSS HIGH" "xv-random-quotes No.known.fix Settings.Reset.via.CSRF MEDIUM" "xo-security 1.5.3 XSS MEDIUM" "xml-for-avito 2.5.3 Reflected.Cross-Site.Scripting MEDIUM" "xtra-settings No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "xatkit-chatbot-connector 2.1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "xserver-migrator 1.6.2.1 Arbitrary.File.Upload.via.CSRF HIGH" "xili-dictionary 2.12.5.1 Reflected.Cross-Site.Scripting MEDIUM" "xserver-typesquare-webfonts 2.0.8 Missing.Authorization.via.typesquare_admin_init() MEDIUM" "xorbin-digital-flash-clock No.known.fix Flash-based.XSS MEDIUM" "xpro-theme-builder 1.2.8.5 Missing.Authorization MEDIUM" "xisearch-bar No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "xpinner-lite No.known.fix Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "xili-tidy-tags No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "xili-tidy-tags 1.12.05 Reflected.Cross-Site.Scripting MEDIUM" "xili-tidy-tags 1.12.04 Cross-Site.Request.Forgery MEDIUM" "xqueue-maileon 2.16.1 Admin+.Stored.XSS LOW" "xo-liteslider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "xo-liteslider 3.3.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "xt-woo-variation-swatches 1.8.8 Reflected.Cross-Site.Scripting MEDIUM" "xt-woo-variation-swatches 1.8.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "xforwoocommerce No.known.fix Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "xforwoocommerce 1.7.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "xpro-addons-beaver-builder-elementor 1.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "yith-woocommerce-authorizenet-payment-gateway 1.1.13 Subscriber+.Settings.Update MEDIUM" "yandexnews-feed-by-teplitsa No.known.fix Admin+.Stored.XSS LOW" "yogo-booking 1.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "yith-woocommerce-points-and-rewards 1.3.6 Subscriber+.Settings.Update MEDIUM" "yumpu-epaper-publishing 3.0.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "yumpu-epaper-publishing 3.0.0 Missing.Authorization.to.PDF.Upload,.Publishing,.and.API.Key.Modification MEDIUM" "yith-woocommerce-cart-messages 1.4.5 Subscriber+.Settings.Update MEDIUM" "yacp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "yith-custom-login 1.7.4 Reflected.Cross-Site.Scripting MEDIUM" "yith-custom-login 1.7.1 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "yith-color-and-label-variations-for-woocommerce 1.8.13 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-gift-cards-premium 3.20.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "yith-woocommerce-gift-cards-premium 3.3.1 RCE.via.Arbitrary.File.Upload CRITICAL" "yotpo-reviews-for-woocommerce No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "youtube-channel-gallery No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "youtube-playlist-player 4.6.8 Contributor+.Stored.XSS MEDIUM" "youtube-playlist-player 4.6.5 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "yith-desktop-notifications-for-woocommerce 1.2.8 Subscriber+.Settings.Update MEDIUM" "youtube-widget-responsive 1.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "yith-woocommerce-recover-abandoned-cart 1.3.4 Subscriber+.Settings.Update MEDIUM" "yummy-recipes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "youtube-speedload No.known.fix Cross-Site.Request.Forgery MEDIUM" "yith-woocommerce-bulk-product-editing 1.2.15 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-waiting-list 1.3.11 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-compare 2.38.0 Cross-Site.Request.Forgery MEDIUM" "yith-woocommerce-compare 2.20.1 Cross-Site.Scripting.via.shortcode.ajax MEDIUM" "yith-woocommerce-compare 2.3.15 Subscriber+.Settings.Update MEDIUM" "youtube-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "yayextra 1.5.3 Missing.Authorization MEDIUM" "yayextra 1.3.8 Unauthenticated.Arbitrary.File.Upload.via.handle_upload_file.Function CRITICAL" "yds-support-ticket-system No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "yds-support-ticket-system No.known.fix Cross-Site.Request.Forgery MEDIUM" "yatri-tools No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "yatri-tools 1.1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "yith-woocommerce-quick-view 1.21.1 Cross-Site.Scripting.via.shortcode.ajax MEDIUM" "yith-woocommerce-quick-view 1.3.15 Subscriber+.Settings.Update MEDIUM" "your-simple-svg-support 1.0.2 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "yith-woocommerce-order-tracking 2.8.0 Cross-Site.Scripting.via.shortcode.ajax MEDIUM" "yith-woocommerce-order-tracking 1.2.11 Subscriber+.Settings.Update MEDIUM" "ycyclista No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "youtube-video-player 2.6.4 Admin+.Stored.XSS LOW" "youtube-video-player 2.3.9 Contributor+.Stored.XSS MEDIUM" "yith-infinite-scrolling 1.8.0 Cross-Site.Scripting.via.shortcode.ajax MEDIUM" "yith-woocommerce-product-add-ons 4.14.2 Reflected.Cross-Site.Scripting MEDIUM" "yith-woocommerce-product-add-ons 4.13.1 Reflected.Cross-Site.Scripting MEDIUM" "yith-woocommerce-product-add-ons 4.9.3 Unauthenticated.Content.Injection MEDIUM" "yith-woocommerce-product-add-ons 4.6.0 Unuathenticated.Cross-Site.Scripting MEDIUM" "yith-woocommerce-product-add-ons 4.3.1 Authenticated(Shop.Manager+).PHP.Object.Injection MEDIUM" "yith-woocommerce-product-add-ons 4.2.1 Missing.Authorization MEDIUM" "yith-woocommerce-product-add-ons 2.1.0 Authenticated.Local.File.Inclusion MEDIUM" "yith-woocommerce-product-add-ons 2.1.0 Reflected.Cross-Site.Scripting HIGH" "yith-woocommerce-product-add-ons 1.5.23 Subscriber+.Settings.Update MEDIUM" "youtube-showcase 3.4.0 Missing.Authorization.to.Arbitrary.Post/Page.Creation MEDIUM" "youtube-showcase 3.3.6 Settings.Update.via.CSRF MEDIUM" "yoo-slider 2.2.0 Reflected.Cross-Site.Scripting HIGH" "yoo-slider 2.1.0 Arbitrary.Template.Import.via.CSRF MEDIUM" "yoo-slider 2.1.0 Arbitrary.Slider.Creation/Edition.via.CSRF MEDIUM" "yoo-slider 2.1.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "yoo-slider 2.1.0 Arbitrary.Slider.Duplication/Deletion.via.CSRF MEDIUM" "yeemail 2.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "yamaps No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "yamaps 0.6.30 Contributor+.Stored.XSS MEDIUM" "yamaps 0.6.26 Contributor+.Stored.XSS MEDIUM" "yt-player 1.5.3 Reflected.Cross-Site.Scripting MEDIUM" "yt-player 1.5.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "yt-player 1.4 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "yith-woocommerce-wishlist 4.6.0 Contributor+.Stored.XSS.via.id.Parameter MEDIUM" "yith-woocommerce-wishlist 3.33.0 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "yith-woocommerce-wishlist 3.15.0 Cross-Site.Scripting.via.shortcode.ajax MEDIUM" "yith-woocommerce-wishlist 2.2.14 Subscriber+.Settings.Update MEDIUM" "yahoo-boss No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "yatra 2.1.15 Admin+.Stored.XSS LOW" "yuzo-related-post 5.12.94 Unauthenticated.Call.Any.Action.or.Update.Any.Option MEDIUM" "youtube-channel 3.23.0 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "youtube-channel 3.23.0 Admin+.Stored.XSS LOW" "yith-woocommerce-best-sellers 1.1.13 Subscriber+.Settings.Update MEDIUM" "yahoo-media-player No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "youneeq-panel No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "yith-woocommerce-frequently-bought-together 1.2.11 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-stripe 2.0.2 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-questions-and-answers 1.2.0 Subscriber+.Settings.Update MEDIUM" "yt-cookie-nonsense No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "yith-woocommerce-added-to-cart-popup 1.3.13 Subscriber+.Settings.Update MEDIUM" "yame-linkinbio No.known.fix Unauthenticated.Information.Exposure MEDIUM" "youtube-embed 5.4 Admin+.Stored.XSS LOW" "youtube-embed 5.2.2 Contributor+.Stored.XSS MEDIUM" "youtube-embed 3.3.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "yith-woocommerce-gift-cards 4.13.0 Missing.Authorization.to.Unauthenticated.WooCommerce.Settings.Update MEDIUM" "yith-woocommerce-gift-cards 1.3.8 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-multi-step-checkout 1.7.5 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-product-bundles 1.1.17 Subscriber+.Settings.Update MEDIUM" "yith-custom-thank-you-page-for-woocommerce 1.1.8 Subscriber+.Settings.Update MEDIUM" "ymm-search 1.0.12 Cross-Site.Request.Forgery MEDIUM" "youram-youtube-embed No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ymc-states-map No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "yellow-yard 2.8.12 Contributor+.Stored.XSS MEDIUM" "yellow-yard 2.8.12 Reflected.Cross-Site.Scripting HIGH" "yith-product-size-charts-for-woocommerce 1.1.13 Subscriber+.Settings.Update MEDIUM" "yr-activity-link 1.2.4 Contributor+.Stored.XSS MEDIUM" "years-since No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "youzify 1.3.4 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Options.Update.(save_addon_key_license) MEDIUM" "youzify 1.3.5 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Options.Update MEDIUM" "youzify 1.3.3 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Review.Deletion MEDIUM" "youzify 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.youzify_media.Shortcode MEDIUM" "youzify 1.3.1 Subscriber+.Arbitrary.Attachment.Deletion MEDIUM" "youzify 1.2.8 Missing.Authorization MEDIUM" "youzify 1.2.6 Authenticated.(Contributor+).SQL.Injection CRITICAL" "youzify 1.2.6 Authenticated.(Contributor+).SQL.Injection CRITICAL" "youzify 1.2.3 Insecure.Direct.Object.Reference MEDIUM" "youzify 1.2.2 Contributor+.Stored.XSS MEDIUM" "youzify 1.2.0 Unauthenticated.SQLi HIGH" "youzify 1.0.7 Stored.Cross-Site.Scripting.via.Biography HIGH" "yith-paypal-express-checkout-for-woocommerce 1.2.6 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-pdf-invoice 1.2.13 Subscriber+.Settings.Update MEDIUM" "yandex-money-button No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "yandex-money-button No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "yandex-money-button 2.4.0 Reflected.Cross-Site.Scripting.(XSS) HIGH" "yith-woocommerce-badges-management 1.3.21 Subscriber+.Settings.Update MEDIUM" "ymc-smart-filter 2.8.34 Cross-Site.Request.Forgery MEDIUM" "ymc-smart-filter 2.9.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "ymc-smart-filter 2.8.33 Unauthenticated.LFI CRITICAL" "yummly-rich-recipes No.known.fix Cross-Site.Request.Forgery MEDIUM" "yop-poll 6.5.27 Unauthenticated.Vote.Manipulation.via.Race.Condition MEDIUM" "yop-poll 6.5.29 Reusable.Captcha.via.validateImage MEDIUM" "yop-poll 6.4.3 IP.Spoofing MEDIUM" "yop-poll 6.3.5 Author+.Stored.Cross-Site.Scripting MEDIUM" "yop-poll 6.3.1 Author+.Stored.Cross-Site.Scripting.via.Preview.Module MEDIUM" "yop-poll 6.3.1 Author+.Stored.Cross-Site.Scripting.via.Options.Module MEDIUM" "yop-poll 6.2.8 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "yop-poll 6.1.5 Authenticated.Stored.XSS LOW" "yop-poll 6.1.2 Reflected.Cross-Site.Scripting HIGH" "yop-poll 6.0.3 Cross-Site.Scripting.(XSS) MEDIUM" "yop-poll 5.8.1 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "yaysmtp 2.6.5 Authenticated.(Administrator+).SQL.Injection MEDIUM" "yaysmtp 2.6.4 2.6.3.-.Unauthenticated.Stored.Cross-Site.Scripting HIGH" "yaysmtp 2.4.6 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "yaysmtp 2.2.2 Admin+.Stored.Cross-Site.Scripting LOW" "yaysmtp 2.2.1 Subscriber+.Stored.Cross-Site.Scripting HIGH" "yaysmtp 2.2.1 Subscriber+.Logs.Disclosure MEDIUM" "yaysmtp 2.2.1 Subscriber+.SMTP.Credentials.Leak MEDIUM" "yith-pre-order-for-woocommerce 1.2.1 Subscriber+.Settings.Update MEDIUM" "your-lightbox No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "yellow-pencil-visual-theme-customizer 7.6.5 Reflected.Cross-Site.Scripting MEDIUM" "yellow-pencil-visual-theme-customizer 7.6.4 Reflected.Cross-Site.Scripting MEDIUM" "yellow-pencil-visual-theme-customizer 7.5.9 Admin+.Stored.XSS LOW" "yellow-pencil-visual-theme-customizer 7.5.4 Reflected.Cross-Site.Scripting HIGH" "yellow-pencil-visual-theme-customizer 7.2.1 Unauthenticated.Arbitrary.Options.Updates HIGH" "yougler-blogger-profile-page No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "you-shang No.known.fix Authenticated.Stored.Cross-Site.Scripting LOW" "yith-woocommerce-ajax-search 2.8.1 Unauthenticated.SQL.Injection HIGH" "yith-woocommerce-ajax-search 2.7.1 Contributor+.Stored.XSS MEDIUM" "yith-woocommerce-ajax-search 2.4.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "yith-woocommerce-ajax-search 1.7.1 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-product-vendors 3.8.1 Reflected.Cross-Site.Scripting HIGH" "yith-woocommerce-product-vendors 3.4.1 Subscriber+.Settings.Update MEDIUM" "yet-another-stars-rating 3.4.4 Missing.Authorization.via.init MEDIUM" "yet-another-stars-rating 3.4.2 Reflected.Cross-Site.Scripting MEDIUM" "yet-another-stars-rating 3.1.3 Subscriber+.Stored.XSS HIGH" "yet-another-stars-rating 3.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "yet-another-stars-rating 3.0.0 Reflected.Cross-Site.Scripting MEDIUM" "yet-another-stars-rating 1.8.7 PHP.Object.Injection HIGH" "yith-woocommerce-mailchimp 2.1.4 Subscriber+.Settings.Update MEDIUM" "yotpo-social-reviews-for-woocommerce 1.7.10 Reflected.Cross-Site.Scripting MEDIUM" "yith-woocommerce-brands-add-on 1.3.7 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-tab-manager 1.35.1 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "yith-woocommerce-ajax-navigation 5.2.0 Reflected.Cross-Site.Scripting MEDIUM" "yith-woocommerce-ajax-navigation 3.11.1 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "yith-woocommerce-catalog-mode 2.16.1 Cross-Site.Scripting.via.shortcode.ajax MEDIUM" "yith-advanced-refund-system-for-woocommerce 1.0.12 Subscriber+.Settings.Update MEDIUM" "youtube-simple-gallery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "yookassa 2.3.1 Subscriber+.Arbitrary.Settings.Update MEDIUM" "yookassa 2.3.1 Arbitrary.Settings.Update.via.CSRF MEDIUM" "yourchannel 1.2.4 Unauthenticated.Settings.Reset MEDIUM" "yourchannel 1.2.5 Multiple.CSRF MEDIUM" "yourchannel 1.2.6 Admin+.Stored.XSS LOW" "yourchannel 1.2.2 Subscriber+.Stored.XSS HIGH" "yourchannel 1.2.3 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "yml-for-yandex-market 4.7.3 Reflected.Cross-Site.Scripting MEDIUM" "yml-for-yandex-market 4.2.4 Reflected.Cross-Site.Scripting MEDIUM" "yml-for-yandex-market 3.10.8 Reflected.XSS HIGH" "yith-woocommerce-request-a-quote 1.6.4 Unauthorised.AJAX.call.via.CSRF MEDIUM" "yith-woocommerce-request-a-quote 1.4.9 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-account-funds-premium 1.34.0 Missing.Authorization MEDIUM" "yith-woocommerce-zoom-magnifier 1.3.12 Subscriber+.Settings.Update MEDIUM" "yet-another-related-posts-plugin 5.30.11 Missing.Authorization MEDIUM" "yet-another-related-posts-plugin 5.30.10 Authenticated(Administrator+).Cross-Site.Scripting MEDIUM" "yet-another-related-posts-plugin 5.30.10 Admin+.Stored.XSS LOW" "yet-another-related-posts-plugin 5.30.4 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "yet-another-related-posts-plugin 5.30.3 Yet.Another.Related.Posts.Plugin.<.5.30.3.-.Subscriber+.SQLi HIGH" "yet-another-related-posts-plugin 5.30.5 Yet.Another.Related.Posts.Plugin.<.5.30.5.-.Subscriber+.LFI HIGH" "yet-another-related-posts-plugin 5.30.3 Yet.Another.Related.Posts.Plugin.<.5.30.3.-.Contributor+.Stored.XSS MEDIUM" "ydn-download No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "yith-essential-kit-for-woocommerce-1 2.35.0 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Plugin.Install,.Activation,.and.Deactivation MEDIUM" "yith-essential-kit-for-woocommerce-1 2.14.0 Cross-Site.Scripting.via.shortcode.ajax MEDIUM" "yawave No.known.fix Unauthenticated.SQL.Injection HIGH" "yaad-sarig-payment-gateway-for-wc 2.2.5 Subscriber+.Log.Read/Deletion MEDIUM" "yada-wiki 3.4.1 Contributor+.Stored.XSS MEDIUM" "yphplista No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "yphplista No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "yawpp No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "yith-woocommerce-affiliates 1.6.3 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-advanced-reviews 1.4.0 Subscriber+.Settings.Update MEDIUM" "youtube-simplegallery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "yottie-lite No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "youforms-free-for-copecart No.known.fix Authenticated.Stored.Cross-Site.Scripting LOW" "yith-maintenance-mode 1.4.0 Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "yith-maintenance-mode 1.3.8 Admin+.Stored.Cross-Site.Scripting LOW" "yith-maintenance-mode 1.2.0 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "yith-woocommerce-social-login 1.3.6 Subscriber+.Settings.Update MEDIUM" "yikes-inc-easy-custom-woocommerce-product-tabs No.known.fix Shop.Manager+.PHP.Object.Injection MEDIUM" "yikes-inc-easy-custom-woocommerce-product-tabs 1.8.0 Admin+.Stored.XSS LOW" "yikes-inc-easy-custom-woocommerce-product-tabs 1.7.8 Unauthenticated.Toggle.Content.Setting.Update MEDIUM" "yoo-bar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "yayforms 1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "yith-woocommerce-subscription 1.3.6 Subscriber+.Settings.Update MEDIUM" "youmax-channel-embeds-for-youtube-businesses No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "youmax-channel-embeds-for-youtube-businesses No.known.fix Cross-Site.Request.Forgery MEDIUM" "yikes-inc-easy-mailchimp-extender No.known.fix Missing.Authorization MEDIUM" "yikes-inc-easy-mailchimp-extender No.known.fix Sensitive.Information.Exposure.via.logfile HIGH" "yikes-inc-easy-mailchimp-extender 6.9.0 Admin+.Stored.Cross-Site.Scripting LOW" "yikes-inc-easy-mailchimp-extender 6.8.9 Reflected.XSS MEDIUM" "yikes-inc-easy-mailchimp-extender 6.8.8 Reflected.XSS HIGH" "yikes-inc-easy-mailchimp-extender 6.8.7 Contributor+.Stored.XSS MEDIUM" "yikes-inc-easy-mailchimp-extender 6.8.9 Admin+.Stored.XSS LOW" "yikes-inc-easy-mailchimp-extender 6.8.6 Reflected.Cross-Site.Scripting MEDIUM" "yikes-inc-easy-mailchimp-extender 6.6.3 Authenticated.Cross-Site.Scripting.(XSS) CRITICAL" "youzify-moderation No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "youtube-feeder No.known.fix CSRF.to.Stored.XSS HIGH" "youtube-embed-plus 11.8.2 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "yesno 1.0.12 Authenticated.(contributor+).Blind.SQL.Injection HIGH" "yabp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "youtube-video-inserter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "yotuwp-easy-youtube-embed 1.3.14 Unauthenticated.Local.File.Inclusion CRITICAL" "yotuwp-easy-youtube-embed 1.3.14 Authenticated.(Contributor+).Arbitrary.File.Inclusion.via.Shortcode MEDIUM" "yotuwp-easy-youtube-embed 1.3.13 Admin+.Stored.XSS LOW" "zoho-salesiq 1.0.9 XSS.&.CSRF HIGH" "zij-kart No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "zajax-ajax-navigation No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "z-inventory-manager No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "z-inventory-manager 3.1.7 Unauthenticated.PHP.Object.Injection CRITICAL" "zohocreator No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "zm-gallery No.known.fix ZM.Gallery.1,0.–.Authenticated.Blind.SQL.Injection HIGH" "zooom No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "zoho-flow 2.13.4 Missing.Authorization MEDIUM" "zoho-flow 2.8.1 Authenticated.(Administrator+).SQL.Injection MEDIUM" "zen-social-sticky No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "zoorum-comments No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "zoho-subscriptions 4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "zynith-seo No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Option.Deletion CRITICAL" "zynith-seo No.known.fix Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "zynith-seo No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "zd-scribd-ipaper No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "znajdz-prace-z-pracapl No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "zx-csv-upload No.known.fix ZX_CSV.Upload.1.–.Authenticated.SQL.Injection HIGH" "zhina-twitter-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "zen-mobile-app-native No.known.fix Remote.File.Upload HIGH" "zox-news 3.17.1 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Modification HIGH" "zalomeni No.known.fix Admin+.Stored.XSS LOW" "zlick-paywall 2.2.2 CSRF.Bypasses LOW" "zephyr-modern-admin-theme 1.5.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "zoho-forms 4.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "zoho-forms 3.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "zoho-forms 3.0.1 Contributor+.Stored.XSS MEDIUM" "zip-recipes No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "zip-recipes 8.1.1 Authenticated(Contributor+).SQL.Injection HIGH" "zip-recipes 8.0.8 Cross-Site.Request.Forgery MEDIUM" "zip-recipes 8.0.8 Multiple.CSRF MEDIUM" "zip-recipes 8.0.7 Reflected.XSS HIGH" "zero-spam 5.5.7 Spam.Protection.Bypass MEDIUM" "zero-spam 5.4.5 Admin+.SQL.Injection MEDIUM" "zero-spam 5.2.11 Admin+.SQL.Injection MEDIUM" "zigaform-form-builder-lite 7.4.3 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "zigaform-form-builder-lite 7.4.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "zoho-crm-forms 1.7.9.8 Contributor+.SQL.Injection MEDIUM" "zoho-crm-forms 1.7.8.9 Reflected.Cross-Site.Scripting MEDIUM" "zoho-crm-forms 1.7.6.2 Subscriber+.Arbitrary.Options.Update HIGH" "zoho-crm-forms 1.7.2.9 Admin+.Stored.Cross-Site.Scripting LOW" "zoho-crm-forms 1.6.9.2 Authenticated.Cross.Site.Scripting.(XSS) MEDIUM" "zalo-live-chat No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "zero-bs-crm 5.5.1 Client+.XSS MEDIUM" "zero-bs-crm 5.5.1 CRM.Admin+.XSS LOW" "zero-bs-crm 5.4.0 PHAR.Deserialisation.via.CSRF HIGH" "zero-bs-crm 5.5.0 Admin+.Stored.XSS LOW" "zero-bs-crm 5.5 Contributor+.Stored.XSS MEDIUM" "zero-bs-crm 5.4.3 Admin+.Cross-Site.Scripting LOW" "zero-bs-crm 4.2.4 Unauthorized.Invoice.Disclosure LOW" "zionbuilder No.known.fix Contributor+.Stored.XSS MEDIUM" "zionbuilder 3.6.10 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "zeno-font-resizer 1.8.0 Admin+.Stored.XSS LOW" "zalo-official-live-chat No.known.fix Cross-Site.Request.Forgery MEDIUM" "zarinpal-paid-downloads No.known.fix Admin+.Arbitrary.File.Upload MEDIUM" "zarinpal-paid-downloads No.known.fix Reflected.XSS HIGH" "zarinpal-paid-downloads No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "zstore-manager-basic No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Cache.Clearing MEDIUM" "zip-attachments 1.5 Arbitrary.File.Download HIGH" "zapier 1.5.2 Authenticated.(Subscriber+).Blind.Server-Side.Request.Forgery.via.updated_user.Function MEDIUM" "ziplist-recipe-plugin No.known.fix Cross-Site.Request.Forgery MEDIUM" "z-downloads 1.11.