diff --git a/enum.sh b/enum.sh index ddc12d8..b23f9b8 100755 --- a/enum.sh +++ b/enum.sh @@ -74,8 +74,8 @@ ver(){ plugins(){ flagz=() - releases_plugins=("99fy-core 1.2.8" "1app-business-forms 1.0.0" "4ecps-webforms 0.2.18" "360deg-javascript-viewer 1.7.28" "2mb-autocode 1.2.6" "0mk-shortener 0.2" "12-step-meeting-list 3.15.1" "3dady-real-time-web-stats 1.0" "8-degree-notification-bar 1.1.8" "2kb-amazon-affiliates-store 2.1.5" "ajax-domain-checker 1.3.0" "arkhe-blocks 2.23.0" "backuply 1.3.5" "custom-post-type-cpt-cusom-taxonomy-ct-manager 1.1" "checkout-plugins-stripe-woo 1.10.0" "charitable 1.8.1.14" "diary-availability-calendar 1.0.3" "export-to-text 2.4" "find-my-blocks 4.0.3" "fontmeister 1.08" "ga-backend-tracking 2.4.0" "giveasap 2.48.1" "history-log-by-click5 1.0.13" "htaccess 1.8.6" "jp-staticpagex 2.1" "jetgridbuilder 1.1.4" "kaya-qr-code-generator 1.6.0" "kama-clic-counter 4.0.0" "miniorange-login-security 1.4.1" "newsletter 8.5.0" "order-tracking 3.3.16" "oliver-pos 2.4.2.2" "print-o-matic 2.1.10" "paypal-currency-converter-basic-for-woocommerce 3.3.1 Basic" "rate-star-review 1.6.3" "rating-bws 1.7" "social-photo-gallery 1.0" "sv-forms 2.0.05" "tagregator 0.6" "tc-custom-javascript 1.2.3" "ultimate-reviews 3.2.12" "ucontext 3.9.1" "wp-accessibility-helper 0.6.3" "wp-admin-logo-changer 1.0" "webriti-smtp-mail 1.0" "xtremelocator 3.0.1" "xorbin-digital-flash-clock 1.0" "xt-woo-points-rewards 1.7.5" "zedity 8.0.5") - vulns_plugins=("12-step-meeting-list 3.14.34 Reflected.Cross-Site.Scripting MEDIUM" "12-step-meeting-list 3.14.29 Subscriber+.CSV.Download MEDIUM" "12-step-meeting-list 3.14.25 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "99robots-header-footer-code-manager-pro 1.0.17 Reflected.Cross-Site.Scripting.via.message MEDIUM" "1app-business-forms No.known.fix Author+.Stored.XSS MEDIUM" "8-degree-notification-bar No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "3dprint-lite 1.9.1.6 Reflected.Cross-Site.Scripting HIGH" "3dprint-lite 1.9.1.5 Unauthenticated.Arbitrary.File.Upload CRITICAL" "0mk-shortener No.known.fix Stored.XSS.via.CSRF HIGH" "0mk-shortener No.known.fix Admin+.Stored.XSS LOW" "4ecps-webforms No.known.fix Admin+.Stored.XSS LOW" "99fy-core 1.2.8 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "360deg-javascript-viewer 1.7.13 Missing.Authorization.to.Plugin.Settings.Update MEDIUM" "360deg-javascript-viewer 1.7.12 Unauthenticated.Settings.Update MEDIUM" "360deg-javascript-viewer 1.5.3 Reflected.Cross-Site.Scripting MEDIUM" "3dady-real-time-web-stats No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "2kb-amazon-affiliates-store No.known.fix Reflected.XSS MEDIUM" "2kb-amazon-affiliates-store 2.1.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "2mb-autocode 1.2.5 Reflected.Cross-Site.Scripting MEDIUM" "3d-viewer 1.3.4 Reflected.Cross-Site.Scripting MEDIUM" "3d-viewer 1.2.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "10to8-online-booking 1.1.0 Contributor+.Stored.XSS MEDIUM" "4k-icon-fonts-for-visual-composer No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "404-solution 2.35.8 Admin+.SQL.Injection MEDIUM" "404-solution 2.33.1 Sensitive.Information.Exposure.via.Log.File MEDIUM" "404-solution 2.35.0 Admin+.SQLi MEDIUM" "404-solution 2.33.1 Sensitive.Information.Exposure MEDIUM" "5-anker-connect 1.2.7 Reflected.Cross-Site.Scripting MEDIUM" "404-to-301 3.0.6 Reflected.Cross-Site.Scripting MEDIUM" "404-to-301 3.1.2 Reflected.Cross-Site.Scripting MEDIUM" "404-to-301 3.0.9 Logs.Deletion.via.CSRF MEDIUM" "404-to-301 3.0.8 Broken.Access.Control MEDIUM" "404-to-301 3.0.2 Subscriber+.Arbitrary.Option.Update CRITICAL" "404-to-301 2.3.1 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "1-click-close-store No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "5-stars-rating-funnel 1.3.02 Missing.Authorization MEDIUM" "5-stars-rating-funnel 1.3.02 Missing.Authorization MEDIUM" "5-stars-rating-funnel 1.2.63 Reflected.Cross-Site.Scripting MEDIUM" "5-stars-rating-funnel 1.2.53 Unauthenticated.SQLi HIGH" "5-stars-rating-funnel 1.2.54 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "404s 3.5.1 Admin+.Stored.Cross-Site.Scripting LOW" "3dprint 3.5.6.9 Arbitrary.File.and.Directory.Deletion.via.CSRF HIGH" "3dprint 3.5.6.9 CSRF.to.arbitrary.file.downlad HIGH" "2j-slideshow No.known.fix Reflected.Cross-Site.Scripting.via.'post' MEDIUM" "2j-slideshow No.known.fix Contributor+.Stored.XSS MEDIUM" "2j-slideshow No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "59sec-lite-contact-form-7-push-notifications-on-ios-and-android No.known.fix Unauthenticated.Settings.Update MEDIUM" "360-product-rotation 1.4.8 Reflected.XSS MEDIUM" "404-to-start No.known.fix Admin+.Stored.XSS LOW" "123-chat-videochat 1.3.1 Admin+.Stored.XSS LOW" "3com-asesor-de-cookies No.known.fix Admin+.Stored.XSS LOW" "404-redirection-manager No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "404-redirection-manager No.known.fix CSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "3d-flipbook-dflip-lite 2.2.27 Contributor+.Stored.XSS MEDIUM" "3d-flipbook-dflip-lite 2.2.27 Contributor+.Stored.XSS MEDIUM" "3d-flipbook-dflip-lite 1.7.10 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "3xsocializer No.known.fix Subscriber+.SQLi MEDIUM" "5280-bootstrap-modal-contact-form No.known.fix Cross-Site.Request.Forgery.to.Bulk.Delete.Messages MEDIUM" "3d-cover-carousel No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "123contactform-for-wordpress No.known.fix Validation.Bypass.via.Plugin.Verification MEDIUM" "123contactform-for-wordpress No.known.fix Unauthenticated.Arbitrary.File.Upload HIGH" "123contactform-for-wordpress No.known.fix Unauthenticated.Arbitrary.Post.Creation HIGH" "3-word-address-validation-field 4.0.0 Admin+.Sensitive.Information.Disclosure LOW" "analytics-insights 6.3 Open.Redirect MEDIUM" "ajax-add-to-cart-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ajax-add-to-cart-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "addify-product-labels-and-stickers 1.1.0 Multiple.CSRF MEDIUM" "addify-free-gifts-woocommerce 1.0.2 Multiple.CSRF MEDIUM" "addon-elements-for-elementor-page-builder 1.13.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "addon-elements-for-elementor-page-builder 1.13.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.and.eae_slider_animation.Parameters MEDIUM" "addon-elements-for-elementor-page-builder 1.13.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addon-elements-for-elementor-page-builder 1.13.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addon-elements-for-elementor-page-builder 1.13.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Twitter.Widget MEDIUM" "addon-elements-for-elementor-page-builder 1.13.4 Contributor+.Stored.XSS MEDIUM" "addon-elements-for-elementor-page-builder 1.13.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addon-elements-for-elementor-page-builder 1.13.3 Contributor+.DOM-Based.Stored.XSS MEDIUM" "addon-elements-for-elementor-page-builder 1.13.2 Contributor+.Stored.XSS MEDIUM" "addon-elements-for-elementor-page-builder 1.12.11 Contributor+.Stored.XSS MEDIUM" "addon-elements-for-elementor-page-builder 1.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Content.Switcher.Widget MEDIUM" "addon-elements-for-elementor-page-builder 1.13 Contributor+.to.LFI HIGH" "addon-elements-for-elementor-page-builder 1.13 Contributor+.Stored.XSS MEDIUM" "addon-elements-for-elementor-page-builder 1.13 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Modal.Popup.effet MEDIUM" "addon-elements-for-elementor-page-builder 1.13 Contributor+.Stored.XSS MEDIUM" "addon-elements-for-elementor-page-builder 1.12.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addon-elements-for-elementor-page-builder 1.12.8 Elementor.Addon.Element.Enabling/Disabling.via.CSRF MEDIUM" "addon-elements-for-elementor-page-builder 1.12.8 Admin+.Stored.XSS LOW" "addon-elements-for-elementor-page-builder 1.12.8 Settings.Update.via.CSRF MEDIUM" "addon-elements-for-elementor-page-builder 1.12.8 Unauthenticated.Post.ID/Tile.Disclosure MEDIUM" "addon-elements-for-elementor-page-builder 1.12 Reflected.Cross-Site.Scripting MEDIUM" "addon-elements-for-elementor-page-builder 1.11.14 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "addon-elements-for-elementor-page-builder 1.11.8 CSRF.Bypass LOW" "addon-elements-for-elementor-page-builder 1.11.2 Contributor+.Stored.XSS MEDIUM" "addon-elements-for-elementor-page-builder 1.6.4 CSRF.&.XSS LOW" "ap-contact-form 1.0.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "add-to-cart-direct-checkout-for-woocommerce 2.1.49 Admin+.Stored.XSS LOW" "audio-merchant No.known.fix Cross-Site.Request.Forgery.to.Settings.Modifcation.and.Stored.Cross-Site.Scripting MEDIUM" "audio-merchant No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "ari-cf7-connector 1.2.3 Cross-Site.Request.Forgery MEDIUM" "ari-cf7-connector 1.2.3 Reflected.XSS HIGH" "appointment-booking-calendar 1.3.83 CSRF.appointment.scheduling MEDIUM" "appointment-booking-calendar 1.3.70 Feedback.Submission.via.CSRF MEDIUM" "appointment-booking-calendar 1.3.35 CSV.Injection MEDIUM" "appointment-booking-calendar 1.3.35 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "appointment-booking-calendar 1.3.19 Unauthenticated.Stored.XSS MEDIUM" "appointment-booking-calendar 1.1.25 Unauthenticated.SQL.Injection CRITICAL" "appointment-booking-calendar 1.1.24 Unauthenticated.SQL.Injection CRITICAL" "appointment-booking-calendar 1.1.8 Multiple.Reflected.Cross-Site.Scripting.(XSS).and.SQL.Injection HIGH" "all-in-one-wp-migration-box-extension 1.54 Unauthenticated.Access.Token.Update MEDIUM" "admin-site-enhancements 5.8.0 Password.Protection.Mode.Security.Feature.Bypass HIGH" "adminify 3.1.7 Authenticated(Administrator+).SQL.Injection MEDIUM" "adminify 3.1.6 Admin+.Stored.XSS LOW" "adminify 3.1.6 Admin+.Stored.XSS LOW" "adminify 3.1.4 Reflected.Cross-Site.Scripting MEDIUM" "adminify 2.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "add-local-avatar No.known.fix Cross-Site.Request.Forgery.via.manage_avatar_cache MEDIUM" "alojapro-widget 1.1.16 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "add-admin-javascript No.known.fix Unauthenticated.Full.Path.Dislcosure MEDIUM" "admin-word-count-column No.known.fix Unauthenticated.Arbitrary.File.Read MEDIUM" "analytics-tracker 1.1.1 XSS MEDIUM" "automizy-gravity-forms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "automizy-gravity-forms No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "atlas-knowledge-base No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "atlas-knowledge-base No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "all-in-one-wp-migration-dropbox-extension 3.76 Unauthenticated.Access.Token.Update MEDIUM" "advanced-menu-widget No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "add-instagram No.known.fix Admin+.Stored.XSS LOW" "art-picture-gallery No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "accordions-or-faqs No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "accordions-or-faqs 2.3.1 Admin+.Stored.XSS LOW" "accordions-or-faqs 2.1.0 Authenticated.Arbitrary.Options.Update MEDIUM" "accordions-or-faqs 2.1.0 Admin+.Stored.XSS LOW" "accordions-or-faqs 2.0.3 Unauthenticated.Arbitrary.Options.Update CRITICAL" "accordions-wp 2.7 Authenticated.(Editor+).Stored.Cross-Site.Scripting.via.accordion.settings MEDIUM" "accordions-wp 2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "admin-menu No.known.fix Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "affiliatebooster-blocks 3.0.6 Blocks.Enabling/Disabling.via.CSRF MEDIUM" "age-verification-screen-for-woocommerce 1.1.0 Reflected.Cross-Site.Scripting MEDIUM" "age-verification-screen-for-woocommerce 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "add-multiple-marker No.known.fix Settings.Update.via.CSRF MEDIUM" "add-multiple-marker No.known.fix Unauthenticated.Settings.Update MEDIUM" "advanced-uploader No.known.fix Subscriber+.Arbitrary.File.Upload CRITICAL" "alttext-ai 1.5.0 Authenticated.(Subscriber+).SQL.Injection HIGH" "alttext-ai 1.3.5 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ai-engine 2.4.8 Admin+.SQLi MEDIUM" "ai-engine 2.5.1 Admin+.RCE MEDIUM" "ai-engine 2.4.8 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "ai-engine 2.2.70 Authenticated.(Editor+).Arbitrary.File.Upload CRITICAL" "ai-engine 2.1.5 Authenticated.(Editor+).Server-Side.Request.Forgery MEDIUM" "ai-engine 2.2.1 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "ai-engine 2.1.5 Editor+.Arbitrary.File.Upload.via.add_image_from_url MEDIUM" "ai-engine 1.9.99 Unauthenticated.Arbitrary.File.Upload CRITICAL" "ai-engine 1.6.83 Admin+.Stored.XSS LOW" "awesome-social-icons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "awesome-social-icons No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "allow-svg 1.2.0 Author+.Stored.XSS.via.SVG MEDIUM" "archivist-custom-archive-templates 1.7.6 Reflected.Cross-Site.Scripting MEDIUM" "archivist-custom-archive-templates No.known.fix Reflected.XSS HIGH" "archivist-custom-archive-templates 1.7.5 Custom.Archive.Templates.<.1.7.5.-.Admin+.Stored.XSS LOW" "archivist-custom-archive-templates 1.7.5 Custom.Archive.Templates.<.1.7.5.-.Stored.XSS.via.CSRF HIGH" "anywhere-elementor 1.2.8 Reflected.Cross-Site.Scripting MEDIUM" "anywhere-elementor 1.2.8 Freemius.API.Key.Disclosure MEDIUM" "anywhere-elementor 1.2.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "affiliate-ads-builder-for-clickbank-products 1.7 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "advanced-forms 1.9.3.3 Missing.Authorization.to.Unauthenticated.Form.Settings.Export MEDIUM" "advanced-forms 1.6.9 Subscriber+.Arbitrary.User.Email.Address.Update.via.IDOR HIGH" "article-analytics No.known.fix Unauthenticated.SQL.injection HIGH" "api-key-for-google-maps 1.2.2 Arbitrary.API.Key.Update.via.CSRF MEDIUM" "ari-fancy-lightbox 1.3.9 Reflected.Cross-Site.Scripting MEDIUM" "absolute-reviews 1.0.9 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "adsanity 1.8.2 Contributor.Arbitrary.File.Upload CRITICAL" "automatic-post-categories No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "automatic-post-categories No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "activity-log-mainwp 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "activity-log-mainwp 1.7.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advanced-quiz 1.0.3 Admin+.Stored.XSS LOW" "advanced-quiz No.known.fix Admin+.Stored.XSS.in.Quiz.Overview LOW" "advanced-post-block 1.13.5 Unauthenticated.Arbitrary.Post.Access MEDIUM" "add-from-server No.known.fix Authenticated.Path.Traversal.to.Arbitrary.File.Access HIGH" "add-from-server 3.3.2 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "attendance-manager 0.5.7 CSRF.&.XSS HIGH" "address-email-and-phone-validation No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "annasta-woocommerce-product-filters 1.6.5 Reflected.Cross-Site.Scripting MEDIUM" "annasta-woocommerce-product-filters 1.5.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "addify-image-watermark-for-woocommerce 1.0.1 Multiple.CSRF MEDIUM" "attesa-extra 1.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "affiliate-toolkit-starter No.known.fix Unauthenticated.Full.Path.Dislcosure MEDIUM" "affiliate-toolkit-starter 3.4.5 Unauthenticated.Sensitive.Information.Exposure.via.Logs MEDIUM" "affiliate-toolkit-starter 3.4.6 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.ratings MEDIUM" "affiliate-toolkit-starter 3.5.5 Missing.Authorization.via.atkp_create_list MEDIUM" "affiliate-toolkit-starter 3.5.5 Missing.Authorization.via.atkp_import_product MEDIUM" "affiliate-toolkit-starter 3.4.3 Unauthenticated.SSRF HIGH" "affiliate-toolkit-starter 3.4.4 Reflected.Cross-Site.Scripting.via.keyword MEDIUM" "affiliate-toolkit-starter 3.4.0 Open.Redirect.via.atkpout.php LOW" "affiliate-toolkit-starter 3.3.4 Editor+.Stored.XSS LOW" "ajax-search-lite 4.12.3 Admin+.Stored.XSS LOW" "ajax-search-lite 4.12.1 Admin+.Stored.XSS LOW" "ajax-search-lite 4.11.5 Reflected.Cross-Site.Scripting HIGH" "ajax-search-lite 4.11.1 Reflected.Cross-Site.Scripting HIGH" "ajax-search-lite 4.11.1 Subscriber+.Sensitive.Data.Disclosure MEDIUM" "avalex 3.0.9 Missing.Authorization MEDIUM" "avalex 3.0.4 Admin+.Stored.XSS LOW" "acf-quickedit-fields 3.2.3 Contributor+.User.Metadata.Leak.via.IDOR LOW" "addon-sweetalert-contact-form-7 1.0.8 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "advanced-testimonial-carousel-for-elementor 3.0.1 Missing.Authorization MEDIUM" "alma-gateway-for-woocommerce 5.2.1 Contributor+.Stored.XSS MEDIUM" "all-in-one-wp-migration 7.63 Unauthenticated.Reflected.XSS MEDIUM" "all-in-one-wp-migration 7.59 Admin+.File.Deletion.on.Windows.Hosts.via.Path.Traversal MEDIUM" "all-in-one-wp-migration 7.41 Admin+.Arbitrary.File.Upload.to.RCE MEDIUM" "all-in-one-wp-migration 7.15 Arbitrary.Backup.Download HIGH" "all-in-one-wp-migration 7.0 Authenticated.Cross-Site.Scripting.(XSS) CRITICAL" "all-in-one-wp-migration 6.46 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "all-in-one-wp-migration 2.0.5 Unauthenticated.Database.Export HIGH" "amr-shortcode-any-widget No.known.fix Contributor+.Stored.XSS MEDIUM" "ajax-search-for-woocommerce 1.25.0b3 Reflected.Cross-Site.Scripting MEDIUM" "ajax-search-for-woocommerce 1.24.0 AJAX.Search.for.WooCommerce.<.1.24.0.-.Admin+.Stored.Cross-Site.Scripting MEDIUM" "ajax-search-for-woocommerce 1.18.0 Admin+.Stored.Cross-Site.Scripting LOW" "ajax-search-for-woocommerce 1.17.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "add-fields-to-checkout-page-woocommerce 1.3.2 Missing.Authorization MEDIUM" "add-fields-to-checkout-page-woocommerce 1.3.1 Cross-Site.Request.Forgery MEDIUM" "add-fields-to-checkout-page-woocommerce 1.3.2 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "add-fields-to-checkout-page-woocommerce 1.3.0 Reflected.Cross-Site.Scripting MEDIUM" "add-fields-to-checkout-page-woocommerce 1.2.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "anymind-widget No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "animated-typed-js-shortcode 2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "aco-product-labels-for-woocommerce 1.5.4 Authenticated.(Shop.manager+).Stored.Cross-Site.Scripting MEDIUM" "adamrob-parallax-scroll 2.1 Cross-Site.Scripting.(XSS) MEDIUM" "addify-gift-registry-for-woocommerce 1.1.0 Multiple.CSRF MEDIUM" "acf-for-woocommerce-product No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "acf-for-woocommerce-product No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ag-custom-admin 7.2.4 Admin+.SSRF MEDIUM" "ag-custom-admin 7.2.2 Admin+.Stored.XSS.via.Image.URL LOW" "ag-custom-admin 7.0 Admin+.Stored.Cross-Site.Scripting MEDIUM" "ag-custom-admin 6.9.2 AGCA.<.6.9.2.-.Admin+.Stored.Cross-Site.Scripting LOW" "ag-custom-admin 6.5.5 CSRF.&.XSS LOW" "advanced-text-widget No.known.fix Admin+.Stored.XSS LOW" "author-avatars 2.1.19 Contributor+.Stored.XSS MEDIUM" "autotitle-for-wordpress No.known.fix Settings.Update.to.Stored.XSS.via.CSRF HIGH" "ai-image-generator 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "anonymous-restricted-content 1.6.3 .Protection.Mechanism.Bypass MEDIUM" "acf-better-search 3.3.1 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "ads-txt-admin No.known.fix Cross-Site.Request.Forgery MEDIUM" "amr-users 4.59.4 Admin+.Stored.Cross-Site.Scripting LOW" "aweber-web-form-widget 7.3.15 Authenticated.(Admin+).SQL.Injection HIGH" "aweber-web-form-widget 7.3.10 Missing.Authorization.via.AJAX.actions MEDIUM" "alkubot 3.0.0 Unauthorised.AJAX.call.via.CSRF MEDIUM" "anchor-episodes-index 2.1.8 Admin+.Stored.XSS LOW" "accessibility-help-button 1.1 Admin+.Stored.Cross.Site.Scripting LOW" "accessibility-help-button 1.1 Admin+.Stored.XSS LOW" "accessibility-help-button 1.2 Admin+.Stored.XSS LOW" "amazon-link No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "another-wordpress-classifieds-plugin 4.3.2 Cross-Site.Request.Forgery MEDIUM" "another-wordpress-classifieds-plugin 4.3.2 Missing.Authorization MEDIUM" "another-wordpress-classifieds-plugin 4.3.1 Categories.Mgt.via.CSRF MEDIUM" "another-wordpress-classifieds-plugin 4.3 Unauthenticated.SQLi MEDIUM" "announce-from-the-dashboard 1.5.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "announce-from-the-dashboard 1.5.2 Admin+.Stored.XSS LOW" "awesome-support 6.1.8 Missing.Authorization MEDIUM" "awesome-support 6.1.7 Insufficient.Authorization.via.wpas_can_delete_attachments() MEDIUM" "awesome-support 6.1.8 Missing.Authorization.via.wpas_get_users() MEDIUM" "awesome-support 6.1.8 Authenticated.(Subscriber+).SQL.Injection HIGH" "awesome-support 6.1.8 Missing.Authorization.via.editor_html() MEDIUM" "awesome-support 6.1.6 Missing.Authorization.via.wpas_load_reply_history MEDIUM" "awesome-support 6.1.6 Cross-Site.Request.Forgery MEDIUM" "awesome-support 6.1.8 Missing.Authorization MEDIUM" "awesome-support 6.1.11 Missing.Authorization MEDIUM" "awesome-support 6.1.5 Missing.Authorization.via.wpas_edit_reply_ajax() MEDIUM" "awesome-support 6.1.5 Cross-Site.Request.Forgery.via.wpas_edit_reply_ajax() MEDIUM" "awesome-support 6.1.5 Insufficient.permission.check.in.wpas_edit_reply MEDIUM" "awesome-support 6.1.5 Submitter+.Arbitrary.File.Deletion CRITICAL" "awesome-support 6.1.5 Reflected.Cross-Site.Scripting HIGH" "awesome-support 6.1.2 Subscriber+.Arbitrary.Exported.Tickets.Download MEDIUM" "awesome-support 6.0.8 Authenticated.Stored.XSS MEDIUM" "awesome-support 6.0.7 Reflected.Cross-Site.Scripting HIGH" "awesome-support 6.0.11 Reflected.Cross-Site.Scripting.(XSS) HIGH" "awesome-support 6.0.0 Stored.XSS.via.Ticket.Title MEDIUM" "awesome-support 3.1.7 XSS.&.Shortcodes.Allowed.in.Replies HIGH" "atomchat 1.1.5 Unauthenticated.Credits.Update MEDIUM" "automatic-youtube-video-posts No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "ays-popup-box 4.5.2 Missing.Authorization MEDIUM" "ays-popup-box 4.1.3 Cross-Site.Request.Forgery MEDIUM" "ays-popup-box 4.3.7 Missing.Authorization.to.Information.Exposure MEDIUM" "ays-popup-box 20.9.0 Admin+.Stored.XSS LOW" "ays-popup-box 7.9.0 Admin+.Stored.XSS LOW" "ays-popup-box 3.8.6 Admin+.Stored.XSS.in.Popup.Settings LOW" "ays-popup-box 3.8.6 Admin+.Stored.XSS.in.Categories LOW" "ays-popup-box 3.7.9 Admin+.Stored.XSS LOW" "ays-popup-box 3.7.2 Admin+.Stored.Cross-Site.Scripting LOW" "ays-popup-box 3.4.5 Reflected.XSS HIGH" "ays-popup-box 2.3.4 Reflected.Cross-Site.Scripting.(XSS) HIGH" "ays-popup-box 2.3.4 Authenticated.Blind.SQL.Injections HIGH" "advanced-database-replacer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "advanced-database-replacer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "add-any-extension-to-pages 1.5 Cross-Site.Request.Forgery.via.aaetp_options_page MEDIUM" "admin-form 1.9.1 Reflected.Cross-Site.Scripting MEDIUM" "admin-form 1.9.1 Cross-Site.Request.Forgery MEDIUM" "add-posts-to-pages No.known.fix Contributor+.Stored.XSS MEDIUM" "adminpad 2.2 Note.Update.via.CSRF MEDIUM" "accessibility 1.0.7 Cross-Site.Request.Forgery MEDIUM" "accessibility 1.0.4 Admin+.Stored.XSS LOW" "acurax-social-media-widget 3.2.6 Stored.XSS.&.CSRF HIGH" "ai-post-generator 3.4 Subscriber+.Posts.Read/Creation/Deletion MEDIUM" "aikit-wordpress-ai-writing-assistant-using-gpt3 No.known.fix Authenticated.(Contributor+).SQL.Injection CRITICAL" "affiliate-solution No.known.fix Admin+.Stored.XSS LOW" "addify-custom-order-number 1.2.0 Multiple.CSRF MEDIUM" "an-gradebook No.known.fix Subscriber+.SQLi HIGH" "an-gradebook No.known.fix Admin+.XSS LOW" "accurate-form-data-real-time-form-validation No.known.fix Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "age-gate 2.17.1 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "age-gate 2.20.4 Reflected.Cross-Site.Scripting MEDIUM" "age-gate 2.17.1 Unauthenticated.Import.Settings CRITICAL" "age-gate 2.16.4 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "age-gate 2.13.5 Unauthenticated.Open.Redirect LOW" "acf-front-end-editor No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Content.Update MEDIUM" "admin-quick-panel No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "admin-quick-panel 1.2.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "astra-pro-sites 3.2.5 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "astra-pro-sites 3.2.6 Incorrect.Authorization MEDIUM" "advanced-form-integration 1.89.6 Cross-Site.Request.Forgery MEDIUM" "advanced-form-integration 1.82.6 SQL.Injection.to.Reflected.Cross-Site.Scripting.via.integration_id MEDIUM" "advanced-form-integration 1.76.0 Authenticated(Administrator+).SQL.Injection MEDIUM" "advanced-form-integration 1.69.1 Reflected.Cross-Site.Scripting MEDIUM" "advanced-form-integration 1.63.0 Admin+.Stored.XSS LOW" "advanced-form-integration 1.49.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "accesspress-social-share 4.5.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "auto-login-when-resister No.known.fix Settings.Update.via.CSRF MEDIUM" "adrotate 5.13.3 Admin+.Double.Extension.Arbitrary.File.Upload MEDIUM" "adrotate 5.9.1 Password.Change.via.CSRF MEDIUM" "adrotate 5.8.23 Admin+.XSS.via.Group.Name LOW" "adrotate 5.8.23 Admin+.XSS.via.Advert.Name LOW" "adrotate 5.8.22 Admin+.SQL.Injection MEDIUM" "adrotate 5.8.4 Authenticated.SQL.Injection MEDIUM" "adrotate 5.3 Authenticated.SQL.Injection HIGH" "acf-vc-integrator 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "atarim-visual-collaboration 4.0.2 Missing.Authorization.via.remove_feedbacktool_notice() MEDIUM" "atarim-visual-collaboration 4.0.3 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "atarim-visual-collaboration 4.0.1 Missing.Authorization MEDIUM" "atarim-visual-collaboration 3.32 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "atarim-visual-collaboration 3.31 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "atarim-visual-collaboration 3.30 Unauthenticated.Settings.Update,.Post.Deletion.etc HIGH" "atarim-visual-collaboration 3.13 Unauthenticated.Stored.XSS HIGH" "atarim-visual-collaboration 3.9.4 Admin+.Stored.XSS LOW" "animategl 1.4.18 Reflected.Cross-Site.Scripting MEDIUM" "amministrazione-aperta 3.8 Admin+.LFI LOW" "allow-php-in-posts-and-pages No.known.fix Authenticated.Remote.Code.Execution.(RCE) CRITICAL" "avcp No.known.fix Cross-Site.Request.Forgery.via.settings.php MEDIUM" "avcp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "avcp No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "auto-install-free-ssl 3.6.0 Reflected.Cross-Site.Scripting MEDIUM" "automatic-grid-image-listing No.known.fix Admin+.Arbitrary.File.Upload MEDIUM" "auto-listings 2.6.6 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "advanced-wp-table No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "advanced-wp-table 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "all-404-redirect-to-homepage 2.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "all-404-redirect-to-homepage 1.21 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "avirato-calendar No.known.fix Subscriber+.SQLi HIGH" "add-expires-headers 2.8.0 Reflected.Cross-Site.Scripting MEDIUM" "add-expires-headers 2.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ak-menu-icons-lite 1.0.9 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "advanced-iframe 2024.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-iframe 2024.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "advanced-iframe 2024.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-iframe 2024.0 Contributor+.Stored.XSS MEDIUM" "advanced-iframe 2023.9 Contributor+.Stored.XSS MEDIUM" "advanced-iframe 2022 Reflected.Cross-Site.Scripting MEDIUM" "addendio No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "addendio No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "advanced-cf7-db 2.0.3 Missing.Authorization.to.Unauthenticated.Information.Disclosure MEDIUM" "advanced-cf7-db No.known.fix Sensitive.Information.Exposure MEDIUM" "advanced-cf7-db 1.8.8 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "advanced-cf7-db 1.8.7 Subscriber+.Arbitrary.File.Deletion HIGH" "advanced-cf7-db 1.7.1 SQL.Injection CRITICAL" "alipay No.known.fix Authenticated.SQL.Injection MEDIUM" "add-to-any 1.7.48 Admin+.Stored.Cross-Site.Scripting LOW" "add-to-any 1.7.46 Admin+.Stored.XSS MEDIUM" "ad-swapper No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "api-bearer-auth 20190908 Unauthenticated.Reflected.XSS MEDIUM" "alpine-photo-tile-for-pinterest No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "affiliate-for-woocommerce 4.8.0 Subscriber+.Paypal.Email.Update.via.IDOR MEDIUM" "affiliate-for-woocommerce 4.8.0 Subscriber+.Unauthorised.Actions MEDIUM" "all-in-one-wp-migration-onedrive-extension 1.67 Unauthenticated.Access.Token.Update MEDIUM" "advanced-wp-columns No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "adsense-click-fraud-monitoring No.known.fix XSS MEDIUM" "auto-poster No.known.fix Authenticated.(Administrator+).Arbitrary.File.Upload CRITICAL" "addify-order-approval-woocommerce 1.1.0 Multiple.CSRF MEDIUM" "advanced-product-labels-for-woocommerce 1.2.3.7 Reflected.Cross-Site.Scripting MEDIUM" "aa-calculator No.known.fix Reflected.Cross-Site.Scripting.via.invoice MEDIUM" "anti-spam 7.3.8 Missing.Authorization MEDIUM" "anti-spam 7.3.1 Protection.Bypass.due.to.IP.Spoofing MEDIUM" "admin-menu-restriction No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "all-in-one-invite-codes 1.0.13 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "accordions 2.2.97 Missing.Authorization.to.Authenticated(Contributor+).Post.Duplication MEDIUM" "accordions 2.2.30 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "accordions 2.2.9 Unprotected.AJAX.Action.to.Stored/Reflected.XSS MEDIUM" "admin-page-framework 3.9.0 Folders.Disclosure.via.Outdated.jQueryFileTree.Library MEDIUM" "author-bio-box 3.4.0 Admin+.Stored.Cross-Site.Scripting LOW" "anspress-question-answer 4.3.2 Editor+.Stored.XSS MEDIUM" "artificial-intelligence-auto-content-generator 3.0.0 Reflected.Cross-Site.Scripting MEDIUM" "anyvar No.known.fix Stored.Cross-Site.Scripting.(XSS) MEDIUM" "advanced-visual-elements 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "admin-user-search No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "alpine-photo-tile-for-instagram No.known.fix Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "astra-sites 4.2.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "astra-sites 4.1.7 Contributor+.Server-Side.Request.Forgery MEDIUM" "astra-sites 3.2.5 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "astra-sites 3.2.6 Incorrect.Authorization MEDIUM" "astra-sites 3.1.21 Settings.Update.via.CSRF MEDIUM" "astra-sites 2.7.1 Contributor+.Block.Import.to.Stored.XSS HIGH" "ajax-live-search No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ajax-live-search No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ajax-filter-posts 3.4.11 Reflected.Cross-Site.Scripting MEDIUM" "ajax-filter-posts No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ajax-filter-posts 3.4.8 Missing.Authorization MEDIUM" "audio-video-download-buttons-for-youtube 1.04 Reflected.Cross-Site.Scripting MEDIUM" "anual-archive No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "anual-archive No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "anual-archive 1.6.0 Contributor+.Stored.XSS MEDIUM" "amr-ical-events-list No.known.fix Admin+.Stored.XSS LOW" "aesop-story-engine No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "all-in-one-schemaorg-rich-snippets 1.6.6 All.In.One.Schema.Rich.Snippets.<.1.6.6.-.Multiple.CSRF MEDIUM" "all-in-one-schemaorg-rich-snippets 1.5.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "ap-pricing-tables-lite No.known.fix Admin+.SQLi MEDIUM" "ap-pricing-tables-lite 1.1.5 Reflected.Cross-Site.Scripting MEDIUM" "ap-pricing-tables-lite 1.1.3 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "amen No.known.fix Admin+.Stored.XSS LOW" "accommodation-system No.known.fix Subscriber+.Unauthorised.Actions MEDIUM" "adaptive-images 0.6.69 Reflected.Cross-Site.Scripting MEDIUM" "adaptive-images 0.6.67 Local.File.Inclusion.&.Deletion HIGH" "accesspress-social-icons 1.8.3 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "accesspress-social-icons 1.8.1 Authenticated.SQL.Injection HIGH" "accesspress-social-icons 1.6.8 Authenticated.SQL.Injections MEDIUM" "automatewoo 5.7.6 Cross-Site.Request.Forgery MEDIUM" "automatewoo 5.7.6 Missing.Authorization MEDIUM" "automatewoo 5.7.2 ShopManager+.SQLi MEDIUM" "automatewoo 5.7.2 Cross-Site.Request.Forgery MEDIUM" "ajax-random-post No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "autocomplete-address-and-location-picker-for-woocommerce 1.1.7 Reflected.Cross-Site.Scripting MEDIUM" "autocomplete-address-and-location-picker-for-woocommerce 1.0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "affiliate-links 2.7 Contributor+.Stored.XSS MEDIUM" "aawp 3.12.3 Unsafe.URL.Handling MEDIUM" "aawp 3.17.1 Reflected.Cross-Site.Scripting MEDIUM" "aspose-doc-exporter No.known.fix Missing.Authorization MEDIUM" "aspose-doc-exporter 2.0 Unauthenticated.Arbitrary.File.Download HIGH" "all-in-one-b2b-for-woocommerce No.known.fix Multiple.CSRF MEDIUM" "all-in-one-b2b-for-woocommerce No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "affiliates-manager 2.9.35 Cross-Site.Request.Forgery MEDIUM" "affiliates-manager 2.9.31 Sensitive.Information.Exposure.via.Log.File MEDIUM" "affiliates-manager 2.9.32 Cross-Site.Request.Forgery.via.multiple.AJAX.actions MEDIUM" "affiliates-manager 2.9.21 Cross-Site.Request.Forgery MEDIUM" "affiliates-manager 2.9.14 Arbitrary.Affiliates.&.Creatives.Deletion.via.CSRF MEDIUM" "affiliates-manager 2.9.14 Affiliate.CSV.Injection MEDIUM" "affiliates-manager 2.9.14 Reflected.Cross-Site.Scripting MEDIUM" "affiliates-manager 2.9.14 Admin+.Stored.Cross-Site.Scripting LOW" "affiliates-manager 2.9.0 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "affiliates-manager 2.8.7 Admin+.SQL.injection MEDIUM" "affiliates-manager 2.7.8 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "affiliates-manager 2.6.6 CRSF.Issues MEDIUM" "auto-post-woocommerce-products No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "add-tiktok-advertising-pixel 1.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advanced-booking-calendar No.known.fix Unauthenticated.SQLi HIGH" "advanced-booking-calendar No.known.fix CSRF MEDIUM" "advanced-booking-calendar 1.7.1 Reflected.Cross-Site.Scripting MEDIUM" "advanced-booking-calendar 1.7.1 Admin+.SQLi MEDIUM" "advanced-booking-calendar 1.7.0 Unauthenticated.SQL.Injection HIGH" "advanced-booking-calendar 1.6.8 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "advanced-booking-calendar 1.6.7 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "advanced-booking-calendar 1.6.2 Unauthenticated.SQL.Injection CRITICAL" "ajax-login-and-registration-modal-popup No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "addify-order-tracking-for-woocommerce 1.0.2 Multiple.CSRF MEDIUM" "advanced-database-cleaner 3.1.4 Administrator+.PHP.Object.Injection MEDIUM" "advanced-database-cleaner 3.1.3 Authenticated.(Administrator+).SQL.Injection MEDIUM" "advanced-database-cleaner 3.1.2 Settings.Update.via.CSRF MEDIUM" "advanced-database-cleaner 3.1.1 Reflected.Cross-Site.Scripting MEDIUM" "advanced-database-cleaner 3.0.4 Reflected.Cross-Site.Scripting MEDIUM" "advanced-database-cleaner 3.0.2 Authenticated.SQL.injection MEDIUM" "activitypub 1.0.6 Unauthenticated.REST.API.Access MEDIUM" "activitypub 1.0.0 Subscriber+.Arbitrary.Post.Content.Disclosure MEDIUM" "activitypub 1.0.1 Contributor+.Stored.XSS MEDIUM" "activitypub 1.0.0 Subscriber+.Arbitrary.Post.Title.Disclosure MEDIUM" "activitypub 1.0.0 Contributor+.Stored.XSS MEDIUM" "all-users-messenger No.known.fix Subscriber+.Message.Deletion.via.IDOR MEDIUM" "advanced-custom-fields 6.3 Contributor+.Custom.Field.Access LOW" "advanced-custom-fields 6.2.5 Contributor+.Stored.Cross-Site.Scripting.via.Custom.Field MEDIUM" "advanced-custom-fields 6.1.6 Reflected.XSS HIGH" "advanced-custom-fields 6.1.0 Contributor+.PHP.Object.Injection MEDIUM" "advanced-custom-fields 5.12.5 Contributor+.PHP.Object.Injection MEDIUM" "advanced-custom-fields 5.12.3 Unauthenticated.File.Upload MEDIUM" "advanced-custom-fields 5.12.1 Contributor+.Database.Information.Access MEDIUM" "advanced-custom-fields 5.11 Subscriber+.Arbitrary.ACF.Data/Field.Groups.View.and.Fields.Move MEDIUM" "advanced-custom-fields 5.8.12 Cross-Site.Scripting.in.Select2.dropdowns MEDIUM" "advanced-custom-fields 5.7.12 Unserialize.of.user.input MEDIUM" "activecampaign-subscription-forms 8.1.15 Authenticated.(Administrator+).Server-Side.Request.Forgery MEDIUM" "activecampaign-subscription-forms 8.1.12 Contributor+.Stored.XSS MEDIUM" "activecampaign-subscription-forms 8.0.2 Cross-Site.Request.Forgery.in.Settings HIGH" "azurecurve-toggle-showhide No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "article-directory No.known.fix Admin+.Stored.XSS LOW" "avectra-netforum-single-sign-on No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "avectra-netforum-single-sign-on 1.3.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "auto-date-year-month 1.1.5 Reflected.Cross-Site.Scripting MEDIUM" "ajax-press No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "automatic-pages-for-privacy-policy-terms-about-and-contact 1.42 Reflected.Cross-Site.Scripting MEDIUM" "aceide No.known.fix Authenticated.(admin+).Arbitrary.File.Access MEDIUM" "ai-wp-writer 3.6.5.6 Missing.Authorization MEDIUM" "ays-facebook-popup-likebox 3.7.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ays-facebook-popup-likebox 3.6.1 Reflected.Cross-Site.Scripting MEDIUM" "ays-facebook-popup-likebox 3.5.3 Reflected.Cross-Site.Scripting.(XSS) HIGH" "ays-facebook-popup-likebox 3.5.3 Page.Plugin.<.3.5.3.-.Authenticated.Blind.SQL.Injections HIGH" "advanced-ads 1.52.2 Authenticated.(Admin+).PHP.Object.Injection HIGH" "advanced-ads 1.52.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Ad.Widget MEDIUM" "advanced-ads 1.32.0 Admin+.Stored.XSS MEDIUM" "advanced-ads 1.17.4 Reflected.XSS.via.Admin.Dashboard MEDIUM" "add-custom-css-and-js No.known.fix Stored.XSS.via.CSRF HIGH" "addon-library No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "add-customer-for-woocommerce 1.7.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "aryo-activity-log 2.8.8 IP.Spoofing MEDIUM" "aryo-activity-log 2.8.4 CSV.Injection LOW" "aryo-activity-log 2.7.0 Authenticated.SQL.Injection MEDIUM" "aryo-activity-log 2.4.1 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "aryo-activity-log 2.3.3 Cross-Site.Scripting.(XSS) MEDIUM" "aryo-activity-log 2.3.3 Cross-Site.Scripting.(XSS).in.'page' MEDIUM" "alt-manager 1.6.2 Missing.Authorization MEDIUM" "alt-manager 1.5.7 Reflected.Cross-Site.Scripting MEDIUM" "alt-manager 1.5.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "acf-frontend-display No.known.fix Arbitrary.File.Upload CRITICAL" "adsplacer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "amazonsimpleadmin 1.5.4 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "ab-press-optimizer-lite No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "autocomplete-location-field-contact-form-7 3.0 Admin+.Store.Cross-Site.Scripting LOW" "all-in-one-video-downloader No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "all-in-one-video-downloader No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ameliabooking No.known.fix Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "ameliabooking No.known.fix Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "ameliabooking 1.2.1 Unauthenticated.Full.Path.Disclosure MEDIUM" "ameliabooking 1.1.6 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "ameliabooking 1.0.96 Cross-Site.Request.Forgery MEDIUM" "ameliabooking 1.0.99 Reflected.Cross-Site.Scripting MEDIUM" "ameliabooking 1.0.94 Contributor+.Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "ameliabooking 1.0.99 Missing.Authorization MEDIUM" "ameliabooking 1.0.86 Contributor+.Stored.XSS MEDIUM" "ameliabooking 1.0.76 Reflected.XSS HIGH" "ameliabooking 1.0.49 Customer+.Arbitrary.Appointments.Status.Update MEDIUM" "ameliabooking 1.0.48 Customer+.SMS.Service.Abuse.and.Sensitive.Data.Disclosure MEDIUM" "ameliabooking 1.0.47 Unauthenticated.Stored.XSS.via.lastName HIGH" "ameliabooking 1.0.47 Customer+.Arbitrary.Appointments.Update.and.Sensitive.Data.Disclosure HIGH" "ameliabooking 1.0.46 Arbitrary.Customer.Deletion.via.CSRF MEDIUM" "ameliabooking 1.0.46 Manager+.RCE MEDIUM" "ameliabooking 1.0.46 Reflected.Cross-Site.Scripting MEDIUM" "advance-menu-manager 3.0.6 Reflected.Cross-Site.Scripting MEDIUM" "advance-menu-manager 3.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advance-menu-manager 3.0 Unauthorised.Menu.Edition.via.CSRF MEDIUM" "advance-menu-manager 3.0.7 Unauthorised.Menu.Creation/Deletion MEDIUM" "analytics-for-wp No.known.fix Admin+.Stored.XSS LOW" "aoi-tori No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "accesspress-twitter-auto-post 1.4.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "abeta-punchout 1.0.0 Reflected.Cross-Site.Scripting MEDIUM" "abeta-punchout 1.0.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "admin-custom-login 3.2.8 CSRF.to.Stored.XSS HIGH" "autosave-net No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "autosave-net No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "announcer 6.0.1 Missing.Authorization MEDIUM" "addify-product-stock-manager 1.0.5 Subscriber+.Unauthorised.AJAX.Calls HIGH" "admin-bar-dashboard-control 1.2.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "astra-addon 4.3.2 Authenticated(Contributor+).Remote.Code.Execution.via.Metabox HIGH" "astra-addon 3.5.2 Unauthenticated.SQL.Injection HIGH" "accesspress-social-login-lite 3.4.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "add-hierarchy-parent-to-post 3.13 Reflected.Cross-Site.Scripting MEDIUM" "advanced-custom-fields-pro 6.3.6 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "advanced-custom-fields-pro 6.3 Contributor+.Custom.Field.Access LOW" "advanced-custom-fields-pro 6.2.10 Authenticated.(Contributor+).Code.Injection CRITICAL" "advanced-custom-fields-pro 6.2.10 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "advanced-custom-fields-pro 6.2.5 Contributor+.Stored.Cross-Site.Scripting.via.Custom.Field MEDIUM" "advanced-custom-fields-pro 6.1.6 Reflected.XSS HIGH" "advanced-custom-fields-pro 5.12.5 Contributor+.PHP.Object.Injection MEDIUM" "advanced-custom-fields-pro 6.1.0 Contributor+.PHP.Object.Injection MEDIUM" "advanced-custom-fields-pro 5.12.3 Unauthenticated.File.Upload MEDIUM" "advanced-custom-fields-pro 5.12.1 Contributor+.Database.Information.Access MEDIUM" "advanced-custom-fields-pro 5.11 Subscriber+.Arbitrary.ACF.Data/Field.Groups.View.and.Fields.Move MEDIUM" "advanced-custom-fields-pro 5.9.1 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "addons-for-visual-composer 3.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addons-for-visual-composer 3.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "addons-for-visual-composer 3.8.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "addons-for-visual-composer 3.6 Contributor+.Stored.XSS MEDIUM" "addons-for-visual-composer 3.3 Reflected.Cross-Site.Scripting MEDIUM" "addons-for-visual-composer 2.9.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "addify-custom-registration-forms-builder 1.0.2 Multiple.CSRF MEDIUM" "announcekit No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "auxin-portfolio No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "auxin-portfolio 2.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'.Grid.Portfolios' MEDIUM" "auxin-portfolio No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "accesspress-twitter-feed No.known.fix Delete.cache.via.CSRF MEDIUM" "accesspress-twitter-feed 1.6.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "activecampaign-for-woocommerce 1.9.8 Subscriber+.Error.Log.Cleanup MEDIUM" "awesome-contact-form7-for-elementor 3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.AEP.Contact.Form.7.Widget MEDIUM" "ajax-domain-checker No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-ajax-page-loader No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "advanced-ajax-page-loader 2.7.7 Unauthenticated.Uploaded.File.Disclosure MEDIUM" "all-in-one-redirection No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "all-in-one-redirection No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "all-in-one-redirection 2.2.0 Admin+.SQLi MEDIUM" "awsm-team 1.3.2 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "advanced-local-pickup-for-woocommerce 1.6.2 Missing.Authorization.to.Notice.Dismissal MEDIUM" "advanced-local-pickup-for-woocommerce 1.6.3 Missing.Authorization MEDIUM" "advanced-local-pickup-for-woocommerce 1.6.0 Authenticated.(Administrator+).SQL.Injection HIGH" "addfreestats No.known.fix Admin+.Stored.XSS LOW" "add-custom-body-class No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "about-author-box 1.0.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "abwp-simple-counter No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "apptivo-business-site 3.0.14 Admin+.Stored.XSS LOW" "attribute-stock-for-woocommerce 1.3.0 Reflected.Cross-Site.Scripting MEDIUM" "awsom-news-announcement No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "audio-text No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "albo-pretorio-on-line No.known.fix Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "albo-pretorio-on-line No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "albo-pretorio-on-line 4.6.4 Reflected.XSS HIGH" "albo-pretorio-on-line 4.6.2 Reflected.XSS HIGH" "albo-pretorio-on-line 4.6.1 Reflected.XSS HIGH" "appointment-hour-booking 1.4.57 Captcha.Bypass MEDIUM" "appointment-hour-booking 1.3.73 Unauthenticated.iFrame.Injection HIGH" "appointment-hour-booking 1.3.73 CSV.Injection MEDIUM" "appointment-hour-booking 1.3.73 CAPTCHA.Bypass MEDIUM" "appointment-hour-booking 1.3.72 Feedback.Submission.via.CSRF MEDIUM" "appointment-hour-booking 1.3.56 Admin+.Stored.Cross-Site.Scripting LOW" "appointment-hour-booking 1.3.17 Authenticated.Stored.XSS LOW" "appointment-hour-booking 1.3.16 Admin+.Stored.Cross-Site.Scripting LOW" "appointment-hour-booking 1.1.46 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "aviary-image-editor-add-on-for-gravity-forms No.known.fix Unauthenticated.File.Upload CRITICAL" "a-staff No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "a-staff No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "a-staff No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "ark-wysiwyg-comment-editor No.known.fix Iframe.Injection.via.Comment LOW" "add-subtitle No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "advanced-cron-manager 2.5.10 Missing.Authorization MEDIUM" "advanced-cron-manager 2.5.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "advanced-cron-manager 2.4.2 Subscriber+.Arbitrary.Events/Schedules.Creation/Deletion MEDIUM" "add2fav No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "aio-time-clock-lite 1.3.321 Admin+.Stored.XSS LOW" "agp-font-awesome-collection No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "agp-font-awesome-collection No.known.fix Reflected.XSS HIGH" "anywhere-flash-embed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-page-visit-counter No.known.fix Authenticated.(Administrator+).SQL.Injection CRITICAL" "advanced-page-visit-counter No.known.fix Admin+.Stored.XSS LOW" "advanced-page-visit-counter No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-page-visit-counter 8.0.1 Contributor+.SQLi MEDIUM" "advanced-page-visit-counter 7.1.1 Reflected.Cross-Site.Scripting MEDIUM" "advanced-page-visit-counter 6.1.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "advanced-page-visit-counter 6.1.6 Subscriber+.Blind.SQL.injection HIGH" "advanced-page-visit-counter 6.0.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advanced-floating-content-lite 1.2.6 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-floating-content-lite 1.2.2 Contributor+.XSS MEDIUM" "aajoda-testimonials 2.2.2 Admin+.Stored.XSS LOW" "antispam-bee 2.11.4 IP.Address.Spoofing.via.get_client_ip MEDIUM" "additional-product-fields-for-woocommerce 1.2.105 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "accesspress-custom-post-type 1.0.9 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "admin-side-data-storage-for-contact-form-7 No.known.fix Authenticated.(Admin+).SQL.Injection HIGH" "admin-side-data-storage-for-contact-form-7 No.known.fix Missing.Authorization.to.Unauthenticated.Bookmark.Status.Alteration MEDIUM" "admin-side-data-storage-for-contact-form-7 No.known.fix Missing.Authorization.to.Unauthenticated.Read.Status.Update MEDIUM" "admin-side-data-storage-for-contact-form-7 No.known.fix Cross-Site.Request.Forgery MEDIUM" "admin-side-data-storage-for-contact-form-7 No.known.fix Unauthenticated.Reflected.XSS HIGH" "admin-bar 1.0.23 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "addons-for-beaver-builder 3.7 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "addons-for-beaver-builder 3.3 Reflected.Cross-Site.Scripting MEDIUM" "addons-for-beaver-builder 2.8.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "about-me No.known.fix Subscriber+.Arbitrary.Network.Creation/Deletion MEDIUM" "a4-barcode-generator 3.4.10 Missing.Authorization MEDIUM" "a4-barcode-generator 3.4.7 Subscriber+.Stored.XSS HIGH" "a4-barcode-generator 3.4.7 Subscriber+.Settings/Profiles.Update,.Templates/Barcodes.Access/Creation/Edition/Deletion MEDIUM" "accesspress-anonymous-post-pro 3.2.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "auxin-shop No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "amtythumb No.known.fix Subscriber+.SQLi HIGH" "ari-stream-quiz 1.3.1 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "ari-stream-quiz 1.3.0 Cross-Site.Request.Forgery MEDIUM" "ari-stream-quiz 1.3.0 Cross-Site.Request.Forgery MEDIUM" "ari-stream-quiz 1.3.0 Contributor+.Stored.XSS MEDIUM" "ari-stream-quiz 1.3.3 Contributor+.Content.Injection LOW" "animated-al-list No.known.fix Reflected.XSS HIGH" "amazonify No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "amazonify No.known.fix Cross-Site.Request.Forgery.to.Amazon.Tracking.ID.Update MEDIUM" "automatic-youtube-gallery 2.3.5 Missing.Authorization.via.AJAX.actions MEDIUM" "automatic-youtube-gallery 2.3.3 Reflected.Cross-Site.Scripting MEDIUM" "automatic-youtube-gallery 1.6.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "all-contact-form-integration-for-elementor No.known.fix Missing.Authorization MEDIUM" "all-contact-form-integration-for-elementor 2.9.9.8 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "all-contact-form-integration-for-elementor 2.9.9.8 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "art-direction No.known.fix Contributor+.Stored.XSS MEDIUM" "all-bootstrap-blocks 1.3.20 Contributor+.Stored.XSS MEDIUM" "all-bootstrap-blocks 1.3.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "all-bootstrap-blocks 1.3.7 Cross-Site.Request.Forgery MEDIUM" "auto-tag-creator No.known.fix Missing.Authorization.via.tag_save_settings_callback MEDIUM" "auto-translate No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Custom.Font MEDIUM" "ai-moderator-for-buddypress-and-buddyboss No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "amty-thumb-recent-post No.known.fix Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "advanced-admin-search 1.1.6 Reflected.Cross-Site.Scripting MEDIUM" "about-rentals No.known.fix Unauthenticated.Actions HIGH" "acf-on-the-go No.known.fix .Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Content.Update MEDIUM" "advanced-image-sitemap No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "acf-frontend-form-element 3.19.5 Improper.Missing.Encryption.Exception.Handling.to.Form.Manipulation CRITICAL" "acf-frontend-form-element 3.18.4 Unauthenticated.Arbitrary.File.Upload CRITICAL" "acf-frontend-form-element 3.8.0 Reflected.Cross-Site.Scripting MEDIUM" "acf-frontend-form-element 3.3.33 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "admin-and-client-message-after-order-for-woocommerce 12.5 Missing.Authorization.to.Arbitrary.File.Upload CRITICAL" "advanced-exchange-rates No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "advanced-exchange-rates No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advanced-access-manager 6.9.21 Reflected.XSS HIGH" "advanced-access-manager 6.9.21 Admin+.Stored.Cross-Site.Scripting MEDIUM" "advanced-access-manager 6.9.19 Open.Redirect MEDIUM" "advanced-access-manager 6.9.19 Contributor+.Stored.XSS MEDIUM" "advanced-access-manager 6.9.16 Contributor+.Stored.XSS MEDIUM" "advanced-access-manager 6.8.0 Admin+.Stored.Cross-Site.Scripting LOW" "advanced-access-manager 6.6.2 Authenticated.Information.Disclosure MEDIUM" "advanced-access-manager 6.6.2 Authenticated.Authorization.Bypass.and.Privilege.Escalation HIGH" "advanced-access-manager 5.9.9 Unauthenticated.Local.File.Inclusion CRITICAL" "advanced-access-manager 3.2.2 Privilege.Escalation HIGH" "adicons No.known.fix Admin+.SQL.Injection MEDIUM" "ajax-archive-calendar 2.6.8 Contributor+.Stored.XSS MEDIUM" "ajax-pagination No.known.fix wp-admin/admin-ajax.php.loop.Parameter.Local.File.Inclusion HIGH" "aramex-shipping-woocommerce No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "add-to-feedly No.known.fix Admin+.Stored.XSS LOW" "admin-block-country No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "aparat No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ai-content-writing-assistant 1.1.7 CSRF MEDIUM" "addify-price-calculator-for-woocommerce No.known.fix Multiple.CSRF MEDIUM" "article2pdf No.known.fix Multiple.Vulnerabilities CRITICAL" "ads-invalid-click-protection No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "addthis 5.0.13 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "auto-location-for-wp-job-manager 1.1 Admin+.Cross.Site.Scripting LOW" "apexchat 1.3.2 Admin+.Stored.XSS LOW" "aiify 0.1.0 Reflected.Cross-Site.Scripting MEDIUM" "add-user-role No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "accredible-certificates 1.4.9 Admin+.Stored.XSS LOW" "advanced-popups 1.1.2 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "agenteasy-properties No.known.fix Admin+.Stored.XSS LOW" "authenticator 1.3.1 Subscriber+.Denial.of.Service.via.Feed.Token.Disclosure MEDIUM" "a2-optimized-wp 3.0.5 Data.Collection.Toggle.via.CSRF MEDIUM" "absolute-privacy No.known.fix User.Email/Password.Change.via.Cross-Site.Request.Forgery HIGH" "amp-wp No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "advanced-free-flat-shipping-woocommerce 1.6.4.6 Cross-Site.Request.Forgery MEDIUM" "advanced-easy-shipping-for-wc-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ays-chatgpt-assistant 2.1.0 Unauthenticated.AJAX.Calls MEDIUM" "ays-chatgpt-assistant 2.1.0 Unauthenticated.OpenAI.Key.Disclosure HIGH" "apply-online 2.6.3 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "apply-online 2.5.4 Missing.Authorization LOW" "apply-online 2.5.3 Reflected.XSS HIGH" "apply-online 2.5.6 Admin+.Stored.XSS LOW" "aws-cdn-by-wpadmin 3.0.0 Cross-Site.Request.Forgery MEDIUM" "acf-extended 0.8.9.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "acf-extended 0.8.8.7 Admin+.SQL.Injection MEDIUM" "all-in-one-favicon 4.7 Multiple.Stored.Authenticated.XSS MEDIUM" "analogwp-templates 1.8.1 Cross-Site.Request.Forgery HIGH" "analogwp-templates 1.8.1 CSRF.Nonce.Bypasses MEDIUM" "advanced-classifieds-and-directory-pro 3.2.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "advanced-classifieds-and-directory-pro 3.1.2 Missing.Authorization.to.Arbitrary.Attachment.Deletion MEDIUM" "advanced-classifieds-and-directory-pro 2.1.2 Reflected.Cross-Site.Scripting MEDIUM" "advanced-classifieds-and-directory-pro 1.8.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advanced-classifieds-and-directory-pro 1.6.3 Subscriber+.Arbitrary.Option.Update CRITICAL" "animated-number-counters No.known.fix Authenticated.(Editor+).Local.File.Inclusion HIGH" "animated-number-counters 1.7 Editor+.Stored.XSS MEDIUM" "add-to-calendar-button 1.5.1 Contributor+.Stored.XSS MEDIUM" "advanced-coupons-for-woocommerce-free 4.5.0.1 Notice.Dismiss.via.CSRF MEDIUM" "addonify-quick-view 1.2.17 Unauthenticated.Full.Path.Dislcosure MEDIUM" "animated-counters 1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "availability-calendar No.known.fix Cross-Site.Request.Forgery.via.add_availability_calendar_create_admin_page() MEDIUM" "availability-calendar 1.2.1 Authenticated.SQL.Injection HIGH" "availability-calendar 1.2.2 Authenticated.Stored.Cross-Site.Scripting LOW" "armember-membership 4.0.38 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "armember-membership 4.0.31 Open.Redirect MEDIUM" "armember-membership 4.0.29 Missing.Authorization MEDIUM" "armember-membership 4.0.28 Directory.Traversal.via.X-FILENAME MEDIUM" "armember-membership 4.0.27 Authenticated.(Contributor+).PHP.Object.Injection CRITICAL" "armember-membership 4.0.27 Unauthenticated.PHP.Object.Injection CRITICAL" "armember-membership 4.0.24 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "armember-membership 4.0.25 Improper.Access.Control.to.Sensitive.Information.Exposure.via.REST.API MEDIUM" "armember-membership 4.0.23 Cross-Site.Request.Forgery MEDIUM" "armember-membership 4.0.11 Subscriber+.Privilege.Escalation HIGH" "armember-membership 4.0.5 Admin+.Stored.Cross-Site.Scripting LOW" "armember-membership 4.0.17 Membership.<.4.0.17.-.Admin+.Stored.XSS MEDIUM" "armember-membership 4.0.6 ARMember.Cross-Site.Request.Forgery MEDIUM" "armember-membership 4.0.3 Admin+.Stored.XSS LOW" "armember-membership 4.0.2 Reflected.XSS HIGH" "armember-membership 4.0 Unauthenticated.SQLi HIGH" "armember-membership 3.4.8 Unauthenticated.Admin.Account.Takeover CRITICAL" "advanced-cron-manager-pro 2.5.3 Subscriber+.Arbitrary.Events/Schedules.Creation/Deletion MEDIUM" "advanced-woo-labels 1.94 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "accesspress-pinterest 3.3.4 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "amp-extensions No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "alfred-click-collect No.known.fix Admin+.Stored.XSS LOW" "add-tabs-xforwc 1.5.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "art-decoration-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "appmysite 3.11.1 Unauthenticated.Information.Disclsoure MEDIUM" "advanced-flamingo No.known.fix Cross-Site.Request.Forgery MEDIUM" "additional-order-filters-for-woocommerce 1.12 Reflected.XSS HIGH" "artplacer-widget 2.21.2 Stored.XSS.via.CSRF HIGH" "artplacer-widget 2.21.2 Subscriber+.Arbitrary.Widget.Deletion MEDIUM" "artplacer-widget 2.20.7 Editor+.SQLi MEDIUM" "assistant 1.4.9.2 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "assistant 1.4.4 Editor+.SSRF MEDIUM" "acf-engine No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "animate-everything No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "animate-everything No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "animate-everything No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "adl-team No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "article-directory-redux No.known.fix Admin+.Stored.XSS LOW" "azan No.known.fix Stored.XSS.via.CSRF HIGH" "admin-notices-for-team No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "admin-notices-for-team No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "admin-notices-for-team No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "add-admin-css No.known.fix Unauthenticated.Full.Path.Dislcosure MEDIUM" "admin-management-xtended 2.4.5 Post.Visibility/Date/Comment.Status.Update.via.CSRF MEDIUM" "admin-management-xtended 2.4.5 Multiple.CSRF MEDIUM" "admin-management-xtended 2.4.0.1 Privilege.Escalation MEDIUM" "abitgone-commentsafe No.known.fix Settings.Update.to.Stored.XSS.via.CSRF HIGH" "arforms 6.4.1 Reflected.XSS HIGH" "arforms 6.6 Admin+.Stored.XSS LOW" "arforms 6.6 Unauthenticated.RCE CRITICAL" "arforms 6.4.1 Missing.Authorization.to.Arbitrary.File.Deletion HIGH" "arforms 6.4.1 Authenticated.(Subscriber+).SQL.Injection HIGH" "arforms 6.4.1 Missing.Authorization.to.Arbitrary.Plugin.Activation/Deactivation MEDIUM" "arforms 6.4.1 Missing.Authorization.to.Arbitrary.Option.Deletion MEDIUM" "arforms 6.4.1 Reflected.Cross-Site.Scripting MEDIUM" "arforms 4.0 Unauthenticated.Arbitrary.File.Deletion.via.Traversal HIGH" "arforms 3.5.2 Unauthenticated.Arbitrary.File.Deletion HIGH" "auto-delete-posts No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "advanced-dynamic-pricing-for-woocommerce 4.1.6 Settings.Import.via.CSRF MEDIUM" "advanced-dynamic-pricing-for-woocommerce 4.1.6 Rule.Type.Migration.via.CSRF MEDIUM" "advanced-dynamic-pricing-for-woocommerce 4.1.4 Settings.Update.via.CSRF MEDIUM" "appointment-calendar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "appointment-calendar No.known.fix CSRF MEDIUM" "auto-hide-admin-bar 1.6.2 Admin+.Stored.XSS LOW" "add-actions-and-filters No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "add-actions-and-filters 2.10 Reflected.XSS HIGH" "add-actions-and-filters 2.10 Settings.Update.via.CSRF MEDIUM" "add-actions-and-filters No.known.fix Admin+.Stored.XSS MEDIUM" "ai-assistant-by-10web 1.0.19 Missing.Authorization.to.Arbitrary.Plugin.Installation MEDIUM" "auto-excerpt-everywhere No.known.fix Cross-Site.Request.Forgery MEDIUM" "auto-thickbox-plus No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "a3-portfolio 3.1.1 Author+.Stored.XSS MEDIUM" "audio-player-with-playlist-ultimate 1.3 Contributor+.Stored.XSS MEDIUM" "arforms-form-builder 1.6.8 Reflected.Cross-Site.Scripting MEDIUM" "arforms-form-builder 1.6.5 Missing.Authorization.to.Authenticated(Subscriber+).Arbitrary.Option.Deletion HIGH" "arforms-form-builder 1.6.2 Missing.Authorization MEDIUM" "arforms-form-builder 1.6.2 Cross-Site.Request.Forgery MEDIUM" "arforms-form-builder 1.5.9 Unauthenticated.Stored.XSS HIGH" "arforms-form-builder 1.5.7 Unauthenticated.Stored.XSS HIGH" "arforms-form-builder 1.5 Admin+.Stored.Cross.Site.Scripting LOW" "add-edit-delete-listing-for-member-module No.known.fix SQL.Injection HIGH" "autolinks No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "api2cart-bridge-connector 1.2.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "api2cart-bridge-connector 1.2.0 Unauthenticated.RCE CRITICAL" "ad-invalid-click-protector 1.2.11 Injected.Backdoor CRITICAL" "ad-invalid-click-protector 1.2.7 Arbitrary.Ban.Deletion.via.CSRF MEDIUM" "ad-invalid-click-protector 1.2.7 Reflected.Cross-Site.Scripting MEDIUM" "ad-invalid-click-protector 1.2.6 Authenticated.SQL.Injection MEDIUM" "amazon-product-in-a-post-plugin 3.5.3 Unauthenticated.SQL.Injection CRITICAL" "admin-post-navigation No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "attire-blocks 1.9.3 Missing.Authorization MEDIUM" "anycomment 0.0.99 Reflected.Cross-Site.Scripting MEDIUM" "anycomment 0.2.18 Comment.Rating.Increase/Decrease.via.Race.Condition LOW" "anycomment 0.2.18 Arbitrary.HyperComments.Import/Revert.via.CSRF MEDIUM" "anycomment 0.3.5 Open.Redirect MEDIUM" "anycomment 0.0.33 XSS MEDIUM" "ai-mojo 0.2.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "app-ads-txt 1.1.7.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "addons-for-elementor 8.4.1 Authenticated.(Contributor+).Limited.Local.File.Inclusion.via.Widgets HIGH" "addons-for-elementor 8.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Marquee.Text.Widget,.Testimonials.Widget,.and.Testimonial.Slider.Widgets MEDIUM" "addons-for-elementor 8.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Various.Widgets MEDIUM" "addons-for-elementor 8.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Posts.Grid MEDIUM" "addons-for-elementor 8.3.7 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.widget._id.attribute MEDIUM" "addons-for-elementor 8.3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Display.Name MEDIUM" "addons-for-elementor 8.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Posts.Slider.Widget MEDIUM" "addons-for-elementor 8.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Team.Members.Widget MEDIUM" "addons-for-elementor 8.