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "z-downloads 1.11.6 Unauthenticated.Stored.XSS HIGH" "z-downloads 1.11.5 Admin+.Arbitrary.File.Upload MEDIUM" "z-downloads 1.11.7 Admin+.Stored.XSS.via.SVG.Upload LOW" "z-downloads 1.11.4 Authenticated.(Admin+).Arbitrary.File.Upload CRITICAL" "zephyr-project-manager 3.3.201 Missing.Authorization MEDIUM" "zephyr-project-manager 3.3.102 Reflected.Cross-Site.Scripting MEDIUM" "zephyr-project-manager 3.3.103 Reflected.Cross-Site.Scripting MEDIUM" "zephyr-project-manager 3.3.103 Missing.Authorization.to.Authenticated.(Subscriber+).Status.Updates MEDIUM" "zephyr-project-manager 3.3.101 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "zephyr-project-manager 3.3.102 Authenticated.(Subscriber+).Limited.Privilege.Escalation HIGH" "zephyr-project-manager 3.3.101 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.filename.Parameter MEDIUM" "zephyr-project-manager 3.3.100 Unauthenticated.Information.Exposure MEDIUM" "zephyr-project-manager 3.3.99 Editor+.XSS LOW" "zephyr-project-manager 3.3.99 Authenticated.(Subscriber+).Privilege.Escalation.via.User.Meta.Update HIGH" "zephyr-project-manager 3.3.94 Plugin.Data.Deletion.via.CSRF MEDIUM" "zephyr-project-manager 3.2.55 Unauthorised.AJAX.Calls.To.Stored.XSS HIGH" "zephyr-project-manager 3.2.5 Reflected.Cross-Site.Scripting MEDIUM" "zephyr-project-manager 3.2.5 Multiple.Unauthenticated.SQLi CRITICAL" "zephyr-project-manager 3.2.5 Unauthorised.REST.Calls.to.Stored.XSS HIGH" "zephyr-project-manager 3.2.41 Reflected.Cross-Site.Scripting MEDIUM" "zd-youtube-flv-player No.known.fix Server-Side.Request.Forgery HIGH" "zielke-design-project-gallery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "zerobounce 1.0.12 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "zoho-campaigns 2.1.0 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "zoho-campaigns 2.0.8 Cross-Site.Request.Forgery.via.zcwc_integration_disconnect MEDIUM" "zoho-campaigns 2.0.8 Cross-Site.Request.Forgery.via.zcwc_optin_save MEDIUM" "zoho-campaigns 2.0.7 Authenticated.(Contributor+).SQL.Injection CRITICAL" "zm-ajax-login-register No.known.fix Unauthenticated.Authentication.Bypass CRITICAL" "zippy 1.6.10 Authenticated.(Editor+).Arbitrary.File.Upload HIGH" "zoho-marketinghub 1.2.8 Authenticated.(Contributor+).SQL.Injection CRITICAL" "ziteboard-online-whiteboard 3.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.ziteboard.Shortcode MEDIUM" "z-companion 1.1.2 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "z-companion 1.1.0 Missing.Authorization MEDIUM" "zip-codes-redirect 5.1.2 Reflected.Cross-Site.Scripting MEDIUM" "zip-codes-redirect 4.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "zotpress No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.'nickname' MEDIUM" "zotpress 7.3.13 Missing.Authorization MEDIUM" "zotpress 7.3.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "zotpress 7.3.10 Authenticated.(Contributor+).Cross-Site.Scripting MEDIUM" "zotpress 7.3.8 Authenticated.(Contributor+).SQL.Injection CRITICAL" "zotpress 7.3.5 Reflected.XSS HIGH" "zotpress 7.3.4 Unauthenticated.Reflected.XSS HIGH" "zotpress 6.1.3 SQL.Injection CRITICAL" "zigaform-calculator-cost-estimation-form-builder-lite 7.4.3 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "zigaform-calculator-cost-estimation-form-builder-lite 7.4.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "zenphotopress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "zemanta No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Attachment.Upload.and.Set.Post.Featured.Image MEDIUM" "zendesk-help-center 1.0.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "zmseo No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "zita-site-library 1.6.4 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "zita-site-library 1.6.2 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "zita-site-library 1.6.3 Missing.Authorization.to.Page.Creation.and.Options.Modification MEDIUM" "z-url-preview 2.0.0 Cross-Site.Scripting.(XSS) MEDIUM" "zartis-job-plugin No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ziggeo 3.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM") pp "Plugin: Version" rplugins=(`grep -oP ".*/wp-content/plugins/\K[a-zA-Z0-9-_.]+" $file | sort -u`) d=true; [[ ! ${rplugins[@]} ]] && d=false || d=true @@ -90,8 +90,8 @@ plugins(){ themes(){ flagz=() - releases_themes=("beauty 1.1.4" "cakifo 1.6.2" "intrace 1.1.5" "yuki 1.4.8") - vulns_themes=("5star No.known.fix CSRF.File.Upload HIGH" "15zine 3.3.0 Reflected.Cross-Site.Scripting MEDIUM" "antreas 1.0.7 Unauthenticated.Function.Injection CRITICAL" "agency-lite 1.1.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "accesspress-store 2.5.0 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "aquarella-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "aquarella-lite No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "akal No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "aidreform No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "accesspress-ray No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "amela 1.0.12 Reflected.Cross-Site.Scripting MEDIUM" "amela 1.0.14 Reflected.Cross-Site.Scripting MEDIUM" "amela 1.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "activello No.known.fix Reflected.XSS HIGH" "activello 1.4.2 Unauthenticated.Function.Injection CRITICAL" "althea-wp 1.0.16 Various.Versions.and.Themes.-.Missing.Authorization MEDIUM" "auramart No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "aapna No.known.fix Reflected.XSS HIGH" "accesspress-mag 2.6.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "aplite No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "ashe 2.244 Reflected.Cross-Site.Scripting.via.add_query_arg.Parameter MEDIUM" "ashe 2.234 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "allegiant No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "allegiant 1.2.6 Unauthenticated.Function.Injection CRITICAL" "atlast-business No.known.fix Reflected.XSS HIGH" "accesspress-staple No.known.fix Authenticated.(Subscriber+).Arbitrary.Plugin.Activation.and.Deactivation HIGH" "accesspress-staple No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "accesspress-root 2.6.0 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "aihub 1.3.8 Unauthenticated.Arbitrary.File.Upload.in.generate_image CRITICAL" "aihub No.known.fix Startup.&.Technology.WordPress.Theme.<=.1.3.3.-.Unauthenticated.Arbitrary.File.Upload CRITICAL" "auto-car No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "attire 2.0.7 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "anih No.known.fix Creative.Agency.WordPress.Theme.<=.2024.-.Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "anima 1.4.1.1 Contributor+.Stored.XSS MEDIUM" "arkhe No.known.fix Local.File.Inclusion.via.CSRF HIGH" "accesspress-parallax 4.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "arrival No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "aports No.known.fix Reflected.XSS HIGH" "adifier 3.1.4 Reflected.Cross-Site.Scripting MEDIUM" "aurum-minimalist-shopping-theme 4.0.3 WordPress.&.WooCommerce.Shopping.Theme.<.4.0.3.-.Missing.Authorization.to.Authenticated.(Subscriber+).Demo.Content.Import MEDIUM" "astra 4.6.5 Editor+.Stored.XSS.via.Theme.Header/Footer LOW" "astra 4.6.9 Contributor+.Stored.XSS MEDIUM" "antioch No.known.fix Arbitrary.File.Download HIGH" "aries No.known.fix Local.File.Disclosure HIGH" "aries No.known.fix WordPress.Slider.Revolution.Shell.Upload CRITICAL" "anand No.known.fix Reflected.XSS HIGH" "appointment 3.2.6 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "accesspress-basic 3.2.2 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "affluent 1.1.2 Unauthenticated.Function.Injection CRITICAL" "avada 7.11.7 Authenticated.(Contributor+).Server-Side.Request.Forgery.via.form_to_url_action MEDIUM" "avada 7.11.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "avada 7.11.7 Authenticated.(Admin+).SQL.Injection.via.entry HIGH" "avada 7.11.7 Unauthenticated.Sensitive.Information.Exposure.via.Form.Uploads.Directory.Listing MEDIUM" "avada 7.11.5 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "avada 7.11.2 Subscriber+.Portfolio.Permalinks.Creation MEDIUM" "avada 7.11.2 Author+.Arbitrary.File.Upload.via.Zip.Extraction HIGH" "avada 7.11.2 Contributor+.SSRF HIGH" "avada 7.11.2 Contributor+.Arbitrary.File.Upload MEDIUM" "agncy No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ask-me 6.8.7 Post.Deletion.via.CSRF MEDIUM" "ask-me 6.8.4 CSRF.in.Edit.Profile MEDIUM" "ask-me 6.8.2 Reflected.Cross-Site.Scripting MEDIUM" "ask-me 6.8.2 Multiple.CSRF.in.AJAX.Actions HIGH" "accessbuddy No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "almera 1.1.8 Information.Disclosure HIGH" "awake No.known.fix Local.File.Disclosure HIGH" "awake No.known.fix WordPress.Slider.Revolution.Shell.Upload CRITICAL" "accountra 1.0.4 Multiple.Versions.-.Missing.Authorization.to.Notice.Dismissal MEDIUM" "arya-multipurpose-pro No.known.fix Reflected.XSS HIGH" "adifier-system 3.1.4 Unauthenticated.SQL.Injection CRITICAL" "adifier-system 3.1.4 .Unauthenticated.Local.File.Inclusion CRITICAL" "astore No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "altair No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "altair 5.2.5 Unauthenticated.Arbitrary.Options.Update.via.pp_import_current CRITICAL" "artificial-intelligence 1.2.4 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "airin-blog 1.6.3 Unauthenticated.PHP.Object.Injection HIGH" "adforest 5.1.9 Authentication.Bypass CRITICAL" "adforest 5.1.8 Classified.Ads.WordPress.Theme.<.5.1.8.-.Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post/Attachment.Deletion MEDIUM" "adforest 5.1.7 Privilege.Escalation.via.Password.Reset/Account.Takeover CRITICAL" "adforest 5.1.7 Authentication.Bypass CRITICAL" "auberge 1.4.5 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "adventure-journal No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "accio 1.1.1 Information.Disclosure HIGH" "anfaust No.known.fix Reflected.XSS HIGH" "arendelle 1.1.13 Reflected.XSS HIGH" "arendelle 1.1.11 Reflected.Cross-Site.Scripting MEDIUM" "arendelle 1.1.13 Reflected.Cross-Site.Scripting MEDIUM" "arendelle 1.1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "attorney No.known.fix Reflected.XSS HIGH" "attorney No.known.fix Unauthenticated.Arbitrary.Page/Post.Deletion MEDIUM" "axioma 1.1.2 Information.Disclosure HIGH" "awpbusinesspress 0.2.4 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "accesspress-lite 2.93 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "arilewp 2.9.7 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "arya-multipurpose No.known.fix Unauthenticated.Reflected.XSS HIGH" "blogpoet 1.0.3 Missing.Authorization.via.blogpoet_install_and_activate_plugins() MEDIUM" "bingopress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "beauty No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.tpl_featured_cat_id.Parameter MEDIUM" "big-store 2.0.9 Missing.Authorization MEDIUM" "business-one-page 1.3.0 Missing.Authorization.to.Notice.Dismissal MEDIUM" "broadcast-lite 2.0.7 Reflected.Cross-Site.Scripting MEDIUM" "broadcast-lite 2.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bootstrap-blog 10.2.3 Reflected.Cross-Site.Scripting MEDIUM" "bakes-and-cakes 1.2.7 Missing.Authorization.to.Notice.Dismissal MEDIUM" "blockst 1.0.8 Reflected.Cross-Site.Scripting MEDIUM" "brite 1.0.15 Various.Versions.and.Themes.-.Missing.Authorization MEDIUM" "businesswp 1.1 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "brandy 1.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "brooklyn 4.9.9.3 Authenticated.(Subscriber+).PHP.Object.Injection.in.ot_decode HIGH" "brooklyn No.known.fix PHP.Object.Injection HIGH" "brooklyn No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bootstrap-fitness 1.0.6 Reflected.Cross-Site.Scripting MEDIUM" "betheme 28.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "betheme 27.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Custom.JS MEDIUM" "betheme 27.5.6 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File MEDIUM" "betheme No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "betheme 27.5.7 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "betheme 27.1.2 Missing.Authorization MEDIUM" "betheme 26.8 Reflected.XSS HIGH" "betheme 26.6.3 Subscriber+.Stored.XSS MEDIUM" "betheme 26.6 Contributor+.PHP.Object.Injection MEDIUM" "betheme 26.6.3 Subscriber+.Unauthorised.Action MEDIUM" "betheme 26.6.3 Missing.Authorization HIGH" "betheme 26.6 Subscriber+.PHP.Object.Injection MEDIUM" "business-directory No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "businessexpo 0.1.4 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "bridge 18.2.1 Open.Redirect HIGH" "bridge 11.2 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "bonkers 1.0.6 Unauthenticated.Function.Injection CRITICAL" "book-landing-page 1.2.4 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "baton No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "business-pro No.known.fix Reflected.XSS HIGH" "benevolent 1.3.5 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "blockbooster 1.0.11 Missing.Authorization MEDIUM" "brand No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "brand No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "brand No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "bicycleshop 1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bizpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bingle 1.0.5 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "build No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "brasserie No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bookyourtravel 8.18.19 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "balkon 1.3.3 Reflected.Cross-Site.Scripting HIGH" "bootstrap-photography No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "blossom-shop 1.1.8 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "boot-store No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "boot-store No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "basil 2.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "barter 1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blessing 1.3.2.1 Information.Disclosure HIGH" "bloger 1.2.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "busiprof No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "busiprof 2.3.8 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "beauty-premium No.known.fix Arbitrary.File.Upload MEDIUM" "bootstrap-ultimate No.known.fix Unauthenticated.Limited.Local.File.Inclusion CRITICAL" "bootstrap-coach 1.1.2 Reflected.Cross-Site.Scripting MEDIUM" "bolster No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "bacola No.known.fix Cross-Site.Request.Forgery MEDIUM" "bretheon No.known.fix Local.File.Disclosure HIGH" "bretheon No.known.fix WordPress.Slider.Revolution.Shell.Upload CRITICAL" "bloghub No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bbe 1.53 Direct.Object.Reference MEDIUM" "bulk No.known.fix Missing.Authorization MEDIUM" "blocksy 2.0.78 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blocksy 2.0.51 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blocksy 2.0.47 Contributor+.Stored.XSS MEDIUM" "blocksy 2.0.43 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blocksy 2.0.40 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "blocksy 2.0.34 Contributor+.Stored.XSS MEDIUM" "blocksy 2.0.27 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blocksy 2.0.20 Authenticated.(Editor+).Stored.Cross-Site.Scripting LOW" "bani No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bani No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bani No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "bravada 1.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "boliin No.known.fix Reflected.XSS HIGH" "busicare 1.1.9 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "bellevuex No.known.fix Missing.Authorization MEDIUM" "blain No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "bloggie No.known.fix Contributor+.Arbitrary.File.Upload HIGH" "brain-power No.known.fix Reflected.XSS HIGH" "buzzclub 2.0.5 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Arbitrary.Option.Update MEDIUM" "bazaar-lite 1.8.6 Reflected.XSS HIGH" "bunnypresslite 2.1 Reflected.XSS HIGH" "bloglo 1.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "buddyboss-platform 2.6.0 Subscriber+.Comment.on.Private.Post.via.IDOR MEDIUM" "buddyboss-theme 2.5.01 Cross-Site.Request.Forgery MEDIUM" "buddyboss-theme 2.4.61 Missing.Authorization MEDIUM" "brilliance No.known.fix Subscriber+.Stored.XSS HIGH" "brilliance 1.3.0 Unauthenticated.Function.Injection CRITICAL" "blossom-spa 1.3.5 Sensitive.Information.Exposure MEDIUM" "bello 1.6.0 Unauthenticated.Reflected.XSS.&.XFS MEDIUM" "bello 1.6.0 Authenticated.Cross-Site.Scripting.(XSS).and.XFS MEDIUM" "bello 1.6.0 Unauthenticated.Blind.SQL.Injection CRITICAL" "bricks 1.9.7 Authenticated.(Contributor+).Privilege.Escalation.via.create_autosave HIGH" "bricks 1.10.2 Authenticated.(Bricks.Page.Builder.Access+).Stored.Cross-Site.Scripting MEDIUM" "bricks 1.8.2 Cross-Site.Request.Forgery.via.reset_settings MEDIUM" "bricks 1.8.2 Cross-Site.Request.Forgery.via.save_settings MEDIUM" "bricks 1.9.6.1 Unauthenticated.Remote.Code.Execution CRITICAL" "bricks 1.9.6.1 Unauthenticated.Remote.Code.Execution CRITICAL" "bricks 1.5.4 Subscriber+.Arbitrary.Post/Page.Edition HIGH" "bricks 1.5.4 Subscriber+.Remote.Code.Execution HIGH" "bard 2.217 Reflected.Cross-Site.Scripting.via.add_query_arg.Parameter MEDIUM" "bard 2.211 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "corsa No.known.fix Subscriber+.Arbitrary.Plugin.Installation CRITICAL" "counterpoint No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "counterpoint No.known.fix Reflected.XSS HIGH" "clean-retina 3.0.7 Unauthenticated.Local.File.Inclusion CRITICAL" "custom-community 2.0.25 Stored.Cross-Site.Scripting.(XSS) HIGH" "citybook 2.4.4 Unauthenticated.Reflected.XSS HIGH" "citybook 2.3.4 Multiple.Vulnerabilities HIGH" "cuisine-palace No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cuisine-palace No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "click-mag 3.7.0 Viral.WordPress.News.Magazine/Blog.Theme.<.3.7.0.-.Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Deletion HIGH" "cozipress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "car-repair-services 4.0 Unauthenticated.Reflected.XSS.&.XFS HIGH" "chaostheory 1.3.2 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "construct 2.8.3 Local.File.Disclosure HIGH" "construct 2.8.3 WordPress.Slider.Revolution.Shell.Upload CRITICAL" "create 2.9.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "conult No.known.fix Reflected.XSS HIGH" "chic-lifestyle 10.0.8 Reflected.Cross-Site.Scripting MEDIUM" "colorway No.known.fix Cross-Site.Request.Forgery MEDIUM" "colorway No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "colorway 3.4.2 Cross-Site.Scripting.(XSS) MEDIUM" "constix No.known.fix Reflected.XSS HIGH" "cafe-bistro 1.1.4 Reflected.XSS HIGH" "consultstreet 1.6.7 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "catch-base 3.4.7 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "cosmetsy No.known.fix Cross-Site.Request.Forgery MEDIUM" "carspot 2.4.4 Unauthenticated.Arbitrary.Password.Reset/Account.Takeover CRITICAL" "carspot 2.2.3 Multiple.Vulnerabilities MEDIUM" "coachify 1.0.8 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "chic-lite 1.1.4 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "churel No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "careerup 2.3.1 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "cactus No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "consultpress-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "consultpress-lite No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "consultpress-lite No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "cww-portfolio No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "connections-reloaded No.known.fix Reflected.XSS HIGH" "city-store No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "careplus No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "careerfy 6.3.0 Authenticated.Stored.XSS MEDIUM" "careerfy 4.4.0 Unauthenticated.Reflected.XSS MEDIUM" "careerfy 4.3.0 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "careerfy 4.1.0 Multiple.Cross-Site.Scripting.(XSS).Issues MEDIUM" "careerfy 3.9.0 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "customify-theme No.known.fix Missing.Authorization MEDIUM" "chained No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "college 1.5.1 Reflected.XSS HIGH" "civi No.known.fix Sensitive.Information.Exposure HIGH" "civi No.known.fix Authentication.Bypass.via.Password.Update CRITICAL" "civi No.known.fix Authentication.Bypass.via.Non-Randomized.Password.for.SSO.Accounts MEDIUM" "celestial-aura No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "couponis-demo 2.2 Unauthenticated.SQL.Injection CRITICAL" "construction-landing-page 1.3.6 Missing.Authorization.to.Notice.Dismissal MEDIUM" "consultera No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "colibri-wp 1.0.99 Various.Versions.and.Themes.-.Missing.Authorization MEDIUM" "colibri-wp 1.0.101 Cross-Site.Request.Forgery.to.Limited.Plugin.Installation MEDIUM" "carzine No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "construction-lite 1.2.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "cloudpress 2.4.9 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "colormag 3.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Display.Name MEDIUM" "colormag 3.1.3 Missing.Authorization.to.Arbitrary.Plugin.Installation MEDIUM" "classima 2.1.11 Reflected.Cross-Site.Scripting MEDIUM" "clockstone No.known.fix Arbitrary.File.Upload CRITICAL" "clotya No.known.fix Cross-Site.Request.Forgery MEDIUM" "club-theme No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "consus 1.0.7 Cross-Site.Request.Forgery MEDIUM" "customizr 4.4.22 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "customizr 4.3.1 Arbitrary.Settings.Update.via.CSRF MEDIUM" "customizr 4.3.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "cozystay 1.7.1 Missing.Authorization.to.Arbitrary.Action.Execution.in.ajax_handler HIGH" "cozystay 1.7.1 Unauthenticated.PHP.Object.Injection.in.ajax_handler CRITICAL" "cas No.known.fix Unauthenticated.Arbitrary.File.Access HIGH" "cas No.known.fix Unauthenticated.SSRF HIGH" "ciyashop No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "ciyashop 4.19.1 Multipurpose.WooCommerce.Theme.<.4.19.1.-.Unauthenticated.PHP.Object.Injection CRITICAL" "campress No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "corporate-event No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cyclone-blog No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cardealer 1.6.5 Cross-Site.Request.Forgery.to.User.Update.via.update_user_profile HIGH" "cardealer 1.6.5 Arbitrary.Theme.Option.Update.to.Authenticated.(Subscriber+).Privilege.Escalation HIGH" "cardealer 1.6.5 Missing.Authorization.to.Authenticated.(Subscriber+).Change.and.Delete.JS.and.CSS.Files MEDIUM" "cardealer 1.6.4 Authenticated.(Subscriber+).Arbitrary.File.Deletion.and.Read HIGH" "cardealer 1.1.9 Information.Disclosure HIGH" "colornews 1.2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dailydeal No.known.fix File.Upload.Remote.Code.Execution HIGH" "digital-newspaper 1.1.6 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "darcie 1.1.6 Reflected.XSS HIGH" "discy 5.5.3 Missing.validation.lead.to.functionality.abuse LOW" "discy 5.0 Subscriber+.Broken.Access.Control.to.change.settings MEDIUM" "discy 5.2 Restore.Default.Settings.via.CSRF MEDIUM" "discy 5.2 Settings.Update.via.CSRF MEDIUM" "digi-store No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "digital-store 1.3.3 Unspecified.XSS MEDIUM" "divi 4.25.1 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "divi 4.23.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "divi 4.5.3 4.5.2,.Extra.2.0.-.4.5.2,.Divi.Builder.2.0.-.4.5.2).-.Authenticated.Arbitrary.File.Upload MEDIUM" "divi 4.0.10 Authenticated.Code.Injection MEDIUM" "divi 3.17.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "divi 2.6.4 Privilege.Escalation HIGH" "delicate No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "digitally No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "digitally No.known.fix Reflected.XSS HIGH" "disconnected No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dt-the7 11.14.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.url.Attribute MEDIUM" "dt-the7 11.6.1 Reflected.XSS HIGH" "dt-the7 2.1.1 Cross-Site.Scripting.(XSS) MEDIUM" "design-comuni-wordpress-theme 1.1.2 Unauthenticated.Stored.XSS HIGH" "designexo 3.7 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "diplomat 1.0.3 Information.Disclosure HIGH" "deadline No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dessau 1.9 Unauthenticated.Local.File.Inclusion CRITICAL" "dor 2.4.1 Unauthenticated.Local.File.Inclusion CRITICAL" "dwt-listing 3.3.5 Directory.&.Listing.WordPress.Theme.<=3.3.4.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "dwt-listing 3.3.4 Directory.&.Listing.WordPress.Theme.<.3.3.4.-.Reflected.Cross-Site.Scripting MEDIUM" "drop 1.22 Reflected.XSS HIGH" "doko 1.1.0 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "directory 3.0.2 Reflected.XSS HIGH" "enfold 7.0 Authenticated.(Subscriber+).Server-Side.Request.Forgery.via.attachment_id MEDIUM" "enfold 7.0 Missing.Authorization.to.Sensitive.Information.Disclosure.in.avia-export-class.php MEDIUM" "enfold 6.0.4 Contributor+.Stored.XSS.via.wrapper_class.and.class.Parameters MEDIUM" "enfold 5.6.10 Reflected.Cross-Site.Scripting MEDIUM" "enfold 5.6.5 Reflected.Cross-Site.Scripting MEDIUM" "enfold 4.8.4 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "eximius No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "excellent 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elegant-pink 1.3.1 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "everest-news No.known.fix Reflected.XSS HIGH" "elation No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "elation 1.1.01 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "education-zone 1.3.5 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "eighteen-tags 3.1.1 Reflected.Cross-Site.Scripting MEDIUM" "elasta 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "elasta 1.0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "eco-nature 2.1.0 Environment.&.Ecology.WordPress.Theme.<.2.1.0.-.Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Options.Update HIGH" "estrutura-basica No.known.fix Local.File.Download. HIGH" "empowerwp 1.0.22 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "eventpress 5.7 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "elevate-wp 1.0.17 Various.Versions.and.Themes.-.Missing.Authorization MEDIUM" "exquisite-wp No.known.fix DOM.Cross-Site.Scripting.(XSS) MEDIUM" "edumall 4.3.0 Unauthenticated.Local.File.Inclusion HIGH" "epic No.known.fix Arbitrary.File.Download HIGH" "eptonic No.known.fix Valums.Uploader.Shell.Upload.Exploit CRITICAL" "easybook 1.2.2 Multiple.Vulnerabilities HIGH" "empowerment No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "envo-multipurpose No.known.fix Missing.Authorization LOW" "enlighten 1.3.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "esteem 1.5.1 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "eduma 5.6.5 Missing.Authorization MEDIUM" "eduma 5.4.8 Reflected.Cross-Site.Scripting MEDIUM" "everest-news-pro No.known.fix Reflected.XSS HIGH" "event 1.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "edmin No.known.fix Contributor+.Arbitrary.File.Upload HIGH" "edmin No.known.fix Reflected.Cross-Site.Scripting HIGH" "edge 2.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Author.Display.Name MEDIUM" "elitepress 2.0.3 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "education-lms No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "envo-business No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "echelon 2.8.3 Local.File.Disclosure HIGH" "echelon 2.8.3 WordPress.Slider.Revolution.Shell.Upload CRITICAL" "esotera 1.2.6 Contributor+.Stored.XSS MEDIUM" "everse 1.2.4 Reflected.XSS HIGH" "everse 1.8.10 Reflected.Cross-Site.Scripting MEDIUM" "everse 1.8.12 Reflected.Cross-Site.Scripting MEDIUM" "everse 1.8.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "findeo 1.3.1 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "findeo 1.3.1 Arbitrary.Property.Deletion.via.IDOR HIGH" "formula 0.5.2 Reflected.Cross-Site.Scripting.via.quality_customizer_notify_dismiss_action MEDIUM" "formula 0.5.2 Reflected.Cross-Site.Scripting.via.ti_customizer_notify_dismiss_recommended_plugins MEDIUM" "fusion 2.8.3 Local.File.Disclosure HIGH" "fusion 2.8.3 WordPress.Slider.Revolution.Shell.Upload CRITICAL" "forumengine 1.9 Reflected.Cross-Site.Scripting MEDIUM" "freesia-empire 1.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fashionable-store No.known.fix Reflected.XSS HIGH" "fire-blog No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "findus 1.1.15 Directory.Listing.<.1.1.15.-.Authenticated.Persistent.XSS MEDIUM" "full-frame 2.7.3 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "fude No.known.fix Reflected.XSS HIGH" "fusion-builder 7.11.6 Authenticated(Contributor+).Sensitive.Information.Exposure.via.Form.Entries MEDIUM" "fusion-builder 3.11.2 Subscriber+.SQL.injection.and.broken.access.control.vulnerability.in.Critical.CSS HIGH" "fotawp 1.4.2 Missing.Authorization.via.fotawp_install_and_activate_plugins() MEDIUM" "fluida 1.8.8.1 Contributor+.Stored.XSS MEDIUM" "furnob No.known.fix Cross-Site.Request.Forgery MEDIUM" "flatsome 3.19.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Shortcodes MEDIUM" "flatsome 3.19.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "flatsome 3.17.6 Unauthenticated.PHP.Object.Injection CRITICAL" "flatsome 3.17.0 Reflected.XSS HIGH" "freely No.known.fix Information.Disclosure HIGH" "foodbakery 2.2 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "foodbakery 2.0 Unauthenticated.Reflected.XSS MEDIUM" "foxiz 2.3.6 Unauthenticated.Server-Side.Request.Forgery HIGH" "flex-mag 3.6.0 Responsive.WordPress.News.Theme.<.3.6.0.-.Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Option.Deletion HIGH" "fraction-theme 1.1.2 Privilege.Escalation HIGH" "fioxen No.known.fix Reflected.XSS HIGH" "folo No.known.fix Contributor+.Arbitrary.File.Upload HIGH" "folo No.known.fix Reflected.Cross-Site.Scripting HIGH" "fullbase 1.2.1 Reflected.XSS HIGH" "fifteen No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "focusblog 2.0.0 Unauthenticated.Option.Update MEDIUM" "focusblog 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "findgo 1.3.32 Directory.Listing.<.1.3.32.-.Unauthenticated.Reflected.and.Authenticated.Stored.XSS MEDIUM" "flashy No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "financio 1.1.4 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "filmix No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fotography 2.4.1 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "flixita 1.0.83 Reflected.Cross-Site.Scripting.via.id.Parameter MEDIUM" "fortune No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "foton 2.6.1 Unauthenticated.Local.File.Inclusion CRITICAL" "footysquare No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "fashstore No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "gaga-lite No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "gucherry-blog No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gravel No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "golo 1.6.11 Directory.&.Listing,.Travel.WordPress.Theme.<.1.6.11.-.Missing.Authorization.to.Privilege.Escalation.via.Unauthenticated.Arbitrary.User.Password.Change CRITICAL" "golo 1.3.3 Unauthenticated.Reflected.XSS MEDIUM" "graphene 2.9.3 Unauthenticated.Password.Protected.Post.Access MEDIUM" "gump No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gym-express No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "glossy-blog No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "gutenbook No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ghostwriter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "grip No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "greenmart 2.5.2 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "greenmart 2.4.3 Reflected.Cross-Site.Scripting.(XSS) CRITICAL" "givingpress-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "grace-mag No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "gameplan No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "g-blog No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "grandrestaurant No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "grandrestaurant No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Options.Deletion HIGH" "grandrestaurant No.known.fix Unauthenticated.PHP.Object.Injection.via.Path.Traversal CRITICAL" "grandrestaurant No.known.fix Cross-Site.Request.Forgery MEDIUM" "grandrestaurant No.known.fix Missing.Authorization MEDIUM" "goto 2.1 Reflected.Cross-Site.Scripting.(XSS) HIGH" "goto 2.1 Unauthenticated.Blind.SQL.Injection CRITICAL" "goto 2.0 Tour.&.Travel.<.2.0.-.Unauthenticated.Reflected.XSS MEDIUM" "goya 1.0.8.8 Unauthenticated.Reflected.Cross-Site.Scripting.via.Multiple.Parameters MEDIUM" "geomagazine No.known.fix Unauthenticated.Reflected.XSS MEDIUM" "grey-opaque No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Download-Button.Shortcode MEDIUM" "goodnews5 No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "gaga-corp No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "gowilds No.known.fix Reflected.XSS HIGH" "gema-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "goodnex 1.1.3 Information.Disclosure HIGH" "hasten-lite No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "halpes No.known.fix Reflected.XSS HIGH" "himalayas No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "himalayas 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "himer 2.1.3 Social.Questions.and.Answers.<.2.1.3.-.CSRF.While.Sending.the.Invites MEDIUM" "himer 2.1.1 Social.Questions.and.Answers.<.2.1.1.-.Subscriber+.Private.Group.Joining.via.IDOR MEDIUM" "himer 2.1.1 Social.Questions.and.Answers.<.2.1.1.-.Multiple.CSRF.on.the.Group.Section MEDIUM" "himer 2.1.1 Social.Questions.and.Answers.<.2.1.1.-.Arbitrary.Group.Joining.via.CSRF MEDIUM" "himer 2.1.1 Social.Questions.and.Answers.<.2.1.1.-.Bypass.Poll.Voting.Restrictions.via.CSRF MEDIUM" "himer 2.1.1 Social.Questions.and.Answers.<.2.1.1.-.Contributor+.Stored.XSS MEDIUM" "himer 1.9.3 Missing.validation.lead.to.functionality.abuse LOW" "hotelica No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "highlight 1.0.30 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "hello-agency 1.0.6 Missing.Authorization.to.Notice.Dismissal MEDIUM" "houzez 3.4.2 Missing.Authorization MEDIUM" "houzez 3.4.2 Missing.Authorization MEDIUM" "houzez 3.3.0 Subscriber+.Privilege.Escalation HIGH" "houzez 3.2.5 Reflected.Cross-Site.Scripting MEDIUM" "honeypress 2.3.6 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "hugo-wp 1.0.10 Various.Versions.and.Themes.-.Missing.Authorization MEDIUM" "hotel-galaxy No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "headway 3.8.9 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "hasium No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hasium 1.6.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "homey 2.4.5 Booking.and.Rentals.WordPress.Theme.<.2.4.5.-.Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Reservation.&.Post.Deletion MEDIUM" "homey 2.4.5 Booking.and.Rentals.WordPress.Theme.<.2.4.5.-.Insecure.Direct.Object.Reference.to.Authenticated.(Subscriber+).Arbitrary.User.Deletion MEDIUM" "homey 2.4.4 Limited.Authentication.Bypass HIGH" "homey 2.4.4 Cross-Site.Request.Forgery.to.User.Verification MEDIUM" "homey 2.4.3 Unauthenticated.Privilege.Escalation.in.homey_save_profile CRITICAL" "homey No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "home-services No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "hueman 3.7.25 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "hueman 3.6.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "hueman 3.6.4 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "homevillas-real-estate 2.3 Multiple.Cross-Site.Scripting.Issues MEDIUM" "hostiko 30.1 Hosting.WordPress.&.WHMCS.Theme.<.30.1.-.Unauthenticated.Local.File.Inclusion HIGH" "hostiko 30.1 Hosting.WordPress.&.WHMCS.Theme.<.30.1.-.Reflected.Cross-Site.Scripting MEDIUM" "hmd 2.2 Reflected.Cross-Site.Scripting MEDIUM" "hive-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hestia 3.1.3 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "hester No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ih-business-pro No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "idyllic 1.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "i-amaze No.known.fix Cross-Site.Request.Forgery MEDIUM" "ignition 2.0.0 Unauthenticated.Option.Update MEDIUM" "ignition 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "inspiro 7.2.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "infinite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.project_url.Parameter MEDIUM" "industrial 1.7.9 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "illdy 2.1.7 Unauthenticated.Function.Injection CRITICAL" "ivy-school 1.6.1 Unauthenticated.Local.File.Inclusion CRITICAL" "industrial-lite No.known.fix Missing.Authorization MEDIUM" "i-transform No.known.fix Cross-Site.Request.Forgery MEDIUM" "interface 3.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "injob 3.4.1 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "ilex 1.4.2 Reflected.XSS HIGH" "intrepidity No.known.fix File.Upload.and.Option.Update.via.CSRF HIGH" "intrace 1.1.1 Multiple.Versions.-.Missing.Authorization.to.Notice.Dismissal MEDIUM" "intothedark No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "jannah 5.4.5 Reflected.Cross-Site.Scripting.(XSS) HIGH" "jannah 5.4.4 Reflected.Cross-Site.Scripting.(XSS) HIGH" "jupiterx 2.0.7 Subscriber+.Path.Traversal.and.Local.File.Inclusion HIGH" "jupiterx 2.0.7 Subscriber+.Arbitrary.Plugin.Deactivation.and.Settings.Update MEDIUM" "js-o3-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "js-o3-lite No.known.fix Reflected.XSS HIGH" "js-paper No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "js-paper No.known.fix Reflected.XSS HIGH" "jetapo 1.1 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "jupiter 6.10.2 Subscriber+.Privilege.Escalation.and.Post.Deletion CRITICAL" "jupiter 6.10.2 Subscriber+.Arbitrary.Plugin.Deletion MEDIUM" "jupiter 6.10.2 Subscriber+.Path.Traversal.and.Local.File.Inclusion HIGH" "jetapo-with-woocommerce 1.1 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "jobify 4.2.8 Job.Board.WordPress.Theme.<.4.2.8.-.Missing.Authorization.to.Unauthenticated.Server-Side.Request.Forgery,.Arbitrary.Image.Upload,.and.Image.Generation MEDIUM" "jobify No.known.fix Job.Board.WordPress.Theme.<=.4.2.3.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jobify No.known.fix Job.Board.WordPress.Theme.<=.4.2.3.-.Missing.Authorization MEDIUM" "jobify No.known.fix Job.Board.WordPress.Theme.<=.4.2.3.-.Cross-Site.Request.Forgery MEDIUM" "jobify No.known.fix Job.Board.WordPress.Theme.<=.4.2.3.-.Unauthenticated.Arbitrary.File.Read HIGH" "jewelry-store 2.3.5 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "javo-spot 3.0.0 Unauthenticated.Directory.Traversal HIGH" "jobscout 1.1.5 Cross-Site.Request.Forgery.to.Notice.Dimissal MEDIUM" "jobeleon-wpjobboard 1.9.2 Reflected.Cross-Site.Scripting MEDIUM" "julia-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "jobcareer 3.5 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "jobcareer 2.5.1 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "jobcareer 2.4.1 User.enumeration.&.Reset.password CRITICAL" "jnews No.known.fix Missing.Authorization MEDIUM" "jnews 11.6.7 WordPress.Newspaper.Magazine.Blog.AMP.Theme.<.11.6.7.-.Unauthorized.User.Registration MEDIUM" "jnews 8.0.6 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "kata-business No.known.fix Reflected.XSS HIGH" "kata-app No.known.fix Reflected.XSS HIGH" "krste 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "kingclub-theme No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "konzept 2.5 Unauthenticated.Reflected.XSS MEDIUM" "kleo 5.4.4 Missing.Authorization MEDIUM" "kleo 5.4.4 Reflected.Cross-Site.Scripting MEDIUM" "kahuna 1.7.0.1 Contributor+.Stored.XSS MEDIUM" "kormosala 1.0.23 Unauthenticated.Reflected.XSS MEDIUM" "kata 1.2.9 Reflected.XSS HIGH" "looki-lite 1.3.0 Reflected.XSS HIGH" "lestin No.known.fix Reflected.XSS HIGH" "listivo 2.3.68 Classified.Ads.WordPress.Theme.<.2.3.68.-.Reflected.Cross-Site.Scripting MEDIUM" "listeo 1.6.11 Multiple.XSS.&.XFS.vulnerabilities MEDIUM" "listeo 1.6.11 Multiple.Authenticated.IDOR.Vulnerabilities MEDIUM" "lifestyle-magazine 10.2.1 Reflected.Cross-Site.Scripting MEDIUM" "lawyer-landing-page 1.2.5 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "lawyerpress-lite No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "lovetravel 2.0 Unauthenticated.Reflected.XSS.&.XFS MEDIUM" "lovetravel 3.8 Unauthenticated.Reflected.XSS.&.XFS MEDIUM" "liquido No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lafka No.known.fix Multi.Store.Burger.-.Pizza.&.Food.Delivery.WooCommerce.Theme.<=.4.5.7.-.Missing.Authorization.to.Authenticated.(Subscriber+).Demo.Import MEDIUM" "luxe 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "luxe 2.0.0 Unauthenticated.Option.Update MEDIUM" "lattice 1.1.4 Unspecified.XSS MEDIUM" "listingo No.known.fix Business.Listing.and.Directory.WordPress.Theme.<=.3.2.7.-.Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "listingo 3.2.7 Unauthenticated.Arbitrary.File.Upload CRITICAL" "listingpro 2.9.5 Cross-Site.Request.Forgery.to.Account.Takeover HIGH" "listingpro 2.9.5 Subscriber+.Local.File.Inclusion HIGH" "listingpro 2.9.5 Unauthenticated.SQL.Injection CRITICAL" "listingpro 2.6.1 Unauthenticated.Sensitive.Data.Disclosure.(Usernames,.Emails.etc) HIGH" "listingpro 2.6.1 Unauthenticated.Arbitrary.Plugin.Installation/Activation/Deactivation CRITICAL" "listingpro 2.5.4 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "listingpro 2.0.14.5 Reflected.&.Persistent.Cross-Site.Scripting MEDIUM" "learnmore No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "learnmore No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mediumishh No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "modins No.known.fix Reflected.XSS HIGH" "mTheme-Unus 2.3 Directory.Traversal HIGH" "mosaic No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "minus 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "minus 2.0.0 Unauthenticated.Option.Update MEDIUM" "moseter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "moseter No.known.fix Reflected.XSS HIGH" "mocho-blog No.known.fix Reflected.XSS HIGH" "medzone-lite 1.2.6 Unauthenticated.Function.Injection CRITICAL" "mags 1.1.7 Unauthenticated.Local.File.Inclusion CRITICAL" "monalisa 2.1.3 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "myriad 2.8.3 Local.File.Disclosure HIGH" "myriad 2.8.3 WordPress.Slider.Revolution.Shell.Upload CRITICAL" "meris No.known.fix Reflected.XSS HIGH" "modern 1.4.2 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "my-flatonica No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "meridia 2.2.8 Reflected.Cross-Site.Scripting MEDIUM" "meridia 2.2.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "medibazar No.known.fix Cross-Site.Request.Forgery MEDIUM" "manbiz2 No.known.fix Local.File.Disclosure HIGH" "manbiz2 No.known.fix WordPress.Slider.Revolution.Shell.Upload CRITICAL" "medikaid 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "modular 2.8.3 Local.File.Disclosure HIGH" "modular 2.8.3 WordPress.Slider.Revolution.Shell.Upload CRITICAL" "ms-lms-starter-theme 1.1.9 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "method 2.8.3 Local.File.Disclosure HIGH" "method 2.8.3 WordPress.Slider.Revolution.Shell.Upload CRITICAL" "morningtime-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "multipurpose No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "mystique No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "monograph No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "my-white No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "metro-magazine 1.3.8 Missing.Authorization.to.Notice.Dismissal MEDIUM" "monolit 2.0.7 Reflected.XSS HIGH" "minimog 3.8.0 Unauthenticated.Local.PHP.File.Inclusion CRITICAL" "multifox No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "motor 3.1.0 Unauthenticated.Local.File.Inclusion HIGH" "medicpress-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mediciti-lite No.known.fix Reflected.XSS HIGH" "mediciti-lite No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "mantra No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "medicenter 14.7 Health.Medical.Clinic.WordPress.Theme.<.14.7.-.Missing.Authorization MEDIUM" "materialis 1.1.30 Missing.Authorization.to.Limited.Arbitrary.Options.Update MEDIUM" "meta-news 1.1.8 Unauthenticated.Local.File.Inclusion CRITICAL" "my-wooden-under-construction No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mesmerize 1.6.124 Cross-Site.Request.Forgery.to.Cache.Clearing MEDIUM" "medicate No.known.fix Local.File.Disclosure HIGH" "medicate No.known.fix WordPress.Slider.Revolution.Shell.Upload CRITICAL" "machic No.known.fix Cross-Site.Request.Forgery MEDIUM" "massive-dynamic No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "magazine-edge No.known.fix Subscriber+.Arbitrary.Plugin.Activation MEDIUM" "newsmatic 1.3.3 Missing.Authorization MEDIUM" "newsmatic 1.3.5 Unauthenticated.Information.Exposure.via.newsmatic_filter_posts_load_tab_content MEDIUM" "nioland 1.2.7 Reflected.Cross-Site.Scripting.via.s MEDIUM" "newsxpress 1.0.8 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "news-unlimited No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "newsblogger 0.2.5.2 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "newsblogger 0.2.5.5 Cross-Site.Request.Forgery.to.Arbitrary.Plugin.Installation HIGH" "nexos 1.8 Real.Estate.