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Posts.Multislider.Widget MEDIUM" "addons-for-elementor 8.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Posts.Carousel.Widget MEDIUM" "addons-for-elementor 8.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Animated.Text.Widget MEDIUM" "addons-for-elementor 8.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.animated_text_class MEDIUM" "addons-for-elementor 8.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addons-for-elementor 8.3.2 Contributor+.Stored.XSS MEDIUM" "addons-for-elementor 7.9 Reflected.Cross-Site.Scripting MEDIUM" "addons-for-elementor 7.2.4 Admin+.Stored.XSS LOW" "addons-for-elementor 7.1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "addons-for-elementor 6.8 Contributor+.Stored.XSS MEDIUM" "addons-for-elementor 2.6 Subscriber+.Arbitrary.Option.Update CRITICAL" "auto-keyword-backlink No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "astra-import-export 1.0.4 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "astra-import-export 1.0.4 Cross-Site.Request.Forgery MEDIUM" "akismet 3.1.5 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "advanced-post-list No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "amazonjs No.known.fix Contributor+.Stored.XSS MEDIUM" "anfrageformular No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "auto-rename-media-on-upload 1.1.0 Admin+.Stored.XSS LOW" "animate-it 2.4.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "animate-it 2.3.6 XSS HIGH" "all-in-one-wp-migration-gdrive-extension 2.80 Unauthenticated.Access.Token.Update MEDIUM" "auto-refresh-single-page No.known.fix .Authenticated.(Contributor+).PHP.Object.Injection HIGH" "advanced-sermons 3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-sermons 3.2 Reflected.Cross-Site.Scripting.via.s MEDIUM" "advanced-sermons 3.3 Reflected.Cross-Site.Scripting MEDIUM" "activedemand 0.2.44 Cross-Site.Request.Forgery MEDIUM" "activedemand 0.2.42 Unauthenticated.Arbitrary.File.Upload CRITICAL" "activedemand 0.2.28 Unauthenticated.Post.Creation/Update/Deletion HIGH" "alo-easymail 2.9.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "accesspress-instagram-feed 4.0.4 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "all-404-pages-redirect-to-homepage 2.0 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "analytics-cat 1.1.0 Admin+.Stored.Cross-Site.Scripting MEDIUM" "analytics-cat 1.1.0 Settings.Update.via.CSRF MEDIUM" "awesome-weather No.known.fix Contributor+.Stored.XSS MEDIUM" "awesome-weather No.known.fix Reflected.Cross-site.Scripting.(XSS) HIGH" "access-demo-importer 1.0.8 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "access-demo-importer 1.0.8 Data.Reset.via.CSRF HIGH" "access-demo-importer 1.0.7 Subscriber+.Arbitrary.File.Upload HIGH" "astra-bulk-edit 1.2.8 Missing.Authorization MEDIUM" "authldap 2.6.2 Admin+.Stored.XSS LOW" "authldap 2.5.9 Settings.Update.via.CSRF MEDIUM" "admin-renamer-extended No.known.fix CSRF MEDIUM" "appexperts No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "appexperts 1.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advanced-post-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-woo-search 2.97 Reflected.Cross-Site.Scripting MEDIUM" "advanced-woo-search 2.78 Admin+.Stored.Cross-Site.Scripting MEDIUM" "advanced-woo-search 2.00 SQL.query.leak.in.ajax.search NONE" "affieasy 1.1.7 Cross-Site.Request.Forgery.to.Various.Actions MEDIUM" "affieasy 1.1.6 Cross-Site.Request.Forgery MEDIUM" "affieasy No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "affieasy 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ab-rankings-testing-tool No.known.fix Settings.Update.via.CSRF MEDIUM" "ad-injection No.known.fix Admin+.Stored.Cross-Site.Scripting.&.RCE HIGH" "accesspress-social-counter 1.9.2 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "aruba-hispeed-cache 2.0.13 Missing.Authorization MEDIUM" "aruba-hispeed-cache 2.0.7 Unauthenticated.Log.File.Access MEDIUM" "altos-connect No.known.fix Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "attributes-for-blocks 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.attributesForBlocks.Parameter MEDIUM" "appmaker-woocommerce-mobile-app-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "accesspress-custom-css 2.0.2 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "af-companion 1.2.0 1.1.2.-.Arbitrary.Plugin.Installation.&.Activation.via.CSRF HIGH" "antihacker 4.52 Missing.Authorization.to.Unauthenticated.IP.Address.Whitelist MEDIUM" "antihacker 4.53 Missing.Authorization.to.Authenticated.(Subscriber+).Table.Truncation MEDIUM" "antihacker 4.35 Cross-Site.Request.Forgery.via.antihacker_ajax_scan MEDIUM" "antihacker 4.20 Subscriber+.Arbitrary.Plugin.Installation HIGH" "automail No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "automail 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "accesspress-anonymous-post No.known.fix Contributor+.Arbitrary.Redirect LOW" "accesspress-anonymous-post 2.8.1 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "amazon-auto-links 5.1.2 Contributor+.Stored.XSS MEDIUM" "amazon-auto-links 5.3.2 Contributor+.Stored.XSS MEDIUM" "amazon-auto-links 4.6.20 Reflected.Cross-Site.Scripting HIGH" "ali2woo-lite No.known.fix Cross-Site.Request.Forgery.to.PHP.Object.Injection CRITICAL" "ali2woo-lite 3.3.7 Reflected.Cross-Site.Scripting MEDIUM" "ali2woo-lite No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ali2woo-lite 3.3.7 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "ali2woo-lite 3.3.6 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "ali2woo-lite 3.3.7 Missing.Authorization.via.Several.Functions MEDIUM" "arkhe-blocks 2.23.0 Contributor+.Stored.XSS MEDIUM" "access-category-password No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "admin-dashboard-rss-feed No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ajax-search-pro 4.26.2 Multiple.Reflected.Cross-Site.Scripting HIGH" "ajax-search-pro 4.26.2 Reflected.Cross-Site.Scripting HIGH" "ajax-search-pro 4.19 Subscriber+.SQL.Injection HIGH" "ajax-search-pro 4.19 Stored.XSS.via.CSRF HIGH" "awesome-ssl No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "awesome-ssl No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "amp-plus No.known.fix Reflected.Cross.Site.Scripting HIGH" "ajax-load-more 7.1.2 Authenticated.(Contributor+).Cross-Site.Scripting MEDIUM" "ajax-load-more 7.0.2 Administrator+.Stored.Cross-Site.Scripting MEDIUM" "ajax-load-more 7.1.0 Authenticated.(Admin+).Directory.Traversal.to.Arbitrary.File.Read MEDIUM" "ajax-load-more 6.2 Ajax.Load.More.<.6.2.-.Contributor+.Stored.XSS MEDIUM" "ajax-load-more 5.6.0.3 Ajax.Load.More.<.5.6.0.3.-.Contributor+.Stored.XSS MEDIUM" "ajax-load-more 5.5.4.1 Admin+.Arbitrary.File.Read MEDIUM" "ajax-load-more 5.5.4 Admin+.Arbitrary.File.Read MEDIUM" "ajax-load-more 5.5.4 PHAR.Deserialization.via.CSRF HIGH" "ajax-load-more 5.3.2 Authenticated.SQL.Injection CRITICAL" "angwp 1.5.6 Unauthenticated.Arbitrary.File.Upload/Deletion CRITICAL" "ap-companion 1.0.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "auto-featured-image No.known.fix Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "advanced-import 1.3.8 Arbitrary.Plugin.Installation.&.Activation.via.CSRF HIGH" "admin-notices-manager 1.5.0 Missing.Authorization.to.Authenticated.(Subscriber+).User.Email.Retrieval MEDIUM" "armember-membership-premium No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "autoptimize 3.1.7 Admin+.Stored.Cross-Site.Scripting.via.Settings.Import LOW" "autoptimize 3.1.0 Sensitive.Data.Disclosure MEDIUM" "autoptimize 3.1.1 Admin+.Stored.Cross.Site.Scripting LOW" "autoptimize 2.8.4 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "autoptimize 2.7.8 Arbitrary.File.Upload.via."Import.Settings" CRITICAL" "autoptimize 2.7.8 Authenticated.Stored.XSS.via.File.Upload MEDIUM" "autoptimize 2.7.8 Race.Condition.leading.to.RCE CRITICAL" "autoptimize 2.7.7 Authenticated.Arbitrary.File.Upload MEDIUM" "acf-blocks 2.6.10 Reflected.Cross-Site.Scripting MEDIUM" "acf-blocks 2.6.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "arconix-faq 1.9.5 Missing.Authorization MEDIUM" "arconix-faq 1.9.4 Missing.Authorization.to.Notice.Dismissal MEDIUM" "activitytime 1.0.9 Unauthenticated.SQL.injection HIGH" "activitytime 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "am-hili-affiliate-manager-for-publishers No.known.fix Admin+.Stored.XSS LOW" "adapta-rgpd 1.3.3 Unauthorised.Consent.via.CSRF MEDIUM" "add-search-to-menu 5.5.7 Information.Exposure.via.AJAX.Search.Form MEDIUM" "add-search-to-menu 5.5.6 Subscriber+.Index.Creation MEDIUM" "add-search-to-menu 5.5.2 Reflected.Cross-Site.Scripting MEDIUM" "add-search-to-menu 5.4.7 Reflected.Cross-Site.Scripting MEDIUM" "add-search-to-menu 5.4.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "add-search-to-menu 5.4.1 Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "add-search-to-menu 4.8 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "add-search-to-menu 4.7 Reflected.Cross-Site.Scripting HIGH" "add-search-to-menu 4.6.1 Reflected.Cross.Site.Scripting.(XSS) MEDIUM" "add-search-to-menu 4.5.11 .Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "azindex No.known.fix Index.Deletion.via.CSRF MEDIUM" "azindex No.known.fix Stored.XSS.via.CSRF HIGH" "affiliate-pro No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "apex-notification-bar-lite 2.0.5 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "ampedsense-adsense-split-tester 4.69 Reflected.XSS HIGH" "awin-data-feed 1.8 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "awin-data-feed 1.8 Reflected.Cross-Site.Scripting MEDIUM" "anti-plagiarism No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "academy 2.0.5 Missing.Authorization LOW" "academy 2.0.11 Open.Redirect MEDIUM" "academy 1.9.26 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "academy 1.9.17 Missing.Authorization MEDIUM" "academy 1.9.17 Missing.Authorization MEDIUM" "academy 1.9.20 .Authenticated.(Subscriber+).Privilege.Escalation HIGH" "auto-upload-images 3.3.1 Admin+.Stored.Cross-Site.Scripting LOW" "auto-upload-images 3.3.1 CSRF MEDIUM" "animated-svg 2.1.0 Reflected.Cross-Site.Scripting MEDIUM" "auto-prune-posts 2.0.0 Post.Deletion.Settings.Update.via.CSRF MEDIUM" "apppresser 4.4.0 Improper.Missing.Encryption.Exception.Handling.to.Authentication.Bypass HIGH" "apppresser 4.3.1 Missing.Authorization MEDIUM" "apppresser 4.3.1 Cross-Site.Request.Forgery.via.force_logging_off() MEDIUM" "apppresser 4.3.1 Cross-Site.Request.Forgery.via.toggle_logging_callback() MEDIUM" "apppresser 4.3.0 Insecure.Password.Reset.Mechanism HIGH" "addify-custom-fields-for-woocommerce 1.0.4 Multiple.CSRF MEDIUM" "ad-inserter 2.7.31 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "ad-inserter 2.7.31 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "ad-inserter 2.7.27 Admin+.PHP.Object.Injection LOW" "ad-inserter 2.7.12 Reflected.Cross-Site.Scripting LOW" "ad-inserter 2.7.11 Admin+.RCE./.Stored.XSS MEDIUM" "ad-inserter 2.7.10 Reflected.Cross-Site.Scripting MEDIUM" "ad-inserter 2.4.22 Authenticated.Remote.Code.Execution HIGH" "ad-inserter 2.4.20 Authenticated.Path.Traversal HIGH" "ad-inserter 1.5.6 Authenticated.Cross-Site.Scripting.(XSS) HIGH" "anac-xml-viewer No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "album-and-image-gallery-plus-lightbox 2.1 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "amazon-einzeltitellinks No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "ar-contactus 1.8.8 Authenticated.Stored.Cross-Site.Scripting CRITICAL" "allow-rel-and-html-in-author-bios No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "accordion-image-menu No.known.fix Stored.XSS.via.CSRF HIGH" "advanced-backgrounds 1.12.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.imageTag.Parameter MEDIUM" "authorizenet-payment-gateway-for-woocommerce No.known.fix Insufficient.Verification.of.Data.Authenticity.to.Unauthenticated.Payment.Bypass MEDIUM" "attachment-file-icons No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "auto-login-new-user-after-registration No.known.fix Stored.XSS.via.CSRF HIGH" "auto-login-new-user-after-registration No.known.fix CSRF MEDIUM" "advanced-wp-reset 1.6 Reflected.Cross-Site.Scripting MEDIUM" "auto-youtube-importer 1.0.4 Settings.Update.via.CSRF MEDIUM" "ai-twitter-feeds No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "all-in-one-video-gallery 3.8.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Video.Shortcode MEDIUM" "all-in-one-video-gallery 3.7.0 Authenticated.(Contributor+).Local.File.Inclusion.via.aiovg_search_form.Shortcode HIGH" "all-in-one-video-gallery 3.6.5 Contributor+.Arbitrary.File.Upload.via.featured.image HIGH" "all-in-one-video-gallery 3.6.0 Missing.Authorization MEDIUM" "all-in-one-video-gallery 3.4.3 Reflected.Cross-Site.Scripting MEDIUM" "all-in-one-video-gallery 2.6.1 2.6.0.-.Unauthenticated.Arbitrary.File.Download.&.SSRF HIGH" "all-in-one-video-gallery 2.5.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "all-in-one-video-gallery 2.5.0 Admin+.Local.File.Inclusion LOW" "add-widgets-to-page No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advance-wc-analytics 3.4.0 Reflected.Cross-Site.Scripting MEDIUM" "advance-wc-analytics 3.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ads-for-wp 1.9.29 Cross-Site.Request.Forgery MEDIUM" "agendapress 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "agendapress 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "amcharts-charts-and-maps 1.4.5 Reflected.Cross-Site.Scripting.via.Cross-Site.Request.Forgery MEDIUM" "amcharts-charts-and-maps 1.4.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "amazing-hover-effects No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "add-twitter-pixel 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "acme-fix-images 2.0.0 Subscriber+.Image.Resizing MEDIUM" "all-custom-fields-groups 1.05 Reflected.Cross-Site.Scripting MEDIUM" "all-in-one-facebook-like-widget 2.2.8 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "advanced-forms-pro 1.6.9 Subscriber+.Arbitrary.User.Email.Address.Update.via.IDOR HIGH" "api-info-themes-plugins-wp-org 1.05 Reflected.Cross-Site.Scripting MEDIUM" "asf-allow-svg-files No.known.fix Author+.Stored.Cross.Site.Scripting.via.SVG MEDIUM" "asf-allow-svg-files 1.1 Admin+.Arbitrary.File.Upload MEDIUM" "all-in-one-seo-pack-pro 4.2.6 Admin+.SSRF LOW" "autocomplete-location-field-contact-form-7-pro 2.0 Admin+.Store.Cross-Site.Scripting LOW" "admin-font-editor No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "ad-widget No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "as-create-pinterest-pinboard-pages No.known.fix Subscriber+.Settings.Update.to.Stored.XSS MEDIUM" "acf-options-importexport No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "accesspress-facebook-auto-post 2.1.4 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "ajax-load-more-anything 3.3.4 Subscriber+.Settings.Update MEDIUM" "any-hostname No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "admin-page-spider 3.32 Admin+.Stored.XSS LOW" "augmented-reality No.known.fix Unauthenticated.PHP.File.Upload.leading.to.RCE CRITICAL" "ad-inserter-pro 2.7.12 Reflected.Cross-Site.Scripting LOW" "ad-inserter-pro 2.7.10 Reflected.Cross-Site.Scripting MEDIUM" "auto-advance-for-gravity-forms 4.5.4 Reflected.Cross-Site.Scripting MEDIUM" "auto-advance-for-gravity-forms 4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "asgaros-forum 2.9.0 Cross-Site.Request.Forgery MEDIUM" "asgaros-forum 2.8.0 Unauthenticated.PHP.Object.Injection.in.prepare_unread_status CRITICAL" "asgaros-forum 2.7.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "asgaros-forum 2.2.0 Cross-Site.Request.Forgery MEDIUM" "asgaros-forum 2.0.0 Subscriber+.Blind.SQL.Injection HIGH" "asgaros-forum 1.15.15 Admin+.SQL.Injection.via.forum_id MEDIUM" "asgaros-forum 1.15.14 Admin+.Stored.Cross-Site.Scripting LOW" "asgaros-forum 1.15.13 Unauthenticated.SQL.Injection HIGH" "addify-checkout-fields-manager 1.0.2 Multiple.CSRF MEDIUM" "access-code-feeder No.known.fix CSRF MEDIUM" "alemha-watermark No.known.fix Author+.Stored.XSS MEDIUM" "auto-robot 3.3.39 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "animated-headline No.known.fix Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "acf-to-rest-api 3.3.0 Unauthenticated.Arbitrary.wp_options.Disclosure MEDIUM" "accelerated-mobile-pages 1.0.97 Missing.Authorization MEDIUM" "accelerated-mobile-pages 1.0.97 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "accelerated-mobile-pages 1.0.93.2 Authenticated(Contributor+).Arbitrary.Post.Deletion.via.amppb_remove_saved_layout_data MEDIUM" "accelerated-mobile-pages 1.0.93 Unautenticated.Reflected.Cross-Site.Scripting MEDIUM" "accelerated-mobile-pages 1.0.92.1 Authenticated.(Contributor+).Cross-Site.Scripting.via.Shortcode MEDIUM" "accelerated-mobile-pages 1.0.89 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "accelerated-mobile-pages 1.0.77.33 Admin+.Stored.Cross-Site.Scripting LOW" "accelerated-mobile-pages 1.0.77.32 Admin+.Stored.Cross-Site.Scripting LOW" "accelerated-mobile-pages 0.9.97.21 Stored.XSS MEDIUM" "admin-speedo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "adsensei-b30 3.1.3 Reflected.Cross-Site.Scripting HIGH" "ach-for-stripe-plaid No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "archives-calendar-widget No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "arprice-responsive-pricing-table 3.6.1 Unauthenticated.SQLi HIGH" "arprice-responsive-pricing-table 2.3 Cross-Site.Request.Forgery MEDIUM" "app-builder 4.3.4 Unauthenticated.Limited.SQL.Injection.via.app-builder-search MEDIUM" "app-builder 3.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode HIGH" "app-builder 3.8.8 Open.Redirection MEDIUM" "alley-business-toolkit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "alley-business-toolkit 2.0.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "audio-and-video-player 1.2.0 Player.Deletion.and.Duplication.via.CSRF MEDIUM" "accessally 3.5.7 $_SERVER.Superglobal.Leakage HIGH" "accessally 3.3.2 Unauthenticated.Arbitrary.PHP.Code.Execution CRITICAL" "add-link-to-facebook No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "ads-by-datafeedrcom No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ads-by-datafeedrcom 1.2.0 Unauthenticated.Remote.Code.Execution CRITICAL" "arscode-ninja-popups No.known.fix Unauthenticated.Open.Redirect MEDIUM" "advanced-nocaptcha-recaptcha 7.0.6 Reflected.Cross-Site.Scripting MEDIUM" "advanced-nocaptcha-recaptcha 7.1.0 .Local.File.Inclusion.via.CSRF HIGH" "advanced-nocaptcha-recaptcha 7.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advance-search No.known.fix Admin+.SQL.Injection MEDIUM" "advance-search No.known.fix Shortcode.Deletion.via.CSRF MEDIUM" "advance-search 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "advanced-schedule-posts No.known.fix Reflected.XSS HIGH" "aiomatic-automatic-ai-content-writer 2.0.6 Automatic.AI.Content.Writer.<.2.0.6.-.Unauthenticated.Arbitrary.Email.Sending MEDIUM" "aiomatic-automatic-ai-content-writer 1.9.4 Missing.Authorization MEDIUM" "ashe-extra 1.2.92 Subscriber+.Companion.Plugin.Activation.&.Content.Import MEDIUM" "automatic-domain-changer 2.0.3 Reflected.Cross-Site.Scripting MEDIUM" "ap-mega-menu 3.0.8 Reflected.Cross-Site.Scripting MEDIUM" "ap-mega-menu 3.0.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "automatorwp 2.5.1 Object.Deletion.via.CSRF MEDIUM" "automatorwp 1.7.6 Missing.Authorization.and.Privilege.Escalation MEDIUM" "apollo13-framework-extensions 1.9.4 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "apollo13-framework-extensions 1.9.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "apollo13-framework-extensions 1.9.2 Cross-Site.Request.Forgery MEDIUM" "apollo13-framework-extensions 1.9.1 Contributor+.Stored.XSS MEDIUM" "apollo13-framework-extensions 1.9.0 Missing.Authorization MEDIUM" "aforms-form-builder-for-price-calculator-cost-estimation 2.2.7 Unauthenticated.Full.Path.Disclosure MEDIUM" "adfoxly No.known.fix Missing.Authorization.to.Unauthenticated.Ad.Status.Update MEDIUM" "adfoxly No.known.fix Missing.Authorization.to.Unauthenticated.Ad.Status.Update MEDIUM" "adfoxly No.known.fix Cross-Site.Request.Forgery MEDIUM" "adfoxly No.known.fix Reflected.XSS HIGH" "adfoxly 1.7.91 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "adblock-notify-by-bweb No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "adblock-notify-by-bweb No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "adblock-notify-by-bweb No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "asmember No.known.fix Admin+.Stored.XSS LOW" "ajax-bootmodal-login No.known.fix Captcha.Reuse MEDIUM" "auth0 4.6.1 Reflected.Cross-Site.Scripting.via.wle MEDIUM" "auth0 4.0.0 Multiple.Vulnerabilities CRITICAL" "auth0 3.11.3 Unauthenticated.Reflected.XSS.via.wle.Parameter MEDIUM" "add-pinterest-conversion-tags 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "add-pinterest-conversion-tags 1.0.2 Subscriber+.Arbitrary.Option.Update CRITICAL" "auto-more-tag No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "alphabetic-pagination 3.0.8 Unauthenticated.Arbitrary.Option.Update CRITICAL" "automated-editor No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "arconix-shortcodes 2.1.12 Missing.Authorization MEDIUM" "arconix-shortcodes 2.1.11 Missing.Authorization.to.Notice.Dismissal MEDIUM" "arconix-shortcodes 2.1.8 Contributor+.Stored.XSS MEDIUM" "about-me-3000 No.known.fix Administrator.Stored.Cross-Site.Scripting MEDIUM" "about-me-3000 No.known.fix CSRF MEDIUM" "auto-featured-image-auto-generated 1.6.0 Reflected.Cross-Site.Scripting MEDIUM" "add-comments No.known.fix Admin+.Stored.XSS LOW" "ays-slider 2.5.0 Responsive.Slider.and.Carousel.<.2.5.0.-.Authenticated.Blind.SQL.Injection HIGH" "ays-slider 2.5.0 Reflected.Cross-Site.Scripting.(XSS) HIGH" "armember 6.7.1 Cross-Site.Request.Forgery.via.multiple.functions MEDIUM" "armember 5.6 Unauthenticated.Privilege.Escalation CRITICAL" "azw-woocommerce-file-uploads No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "azw-woocommerce-file-uploads No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "api-bing-map-2018 5.0 CSRF MEDIUM" "admission-appmanager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "advanced-usps-shipping-method 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "addify-product-dynamic-pricing-and-discounts No.known.fix Multiple.CSRF MEDIUM" "avenirsoft-directdownload No.known.fix Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "accessibility-checker 1.2.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "add-svg-support-for-media-uploader-inventivo No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "adstxt No.known.fix Settings.Update.via.CSRF MEDIUM" "auto-limit-posts-reloaded No.known.fix Cross-Site.Request.Forgery MEDIUM" "avartan-slider-lite No.known.fix Reflected.XSS HIGH" "admin-columns-pro 5.5.1 Admin+.Stored.XSS.in.Label LOW" "admin-columns-pro 5.5.2 Authenticated.Stored.Cross-Site.Scripting.(XSS).in.Custom.Field MEDIUM" "async-javascript 2.21.06.29 Authenticated.(admin+).Stored.XSS MEDIUM" "advanced-category-template No.known.fix Cross-Site.Request.Forgery MEDIUM" "advanced-category-template No.known.fix Reflected.XSS HIGH" "affiliate-power 2.3.0 Reflected.Cross-Site.Scripting HIGH" "automatic-user-roles-switcher 1.1.2 Subscriber+.Privilege.Escalation HIGH" "apperr 0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "agile-store-locator 1.4.15 Admin+.Arbitrary.File.Deletion MEDIUM" "agile-store-locator 1.4.13 Reflected.XSS HIGH" "agile-store-locator 1.4.10 Editor+.Stored.XSS LOW" "agile-store-locator 1.4.9 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "agile-store-locator 1.4.6 Stored.XSS.via.CSRF MEDIUM" "ai-contact-us No.known.fix Admin+.Stored.XSS LOW" "advanced-most-recent-posts-mod No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "anthologize 0.8.1 Admin+.Stored.XSS LOW" "adsense-plugin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "adsense-plugin 1.44 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "automatic-internal-links-for-seo 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "add-facebook No.known.fix Author+.Stored.XSS MEDIUM" "add-facebook No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting] MEDIUM" "ap-custom-testimonial 1.4.8 Reflected.Cross-Site.Scripting MEDIUM" "ap-custom-testimonial 1.4.8 Admin+.SQL.Injection MEDIUM" "ap-custom-testimonial 1.4.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "acymailing 9.8.0 Authenticated.(Subscriber+).Arbitrary.File.Upload.via.acym_extractArchive.Function HIGH" "acymailing 8.6.3 Reflected.XSS HIGH" "acymailing 7.5.0 Open.Redirect MEDIUM" "auxin-elements 2.15.6 Contributor+.Stored.XSS.via.Accordion.Widget MEDIUM" "auxin-elements 2.15.8 Contributor+.Stored.XSS.via.aux_timeline.Shortcode MEDIUM" "auxin-elements 2.15.8 Contributor+.Stored.XSS.via.aux_gmaps.Shortcode MEDIUM" "auxin-elements 2.15.8 Contributor+.XSS.via.HTML.Element MEDIUM" "auxin-elements No.known.fix Subscriber+.PHP.Object.Injection HIGH" "auxin-elements 2.15.8 Contributor+.Stored.XSS.via.Custom.JS MEDIUM" "auxin-elements 2.15.8 Contributor+.Stored.XSS.via.title_tag MEDIUM" "auxin-elements 2.15.8 Subscriber+.Template.Import MEDIUM" "auxin-elements 2.15.5 Contributor+.Stored.XSS MEDIUM" "auxin-elements 2.15.0 Unauthenticated.Local.File.Inclusion CRITICAL" "auxin-elements 2.10.7 PHP.Objection.Injection MEDIUM" "auxin-elements 2.9.8 Reflected.Cross-Site-Scripting MEDIUM" "add-social-share-buttons 1.1 CSRF.to.Settings.Change MEDIUM" "auto-post-thumbnail No.known.fix Missing.Authorization MEDIUM" "auto-post-thumbnail No.known.fix Authenticated.(Author+).Server-Side.Request.Forgery MEDIUM" "auto-post-thumbnail No.known.fix Authenticated.(Author+).Server-Side.Request.Forgery MEDIUM" "auto-post-thumbnail 3.9.16 Author+.Arbitrary.File.Upload CRITICAL" "auto-post-thumbnail 3.9.3 Reflected.Cross-Site.Scripting HIGH" "accessibility-widget 2.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "awesome-filterable-portfolio No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "awesome-filterable-portfolio No.known.fix Unauthenticated.Settings.Update MEDIUM" "awesome-filterable-portfolio 1.9 Authenticated.Blind.SQL.Injection HIGH" "addons-for-divi 4.0.0 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.Upload MEDIUM" "addons-for-divi 3.6.0 Reflected.Cross-Site.Scripting MEDIUM" "addons-for-divi 3.5.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ad-buttons 2.3.2 CSRF.&.XSS MEDIUM" "amministrazione-trasparente 8.0.5 Admin+.Stored.XSS LOW" "amministrazione-trasparente 7.1.1 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "amministrazione-trasparente 7.1.1 Cross-Site.Request.Forgery HIGH" "addify-abandoned-cart-recovery 1.2.5 Multiple.CSRF MEDIUM" "advanced-recent-posts No.known.fix Contributor+.Stored.XSS MEDIUM" "ait-csv-import-export No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "afterpay-gateway-for-woocommerce 3.5.1 Reflected.Cross-Site.Scripting MEDIUM" "afterpay-gateway-for-woocommerce 3.5.1 Reflected.Cross-Site.Scripting MEDIUM" "afterpay-gateway-for-woocommerce 3.2.1 Reflected.Cross-Site.Scripting HIGH" "advanced-youtube-channel-pagination No.known.fix Reflected.XSS HIGH" "animated-typing-effect 1.3.7 Contributor+.Stored.XSS MEDIUM" "akismet-privacy-policies No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "authors-list 2.0.3 Reflected.Cross-Site.Scripting HIGH" "auyautochat-for-wp No.known.fix Unauthenticated.Stored.XSS HIGH" "advanced-facebook-twitter-widget No.known.fix Admin+.Stored.XSS LOW" "active-user No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "artibot No.known.fix Authenticated.(Admin+).Cross-Site.Scripting MEDIUM" "artibot No.known.fix Missing.Authorization.to.Settings.Update MEDIUM" "alter No.known.fix Cross-Site.Request.Forgery MEDIUM" "all-in-one-wp-security-and-firewall 5.2.7 Cross-Site.Request.Forgery.to.IP.Blocking MEDIUM" "all-in-one-wp-security-and-firewall 5.2.6 Reflected.Cross-Site.Scripting MEDIUM" "all-in-one-wp-security-and-firewall 5.2.5 Protection.Bypass.of.Renamed.Login.Page.via.URL.Encoding MEDIUM" "all-in-one-wp-security-and-firewall 5.2.0 Insecure.Storage.of.Password MEDIUM" "all-in-one-wp-security-and-firewall 5.1.5 Admin+.Arbitrary.File/Folder.Access.via.Traversal MEDIUM" "all-in-one-wp-security-and-firewall 5.1.5 Admin+.Stored.XSS LOW" "all-in-one-wp-security-and-firewall 5.1.3 Configuration.Leak MEDIUM" "all-in-one-wp-security-and-firewall 5.1.1 Bulk.Actions.via.CSRF MEDIUM" "all-in-one-wp-security-and-firewall 5.0.8 IP.Spoofing MEDIUM" "all-in-one-wp-security-and-firewall 4.4.11 Authenticated.Arbitrary.Redirect./.Reflected.XSS LOW" "all-in-one-wp-security-and-firewall 4.4.6 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "all-in-one-wp-security-and-firewall 4.4.4 CSRF.&.XSS LOW" "all-in-one-wp-security-and-firewall 4.4.2 Open.Redirect.&.Hidden.Login.Page.Exposure MEDIUM" "all-in-one-wp-security-and-firewall 4.2.2 Cross-Site.Scripting.(XSS) CRITICAL" "all-in-one-wp-security-and-firewall 4.2.0 Authenticated.Cross-Site.Scripting.(XSS) CRITICAL" "all-in-one-wp-security-and-firewall 4.1.3 Multiple.vulnerabilities.in.login.CAPTCHA MEDIUM" "all-in-one-wp-security-and-firewall 4.0.9 Multiple.SQL.Injections MEDIUM" "all-in-one-wp-security-and-firewall 4.0.7 Multiple.SQL.Injections MEDIUM" "all-in-one-wp-security-and-firewall 4.0.6 XSS MEDIUM" "all-in-one-wp-security-and-firewall 4.0.5 XSS CRITICAL" "affiliate-advantage No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "admin-trim-interface No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "auto-hyperlink-urls No.known.fix Tab.Nabbing MEDIUM" "admin-log No.known.fix CSRF MEDIUM" "auto-terms-of-service-and-privacy-policy 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "any-popup No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "any-popup No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "athemes-starter-sites 1.0.54 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "accordion-shortcodes No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "animated-fullscreen-menu 2.2.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "airpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "airpress No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "all-in-one-seo-pack 4.6.1.1 Contributor+.Stored.XSS MEDIUM" "all-in-one-seo-pack 4.6.1.1 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "all-in-one-seo-pack 4.3.0 Admin+.Stored.XSS LOW" "all-in-one-seo-pack 4.3.0 Contributor+.Stored.XSS MEDIUM" "all-in-one-seo-pack 4.2.4 Multiple.CSRF MEDIUM" "all-in-one-seo-pack 4.1.5.3 Authenticated.SQL.Injection HIGH" "all-in-one-seo-pack 4.1.5.3 Authenticated.Privilege.Escalation CRITICAL" "all-in-one-seo-pack 4.1.0.2 Admin.RCE.via.unserialize MEDIUM" "all-in-one-seo-pack 3.6.2 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "all-in-one-seo-pack 3.2.7 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "all-in-one-seo-pack 2.10 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "booster-extension No.known.fix Basic.Information.Exposure.via.booster_extension_authorbox_shortcode_display MEDIUM" "better-captcha-gravity-forms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "better-captcha-gravity-forms 0.5.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bold-timeline-lite 1.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bold-timeline-lite 1.2.0 Missing.Authorization.to.Admin.Notice.Dismissal MEDIUM" "bold-timeline-lite 1.1.5 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "bdthemes-element-pack 7.9.1 Addon.for.Elementor.Page.Builder.WordPress.Plugin.<.7.9.1.-.Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Wrapper.Link.URL MEDIUM" "bdthemes-element-pack No.known.fix Authenticated.(Contributor+).Arbitrary.File.Read.and.PHAR.Deserialization CRITICAL" "bank-mellat 2.0.1 Reflected.Cross-Site.Scripting HIGH" "buddyforms-hook-fields 1.3.2 Reflected.Cross-Site.Scripting MEDIUM" "beds24-online-booking 2.0.24 Authenticated(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "beds24-online-booking No.known.fix Contributor+.Stored.XSS MEDIUM" "baidu-tongji-generator No.known.fix Admin+.Stored.XSS LOW" "ban-users No.known.fix Subscriber+.Settings.Update.