<.1.8.-.Unauthenticated.Reflected.XSS.&.SQL.Injection CRITICAL" "nexos 1.6.1 Real.Estate.<.1.6.1.-.SQL.Injection.&.Persistent.XSS CRITICAL" "newsmunch 1.0.36 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "news-flash No.known.fix Authenticated.(Editor+).PHP.Object.Injection HIGH" "nexter 2.0.4 Missing.Authorization MEDIUM" "nexter 2.0.4 Authenticated.(Subscriber+).SQL.Injection.via.'to'.and.'from' HIGH" "newspaper 12.6.6 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Attachment.Meta MEDIUM" "nothing-personal No.known.fix Reflected.XSS HIGH" "nova-lite 1.3.9 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "nokke 1.2.4 Reflected.XSS HIGH" "nokke 1.2.3 Reflected.Cross-Site.Scripting MEDIUM" "nokke 1.2.4 Reflected.Cross-Site.Scripting MEDIUM" "nokke 1.0.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "newsy No.known.fix Reflected.Cross-Site.Scripting HIGH" "newsy No.known.fix Contributor+.Arbitrary.File.Upload HIGH" "nictitate No.known.fix Cross-Site.Request.Forgery MEDIUM" "nsc No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "newspaper-x 1.3.2 Unauthenticated.Function.Injection CRITICAL" "newsmash 1.0.72 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "newsmash 1.0.35 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "newshit 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "nokri 1.6.3 Unauthenticated.Arbitrary.Password.Change CRITICAL" "newsdaily No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "newscard 1.4 Unauthenticated.Local.File.Inclusion CRITICAL" "neighborly No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "nichebase 1.2.3 Reflected.Cross-Site.Scripting MEDIUM" "nichebase 1.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "neosense 1.8 Unrestricted.File.Upload CRITICAL" "networker 1.1.10 Tech.News.WordPress.Theme.with.Dark.Mode.<.1.1.10.-.Missing.Authorization MEDIUM" "newsmag No.known.fix Subscriber+.Reflected.Cross-Site.Scripting MEDIUM" "newsmag 2.4.2 Unauthenticated.Function.Injection CRITICAL" "newscrunch 1.8.4.1 Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "newscrunch 1.8.4.1 Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "noo-jobmonster 4.7.5 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "noo-jobmonster 4.7.6 Unauthenticated.Privilege.Escalation CRITICAL" "noo-jobmonster 4.6.6.1 Directory.Listing.in.Upload.Folder MEDIUM" "noo-jobmonster 4.5.2.9 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "newseqo No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nirvana No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ngo-charity-lite No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "nightlife No.known.fix CSRF.File.Upload HIGH" "naturemag-lite No.known.fix Unauthenticated.Function.Injection CRITICAL" "opstore No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "olivia No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "onepress No.known.fix Missing.Authorization MEDIUM" "onepress No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "onepress 2.3.7 Cross-Site.Request.Forgery.via.save_settings() MEDIUM" "opor-ayam No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "opor-ayam No.known.fix Reflected.XSS HIGH" "one-paze No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "orgarium No.known.fix Reflected.XSS HIGH" "onair2 3.9.9.2 Unauthenticated.RFI.and.SSRF MEDIUM" "one-page-conference No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "oceanwp 3.5.5 Subscriber+.Sensitive.Information.Exposure MEDIUM" "orchid-store 1.5.7 .Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Plugin.Activation MEDIUM" "outdoor 3.9.7 Reflected.XSS HIGH" "offset-writing No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "offset-writing No.known.fix Reflected.XSS HIGH" "oceanic No.known.fix Cross-Site.Request.Forgery MEDIUM" "onetone No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "ona 1.18.3 Reflected.Cross-Site.Scripting MEDIUM" "optimizepress 1.6 Unauthenticated.Arbitrary.File.Upload CRITICAL" "pathway 1.0.16 Various.Versions.and.Themes.-.Missing.Authorization MEDIUM" "porto 7.1.1 Authenticated.(Contributor+).Local.File.Inclusion.via.Post.Meta HIGH" "porto 7.1.1 Unauthenticated.Local.File.Inclusion.via.porto_ajax_posts CRITICAL" "preschool-and-kindergarten 1.2.2 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "pinzolo 1.2.10 Reflected.XSS HIGH" "pliska 0.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Author.Display.Name MEDIUM" "patricia-blog No.known.fix Cross-Site.Request.Forgery MEDIUM" "point No.known.fix Cross-Site.Request.Forgery MEDIUM" "power-mag No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "parallelus-unite 2.0 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "photography No.known.fix Unauthenticated.Server-Side.Request.Forgery HIGH" "photography No.known.fix Missing.Authorization MEDIUM" "patricia-lite No.known.fix Cross-Site.Request.Forgery MEDIUM" "purosa 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "purosa 1.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "phototouch 1.2.2 Arbitrary.File.Upload.via.themify-ajax.php CRITICAL" "pixova-lite 2.0.7 Unauthenticated.Function.Injection CRITICAL" "parallelus-intersect 2.0 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "pont No.known.fix Privilige.Escalation HIGH" "pixigo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "paroti No.known.fix Reflected.XSS HIGH" "pisole No.known.fix Reflected.XSS HIGH" "pressmart 1.2.17 Modern.Elementor.WooCommerce.WordPress.Theme.<.1.2.17.-.Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "plato 1.1.9 Reflected.XSS HIGH" "popularis-verse 1.0.2 Cross-Site.Request.Forgery MEDIUM" "photobox No.known.fix Contributor+.Arbitrary.File.Upload HIGH" "photobox No.known.fix Reflected.Cross-Site.Scripting HIGH" "pubnews 1.0.8 Authenticated.(Subscriber+).Arbitrary.Plugin.Installation HIGH" "pinboard No.known.fix includes/theme-options.php.tab.Parameter.XSS MEDIUM" "parallaxsome 1.3.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "plain-post 1.0.4 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "prolist 1.27 Directory.Listing.<.1.27.-.Unauthenticated.Reflected.XSS MEDIUM" "pearl 3.4.8 Corporate.Business.<.3.4.8.-.Unauthenticated.Local.File.Inclusion CRITICAL" "perfect-portfolio 1.2.1 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "perfect-portfolio 1.1.6 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "photology 1.1.4 Multiple.Versions.-.Missing.Authorization.to.Notice.Dismissal MEDIUM" "parallax-blog No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "posterity No.known.fix Contributor+.Stored.XSS MEDIUM" "posterity 3.4 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "purus No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "purus No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "purus No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "performag 2.0.0 Unauthenticated.Option.Update MEDIUM" "performag 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "pressive 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "pressive 2.0.0 Unauthenticated.Option.Update MEDIUM" "parabola No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "partdo No.known.fix Cross-Site.Request.Forgery MEDIUM" "platform No.known.fix Cross-Site.Request.Forgery.(CSRF) HIGH" "parallelus-salutation 3.0.16 Stored.XSS MEDIUM" "parallelus-salutation 2.0 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "phlox-pro 5.16.5 Reflected.Cross-Site.Scripting.via.Search.Parameters MEDIUM" "purity-of-soul No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "purity-of-soul No.known.fix Reflected.XSS HIGH" "pixgraphy 1.3.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pinfinity 2.0 Reflected.Cross-site.Scripting.(XSS) MEDIUM" "puzzles 4.2.5 Unauthenticated.PHP.Object.Injection HIGH" "puzzles 4.2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "puzzles 4.2.5 Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "parallelus-traject 2.0 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "patch-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "punte 1.1.3 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "polka-dots No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "polka-dots No.known.fix Reflected.XSS HIGH" "qizon No.known.fix Reflected.XSS HIGH" "quality 2.7.4 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "quasar 2.0 Privilege.Escalation HIGH" "qempo No.known.fix Reflected.XSS HIGH" "quota 1.2.5 Unspecified.XSS MEDIUM" "revivenews 1.0.3 Missing.Authorization.via.revivenews_install_and_activate_plugins() MEDIUM" "responsive-mobile No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "radcliffe-2 2.0.18 Missing.Authorization MEDIUM" "reales-wp-real-estate-wordpress-theme No.known.fix Real.Estate.WordPress.Theme.<=.2.1.2.-.Missing.Authorization.to.Unauthenticated.Attachment.Deletion.and.Favorite.Property.Updates MEDIUM" "rehub-theme 19.6.2 Authenticated.(Subscriber+).SQL.Injection HIGH" "rehub-theme 19.6.2 Unauthenticated.Local.File.Inclusion CRITICAL" "rehub-theme 19.6.2 Authenticated.(Editor+).Local.File.Inclusion HIGH" "realestate-7 3.5.3 Unauthenticated.Privilege.Escalation CRITICAL" "realestate-7 3.5.5 Authenticated.(Custom).Arbitrary.File.Upload HIGH" "realestate-7 3.5.2 Unauthenticated.Privilege.Escalation CRITICAL" "realestate-7 3.3.5 Reflected.XSS HIGH" "realestate-7 3.3.5 Multiple.CSRF MEDIUM" "realestate-7 3.3.2 Reflected.XSS HIGH" "realestate-7 3.1.1 Reflected.Cross-Site.Scripting.(XSS) HIGH" "realestate-7 3.0.5 Unauthenticated.Reflected.XSS MEDIUM" "realestate-7 3.0.4 Unauthenticated.Reflected.XSS MEDIUM" "realestate-7 2.9.5 Multiple.Vulnerabilities HIGH" "realestate-7 2.9.1 Stored.XSS.&.IDOR MEDIUM" "relax-spa 1.1.1 Reflected.Cross-Site.Scripting MEDIUM" "restricted-site-access No.known.fix IP.Spoofing.to.Protection.Mechanism.Bypass MEDIUM" "regina-lite No.known.fix Reflected.XSS HIGH" "regina-lite 2.0.6 Unauthenticated.Function.Injection CRITICAL" "resido 3.6.1 Real.Estate.WordPress.Theme.<.3.6.1.-.Missing.Authorization.to.Unauthenticated.Server-Side.Request.Forgery.and.API.Key.Settings.Update MEDIUM" "royal-elementor-kit 1.0.117 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "royal-elementor-kit 1.0.117 Missing.Authorization.to.Arbitrary.Transient.Update MEDIUM" "restaurant-and-cafe 1.2.2 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "rise 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "rise 2.0.0 Unauthenticated.Option.Update MEDIUM" "robolist-lite No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "raise-mag No.known.fix Reflected.XSS HIGH" "responsive 5.0.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive 5.0.3 Missing.Authorization.to.HMTL.Injection HIGH" "rife-free 2.4.19 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "rife-free 2.4.20 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "roven-blog 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "rezo No.known.fix Reflected.Cross-Site.Scripting HIGH" "rezo No.known.fix Contributor+.Arbitrary.File.Upload HIGH" "raindrops 1.700 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rainbownews No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rovenstart 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "realhomes 4.3.7 Privilege.Escalation CRITICAL" "rambo 2.1.4 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "ripple 1.2.1 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "reconstruction No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "roseta No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "reality 2.5.6 Multiple.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "reality 2.5.3 Unauthenticated.Reflected.XSS MEDIUM" "reality 2.4.0 Multiple.Persistent.XSS MEDIUM" "rapyd-payments No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "rara-business 1.2.6 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "rara-business 1.2.3 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "restaurant-pt 1.1.3 Reflected.XSS HIGH" "revolve No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "speculor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "speculor No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "speculor No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "smartmag-responsive-retina-wordpress-magazine No.known.fix Unauthenticated.Sensitive.Information.Exposure.via.Log.Files MEDIUM" "storevilla 1.4.2 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "sirat No.known.fix Missing.Authorization MEDIUM" "shapely 1.2.9 Unauthenticated.Function.Injection CRITICAL" "scylla-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "shopbiz-lite 1.7.7 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "specialist No.known.fix CSRF.File.Upload HIGH" "startkit No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "socialdriver 2024 Prototype.Pollution.to.XSS HIGH" "spikes No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "septera No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "storebiz No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "suffice 1.1.6 Reflected.Cross-Site.Scripting MEDIUM" "soundblast No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "stockholm 9.7 Unauthenticated.Local.File.Inclusion CRITICAL" "stockholm 9.7 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "silesia No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "start No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simplifii No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "spabiz No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "socialv 2.0.16 Social.Network.and.Community.BuddyPress.Theme.<.2.0.16.-.Missing.Authorization.to.Arbitrary.File.Download MEDIUM" "sinatra No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sominx No.known.fix Reflected.XSS HIGH" "silk-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "startupzy 1.1.2 Multiple.Versions.-.Missing.Authorization.to.Notice.Dismissal MEDIUM" "storepress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "style No.known.fix Information.Disclosure HIGH" "shopo No.known.fix Reflected.Cross-Site.Scripting HIGH" "sarada-lite 1.1.3 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "simplish No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "slide No.known.fix Reflected.Cross-Site.Scripting HIGH" "slide No.known.fix Contributor+.Arbitrary.File.Upload HIGH" "scoreme No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "soledad 8.6.0 Unauthenticated.Limited.Local.File.Inclusion HIGH" "soledad 8.4.6 Missing.Authorization MEDIUM" "soledad 8.4.6 Cross-Site.Request.Forgery MEDIUM" "soledad 8.4.6 Missing.Authorization MEDIUM" "soledad 8.4.2 Unauthenticated.PHP.Object.Injection CRITICAL" "soledad 8.4.2 Reflected.Cross-Site.Scripting MEDIUM" "soledad 8.4.2 Authenticated.(Contributor+).SQL.Injection HIGH" "soledad 8.2.6 Subscriber+.Cross-Site.Scripting MEDIUM" "soledad 8.2.5 Reflected.Cross-site.Scripting MEDIUM" "simplecharm 1.4.4 Reflected.Cross-Site.Scripting MEDIUM" "showbiz 1.7.1 Local.File.Disclosure HIGH" "showbiz No.known.fix WordPress.Slider.Revolution.Shell.Upload CRITICAL" "sean-lite 1.4.6 Reflected.XSS HIGH" "spa-and-salon 1.2.8 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "sliding-door No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "streamit 4.0.3 Authenticated.(Subscriber+).Privilege.Escalation.via.User.Email.Change/Account.Takeover HIGH" "streamit 4.0.2 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "streamit 4.0.2 Authenticated.(Subscriber+).Arbitrary.File.Download MEDIUM" "spiko 1.1.2 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "sidepane No.known.fix Contributor+.Arbitrary.File.Upload HIGH" "sidepane No.known.fix Reflected.Cross-Site.Scripting HIGH" "sahifa 3.0.0 Multiple.Full.Path.Disclosure MEDIUM" "sahifa 3.0.0 Site.Setting.Reset.CSRF HIGH" "spikes-black No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "short 1.7.2 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "soulmedic No.known.fix Local.File.Disclosure HIGH" "soulmedic No.known.fix WordPress.Slider.Revolution.Shell.Upload CRITICAL" "statfort No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "simpolio No.known.fix Privilige.Escalation HIGH" "spawp 1.4.1 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "shuban No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "shuban No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "shuban No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "seabird No.known.fix Local.File.Disclosure HIGH" "seabird No.known.fix WordPress.Slider.Revolution.Shell.Upload CRITICAL" "swape 1.2.1 Authentication.Bypass.and.Stored.XSS CRITICAL" "spice-software 1.1.5 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "superio 1.2.33 Job.Board.<.1.2.33.-.Subscriber+.Stored.Cross-Site.Scripting LOW" "sparkling 2.4.10 Missing.Authorization.to.Unauthenticated.Arbitrary.Plugin.Activation/Deactivation MEDIUM" "sparkling 2.4.9 Unauthenticated.Function.Injection CRITICAL" "sociallyviral No.known.fix Cross-Site.Request.Forgery MEDIUM" "squared 2.0.0 Unauthenticated.Option.Update MEDIUM" "squared 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "squaretype 3.0.4 Unauthenticated.Private/Schedule.Posts.Disclosure MEDIUM" "scrollme No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "saleszone No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "saul 1.1.0 Reflected.XSS HIGH" "sportsmag No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "striking-r 2.3.5 Reflected.Cross-Site.Scripting MEDIUM" "striking-r 2.3.5 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "smartit No.known.fix Information.Disclosure HIGH" "store-commerce No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "spasalon 2.2.1 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "storely No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "storely No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shoppette 1.0.5 Unspecified.XSS MEDIUM" "sweetdate 3.8.0 Unauthenticated.Privilege.Escalation CRITICAL" "salzburg-blog No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "swing-lite 1.2.0 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "storied 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "storied 2.0.0 Unauthenticated.Option.Update MEDIUM" "travel-agency 1.4.2 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "the-wound No.known.fix Unauthenticated.LFI HIGH" "tijaji No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tijaji No.known.fix Reflected.XSS HIGH" "the-conference 1.2.1 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "tiki-time No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tiki-time No.known.fix Reflected.XSS HIGH" "tuaug4 No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tuaug4 No.known.fix Reflected.XSS HIGH" "th-shop-mania 1.5.0 Authenticated.(Subscriber+).Arbitrary.Plugin.Installation/Activation HIGH" "theron-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "travel-booking 1.2.3 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "tantyyellow No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tantyyellow No.known.fix Reflected.XSS HIGH" "the-monday No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "travel-tour 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "themify-ultra 7.3.6 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "themify-ultra 7.3.6 Missing.Authorization MEDIUM" "themify-ultra 7.3.6 Privilege.Escalation HIGH" "themify-ultra 7.3.6 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "themify-ultra 7.3.6 Missing.Authorization MEDIUM" "thrive-theme 3.24.0 Subscriber+.Privilege.Escalation HIGH" "thrive-theme 3.24.2 Cross-Site.Request.Forgery HIGH" "thrive-theme 3.24.0 Missing.Authorization HIGH" "thrive-theme 2.2.4 Unauthenticated.Option.Update MEDIUM" "the-authority No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tempera No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "travey 1.0.5 Multiple.Versions.-.Missing.Authorization.to.Notice.Dismissal MEDIUM" "travel-agency-booking No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "theroof 1.0.4 Unauthenticated.Reflected.XSS HIGH" "topcat-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "the-launcher 1.3.3 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "total 2.1.60 Missing.Authorization.to.Authenticated.(Subscriber+).Sections.Update MEDIUM" "tiger No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "tiger No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "transcend 1.2.0 Unauthenticated.Function.Injection CRITICAL" "traveler No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "traveler No.known.fix Unauthenticated.SQL.Injection HIGH" "traveler No.known.fix Missing.Authorization MEDIUM" "traveler No.known.fix Missing.Authorization MEDIUM" "traveler 3.1.9 Reflected.Cross-Site.Scripting MEDIUM" "traveler 3.1.9 Unauthenticated.Local.File.Inclusion.via.hotel_alone_load_more_post CRITICAL" "traveler 3.2.0 Authenticated.(Contributor+).Local.File.Inclusion.via.Shortcode HIGH" "traveler 3.1.7 Unauthenticated.SQL.Injection.via.order_id HIGH" "traveler 3.1.7 Missing.Authorization.in.Several.AJAX.Actions MEDIUM" "traveler 2.8.4 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "traveler 2.8.4 Unauthenticated.SQL.Injection HIGH" "traveler 2.8.2 Unauthenticated.Reflected.XSS MEDIUM" "traveler 2.7.8.6 Reflected.&.Persistent.XSS.Issues MEDIUM" "traveler 2.7.8.4 Reflected.&.Stored.XSS MEDIUM" "the-ultralight No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tweaker5 No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "taina No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "tinysalt 3.10.0 Unauthenticated.PHP.Object.Injection.in.ajax_handler CRITICAL" "tastyc 2.5.2 Unauthenticated.Local.File.Inclusion CRITICAL" "temp-mail-x No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "thegem 5.9.2 Reflected.Cross-Site.Scripting MEDIUM" "teardrop No.known.fix Privilige.Escalation HIGH" "tevily No.known.fix Reflected.XSS HIGH" "t1 No.known.fix Open.Redirect MEDIUM" "totalpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tainacan-interface 2.7.2 Reflected.Cross-Site.Scripting MEDIUM" "theme-translation-for-polylang 3.2.17 Unauthenticated.Translation.Settings.Update MEDIUM" "truemag No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "travel-monster 1.1.3 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "trendy-news 1.0.15 Cross-Site.Request.Forgery MEDIUM" "triton-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "top-store 1.5.5 Authenticated.