&.Privilege.Escalation.via.Missing.Authorization HIGH" "bsk-contact-form-7-blacklist No.known.fix Reflected.Cross-Site.Scripting HIGH" "best-restaurant-menu-by-pricelisto 1.4.2 Authenticated.(Contributor+).SQL.Injection HIGH" "best-restaurant-menu-by-pricelisto 1.4.0 Settings.Update.via.CSRF MEDIUM" "backup-scheduler No.known.fix Cross-Site.Request.Forgery MEDIUM" "bne-testimonials 2.0.8 Contributor+.Stored.XSS MEDIUM" "bnfw 1.7 Reflected.Cross-Site.Scripting MEDIUM" "bnfw 1.9.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "bnfw 1.8.7 Email.Address.Disclosure MEDIUM" "bing-site-verification-using-meta-tag No.known.fix Admin+.Stored.XSS LOW" "bp-check-in 1.9.4 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "bwp-google-xml-sitemaps No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "bacola-core No.known.fix Reflected.Cross-Site.Scripting HIGH" "bp-wc-vendors No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bp-wc-vendors No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "b2bking 4.6.20 Subscriber+.Arbitrary.Products.Price.Update MEDIUM" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.6.2 Authenticated.(Subscriber+).SQL.Injection HIGH" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.5 Cross-Site.Request.Forgery MEDIUM" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.5 Unauthenticated.Information.Exposure MEDIUM" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.5 Authenticated.(Subscriber+).SQL.Injection HIGH" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.4 Unauthenticated.Privilege.Escalation CRITICAL" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.4 Missing.Authorization MEDIUM" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.4 Missing.Authorization MEDIUM" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.4 Reflected.Cross-Site.Scripting MEDIUM" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.2 Unauthenticated.Arbitrary.File.Upload.via.uploadFile CRITICAL" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.2 Unauthenticated.SQL.Injection.via.userToken CRITICAL" "bws-smtp 1.1.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "better-comments 1.5.6 Subscriber+.Stored.XSS HIGH" "better-comments 1.5.6 Admin+.Stored.XSS LOW" "better-comments 1.5.4 Reflected.Cross-Site.Scripting MEDIUM" "better-comments 1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "blackhole-bad-bots 3.3.2 Arbitrary.IP.Address.Blocking.via.IP.Spoofing HIGH" "bookmarkify No.known.fix Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "breadcrumb 1.5.33 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "blue-admin No.known.fix CSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "before-and-after No.known.fix Cross-Site.Request.Forgery MEDIUM" "buddyforms-anonymous-author 1.1 Reflected.Cross-Site.Scripting MEDIUM" "barclaycart No.known.fix Unauthenticated.Shell.Upload CRITICAL" "block-slider 2.1.7 Reflected.Cross-Site.Scripting MEDIUM" "block-slider 2.0.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bulk-image-alt-text-with-yoast 1.4.5.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bs-shortcode-ultimate No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bbp-move-topics 1.1.6 Code.Injection.&.CSRF CRITICAL" "bcorp-shortcodes No.known.fix .Unauthenticated.PHP.Object.Injection CRITICAL" "bellows-accordion-menu 1.4.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "bug-library 2.1.2 Admin+.Stored.XSS LOW" "bug-library 2.1.1 Unauthenticated.RCE CRITICAL" "bug-library 2.0.4 Reflected.Cross-Site.Scripting MEDIUM" "better-messages-wc-vendors-integration 1.0.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bc-woo-custom-thank-you-pages 1.4.14 Missing.Authorization MEDIUM" "back-to-the-top-button 2.1.7 Admin+.Stored.XSS LOW" "beaver-themer 1.4.9.1 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "beaver-themer 1.4.9.1 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.shortcode MEDIUM" "background-takeover 4.1.5 Directory.Traversal HIGH" "bridge-core 3.1.0 Reflected.XSS HIGH" "bonus-for-woo 5.8.3 Reflected.Cross-Site.Scripting HIGH" "buddypress-hashtags 2.7.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "basepress 2.16.2.1 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "basepress 2.16.2.1 Missing.Authorization MEDIUM" "basepress 2.15.14 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "book-press No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "book-press 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "blogintroduction-wordpress-plugin No.known.fix Settings.Update.via.CSRF MEDIUM" "booking-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "booking-for-woocommerce 4.2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ba-book-everything 1.6.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ba-book-everything 1.6.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "ba-book-everything 1.6.5 Authenticated.(Contributor+).SQL.Injection CRITICAL" "ba-book-everything 1.3.25 Unauthenticated.Reflected.XSS.&.XFS MEDIUM" "bitcoin-faucet No.known.fix Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "button-contact-vr 4.7.8 Admin+.Stored.XSS LOW" "button-contact-vr 4.7.7 Admin+.Stored.XSS LOW" "bpcustomerio No.known.fix Arbitrary.Plugin.Settings.Update.via.CSRF MEDIUM" "banner-cycler No.known.fix Stored.Cross-Site.Scripting.via.CSRF HIGH" "bbp-voting 2.1.11.1 Admin+.Stored.XSS LOW" "buddyforms-hierarchical-posts 1.1.4 Reflected.Cross-Site.Scripting MEDIUM" "blockington No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bxslider-wp No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "bulk-edit-events 1.1.21 Reflected.Cross-Site.Scripting MEDIUM" "bulk-edit-events 1.1.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "booking-weir No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "booking-weir 1.0.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "blockmeister 3.1.10 Reflected.Cross-Site.Scripting MEDIUM" "blockmeister 3.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bws-latest-posts 0.3 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "blogsafe-scanner No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "blogsafe-scanner 1.1.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "beaver-builder-lite-version 2.8.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.type.Parameter MEDIUM" "beaver-builder-lite-version 2.8.3.4 Reflected.Cross-Site.Scripting MEDIUM" "beaver-builder-lite-version 2.8.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "beaver-builder-lite-version 2.8.1.3 Contributor+.Stored.Cross-Site.Scripting.via.photo.widget.crop.attribute MEDIUM" "beaver-builder-lite-version 2.8.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "beaver-builder-lite-version 2.8.0.7 Contributor+.Stored.XSS MEDIUM" "beaver-builder-lite-version 2.7.4.5 Contributor+.Stored.Cross-Site.Scripting.via.heading.tag MEDIUM" "beaver-builder-lite-version 2.7.4.3 Contributor+.Stored.XSS MEDIUM" "beaver-builder-lite-version 2.7.4.3 Contributor+.Stored.XSS.via.Icon.Widget MEDIUM" "beaver-builder-lite-version 2.7.4.3 Contributor+.Stored.XSS MEDIUM" "beaver-builder-lite-version 2.7.4.3 Reflected.XSS HIGH" "beaver-builder-lite-version 2.7.4.3 Contributor+.Stored.XSS MEDIUM" "beaver-builder-lite-version 2.7.2.1 Contributor+.Stored.XSS MEDIUM" "beaver-builder-lite-version 2.5.5.3 .Authenticated.Stored.XSS.via.Caption.On.Hover MEDIUM" "beaver-builder-lite-version 2.5.5.3 .Authenticated.Stored.XSS.via.Caption MEDIUM" "beaver-builder-lite-version 2.5.5.3 Authenticated.Stored.XSS.via.Text.Editor MEDIUM" "beaver-builder-lite-version 2.5.5.3 Authenticated.Stored.XSS.via.Image.URL MEDIUM" "beaver-builder-lite-version 2.5.4.4 Subscriber+.Arbitrary.Post.Builder.Layout.Disabling MEDIUM" "buddypress-global-search No.known.fix Admin+.Stored.XSS LOW" "buddyforms-members 1.4.12 Reflected.Cross-Site.Scripting MEDIUM" "betteroptin No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "blocksy-companion 2.0.43 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "blocksy-companion 2.0.46 Contributor+.Stored.Cross-Site.Scripting.via.SVG.Uploads MEDIUM" "blocksy-companion 2.0.29 Cross-Site.Request.Forgery MEDIUM" "blocksy-companion 2.0.32 Contributor+.Stored.XSS MEDIUM" "blocksy-companion 1.8.47 Reflected.Cross-Site.Scripting MEDIUM" "blocksy-companion 1.8.82 Subscriber+.Draft.Post.Access MEDIUM" "blocksy-companion 1.8.68 Contributor+.Stored.XSS MEDIUM" "blocksy-companion 1.8.20 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bws-popular-posts 1.0.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "book-buyback-prices No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "book-buyback-prices No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "brands-for-woocommerce 3.8.2.3 Missing.Authorization.to.Unauthenticated.Order.Manipulation.and.Information.Retrieval MEDIUM" "brands-for-woocommerce 3.8.2.3 Cross-Site.Request.Forgery MEDIUM" "brands-for-woocommerce 3.8.2 Contributor+.Stored.XSS MEDIUM" "bulk-attachment-download 1.3.7 Reflected.Cross-Site.Scripting MEDIUM" "bulk-attachment-download 1.3.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "blog-manager-light No.known.fix Settings.Update.via.CSRF MEDIUM" "backupwordpress 3.14 Admin+.Directory.Traversal LOW" "backupwordpress 3.13 Subscriber+.Backup.Disclosure MEDIUM" "buddymeet 2.3.0 Contributor+.Stored.XSS MEDIUM" "business-directory-plugin 6.4.4 Authenticated.(Author+).CSV.Injection HIGH" "business-directory-plugin 6.4.3 Unauthenticated.SQL.Injection.via.listingfields.Parameter CRITICAL" "business-directory-plugin 6.3.10 Contributor+.Arbitrary.Listing.Deletion LOW" "business-directory-plugin 6.3.11 Cross-Site.Request.Forgery MEDIUM" "business-directory-plugin 5.11.2 Arbitrary.Listing.Export HIGH" "business-directory-plugin 5.11.2 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "business-directory-plugin 5.11.2 Arbitrary.Payment.History.Update MEDIUM" "business-directory-plugin 5.11 Arbitrary.File.Upload.to.RCE HIGH" "business-directory-plugin 5.11.1 Authenticated.PHP4.Upload.to.RCE MEDIUM" "business-directory-plugin 5.11.1 Arbitrary.Add/Edit/Delete.Form.Field.to.Stored.XSS HIGH" "buddypress-docs 1.9.3 Authenticated.Lack.of.Authorisation MEDIUM" "batch-cat No.known.fix Subscriber+.Arbitrary.Categories.Add/Set/Delete.to.Posts MEDIUM" "block-specific-plugin-updates 3.3.2 Arbitrary.Plugin.Update.Blocking.via.CSRF MEDIUM" "bp-create-group-type No.known.fix Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "bulk-editor 1.0.8.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "bulk-editor 1.0.8.2 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "bulk-editor 1.0.8.2 Missing.Authorization MEDIUM" "bulk-editor 1.0.8.2 Cross-Site.Request.Forgery MEDIUM" "bulk-editor 1.0.8.1 Unauthenticated.Stored.Cross-Site.Scripting.via.profile_title MEDIUM" "bulk-editor 1.0.7.2 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "bulk-editor 1.0.7.2 Admin+.Stored.XSS LOW" "bulk-editor 1.0.7.1 Profile.Creation.via.CSRF MEDIUM" "bulk-editor 1.0.7.1 Profile.Creation.via.CSRF MEDIUM" "bulk-editor 1.0.7 Subscriber+.Stored.XSS HIGH" "buddypress-sticky-post 1.9.9 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "block-for-font-awesome 1.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "block-for-font-awesome 1.4.1 Block.for.Font.Awesome.<.1,4,1.-Settings.Update.via.CSRF MEDIUM" "booster-elite-for-woocommerce 7.1.8 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "booster-elite-for-woocommerce 7.1.2 .Missing.Authorization.to.Order.Information.Disclosure MEDIUM" "booster-elite-for-woocommerce 7.1.3 Subscriber+.Content.Injection MEDIUM" "booster-elite-for-woocommerce 6.0.1 Multiple.CSRF MEDIUM" "booster-elite-for-woocommerce 6.0.0 Reflected.Cross-Site.Scripting HIGH" "booster-elite-for-woocommerce 1.1.8 Custom.Role.Creation/Deletion.via.CSRF MEDIUM" "booster-elite-for-woocommerce 1.1.7 Checkout.Files.Deletion.via.CSRF LOW" "booster-elite-for-woocommerce 1.1.7 ShopManager+.Arbitrary.File.Download MEDIUM" "booster-elite-for-woocommerce 1.1.3 Subscriber+.Order.Status.Update MEDIUM" "bbp-toolkit No.known.fix Cross-Site.Request.Forgery MEDIUM" "bbp-toolkit No.known.fix Reflected.XSS HIGH" "bigbluebutton No.known.fix Reflected.XSS HIGH" "bigbluebutton 2.2.4 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "baw-post-views-count No.known.fix Contributor+.Stored.XSS.in.Shortcode MEDIUM" "bulk-add-to-cart-xforwc 1.3.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "booking-package 1.6.29 Unauthenticated.Price.Manipulation MEDIUM" "booking-package 1.6.02 Reflected.XSS HIGH" "booking-package 1.5.29 Unauthenticated.Sensitive.Data.Disclosure HIGH" "booking-package 1.5.11 Reflected.Cross-Site.Scripting MEDIUM" "blue-triad-ezanalytics No.known.fix Reflected.Cross-Site.Scripting.via.'bt_webid' MEDIUM" "buzzsprout-podcasting 1.8.5 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "bbpress 2.6.5 Authenticated.Privilege.Escalation.via.the.Super.Moderator.feature HIGH" "bbpress 2.6.5 Unauthenticated.Privilege.Escalation.when.New.User.Registration.enabled CRITICAL" "bbpress 2.6.5 Authenticated.Stored.Cross-Site.Scripting.via.the.forums.list.table MEDIUM" "bbpress 2.6.0 Subscriber+.Stored.Cross-Site.Scripting.via.Post.Slug MEDIUM" "buddypress-activity-plus 1.6.2 Cross-Site.Request.Forgery.(CSRF) HIGH" "bo-wc-customer-review-watson No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buttons-shortcode-and-widget No.known.fix Stored.XSS.via.shortcode MEDIUM" "buttons-shortcode-and-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "base64-encoderdecoder No.known.fix Stored.XSS.via.CSRF HIGH" "base64-encoderdecoder No.known.fix Reflected.XSS HIGH" "base64-encoderdecoder No.known.fix Settings.Reset.via.CSRF MEDIUM" "bbpowerpack 2.37.4 Reflected.Cross-Site.Scripting MEDIUM" "bbpowerpack 2.33.1 Contributor+.Privilege.Escalation HIGH" "bsk-pdf-manager 3.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bsk-pdf-manager 3.4.2 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "bsk-pdf-manager 3.1.2 Admin+.SQL.Injection MEDIUM" "bsk-pdf-manager 1.5 Multiple.Authenticated.SQL.Injections CRITICAL" "bsk-pdf-manager 2.9.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "better-search-tmc No.known.fix Folders.Disclosure.via.Outdated.jQueryFileTree.Library MEDIUM" "bootstrap-shortcodes No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "bsk-gravityforms-blacklist 3.8.1 Reflected.Cross-Site.Scripting MEDIUM" "bsk-gravityforms-blacklist 3.7 Admin+.Stored.Cross-Site.Scripting LOW" "becustom 1.0.5.3 Settings.Update.via.CSRF MEDIUM" "bold-page-builder 5.0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.bt_bb_button.Shortcode MEDIUM" "bold-page-builder 4.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Separator.Element MEDIUM" "bold-page-builder 4.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via."Price.List".Element MEDIUM" "bold-page-builder 4.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.AI.Features MEDIUM" "bold-page-builder 4.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.HTML.Tags MEDIUM" "bold-page-builder 4.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Widget.URL.Attribute MEDIUM" "bold-page-builder 4.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.bt_bb_price_list.Shortcode MEDIUM" "bold-page-builder 4.7.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.class MEDIUM" "bold-page-builder 4.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.URL MEDIUM" "bold-page-builder 4.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Icon.Link MEDIUM" "bold-page-builder 4.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Raw.Content MEDIUM" "bold-page-builder 4.7.0 Contributor+.Stored.XSS MEDIUM" "bold-page-builder 4.3.3 Admin+.Stored.Cross-Site.Scripting MEDIUM" "bold-page-builder 3.1.6 PHP.Object.Injection MEDIUM" "bold-page-builder 2.3.2 Missing.Access.Controls HIGH" "buddyforms-ultimate-member 1.3.8 Reflected.Cross-Site.Scripting MEDIUM" "backwpup 4.0.2 Admin+.Directory.Traversal MEDIUM" "backwpup 4.0.4 Unauthenticated.Backup.Download HIGH" "backwpup 4.0.2 Authenticated.(Administrator+).Directory.Traversal HIGH" "backwpup 3.4.2 Backup.File.Download HIGH" "bulk-woocommerce-category-creator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bulk-woocommerce-category-creator No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bc-menu-cart-woo No.known.fix Cross-Site.Request.Forgery MEDIUM" "better-wp-security 9.3.2 IP.Address.Spoofing.to.Denial.of.Service MEDIUM" "better-wp-security 9.0.1 Unauthenticated.Login.Page.Disclosure MEDIUM" "better-wp-security 7.9.1 Hide.Backend.Bypass MEDIUM" "better-wp-security 7.0.3 Authenticated.SQL.Injection HIGH" "better-wp-security 6.9.1 Cross-Site.Scripting.(XSS) HIGH" "better-follow-button-for-jetpack No.known.fix Admin+.Stored.XSS LOW" "bitformpro No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "bitformpro No.known.fix Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "bitformpro No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update HIGH" "bitformpro No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "booking-calendar 3.2.12 Admin+.SQLi MEDIUM" "booking-calendar 3.2.9 Multiple.Authenticated(Editor+).SQL.Injection HIGH" "booking-calendar 3.2.8 Admin+.SQLi MEDIUM" "booking-calendar 3.2.4 Form.Creation/Update/Deletion/Duplication.via.CSRF MEDIUM" "booking-calendar 3.2.4 Editor+.Stored.XSS LOW" "booking-calendar 3.2.2 Unauthenticated.Arbitrary.File.Upload CRITICAL" "booking-calendar 2.2.3 Parameters.Tampering.Allowing.Arbitrary.Prices.Change HIGH" "booking-calendar 2.1.8 Authenticated.Stored.XSS.&.CSRF HIGH" "blog2social 7.5.5 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.File.Upload MEDIUM" "blog2social 7.4.2 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "blog2social 7.5.0 Information.Exposure MEDIUM" "blog2social 7.2.1 Reflected.XSS HIGH" "blog2social 6.9.12 Subscriber+.Settings.Update MEDIUM" "blog2social 6.9.10 Subscriber+.SSRF MEDIUM" "blog2social 6.9.10 Subscriber+.SQLi HIGH" "blog2social 6.8.7 Reflected.Cross-Site.Scripting HIGH" "blog2social 6.3.1 Authenticated.SQL.Injection CRITICAL" "blog2social 5.9.0 Cross-Site.Scripting.Issue MEDIUM" "blog2social 5.6.0 SQL.Injection CRITICAL" "blog2social 5.0.3 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "booking-calendar-contact-form 1.2.41 Unauthenticated.Reflected.Cross-Site.Scripting HIGH" "booking-calendar-contact-form 1.0.24 XSS.&.SQL.Injection CRITICAL" "booking-calendar-contact-form 1.0.3 Multiple.Authenticated.Vulnerabilities MEDIUM" "byconsole-woo-order-delivery-time 2.4.7 Missing.Authorization.to.Arbitrary.Options.Update HIGH" "byconsole-woo-order-delivery-time 2.4.8 Reflected.XSS HIGH" "bulk-edit-user-profiles-in-spreadsheet 1.5.25 Reflected.Cross-Site.Scripting MEDIUM" "bulk-edit-user-profiles-in-spreadsheet 1.5.14 Admin+.Stored.Cross-Site.Scripting LOW" "bulk-edit-user-profiles-in-spreadsheet 1.5.13 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bp-cover No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "benchmark-email-lite 4.2 Cross-Site.Request.Forgery.via.page_settings() MEDIUM" "before-and-after-product-images-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "before-and-after-product-images-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "before-and-after-product-images-for-woocommerce No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "brickscore No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "block-options 1.40.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "block-options 1.40.4 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "block-options 1.17 Reflected.Cross-Site.Scripting MEDIUM" "block-options 1.31.6 Contributor+.Arbitrary.PHP.Code.Execution CRITICAL" "bulk-change No.known.fix Authenticated.Reflected.Cross-Site.Scripting CRITICAL" "bookly-responsive-appointment-booking-tool 23.3 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.Color.Profile.Parameter MEDIUM" "bookly-responsive-appointment-booking-tool 22.5 Admin+.Stored.XSS LOW" "bookly-responsive-appointment-booking-tool 22.4 Admin+.SQLi MEDIUM" "bookly-responsive-appointment-booking-tool 21.8 Admin+.Stored.Cross-Site.Scripting.via.service.titles MEDIUM" "bookly-responsive-appointment-booking-tool 21.6 Unauthenticated.Stored.XSS HIGH" "bookly-responsive-appointment-booking-tool 20.3.1 Staff.Member.Stored.Cross-Site.Scripting MEDIUM" "bookly-responsive-appointment-booking-tool 14.5 Bookly.#1.WordPress.Booking.Plugin.(Lite).<.14,5.–.Unauthenticated.Blind.Stored.XSS MEDIUM" "bp-better-messages 2.4.33 Missing.Authorization MEDIUM" "bp-better-messages 2.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "bp-better-messages 2.1.18 Reflected.Cross-Site.Scripting MEDIUM" "bp-better-messages 1.9.10.71 Subscriber+.Messaging.Block.Bypass MEDIUM" "bp-better-messages 1.9.10.69 Subscriber+.SSRF MEDIUM" "bp-better-messages 1.9.10.58 Subscriber+.Denial.Of.Service MEDIUM" "bp-better-messages 1.9.9.170 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bp-better-messages 1.9.9.149 File.Upload.via.CSRF LOW" "bp-better-messages 1.9.9.149 Cross-Site.Request.Forgery MEDIUM" "bp-better-messages 1.9.9.41 Reflected.Cross-Site.Scripting HIGH" "bp-better-messages 1.9.9.41 Multiple.CSRF MEDIUM" "booster-plus-for-woocommerce 7.1.3 Missing.Authorization.to.Arbitrary.Options.Disclosure MEDIUM" "booster-plus-for-woocommerce 7.1.2 Missing.Authorization.to.Order.Information.Disclosure MEDIUM" "booster-plus-for-woocommerce 7.1.2 Missing.Authorization.to.Arbitrary.Page/Post.Deletion MEDIUM" "booster-plus-for-woocommerce 6.0.1 Multiple.CSRF MEDIUM" "booster-plus-for-woocommerce 6.0.0 Reflected.Cross-Site.Scripting HIGH" "booster-plus-for-woocommerce 5.6.6 Custom.Role.Creation/Deletion.via.CSRF MEDIUM" "booster-plus-for-woocommerce 5.6.5 Checkout.Files.Deletion.via.CSRF LOW" "booster-plus-for-woocommerce 5.6.5 ShopManager+.Arbitrary.File.Download MEDIUM" "booster-plus-for-woocommerce 5.6.1 Subscriber+.Order.Status.Update MEDIUM" "beaf-before-and-after-gallery 4.5.5 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "b-slider 1.1.13 Slider.for.your.block.editor.<.1.1.13.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "beautiful-and-responsive-cookie-consent 2.10.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "beautiful-and-responsive-cookie-consent 2.10.2 Unauthenticated.Stored.XSS HIGH" "beautiful-and-responsive-cookie-consent 2.9.1 Admin+.Stored.XSS LOW" "bws-testimonials 0.1.9 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "border-loading-bar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "border-loading-bar No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "bulk-noindex-nofollow-toolkit-by-mad-fish 2.10 Reflected.Cross-Site.Scripting.via.tab,.order,.and.orderby MEDIUM" "bulk-noindex-nofollow-toolkit-by-mad-fish 1.5 Reflected.XSS HIGH" "bulk-noindex-nofollow-toolkit-by-mad-fish 1.51 Missing.Authorization MEDIUM" "bp-user-profile-reviews 2.7.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "builder-style-manager 0.7.7 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "birthdays-widget No.known.fix Admin+.Stored.Cross.Site.Scripting LOW" "better-sharing 2.0.7 Reflected.Cross-Site.Scripting MEDIUM" "better-sharing 1.7.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buddydrive 2.1.2 Reflected.Cross-Site.Scripting MEDIUM" "backup 2.0.9.9 Directory.Listing.Exposing.Backups HIGH" "backup 1.6.9.1 Admin+.Stored.XSS LOW" "backup 1.6.0 Authenticated.Arbitrary.File.Upload CRITICAL" "backup 1.4.1 Subscriber+.Sensitive.Information.Disclosure MEDIUM" "backup 1.4.1 Subscriber+.Arbitrary.Backup.Location.Update MEDIUM" "backup 1.4.0 Arbitrary.File.Upload.via.CSRF HIGH" "backup 1.1.47 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "backup 1.0.3 Authenticated.Arbitrary.File.Upload CRITICAL" "buddyforms 2.8.12 Authenticated.(Contributor+).Privilege.Escalation HIGH" "buddyforms No.known.fix Email.Verification.Bypass.due.to.Insufficient.Randomness MEDIUM" "buddyforms 2.8.9 Unauthenticated.Arbitrary.File.Read.and.Server-Side.Request.Forgery CRITICAL" "buddyforms 2.8.6 Reflected.Cross-Site.Scripting.via.page MEDIUM" "buddyforms 2.8.8 Missing.Authorization.to.Unauthenticated.Media.Upload HIGH" "buddyforms 2.8.8 Missing.Authorization.to.Unauthenticated.Media.Deletion HIGH" "buddyforms 2.8.8 Missing.Authorization MEDIUM" "buddyforms 2.8.3 Reflected.Cross-Site.Scripting MEDIUM" "buddyforms 2.8.2 Contributor+.Stored.XSS MEDIUM" "buddyforms 2.7.8 Unauthenticated.PHAR.Deserialization HIGH" "buddyforms 2.7.6 Contributor+.Stored.XSS MEDIUM" "buddyforms 2.6.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buddyforms 2.3.2 Subscriber+.Arbitrary.Option.Update CRITICAL" "buddyforms 2.2.8 SQL.Injection CRITICAL" "blobinator 2.3 Unauthorised.AJAX.call.via.CSRF MEDIUM" "builderall-cheetah-for-wp 2.0.2 Unauthenticated.Server-Side.Request.Forgery HIGH" "baslider No.known.fix Multiple.CSRF MEDIUM" "baslider No.known.fix Arbitrary.Slide.Deletion.via.CSRF MEDIUM" "baslider No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "bradmax-player No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "broken-link-checker 2.2.4 Admin+.Stored.Cross-Site.Scripting LOW" "broken-link-checker 1.11.20 Admin+.Cross-Site.Scripting LOW" "broken-link-checker 1.11.17 Admin+.PHAR.Deserialization MEDIUM" "broken-link-checker 1.11.9 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "broken-link-checker 1.10.9 Unauthenticated.Stored.XSS MEDIUM" "better-elementor-addons 1.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "better-elementor-addons 1.4.2 Authenticated(Contributor+).Local.File.Inclusion HIGH" "better-elementor-addons 1.4.2 Contributor+.Stored.XSS MEDIUM" "better-elementor-addons 1.3.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "better-elementor-addons 1.3.9 Subscriber+.Settings.Update./.Reset MEDIUM" "better-elementor-addons 1.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bp-user-to-do-list 3.0.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "buddyboss-media No.known.fix Stored.XSS MEDIUM" "back-button-widget 1.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "bookster No.known.fix Unauthenticated.Appointment.Status.Update MEDIUM" "blogmentor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.pagination_style.Parameter MEDIUM" "better-click-to-tweet 5.10.4 Settings.Update.via.CSRF MEDIUM" "button 1.1.28 Contributor+.PHP.Object.Injection.in.button_shortcode MEDIUM" "button 1.1.24 Admin+.Stored.XSS LOW" "bsuite No.known.fix Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "bertha-ai-free 1.11.10.8 Unauthenticated.Arbitrary.File.Upload CRITICAL" "bp-toolkit 3.6.1 Reflected.Cross-Site.Scripting MEDIUM" "bp-toolkit 3.3.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "be-popia-compliant 1.1.6 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "bricksbuilder 1.9.9 Insecure.Direct.Object.Reference MEDIUM" "blox-page-builder No.known.fix Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "blossom-recipe-maker 1.0.8 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "backup-and-restore-for-wp No.known.fix Admin+.Arbitrary.File.Deletion MEDIUM" "browser-shots 1.7.6 Contributor+.Stored.XSS MEDIUM" "bsi-hotel-pro No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "bdthemes-element-pack-lite 5.7.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Custom.Gallery.and.Countdown.Widgets MEDIUM" "bdthemes-element-pack-lite 5.7.7 Contributor+.Stored.XSS.via.title_tag MEDIUM" "bdthemes-element-pack-lite 5.7.3 Authenticated.(Contributor+).Arbitrary.File.Read MEDIUM" "bdthemes-element-pack-lite 5.6.12 Contributor+.Stored.XSS MEDIUM" "bdthemes-element-pack-lite 5.6.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bdthemes-element-pack-lite 5.6.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bdthemes-element-pack-lite 5.6.12 Contributor+.Stored.XSS.via.onclick.events MEDIUM" "bdthemes-element-pack-lite 5.6.4 Form.Submission.Admin.Email.Bypass MEDIUM" "bdthemes-element-pack-lite 5.6.2 Contributor+.Stored.XSS MEDIUM" "bdthemes-element-pack-lite 5.6.1 Contributor+.Stored.XSS.via.Panel.Slider.Widget MEDIUM" "bdthemes-element-pack-lite 5.6.1 Contributor+.Stored.XSS.via.Price.List.Widget MEDIUM" "bdthemes-element-pack-lite 5.6.0 Sensitive.Information.Exposure.via..element_pack_ajax_search MEDIUM" "bdthemes-element-pack-lite 5.5.4 Contributor+.Stored.XSS.via.Trailer.Box.Widget MEDIUM" "bdthemes-element-pack-lite 5.3.3 Contributor+.Stored.XSS.via.Custom.Gallery.Widget MEDIUM" "bdthemes-element-pack-lite 5.5.4 Authenticated.(Contributor+).SQL.Injection MEDIUM" "bdthemes-element-pack-lite 5.5.4 Contributor+.Stored.XSS MEDIUM" "bdthemes-element-pack-lite 5.4.12 Missing.Authorization.via.bdt_duplicate_as_draft MEDIUM" "bdthemes-element-pack-lite 5.2.1 Reflected.Cross-Site.Scripting MEDIUM" "buffer-my-post No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "buffer-my-post No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "blockspare 3.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blockspare 3.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blockspare 2.6.5 Reflected.Cross-Site.Scripting MEDIUM" "blockspare 2.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bulletproof-security 6.1 Admin+.Stored.Cross-Site.Scripting LOW" "bulletproof-security 5.8 Admin+.Stored.Cross-Site.Scripting.(XSS) LOW" "bulletproof-security 5.2 Sensitive.Information.Disclosure MEDIUM" "bulletproof-security .53.4 Multiple.XSS.Vulnerabilities MEDIUM" "biometric-login-for-woocommerce 1.0.4 Unauthenticated.Privilege.Escalation CRITICAL" "backupbuddy 8.8.3 Multiple.Reflected.Cross-Site.Scripting HIGH" "backupbuddy 8.7.5 Unauthenticated.Arbitrary.File.Access HIGH" "bbresolutions No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bbresolutions No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bulk-creator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "buddyforms-acf 1.3.5 Reflected.Cross-Site.Scripting MEDIUM" "betterdocs 3.5.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "betterdocs 3.5.9 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "betterdocs 3.3.4 Unauthenticated.PHP.Object.Injection CRITICAL" "betterdocs 3.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "betterdocs 2.5.3 Missing.Authorization.via.AJAX.actions MEDIUM" "betterdocs 1.9.0 Reflected.Cross-Site.Scripting HIGH" "betterdocs 1.9.2 Reflected.Cross-Site.Scripting HIGH" "bdthemes-prime-slider-lite 3.14.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Pacific.Widget MEDIUM" "bdthemes-prime-slider-lite 3.14.2 Contributor+.Stored.XSS.via.Pagepiling.Widget MEDIUM" "bdthemes-prime-slider-lite 3.14.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bdthemes-prime-slider-lite 3.14.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "bdthemes-prime-slider-lite 3.13.3 Contributor+.Stored.Cross-Site.Scripting.via.Rubix.Widget MEDIUM" "bdthemes-prime-slider-lite 3.13.3 Contributor+.Stored.Cross-Site.Scripting.via.Mercury.Widget MEDIUM" "bdthemes-prime-slider-lite 3.13.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Fiestar.Widget MEDIUM" "bdthemes-prime-slider-lite 3.11.11 Incorrect.Authorization.via.bdt_duplicate_as_draft MEDIUM" "bdthemes-prime-slider-lite 3.8.3 Reflected.Cross-Site.Scripting MEDIUM" "bdthemes-prime-slider-lite 2.7.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buddypress 12.5.1 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "buddypress 12.4.1 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "buddypress 11.3.2 Contributor+.Stored.XSS MEDIUM" "buddypress 9.1.1 SQL.Injections HIGH" "buddypress 9.1.1 Activation.Key.Disclosure MEDIUM" "buddypress 7.3.0 Multiple.Authenticated.REST.API.Vulnerabilities MEDIUM" "buddypress 7.2.1 REST.API.Privilege.Escalation HIGH" "buddypress 7.2.1 Read.Private.Messages MEDIUM" "buddypress 7.2.1 Invite.Member.to.Join.Group MEDIUM" "buddypress 7.2.1 .Force.a.Friendship MEDIUM" "buddypress 7.2.1 Manage.BuddyPress.Member.Types MEDIUM" "buddypress 6.4.0 Lack.of.Capability.Check.on.Profile.Page MEDIUM" "buddypress 5.1.2 Private.Data.Exposure.via.REST.API HIGH" "buddypress 5.1.1 Denial.of.Service MEDIUM" "better-font-awesome 2.0.4 Contributor+.Stored.XSS MEDIUM" "better-font-awesome 2.0.2 Settings.Update.via.CSRF MEDIUM" "babelz No.known.fix CSRF.to.Stored.XSS HIGH" "bws-google-analytics 1.7.