(Subscriber+).Arbitrary.Plugin.Installation/Activation HIGH" "traveltour 5.2.4 Reflected.XSS HIGH" "the-next No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "techism No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tydskrif No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tydskrif No.known.fix Reflected.XSS HIGH" "townhub 1.3.0 Unauthenticated.Reflected.XSS HIGH" "townhub 1.0.6 Multiple.Vulnerabilities HIGH" "u-design No.known.fix Reflected.Cross-Site.Scripting HIGH" "u-design 2.7.10 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "uncode 2.9.1.7 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.mle-description MEDIUM" "uncode 2.9.1.7 Subscriber+.Arbitrary.File.Read.in.uncode_recordMedia MEDIUM" "uncode 2.9.1.7 Unauthenticated.Arbitrary.File.Read.in.uncode_admin_get_oembed HIGH" "unakit 1.2.5.3 Reflected.Cross-Site.Scripting MEDIUM" "unakit 1.2.4.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ultrapress No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "ultralight No.known.fix Reflected.XSS HIGH" "unique No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "unseen-blog No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "ultimatum 2.9.1.5 Local.File.Disclosure HIGH" "ultimatum 2.9.1.5 WordPress.Slider.Revolution.Shell.Upload CRITICAL" "unlimited 1.46 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "uncode-lite No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "upfrontwp No.known.fix Reflected.XSS HIGH" "unicon-lite 1.2.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "udesign 4.11.3 Missing.Authorization MEDIUM" "viralike No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "viralike 1.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "viala No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "viala No.known.fix Reflected.XSS HIGH" "virtue 3.4.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.Author MEDIUM" "visual-composer-starter 3.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "viable-blog No.known.fix Reflected.XSS HIGH" "videoblog No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "voice 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "voice 2.0.0 Unauthenticated.Option.Update MEDIUM" "vikinger 1.9.31 Authenticated.(Subscriber+).Privilege.Escalation.via.'vikinger_user_meta_update_ajax' HIGH" "vw-automobile-lite No.known.fix Missing.Authorization MEDIUM" "vernissage 1.3 Privilige.Escalation HIGH" "vilva 1.2.3 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "villar 1.1.0 Reflected.Cross-Site.Scripting MEDIUM" "villar 1.0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "veda No.known.fix MultiPurpose.WordPress.Theme.<=.4.2.-.Authenticated.(Subscriber+).PHP.Object.Injection CRITICAL" "viburno 1.3.2 Reflected.XSS HIGH" "vertice 1.0.11 Various.Versions.and.Themes.-.Missing.Authorization MEDIUM" "vmagazine-news 1.0.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "verbosa 1.2.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "venice-lite 1.5.5 Reflected.XSS HIGH" "vmag 1.2.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "vw-storefront 1.0.0 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Reset MEDIUM" "vmagazine-lite 1.3.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "winters No.known.fix Reflected.Cross-Site.Scripting.via.Prototype.Pollution MEDIUM" "wyzi-business-finder 2.4.3 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wanderland 1.7.2 Unauthenticated.Local.File.Inclusion CRITICAL" "wp-forge No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "weddingalbum No.known.fix Information.Disclosure HIGH" "weeklynews 2.2.9 Cross-Site.Scripting.(XSS) MEDIUM" "workscout 2.0.33 Authenticated.Stored.XSS.&.XFS HIGH" "wireless-butler No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wallstreet 2.0.5 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "wishful-blog No.known.fix Reflected.XSS HIGH" "wr-nitro No.known.fix Unauthenticated.Arbitrary.Plugin.Installation CRITICAL" "wp-portfolio 2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wibar 1.2.1 Authenticated.Stored.Cross-Site.Scripting HIGH" "wproject 5.8.0 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "wproject 5.8.0 Reflected.Cross-Site.Scripting MEDIUM" "wproject 5.8.0 Missing.Authorization.to.Unauthenticated.Content.Modification.and.Deletion MEDIUM" "wp-real-estate No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "woostify 1.9.2 CSRF.Bypass MEDIUM" "wp-weixin 1.3.17 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wpcake No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-moose 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "wp-moose 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "workup 2.1.6 Unauthenticated.Reflected.XSS MEDIUM" "wedding-bride 1.0.2 Reflected.XSS HIGH" "workio 1.0.3 Unauthenticated.Reflected.XSS MEDIUM" "wlow 1.2.7 Reflected.XSS HIGH" "wp-foodbakery 4.8 Missing.Authorization.in.Multiple.Functions HIGH" "wp-foodbakery No.known.fix Cross-Site.Request.Forgery.in.Multiple.Functions HIGH" "workreap 2.6.4 Subscriber+.Arbitrary.Posts.Deletion.via.IDOR MEDIUM" "workreap 2.6.3 Freelance.Marketplace.and.Directory.<.2.6.3.-.Subscriber+.Private.Message.Disclosure.via.IDOR MEDIUM" "workreap 2.2.2 Missing.Authorization.Checks.in.Ajax.Actions HIGH" "workreap 2.2.2 Unauthenticated.Upload.Leading.to.Remote.Code.Execution CRITICAL" "workreap 2.2.2 Multiple.CSRF.+.IDOR.Vulnerabilities HIGH" "welowe No.known.fix Reflected.XSS HIGH" "woffice 5.4.22 Authentication.Bypass.via.Registration.Role CRITICAL" "woffice 5.4.15 Unauthenticated.Privilege.Escalation CRITICAL" "woffice 5.4.12 Unauthenticated.Privilege.Escalation CRITICAL" "woffice 5.4.9 Reflected.Cross-Site.Scripting MEDIUM" "woffice 4.0.2 Unauthenticated.Disclosure.of.Notification.Titles MEDIUM" "weaver-xtreme 6.4 Contributor+.Stored.XSS MEDIUM" "weaver-xtreme 6.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wp-magazine No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wigi No.known.fix Contributor+.Arbitrary.File.Upload HIGH" "wplms 1.9.9.1 Missing.Authorization.to.Unauthenticated.User.Token.Generation MEDIUM" "wplms 1.9.9.5.2 Authenticated.(Student+).Arbitrary.File.Upload HIGH" "wplms 1.9.9.5.2 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "wplms 1.9.9.5 Authenticated.(Student+).Remote.Code.Execution HIGH" "wplms 1.9.9.1 Unauthenticated.Privilege.Escalation CRITICAL" "wplms 1.9.9.5.2 Authenticated.(Contributor+).Arbitrary.Directory.Deletion HIGH" "wplms 1.9.9.5.2 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "wplms 1.9.9.5.3 Authenticated.(Instructor+).SQL.Injection MEDIUM" "wplms 1.9.9.5.2 Authenticated.(Instructor+).Arbitrary.File.Upload HIGH" "wplms 1.9.9.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wplms 1.9.9.5 Unauthenticated.Arbitrary.Directory.Deletion HIGH" "wplms 1.9.9.5.3 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wplms 1.9.9.1 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "wplms 1.9.9.5.3 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "wplms 4.963 Unauthenticated.Arbitrary.File.Read.and.Deletion CRITICAL" "wplms 4.900 Cross-Site.Request.Forgery HIGH" "woodmart 8.0.4 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "woodmart 7.2.5 Reflected.XSS HIGH" "woodmart 7.2.2 Subscriber+.Stored.XSS HIGH" "woodmart 7.1.2 License.Update/Deactivation.via.CSRF MEDIUM" "woodmart 7.1.2 Unauthenticated.Arbitrary.Shortcode.Injection HIGH" "wellness No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "whitish-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-sierra No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-sierra No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "westand 2.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "whimsy-framework No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woohoo No.known.fix Settings.Update.via.CSRF MEDIUM" "xin No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "xews-lite No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "xstore 9.3.9 Reflected.Cross-Site.Scripting HIGH" "xstore 9.3.9 Missing.Authorization MEDIUM" "xstore 9.3.9 Missing.Authorization MEDIUM" "xstore 9.3.9 Unauthenticated.Local.File.Inclusion CRITICAL" "xstore 9.3.9 Subscriber+.Arbitrary.Options.Update HIGH" "xstore 9.3.9 Unauthenticated.SQLi HIGH" "xenon No.known.fix Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "yourjourney No.known.fix Reflected.Cross-Site.Scripting.via.Prototype.Pollution MEDIUM" "yuki 1.3.14 Missing.Authorization.to.Authenticated.(Subscriber+).Theme.Setting.Reset MEDIUM" "yuki 1.3.15 Cross-Site.Request.Forgery.to.Theme.Setting.Reset MEDIUM" "yuki 1.3.8 Reflected.Cross-Site.Scripting MEDIUM" "zigcy-lite 2.1.0 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "zox-news 3.17.0 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "zeever 1.1.1 Multiple.Versions.-.Missing.Authorization.to.Notice.Dismissal MEDIUM" "zenon-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "zass No.known.fix WooCommerce.Theme.for.Handmade.Artists.and.Artisans.<=.3.9.9.10.-.Missing.Authorization.to.Authenticated.(Subscriber+).Demo.Import MEDIUM" "zbench No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "zigcy-baby 1.0.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "zoxpress 2.12.1 The.All-In-One.WordPress.News.Theme.<.2.12.1.-.Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Deletion HIGH" "zoxpress 2.12.1 The.All-In-One.WordPress.News.Theme.<.2.12.1.-.Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "zigcy-cosmetics 1.0.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "zilom No.known.fix Reflected.XSS HIGH" "zegen No.known.fix Church.WordPress.Theme.<=.1.1.9.-.Missing.Authorization.to.Authenticated.(Subscriber+).Theme.Options.Updates MEDIUM") + releases_themes=("eighteen-tags 3.1.1") + vulns_themes=("15zine 3.3.0 Reflected.Cross-Site.Scripting MEDIUM" "5star No.known.fix CSRF.File.Upload HIGH" "activello No.known.fix Reflected.XSS HIGH" "activello 1.4.2 Unauthenticated.Function.Injection CRITICAL" "accessbuddy No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "ashe 2.244 Reflected.Cross-Site.Scripting.via.add_query_arg.Parameter MEDIUM" "ashe 2.234 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "aapna No.known.fix Reflected.XSS HIGH" "adifier 3.1.4 Reflected.Cross-Site.Scripting MEDIUM" "avada 7.11.7 Authenticated.(Admin+).SQL.Injection.via.entry HIGH" "avada 7.11.7 Unauthenticated.Sensitive.Information.Exposure.via.Form.Uploads.Directory.Listing MEDIUM" "avada 7.11.7 Authenticated.(Contributor+).Server-Side.Request.Forgery.via.form_to_url_action MEDIUM" "avada 7.11.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "avada 7.11.5 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "avada 7.11.2 Contributor+.SSRF HIGH" "avada 7.11.2 Contributor+.Arbitrary.File.Upload MEDIUM" "avada 7.11.2 Subscriber+.Portfolio.Permalinks.Creation MEDIUM" "avada 7.11.2 Author+.Arbitrary.File.Upload.via.Zip.Extraction HIGH" "althea-wp 1.0.16 Various.Versions.and.Themes.-.Missing.Authorization MEDIUM" "accio 1.1.1 Information.Disclosure HIGH" "acerola No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "acerola No.known.fix Missing.Authorization MEDIUM" "amela 1.0.12 Reflected.Cross-Site.Scripting MEDIUM" "amela 1.0.14 Reflected.Cross-Site.Scripting MEDIUM" "amela 1.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "aora 1.3.10 Unauthenticated.Local.File.Inclusion CRITICAL" "agncy No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "accesspress-lite 2.93 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "adventure-journal No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "anand No.known.fix Reflected.XSS HIGH" "avantage No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "awpbusinesspress 0.2.4 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "artificial-intelligence 1.2.4 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "accesspress-root 2.6.0 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "adifier-system 3.1.4 .Unauthenticated.Local.File.Inclusion CRITICAL" "adifier-system 3.1.4 Unauthenticated.SQL.Injection CRITICAL" "almera 1.1.8 Information.Disclosure HIGH" "altair No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "altair 5.2.5 Unauthenticated.Arbitrary.Options.Update.via.pp_import_current CRITICAL" "accesspress-basic 3.2.2 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "accesspress-ray No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "arya-multipurpose-pro No.known.fix Reflected.XSS HIGH" "auto-car No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "adforest 5.1.9 Authentication.Bypass CRITICAL" "adforest 5.1.8 Classified.Ads.WordPress.Theme.<.5.1.8.-.Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post/Attachment.Deletion MEDIUM" "adforest 5.1.7 Privilege.Escalation.via.Password.Reset/Account.Takeover CRITICAL" "adforest 5.1.7 Authentication.Bypass CRITICAL" "anywhere-elementor-pro No.known.fix Missing.Authorization MEDIUM" "affluent 1.1.2 Unauthenticated.Function.Injection CRITICAL" "accesspress-mag 2.6.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "auramart No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ask-me 6.8.7 Post.Deletion.via.CSRF MEDIUM" "ask-me 6.8.4 CSRF.in.Edit.Profile MEDIUM" "ask-me 6.8.2 Reflected.Cross-Site.Scripting MEDIUM" "ask-me 6.8.2 Multiple.CSRF.in.AJAX.Actions HIGH" "anfaust No.known.fix Reflected.XSS HIGH" "antioch No.known.fix Arbitrary.File.Download HIGH" "atlast-business No.known.fix Reflected.XSS HIGH" "akal No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "awake No.known.fix Local.File.Disclosure HIGH" "awake No.known.fix WordPress.Slider.Revolution.Shell.Upload CRITICAL" "anih No.known.fix Creative.Agency.WordPress.Theme.<=.2024.-.Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "arya-multipurpose No.known.fix Unauthenticated.Reflected.XSS HIGH" "arkhe No.known.fix Local.File.Inclusion.via.CSRF HIGH" "arlo No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "agency-lite 1.1.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "attire 2.0.7 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "accesspress-staple No.known.fix Authenticated.(Subscriber+).Arbitrary.Plugin.Activation.and.Deactivation HIGH" "accesspress-staple No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "arrival No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "ashley 1.8.0 Unauthenticated.Local.File.Inclusion CRITICAL" "axioma 1.1.2 Information.Disclosure HIGH" "attorney No.known.fix Reflected.XSS HIGH" "attorney No.known.fix Unauthenticated.Arbitrary.Page/Post.Deletion MEDIUM" "antreas 1.0.7 Unauthenticated.Function.Injection CRITICAL" "accesspress-store 2.5.0 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "aurum-minimalist-shopping-theme 4.0.3 WordPress.&.WooCommerce.Shopping.Theme.<.4.0.3.-.Missing.Authorization.to.Authenticated.(Subscriber+).Demo.Content.Import MEDIUM" "aihub 1.3.8 Unauthenticated.Arbitrary.File.Upload.in.generate_image CRITICAL" "aihub No.known.fix Startup.&.Technology.WordPress.Theme.<=.1.3.3.-.Unauthenticated.Arbitrary.File.Upload CRITICAL" "aries No.known.fix Local.File.Disclosure HIGH" "aries No.known.fix WordPress.Slider.Revolution.Shell.Upload CRITICAL" "aplite No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "auberge 1.4.5 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "astore No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "astra 4.6.5 Editor+.Stored.XSS.via.Theme.Header/Footer LOW" "astra 4.6.9 Contributor+.Stored.XSS MEDIUM" "accesspress-parallax 4.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "aports No.known.fix Reflected.XSS HIGH" "aidreform No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "appointment 3.2.6 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "arendelle 1.1.13 Reflected.XSS HIGH" "arendelle 1.1.11 Reflected.Cross-Site.Scripting MEDIUM" "arendelle 1.1.13 Reflected.Cross-Site.Scripting MEDIUM" "arendelle 1.1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "airin-blog 1.6.3 Unauthenticated.PHP.Object.Injection HIGH" "aquarella-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "aquarella-lite No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "anima 1.4.1.1 Contributor+.Stored.XSS MEDIUM" "allegiant No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "allegiant 1.2.6 Unauthenticated.Function.Injection CRITICAL" "arilewp 2.9.7 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "accountra 1.0.4 Multiple.Versions.-.Missing.Authorization.to.Notice.Dismissal MEDIUM" "art-theme 3.12.3 Missing.Authorization.to.Authenticated.(Subscriber+).Theme.Option.Delete MEDIUM" "bw-zagg No.known.fix Electronics.&.Accessories.WooCommerce.WordPress.Theme.<=.1.4.1.-.Unauthenticated.Local.File.Inclusion HIGH" "buddyboss-theme 2.5.01 Cross-Site.Request.Forgery MEDIUM" "buddyboss-theme 2.4.61 Missing.Authorization MEDIUM" "brandy 1.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bulk No.known.fix Missing.Authorization MEDIUM" "blockst 1.0.8 Reflected.Cross-Site.Scripting MEDIUM" "buddyboss-platform 2.6.0 Subscriber+.Comment.on.Private.Post.via.IDOR MEDIUM" "big-store 2.0.9 Missing.Authorization MEDIUM" "bicycleshop 1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "brite 1.0.15 Various.Versions.and.Themes.-.Missing.Authorization MEDIUM" "baton No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "business-pro No.known.fix Reflected.XSS HIGH" "butcher No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "butcher No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "boot-store No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "boot-store No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "builty 1.5.0 Unauthenticated.Local.File.Inclusion CRITICAL" "balkon 1.3.3 Reflected.Cross-Site.Scripting HIGH" "bloglo 1.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bricks 1.9.7 Authenticated.(Contributor+).Privilege.Escalation.via.create_autosave HIGH" "bricks 1.10.2 Authenticated.(Bricks.Page.Builder.Access+).Stored.Cross-Site.Scripting MEDIUM" "bricks 1.8.2 Cross-Site.Request.Forgery.via.reset_settings MEDIUM" "bricks 1.8.2 Cross-Site.Request.Forgery.via.save_settings MEDIUM" "bricks 1.9.6.1 Unauthenticated.Remote.Code.Execution CRITICAL" "bricks 1.9.6.1 Unauthenticated.Remote.Code.Execution CRITICAL" "bricks 1.5.4 Subscriber+.Arbitrary.Post/Page.Edition HIGH" "bricks 1.5.4 Subscriber+.Remote.Code.Execution HIGH" "betheme 28.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "betheme 27.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Custom.JS MEDIUM" "betheme 27.5.6 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File MEDIUM" "betheme No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "betheme 27.5.7 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "betheme 27.1.2 Missing.Authorization MEDIUM" "betheme 26.8 Reflected.XSS HIGH" "betheme 26.6.3 Subscriber+.Stored.XSS MEDIUM" "betheme 26.6 Contributor+.PHP.Object.Injection MEDIUM" "betheme 26.6.3 Subscriber+.Unauthorised.Action MEDIUM" "betheme 26.6.3 Missing.Authorization HIGH" "betheme 26.6 Subscriber+.PHP.Object.Injection MEDIUM" "bello 1.6.0 Authenticated.Cross-Site.Scripting.(XSS).and.XFS MEDIUM" "bello 1.6.0 Unauthenticated.Blind.SQL.Injection CRITICAL" "bello 1.6.0 Unauthenticated.Reflected.XSS.&.XFS MEDIUM" "bw-petito No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "bazaar-lite 1.8.6 Reflected.XSS HIGH" "blossom-spa 1.3.5 Sensitive.Information.Exposure MEDIUM" "bootstrap-blog 10.2.3 Reflected.Cross-Site.Scripting MEDIUM" "blain No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "blocksy 2.0.98 Missing.Authorization LOW" "blocksy 2.0.78 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blocksy 2.0.51 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blocksy 2.0.47 Contributor+.Stored.XSS MEDIUM" "blocksy 2.0.43 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blocksy 2.0.40 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "blocksy 2.0.34 Contributor+.Stored.XSS MEDIUM" "blocksy 2.0.27 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blocksy 2.0.20 Authenticated.(Editor+).Stored.Cross-Site.Scripting LOW" "bootstrap-coach 1.1.2 Reflected.Cross-Site.Scripting MEDIUM" "businessexpo 0.1.4 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "blessing 1.3.2.1 Information.Disclosure HIGH" "broadcast-lite 2.0.7 Reflected.Cross-Site.Scripting MEDIUM" "broadcast-lite 2.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "backpacktraveler No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "bacola No.known.fix Cross-Site.Request.Forgery MEDIUM" "brooklyn 4.9.9.3 Authenticated.(Subscriber+).PHP.Object.Injection.in.ot_decode HIGH" "brooklyn No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "brooklyn No.known.fix PHP.Object.Injection HIGH" "bingle 1.0.5 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "bretheon No.known.fix Local.File.Disclosure HIGH" "bretheon No.known.fix WordPress.Slider.Revolution.Shell.Upload CRITICAL" "brasserie No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "barter 1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bloger 1.2.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "business-one-page 1.3.0 Missing.Authorization.to.Notice.Dismissal MEDIUM" "bridge 18.2.1 Open.Redirect HIGH" "bridge 11.2 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "bw-fitrush No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "beauty No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.tpl_featured_cat_id.Parameter MEDIUM" "busiprof No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "busiprof 2.3.8 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "bani No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bani No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bani No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "benevolent 1.3.5 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "basil 2.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bakes-and-cakes 1.2.7 Missing.Authorization.to.Notice.Dismissal MEDIUM" "bimber No.known.fix Viral.Magazine.WordPress.Theme.<=.9.2.5.-.Authenticated.(Contributor+).Local.File.Inclusion HIGH" "brand No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "brand No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "brand No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "bloghub No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "blockbooster 1.0.11 Missing.Authorization MEDIUM" "bizpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "businesswp 1.1 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "brilliance No.known.fix Subscriber+.Stored.XSS HIGH" "brilliance 1.3.0 Unauthenticated.Function.Injection CRITICAL" "bodycenter No.known.fix Gym,.Fitness.WooCommerce.WordPress.Theme.<=.2.4.-.Unauthenticated.Local.File.Inclusion CRITICAL" "bolster No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "bootstrap-ultimate No.known.fix Unauthenticated.Limited.Local.File.Inclusion CRITICAL" "busicare 1.1.9 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "bootstrap-fitness 1.0.6 Reflected.Cross-Site.Scripting MEDIUM" "book-landing-page 1.2.4 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "bw-craftxtore No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "bingopress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "beauty-premium No.known.fix Arbitrary.File.Upload MEDIUM" "bootstrap-photography No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "business-directory No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "bloggie No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "bloggie No.known.fix Contributor+.Arbitrary.File.Upload HIGH" "bunnypresslite 2.1 Reflected.XSS HIGH" "boliin No.known.fix Reflected.XSS HIGH" "bonkers 1.0.6 Unauthenticated.Function.Injection CRITICAL" "bellevuex No.known.fix Missing.Authorization MEDIUM" "bookyourtravel 8.18.19 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "bard 2.217 Reflected.Cross-Site.Scripting.via.add_query_arg.Parameter MEDIUM" "bard 2.211 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "buzzclub 2.0.5 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Arbitrary.Option.Update MEDIUM" "bw-giftxtore No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "bbe 1.53 Direct.Object.Reference MEDIUM" "brain-power No.known.fix Reflected.XSS HIGH" "bravada 1.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blogpoet 1.0.3 Missing.Authorization.via.blogpoet_install_and_activate_plugins() MEDIUM" "besa 2.3.10 Unauthenticated.Local.File.Inclusion CRITICAL" "blossom-shop 1.1.8 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "build No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "colibri-wp 1.0.99 Various.Versions.and.Themes.-.Missing.Authorization MEDIUM" "colibri-wp 1.0.101 Cross-Site.Request.Forgery.to.Limited.Plugin.Installation MEDIUM" "chained No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "crafts-and-arts No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "clean-retina 3.0.7 Unauthenticated.Local.File.Inclusion CRITICAL" "cafe-bistro 1.1.4 Reflected.XSS HIGH" "chic-lifestyle 10.0.8 Reflected.Cross-Site.Scripting MEDIUM" "consultpress-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "consultpress-lite No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "consultpress-lite No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "carzine No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cosmetsy No.known.fix Cross-Site.Request.Forgery MEDIUM" "corsa No.known.fix Subscriber+.Arbitrary.Plugin.Installation CRITICAL" "cas No.known.fix Unauthenticated.Arbitrary.File.Access HIGH" "cas No.known.fix Unauthenticated.SSRF HIGH" "cozystay 1.7.1 Unauthenticated.Local.File.Inclusion CRITICAL" "cozystay 1.7.1 Unauthenticated.PHP.Object.Injection CRITICAL" "cozystay 1.7.1 Missing.Authorization.to.Arbitrary.Action.Execution.in.ajax_handler HIGH" "cozystay 1.7.1 Unauthenticated.PHP.Object.Injection.in.ajax_handler CRITICAL" "cactus No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "counterpoint No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "counterpoint No.known.fix Reflected.XSS HIGH" "cloudpress 2.4.9 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "construction-landing-page 1.3.6 Missing.Authorization.to.Notice.Dismissal MEDIUM" "churel No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "citybook 2.4.4 Unauthenticated.Reflected.XSS HIGH" "citybook 2.3.4 Multiple.Vulnerabilities HIGH" "cuisine-palace No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cuisine-palace No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "catch-base 3.4.7 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "campress No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "colormag 3.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Display.Name MEDIUM" "colormag 3.1.3 Missing.Authorization.to.Arbitrary.Plugin.Installation MEDIUM" "clockstone No.known.fix Arbitrary.File.Upload CRITICAL" "careerfy 6.3.0 Authenticated.Stored.XSS MEDIUM" "careerfy 4.4.0 Unauthenticated.Reflected.XSS MEDIUM" "careerfy 4.3.0 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "careerfy 4.1.0 Multiple.Cross-Site.Scripting.(XSS).Issues MEDIUM" "careerfy 3.9.0 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "celestial-aura No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "cardealer No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "cardealer 1.6.5 Cross-Site.Request.Forgery.to.User.Update.via.update_user_profile HIGH" "cardealer 1.6.5 Arbitrary.Theme.Option.Update.to.Authenticated.(Subscriber+).Privilege.Escalation HIGH" "cardealer 1.6.5 Missing.Authorization.to.Authenticated.(Subscriber+).Change.and.Delete.JS.and.CSS.Files MEDIUM" "cardealer 1.6.4 Authenticated.(Subscriber+).Arbitrary.File.Deletion.and.Read HIGH" "cardealer 1.1.9 Information.Disclosure HIGH" "careerup 2.3.1 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "civi No.known.fix Authentication.Bypass.via.Password.Update CRITICAL" "civi No.known.fix Authentication.Bypass.via.Non-Randomized.Password.for.SSO.Accounts MEDIUM" "civi No.known.fix Sensitive.Information.Exposure HIGH" "custom-community 2.0.25 Stored.Cross-Site.Scripting.(XSS) HIGH" "club-theme No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "consultstreet 1.6.7 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "colorway No.known.fix Cross-Site.Request.Forgery MEDIUM" "colorway No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "colorway 3.4.2 Cross-Site.Scripting.(XSS) MEDIUM" "create 2.9.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "customizr 4.4.22 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "customizr 4.3.1 Arbitrary.Settings.Update.via.CSRF MEDIUM" "customizr 4.3.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "city-store No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "click-mag 3.7.0 Viral.WordPress.News.Magazine/Blog.Theme.<.3.7.0.-.Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Deletion HIGH" "car-repair-services No.known.fix Unauthenticated.Server-Side.Request.Forgery HIGH" "car-repair-services 4.0 Unauthenticated.Reflected.XSS.&.XFS HIGH" "construct 2.8.3 Local.File.Disclosure HIGH" "construct 2.8.3 WordPress.Slider.Revolution.Shell.Upload CRITICAL" "colornews 1.2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "carspot 2.4.4 Unauthenticated.Arbitrary.Password.Reset/Account.Takeover CRITICAL" "carspot 2.2.3 Multiple.Vulnerabilities MEDIUM" "classima 2.1.11 Reflected.Cross-Site.Scripting MEDIUM" "customify-theme No.known.fix Missing.Authorization MEDIUM" "careplus No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "corporate-event No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "constix No.known.fix Reflected.XSS HIGH" "chic-lite 1.1.4 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "clotya No.known.fix Cross-Site.Request.Forgery MEDIUM" "ciyashop No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "ciyashop 4.19.1 Multipurpose.WooCommerce.Theme.<.4.19.1.-.Unauthenticated.PHP.Object.Injection CRITICAL" "cyclone-blog No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "college 1.5.1 Reflected.XSS HIGH" "cozipress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "capie No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "coachify 1.0.8 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "course-builder 3.6.6 Online.Course.WordPress.Theme.<.3.6.6.-.Unauthenticated.PHP.Object.Injection CRITICAL" "consultera No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "couponis-demo 2.2 Unauthenticated.SQL.Injection CRITICAL" "chaostheory 1.3.2 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "conult No.known.fix Reflected.XSS HIGH" "consus 1.0.7 Cross-Site.Request.Forgery MEDIUM" "cww-portfolio No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "connections-reloaded No.known.fix Reflected.XSS HIGH" "couponxl No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "construction-lite 1.2.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "delicate No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "divi 4.25.1 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "divi 4.23.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "divi 4.5.3 4.5.2,.Extra.2.0.-.4.5.2,.Divi.Builder.2.0.-.4.5.2).-.Authenticated.Arbitrary.File.Upload MEDIUM" "divi 4.0.10 Authenticated.Code.Injection MEDIUM" "divi 3.17.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "divi 2.6.4 Privilege.Escalation HIGH" "digi-store No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "deadline No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "digital-store 1.3.3 Unspecified.XSS MEDIUM" "directory 3.0.2 Reflected.XSS HIGH" "drop 1.22 Reflected.XSS HIGH" "disconnected No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "discy 5.5.3 Missing.validation.lead.to.functionality.abuse LOW" "discy 5.0 Subscriber+.Broken.Access.Control.to.change.settings MEDIUM" "discy 5.2 Settings.Update.via.CSRF MEDIUM" "discy 5.2 Restore.Default.Settings.via.CSRF MEDIUM" "dailydeal No.known.fix File.Upload.Remote.Code.Execution HIGH" "diplomat 1.0.3 Information.Disclosure HIGH" "darcie 1.1.6 Reflected.XSS HIGH" "design-comuni-wordpress-theme 1.1.2 Unauthenticated.Stored.XSS HIGH" "digital-newspaper 1.1.6 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "dash No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "dessau 1.9 Unauthenticated.Local.File.Inclusion CRITICAL" "designexo 3.7 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "dt-the7 11.14.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.url.Attribute MEDIUM" "dt-the7 11.6.1 Reflected.XSS HIGH" "dt-the7 2.1.1 Cross-Site.Scripting.(XSS) MEDIUM" "diza 1.3.9 Unauthenticated.Local.File.Inclusion CRITICAL" "dwt-listing 3.3.5 Directory.&.Listing.WordPress.Theme.<=3.3.4.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "dwt-listing 3.3.4 Directory.&.Listing.WordPress.Theme.<.3.3.4.-.Reflected.Cross-Site.Scripting MEDIUM" "dor 2.4.1 Unauthenticated.Local.File.Inclusion CRITICAL" "doko 1.1.0 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "digitally No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "digitally No.known.fix Reflected.XSS HIGH" "eighteen-tags 3.1.1 Reflected.Cross-Site.Scripting MEDIUM" "elation No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "elation 1.1.01 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "entrada No.known.fix Unauthenticated.SQL.Injection HIGH" "elitepress 2.0.3 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "edumall 4.3.0 Unauthenticated.Local.File.Inclusion HIGH" "excellent 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "edmin No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "edmin No.known.fix Reflected.Cross-Site.Scripting HIGH" "edmin No.known.fix Contributor+.Arbitrary.File.Upload HIGH" "elasta 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "elasta 1.0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "exquisite-wp No.known.fix DOM.Cross-Site.Scripting.(XSS) MEDIUM" "everest-news-pro No.known.fix Reflected.XSS HIGH" "echelon 2.8.3 Local.File.Disclosure HIGH" "echelon 2.8.3 WordPress.Slider.Revolution.Shell.Upload CRITICAL" "education-lms No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elevate-wp 1.0.17 Various.Versions.and.Themes.-.Missing.Authorization MEDIUM" "enfold 7.0 Missing.Authorization.to.Sensitive.Information.Disclosure.in.avia-export-class.php MEDIUM" "enfold 7.0 Authenticated.(Subscriber+).Server-Side.Request.Forgery.via.attachment_id MEDIUM" "enfold 6.0.4 Contributor+.Stored.XSS.via.wrapper_class.and.class.Parameters MEDIUM" "enfold 5.6.10 Reflected.Cross-Site.Scripting MEDIUM" "enfold 5.6.5 Reflected.Cross-Site.Scripting MEDIUM" "enfold 4.8.4 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "empowerment No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "eventpress 5.7 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "everse 1.2.4 Reflected.XSS HIGH" "everse 1.8.10 Reflected.Cross-Site.Scripting MEDIUM" "everse 1.8.12 Reflected.Cross-Site.Scripting MEDIUM" "everse 1.8.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "envo-business No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "estrutura-basica No.known.fix Local.File.Download. HIGH" "epic No.known.fix Arbitrary.File.Download HIGH" "easybook 1.2.2 Multiple.Vulnerabilities HIGH" "esotera 1.2.6 Contributor+.Stored.XSS MEDIUM" "envo-multipurpose No.known.fix Missing.Authorization LOW" "eximius No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "event 1.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "education-zone 1.3.5 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "eptonic No.known.fix Valums.Uploader.Shell.Upload.Exploit CRITICAL" "eduma 5.6.5 Missing.Authorization MEDIUM" "eduma 5.4.8 Reflected.Cross-Site.Scripting MEDIUM" "everest-news No.known.fix Reflected.XSS HIGH" "edge 2.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Author.Display.Name MEDIUM" "eco-nature 2.1.0 Environment.&.Ecology.WordPress.Theme.<.2.1.0.-.Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Options.Update HIGH" "esteem 1.5.1 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "enlighten 1.3.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "elegant-pink 1.3.1 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "empowerwp 1.0.22 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "enzio No.known.fix Responsive.Business.WordPress.Theme.<=.1.1.8.-.Unauthenticated.Local.File.Inclusion CRITICAL" "focusblog 2.0.0 Unauthenticated.Option.Update MEDIUM" "focusblog 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "fotawp 1.4.2 Missing.Authorization.via.fotawp_install_and_activate_plugins() MEDIUM" "freesia-empire 1.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fusion-builder 7.11.6 Authenticated(Contributor+).Sensitive.Information.Exposure.via.Form.Entries MEDIUM" "fusion-builder 3.11.2 Subscriber+.SQL.injection.and.broken.access.control.vulnerability.in.Critical.CSS HIGH" "flashy No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "foodbakery 2.2 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "foodbakery 2.0 Unauthenticated.Reflected.XSS MEDIUM" "fotography 2.4.1 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "flap No.known.fix Business.WordPress.Theme.<=.1.5.-.Unauthenticated.PHP.Object.Injection CRITICAL" "flixita 1.0.83 Reflected.Cross-Site.Scripting.via.id.Parameter MEDIUM" "fire-blog No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "foxiz 2.3.6 Unauthenticated.Server-Side.Request.Forgery HIGH" "forumengine 1.9 Reflected.Cross-Site.Scripting MEDIUM" "findus 1.1.15 Directory.Listing.<.1.1.15.-.Authenticated.Persistent.XSS MEDIUM" "furnob No.known.fix Cross-Site.Request.Forgery MEDIUM" "fioxen No.known.fix Reflected.XSS HIGH" "fortune No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fluida 1.8.8.1 Contributor+.Stored.XSS MEDIUM" "findgo 1.3.32 Directory.Listing.<.1.3.32.-.Unauthenticated.Reflected.and.Authenticated.Stored.XSS MEDIUM" "fude No.known.fix Reflected.XSS HIGH" "fana 1.1.29 Unauthenticated.Local.File.Inclusion CRITICAL" "freely No.known.fix Information.Disclosure HIGH" "foton 2.6.1 Unauthenticated.Local.File.Inclusion CRITICAL" "filmix No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fusion 2.8.3 Local.File.Disclosure HIGH" "fusion 2.8.3 WordPress.Slider.Revolution.Shell.Upload CRITICAL" "fashionable-store No.known.fix Reflected.XSS HIGH" "flatsome 3.19.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Shortcodes MEDIUM" "flatsome 3.19.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "flatsome 3.17.6 Unauthenticated.PHP.Object.Injection CRITICAL" "flatsome 3.17.0 Reflected.XSS HIGH" "folo No.known.fix Contributor+.Arbitrary.File.Upload HIGH" "folo No.known.fix Reflected.Cross-Site.Scripting HIGH" "flex-mag 3.6.0 Responsive.WordPress.News.Theme.<.3.6.0.-.Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Option.Deletion HIGH" "flozen-theme 1.5.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "fish-house No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "formula 0.5.2 Reflected.Cross-Site.Scripting.via.quality_customizer_notify_dismiss_action MEDIUM" "formula 0.5.2 Reflected.Cross-Site.Scripting.via.ti_customizer_notify_dismiss_recommended_plugins MEDIUM" "findeo 1.3.1 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "findeo 1.3.1 Arbitrary.Property.Deletion.via.IDOR HIGH" "footysquare No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "flatnews No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "financio 1.1.4 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "full-frame 2.7.3 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "fashstore No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "fifteen No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "fraction-theme 1.1.2 Privilege.Escalation HIGH" "finance No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "fullbase 1.2.1 Reflected.XSS HIGH" "gucherry-blog No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "grace-mag No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "gaga-corp No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "gowilds No.known.fix Reflected.XSS HIGH" "gema-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "grey-opaque No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Download-Button.Shortcode MEDIUM" "gravel No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "geomagazine No.known.fix Unauthenticated.Reflected.XSS MEDIUM" "gameplan No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "grandprix 1.6.1 Unauthenticated.Local.File.Inclusion CRITICAL" "golo 1.7.1 Authentication.Bypass.to.Account.Takeover CRITICAL" "golo 1.6.11 Directory.&.Listing,.Travel.WordPress.Theme.<.1.6.11.-.Missing.Authorization.to.Privilege.Escalation.via.Unauthenticated.Arbitrary.User.Password.Change CRITICAL" "golo 1.3.3 Unauthenticated.Reflected.XSS MEDIUM" "gaga-lite No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "goto 2.1 Reflected.Cross-Site.Scripting.(XSS) HIGH" "goto 2.1 Unauthenticated.Blind.SQL.Injection CRITICAL" "goto 2.0 Tour.&.Travel.<.2.0.-.Unauthenticated.Reflected.XSS MEDIUM" "grandrestaurant No.known.fix Unauthenticated.PHP.Object.Injection.via.Path.Traversal CRITICAL" "grandrestaurant No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "grandrestaurant No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Options.Deletion HIGH" "grandrestaurant No.known.fix Missing.Authorization MEDIUM" "grandrestaurant No.known.fix Cross-Site.Request.Forgery MEDIUM" "goodnex 1.1.3 Information.Disclosure HIGH" "greenmart 2.5.2 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "greenmart 2.4.3 Reflected.Cross-Site.Scripting.(XSS) CRITICAL" "glossy-blog No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "graphene 2.9.3 Unauthenticated.Password.Protected.Post.Access MEDIUM" "gym-express No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ghostwriter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "goya 1.0.8.8 Unauthenticated.Reflected.Cross-Site.Scripting.via.Multiple.Parameters MEDIUM" "gump No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "goodnews5 No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "gutenbook No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "grip No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "givingpress-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "grandtour No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "g-blog No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hugo-wp 1.0.10 Various.Versions.and.Themes.-.Missing.Authorization MEDIUM" "homey 2.4.5 Booking.and.Rentals.WordPress.Theme.<.2.4.5.-.Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Reservation.&.Post.Deletion MEDIUM" "homey 2.4.5 Booking.and.Rentals.WordPress.Theme.<.2.4.5.-.Insecure.Direct.Object.Reference.to.Authenticated.(Subscriber+).Arbitrary.User.Deletion MEDIUM" "homey 2.4.4 Cross-Site.Request.Forgery.to.User.Verification MEDIUM" "homey 2.4.4 Limited.Authentication.Bypass HIGH" "homey 2.4.3 Unauthenticated.Privilege.Escalation.in.homey_save_profile CRITICAL" "homey No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "hotel-galaxy No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "homevillas-real-estate 2.3 Multiple.Cross-Site.Scripting.Issues MEDIUM" "hara 1.2.11 Unauthenticated.Local.File.Inclusion CRITICAL" "houzez 3.4.2 Missing.Authorization MEDIUM" "houzez 3.4.2 Missing.Authorization MEDIUM" "houzez 3.3.0 Subscriber+.Privilege.Escalation HIGH" "houzez 3.2.5 Reflected.Cross-Site.Scripting MEDIUM" "hive-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "headway 3.8.9 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "highlight 1.0.30 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "hestia 3.1.3 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "himer 2.1.3 Social.Questions.and.Answers.<.2.1.3.-.CSRF.While.Sending.the.Invites MEDIUM" "himer 2.1.1 Social.Questions.and.Answers.<.2.1.1.-.Subscriber+.Private.Group.Joining.via.IDOR MEDIUM" "himer 2.1.1 Social.Questions.and.Answers.<.2.1.1.-.Multiple.CSRF.on.the.Group.Section MEDIUM" "himer 2.1.1 Social.Questions.and.Answers.<.2.1.1.-.Arbitrary.Group.Joining.via.CSRF MEDIUM" "himer 2.1.1 Social.Questions.and.Answers.<.2.1.1.-.Bypass.Poll.Voting.Restrictions.via.CSRF MEDIUM" "himer 2.1.1 Social.Questions.and.Answers.<.2.1.1.-.Contributor+.Stored.XSS MEDIUM" "himer 1.9.3 Missing.validation.lead.to.functionality.abuse LOW" "hostiko 30.1 Hosting.WordPress.&.WHMCS.Theme.<.30.1.-.Reflected.Cross-Site.Scripting MEDIUM" "hostiko 30.1 Hosting.WordPress.&.WHMCS.Theme.<.30.1.-.Unauthenticated.Local.File.Inclusion HIGH" "hueman 3.7.25 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "hueman 3.6.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "hueman 3.6.4 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "hmd 2.2 Reflected.Cross-Site.Scripting MEDIUM" "hester No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "honeypress 2.3.6 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "hotstar No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "hotstar No.known.fix Missing.Authorization MEDIUM" "himalayas No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "himalayas 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "home-services No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "hello-agency 1.0.6 Missing.Authorization.to.Notice.Dismissal MEDIUM" "hotelica No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "healsoul No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "hasten-lite No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "hasium No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hasium 1.6.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "halpes No.known.fix Reflected.XSS HIGH" "insurance No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "inspiro 7.2.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "ilex 1.4.2 Reflected.XSS HIGH" "intrepidity No.known.fix File.Upload.and.Option.Update.via.CSRF HIGH" "ivy-school 1.6.1 Unauthenticated.Local.File.Inclusion CRITICAL" "idyllic 1.