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "blockons 1.0.8 Reflected.Cross-Site.Scripting MEDIUM" "bookingcom-banner-creator 1.4.3 Admin+.Stored.Cross-Site.Scripting LOW" "book-appointment-online 1.39 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "bizlibrary No.known.fix Admin+.Stored.XSS LOW" "bulk-edit-categories-tags 1.7.5 Reflected.Cross-Site.Scripting MEDIUM" "bulk-edit-categories-tags 1.5.23 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bcs-bertline-book-importer 1.5.8 Unauthenticated.Product.Import HIGH" "bloom 1.1.1 Privilege.Escalation HIGH" "burst-pro 1.5.1 Unauthenticated.SQL.Injection HIGH" "bbpress-notify-nospam 2.18.4 Reflected.Cross-Site.Scripting MEDIUM" "bws-pinterest 1.0.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "broken-link-finder 2.5.0 Missing.Authorization.via.moblc_auth_save_settings MEDIUM" "bws-linkedin 1.0.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "buddyvendor 1.2.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "breadcrumbs-by-menu 1.0.3 Multiple.Issues HIGH" "block-referer-spam 1.1.9.5 Admin+.Stored.XSS LOW" "booking-ultra-pro 1.1.14 Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Settings.Updates MEDIUM" "booking-ultra-pro 1.1.14 Unauthenticated.Local.File.Inclusion CRITICAL" "booking-ultra-pro 1.1.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "booking-ultra-pro 1.1.13 Authenticated.(Contributor+).Privilege.Escalation HIGH" "booking-ultra-pro 1.1.7 Cross-Site.Request.Forgery MEDIUM" "booking-ultra-pro 1.1.7 Subscriber+.Settings.Update MEDIUM" "booking-ultra-pro 1.1.9 Reflected.XSS HIGH" "booking-ultra-pro 1.1.9 Reflected.XSS HIGH" "booking-ultra-pro 1.1.7 Multiple.CSRF MEDIUM" "booking-ultra-pro 1.1.7 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "bg-biblie-references No.known.fix Reflected.XSS HIGH" "bulk-comment-remove No.known.fix Cross-Site.Request.Forgery.via.brc_admin() MEDIUM" "booking-system 2.9.9.5.1 Authenticated.(Subscriber+).SQL.Injection HIGH" "booking-system 2.9.9.4.8 Admin+.Stored.XSS LOW" "booking-system 2.9.9.4.1 Arbitrary.Settings.Update.via.CSRF MEDIUM" "booking-system 2.9.9.2.9 Admin+.Stored.XSS LOW" "booking-system 2.9.9.2.9 Subscriber+.SQLi HIGH" "booking-system 2.1 Authenticated.Blind.SQL.Injection HIGH" "bmi-adultkid-calculator 1.2.2 Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "blog-designer-for-post-and-widget 2.4.1 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "buddypress-check-ins-pro 1.4.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "business-profile-reviews No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "blockart-blocks 2.1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "backuply 1.3.5 Authenticated.(Admin+).SQL.Injection CRITICAL" "backuply 1.2.8 Admin+.Directory.Traversal MEDIUM" "backuply 1.2.6 Backup,.Restore,.Migrate.and.Clone.<.1.2.6.-..Unauthenticated.Denial.of.Service HIGH" "backuply 1.2.4 Admin+.Directory.Traversal MEDIUM" "buddyforms-easypin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "buddyforms-easypin No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buddyforms-easypin No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "boldgrid-easy-seo 1.6.15 Information.Exposure MEDIUM" "boldgrid-easy-seo 1.6.14 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Meta.Description MEDIUM" "buddypress-giphy 1.5.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "bannerman No.known.fix Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "boostify-header-footer-builder 1.3.6 Missing.Authorization.to.Page/Post.Creation MEDIUM" "boostify-header-footer-builder 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.size.Parameter MEDIUM" "booking-calendar-pro-payment 21.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "bws-featured-posts 1.0.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "bb-bootstrap-cards 1.1.5 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "bb-bootstrap-cards 1.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Cards.Widget MEDIUM" "bb-bootstrap-cards 1.1.3 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.bootstrapcard.link MEDIUM" "better-rss-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blog-sidebar-widget 1.0.6 Reflected.Cross-Site.Scripting MEDIUM" "blog-sidebar-widget No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "business-hours-indicator 2.3.5 Admin+.Stored.Cross-Site.Scripting LOW" "bookshelf No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "bmi-calculator-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bulk-delete-users-by-email No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bulk-delete-users-by-email No.known.fix User.Deletion.via.CSRF HIGH" "blog-posts-and-category-for-elementor 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.and.Category.Filter.Widget MEDIUM" "button-generation 3.0 Button.Deletion.via.CSRF MEDIUM" "button-generation 2.3.9 Button.Counter.Reset.via.CSRF MEDIUM" "button-generation 2.3.9 Unauthenticated.Button.Counter.Reset MEDIUM" "button-generation 2.3.6 Cross-Site.Request.Forgery MEDIUM" "button-generation 2.3.5 Reflected.XSS MEDIUM" "button-generation 2.3.4 easily.Button.Builder.<.2.3.4.-.Admin+.Stored.XSS LOW" "button-generation 2.3.3 RFI.leading.to.RCE.via.CSRF HIGH" "bft-autoresponder 2.7.2.4 Cross-Site.Request.Forgery MEDIUM" "bft-autoresponder 2.7.2.3 CSRF MEDIUM" "bft-autoresponder 2.7.1.1 Admin+.Stored.XSS LOW" "bft-autoresponder 2.7.1.1 Unauthenticated.Stored.XSS HIGH" "bft-autoresponder 2.1.7.2 Contributor+.Stored.XSS MEDIUM" "bft-autoresponder 2.1.7.2 Admin+.Stored.XSS LOW" "bft-autoresponder 2.5.2 Authenticated.Blind.SQL.Injection.&.Multiple.XSS HIGH" "breeze 2.1.4 Admin+.Stored.XSS LOW" "breeze 2.0.3 Subscriber+.Arbitrary.Settings.Update.to.Stored.XSS HIGH" "billingo 3.4.0 ShopManager+.Stored.XSS MEDIUM" "backend-designer 1.4 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "bulk-page-creator 1.1.4 Arbitrary.Page.Creation.via.CSRF MEDIUM" "bitpay-checkout-for-woocommerce 5.0.0 Missing.Authorization MEDIUM" "bus-ticket-booking-with-seat-reservation 5.3.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "bus-ticket-booking-with-seat-reservation 5.2.6 Unauthenticated.Cross-Site.Scripting HIGH" "bus-ticket-booking-with-seat-reservation 5.2.4 Reflected.XSS HIGH" "booqable-rental-reservations 2.4.16 Admin+.Stored.XSS LOW" "browser-and-operating-system-finder No.known.fix Unauthenticated.Settings.Reset MEDIUM" "browser-and-operating-system-finder No.known.fix Unauthenticated.Arbitrary.Settings.Update.to.Stored.XSS HIGH" "buddyboss-platform 2.6.0 Insecure.Direct.Object.Reference.on.Like.Comment MEDIUM" "buddyboss-platform 1.7.9 Subscriber+.SQL.Injection MEDIUM" "beepress No.known.fix Cross-Site.Request.Forgery.via.beepress-pro.php MEDIUM" "block-styler-for-gravity-forms 6.3.0 Reflected.Cross-Site.Scripting MEDIUM" "block-styler-for-gravity-forms 6.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bp-profile-search 5.8 Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "bp-profile-search 5.6 Reflected.Cross-Site.Scripting.via.BPS_FORM MEDIUM" "buttonizer-multifunctional-button 3.3.10 Reflected.Cross-Site.Scripting MEDIUM" "buttonizer-multifunctional-button 2.6.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buttonizer-multifunctional-button 2.5.5 Smart.Floating.Action.Button.<.2.5.5.-.Admin+.Stored.Cross-Site.Scripting LOW" "buddyforms-remote 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "bp-activity-filter 2.8.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "blossomthemes-email-newsletter 2.2.7 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "blossomthemes-email-newsletter 2.2.5 Missing.Authorization MEDIUM" "bsd-woo-stripe-connect-split-pay 3.2.10 Reflected.Cross-Site.Scripting MEDIUM" "bsd-woo-stripe-connect-split-pay 3.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "better-search-replace 1.4.5 Unauthenticated.PHP.Object.Injection CRITICAL" "better-search-replace 1.4.1 Admin+.SQLi MEDIUM" "blog-filter 1.5.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "bbspoiler 2.02 Contributor+.Stored.XSS MEDIUM" "bloglentor-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bubble-menu 3.0.5 Admin+.Stored.XSS LOW" "bubble-menu 3.0.4 Reflected.XSS MEDIUM" "bubble-menu 3.0.2 Circle.Floating.Menu.<.3.0.2.-.Form.Deletion.via.CSRF MEDIUM" "bizcalendar-web 1.1.0.26 Reflected.XSS HIGH" "breadcrumb-simple No.known.fix Admin+.Stored.XSS LOW" "bulk-resize-media No.known.fix CSRF MEDIUM" "backup-backup 1.4.4 Information.Exposure.via.Log.Files MEDIUM" "backup-backup 1.4.0 Unauthenticated.Path.Traversal.to.Arbitrary.File.Deletion HIGH" "backup-backup 1.4.0 Authenticated.(Admin+).OS.Command.Injection.via.url HIGH" "backup-backup 1.4.0 1.3.9.-.Remote.File.Inclusion.via.content-dir HIGH" "backup-backup 1.3.8 Unauthenticated.RCE CRITICAL" "backup-backup 1.3.6 Sensitive.Data.Exposure HIGH" "backup-backup 1.3.7 Unauthenticated.Arbitrary.File.Download.to.Sensitive.Information.Exposure HIGH" "backup-backup 1.3.0 Cross-Site.Request.Forgery MEDIUM" "backup-backup 1.2.8 Plugin.Installation.via.CSRF MEDIUM" "backup-backup 1.2.8 Subscriber+.Plugin.Installation MEDIUM" "backup-backup 1.1.6 Admin+.Stored.Cross-Site.Scripting MEDIUM" "before-after-image-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "blocked-in-china 1.0.6 Reflected.Cross-Site.Scripting MEDIUM" "blocked-in-china 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "broken-link-manager No.known.fix Authenticated.(admin+).SQL.Injection MEDIUM" "broken-link-manager 0.6.0 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "broken-link-manager 0.5.0 Unauthenticated.SQL.Injection.&.XSS CRITICAL" "breadcrumbs-shortcode 1.45 Reflected.Cross-Site.Scripting MEDIUM" "blocks No.known.fix Admin+.Stored.XSS LOW" "bmi-bmr-calculator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "booking-sms 1.1.0 Cross-Site.Scripting.(XSS) MEDIUM" "bwl-advanced-faq-manager 2.0.4 Authenticated.(Administrator+).SQL.Injection CRITICAL" "booking-activities 1.15.20 Reflected.Cross-Site.Scripting MEDIUM" "blog-designer-pack 3.4.2 Unauthenticated.Remote.Code.Execution.via.Local.File.Inclusion HIGH" "blog-designer-pack 3.4.1 Reflected.Cross-Site.Scripting MEDIUM" "blog-designer-pack 3.3 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "blog-designer-pack 2.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bit-form 2.13.10 2.13.9.-.Authenticated.(Administrator+).SQL.Injection.via.getLogHistory.Function HIGH" "bit-form 2.13.10 2.13.9.-.Authenticated.(Administrator+).Arbitrary.JavaScript.File.Uploads MEDIUM" "bit-form 2.13.10 2.13.9.-.Authenticated.(Administrator+).Arbitrary.File.Read.And.Deletion CRITICAL" "bit-form 2.13.10 2.13.9.-.Authenticated.(Administrator+).SQL.Injection HIGH" "bit-form 2.13.5 2.13.4.-.Authenticater.(Administrator+).Arbitrary.File.Deletion HIGH" "bit-form 2.13.4 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "bit-form 2.10.2 Unauthenticated.Insecure.Direct.Object.Reference.to.Form.Submission.Alteration MEDIUM" "bit-form 2.2.0 Admin+.Stored.XSS LOW" "bit-form 1.9 RCE.via.Unauthenticated.Arbitrary.File.Upload CRITICAL" "backup-wd No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "brute-force-login-protection No.known.fix Arbitrary.IP.Removal/Add.via.CSRF MEDIUM" "bp-activity-social-share 3.2.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "buttons-x No.known.fix Buttons.X.<=.0.8.6.-.Contributor+.Stored.XSS MEDIUM" "boldgrid-backup 1.15.9 Improper.Authorization.to.Unauthenticated.Arbitrary.File.Download HIGH" "boldgrid-backup 1.14.14 Subscriber+.Backup.Disclosure MEDIUM" "boldgrid-backup 1.14.10 Sensitive.Data.Disclosure.(Server.IP.Address,.UID.etc) MEDIUM" "boldgrid-backup 1.14.10 Unauthenticated.Backup.Download HIGH" "booking-manager 2.1.6 Authenticated(Contributor+).SQL.Injection.via.Shortcode HIGH" "booking-manager 2.0.29 Subscriber+.SSRF MEDIUM" "bulk-image-title-attribute 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bricksforge 2.1.1 Missing.Authorization.to.Unauthenticated.Arbitrary.Email.Sending MEDIUM" "bricksforge 2.1.1 Missing.Authorization.to.Unauthenticated.WordPress.Settings.Deletion MEDIUM" "bricksforge 2.1.1 Missing.Authorization.to.Unauthenticated.WordPress.Settings.Update MEDIUM" "build-app-online 1.0.21 Subscriber+.Privilege.Escalation HIGH" "build-app-online 1.0.22 Unauthenticated.Account.Takeover.via.Weak.Password.Reset.Mechanism CRITICAL" "build-app-online 1.0.19 Unauthenticated.SQL.Injection HIGH" "biteship 2.2.25 Reflected.Cross-Site.Scripting.via.biteship_error.and.biteship_message MEDIUM" "biteship 2.2.28 Shop.manager+.Stored.XSS MEDIUM" "biteship 2.2.25 Reflected.Cross-Site.Scripting HIGH" "buddyforms-attach-posts-to-groups-extension 1.2.4 Reflected.Cross-Site.Scripting MEDIUM" "bit-assist 1.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "bit-assist 1.1.9 Admin+.Stored.Cross-Site.Scripting LOW" "bemax-elementor No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "backup-by-supsystic No.known.fix Authenticated.Arbitrary.File.Download.and.Deletion CRITICAL" "bulgarisation-for-woocommerce 3.0.15 Missing.Authorization HIGH" "bulgarisation-for-woocommerce 3.0.15 Cross-Site.Request.Forgery HIGH" "blockonomics-bitcoin-payments 3.5.8 Reflected.Cross-Site.Scripting HIGH" "blockonomics-bitcoin-payments 3.3 Blockonomics.<.3.3.-.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "bigcommerce No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "ba-plus-before-after-image-slider-free No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bzscore-live-score 1.6.0 Contributor+.Stored.XSS MEDIUM" "broken-link-checker-for-youtube No.known.fix Cross-Site.Request.Forgery.via.plugin_settings_page() MEDIUM" "browser-theme-color No.known.fix Cross-Site.Request.Forgery.via.btc_settings_page MEDIUM" "brave-popup-builder 0.7.1 Cross-Site.Request.Forgery MEDIUM" "brave-popup-builder 0.7.0 Admin+.Stored.XSS LOW" "brave-popup-builder 0.6.6 Unauthenticated.Server-Side.Request.Forgery HIGH" "brave-popup-builder 0.6.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "bulk-block-converter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bulk-datetime-change 1.12 Missing.Authorisation MEDIUM" "brutebank 1.9 WP.Security.&.Firewall.<.1.9.-.Settings.Update.via.CSRF MEDIUM" "blogpost-widgets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "blocks-bakery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "blocks-bakery No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "badgeos No.known.fix Missing.Authorization MEDIUM" "badgeos No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "badgeos No.known.fix Missing.Authorization.in.delete_badgeos_log_entries MEDIUM" "badgeos No.known.fix Subscriber+.IDOR MEDIUM" "badgeos No.known.fix CSRF MEDIUM" "badgeos 3.7.1.3 Subscriber+.SQLi HIGH" "badgeos 3.7.1 Unauthenticated.SQLi HIGH" "better-anchor-links No.known.fix Cross-Site.Request.Forgery.via.admin/options.php MEDIUM" "brozzme-scroll-top No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "bookingpress-appointment-booking 1.1.8 1.1.7.-.Authentication.Bypass.to.Account.Takeover CRITICAL" "bookingpress-appointment-booking 1.1.6 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update.and.Arbitrary.File.Upload HIGH" "bookingpress-appointment-booking 1.1.6 Authenticated.(Subscriber+).Arbitrary.File.Read.to.Arbitrary.File.Creation HIGH" "bookingpress-appointment-booking 1.0.83 Missing.Authorization.to.Appointment.Time.Alteration MEDIUM" "bookingpress-appointment-booking 1.0.82 Authenticated.(Customer+).Insecure.Direct.Object.Reference MEDIUM" "bookingpress-appointment-booking 1.0.88 Authenticated.(Admin+).Arbitrary.File.Upload HIGH" "bookingpress-appointment-booking 1.0.75 Unauthenticated.Booking.Price.Manipulation HIGH" "bookingpress-appointment-booking 1.0.73 Authenticated.(Contributor+).SQL.Injection HIGH" "bookingpress-appointment-booking 1.0.77 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "bookingpress-appointment-booking 1.0.31 Unauthenticated.IDOR.in.appointment_id HIGH" "bookingpress-appointment-booking 1.0.11 Unauthenticated.SQL.Injection HIGH" "bb-ultimate-addon 1.35.14 Contributor+.Arbitrary.File.Download MEDIUM" "bb-ultimate-addon 1.35.15 Contributor+.Privilege.Escalation HIGH" "bws-google-maps 1.3.6 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "buymeacoffee 3.7 Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "buymeacoffee 3.8 Cross-Site.Request.Forgery HIGH" "buymeacoffee 3.8 Subscriber+.Unauthorized.Data.Modification HIGH" "buymeacoffee 3.7 Admin+.Stored.XSS LOW" "brizy 2.5.2 Cross-Site.Request.Forgery MEDIUM" "brizy 2.4.45 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "brizy 2.4.45 Missing.Authorization.to.Authenticated.(Contributor+).Post.Modification HIGH" "brizy 2.4.44 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Form.Functionality MEDIUM" "brizy 2.4.44 Unauthenticated.Stored.Cross-Site.Scripting.via.Form HIGH" "brizy 2.4.44 Authenticated.(Contributor+).Store.Cross-Site.Scripting.via.Widget.Link.To.URL HIGH" "brizy 2.4.44 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Custom.Attributes MEDIUM" "brizy 2.4.44 Missing.Authorization MEDIUM" "brizy 2.4.42 Authenticated(Contributor+).Stored.Cross-Site.Scripting HIGH" "brizy 2.4.41 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "brizy 2.4.41 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "brizy 2.4.41 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "brizy 2.4.41 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "brizy 2.4.41 Authenticated.(Contributor+).Directory.Traversal MEDIUM" "brizy 2.4.30 Contributor+.Stored.XSS MEDIUM" "brizy 2.4.2 Contributor+.Stored.Cross-Site.Scripting.via.Element.Content MEDIUM" "brizy 2.4.2 Contributor+.Stored.Cross-Site.Scripting.via.Element.URL MEDIUM" "brizy 2.3.12 2.3.11.-.Incorrect.Authorization.to.Post.Modification HIGH" "brizy 2.3.12 Authenticated.File.Upload.and.Path.Traversal HIGH" "brizy 2.3.12 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "brizy 1.0.126 Page.Builder.<.1.0.126.-.Improper.Access.Controls.on.AJAX.Calls HIGH" "business-card-by-esterox-100 No.known.fix Admin+.File.Upload MEDIUM" "business-card-by-esterox-100 No.known.fix Card.Edit.via.CSRF MEDIUM" "business-card-by-esterox-100 No.known.fix Category.Deletion.via.CSRF MEDIUM" "business-card-by-esterox-100 No.known.fix Arbitrary.Card.Deletion.via.CSRF MEDIUM" "business-card-by-esterox-100 No.known.fix Category.Edit.via.CSRF MEDIUM" "business-manager 1.4.6 Admin+.Stored.Cross-Site.Scripting LOW" "bestbooks No.known.fix Unauthenticated.SQLi HIGH" "bigcontact No.known.fix Cross-Site.Request.Forgery MEDIUM" "bulletin-announcements 3.9.0 Authenticated.(Administrator+).SQL.Injection HIGH" "bulletin-announcements 3.8.0 Reflected.Cross-Site.Scripting MEDIUM" "bulletin-announcements 3.7.1 Cross-Site.Request.Forgery MEDIUM" "bulletin-announcements 3.7.0 Subscriber+.Unauthorized.Access.and.Modification MEDIUM" "bulletin-announcements 3.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "best-woocommerce-feed 7.3.16 Authenticated.(Admin+).Directory.Traversal LOW" "best-woocommerce-feed 3.0 Reflected.Cross-Site.Scripting MEDIUM" "best-woocommerce-feed 2.2.3.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "blaze-widget 2.5.4 Injected.Backdoor CRITICAL" "bunnycdn 2.0.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "bp-social-connect 1.6.2 Authentication.Bypass CRITICAL" "bookingcom-product-helper 1.0.2 Admin+.Stored.Cross-Site.Scripting LOW" "blocks-product-editor-for-woocommerce 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "bosa-elementor-for-woocommerce 1.0.13 Missing.Authorization MEDIUM" "books-papers No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "buddyforms-posts-to-posts-integration 1.1.4 Reflected.Cross-Site.Scripting MEDIUM" "back-in-stock-notifier-for-woocommerce 5.3.2 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "booking 10.5.1 Reflected.Cross-Site.Scripting MEDIUM" "booking 10.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.bookingform.Shortcode MEDIUM" "booking 9.9.1 Unauthenticated.SQL.Injection CRITICAL" "booking 9.7.4 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "booking 9.7.3.1 Unauthenticated.Stored.XSS HIGH" "booking 9.2.2 Arbitrary.Translation.Update.via.CSRF MEDIUM" "booking 9.1.1 PHP.Object.Injection HIGH" "booking 8.9.2 Reflected.Cross-Site.Scripting HIGH" "booking 8.4.5.15 SQL.Injection HIGH" "betterlinks 1.6.1 Improper.Authorization.to.Data.Import.and.Export MEDIUM" "betterlinks 1.2.6 Admin+.Stored.Cross-Site.Scripting LOW" "bamboo-columns No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blockypage No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "blockypage No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "black-widgets 1.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "black-widgets 1.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bulk-edit-posts-on-frontend 2.4.27 Reflected.Cross-Site.Scripting MEDIUM" "bulk-edit-posts-on-frontend 2.4.15 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "business-profile 2.1.7 Subscriber+.Page.Creation.&.Settings.Update.to.Stored.XSS MEDIUM" "better-robots-txt 1.4.6 Cross-Site.Request.Forgery MEDIUM" "better-robots-txt 1.4.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "better-robots-txt 1.2.6 Subscriber+.Arbitrary.Option.Update CRITICAL" "blog-in-blog No.known.fix Editor+.Local.File.Inclusion.via.Shortcode HIGH" "blog-in-blog No.known.fix Editor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "baw-login-logout-menu No.known.fix Contributor+.Stored.XSS.in.Shortcode MEDIUM" "bible-text No.known.fix Contributor+.Stored.XSS MEDIUM" "bng-gateway-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bng-gateway-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bng-gateway-for-woocommerce No.known.fix CSRF.Bypass MEDIUM" "basic-interactive-world-map 2.7 Admin+.Stored.XSS LOW" "banner-management-for-woocommerce 2.4.3 Shop.Banner.Settings.Update.via.CSRF MEDIUM" "banner-management-for-woocommerce 2.4.1 Reflected.Cross-Site.Scripting MEDIUM" "banner-management-for-woocommerce 2.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "banner-management-for-woocommerce 1.1.1 Unauthenticated.Settings.Change MEDIUM" "burst-statistics 1.5.7 Contributor+.Stored.Cross-Site.Scripting.via.burst_total_pageviews_count MEDIUM" "burst-statistics 1.5.4 Editor+.SQL.Injection HIGH" "burst-statistics 1.5.0 Unauthenticated.SQL.Injection HIGH" "bannerlid No.known.fix Reflected.XSS HIGH" "backup-bolt 1.4.0 Sensitive.Data.Exposure MEDIUM" "backup-bolt 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "bp-profile-shortcodes-extra 2.5.3 Contributor+.Stored.XSS MEDIUM" "borderless 1.5.4 Widgets,.Elements,.Templates.and.Toolkit.for.Elementor.&.Gutenberg.<.1.5.4.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "borderless 1.5.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "borderless 1.4.9 Admin+.Stored.XSS LOW" "buddybadges No.known.fix Admin+.SQLi MEDIUM" "bravo-translate No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "bulk-edit-post-titles No.known.fix Missing.Authorization.via.bulkUpdatePostTitles MEDIUM" "bulk-edit-post-titles No.known.fix Missing.Authorization MEDIUM" "branda-white-labeling 3.4.19 Unauthenticated.Full.Path.Disclosure MEDIUM" "branda-white-labeling 3.4.18 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "branda-white-labeling 3.4.18 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.Upload MEDIUM" "branda-white-labeling 3.4.15 IP.Spoofing MEDIUM" "britetechs-companion 2.2.8 Injected.Backdoor CRITICAL" "bj-lazy-load 1.0 Remote.File.Inclusion.(Timthumb) HIGH" "better-search 3.3.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "better-search 2.5.3 Cross-Site.Request.Forgery MEDIUM" "better-search 2.5.3 CSRF.Nonce.Bypass.in.Import/Export MEDIUM" "better-search 2.2.3 Unauthenticated.SQL.Injection CRITICAL" "better-search 1.3.5 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "better-search 1.3 admin.inc.php.Setting.Manipulation.CSRF MEDIUM" "buddyforms-woocommerce-form-elements 1.4.4 Reflected.Cross-Site.Scripting MEDIUM" "bbs-e-popup No.known.fix Reflected.XSS HIGH" "buddypress-members-only 3.4.9 Improper.Access.Control.to.Sensitive.Information.Exposure.via.REST.API MEDIUM" "buddyforms-review 1.4.8 Reflected.Cross-Site.Scripting MEDIUM" "bookit 2.4.1 Price.Bypass MEDIUM" "bookit 2.4.4 Authenticated(Administrator+).SQL.Injection MEDIUM" "bookit 2.3.9 Reflected.Cross-Site.Scripting MEDIUM" "bookit 2.3.8 Authentication.Bypass CRITICAL" "bookit 2.2.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bookit 2.1.6 Authorised.AJAX.Calls MEDIUM" "bbp-style-pack 5.6.8 Contributor+.Stored.XSS MEDIUM" "bbp-style-pack 5.5.6 Reflected.XSS HIGH" "booking-and-rental-manager-for-woocommerce 1.2.2 Admin+.Stored.XSS LOW" "buddypress-profile-pro 2.0.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "better-messages-wcfm-integration 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buddypress-media 4.6.19 Subscriber+.SQL.Injection HIGH" "buddypress-media 4.6.19 Authenticated.(Contributor+).SQL.Injection.via.rtmedia_gallery.Shortcode HIGH" "buddypress-media 4.6.16 Admin+.RCE MEDIUM" "buddypress-media 4.6.16 Subscriber+.RCE CRITICAL" "buddypress-media 4.6.15 Missing.Authorization.via.export_settings MEDIUM" "buddypress-media 4.6.15 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "buddypress-media 4.6.15 Missing.Authorization.to.Settings.Update MEDIUM" "bp-job-manager 2.6.1 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "breakdance 2.0.0 Missing.Authorization MEDIUM" "breakdance 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "breakdance 1.7.2 Authenticated.(Contributor+).Remote.Code.Execution HIGH" "breakdance 1.7.1 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.custom.postmeta MEDIUM" "cp-easy-form-builder 1.2.32 Admin+.Stored.Cross-Site.Scripting LOW" "cmyee-momentopress 1.0.2 Contributor+.Stored.XSS MEDIUM" "cforms No.known.fix Unauthenticated.HTML.Injection.&.CSRF HIGH" "cforms No.known.fix Multiple.XSS MEDIUM" "cforms No.known.fix SQL.Injection CRITICAL" "cforms No.known.fix SQL.Injection CRITICAL" "cforms No.known.fix Remote.Code.Execution.via.Unauthorised.File.Upload MEDIUM" "cforms 13.2 XSS MEDIUM" "cforms 10.5 XSS MEDIUM" "conveythis-translate 235 Missing.Authorization.to.Limited.Option.Update MEDIUM" "conveythis-translate 224 Unauthenticated.Stored.Cross-Site.Scripting.via.api_key HIGH" "cf7-invisible-recaptcha 1.3.4 CSRF MEDIUM" "cf7-invisible-recaptcha 1.3.2 XSS MEDIUM" "community-events 1.5.1 Admin+.Stored.XSS LOW" "community-events 1.5 Event.Deletion.via.CSRF MEDIUM" "community-events 1.4.9 Admin+.Stored.XSS LOW" "community-events 1.4.8 Reflected.Cross-Site.Scripting.(XSS) HIGH" "community-events 1.4 SQL.Injection CRITICAL" "current-menu-item-for-custom-post-types 1.6 Cross-Site.Request.Forgery MEDIUM" "custom-post-type-cpt-cusom-taxonomy-ct-manager No.known.fix Stored.XSS.via.CSRF HIGH" "chameleon-css No.known.fix Subscriber+.SQL.Injection CRITICAL" "cpt-shortcode No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "cpt-shortcode No.known.fix Admin+.Stored.XSS LOW" "campation-postoffice No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "campation-postoffice 1.1.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "custom-page-templates-by-vegacorp 1.1.14 Reflected.Cross-Site.Scripting MEDIUM" "custom-page-templates-by-vegacorp 1.1.13 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "content-repeater No.known.fix Admin+.Stored.XSS LOW" "content-restrictor-for-divi 1.4.3 Reflected.Cross-Site.Scripting MEDIUM" "content-restrictor-for-divi 1.4.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cryptocurrency-prices No.known.fix Contributor+.Stored.XSS MEDIUM" "coming-soon-by-supsystic 1.7.11 Cross-Site.Request.Forgery MEDIUM" "coming-soon-by-supsystic 1.7.6 Reflected.Cross-Site.Scripting MEDIUM" "css-javascript-toolbox 11.9 Contributor+.Stored.XSS MEDIUM" "clio-grow-form 1.0.1 Admin+.Stored.XSS LOW" "coming-soon-maintenance-mode 1.0.6 Information.Exposure MEDIUM" "custom-post-type-relations No.known.fix Reflected.Cross-Site.Scripting HIGH" "comment-guestbook No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "classified-listing-store 1.4.20 Reflected.Cross-Site.Scripting MEDIUM" "cryptocurrency-widgets-pack 2.0 Unauthenticated.SQLi HIGH" "cartflows-pro 1.11.13 CSRF MEDIUM" "cartflows-pro 1.11.12 Reflected.Cross-Site.Scripting HIGH" "corona-virus-covid-19-banner No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "corona-virus-covid-19-banner 1.8.0 CSRF MEDIUM" "conversion-de-moneda No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "countdown-wpdevart-extended No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.plugin.settings MEDIUM" "countdown-wpdevart-extended 1.5.8 CSRF.to.Stored.Cross-Site.Scripting HIGH" "complianz-gdpr 7.0.0 Cross-Site.Request.Forgery.to.Data.Request.Deletion MEDIUM" "complianz-gdpr 6.5.6 Admin+.Stored.XSS LOW" "complianz-gdpr 6.4.2 GDPR/CCPA.Cookie.Consent.<.6.4.2.-.Contributor+.Stored.XSS MEDIUM" "complianz-gdpr 6.3.4 Translator.SQLi MEDIUM" "complianz-gdpr 6.0.0 GDPR/CCPA.Cookie.Consent.<.6.0.0.-.Reflected.Cross-Site.Scripting MEDIUM" "column-matic No.known.fix Contributor+.Stored.XSS MEDIUM" "codeflavors-vimeo-video-post-lite 2.2.2 Reflected.XSS HIGH" "caret-country-access-limit 1.0.3 Arbitrary.Settings.Update.via.CSRF MEDIUM" "code-snippets 3.6.0 Arbitrary.settings.change.via.CSRF MEDIUM" "code-snippets 2.14.4 Reflected.Cross-Site.Scripting MEDIUM" "code-snippets 2.14.3 Reflected.Cross-Site.Scripting HIGH" "code-snippets 2.14.0 CSRF.to.RCE HIGH" "content-aware-sidebars 3.19.1 Reflected.Cross-Site.Scripting MEDIUM" "content-aware-sidebars 3.17.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "content-aware-sidebars 3.8.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "comments-not-replied-to 1.5.8 Reflected.Cross-Site.Scripting MEDIUM" "comments-not-replied-to 1.5.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cm-video-lesson-manager-pro 3.5.9 Admin+.Stored.Cross-Site.Scripting LOW" "custom-order-statuses-woocommerce 2.4.0 Cross-Site.Request.Forgery MEDIUM" "change-default-login-logo-url-and-title No.known.fix Cross-Site.Request.Forgery MEDIUM" "captcha-them-all 1.4 Admin+.Stored.XSS LOW" "cf7-zendesk 1.0.8 Reflected.Cross-Site.Scripting HIGH" "cmb2 2.11.0 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "click-to-chat-for-whatsapp 4.0 Contributor+.LFI HIGH" "click-to-chat-for-whatsapp 3.18.1 Contributor+.Stored.XSS MEDIUM" "contact-form-7-designer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cf7-google-sheets-connector-pro 2.3.7 Reflected.XSS HIGH" "contact-us-page-contact-people 3.7.1 Contact.people.LITE.<.3.7.1.-.Contact.Update/Deletion/Creation.via.CSRF MEDIUM" "complete-open-graph No.known.fix Admin+.Stored.XSS LOW" "codecolorer 0.10.1 CodeColorer.<.0,10,1.–.Admin+.Stored.Cross-Site.Scripting LOW" "contact-bank No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "calculated-fields-form 1.2.55 Reflected.Cross-Site.Scripting MEDIUM" "calculated-fields-form 5.1.57 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "calculated-fields-form 1.2.53 Contributor+.Stored.XSS MEDIUM" "calculated-fields-form 1.2.29 Contributor+.Open.Redirect MEDIUM" "calculated-fields-form 1.2.41 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "calculated-fields-form 1.1.151 Admin+.Stored.Cross-Site.Scripting.via.Dropdown.Fields LOW" "calculated-fields-form 1.0.354 Authenticated.Stored.XSS MEDIUM" "custom-global-variables 1.1.1 Stored.Cross-Site.Scripting.(XSS) HIGH" "continuous-announcement-scroller No.known.fix Admin+.Stored.XSS LOW" "chamber-dashboard-business-directory 3.3.2 Reflected.Cross-Site.Scripting MEDIUM" "chamber-dashboard-business-directory 3.3.1 Authenticated.Stored.Cross-Site.Scripting HIGH" "crm-customer-relationship-management-by-vcita 2.7.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "crm-customer-relationship-management-by-vcita No.known.fix Settings.Update.Via.CSRF MEDIUM" "captainform No.known.fix Reflected.Cross-Site.Scripting.via.REQUEST_URI MEDIUM" "captainform No.known.fix CSRF MEDIUM" "contact-form-7-dynamic-text-extension 4.2.0 Insecure.Direct.Object.Reference MEDIUM" "cf7-infusionsoft 1.1.4 Reflected.Cross-Site.Scripting HIGH" "christmas-greetings No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "convertful 2.6 Missing.Authorization.via.add_woo_coupon MEDIUM" "cool-facebook-page-feed-timeline No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "custom-user-css No.known.fix Settings.Update.via.CSRF MEDIUM" "click-to-top 1.2.8 Authenticated.Stored.Cross-Site.Scripting LOW" "cp-blocks 1.0.21 CSRF MEDIUM" "cp-blocks 1.0.15 Admin+.Stored.Cross-Site.Scripting LOW" "cssable-countdown No.known.fix Admin+.Stored.XSS LOW" "chameleon 1.4.4 Admin+.Stored.XSS LOW" "companion-auto-update 3.3.6 Authenticated.SQL.Injection CRITICAL" "catch-scroll-progress-bar 1.6 Unauthorised.Plugin's.Setting.Change MEDIUM" "cpo-content-types No.known.fix Admin+.Stored.XSS LOW" "category-page-icons No.known.fix Arbitrary.File.Upload/Deletion.via.Path.Traversal CRITICAL" "currency-switcher 1.2.0.4 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "currency-switcher 1.2.0.2 Cross-Site.Request.Forgery MEDIUM" "currency-switcher 1.2.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "currency-switcher 1.2.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "currency-switcher 1.2.0 Subscriber+.Missing.Authorization.Checks MEDIUM" "currency-switcher 1.1.7 Arbitrary.Plugin's.Settings.Change.via.CSRF MEDIUM" "captain-slider No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "coru-lfmember No.known.fix Arbitrary.Game.Deletion/Activation.via.CSRF MEDIUM" "coru-lfmember No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "cyklodev-wp-notify 1.3.0 Admin+.Stored.XSS LOW" "copy-the-code 2.6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "copy-the-code 2.6.4 Reflected.Cross-Site.Scripting MEDIUM" "cookiemonster No.known.fix Admin+.Stored.XSS LOW" "commenttweets No.known.fix Settings.Update.via.CSRF MEDIUM" "counter-yandex-metrica No.known.fix Admin+.Stored.XSS LOW" "cross-linker No.known.fix Arbitrary.Cross-Link.Creation.via.CSRF MEDIUM" "chatpressai 1.0.1 Reflected.Cross-Site.Scripting MEDIUM" "callbook-mobile-bar No.known.fix Admin+.Stored.Cross.Site.Scripting LOW" "cpo-companion No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cpo-companion 1.1.0 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "cpo-companion 1.1.0 Admin+.Stored.XSS LOW" "checklist 1.1.9 Unauthenticated.Reflected.XSS MEDIUM" "copy-or-move-comments No.known.fix Reflected.XSS HIGH" "copy-or-move-comments No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "change-uploaded-file-permissions No.known.fix File.Permission.Update.via.CSRF MEDIUM" "contact-form-7-style No.known.fix Cross-Site.Request.Forgery MEDIUM" "contact-form-7-style No.known.fix CSRF.Bypass.in.Multiple.Plugins MEDIUM" "contact-form-7-style No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting HIGH" "custom-product-list-table No.known.fix Cross-Site.Request.Forgery MEDIUM" "catchers-helpdesk No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "comment-link-remove 2.1.6 Arbitrary.Comment.Deletion.via.CSRF MEDIUM" "crafthemes-demo-import No.known.fix Missing.Authorization.to.Arbitrary.Plugin.Installation HIGH" "convertplug 3.5.26.1 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "convertplug 3.5.26 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Arbitrary.Options.Update MEDIUM" "convertplug 3.5.26 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "convertplug 3.4.5 Multiple.Issues HIGH" "contest-gallery 23.1.3 Unauthenticated.Information.Exposure MEDIUM" "contest-gallery 23.1.3 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "contest-gallery 21.3.5 Authenticated.(Author+).Arbitrary.File.Deletion MEDIUM" "contest-gallery 21.3.6 Reflected.Cross-Site.Scripting MEDIUM" "contest-gallery 21.3.2.1 Authenticated.(Contributor+).SQL.Injection CRITICAL" "contest-gallery 21.3.5 Authenticated.(Contributor+).SQL.Injection CRITICAL" "contest-gallery 21.3.1 Author+.Stored.Cross.Site.Scripting MEDIUM" "contest-gallery 21.2.9 Cross-Site.Request.Forgery MEDIUM" "contest-gallery 21.2.8.1 Unauthenticated.Stored.XSS.via.HTTP.Headers HIGH" "contest-gallery 21.1.2.1 Reflected.XSS HIGH" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5.1 Unauthenticated.SQL.Injection HIGH" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5.1 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Admin+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Admin+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5.1 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Unauthenticated.SQL.Injection HIGH" "contest-gallery 19.1.5 Admin+.SQL.Injection MEDIUM" "contest-gallery 14.0.0 Unauthenticated.Stored.XSS MEDIUM" "contest-gallery 17.0.5 Author+.SQLi HIGH" "contest-gallery 14.0.0 Author+.Stored.Cross-Site.Scripting MEDIUM" "contest-gallery 13.1.0.6 Missing.Access.Controls.to.Unauthenticated.SQL.injection./.Email.Address.Disclosure HIGH" "contest-gallery 13.1.0.7 Subscriber+.Email.Address.Disclosure MEDIUM" "contest-gallery 10.4.5 Cross-Site.Request.Forgery.(CSRF) HIGH" "cleanup-action-scheduler 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "callrail-phone-call-tracking 0.5.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "callrail-phone-call-tracking 0.4.10 Stored.XSS.via.CSRF MEDIUM" "circles-gallery No.known.fix Admin+.Stored.XSS LOW" "cm-download-manager 2.9.0 Download.Deletion.via.CSRF MEDIUM" "cm-download-manager 2.9.1 Download.Edit.via.CSRF MEDIUM" "cm-download-manager 2.9.0 Download.Unpublish.via.CSRF MEDIUM" "cm-download-manager 2.8.6 Admin+.Arbitrary.File.Upload MEDIUM" "cm-download-manager 2.8.0 Authenticated.Arbitrary.File.Deletion MEDIUM" "cm-download-manager 2.8.0 Unauthenticated.Reflected.Cross.Site.Scripting.(XSS) MEDIUM" "cm-download-manager 2.8.0 Authenticated.Cross-Site.Scripting MEDIUM" "cm-download-manager 2.0.7 CSRF.to.Cross-Site.Scripting HIGH" "cm-download-manager 2.0.4 Unauthenticated.Code.Injection CRITICAL" "custom-tabs-for-products-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "convertbox-auto-embed 1.0.20 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "content-staging No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "code-snippets-extended No.known.fix Arbitrary.Snippet.Deletion/Disabling.via.CSRF MEDIUM" "code-snippets-extended No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "code-snippets-extended No.known.fix RCE.via.CSRF HIGH" "clever-fox 25.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "clever-fox 25.2.1 Missing.Authorization.to.arbitrary.theme.activation.via.clever-fox-activate-theme MEDIUM" "categories-gallery No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "country-state-city-auto-dropdown 2.7.3 Unauthenticated.SQL.Injection CRITICAL" "country-state-city-auto-dropdown 2.7.2 Missing.Authorization MEDIUM" "college-publisher-import No.known.fix Arbitrary.File.Upload.to.RCE CRITICAL" "commentluv No.known.fix Unauthenticated.SSRF MEDIUM" "current-book No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "cashtomer No.known.fix Authenticated.SQL.Injection MEDIUM" "convertkit 2.4.9.1 Missing.Authorization MEDIUM" "convertkit 2.4.6 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "convertkit 2.2.1 Reflected.XSS HIGH" "convertkit 2.0.5 Contributor+.Stored.XSS MEDIUM" "comments-like-dislike 1.2.0 Subscriber+.Settings.Reset MEDIUM" "comments-like-dislike 1.1.4 Add.Like/Dislike.Bypass MEDIUM" "custom-share-buttons-with-floating-sidebar 4.2 Admin+.Stored.XSS LOW" "contact-form-7-simple-recaptcha 0.1.2 Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7-simple-recaptcha 0.0.9 CSRF.to.Stored.XSS HIGH" "cf7-file-download No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "codestyling-localization No.known.fix Multiple.CSRF HIGH" "cc-coming-soon No.known.fix Reflected.XSS HIGH" "cms-tree-page-view 1.6.8 Reflected.XSS HIGH" "contact-form-x 2.4.1 Reflected.Cross-Site.Scripting MEDIUM" "custom-dashboard-widgets No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting.via.cdw_DashboardWidgets HIGH" "coneblog-widgets 1.4.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "coneblog-widgets 1.4.8 Reflected.Cross-Site.Scripting MEDIUM" "coneblog-widgets 1.4.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "custom-css-js-php No.known.fix CSRF.Bypass.in.Multiple.Plugins MEDIUM" "custom-css-js-php No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "calculatorpro-calculators No.known.fix Reflected.Cross-Site.Scripting.via.CP_preview_calc MEDIUM" "cwicly 1.4.0.3 Authenticated.(Contributor+).Remote.Code.Execution HIGH" "code-manager 1.0.26 Reflected.Cross-Site.Scripting MEDIUM" "code-manager 1.0.14 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "content-blocks-builder 2.3.17 Reflected.Cross-Site.Scripting MEDIUM" "conditional-logic-for-woo-product-add-ons 1.2.1 Reflected.Cross-Site.Scripting MEDIUM" "cf7-hubspot 1.3.2 Cross-Site.Request.Forgery MEDIUM" "cf7-hubspot 1.2.0 Reflected.Cross-Site.Scripting HIGH" "change-wc-price-title 2.4 Reflected.Cross-Site.Scripting MEDIUM" "change-wc-price-title 2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "chat-bubble No.known.fix Admin+.Stored.XSS LOW" "chat-bubble No.known.fix Settings.Update.via.CSRF MEDIUM" "chat-bubble 2.3 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "client-dash No.known.fix Missing.Authorization MEDIUM" "client-dash No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "cc-custom-taxonmy No.known.fix Admin+.Stored.XSS LOW" "correosoficial No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "cf7-widget-elementor 2.4.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "cf7-widget-elementor 2.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.cf7_redirect_page.Attribute MEDIUM" "cf7-widget-elementor 2.4 Missing.Authorization MEDIUM" "contact-form-7-datepicker No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "custom-css-pro 1.0.4 CSRF.&.XSS HIGH" "colibri-page-builder 1.0.277 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.colibri_video_player.Shortcode MEDIUM" "colibri-page-builder 1.0.277 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "colibri-page-builder 1.0.274 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "colibri-page-builder 1.0.274 Contributor+.Stored.Cross-Site.Scripting.via.the.plugin's.'colibri_breadcrumb_element'.shortcode MEDIUM" "colibri-page-builder 1.0.264 Author+.Stored.Cross-Site.Scripting MEDIUM" "colibri-page-builder 1.0.270 Contributor+.Stored.XSS MEDIUM" "colibri-page-builder 1.0.249 Missing.Authorization MEDIUM" "colibri-page-builder 1.0.260 Arbitrary.Shortcode.Call.via.CSRF MEDIUM" "colibri-page-builder 1.0.260 Import.Images,.Delete.Post,.Save.Theme.Data.via.CSRF MEDIUM" "colibri-page-builder 1.0.240 Contributor+.Stored.XSS MEDIUM" "colibri-page-builder 1.0.248 Contributor+.Stored.XSS MEDIUM" "colibri-page-builder 1.0.229 Admin+.SQL.Injection MEDIUM" "change-prices-with-time-for-woocommerce 1.9.2 Reflected.Cross-Site.Scripting MEDIUM" "change-prices-with-time-for-woocommerce 1.8.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cc-child-pages 1.43 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "convoworks-wp 0.22.15 Reflected.Cross-Site.Scripting MEDIUM" "convoworks-wp 0.22.14 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "content-sidebars No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "content-sidebars 1.6.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "consensu-io No.known.fix Missing.Authorization.via.update_config_db() MEDIUM" "checkout-files-upload-woocommerce 2.1.3 Reflected.Cross-Site.Scripting MEDIUM" "classified-listing 3.1.8 Missing.Authorization MEDIUM" "classified-listing 3.0.11 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Attachment.Deletion MEDIUM" "classified-listing 3.0.5 Cross-Site.Request.Forgery.to.Account.Takeover.via.rtcl_update_user_account HIGH" "classified-listing 3.0.5 Missing.Authorization MEDIUM" "classified-listing 2.4.6 Cross-Site.Request.Forgery MEDIUM" "classified-listing 2.2.14 Reflected.Cross-Site.Scripting MEDIUM" "content-control 2.2.0 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "content-control 1.1.10 Contributor+.Stored.XSS MEDIUM" "continuous-image-carousel-with-lightbox 1.0.16 Reflected.XSS HIGH" "collapsing-archives 3.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-order-statuses-for-woocommerce No.known.fix Missing.Authorization MEDIUM" "custom-order-statuses-for-woocommerce No.known.fix Cross-Site.Request.Forgery MEDIUM" "checkbox 0.8.4 Reflected.Cross-Site.Scripting MEDIUM" "checkbox 0.8.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "contact-forms-anti-spam 0.10.7 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "contact-forms-anti-spam 0.9.3 Unauthenticated.Stored.Cross-Site.Scripting.via.efas_add_to_log MEDIUM" "contact-forms-anti-spam 0.10.4 IP.Validation.Bypass MEDIUM" "contact-forms-anti-spam 0.7.9 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "copyrightpro No.known.fix Settings.Update.via.CSRF MEDIUM" "ctt-expresso-para-woocommerce 3.2.13 Information.Exposure.via.Unprotected.Directory MEDIUM" "ctt-expresso-para-woocommerce 3.2.13 Admin+.Stored.XSS LOW" "ctt-expresso-para-woocommerce 3.2.12 Admin+.Stored.XSS LOW" "cm-pop-up-banners 1.7.3 Contributor+.Stored.XSS MEDIUM" "cm-pop-up-banners 1.6.6 Contributor+.Stored.XSS MEDIUM" "customer-chat-facebook No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "customer-chat-facebook No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "customer-chat-facebook No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "conditional-shipping-for-woocommerce 2.3.2 Ruleset.Toggle.via.CSRF MEDIUM" "cp-simple-newsletter No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cp-simple-newsletter No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "checkfront-wp-booking 3.7 Settings.Update.via.CSRF MEDIUM" "carrrot No.known.fix Admin+.Stored.XSS LOW" "coditor No.known.fix Arbitrary.File.Edition,.Deletion.and.Internal.Directory.Listing.in.wp-content CRITICAL" "countdown-builder 2.7.8.1 Missing.Authorization.to.Authenticated.(Subscriber+).PHP.Object.Injection MEDIUM" "countdown-builder 2.3.3 Reflected.Cross-Site.Scripting MEDIUM" "countdown-builder No.known.fix Pro.Features.Lock.Bypass LOW" "countdown-builder No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "countdown-builder 2.2.9 Reflected.Cross-Site.Scripting MEDIUM" "cab-fare-calculator No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "cab-fare-calculator 1.0.4 Unauthenticated.LFI MEDIUM" "custom-map No.known.fix Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "controlled-admin-access 1.5.6 Improper.Access.Control.to.Privilege.Escalation HIGH" "controlled-admin-access 1.5.2 Improper.Access.Control.&.Privilege.Escalation HIGH" "clerkio 4.0.0 Authentication.Bypass.and.API.Keys.Disclosure LOW" "category-post-list-widget No.known.fix Settings.Update.to.Stored.XSS.via.CSRF HIGH" "custom-layouts 1.4.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-field-for-wp-job-manager 1.3 .Insecure.Direct.Object.Reference.to.Sensitive.Information.Exposure.via.Shortcode MEDIUM" "custom-field-for-wp-job-manager 1.2 Admin+.Stored.XSS LOW" "custom-field-for-wp-job-manager 1.2 Admin+.Stored.XSS LOW" "calendarista 15.5.9 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "custom-field-template 2.6.2 Authenticated.(Admin+).Stored.Cross-Site.Scritping MEDIUM" "custom-field-template 2.6.2 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "custom-field-template 2.6.2 Authenticated(Contributor+).Information.Exposure MEDIUM" "custom-field-template 2.6.2 Authenticated(Constibutor+).Stored.Cross-Site.Scripting.via.Custom.Field.Name MEDIUM" "custom-field-template 2.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.$search_label MEDIUM" "custom-field-template 2.6 Reflected.Cross-Site.Scripting HIGH" "custom-field-template 2.5.9 Cross-Site.Request.Forgery MEDIUM" "custom-field-template 2.5.8 Admin+.PHP.Object.Injection LOW" "custom-field-template 2.5.2 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "custom-field-template 2.5.2 Cross-Site.Request.Forgery MEDIUM" "cpt-bootstrap-carousel No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cpt-bootstrap-carousel No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "calendar-booking No.known.fix Missing.Authorization.to.Unauthenticated.Service.Disconnection MEDIUM" "calendar-booking No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-welcome-guide 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "custom-welcome-guide 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "contact-form-7 5.9.5 Unauthenticated.Open.Redirect MEDIUM" "contact-form-7 5.9.2 Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7 5.8.4 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "contact-form-7 5.3.2 Unrestricted.File.Upload HIGH" "contact-form-7 5.0.4 register_post_type().Privilege.Escalation CRITICAL" "countdown-block 1.1.2 Missing.Authorisation.in.AJAX.action MEDIUM" "capa No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "card-games No.known.fix CSRF.Bypass NONE" "content-hubs No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "content-hubs 1.0.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "clock-in-portal No.known.fix Designation.Deletion.via.CSRF MEDIUM" "clock-in-portal No.known.fix Holidays.Deletion.via.CSRF MEDIUM" "clock-in-portal No.known.fix Staff.Deletion.via.CSRF MEDIUM" "collage-for-divi No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "collage-for-divi 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cardgate 3.1.16 Unauthorised.Payments.Hijacking.and.Order.Status.Spoofing HIGH" "catablog No.known.fix Authenticated.(Editor+).Arbitrary.File.Deletion MEDIUM" "catablog No.known.fix Authenticated.(Editor+).Arbitrary.File.Upload HIGH" "contact-form-maker No.known.fix Admin+.SQLi MEDIUM" "contact-form-maker 1.13.5 Cross-Site.Request.Forgery.to.LFI HIGH" "chilexpress-oficial No.known.fix Reflected.XSS HIGH" "conditional-extra-fees-for-woocommerce 1.0.97 Admin+.Stored.XSS MEDIUM" "catch-ids 2.4 Unauthorised.Plugin's.Setting.Change MEDIUM" "cache-images 3.2.1 Image.Upload./.Import.via.CSRF MEDIUM" "catch-duplicate-switcher 1.6 Unauthorised.Plugin's.Setting.Change MEDIUM" "clinicalwp-core No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "clinicalwp-core No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "clinicalwp-core No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "coming-soon-page 3.7.4 IP.Address.Spoofing.via.get_real_ip MEDIUM" "coming-soon-page 3.6.7 Subscriber+.Arbitrary.Email.Sending.to.Subscribed.Users MEDIUM" "coming-soon-page 3.6.8 Arbitrary.Email.Sending.to.Subscribed.Users.via.CSRF LOW" "coming-soon-page 3.5.3 Authenticated.Stored.XSS LOW" "custom-twitter-feeds 2.2.2 Cross-Site.Request.Forgery.to.Plugin.Options.Update MEDIUM" "custom-twitter-feeds 2.2 Cross-Site.Request.Forgery MEDIUM" "custom-twitter-feeds 2.0 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "custom-twitter-feeds 1.8.2 Reflected.Cross-Site.Scripting MEDIUM" "cyr3lat 3.7 Editor+.SQL.Injection MEDIUM" "contextual-related-posts 3.3.1 Contributor+.Stored.XSS MEDIUM" "contextual-related-posts 2.9.4 CSRF.Nonce.Validation.Bypass MEDIUM" "contextual-related-posts 1.8.7 Cross-Site.Request.Forgery MEDIUM" "contextual-related-posts 1.8.10.2 Multiple.Parameter.SQL.Injection HIGH" "cysteme-finder 1.4 Unauthenticated.LFI.and.Unauthenticated.File.Upload CRITICAL" "catch-breadcrumb 1.7 Unauthorised.Plugin's.Setting.Change MEDIUM" "catch-breadcrumb 1.5.7 Unauthenticated.Reflected.XSS MEDIUM" "customize-login-image 3.5.3 Admin+.Stored.Cross-Site.Scripting LOW" "comicbookmanagementsystemweeklypicks 2.2.0 Admin+.SQLi MEDIUM" "chaty-pro 2.8.2 Reflected.Cross-Site.Scripting HIGH" "checkout-freemius-rewamped 2.0.1 Reflected.Cross-Site.Scripting MEDIUM" "custom-post-type-page-template No.known.fix Cross-Site.Request.Forgery MEDIUM" "comments-import-export-woocommerce 2.3.6 Cross-Site.Request.Forgery MEDIUM" "comments-import-export-woocommerce 2.1.11 Cross-Site.Request.Forgery.(CSRF).Issue HIGH" "catch-instagram-feed-gallery-widget 2.3 Unauthorised.Plugin's.Setting.Change MEDIUM" "coupon-reveal-button 1.2.6 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "coolclock 4.3.5 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "car No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "cardinity-free-payment-gateway-for-woocommerce 3.0.7 Reflected.Cross-Site.Scripting HIGH" "custom-font-uploader 2.4.0 Custom.Font.Uploader.<.2.4.0.-.Missing.Authorization.to.Font.Deletion MEDIUM" "custom-font-uploader 2.2.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "custom-sidebars 3.1.0 CSRF HIGH" "custom-sidebars 3.0.8.1 CSRF HIGH" "collect-and-deliver-interface-for-woocommerce 5.1.9 Reflected.Cross-Site-Scripting MEDIUM" "cryptocurrency No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cryptocurrency No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cryptocurrency No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "contact-form-with-a-meeting-scheduler-by-vcita 4.10.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "contact-form-with-a-meeting-scheduler-by-vcita No.known.fix Settings.Update.Via.CSRF MEDIUM" "contact-form-cfdb7 1.2.7 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "contact-form-cfdb7 1.2.6.5 CSV.Injection LOW" "contact-form-cfdb7 1.2.6.1 Arbitrary.Form.Deletion..via.CSRF MEDIUM" "contact-form-cfdb7 1.2.6.2 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "contact-form-cfdb7 1.2.5.6 CSV.Injection MEDIUM" "contact-form-cfdb7 1.2.5.4 Authenticated.SQL.Injections CRITICAL" "custom-admin-page 0.1.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "campaign-monitor-wp 2.5.6 Subscriber+.Arbitrary.Options.Update MEDIUM" "category-specific-rss-feed-menu 2.3 Admin+.Stored.XSS LOW" "category-specific-rss-feed-menu 2.2 Settings.Update.via.CSRF MEDIUM" "crm-memberships No.known.fix Admin+.Stored.XSS LOW" "codoc 0.9.52 Reflected.Cross-Site.Scripting MEDIUM" "carousel-anything No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "chat-bee No.known.fix Admin+.Stored.XSS LOW" "contact-list 2.9.88 Missing.Authorization.to.Notice.Dismissal MEDIUM" "contact-list 2.9.72 Reflected.Cross-Site.Scripting MEDIUM" "contact-list 2.9.50 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "contact-list 2.9.42 Reflected.Cross-Site.Scripting HIGH" "clover-online-orders 1.5.7 Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Data.Update MEDIUM" "clover-online-orders 1.5.7 Missing.Authorization.to.Plugin.Deactivation.and.Data.Deletion MEDIUM" "clover-online-orders 1.5.7 Missing.Authorization MEDIUM" "clover-online-orders 1.5.7 Missing.Authorization MEDIUM" "clover-online-orders 1.5.5 Cross-Site.Request.Forgery MEDIUM" "clover-online-orders 1.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "clover-online-orders 1.5.5 Reflected.XSS HIGH" "checkout-fees-for-woocommerce 2.12.2 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "contact-forms-builder No.known.fix Authentication.Request.Bypass MEDIUM" "contact-forms-builder No.known.fix Reflected.XSS HIGH" "currency-converter-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "co-authors-plus 3.5.2 Guest.Authors.Email.Address.Disclosure MEDIUM" "cm-email-blacklist 1.4.9 Add/Delete.Emails.via.CSRF.Add.and.delete.any.item.from.blacklist/whitelist MEDIUM" "child-theme-generator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "comments-ratings No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "comments-ratings No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "comments-ratings 1.1.7 Cross-Site.Request.Forgery MEDIUM" "culture-object 4.1.1 Admin+.Stored.Cross-Site.Scripting LOW" "customer-area 8.2.3 .Reflected.Cross-Site.Scripting MEDIUM" "customer-area 8.2.1 Subscriber+.Account.Address.Update MEDIUM" "customer-area 8.2.1 Subscriber+.Account.Address.Leak MEDIUM" "customer-area 8.1.4 Unauthorised.Actions.via.CSRF MEDIUM" "customer-area 7.4.3 XSS MEDIUM" "csv-importer 0.3.9 Cross-Site.Request.Forgery MEDIUM" "css3-rotating-words 5.7 Cross-Site.Request.Forgery MEDIUM" "css3-rotating-words 5.5 Cross-Site.Request.Forgery.via.save_admin_options MEDIUM" "catch-web-tools 2.7.1 Subscriber+.Arbitrary.Catch.IDs.Activation/Deactivation MEDIUM" "catch-web-tools 2.7 Unauthorised.Plugin's.Setting.Change MEDIUM" "crazy-bone No.known.fix Unauthenticated.Stored.XSS HIGH" "crazy-bone 0.6.0 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "classic-addons-wpbakery-page-builder-addons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "campaign-url-builder 1.8.2 Contributor+.Stored.XSS MEDIUM" "custom-registration-form-builder-with-submission-manager 6.0.1.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "custom-registration-form-builder-with-submission-manager 6.0.0.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "custom-registration-form-builder-with-submission-manager 5.3.2.1 Reflected.Cross-Site.Scripting MEDIUM" "custom-registration-form-builder-with-submission-manager 5.3.1.0 Cross-Site.Request.Forgery MEDIUM" "custom-registration-form-builder-with-submission-manager 5.3.2.0 Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "custom-registration-form-builder-with-submission-manager 5.2.6.0 Reflected.Cross-Site.Scripting MEDIUM" "custom-registration-form-builder-with-submission-manager 5.3.1.0 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "custom-registration-form-builder-with-submission-manager 5.2.6.0 Cross-Site.Request.Forgery MEDIUM" "custom-registration-form-builder-with-submission-manager 5.2.5.1 Form.Submission.Limit.Bypass MEDIUM" "custom-registration-form-builder-with-submission-manager 5.2.5.1 IP.Spoofing MEDIUM" "custom-registration-form-builder-with-submission-manager 5.2.4.6 Authenticated(Administrator+).SQL.Injection MEDIUM" "custom-registration-form-builder-with-submission-manager 5.2.3.1 Missing.Authorization MEDIUM" "custom-registration-form-builder-with-submission-manager 5.2.3.0 Cross-Site.Request.Forgery MEDIUM" "custom-registration-form-builder-with-submission-manager 5.2.4.2 Reflected.Cross-Site.Scripting.via.section_id MEDIUM" "custom-registration-form-builder-with-submission-manager 5.2.1.1 Unauthenticated.Authentication.Bypass CRITICAL" "custom-registration-form-builder-with-submission-manager 5.2.1.0 Admin+.Arbitrary.Password.Update.via.IDOR MEDIUM" "custom-registration-form-builder-with-submission-manager 5.1.9.3 Form.Deletion.via.CSRF MEDIUM" "custom-registration-form-builder-with-submission-manager 5.0.2.2 Admin+.SQL.Injection MEDIUM" "custom-registration-form-builder-with-submission-manager 5.0.1.9 Reflected.Cross-Site.Scripting HIGH" "custom-registration-form-builder-with-submission-manager 5.0.1.9 Reflected.Cross-Site.Scripting HIGH" "custom-registration-form-builder-with-submission-manager 5.0.1.8 Authentication.Bypass CRITICAL" "custom-registration-form-builder-with-submission-manager 5.0.1.6 Admin+.SQL.Injection MEDIUM" "custom-registration-form-builder-with-submission-manager 4.6.0.4 Multiple.Critical.Issues HIGH" "custom-registration-form-builder-with-submission-manager 4.6.0.3 Multiple.Cross-Site.Scripting.(XSS) HIGH" "custom-registration-form-builder-with-submission-manager 4.6.0.3 Authenticated.SQL.Injection.via.Form_id MEDIUM" "cart-tracking-for-woocommerce 1.0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cits-support-svg-webp-media-upload 3.0 Author+.Stored.XSS.via.SVG MEDIUM" "contact-form-builder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "contact-form-builder 1.0.69 CSRF.to.LFI HIGH" "custom-order-numbers-for-woocommerce 1.4.1 CSRF MEDIUM" "coupon-zen 1.0.6 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "contentlock No.known.fix Settings.Update.via.CSRF MEDIUM" "contentlock No.known.fix Email.Adding.via.CSRF MEDIUM" "contentlock No.known.fix Groups/Emails.Deletion.via.CSRF MEDIUM" "commenting-feature 3.2 Reflected.Cross-Site.Scripting MEDIUM" "commenting-feature 2.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cf7-easy-math-captcha No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "core-control No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "contentstudio 1.2.6 Nonce.Disclosure HIGH" "contentstudio 1.2.6 Authorisation.Bypass HIGH" "contentstudio 1.2.6 Unauthorised.Function.Calls HIGH" "cart-weight-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cart-weight-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cf7-constant-contact-fields-mapping No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cf7-constant-contact-fields-mapping No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cf7-insightly 1.0.9 Reflected.Cross-Site.Scripting HIGH" "customer-reviews-collector-for-woocommerce 4.0 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "chp-ads-block-detector 3.9.8 Plugin.Settings.Update.via.CSRF MEDIUM" "chp-ads-block-detector 3.9.8 Subscriber+.Stored.Cross-Site.Scripting HIGH" "chp-ads-block-detector 3.9.8 Subscriber+.Plugin.Settings.Update MEDIUM" "correos-express No.known.fix Sensitive.Information.Disclosure HIGH" "classified-listing-pro 2.0.20 Reflected.Cross-Site.Scripting MEDIUM" "classified-listing-pro 2.0.20 Reflected.Cross-Site.Scripting MEDIUM" "custom-fields-shortcode No.known.fix Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "contact-form-7-paypal-add-on 2.1 Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7-paypal-add-on 2.2 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "contact-form-7-paypal-add-on 1.9.4 Cross-Site.Request.Forgery MEDIUM" "control-block-patterns No.known.fix Missing.Authorization MEDIUM" "cbxpetition No.known.fix Unauthenticated.SQLi HIGH" "cmp-coming-soon-maintenance 4.1.11 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "cmp-coming-soon-maintenance 4.1.8 Maintenance.Mode.Bypass MEDIUM" "cmp-coming-soon-maintenance 4.1.7 Unauthenticated.Post/Page.Access.in.Maintenance.Mode MEDIUM" "cmp-coming-soon-maintenance 4.0.19 Unauthenticated.Arbitrary.CSS.Update HIGH" "cmp-coming-soon-maintenance 3.8.2 Coming.Soon.&.Maintenance.<.3.8.2.-.Improper.Access.Controls.on.AJAX.Calls HIGH" "capability-manager-enhanced 2.5.2 Admin+.PHP.Objection.Injection MEDIUM" "capability-manager-enhanced 2.3.3 Reflected.Cross-Site.Scripting MEDIUM" "capability-manager-enhanced 2.3.1 Unauthenticated.Arbitrary.Options.Update.to.Blog.Compromise CRITICAL" "content-text-slider-on-post 6.9 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "contact-form-7-mailchimp-extension No.known.fix Cross-Site.Request.Forgery MEDIUM" "contact-form-7-mailchimp-extension No.known.fix Subscriber+.Server-Side.Request.Forgery MEDIUM" "contact-form-ready 2.0.12 Form.Styling.Update.via.CSRF MEDIUM" "coupons 1.4.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "countdown-for-the-events-calendar 1.4 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "cf7-message-filter 1.6.2 Reflected.Cross-Site.Scripting MEDIUM" "cf7-message-filter 1.4.3 Reflected.Cross-Site.Scripting MEDIUM" "curtain No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "curtain 1.0.2 Unauthenticated.Maintenance.Mode.Switch HIGH" "cryout-serious-slider 1.2.5 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "cryout-serious-slider 1.2.5 Cross-Site.Request.Forgery MEDIUM" "cms-press No.known.fix Admin+.Stored.XSS LOW" "custom-fields-search 1.3.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "content-grabber No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "custom-contact-forms 5.1.0.4 Unauthenticated.Database.Import/Export CRITICAL" "custom-contact-forms 5.1.0.3 Authenticated.Cross.Site.Scripting CRITICAL" "contact-form-advanced-database No.known.fix Unauthorised.AJAX.Calls MEDIUM" "check-email 1.0.10 Unauthenticated.Hook.Injection HIGH" "check-email 1.0.6 Reflected.Cross-Site.Scripting MEDIUM" "check-email 1.0.4 Reflected.Cross-Site.Scripting HIGH" "check-email 1.0.3 Admin+.SQL.Injections MEDIUM" "check-email 0.5.2 Cross-Site.Scripting.