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "illdy 2.1.7 Unauthenticated.Function.Injection CRITICAL" "infinite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.project_url.Parameter MEDIUM" "inset No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "industrial-lite No.known.fix Missing.Authorization MEDIUM" "intothedark No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ignition 2.0.0 Unauthenticated.Option.Update MEDIUM" "ignition 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "industrial 1.7.9 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "i-amaze No.known.fix Cross-Site.Request.Forgery MEDIUM" "itsulu 1.5.0 Unauthenticated.Local.File.Inclusion CRITICAL" "injob 3.4.1 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "intrace 1.1.1 Multiple.Versions.-.Missing.Authorization.to.Notice.Dismissal MEDIUM" "ih-business-pro No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "i-transform No.known.fix Cross-Site.Request.Forgery MEDIUM" "interface 3.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "js-o3-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "js-o3-lite No.known.fix Reflected.XSS HIGH" "jobeleon-wpjobboard 1.9.2 Reflected.Cross-Site.Scripting MEDIUM" "jewelry-store 2.3.5 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "js-paper No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "js-paper No.known.fix Reflected.XSS HIGH" "jobify 4.2.8 Job.Board.WordPress.Theme.<.4.2.8.-.Missing.Authorization.to.Unauthenticated.Server-Side.Request.Forgery,.Arbitrary.Image.Upload,.and.Image.Generation MEDIUM" "jobify No.known.fix Job.Board.WordPress.Theme.<=.4.2.3.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jobify No.known.fix Job.Board.WordPress.Theme.<=.4.2.3.-.Unauthenticated.Arbitrary.File.Read HIGH" "jobify No.known.fix Job.Board.WordPress.Theme.<=.4.2.3.-.Missing.Authorization MEDIUM" "jobify No.known.fix Job.Board.WordPress.Theme.<=.4.2.3.-.Cross-Site.Request.Forgery MEDIUM" "julia-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "jnews No.known.fix Missing.Authorization MEDIUM" "jnews 11.6.7 WordPress.Newspaper.Magazine.Blog.AMP.Theme.<.11.6.7.-.Unauthorized.User.Registration MEDIUM" "jnews 8.0.6 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "jannah 5.4.5 Reflected.Cross-Site.Scripting.(XSS) HIGH" "jannah 5.4.4 Reflected.Cross-Site.Scripting.(XSS) HIGH" "jetapo-with-woocommerce 1.1 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "jarvis No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "jobcareer 3.5 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "jobcareer 2.5.1 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "jobcareer 2.4.1 User.enumeration.&.Reset.password CRITICAL" "jobscout 1.1.5 Cross-Site.Request.Forgery.to.Notice.Dimissal MEDIUM" "jupiter 6.10.2 Subscriber+.Privilege.Escalation.and.Post.Deletion CRITICAL" "jupiter 6.10.2 Subscriber+.Arbitrary.Plugin.Deletion MEDIUM" "jupiter 6.10.2 Subscriber+.Path.Traversal.and.Local.File.Inclusion HIGH" "jetapo 1.1 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "javo-spot 3.0.0 Unauthenticated.Directory.Traversal HIGH" "jupiterx 2.0.7 Subscriber+.Path.Traversal.and.Local.File.Inclusion HIGH" "jupiterx 2.0.7 Subscriber+.Arbitrary.Plugin.Deactivation.and.Settings.Update MEDIUM" "kaffen 1.2.6 Unauthenticated.Local.File.Inclusion CRITICAL" "kiamo No.known.fix Responsive.Business.Service.WordPress.Theme.<=.1.3.3.-.Unauthenticated.Local.File.Inclusion CRITICAL" "kata 1.2.9 Reflected.XSS HIGH" "kata-business No.known.fix Reflected.XSS HIGH" "kidsplanet 2.2.14.1 Unauthenticated.PHP.Object.Injection CRITICAL" "kormosala 1.0.23 Unauthenticated.Reflected.XSS MEDIUM" "kinsley 3.4.5 Unauthenticated.Local.File.Inclusion CRITICAL" "kingclub-theme No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "konzept 2.5 Unauthenticated.Reflected.XSS MEDIUM" "kahuna 1.7.0.1 Contributor+.Stored.XSS MEDIUM" "kleo 5.4.4 Missing.Authorization MEDIUM" "kleo 5.4.4 Reflected.Cross-Site.Scripting MEDIUM" "kata-app No.known.fix Reflected.XSS HIGH" "krste 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "krowd No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "lasa 1.1.1 Unauthenticated.Local.File.Inclusion CRITICAL" "lestin No.known.fix Reflected.XSS HIGH" "lawyer-landing-page 1.2.5 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "listingo No.known.fix Business.Listing.and.Directory.WordPress.Theme.<=.3.2.7.-.Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "listingo 3.2.7 Unauthenticated.Arbitrary.File.Upload CRITICAL" "learnmore No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "learnmore No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "lafka No.known.fix Multi.Store.Burger.-.Pizza.&.Food.Delivery.WooCommerce.Theme.<=.4.5.7.-.Missing.Authorization.to.Authenticated.(Subscriber+).Demo.Import MEDIUM" "looki-lite 1.3.0 Reflected.XSS HIGH" "listingpro 2.9.5 Cross-Site.Request.Forgery.to.Account.Takeover HIGH" "listingpro 2.9.5 Subscriber+.Local.File.Inclusion HIGH" "listingpro 2.9.5 Unauthenticated.SQL.Injection CRITICAL" "listingpro 2.6.1 Unauthenticated.Sensitive.Data.Disclosure.(Usernames,.Emails.etc) HIGH" "listingpro 2.6.1 Unauthenticated.Arbitrary.Plugin.Installation/Activation/Deactivation CRITICAL" "listingpro 2.5.4 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "listingpro 2.0.14.5 Reflected.&.Persistent.Cross-Site.Scripting MEDIUM" "listeo 1.6.11 Multiple.XSS.&.XFS.vulnerabilities MEDIUM" "listeo 1.6.11 Multiple.Authenticated.IDOR.Vulnerabilities MEDIUM" "liquido No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "luxe 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "luxe 2.0.0 Unauthenticated.Option.Update MEDIUM" "lattice 1.1.4 Unspecified.XSS MEDIUM" "laboom No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "larson 1.6.0 Unauthenticated.Local.File.Inclusion CRITICAL" "lawyerpress-lite No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "lifestyle-magazine 10.2.1 Reflected.Cross-Site.Scripting MEDIUM" "lovetravel 3.8 Unauthenticated.Reflected.XSS.&.XFS MEDIUM" "lovetravel 2.0 Unauthenticated.Reflected.XSS.&.XFS MEDIUM" "listivo 2.3.68 Classified.Ads.WordPress.Theme.<.2.3.68.-.Reflected.Cross-Site.Scripting MEDIUM" "luique 1.3.1 Unauthenticated.Local.File.Inclusion CRITICAL" "mags 1.1.7 Unauthenticated.Local.File.Inclusion CRITICAL" "meris No.known.fix Reflected.XSS HIGH" "modins No.known.fix Reflected.XSS HIGH" "metro-magazine 1.3.8 Missing.Authorization.to.Notice.Dismissal MEDIUM" "mediumishh No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "mantra No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "minimog 3.8.0 Unauthenticated.Local.PHP.File.Inclusion CRITICAL" "multifox No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mediciti-lite No.known.fix Reflected.XSS HIGH" "mediciti-lite No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "modular 2.8.3 Local.File.Disclosure HIGH" "modular 2.8.3 WordPress.Slider.Revolution.Shell.Upload CRITICAL" "method 2.8.3 Local.File.Disclosure HIGH" "method 2.8.3 WordPress.Slider.Revolution.Shell.Upload CRITICAL" "monalisa 2.1.3 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "morningtime-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mesmerize 1.6.124 Cross-Site.Request.Forgery.to.Cache.Clearing MEDIUM" "motors 5.6.68 Unauthenticated.Privilege.Escalation.via.Password.Update/Account.Takeover CRITICAL" "motors 5.6.66 Car.Dealer,.Rental.&.Listing.WordPress.theme.<.5.6.66.-.Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "medicenter 14.7 Health.Medical.Clinic.WordPress.Theme.<.14.7.-.Missing.Authorization MEDIUM" "manbiz2 No.known.fix Local.File.Disclosure HIGH" "manbiz2 No.known.fix WordPress.Slider.Revolution.Shell.Upload CRITICAL" "medicate No.known.fix Local.File.Disclosure HIGH" "medicate No.known.fix WordPress.Slider.Revolution.Shell.Upload CRITICAL" "my-wooden-under-construction No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "minus 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "minus 2.0.0 Unauthenticated.Option.Update MEDIUM" "mosaic No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "modern 1.4.2 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "ms-lms-starter-theme 1.1.9 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "monolit 2.0.7 Reflected.XSS HIGH" "medicare No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "massive-dynamic No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "my-flatonica No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "myriad 2.8.3 Local.File.Disclosure HIGH" "myriad 2.8.3 WordPress.Slider.Revolution.Shell.Upload CRITICAL" "medicpress-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mystique No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "monograph No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mocho-blog No.known.fix Reflected.XSS HIGH" "materialis 1.1.30 Missing.Authorization.to.Limited.Arbitrary.Options.Update MEDIUM" "multipurpose No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "meridia 2.2.8 Reflected.Cross-Site.Scripting MEDIUM" "meridia 2.2.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mTheme-Unus No.known.fix Local.File.Inclusion.(LFI) HIGH" "mediclinic 2.2 Unauthenticated.Local.File.Inclusion CRITICAL" "my-white No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "maia 1.1.16 Unauthenticated.Local.File.Inclusion CRITICAL" "motor 3.1.0 Unauthenticated.Local.File.Inclusion HIGH" "medibazar No.known.fix Cross-Site.Request.Forgery MEDIUM" "madara 2.2.2.1 Unauthenticated.Local.File.Inclusion CRITICAL" "machic No.known.fix Cross-Site.Request.Forgery MEDIUM" "medikaid 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "meta-news 1.1.8 Unauthenticated.Local.File.Inclusion CRITICAL" "magazine-edge No.known.fix Subscriber+.Arbitrary.Plugin.Activation MEDIUM" "medzone-lite 1.2.6 Unauthenticated.Function.Injection CRITICAL" "moseter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "moseter No.known.fix Reflected.XSS HIGH" "newsmash 1.0.72 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "newsmash 1.0.35 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "nrgfashion No.known.fix Model.Agency.One.Page.Beauty.Theme.<=.1.4.4.-.Unauthenticated.PHP.Object.Injection CRITICAL" "nioland 1.2.7 Reflected.Cross-Site.Scripting.via.s MEDIUM" "nika 1.2.9 Unauthenticated.Local.File.Inclusion CRITICAL" "nothing-personal No.known.fix Reflected.XSS HIGH" "newspaper-x 1.3.2 Unauthenticated.Function.Injection CRITICAL" "nictitate No.known.fix Cross-Site.Request.Forgery MEDIUM" "newsmag No.known.fix Subscriber+.Reflected.Cross-Site.Scripting MEDIUM" "newsmag 2.4.2 Unauthenticated.Function.Injection CRITICAL" "neosense 1.8 Unrestricted.File.Upload CRITICAL" "noo-jobmonster 4.7.5 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "noo-jobmonster 4.7.6 Unauthenticated.Privilege.Escalation CRITICAL" "noo-jobmonster 4.6.6.1 Directory.Listing.in.Upload.Folder MEDIUM" "noo-jobmonster 4.5.2.9 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "nichebase 1.2.3 Reflected.Cross-Site.Scripting MEDIUM" "nichebase 1.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "nsc No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "nightlife No.known.fix CSRF.File.Upload HIGH" "nexter 2.0.4 Missing.Authorization MEDIUM" "nexter 2.0.4 Authenticated.(Subscriber+).SQL.Injection.via.'to'.and.'from' HIGH" "nova-lite 1.3.9 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "newsblogger 0.2.5.2 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "newsblogger 0.2.5.5 Cross-Site.Request.Forgery.to.Arbitrary.Plugin.Installation HIGH" "newsmunch 1.0.36 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "naturemag-lite No.known.fix Unauthenticated.Function.Injection CRITICAL" "ngo-charity-lite No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "newscrunch 1.8.4.1 Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "newscrunch 1.8.4.1 Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "neighborly No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "nokke 1.2.4 Reflected.XSS HIGH" "nokke 1.2.3 Reflected.Cross-Site.Scripting MEDIUM" "nokke 1.2.4 Reflected.Cross-Site.Scripting MEDIUM" "nokke 1.0.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "newshit 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "newsdaily No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "newsy No.known.fix Reflected.Cross-Site.Scripting HIGH" "newsy No.known.fix Contributor+.Arbitrary.File.Upload HIGH" "newspaper 12.6.6 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Attachment.Meta MEDIUM" "news-flash No.known.fix Authenticated.(Editor+).PHP.Object.Injection HIGH" "nrgbusiness No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "nrgbusiness No.known.fix Missing.Authorization MEDIUM" "newscard 1.4 Unauthenticated.Local.File.Inclusion CRITICAL" "newseqo No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nirvana No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "networker 1.1.10 Tech.News.WordPress.Theme.with.Dark.Mode.<.1.1.10.-.Missing.Authorization MEDIUM" "news-unlimited No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "newsmatic 1.3.3 Missing.Authorization MEDIUM" "newsmatic 1.3.5 Unauthenticated.Information.Exposure.via.newsmatic_filter_posts_load_tab_content MEDIUM" "newsxpress 1.0.8 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "nokri 1.6.3 Unauthenticated.Arbitrary.Password.Change CRITICAL" "nexos 1.8 Real.Estate.<.1.8.-.Unauthenticated.Reflected.XSS.&.SQL.Injection CRITICAL" "nexos 1.6.1 Real.Estate.<.1.6.1.-.SQL.Injection.&.Persistent.XSS CRITICAL" "offset-writing No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "offset-writing No.known.fix Reflected.XSS HIGH" "onair2 3.9.9.2 Unauthenticated.RFI.and.SSRF MEDIUM" "onetone No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "ogami No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "olivia No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "one-page-conference No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "orchid-store 1.5.7 .Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Plugin.Activation MEDIUM" "onepress No.known.fix Missing.Authorization MEDIUM" "onepress No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "onepress 2.3.7 Cross-Site.Request.Forgery.via.save_settings() MEDIUM" "oceanic No.known.fix Cross-Site.Request.Forgery MEDIUM" "ober 1.3.4 Unauthenticated.Local.File.Inclusion CRITICAL" "oceanwp 4.1.0 Contributor+.Stored.XSS.via.Select.HTML.Tag MEDIUM" "oceanwp 3.5.5 Subscriber+.Sensitive.Information.Exposure MEDIUM" "ona 1.18.3 Reflected.Cross-Site.Scripting MEDIUM" "outdoor 3.9.7 Reflected.XSS HIGH" "one-paze No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "oxpitan No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "orgarium No.known.fix Reflected.XSS HIGH" "opstore No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "opor-ayam No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "opor-ayam No.known.fix Reflected.XSS HIGH" "optimizepress 1.6 Unauthenticated.Arbitrary.File.Upload CRITICAL" "paroti No.known.fix Reflected.XSS HIGH" "polka-dots No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "polka-dots No.known.fix Reflected.XSS HIGH" "plant No.known.fix Gardening.&.Houseplants.WordPress.Theme.<=.1.0.0.-.Unauthenticated.Information.Exposure MEDIUM" "popularis-verse 1.0.2 Cross-Site.Request.Forgery MEDIUM" "power-mag No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pearl 3.4.8 Corporate.Business.<.3.4.8.-.Unauthenticated.Local.File.Inclusion CRITICAL" "parallelus-intersect 2.0 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "pressive 2.0.0 Unauthenticated.Option.Update MEDIUM" "pressive 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "press-grid No.known.fix Frontend.Publish.Reaction.&.Multimedia.Theme.<=.1.3.1.-.Unauthenticated.PHP.Object.Injection CRITICAL" "pressmart 1.2.17 Modern.Elementor.WooCommerce.WordPress.Theme.<.1.2.17.-.Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "pimp No.known.fix Creative.MultiPurpose.<=.1.7.-.Unauthenticated.PHP.Object.Injection CRITICAL" "purity-of-soul No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "purity-of-soul No.known.fix Reflected.XSS HIGH" "pubnews 1.0.8 Authenticated.(Subscriber+).Arbitrary.Plugin.Installation HIGH" "perfect-portfolio 1.2.1 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "perfect-portfolio 1.1.6 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "parallelus-unite 2.0 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "punte 1.1.3 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "pixgraphy 1.3.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "patricia-blog No.known.fix Cross-Site.Request.Forgery MEDIUM" "patch-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "parallaxsome 1.3.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "pixova-lite 2.0.7 Unauthenticated.Function.Injection CRITICAL" "purosa 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "purosa 1.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "posterity No.known.fix Contributor+.Stored.XSS MEDIUM" "posterity 3.4 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "parallax-blog No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "parallelus-traject 2.0 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "pixigo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "phototouch 1.2.2 Arbitrary.File.Upload.via.themify-ajax.php CRITICAL" "puzzles 4.2.5 Unauthenticated.PHP.Object.Injection HIGH" "puzzles 4.2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "puzzles 4.2.5 Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "purus No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "purus No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "purus No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "point No.known.fix Cross-Site.Request.Forgery MEDIUM" "plato 1.1.9 Reflected.XSS HIGH" "pathway 1.0.16 Various.Versions.and.Themes.-.Missing.Authorization MEDIUM" "photography No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "photography No.known.fix Unauthenticated.Server-Side.Request.Forgery HIGH" "photography No.known.fix Missing.Authorization MEDIUM" "parallelus-salutation 3.0.16 Stored.XSS MEDIUM" "parallelus-salutation 2.0 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "prolist 1.27 Directory.Listing.<.1.27.-.Unauthenticated.Reflected.XSS MEDIUM" "pinfinity 2.0 Reflected.Cross-site.Scripting.(XSS) MEDIUM" "performag 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "performag 2.0.0 Unauthenticated.Option.Update MEDIUM" "pisole No.known.fix Reflected.XSS HIGH" "patricia-lite No.known.fix Cross-Site.Request.Forgery MEDIUM" "preschool-and-kindergarten 1.2.2 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "plain-post 1.0.4 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "photobox No.known.fix Contributor+.Arbitrary.File.Upload HIGH" "photobox No.known.fix Reflected.Cross-Site.Scripting HIGH" "platform No.known.fix Cross-Site.Request.Forgery.(CSRF) HIGH" "pont No.known.fix Privilige.Escalation HIGH" "pinboard No.known.fix includes/theme-options.php.tab.Parameter.XSS MEDIUM" "petsworld No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "pliska 0.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Author.Display.Name MEDIUM" "porto 7.1.1 Unauthenticated.Local.File.Inclusion.via.porto_ajax_posts CRITICAL" "porto 7.1.1 Authenticated.(Contributor+).Local.File.Inclusion.via.Post.Meta HIGH" "parabola No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pinzolo 1.2.10 Reflected.XSS HIGH" "partdo No.known.fix Cross-Site.Request.Forgery MEDIUM" "phlox-pro 5.16.5 Reflected.Cross-Site.Scripting.via.Search.Parameters MEDIUM" "photology 1.1.4 Multiple.Versions.-.Missing.Authorization.to.Notice.Dismissal MEDIUM" "quality 2.7.4 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "quota 1.2.5 Unspecified.XSS MEDIUM" "quasar 2.0 Privilege.Escalation HIGH" "qizon No.known.fix Reflected.XSS HIGH" "qempo No.known.fix Reflected.XSS HIGH" "ruza 1.0.8 Unauthenticated.Local.File.Inclusion CRITICAL" "responsive-mobile No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rapyd-payments No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "roven-blog 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "ripple 1.2.1 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "rise 2.0.0 Unauthenticated.Option.Update MEDIUM" "rise 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "realestate-7 3.5.3 Unauthenticated.Privilege.Escalation CRITICAL" "realestate-7 3.5.5 Authenticated.(Custom).Arbitrary.File.Upload HIGH" "realestate-7 3.5.2 Unauthenticated.Privilege.Escalation CRITICAL" "realestate-7 3.3.5 Reflected.XSS HIGH" "realestate-7 3.3.5 Multiple.CSRF MEDIUM" "realestate-7 3.3.2 Reflected.XSS HIGH" "realestate-7 3.1.1 Reflected.Cross-Site.Scripting.(XSS) HIGH" "realestate-7 3.0.5 Unauthenticated.Reflected.XSS MEDIUM" "realestate-7 3.0.4 Unauthenticated.Reflected.XSS MEDIUM" "realestate-7 2.9.5 Multiple.Vulnerabilities HIGH" "realestate-7 2.9.1 Stored.XSS.&.IDOR MEDIUM" "revivenews 1.0.3 Missing.Authorization.via.revivenews_install_and_activate_plugins() MEDIUM" "restricted-site-access No.known.fix IP.Spoofing.to.Protection.Mechanism.Bypass MEDIUM" "rara-business 1.2.6 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "rara-business 1.2.3 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "rovenstart 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "royal-elementor-kit 1.0.117 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "royal-elementor-kit 1.0.117 Missing.Authorization.to.Arbitrary.Transient.Update MEDIUM" "regina-lite No.known.fix Reflected.XSS HIGH" "regina-lite 2.0.6 Unauthenticated.Function.Injection CRITICAL" "robolist-lite No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "roseta No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "revolve No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "resido 3.6.1 Real.Estate.WordPress.Theme.<.3.6.1.-.Missing.Authorization.to.Unauthenticated.Server-Side.Request.Forgery.and.API.Key.Settings.Update MEDIUM" "rainbownews No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rozario No.known.fix Missing.Authorization MEDIUM" "responsive 5.0.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive 5.0.3 Missing.Authorization.to.HMTL.Injection HIGH" "rambo 2.1.4 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "realhomes 4.4.1 Real.Estate.WordPress.Theme.<.4.4.1.-.Authenticated.(Subscriber+).Privilege.Escalation HIGH" "realhomes 4.3.7 Privilege.Escalation CRITICAL" "ruizarch 1.2.0 Unauthenticated.Local.File.Inclusion CRITICAL" "restaurant-pt 1.1.3 Reflected.XSS HIGH" "reality 2.5.6 Multiple.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "reality 2.5.3 Unauthenticated.Reflected.XSS MEDIUM" "reality 2.4.0 Multiple.Persistent.XSS MEDIUM" "rehub-theme 19.6.2 Authenticated.(Subscriber+).SQL.Injection HIGH" "rehub-theme 19.6.2 Unauthenticated.Local.File.Inclusion CRITICAL" "rehub-theme 19.6.2 Authenticated.