(XSS) MEDIUM" "credova-financial 1.4.9 Sensitive.Information.Disclosure MEDIUM" "cpt-speakers No.known.fix Speakers.<=.1.1.-.Admin+.Stored.XSS LOW" "cafe-lite 2.2.1 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "cafe-lite 2.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.CAFE.Widgets MEDIUM" "cafe-lite 2.1.0 Contributor+.Stored.XSS MEDIUM" "card-oracle 1.1.6 Reflected.Cross-Site.Scripting MEDIUM" "card-oracle 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "contact-form-submissions 1.7.3 Unauthenticated.Stored.XSS HIGH" "contact-form-submissions 1.7.1 Authenticated.SQL.Injection MEDIUM" "contact-form-submissions 1.7.1 Authenticated.Double.Query.SQL.injection MEDIUM" "circle-image-slider-with-lightbox 1.0.1 Image.Data.Update.via.CSRF MEDIUM" "circle-image-slider-with-lightbox 1.0.18 Reflected.Cross-Site.Scripting MEDIUM" "circle-image-slider-with-lightbox 1.0.16 Reflected.Cross-Site.Scripting MEDIUM" "commerce-coinbase-for-woocommerce 1.5.0 Reflected.Cross-Site.Scripting MEDIUM" "commerce-coinbase-for-woocommerce 1.4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "contact-form-check-tester No.known.fix Broken.Access.Control.to.Cross-Site.Scripting.(XSS) HIGH" "checkout-plugins-stripe-woo 1.9.2 Unauthenticated.Insecure.Direct.Object.Reference MEDIUM" "checkout-plugins-stripe-woo 1.9.2 Cross-Site.Request.Forgery MEDIUM" "checkout-plugins-stripe-woo 1.4.11 Settings.Update.via.CSRF MEDIUM" "create-block-theme 1.2.2 Unauthenticated.Arbitrary.File.Upload CRITICAL" "coreactivity 2.1 Unauthenticated.IP.Spoofing MEDIUM" "coreactivity 1.8.1 Unauthenticated.Stored.XSS HIGH" "codepile No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "codepile 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cab-grid 1.6 Admin+.Stored.XSS LOW" "cm-registration-pro 3.2.1 PHP.Object.Injection MEDIUM" "cloudflare 4.12.3 Missing.Authorization.via.initProxy MEDIUM" "cloudflare 1.1.12 Unauthenticated.RCE.via.PHPUnit CRITICAL" "csv-import-export No.known.fix Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "conditional-payments 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "custom-field-finder 0.4 Authenticated.(Author+).PHP.Object.Injection HIGH" "css-js-manager 2.4.49.1 Multiple.CSRF MEDIUM" "copymatic 2.0 Missing.Authorization MEDIUM" "copymatic 1.7 Unauthenticated.Arbitrary.File.Upload CRITICAL" "cpt-onomies No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cf7-database 3.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-login-redirect No.known.fix CSRF.to.Stored.XSS HIGH" "contact-form-generator No.known.fix Contributor+.SQLi MEDIUM" "contact-form-generator 2.6.0 Reflected.XSS HIGH" "contact-form-generator 2.5.5 Multiple.Cross-Site.Request.Forgery.(CSRF) HIGH" "contact-form-7-newsletter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "complianz-gdpr-premium 6.4.2 GDPR/CCPA.Cookie.Consent.<.6.4.2.-.Contributor+.Stored.XSS MEDIUM" "complianz-gdpr-premium 6.3.6 Translator.SQLi MEDIUM" "cardoza-facebook-like-box 4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "classic-editor-addon 2.6.4 Arbitrary.Plugin.Installation.from.Dependency.via.CSRF LOW" "classic-editor-addon 2.6.4 Subscriber+.Arbitrary.Plugin.Activation MEDIUM" "chatbot-support-ai No.known.fix Admin+.Stored.XSS LOW" "comment-press 2.7.2 Unauthenticated.Cross-Frame.Scripting HIGH" "clotya-core No.known.fix Reflected.Cross-Site.Scripting HIGH" "contact-form-entries 1.3.9 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "contact-form-entries 1.3.4 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "contact-form-entries 1.3.3 Admin+.Arbitrary.File.Upload MEDIUM" "contact-form-entries 1.3.1 SQL.Injection MEDIUM" "contact-form-entries 1.3.1 Contributor+.Stored.XSS MEDIUM" "contact-form-entries 1.3.0 CSV.Injection MEDIUM" "contact-form-entries 1.2.4 Reflected.Cross-Site.Scripting HIGH" "contact-form-entries 1.2.2 Reflected.Cross-Site.Scripting HIGH" "contact-form-entries 1.2.1 Reflected.Cross-Site.Scripting HIGH" "contact-form-entries 1.1.7 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "call-now-button 1.4.7 Admin+.Stored.XSS LOW" "call-now-button 1.1.2 Reflected.Cross-Site.Scripting LOW" "click-to-tweet No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "click-to-tweet No.known.fix Reflected.XSS HIGH" "click-to-tweet No.known.fix Missing.Authorization MEDIUM" "compact-wp-audio-player 1.9.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.fileurl MEDIUM" "compact-wp-audio-player 1.9.8 Contributor+.Stored.XSS MEDIUM" "compact-wp-audio-player 1.9.7 Setting.Change.via.CSRF MEDIUM" "compact-wp-audio-player 1.9.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "cbxgooglemap 1.1.12 Contributor+.Stored.XSS MEDIUM" "cbxgooglemap 1.1.12 Contributor+.Stored.XSS.via.shortcode MEDIUM" "coinbase-commerce-for-contact-form-7 1.1.2 Reflected.Cross-Site.Scripting MEDIUM" "custom-tiktok-video-feed No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "content-collector No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "content-collector No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "cookie-notice No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "cookie-notice 2.4.7 Contributor+.Stored.XSS MEDIUM" "cookie-notice 2.4.7 Contributor+.XSS MEDIUM" "cookie-notice 2.1.2 Admin+.Stored.Cross-Site.Scripting LOW" "cp-image-gallery No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cp-image-gallery No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "cleverwise-daily-quotes No.known.fix Stored.XSS.via.CSRF HIGH" "cc-bmi-calculator 2.1.0 Contributor+.Stored.XSS MEDIUM" "cart-lift 3.1.6 Reflected.XSS HIGH" "caldera-forms 1.7.5.1 Reflected.Cross-Site.Scripting MEDIUM" "caldera-forms 1.9.7 Reflected.Cross-Site.Scripting MEDIUM" "caldera-forms 1.9.5 Admin+.Stored.Cross-Site.Scripting LOW" "caldera-forms 1.6.0 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "colorway No.known.fix Cross-Site.Request.Forgery MEDIUM" "collectchat 2.4.4 Admin+.XSS LOW" "collectchat 2.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "collectchat 2.4.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "cp-contact-form-with-paypal 1.3.02 Multiple.XSS MEDIUM" "cp-contact-form-with-paypal 1.1.6 Multiple.Vulnerabilities HIGH" "comments-disable-accesspress 1.0.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "categories-gallery-woocommerce No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "convert-post-types No.known.fix Cross-Site.Request.Forgery MEDIUM" "convert-post-types No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ct-commerce No.known.fix Admin+.Stored.XSS LOW" "custom-post-type-list-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "canecto No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "category-posts 4.9.17 Admin+.Stored.XSS LOW" "custom-field-bulk-editor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "conditional-menus 1.2.1 Reflected.XSS HIGH" "content-audit 1.9.2 Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "chronoforms No.known.fix CSRF MEDIUM" "captcha 4.4.5 Backdoored MEDIUM" "custom-registration-and-login-forms-with-new-recaptcha No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "custom-registration-and-login-forms-with-new-recaptcha No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "cart-rest-api-for-woocommerce 3.12.0 Missing.Authorization MEDIUM" "cooked-pro 1.8.0 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "cooked-pro 1.8.0 Cross-Site.Request.Forgery.to.Template.Reset MEDIUM" "cooked-pro 1.8.0 Authenticated.(Contributor+).HTML.Injection MEDIUM" "cooked-pro 1.8.0 Cross-Site.Request.Forgery.via.cooked_get_recipe_ids MEDIUM" "cooked-pro 1.8.0 Cross-Site.Request.Forgery.to.Template.Apply MEDIUM" "cooked-pro 1.7.5.7 Unauthenticated.PHP.Object.Injection HIGH" "cooked-pro 1.7.5.6 Unauthenticated.Reflected.Cross.Site.Scripting.(XSS) MEDIUM" "cms-commander-client 2.288 Unauthenticated.Authorisation.Bypass HIGH" "comment-highlighter No.known.fix Authenticated.SQL.Injection MEDIUM" "christmasify 1.5.6 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "crm-perks-forms 1.1.4 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "crm-perks-forms 1.1.6 Missing.Authorization.to.Unauthenticated.Form.Submission MEDIUM" "crm-perks-forms 1.1.5 Unauthenticated.SQL.Injection CRITICAL" "crm-perks-forms 1.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "crm-perks-forms 1.1.5 Authenticated.(Contributor+).SQL.Injection CRITICAL" "crm-perks-forms 1.1.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "crm-perks-forms 1.1.2 Admin+.Stored.Cross-Site.Scripting MEDIUM" "crm-perks-forms 1.1.1 Reflected.XSS HIGH" "citadela-directory No.known.fix Unauthenticated.Sensitive.Information.Exposure HIGH" "citadela-directory No.known.fix Cross-Site.Request.Forgery MEDIUM" "copify No.known.fix Stored.Cross-Site.Scripting.via.CSRF HIGH" "cloud-sso-single-sign-on 1.0.14 Reflected.Cross-Site.Scripting MEDIUM" "calendar-event 1.4.7 Unauthenticated.Arbitrary.Event.Deletion MEDIUM" "calendar-event 1.4.7 Reflected.Cross-Site.Scripting MEDIUM" "cluevo-lms 1.11.0 Settings.Update.via.CSRF MEDIUM" "cluevo-lms 1.8.1 Admin+.Stored.Cross.Site.Scripting LOW" "connect-daily-web-calendar 1.4.5 Multiple.Reflected.XSS HIGH" "clearfy No.known.fix Missing.Authorization MEDIUM" "clearfy No.known.fix Cross-Site.Request.Forgery MEDIUM" "clearfy 2.0.5 Reflected.Cross-Site.Scripting MEDIUM" "cookie-consent-box 1.1.7 Admin+.Stored.XSS LOW" "custom-product-type-for-woocommerce 1.2.3 Reflected.Cross-Site.Scripting MEDIUM" "custom-product-type-for-woocommerce 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "content-mask 1.8.4.1 Subscriber+.Arbitrary.Options.Update HIGH" "content-excel-importer 4.3 Reflected.Cross-Site.Scripting MEDIUM" "currency-switcher-woocommerce 2.11.2 Security.Restrictions.Bypass MEDIUM" "custom-post-type-ui 1.13.5 Debug.Info.Sending.via.CSRF LOW" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5.1 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Admin+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5.1 Unauthenticated.SQL.Injection HIGH" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Admin+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Unauthenticated.SQL.Injection HIGH" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5.1 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Admin+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Admin+.SQL.Injection MEDIUM" "cf7-mailchimp 1.1.1 Reflected.Cross-Site.Scripting HIGH" "contact-form-7-multi-step-addon 1.0.7 Injected.Backdoor CRITICAL" "clean-login 1.14.6 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "clean-login 1.13.7 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "clean-login 1.12.6.4 Reflected.Cross-Site.Scripting MEDIUM" "clean-login 1.8 Change.Redirect.URL.CSRF MEDIUM" "clean-login 1.5.1 Reflected.XSS MEDIUM" "coming-soon-maintenance-mode-from-acurax No.known.fix Unauthenticated.IP.Spoofing MEDIUM" "coming-soon-maintenance-mode-from-acurax No.known.fix Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "coming-soon-maintenance-mode-from-acurax No.known.fix Information.Exposure MEDIUM" "coming-soon-maintenance-mode-from-acurax No.known.fix Unauthenticated.Stored.XSS HIGH" "comment-license 1.4.0 Arbitrary.Settings.Update.via.CSRF MEDIUM" "client-portal-suitedash-login 1.8.0 Admin+.Stored.XSS LOW" "checkout-for-paypal 1.0.14 Contributor+.Stored.XSS MEDIUM" "custom-my-account-for-woocommerce No.known.fix Stored.XSS.via.CSRF HIGH" "cf7-constant-contact No.known.fix Cross-Site.Request.Forgery MEDIUM" "cf7-constant-contact 1.1.5 Open.Redirect MEDIUM" "cf7-constant-contact 1.1.0 Reflected.Cross-Site.Scripting HIGH" "comment-blacklist-updater 1.2.0 Cross-Site.Request.Forgery.via.update_blacklist_manual MEDIUM" "cardoza-wordpress-poll No.known.fix Authenticated.SQL.Injection HIGH" "cardoza-wordpress-poll 34.06 Multiple.External.Function.Remote.Poll.Manipulation CRITICAL" "cardoza-wordpress-poll 33.6 Multiple.SQL.Injection.Vulnerabilities CRITICAL" "content-protector 4.2.6.5 Contributor+.Stored.XSS.via.content_protector.Shortcode MEDIUM" "content-protector 4.2.6.3 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "content-protector 4.2.2 Reflected.Cross-Site.Scripting MEDIUM" "content-protector 3.5.5.9 Protection.Bypass.&.Arbitrary.Post.Access HIGH" "content-protector 3.5.5.8 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "content-protector 3.5.5.5.2 Insecure.Storage.of.Password MEDIUM" "content-protector 3.5.5.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "contact-form-add No.known.fix CSRF HIGH" "contact-form-add 1.9.8.4 Authenticated.Stored.Cross-Site.Scripting LOW" "contact-form-add 1.9.8.5 Reflected.Cross-Site.Scripting.(XSS) HIGH" "calendar-plugin No.known.fix Reflected.Cross-Site.Scripting HIGH" "custom-email-options No.known.fix Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "carousel-ck No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "camera-slideshow No.known.fix Reflected.Cross-Site.Scripting HIGH" "credit-tracker No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "comment-reply-email 1.5 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "comment-reply-email 1.0.4 Admin+.Stored.XSS LOW" "custom-admin-login-styler-wpzest No.known.fix Admin+.Stored.XSS LOW" "cryptocurrency-price-ticker-widget 2.8.1 Reflected.Cross-Site.Scripting MEDIUM" "cryptocurrency-price-ticker-widget 2.6.9 Missing.Authorization MEDIUM" "cryptocurrency-price-ticker-widget 2.6.6 2.6.5.-.Unauthenticated.SQL.Injection CRITICAL" "cryptocurrency-price-ticker-widget 2.5 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "custom-css-js 3.4 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "colorful-categories 2.0.15 Arbitrary.Colors.Update.via.CSRF MEDIUM" "currency-per-product-for-woocommerce 1.7.0 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "cherry-plugin 1.2.7 Unauthenticated.Arbitrary.File.Upload.and.Download CRITICAL" "canvasio3d-light No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "canvasio3d-light No.known.fix Subscriber+.Entries.Update/Deletion MEDIUM" "canvasio3d-light No.known.fix Reflected.XSS HIGH" "custom-login 4.1.1 Subscriber+.Unauthorised.Action MEDIUM" "coming-soon-master 1.1 Reflected.Cross-Site.Scripting MEDIUM" "cpa-offerwall No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "comment-reply-notification No.known.fix Cross-Site.Request.Forgery MEDIUM" "cowidgets-elementor-addons 1.2.0 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "cowidgets-elementor-addons 1.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.heading_tag.Parameter MEDIUM" "cool-tag-cloud 2.26 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "civicrm 5.28.1 CSRF.to.Stored.XSS MEDIUM" "civicrm 5.24.3 Authenticated.Phar.Deserialization MEDIUM" "conversador No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "calendar No.known.fix Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "calendar 1.3.11 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "customizely No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "customizely 1.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "connections 10.4.37 Contributor+.Stored.XSS MEDIUM" "connections 10.4.3 Admin+.Stored.Cross-Site.Scripting LOW" "connections 9.7 Admin+.CSV.Injection MEDIUM" "connections 8.5.9 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "cookie-notice-and-consent-banner 1.7.2 Admin+.Stored.XSS LOW" "calderawp-license-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cloud-manager No.known.fix Reflected.XSS CRITICAL" "custom-header-images No.known.fix Cross-Site.Request.Forgery MEDIUM" "classic-editor-and-classic-widgets 1.2.6 Settings.Update.via.CSRF MEDIUM" "chatbot 5.5.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "chatbot 5.3.6 Missing.Authorization.via.openai_file_list_callback MEDIUM" "chatbot 5.3.6 Missing.Authorization.via.openai_file_delete_callback MEDIUM" "chatbot 5.3.6 Missing.Authorization.via.openai_file_upload_callback MEDIUM" "chatbot 5.1.1 Unauthenticated.PHP.Object.Injection CRITICAL" "chatbot 4.7.9 Authenticated.(Administrator+).SQL.Injection HIGH" "chatbot 4.9.7 4.9.6.-.Authenticated.(Administrator+).Stored.Cross-Site.Scripting.in.FAQ.Builder MEDIUM" "chatbot 4.9.3 Subscriber+.Arbitrary.File.Deletion CRITICAL" "chatbot 4.9.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "chatbot 4.9.1 Authenticated.(Subscriber+).Directory.Traversal.to.Arbitrary.File.Write.via.qcld_openai_upload_pagetraining_file CRITICAL" "chatbot 4.9.1 Unauthenticated.Blind.SQL.Injection CRITICAL" "chatbot 4.9.3 Missing.authorization.in.AJAX.calls MEDIUM" "chatbot 4.9.1 Subscriber+.Arbitrary.File.Deletion CRITICAL" "chatbot 4.9.1 Missing.authorization.in.AJAX.calls MEDIUM" "chatbot 4.9.1 Unauthenticated.Sensitive.Data.Disclosure MEDIUM" "chatbot 4.9.1 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "chatbot 4.7.9 CSRF MEDIUM" "chatbot 4.7.8 Admin+.Stored.XSS.in.Language.Settings LOW" "chatbot 4.7.8 Admin+.Stored.XSS.in.FAQ.Builder LOW" "chatbot 4.6.1 Admin+.Stored.Cross-Site.Scripting LOW" "chatbot 4.5.6 Admin+.Stored.Cross-Site.Scripting LOW" "chatbot 4.5.5 Admin+.Stored.Cross-Site.Scripting LOW" "chatbot 4.4.9 Subscriber+.OpenAI.Settings.Update.to.Stored.XSS HIGH" "chatbot 4.4.7 Unauthenticated.PHP.Object.Injection HIGH" "chatbot 4.5.1 Admin+.Stored.XSS LOW" "chatbot 4.4.9 Unauthenticated.Stored.XSS HIGH" "chatbot 4.4.5 Stored.XSS.via.CSRF HIGH" "chatbot 4.3.0 Settings.Reset.via.CSRF MEDIUM" "chatbot 4.3.1 Admin+.Stored.XSS LOW" "chatbot 4.2.9 Unauthenticated.Settings.Reset MEDIUM" "custom-fonts 2.1.5 Author+.Stored.XSS MEDIUM" "coming-soons No.known.fix Under.Construction.<=.1.2.0.-.Admin+.Stored.Cross-Site.Scripting LOW" "customily-v2 No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "caddy 1.9.8 Cross-Site.Request.Forgery MEDIUM" "cardealer 4.16 Admin+.Content.Injection LOW" "cardealer 3.05 Subscriber+.Arbitrary.Plugin.Installation HIGH" "cardoza-3d-tag-cloud No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "cardoza-3d-tag-cloud No.known.fix Stored.XSS.via.CSRF MEDIUM" "coblocks 3.1.13 Editor+.Stored.XSS LOW" "coblocks 3.1.12 Contributor+.SSRF LOW" "coblocks 3.1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Social.Profiles MEDIUM" "coblocks 3.1.7 Contributor+.Stored.XSS MEDIUM" "coblocks 3.1.7 Contributor+.Stored.XSS MEDIUM" "cf7-store-to-db-lite 1.1.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "cf7-store-to-db-lite 1.1.0 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "csprite No.known.fix Cross-Site.Request.Forgery MEDIUM" "custom-user-guide 1.1.1 Reflected.Cross-Site.Scripting MEDIUM" "custom-user-guide 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "change-login-logo 1.1.5 Authenticated.Stored.Cross-Site.Scripting LOW" "chaty 3.2.3 Admin+.Stored.XSS LOW" "chaty 3.1.9 Editor+.Stored.XSS LOW" "chaty 3.1.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "chaty 3.1.2 Admin+.Stored.Cross-Site.Scripting LOW" "chaty 3.1 Admin+.Stored.Cross-Site.Scripting LOW" "chaty 3.1 Reflected.XSS HIGH" "chaty 3.0.3 Admin+.SQLi MEDIUM" "chaty 2.8.4 Admin+.Stored.Cross-Site.Scripting MEDIUM" "chaty 2.8.3 Reflected.Cross-Site.Scripting HIGH" "conditional-marketing-mailer 1.5.2 Arbitrary.Plugin.Installation/Activation.via.Low.Privilege.User CRITICAL" "conditional-marketing-mailer 1.6 Arbitrary.Plugin.Installation/Activation.via.CSRF CRITICAL" "cf7-antispam 0.6.1 Reflected.Cross-Site.Scripting MEDIUM" "convert-classic-editor-to-blocks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "convert-classic-editor-to-blocks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cf7-conditional-fields 2.4.14 Cross-Site.Request.Forgery.to.Plugin.Setting.Reset MEDIUM" "cf7-conditional-fields 2.4.2 Missing.Authorization MEDIUM" "cube-slider No.known.fix Admin+.SQLi MEDIUM" "cz-loan-management No.known.fix Unauthenticated.SQLi HIGH" "comment-images-reloaded No.known.fix Authenticated.(Subscriber+).Arbitrary.Media.Deletion MEDIUM" "cf7-grid-and-styler-for-divi 1.5.2 Reflected.Cross-Site.Scripting MEDIUM" "cf7-grid-and-styler-for-divi 1.4.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cgc-maintenance-mode No.known.fix Sensitive.Information.Exposure MEDIUM" "cgc-maintenance-mode No.known.fix IP.Spoofing MEDIUM" "cancel-order-request-woocommerce 1.3.3 Admin+.Stored.XSS LOW" "chatbot-chatgpt 1.9.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "chatbot-chatgpt 2.0.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "chatbot-chatgpt 2.0.0 Unauthenticated.Arbitrary.File.Upload.via.chatbot_chatgpt_upload_file_to_assistant.Function CRITICAL" "custom-content-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "custom-content-shortcode No.known.fix Contributor+.LFI CRITICAL" "custom-content-shortcode 4.0.2 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "custom-content-shortcode 4.0.1 Unauthorised.Arbitrary.Post.Metadata.Access MEDIUM" "custom-content-shortcode 4.0.2 Authenticated.Arbitrary.File.Access./.LFI HIGH" "contact-form-by-supsystic No.known.fix CSRF MEDIUM" "contact-form-by-supsystic 1.7.25 CSRF MEDIUM" "contact-form-by-supsystic 1.7.20 Admin+.Stored.Cross-Site.Scripting LOW" "contact-form-by-supsystic 1.7.15 Reflected.Cross-Site.scripting.(XSS) HIGH" "contact-form-by-supsystic 1.7.11 Authenticated.SQL.Injections CRITICAL" "contact-form-by-supsystic 1.7.7 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "crafty-social-buttons 1.5.8 XSS MEDIUM" "cta 2.5.1 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "contact-widgets-for-elementor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "contact-widgets-for-elementor 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cforms2 15.0.7 Unauthenticated.Stored.XSS HIGH" "cforms2 15.0.7 Admin+.Stored.XSS LOW" "cforms2 15.0.5 Settings.Update.via.CSRF MEDIUM" "cforms2 15.0.2 Unauthenticated.HTML.Injection.&.CSRF HIGH" "cforms2 14.13.3 Multiple.XSS MEDIUM" "cforms2 14.13 SQL.Injection CRITICAL" "cforms2 14.6.10 SQL.Injection CRITICAL" "categorify 1.0.7.5 Cross-Site.Request.Forgery.via.categorifyAjaxClearCategory MEDIUM" "categorify 1.0.7.5 Cross-Site.Request.Forgery.via.categorifyAjaxDeleteCategory MEDIUM" "categorify 1.0.7.5 Missing.Authorization.in.categorifyAjaxRenameCategory MEDIUM" "categorify 1.0.7.5 Missing.Authorization.in.categorifyAjaxUpdateFolderPosition MEDIUM" "categorify 1.0.7.5 Cross-Site.Request.Forgery.via.categorifyAjaxUpdateFolderPosition MEDIUM" "categorify 1.0.7.5 Missing.Authorization.in.categorifyAjaxClearCategory MEDIUM" "categorify 1.0.7.5 Missing.Authorization.in.categorifyAjaxDeleteCategory MEDIUM" "categorify 1.0.7.5 Missing.Authorization.in.categorifyAjaxAddCategory MEDIUM" "categorify 1.0.7.5 Cross-Site.Request.Forgery.via.categorifyAjaxRenameCategory MEDIUM" "categorify 1.0.7.5 Cross-Site.Request.Forgery.via.categorifyAjaxAddCategory MEDIUM" "categorify 1.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "custom-base-terms 1.0.3 Admin+.Stored.XSS LOW" "catch-under-construction 1.4 Unauthorised.Plugin's.Setting.Change MEDIUM" "coming-soon 6.15.22 Unauthenticated.Plugin.Page.Content.Update MEDIUM" "coming-soon 6.15.15.3 Arbitrary.Settings.Update.via.CSRF MEDIUM" "coming-soon 5.1.2 Authenticated.Stored.Cross.Site.Scripting.(XSS) LOW" "chained-quiz 1.3.2.9 Missing.Authorization MEDIUM" "chained-quiz 1.3.2.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "chained-quiz 1.3.2.6 Admin+.Stored.XSS LOW" "chained-quiz 1.3.2.5 Arbitrary.Question.Deletion.via.CSRF MEDIUM" "chained-quiz 1.3.2.3 Reflected.Cross-Site.Scripting MEDIUM" "chained-quiz 1.3.2.1 Multiple.Reflected.Cross-Site.Scripting MEDIUM" "chained-quiz 1.3.2.5 Submitted.Quiz.Response.Deletion.via.CSRF MEDIUM" "chained-quiz 1.3.2.4 Multiple.Reflected.Cross-Site.Scripting MEDIUM" "chained-quiz 1.3.2.3 Admin+.Stored.XSS LOW" "chained-quiz 1.3.2.5 Arbitrary.Quiz.Deletion.&.Copying.via.CSRF MEDIUM" "chained-quiz 1.2.7.2 Authenticated.Stored.Cross.Site.Scripting LOW" "chained-quiz 1.1.9.1 Authenticated.Stored.XSS MEDIUM" "chained-quiz 1.1.8.2 Unauthenticated.Reflected.XSS CRITICAL" "chained-quiz 1.0.9 Unauthenticated.SQL.Injection MEDIUM" "crayon-syntax-highlighter No.known.fix Contributor+.Server.Side.Request.Forgery MEDIUM" "crayon-syntax-highlighter No.known.fix Cross-Site.Request.Forgery MEDIUM" "crayon-syntax-highlighter 2.8.4 Multiple.XSS MEDIUM" "cars-seller-auto-classifieds-script No.known.fix Auto.Classifieds.Script.<=.2.1.0.-.Unauthenticated.SQL.Injection CRITICAL" "cp-image-store 1.0.68 Unauthenticated.SQLi HIGH" "contact-form-7-sms-addon 2.4.0 Cross-Site.Scripting.(XSS) MEDIUM" "cf7-google-sheets-connector 5.0.10 Missing.Authorization.to.Limited.Site.Configuration.Update MEDIUM" "cf7-google-sheets-connector 5.0.6 Unauthenticated.Sensitive.Information.Exposure.via.Debug.Log HIGH" "cf7-google-sheets-connector 5.0.2 Reflected.XSS HIGH" "contact-form-7-multi-step-module 4.3.1 Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7-multi-step-module 4.1.91 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "contact-form-7-multi-step-module 3.0.9 Subscriber+.Arbitrary.Option.Update CRITICAL" "cool-timeline 2.4 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "cool-timeline 2.0.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "cool-timeline 2.0.3 Cross-Site.Request.Forgery MEDIUM" "custom-searchable-data-entry-system No.known.fix Unauthenticated.Data.Modification.and.Deletion CRITICAL" "copy-delete-posts 1.4.0 Subscriber+.Plugin.Installation MEDIUM" "copy-delete-posts 1.4.0 Plugin.Installation.via.CSRF MEDIUM" "copy-delete-posts 1.2.0 Authenticated.SQL.Injection MEDIUM" "company-updates-for-linkedin No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "cimy-header-image-rotator No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "codepress-admin-columns 4.3 Admin+.Stored.XSS.in.Label LOW" "codepress-admin-columns 4.3.2 Authenticated.Stored.Cross-Site.Scripting.(XSS).in.Custom.Field MEDIUM" "cost-calculator-builder 3.2.29 Admin+.SQL.Injection MEDIUM" "cost-calculator-builder 3.2.16 Unauthenticated.SQL.Injection CRITICAL" "cost-calculator-builder 3.2.13 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "cost-calculator-builder 3.2.13 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Content.Creation MEDIUM" "cost-calculator-builder 2.3.3 Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7-to-database-extension 2.10.36 CSV.Injection CRITICAL" "crony No.known.fix Cross-Site.Request.Forgery MEDIUM" "crony 0.4.7 Cross-Site.Scripting.(XSS).&.CSRF HIGH" "court-reservation No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "court-reservation 1.6.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "copy-me No.known.fix Copy.Posts.Cross-Site.Request.Forgery.(CSRF) MEDIUM" "configure-smtp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cubewp-framework 1.1.13 Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "catch-sticky-menu 1.7 Unauthorised.Plugin's.Setting.Change MEDIUM" "chart-builder 2.0.7 Authenticated(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "chart-builder 1.9.7 Admin+.Stored.XSS LOW" "contact-form-with-captcha No.known.fix Cross-Site.Request.Forgery MEDIUM" "contact-form-with-captcha 1.6.8 CSRF.to.Stored.Cross-Site.Scripting HIGH" "cyberus-key 1.1 Admin+.Stored.XSS LOW" "candidate-application-form No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "contact-form-to-email 1.3.45 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "contact-form-to-email 1.3.42 Captcha.Bypass MEDIUM" "contact-form-to-email 1.3.44 Editor+.Stored.Cross-Site.Scripting LOW" "contact-form-to-email 1.3.38 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "contact-form-to-email 1.3.25 Admin+.Stored.Cross-Site.Scripting LOW" "contact-form-to-email 1.2.66 Multiple.Cross-Site.Scripting.(XSS).&.CSRF HIGH" "captcha-for-contact-form-7 1.11.4 Captcha.Bypass MEDIUM" "coupon-creator 3.1.1 Arbitrary.Settings.Update.via.CSRF MEDIUM" "coupon-creator 3.1.1 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "cart66-lite 1.5.5 XSS MEDIUM" "clictracker No.known.fix Admin+.Stored.XSS LOW" "calendarista-basic-edition 3.0.3 Cross-Site.Request.Forgery MEDIUM" "calendarista-basic-edition 3.0.6 Missing.Authorization MEDIUM" "calendarista-basic-edition 3.0.3 Unauthenticated.Cross-Site.Scripting MEDIUM" "clean-social-icons No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cc-bcc-for-woocommerce-order-emails No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "charitable 1.8.1.8 Missing.Authorization.via.ajax_license_check() MEDIUM" "charitable 1.8.1.8 Missing.Authorization.to.Unauthorized.Donation MEDIUM" "charitable 1.7.0.14 Authenticated(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "charitable 1.7.0.13 Unauthenticated.Privilege.Escalation CRITICAL" "charitable 1.7.0.11 Reflected.XSS HIGH" "charitable 1.6.51 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "charitable 1.6.51 Donation.Plugin.<.1.6.51.-.Unauthenticated.Stored.Cross-Site.Scripting HIGH" "charitable 1.5.14 Unauthorised.Access HIGH" "catalyst-connect-client-portal 2.1.0 Admin+.Stored.XSS LOW" "catalyst-connect-client-portal 2.1.0 Reflected.XSS HIGH" "cozy-addons 1.2.4 Reflected.Cross-Site.Scripting MEDIUM" "cryptocurrency-widgets-for-elementor 1.3 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "content-egg 5.5.0 Multiple.CSRF MEDIUM" "content-egg 5.3.1 Reflected.Cross-Site.Scripting MEDIUM" "content-egg 5.3.0 Reflected.Cross-Site.Scripting MEDIUM" "clickcease-click-fraud-protection 3.2.5 Improper.Authorization.to.sensitive.information.exposure.via.get_settings MEDIUM" "clickcease-click-fraud-protection 3.2.8 Cross-Site.Request.Forgery MEDIUM" "cookie-bar 2.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "cookie-bar 1.8.9 Admin+.Stored.Cross-Site.Scripting LOW" "comic-easel No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "custom-post-type-generator No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "choice-payment-gateway-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "choice-payment-gateway-for-woocommerce 2.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "coupon-referral-program No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "coupon-referral-program No.known.fix Sensitive.Information.Disclosure MEDIUM" "contest-code-checker 1.9.8 Reflected.Cross-Site.Scripting MEDIUM" "contest-code-checker 1.9.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "checkout-mestres-wp 7.1.9.8 Missing.Authorization.to.Unauthenticated.Arbitrary.Options.Update CRITICAL" "checkout-mestres-wp 7.1.9.8 Authentication.Bypass.via.Password.Reset CRITICAL" "checkout-mestres-wp 7.1.9.8 Unauthenticated.SQL.Injection CRITICAL" "catch-themes-demo-import 2.1.1 Admin+.Remote.Code.Execution MEDIUM" "catch-themes-demo-import 1.8 Admin+.Arbitrary.File.Upload CRITICAL" "catch-themes-demo-import 1.6 Unauthorised.Plugin's.Setting.Change MEDIUM" "cooked 1.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "cooked 1.8.0 Cooked.–.Recipe.Management.<=.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cooked 1.7.15.1 Contributor+.Stored.XSS MEDIUM" "cooked 1.1.13 Reflected.Cross-Site.Scripting MEDIUM" "cooked 1.7.9.1 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "cooked 1.7.5.6 Unauthenticated.Reflected.Cross.Site.Scripting.(XSS) MEDIUM" "cf-geoplugin No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Menu.Creation/Deletion MEDIUM" "cf-geoplugin No.known.fix Missing.Authorization.to.Unauthenticated.Shortcode.Execution MEDIUM" "cf-geoplugin 8.6.5 PHP.Object.Injection CRITICAL" "cf-geoplugin 8.6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cf-geoplugin 8.5.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "cf-geoplugin 7.13.12 Reflected.Cross-Site.Scripting HIGH" "content-warning-v2 4.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "crelly-slider No.known.fix Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "crelly-slider No.known.fix Admin+.Stored.XSS LOW" "crelly-slider 1.3.5 Arbitrary.File.Upload HIGH" "change-table-prefix No.known.fix Cross-Site.Request.Forgery.via.change_prefix_form HIGH" "contact-form-to-db 1.7.3 Authenticated.