(Editor+).Local.File.Inclusion HIGH" "restaurant-and-cafe 1.2.2 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "relax-spa 1.1.1 Reflected.Cross-Site.Scripting MEDIUM" "revo No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "rife-free 2.4.19 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "rife-free 2.4.20 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "raindrops 1.700 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "raise-mag No.known.fix Reflected.XSS HIGH" "rezo No.known.fix Contributor+.Arbitrary.File.Upload HIGH" "rezo No.known.fix Reflected.Cross-Site.Scripting HIGH" "reconstruction No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "radcliffe-2 2.0.18 Missing.Authorization MEDIUM" "reales-wp-real-estate-wordpress-theme No.known.fix Real.Estate.WordPress.Theme.<=.2.1.2.-.Missing.Authorization.to.Unauthenticated.Attachment.Deletion.and.Favorite.Property.Updates MEDIUM" "silk-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "spasalon 2.2.1 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "spare No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "spare No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "spare No.known.fix Cross-Site.Request.Forgery MEDIUM" "squared 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "squared 2.0.0 Unauthenticated.Option.Update MEDIUM" "sidepane No.known.fix Contributor+.Arbitrary.File.Upload HIGH" "sidepane No.known.fix Reflected.Cross-Site.Scripting HIGH" "simplish No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "sarada-lite 1.1.3 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "sweetdate 3.8.0 Unauthenticated.Privilege.Escalation CRITICAL" "simplifii No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "superio 1.2.33 Job.Board.<.1.2.33.-.Subscriber+.Stored.Cross-Site.Scripting LOW" "streamit 4.0.3 Authenticated.(Subscriber+).Privilege.Escalation.via.User.Email.Change/Account.Takeover HIGH" "streamit 4.0.2 Authenticated.(Subscriber+).Arbitrary.File.Download MEDIUM" "streamit 4.0.2 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "sociallyviral No.known.fix Cross-Site.Request.Forgery MEDIUM" "smartit No.known.fix Information.Disclosure HIGH" "start No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "seabird No.known.fix Local.File.Disclosure HIGH" "seabird No.known.fix WordPress.Slider.Revolution.Shell.Upload CRITICAL" "spikes No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "sparkling 2.4.10 Missing.Authorization.to.Unauthenticated.Arbitrary.Plugin.Activation/Deactivation MEDIUM" "sparkling 2.4.9 Unauthenticated.Function.Injection CRITICAL" "snssimen No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "silesia No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "sean-lite 1.4.6 Reflected.XSS HIGH" "startupzy 1.1.2 Multiple.Versions.-.Missing.Authorization.to.Notice.Dismissal MEDIUM" "snsanton No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "septera No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "startkit No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "storevilla 1.4.2 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "showbiz 1.7.1 Local.File.Disclosure HIGH" "showbiz No.known.fix WordPress.Slider.Revolution.Shell.Upload CRITICAL" "shopo No.known.fix Reflected.Cross-Site.Scripting HIGH" "sportsmag No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "sevenstars No.known.fix Cross-Site.Request.Forgery MEDIUM" "storepress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "soledad 8.6.0 Unauthenticated.Limited.Local.File.Inclusion HIGH" "soledad 8.4.6 Missing.Authorization MEDIUM" "soledad 8.4.6 Missing.Authorization MEDIUM" "soledad 8.4.6 Cross-Site.Request.Forgery MEDIUM" "soledad 8.4.2 Reflected.Cross-Site.Scripting MEDIUM" "soledad 8.4.2 Authenticated.(Contributor+).SQL.Injection HIGH" "soledad 8.4.2 Unauthenticated.PHP.Object.Injection CRITICAL" "soledad 8.2.6 Subscriber+.Cross-Site.Scripting MEDIUM" "soledad 8.2.5 Reflected.Cross-site.Scripting MEDIUM" "sinatra No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "scrollme No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "swing-lite 1.2.0 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "store-commerce No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "soulmedic No.known.fix Local.File.Disclosure HIGH" "soulmedic No.known.fix WordPress.Slider.Revolution.Shell.Upload CRITICAL" "snsnitan No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "shapely 1.2.9 Unauthenticated.Function.Injection CRITICAL" "statfort No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "simpolio No.known.fix Privilige.Escalation HIGH" "scoreme No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "snsevon No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "shoppette 1.0.5 Unspecified.XSS MEDIUM" "stockholm 9.7 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "stockholm 9.7 Unauthenticated.Local.File.Inclusion CRITICAL" "socialdriver 2024 Prototype.Pollution.to.XSS HIGH" "spawp 1.4.1 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "sapa 1.1.15 Unauthenticated.Local.File.Inclusion CRITICAL" "spikes-black No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "spa-and-salon 1.2.8 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "slide No.known.fix Reflected.Cross-Site.Scripting HIGH" "slide No.known.fix Contributor+.Arbitrary.File.Upload HIGH" "striking-r 2.3.5 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "striking-r 2.3.5 Reflected.Cross-Site.Scripting MEDIUM" "soho-hotel No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simplecharm 1.4.4 Reflected.Cross-Site.Scripting MEDIUM" "specialist No.known.fix CSRF.File.Upload HIGH" "sweet-dessert 1.1.13 Unauthenticated.PHP.Object.Injection CRITICAL" "spabiz No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "style No.known.fix Information.Disclosure HIGH" "salzburg-blog No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "spiko 1.1.2 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "speculor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "speculor No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "speculor No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "squaretype 3.0.4 Unauthenticated.Private/Schedule.Posts.Disclosure MEDIUM" "sahifa 3.0.0 Site.Setting.Reset.CSRF HIGH" "sahifa 3.0.0 Multiple.Full.Path.Disclosure MEDIUM" "sliding-door No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "soundblast No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "saul 1.1.0 Reflected.XSS HIGH" "socialv 2.0.16 Social.Network.and.Community.BuddyPress.Theme.<.2.0.16.-.Missing.Authorization.to.Arbitrary.File.Download MEDIUM" "swape 1.2.1 Authentication.Bypass.and.Stored.XSS CRITICAL" "saleszone No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "shopbiz-lite 1.7.7 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "short 1.7.2 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "suffice 1.1.6 Reflected.Cross-Site.Scripting MEDIUM" "solar No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "spice-software 1.1.5 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "smartmag-responsive-retina-wordpress-magazine No.known.fix Unauthenticated.Sensitive.Information.Exposure.via.Log.Files MEDIUM" "sominx No.known.fix Reflected.XSS HIGH" "storely No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "storely No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "storebiz No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shuban No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "shuban No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "shuban No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "storied 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "storied 2.0.0 Unauthenticated.Option.Update MEDIUM" "samantha 1.2.0 Unauthenticated.Local.File.Inclusion CRITICAL" "scylla-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "sirat No.known.fix Missing.Authorization MEDIUM" "travel-tour 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "tempera No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "travey 1.0.5 Multiple.Versions.-.Missing.Authorization.to.Notice.Dismissal MEDIUM" "thrive-theme 3.24.0 Subscriber+.Privilege.Escalation HIGH" "thrive-theme 3.24.2 Cross-Site.Request.Forgery HIGH" "thrive-theme 3.24.0 Missing.Authorization HIGH" "thrive-theme 2.2.4 Unauthenticated.Option.Update MEDIUM" "travel-monster 1.1.3 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "themify-ultra 7.3.6 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "themify-ultra 7.3.6 Missing.Authorization MEDIUM" "themify-ultra 7.3.6 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "themify-ultra 7.3.6 Missing.Authorization MEDIUM" "themify-ultra 7.3.6 Privilege.Escalation HIGH" "travel-booking 1.2.3 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "the-monday No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "travel-agency-booking No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tinysalt 3.10.0 Unauthenticated.PHP.Object.Injection HIGH" "tinysalt 3.10.0 Unauthenticated.Local.File.Inclusion HIGH" "tinysalt 3.10.0 Unauthenticated.PHP.Object.Injection.in.ajax_handler CRITICAL" "taina No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "topcat-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "totalpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "total 2.1.60 Missing.Authorization.to.Authenticated.(Subscriber+).Sections.Update MEDIUM" "triton-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "the-next No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "the-ultralight No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "t1 No.known.fix Open.Redirect MEDIUM" "tastyc 2.5.2 Unauthenticated.Local.File.Inclusion CRITICAL" "travel-agency 1.4.2 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "tydskrif No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tydskrif No.known.fix Reflected.XSS HIGH" "theme-translation-for-polylang 3.2.17 Unauthenticated.Translation.Settings.Update MEDIUM" "the-launcher 1.3.3 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "techism No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "transcend 1.2.0 Unauthenticated.Function.Injection CRITICAL" "temp-mail-x No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tijaji No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tijaji No.known.fix Reflected.XSS HIGH" "the-authority No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "truemag No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "th-shop-mania 1.5.0 Authenticated.(Subscriber+).Arbitrary.Plugin.Installation/Activation HIGH" "thegem 5.10.3.1 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "thegem 5.10.3.1 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Theme.Options.Update MEDIUM" "thegem 5.9.2 Reflected.Cross-Site.Scripting MEDIUM" "theroof 1.0.4 Unauthenticated.Reflected.XSS HIGH" "trendy-news 1.0.15 Cross-Site.Request.Forgery MEDIUM" "tuaug4 No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tuaug4 No.known.fix Reflected.XSS HIGH" "the-wound No.known.fix Unauthenticated.LFI HIGH" "traveler 3.2.1 Unauthenticated.SQL.Injection HIGH" "traveler 3.2.1 Missing.Authorization MEDIUM" "traveler 3.2.1 Missing.Authorization MEDIUM" "traveler 3.2.1 Unauthenticated.PHP.Object.Injection HIGH" "traveler 3.1.9 Reflected.Cross-Site.Scripting MEDIUM" "traveler 3.1.9 Unauthenticated.Local.File.Inclusion.via.hotel_alone_load_more_post CRITICAL" "traveler 3.2.0 Authenticated.(Contributor+).Local.File.Inclusion.via.Shortcode HIGH" "traveler 3.1.7 Missing.Authorization.in.Several.AJAX.Actions MEDIUM" "traveler 3.1.7 Unauthenticated.SQL.Injection.via.order_id HIGH" "traveler 2.8.4 Unauthenticated.SQL.Injection HIGH" "traveler 2.8.4 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "traveler 2.8.2 Unauthenticated.Reflected.XSS MEDIUM" "traveler 2.7.8.6 Reflected.&.Persistent.XSS.Issues MEDIUM" "traveler 2.7.8.4 Reflected.&.Stored.XSS MEDIUM" "townhub 1.3.0 Unauthenticated.Reflected.XSS HIGH" "townhub 1.0.6 Multiple.Vulnerabilities HIGH" "traveltour 5.2.4 Reflected.XSS HIGH" "tantyyellow No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tantyyellow No.known.fix Reflected.XSS HIGH" "tevily No.known.fix Reflected.XSS HIGH" "tweaker5 No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "tiki-time No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tiki-time No.known.fix Reflected.XSS HIGH" "top-store 1.5.5 Authenticated.(Subscriber+).Arbitrary.Plugin.Installation/Activation HIGH" "tiger No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tiger No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "tainacan-interface 2.7.2 Reflected.Cross-Site.Scripting MEDIUM" "teardrop No.known.fix Privilige.Escalation HIGH" "the-conference 1.2.1 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "theron-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "unicon-lite 1.2.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "unique No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "upfrontwp No.known.fix Reflected.XSS HIGH" "ultralight No.known.fix Reflected.XSS HIGH" "udesign 4.11.3 Missing.Authorization MEDIUM" "unlimited 1.46 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "u-design No.known.fix Reflected.Cross-Site.Scripting HIGH" "u-design 2.7.10 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "ultrapress No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "unakit 1.2.5.3 Reflected.Cross-Site.Scripting MEDIUM" "unakit 1.2.4.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "uncode 2.9.1.7 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.mle-description MEDIUM" "uncode 2.9.1.7 Subscriber+.Arbitrary.File.Read.in.uncode_recordMedia MEDIUM" "uncode 2.9.1.7 Unauthenticated.Arbitrary.File.Read.in.uncode_admin_get_oembed HIGH" "umberto No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "ultimatum 2.9.1.5 Local.File.Disclosure HIGH" "ultimatum 2.9.1.5 WordPress.Slider.Revolution.Shell.Upload CRITICAL" "unseen-blog No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "uncode-lite No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "vernissage 1.3 Privilige.Escalation HIGH" "viburno 1.3.2 Reflected.XSS HIGH" "veda No.known.fix MultiPurpose.WordPress.Theme.<=.4.2.-.Authenticated.(Subscriber+).PHP.Object.Injection CRITICAL" "vilva 1.2.3 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "viable-blog No.known.fix Reflected.XSS HIGH" "vikinger 1.9.31 Authenticated.(Subscriber+).Privilege.Escalation.via.'vikinger_user_meta_update_ajax' HIGH" "voice 2.0.0 Unauthenticated.Option.Update MEDIUM" "voice 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "virtue 3.4.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.Author MEDIUM" "visual-composer-starter 3.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "valen No.known.fix Sport,.Fashion.WooCommerce.WordPress.Theme.<=.2.4.-.Unauthenticated.Local.File.Inclusion CRITICAL" "viralike No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "viralike 1.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "venice-lite 1.5.5 Reflected.XSS HIGH" "vmagazine-news 1.0.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "vertice 1.0.11 Various.Versions.and.Themes.-.Missing.Authorization MEDIUM" "videoblog No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "vw-automobile-lite No.known.fix Missing.Authorization MEDIUM" "villar 1.1.0 Reflected.Cross-Site.Scripting MEDIUM" "villar 1.0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "vmag 1.2.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "vmagazine-lite 1.3.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "vw-storefront 1.0.0 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Reset MEDIUM" "viala No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "viala No.known.fix Reflected.XSS HIGH" "vizeon No.known.fix Business.Consulting.<=.1.1.7.-.Unauthenticated.Local.File.Inclusion CRITICAL" "verbosa 1.2.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wallstreet 2.0.5 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "wellness No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "workscout 2.0.33 Authenticated.Stored.XSS.&.XFS HIGH" "weaver-xtreme 6.4 Contributor+.Stored.XSS MEDIUM" "weaver-xtreme 6.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "woffice 5.4.22 Authentication.Bypass.via.Registration.Role CRITICAL" "woffice 5.4.15 Unauthenticated.Privilege.Escalation CRITICAL" "woffice 5.4.12 Unauthenticated.Privilege.Escalation CRITICAL" "woffice 5.4.9 Reflected.Cross-Site.Scripting MEDIUM" "woffice 4.0.2 Unauthenticated.Disclosure.of.Notification.Titles MEDIUM" "wplms 1.9.9.5.3 Authenticated.(Instructor+).SQL.Injection MEDIUM" "wplms 1.9.9.5.2 Authenticated.(Instructor+).Arbitrary.File.Upload HIGH" "wplms 1.9.9.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wplms 1.9.9.5 Unauthenticated.Arbitrary.Directory.Deletion HIGH" "wplms 1.9.9.5.3 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wplms 1.9.9.1 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "wplms 1.9.9.5.3 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "wplms 1.9.9.1 Missing.Authorization.to.Unauthenticated.User.Token.Generation MEDIUM" "wplms 1.9.9.5.2 Authenticated.(Student+).Arbitrary.File.Upload HIGH" "wplms 1.9.9.5.2 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "wplms 1.9.9.5 Authenticated.(Student+).Remote.Code.Execution HIGH" "wplms 1.9.9.1 Unauthenticated.Privilege.Escalation CRITICAL" "wplms 1.9.9.5.2 Authenticated.(Contributor+).Arbitrary.Directory.Deletion HIGH" "wplms 1.9.9.5.2 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "wplms 4.963 Unauthenticated.Arbitrary.File.Read.and.Deletion CRITICAL" "wplms 4.900 Cross-Site.Request.Forgery HIGH" "wp-magazine No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "whitish-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-moose 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "wp-moose 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woodmart 8.0.4 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "woodmart 7.2.5 Reflected.XSS HIGH" "woodmart 7.2.2 Subscriber+.Stored.XSS HIGH" "woodmart 7.1.2 License.Update/Deactivation.via.CSRF MEDIUM" "woodmart 7.1.2 Unauthenticated.Arbitrary.Shortcode.Injection HIGH" "wanderland 1.7.2 Unauthenticated.Local.File.Inclusion CRITICAL" "winters No.known.fix Reflected.Cross-Site.Scripting.via.Prototype.Pollution MEDIUM" "weeklynews 2.2.9 Cross-Site.Scripting.(XSS) MEDIUM" "winnex No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "wibar 1.2.1 Authenticated.Stored.Cross-Site.Scripting HIGH" "workup 2.1.6 Unauthenticated.Reflected.XSS MEDIUM" "weddingalbum No.known.fix Information.Disclosure HIGH" "woohoo No.known.fix Settings.Update.via.CSRF MEDIUM" "wlow 1.2.7 Reflected.XSS HIGH" "wigi No.known.fix Contributor+.Arbitrary.File.Upload HIGH" "wp-forge No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "workio 1.0.3 Unauthenticated.Reflected.XSS MEDIUM" "whimsy-framework No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wishful-blog No.known.fix Reflected.XSS HIGH" "westand 2.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wilmer 3.4.2 Unauthenticated.Local.File.Inclusion CRITICAL" "woostify 1.9.2 CSRF.Bypass MEDIUM" "wyzi-business-finder 2.4.3 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "workreap 2.6.4 Subscriber+.Arbitrary.Posts.Deletion.via.IDOR MEDIUM" "workreap 2.6.3 Freelance.Marketplace.and.Directory.<.2.6.3.-.Subscriber+.Private.Message.Disclosure.via.IDOR MEDIUM" "workreap 2.2.2 Multiple.CSRF.+.IDOR.Vulnerabilities HIGH" "workreap 2.2.2 Missing.Authorization.Checks.in.Ajax.Actions HIGH" "workreap 2.2.2 Unauthenticated.Upload.Leading.to.Remote.Code.Execution CRITICAL" "wp-weixin 1.3.17 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-real-estate No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "wireless-butler No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wolmart 1.8.12 Unauthenticated.Arbitrary.Shortcode.Execution.in.wolmart_loadmore HIGH" "wp-sierra No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-sierra No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wproject 5.8.0 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "wproject 5.8.0 Reflected.Cross-Site.Scripting MEDIUM" "wproject 5.8.0 Missing.Authorization.to.Unauthenticated.Content.Modification.and.Deletion MEDIUM" "wp-foodbakery 4.8 Missing.Authorization.in.Multiple.Functions HIGH" "wp-foodbakery No.known.fix Cross-Site.Request.Forgery.in.Multiple.Functions HIGH" "wpcake No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-portfolio 2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wedding-bride 1.0.2 Reflected.XSS HIGH" "welowe No.known.fix Reflected.XSS HIGH" "wr-nitro No.known.fix Unauthenticated.Arbitrary.Plugin.Installation CRITICAL" "xenon No.known.fix Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "xstore 9.3.9 Subscriber+.Arbitrary.Options.Update HIGH" "xstore 9.3.9 Unauthenticated.SQLi HIGH" "xstore 9.3.9 Reflected.Cross-Site.Scripting HIGH" "xstore 9.3.9 Missing.Authorization MEDIUM" "xstore 9.3.9 Missing.Authorization MEDIUM" "xstore 9.3.9 Unauthenticated.Local.File.Inclusion CRITICAL" "xews-lite No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "xin No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "yuki 1.3.15 Cross-Site.Request.Forgery.to.Theme.Setting.Reset MEDIUM" "yuki 1.3.14 Missing.Authorization.to.Authenticated.(Subscriber+).Theme.Setting.Reset MEDIUM" "yuki 1.3.8 Reflected.Cross-Site.Scripting MEDIUM" "yourjourney No.known.fix Reflected.Cross-Site.Scripting.via.Prototype.Pollution MEDIUM" "yozi No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "zigcy-baby 1.0.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "zeever 1.1.1 Multiple.Versions.-.Missing.Authorization.to.Notice.Dismissal MEDIUM" "zilom No.known.fix Reflected.XSS HIGH" "zbench No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "zota 1.3.9 Unauthenticated.Local.File.Inclusion CRITICAL" "zegen No.known.fix Church.WordPress.Theme.<=.1.1.9.-.Missing.Authorization.to.Authenticated.(Subscriber+).Theme.Options.Updates MEDIUM" "zox-news 3.17.0 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "zoxpress 2.12.1 The.All-In-One.WordPress.News.Theme.<.2.12.1.-.Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "zoxpress 2.12.1 The.All-In-One.WordPress.News.Theme.<.2.12.1.-.Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Deletion HIGH" "zigcy-cosmetics 1.0.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "zass No.known.fix WooCommerce.Theme.for.Handmade.Artists.and.Artisans.<=.3.9.9.10.-.Missing.Authorization.to.Authenticated.(Subscriber+).Demo.Import MEDIUM" "zenon-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "zigcy-lite 2.1.0 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL") pp "Theme: Version" rthemes=(`grep -oP ".*/wp-content/themes/\K[a-zA-Z0-9-_.]+" $file | sort -u`) d=true; [[ ! ${rthemes[@]} ]] && d=false || d=true