(Author+).SQL.Injection CRITICAL" "contact-form-to-db 1.7.2 Improper.Neutralization.of.Special.Elements.used.in.an.SQL.Command.('SQL.Injection') MEDIUM" "comments-from-facebook 2.5.0 Admin+.Stored.Cross-Site.Scripting LOW" "currency-converter-calculator 1.3.2 Contributor+.Stored.XSS MEDIUM" "culqi-checkout 3.0.15 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "captcha-bws 5.2.1 Captcha.Bypass MEDIUM" "cliengo No.known.fix Cross-Site.Request.Forgery MEDIUM" "cliengo 3.0.3 Chatbot.<.3.0.3.-.Missing.Authorization.to.Unauthenticated.Chatbot.Settings.Update MEDIUM" "cliengo 3.0.3 Chatbot.<.3.0.3.-.Missing.Authorization.to.Authorized.(Subscriber+).Chatbot.Settings.Update MEDIUM" "carousels-slider-for-divi No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cpo-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "cpo-shortcodes No.known.fix Admin+.Stored.XSS LOW" "category-seo-meta-tags No.known.fix Cross-Site.Request.Forgery.via.csmt_admin_options MEDIUM" "category-seo-meta-tags No.known.fix Admin+.Stored.XSS LOW" "counter-box 1.2.4 Counter.Deletion.via.CSRF MEDIUM" "counter-box 1.2.2 Reflected.XSS MEDIUM" "counter-box 1.2.1 Arbitrary.Counter.Activation/Deactivation.via.CSRF MEDIUM" "counter-box 1.2 Admin+.LFI MEDIUM" "custom-simple-rss 2.0.7 CSRF MEDIUM" "conditional-payment-methods-for-woocommerce No.known.fix Admin+.SQLi MEDIUM" "custom-post-view-generator No.known.fix Reflected.Cross-Site.Scripting HIGH" "contractor-contact-form-website-to-workflow-tool 4.1.0 Reflected.XSS HIGH" "cartoon-url No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "customify-sites No.known.fix Unauthenticated.Remote.Code.Execution CRITICAL" "contact-forms No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "contact-forms 1.8.0 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "contact-forms 1.6.1 CSRF MEDIUM" "contact-forms 1.5.8 Cross-Site.Request.Forgery MEDIUM" "contact-forms 1.5.5 Unauthenticated.Stored.XSS HIGH" "contact-forms 1.5.5 Reflected.XSS HIGH" "contact-forms 1.4.12 Admin+.Stored.Cross-Site.Scripting LOW" "captchinoo-captcha-for-login-form-protection 2.4 Arbitrary.Plugin.Installation/Activation.via.Low.Privilege.User CRITICAL" "captchinoo-captcha-for-login-form-protection 2.5 Arbitrary.Plugin.Installation/Activation.via.CSRF CRITICAL" "ceceppa-multilingua No.known.fix Authenticated.Reflected.Cross-Site.Scripting CRITICAL" "cf7-field-validation No.known.fix Unauthenticated.SQLi HIGH" "catch-gallery 1.7 Unauthorised.Plugin's.Setting.Change MEDIUM" "custom-add-to-cart-button-for-woocommerce No.known.fix Missing.Authorization MEDIUM" "contact-form-to-any-api 1.1.9 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "contact-form-to-any-api 1.1.7 Subscriber+.API.Entry.Record.Deletion MEDIUM" "contact-form-to-any-api 1.1.3 Admin+.SQLi MEDIUM" "corner-ad 1.0.57 Ads.Deletion.via.CSRF MEDIUM" "corner-ad 1.0.8 Admin+.Stored.XSS LOW" "canva No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "customizer-export-import 0.9.7.1 Authenticated.(Admin+).Arbitrary.File.Upload.via.Customization.Settings.Import MEDIUM" "customizer-export-import 0.9.6 Admin+.PHP.Object.Injection LOW" "customizer-export-import 0.9.5 Admin+.PHP.Object.Injection MEDIUM" "customizer-export-import 0.9.5 Admin+.PHP.Objection.Injection MEDIUM" "content-cards No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "content-cards 0.9.7 Cross-Site.Scripting.(XSS) MEDIUM" "compute-links No.known.fix Unauthenticated.Remote.File.Inclusion CRITICAL" "camptix 1.5.1 CSV.Injection.Bypasses.and.XSS HIGH" "custom-post-types 5.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-post-types 5.0.0 Admin+.Stored.Cross-Site.Scripting MEDIUM" "custom-post-types 5.0.3 Admin+.Stored.XSS LOW" "cf7-summary-and-print No.known.fix Cross-Site.Request.Forgery MEDIUM" "calculator-builder 1.5.1 Reflected.XSS MEDIUM" "csv2wpec-coupon No.known.fix Unauthenticated.Remote.File.Upload HIGH" "custom-search-plugin 1.36 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "current-template-name 1.1.10 Reflected.Cross-Site.Scripting MEDIUM" "cryptocurrency-donation-box 1.8 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "card-elements-for-elementor 1.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "connected-sermons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "connected-sermons No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "custom-post-widget 3.3.1 Authenticated.(Contributor+).Local.File.Inclusion.via.Shortcode HIGH" "custom-post-widget 3.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.content_block.Shortcode MEDIUM" "custom-post-widget 3.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cookie-law-bar No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "commons-booking No.known.fix Code/Timeframe/Booking.Deletion.via.CSRF MEDIUM" "commons-booking No.known.fix Admin+.Stored.XSS LOW" "cosmetsy-core No.known.fix Reflected.Cross-Site.Scripting HIGH" "check-zipcode No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "check-zipcode No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "comparison-slider No.known.fix Cross-Site.Request.Forgery MEDIUM" "comparison-slider No.known.fix Missing.Authorization MEDIUM" "comparison-slider No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "catch-infinite-scroll 1.9 Unauthorised.Plugin's.Setting.Change MEDIUM" "carts-guru 1.4.6 Unauthenticated.Object.Injection CRITICAL" "creative-mail-by-constant-contact 1.6.0 Multiple.CSRF MEDIUM" "creative-mail-by-constant-contact 1.6.0 CSRF MEDIUM" "creative-mail-by-constant-contact 1.6.0 Settings.Reset.via.CSRF MEDIUM" "cm-on-demand-search-and-replace 1.3.9 Plugin.Reset.via.CSRF MEDIUM" "cm-on-demand-search-and-replace 1.3.1 Multiple.CSRF MEDIUM" "cm-on-demand-search-and-replace 1.3.1 Admin+.Stored.XSS LOW" "clockwork-two-factor-authentication 1.1.0 Cross-Site.Scripting.(XSS) MEDIUM" "companion-sitemap-generator 4.5.3 Reflected.XSS HIGH" "companion-sitemap-generator 4.5.3 Contributor+.Stored.XSS MEDIUM" "companion-sitemap-generator 3.7.0 CSRF HIGH" "church-admin 4.4.7 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "church-admin 4.4.5 Missing.Authorization MEDIUM" "church-admin 4.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "church-admin 4.4.0 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "church-admin 4.2.0 Cross-Site.Request.Forgery MEDIUM" "church-admin 4.0.28 Cross-Site.Request.Forgery MEDIUM" "church-admin 4.1.7 Missing.Authorization MEDIUM" "church-admin 4.1.6 .Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "church-admin 4.1.19 Missing.Authorization MEDIUM" "church-admin 4.1.8 Cross-Site.Request.Forgery MEDIUM" "church-admin 4.0.28 Authenticated.(Contributor+).SQL.Injection HIGH" "church-admin 4.1.18 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.meta-text MEDIUM" "church-admin 4.0.27 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "church-admin 3.8.0 Server-Side.Request.Forgery.(SSRF) MEDIUM" "church-admin 3.7.6 Reflected.XSS HIGH" "church-admin 3.7.30 Reflected.XSS HIGH" "church-admin 3.4.135 Unauthenticated.Plugin's.Backup.Disclosure HIGH" "church-admin 1.2550 CSRF HIGH" "custom-text-selection-colors No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "canto 3.0.9 Unauthenticated.Remote.File.Inclusion CRITICAL" "canto 3.0.7 Unauthenticated.RCE CRITICAL" "canto 3.0.5 Unauthenticated.Remote.File.Inclusion CRITICAL" "canto No.known.fix Unauthenticated.Blind.SSRF MEDIUM" "club-management-software No.known.fix Authenticated.SQL.Injection MEDIUM" "ckeditor-for-wordpress 4.5.3.1 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "custom-field-suite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.cfs[post_title] MEDIUM" "custom-field-suite No.known.fix Authenticated.(Contributor+).SQL.Injection.via.Term.Custom.Field HIGH" "custom-field-suite No.known.fix Contributor+.PHP.Code.Injection.via.Loop.Custom.Field HIGH" "custom-field-suite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.cfs[post_content] MEDIUM" "custom-field-suite 2.6.6 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "custom-field-suite 2.6.5 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "custom-field-suite 2.6.3 Admin+.Stored.XSS LOW" "custom-field-suite 2.5.15 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "clipr No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "creative-addons-for-elementor 1.6.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "craw-data No.known.fix Server.Side.Request.Forgery MEDIUM" "codelights-shortcodes-and-widgets No.known.fix Contributor+.Stored.XSS MEDIUM" "codelights-shortcodes-and-widgets No.known.fix Admin+.Stored.Cross.Site.Scripting MEDIUM" "classyfrieds No.known.fix Authenticated.Arbitrary.File.Upload.to.RCE CRITICAL" "constant-contact-forms 2.4.3 Information.Disclosure.via.Log.Files MEDIUM" "constant-contact-forms 1.8.8 Multiple.Authenticated.Stored.XSS MEDIUM" "custom-dash No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "cost-of-goods-for-woocommerce 3.2.9 Reflected.Cross-Site.Scripting MEDIUM" "classima-core 1.10 Reflected.Cross-Site.Scripting MEDIUM" "change-wp-admin-login 1.1.4 Secret.Login.Page.Disclosure MEDIUM" "change-wp-admin-login 1.1.0 Unauthenticated.Arbitrary.Settings.Update MEDIUM" "contact-form-multi 1.2.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "customer-reviews-woocommerce 5.48.0 Reflected.Cross-Site.Scripting.via.'s' MEDIUM" "customer-reviews-woocommerce 5.47.0 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Email.Sending MEDIUM" "customer-reviews-woocommerce 5.47.0 Missing.Authorization.to.Authenticated.(Subscriber+).Coupon.Search MEDIUM" "customer-reviews-woocommerce 5.39.0 Improper.Authorization.via.submit_review MEDIUM" "customer-reviews-woocommerce 5.38.10 Author+.Arbitrary.File.Upload HIGH" "customer-reviews-woocommerce 5.38.2 Cross-Site.Request.Forgery.via.manual.review.reminders MEDIUM" "customer-reviews-woocommerce 5.38.2 Missing.Authorization.via.manual.review.reminders MEDIUM" "customer-reviews-woocommerce 5.36.1 Missing.Authorization.in.Reviews.Exporter MEDIUM" "customer-reviews-woocommerce 5.36.1 Missing.Authorization MEDIUM" "customer-reviews-woocommerce 5.17.0 Contributor+.Stored.XSS MEDIUM" "customer-reviews-woocommerce 5.16.0 Contributor+.LFI CRITICAL" "customer-reviews-woocommerce 5.3.6 Cross-Site.Request.Forgery MEDIUM" "customer-reviews-woocommerce 5.3.6 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "customer-reviews-woocommerce 5.3.6 Broken.Access.Control MEDIUM" "constant-contact-forms-by-mailmunch 2.1.0 Contributor+.Stored.XSS MEDIUM" "constant-contact-forms-by-mailmunch 2.0.11 Arbitrary.Settings.Update.via.CSRF MEDIUM" "contests-from-rewards-fuel 2.0.63 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "contests-from-rewards-fuel 2.0.65 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.update_rewards_fuel_api_key MEDIUM" "custom-sub-menus No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cww-companion 1.2.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cleantalk-spam-protect 6.21 Counters.Reset/Creation.via.CSRF MEDIUM" "cleantalk-spam-protect 6.21 Email.Update.via.CSRF MEDIUM" "cleantalk-spam-protect 5.185.1 Admin+.SQLi MEDIUM" "cleantalk-spam-protect 5.174.1 Reflected.Cross-Site.Scripting MEDIUM" "cleantalk-spam-protect 5.153.4 Unauthenticated.Blind.SQL.Injection HIGH" "cleantalk-spam-protect 5.149 Multiple.Authenticated.SQL.Injections MEDIUM" "cleantalk-spam-protect 5.127.4 Cross-Site.Scripting.Issue MEDIUM" "cleantalk-spam-protect 5.22 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "child-support-calculator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "child-support-calculator 1.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "catalog No.known.fix Admin+.SQL.Injection MEDIUM" "cf7-active-campaign 1.0.4 Reflected.Cross-Site.Scripting HIGH" "clickervolt No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "count-per-day 3.5.5 Stored.Cross-Site.Scripting.(XSS) HIGH" "count-per-day 3.5.5 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "count-per-day 3.4.1 SQL.Injection MEDIUM" "codepen-embedded-pen-shortcode 1.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "contact-form-7-skins 2.1.1 Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7-skins 2.5.1 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "custom-facebook-feed 4.2.2 Facebook.Token.Reset/Update.via.CSRF MEDIUM" "custom-facebook-feed 4.1.6 Contributor+.Stored.XSS MEDIUM" "custom-facebook-feed 4.1.1 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "custom-facebook-feed 4.0.1 Subscriber+.Arbitrary.Plugin.Settings.Update.to.Stored.XSS HIGH" "custom-facebook-feed 2.19.2 Unauthenticated.Stored.XSS CRITICAL" "custom-facebook-feed 2.19.2 Reflected.Cross-Site.Scripting MEDIUM" "chauffeur-booking-system 7.0 Authentication.Bypass CRITICAL" "chauffeur-booking-system 7.3 Unauthenticated.Arbitrary.File.Upload CRITICAL" "chopslider No.known.fix Unauthenticated.Blind.SQL.Injection CRITICAL" "custom-post-type-pdf-attachment 3.4.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.pdf_attachment.Shortcode MEDIUM" "custom-author-base No.known.fix Settings.Update.via.CSRF MEDIUM" "custom-tinymce-shortcode-button No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "conversational-forms 1.3.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "conversational-forms 1.2.0 Unauthenticated.Arbitrary.File.Download HIGH" "conversational-forms 1.17 Admin+.Stored.XSS LOW" "custom-product-builder-for-woocommerce 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "caldera-forms-pro 1.8.2 Unauthenticated.Arbitrary.File.Read HIGH" "consulting-elementor-widgets 1.3.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "consulting-elementor-widgets 1.3.1 Authenticated.(Contributor+).Remote.Code.Execution HIGH" "consulting-elementor-widgets 1.3.1 Authenticated.(Contributor+).SQL.Injection CRITICAL" "consulting-elementor-widgets 1.3.1 Unauthenticated.Local.File.Inclusion CRITICAL" "captcha-code-authentication 3.0 Captcha.Bypass MEDIUM" "captcha-code-authentication 2.8 Settings.Update.via.CSRF MEDIUM" "contact-form-plugin 4.2.9 Reflected.Cross-Site.Scripting.via.cntctfrm_contact_address MEDIUM" "contact-form-plugin 4.2.9 Reflected.Cross-Site.Scripting.via.cntctfrm_contact_subject MEDIUM" "contact-form-plugin 4.0.6 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "contact-form-plugin 4.0.2 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "contact-form-plugin 3.96 XSS MEDIUM" "contact-form-plugin 3.82 Unauthorized.Language.Manipulation MEDIUM" "contact-form-plugin 3.82 contact_form.php.cntctfrm_contact_email.Parameter.XSS MEDIUM" "cbxwpbookmark 1.7.22 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cbxwpbookmark 1.7.21 Admin+.SQLi MEDIUM" "cbxwpbookmark 1.7.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cbxwpbookmark 1.6.9 Reflected.Cross-Site.Scripting HIGH" "catch-import-export 1.9 Unauthorised.Plugin's.Setting.Change MEDIUM" "conference-scheduler 2.4.3 Reflected.Cross-Site.Scripting MEDIUM" "custom-permalinks 2.7.0 Authenticated(Editor+).Stored.Cross-Site.Scripting MEDIUM" "custom-more-link-complete No.known.fix Admin+.Stored.XSS LOW" "cf7-recaptcha-mine 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "cookiehub 1.1.1 Missing.Authorization MEDIUM" "custom-scroll-bar-designer No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "content-views-query-and-display-post-page 3.7.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.pagingType.Parameter MEDIUM" "content-views-query-and-display-post-page 3.7.1 Contributor+.Stored.Cross-Site.Scripting.via.Widget.Post.Overlay MEDIUM" "content-views-query-and-display-post-page 3.6.3 Admin+.Stored.XSS MEDIUM" "contact-form-integrated-with-google-maps 2.5 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "comment-form 1.2.1 Admin+.Authenticated.Stored.XSS LOW" "custom-landing-pages-leadmagic No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "colorlib-coming-soon-maintenance No.known.fix Information.Exposure MEDIUM" "colorlib-coming-soon-maintenance 1.0.99 Admin+.Stored.Cross.Site.Scripting LOW" "cf7-salesforce 1.4.0 Cross-Site.Request.Forgery MEDIUM" "cf7-salesforce 1.2.6 Reflected.Cross-Site.Scripting HIGH" "cf7-live-preview No.known.fix Missing.Authorization.via.update_option MEDIUM" "cm-answers 3.2.0 Admin+.Stored.XSS LOW" "click-datos-lopd No.known.fix Reflected.XSS HIGH" "cartpops 1.4.28 Reflected.Cross-Site.Scripting MEDIUM" "cartpops 1.4.17 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "customize-login No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "change-memory-limit No.known.fix Missing.Authorization.via.admin_logic() MEDIUM" "cf7-styler-for-divi 1.3.3 Reflected.Cross-Site.Scripting MEDIUM" "cf7-styler-for-divi 1.3.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "co-marquage-service-public 0.5.73 Reflected.Cross-Site.Scripting.via.search_term MEDIUM" "co-marquage-service-public 0.5.72 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "click-to-call-or-chat-buttons 1.5.0 Admin+.Stored.XSS LOW" "crisp 0.45 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "crisp 0.32 CSRF.to.Stored.Cross-Site.Scripting HIGH" "coschedule-by-todaymade 3.3.9 CSRF MEDIUM" "contexture-page-security No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "cf7-customizer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cf7-customizer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cf7-customizer No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "crypto-converter-widget 1.9.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "crypto-converter-widget 1.8.4 Contributor+.Stored.XSS MEDIUM" "custom-404-pro 3.11.2 Reflected.Cross-Site.Scripting MEDIUM" "custom-404-pro 3.10.1 Unauthenticated.Stored.Cross-Site.Scripting.via.logging HIGH" "custom-404-pro 3.8.1 Multiple.SQL.Injection HIGH" "custom-404-pro 3.8.2 Reflected.XSS HIGH" "custom-404-pro 3.7.3 Reflected.Cross-Site.Scripting HIGH" "custom-404-pro 3.7.2 Logs.Deletion.via.CSRF MEDIUM" "custom-404-pro 3.7.1 Admin+.SQLi MEDIUM" "custom-404-pro 3.2.9 Authenticated.Reflected.XSS MEDIUM" "custom-404-pro 3.2.8 XSS MEDIUM" "cloudnet-sync No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cookie-law-info 1.8.3 Improper.Access.Controls CRITICAL" "coming-soon-wp 2.1.3 Maintenance.Mode.Bypass MEDIUM" "coming-soon-wp 1.6.7 Admin+.Stored.Cross-Site.Scripting MEDIUM" "cost-calculator-builder-pro No.known.fix .Unauthenticated.Price.Manipulation MEDIUM" "cost-calculator-builder-pro 3.1.76 Unauthenticated.Arbitrary.Email.Sending MEDIUM" "cost-calculator-builder-pro 3.1.73 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "cost-calculator-builder-pro 3.1.68 Unauthenticated.Cross-Site.Scripting.via.SVG.Upload HIGH" "cm-video-lesson-manager 1.7.2 Admin+.Stored.Cross-Site.Scripting LOW" "configurable-tag-cloud-widget 5.3 Cross-Site.Request.Forgery MEDIUM" "cf7-styler 1.6.5 Missing.Authorization.via.Several.AJAX.Action MEDIUM" "cf7-styler 1.5.4 Reflected.Cross-Site.Scripting MEDIUM" "cf7-styler 1.4.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cp-multi-view-calendar 1.4.07 Unauthenticated.Arbitrary.Event.Deletion MEDIUM" "cp-multi-view-calendar 1.4.07 Unauthenticated.Arbitrary.Event.Creation.to.Stored.XSS HIGH" "cp-multi-view-calendar 1.4.01 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "chartjs No.known.fix Editor+.Stored.Cross-Site.Scripting.in.New.Chart LOW" "chartjs No.known.fix Editor+.Stored.Cross-Site.Scripting LOW" "css-hero 4.07 Authenticated.Reflected.XSS MEDIUM" "cornerstone 0.8.1 Reflected.Cross-Site.Scripting MEDIUM" "cornerstone 0.8.1 Reflected.Cross-Site.Scripting.via.PHP_SELF MEDIUM" "commonsbooking 2.6.8 Unauthenticated.SQL.Injection HIGH" "clickfunnels No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "clickfunnels No.known.fix Settings.Update.via.CSRF MEDIUM" "coming-soon-blocks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "coming-soon-blocks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cookiebot 3.6.1 CSRF.&.XSS LOW" "custom-codes 2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "custom-add-user No.known.fix Reflected.Cross-Site.Scripting HIGH" "capabilities-pro 2.5.2 Admin+.PHP.Objection.Injection MEDIUM" "capabilities-pro 2.3.1 Unauthenticated.Arbitrary.Options.Update.to.Blog.Compromise CRITICAL" "creative-image-slider 2.5.0 Reflected.Cross-Site.Scripting MEDIUM" "custom-settings No.known.fix Admin+.Stored XSS LOW" "cloak-front-end-email 1.9.2 Contributor+.Stored.XSS MEDIUM" "caxton No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "caxton 1.30.1 Reflected.Cross-Site.Scripting MEDIUM" "caxton 1.30.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cheetaho-image-optimizer 1.4.3.2 Reflected.Cross-Site.Scripting MEDIUM" "clickbank-ads-clickbank-widget 1.35 CSRF.to.Stored.Cross-Site.Scripting HIGH" "clickbank-ads-clickbank-widget 1.35 Admin+.Stored.Cross-Site.Scripting LOW" "co2ok-for-woocommerce 2.0.4 Reflected.Cross-Site.Scripting MEDIUM" "co2ok-for-woocommerce 1.0.9.22 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "co2ok-for-woocommerce 1.0.9.22 Subscriber+.Arbitrary.Option.Update CRITICAL" "cp-polls 1.0.72 Unauthenticated.Content.Injection MEDIUM" "cp-polls 1.0.72 Unauthenticated.Poll.Limit.Bypass MEDIUM" "cp-polls 1.0.9 Multiple.CSRF.Vulnerabilities MEDIUM" "cp-polls 1.0.9 Multiple.XSS.Vulnerabilities MEDIUM" "cryptocurrency-pricing-list No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "carousel-slider 2.2.4 Cross-Site.Request.Forgery MEDIUM" "carousel-slider 2.0.0 Cross-Site.Request.Forgery MEDIUM" "carousel-slider 2.2.4 Editor+.Stored.XSS LOW" "carousel-slider 2.2.11 Editor+.Stored.XSS LOW" "carousel-slider 2.2.10 Editor+.Stored.XSS MEDIUM" "carousel-slider 2.2.7 Editor+.Stored.XSS LOW" "carousel-slider 2.2.3 Missing.Authorization MEDIUM" "configure-login-timeout No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "contact-form-db-divi 1.2 Reflected.Cross-Site.Scripting MEDIUM" "cds-simple-seo 2.0.26 Arbitrary.Settings.Update.via.CSRF MEDIUM" "cds-simple-seo 1.8.13 Subscriber+.Sitemap.Creation/Deletion MEDIUM" "cds-simple-seo 1.8.13 Sitemap.Creation/Deletion.via.CSRF MEDIUM" "cds-simple-seo 1.7.92 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "compare-affiliated-products No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "compare-affiliated-products No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "comment-engine-pro No.known.fix Editor+.Stored.Cross-Site.Scripting LOW" "cartflows 2.0.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cartflows 2.0.2 Editor+.Stored.XSS LOW" "cartflows 1.6.13 Authenticated.Stored.XSS.via.FB.Pixel.ID.and.Google.Analytics.ID MEDIUM" "cartflows 1.5.16 Cross-Site.Request.Forgery MEDIUM" "cartflows 1.5.16 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "cybersoldier 1.7.0 Admin+.Stored.Cross-Site.Scripting LOW" "cookie-notice-consent 1.6.1 Admin+.Stored.XSS LOW" "customize-my-account-for-woocommerce 1.8.4 Cross-Site.Request.Forgery.via.restore_my_account_tabs MEDIUM" "clean-contact No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "call-now-icon-animate No.known.fix Admin+.Stored.XSS LOW" "custom-banners 3.3 CSRF.Nonce.Bypass.in.saveCustomFields MEDIUM" "custom-banners 2.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "church-theme-content 2.6.1 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "cookies-by-jm No.known.fix Admin+.Stored.XSS LOW" "ct-ultimate-gdpr 2.5 Unauthenticated.Plugin.Settings.Export.and.Import CRITICAL" "conversation-watson 0.8.21 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "cryptocurrency-product-for-woocommerce 3.16.10 Reflected.Cross-Site.Scripting MEDIUM" "cryptocurrency-product-for-woocommerce 3.14.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cf7-zoho 1.2.4 Admin+.SQLi MEDIUM" "cf7-zoho 1.2.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "cf7-zoho 1.1.9 Reflected.Cross-Site.Scripting HIGH" "cf7-zoho 1.1.8 Reflected.Cross-Site.Scripting HIGH" "contact-form-lite 1.1.25 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "car-rental No.known.fix Admin+.Stored.XSS LOW" "car-rental 1.0.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "conditional-payments-for-woocommerce 2.3.2 Plugin.RuleSets.Activation/Deactivation.via.CSRF MEDIUM" "contact-form-manager 1.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cf7-redirect-thank-you-page 1.0.4 Cross-Site.Request.Forgery MEDIUM" "download-theme 1.1.0 Cross-Site.Request.Forgery MEDIUM" "docollipics-faustball-de 2.1.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "dragfy-addons-for-elementor No.known.fix Missing.Authorization.via.save_settings MEDIUM" "different-home-for-logged-in-logged-out 1.3.4 Reflected.Cross-Site.Scripting MEDIUM" "devvn-image-hotspot 1.2.6 Authenticated.(Author+).PHP.Object.Injection HIGH" "dw-question-answer-pro 1.3.7 Multiple.CSRF MEDIUM" "dw-question-answer-pro 1.3.7 Arbitrary.Comment.Edition.via.IDOR MEDIUM" "dont-muck-my-markup No.known.fix Cross-Site.Request.Forgery MEDIUM" "donate-with-qrcode 1.4.5 Stored.Cross-Site.Scripting MEDIUM" "donate-with-qrcode No.known.fix Plugin's.Setting.Update.via.CSRF MEDIUM" "dynamically-register-sidebars No.known.fix Admin+.Stored.XSS LOW" "dropdown-menu-widget No.known.fix Subscriber+.Arbitrary.Settings.Update.to.Stored.XSS MEDIUM" "downloadmanager 3.2.83 Unauthenticated.Password.Protected.File.Bypass MEDIUM" "defender-security 4.7.3 Missing.Authorization MEDIUM" "defender-security 4.4.2 IP.Address.Spoofing MEDIUM" "defender-security 4.2.0 Sensitive.Information.Exposure.via.Log.File MEDIUM" "defender-security 4.2.1 Masked.Login.Area.Security.Feature.Bypass MEDIUM" "defender-security 4.1.0 Protection.Bypass.(Hidden.Login.Page) MEDIUM" "defender-security 2.4.6.1 CSRF.Nonce.Bypasses MEDIUM" "display-metadata No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "dj-email-publish No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "decalog 3.9.1 Authenticated.(Admin+).SQL.injection CRITICAL" "ds-suit No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "delete-post-revisions-on-single-click No.known.fix Cross-Site.Request.Forgery MEDIUM" "demomentsomtres-mailchimp-subscribe 3.201706150908 Reflected.Cross-Site.Scripting MEDIUM" "delete-me 3.1 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "display-a-meta-field-as-block 1.2.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "downloader-tiktok 1.4 Server.Side.Request.Forgery.(SSRF).&.Local.File.Inclusion.(LFI) MEDIUM" "digits 8.4.2 Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "device-wrapper 1.1.1 Reflected.Cross-Site.Scripting MEDIUM" "drag-and-drop-form-builder-for-contact-form-7 1.2.6 Reflected.Cross-Site.Scripting MEDIUM" "drag-and-drop-form-builder-for-contact-form-7 1.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "depicter 3.1.2 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "depicter 3.2.0 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "depicter 3.1.0 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "depicter 3.1.0 Authenticated.(Contributor+).Arbitrary.Nonce.Generation MEDIUM" "depicter 2.0.7 Settings.Update.via.CSRF MEDIUM" "dologin 3.8 Missing.Authorization.via.REST.Endpoints MEDIUM" "dologin 3.7.1 Subscriber+.IP.Address.leak MEDIUM" "dologin 3.7 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "dologin 3.7 IP.Spoofing MEDIUM" "ditty-news-ticker 3.1.46 Author+.Stored.XSS MEDIUM" "ditty-news-ticker 3.1.45 Author+.Stored.XSS MEDIUM" "ditty-news-ticker 3.1.43 Author+.Stored.XSS MEDIUM" "ditty-news-ticker 3.1.39 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "ditty-news-ticker 3.1.36 Author+.Stored.XSS MEDIUM" "ditty-news-ticker 3.1.32 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "ditty-news-ticker 3.1.25 Missing.Authorization.via.save_ditty_permissions_check MEDIUM" "ditty-news-ticker 3.1.25 Reflected.XSS HIGH" "ditty-news-ticker 3.0.33 Contributor+.Stored.XSS MEDIUM" "ditty-news-ticker 3.0.15 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "digital-river-global-commerce No.known.fix Use.of.Polyfill.io MEDIUM" "drawit No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "demon-image-annotation 4.8 Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "duplicate-theme No.known.fix CSRF MEDIUM" "dofollow-case-by-case 3.5.0 Email&URLs.Adding.to.Allowlist.via.CSRF MEDIUM" "donations-for-woocommerce 1.1.10 Cross-Site.Request.Forgery MEDIUM" "download-monitor 4.9.14 Missing.Authorization MEDIUM" "download-monitor 4.9.5 Authenticated.(Admin+).SQL.Injection HIGH" "download-monitor 4.8.2 Admin+.SSRF MEDIUM" "download-monitor 4.5.98 Admin+.Arbitrary.File.Download MEDIUM" "download-monitor 4.5.91 Admin+.Arbitrary.File.Download MEDIUM" "download-monitor 4.4.7 Reflected.Cross-Site.Scripting MEDIUM" "download-monitor 4.4.7 Admin+.Arbitrary.File.Download MEDIUM" "download-monitor 4.4.7 Admin+.Stored.Cross-Site.Scripting LOW" "download-monitor 4.4.5 Admin+.SQL.Injection MEDIUM" "download-monitor 1.9.7 Unauthenticated.Downloading.of.Logs MEDIUM" "download-monitor 1.7.1 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "download-monitor 1.6.4 Authenticated.Directory.Listing MEDIUM" "download-monitor 3.3.6.2 Multiple.Reflected.Cross-Site.Scripting MEDIUM" "dyslexiefont No.known.fix CSRF MEDIUM" "dyslexiefont 1.0.0 Authenticated.Cross-Site.Scripting MEDIUM" "deeper-comments No.known.fix Subscriber+.Arbitrary.Options.Update HIGH" "dwnldr 1.01 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.7.8 Sensitive.Information.Exposure MEDIUM" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.7.4 Contact.Form.7.<.1.3.7.4.-.Unauthenticated.Arbitrary.File.Upload HIGH" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.6.6 File.Upload.and.File.deletion.via.CSRF MEDIUM" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.6.5 File.Upload.Size.Limit.Bypass MEDIUM" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.6.3 Contact.Form.7.<.1.3.6.3.-.Unauthenticated.Stored.XSS MEDIUM" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.5.5 Unauthenticated.Remote.Code.Execution CRITICAL" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.3.3 Unauthenticated.File.Upload.Bypass CRITICAL" "dashboard-to-do-list 1.3.0 Missing.Authorization.via.ardtdw_widgetsetup() MEDIUM" "dashboard-to-do-list 1.3.2 Cross-Site.Request.Forgery.via.ardtdw_widgetupdate() MEDIUM" "donations-block No.known.fix Unauthenticated.Stored.XSS HIGH" "donations-block 2.1.0 Contributor+.Stored.XSS MEDIUM" "disable-image-right-click No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "dethemekit-for-elementor 2.1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.URL.Parameter.of.the.De.Gallery.Widget MEDIUM" "dethemekit-for-elementor 2.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.slitems.Attribute MEDIUM" "dethemekit-for-elementor 2.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "dethemekit-for-elementor 2.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dethemekit-for-elementor 2.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dethemekit-for-elementor 1.5.5.5 Contributor+.Stored.XSS MEDIUM" "dzs-zoomsounds 6.50 Unauthenticated.Arbitrary.File.Download HIGH" "dzs-zoomsounds 6.05 Unauthenticated.Arbitrary.File.Upload CRITICAL" "dzs-zoomsounds 3.0 Remote.File.Upload CRITICAL" "droit-elementor-addons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "droit-elementor-addons No.known.fix Cross-Site.Request.Forgery MEDIUM" "download-now-for-woocommerce 3.5.8.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dx-watermark No.known.fix Cross-Site.Request.Forgery MEDIUM" "drag-n-drop-upload-cf7-pro 2.11.1 Contact.Form.7.Standard.<.2.11.1.-.Reflected.Cross-Site.Scripting HIGH" "drag-n-drop-upload-cf7-pro 5.0.6.4 Contact.Form.7.with.Remote.Storage.Integrations.<.5.0.6.4.-.Reflected.Cross-Site.Scripting HIGH" "drag-n-drop-upload-cf7-pro 5.0.6.3 Contact.Form.7.with.Remote.Storage.Integrations.<.5.0.6.3.-.Path.Traversal MEDIUM" "drag-n-drop-upload-cf7-pro 2.11.0 Contact.Form.7.Standard.<.2.11.0.-.Path.Traversal MEDIUM" "demomentsomtres-wp-export No.known.fix Subscriber+.unauthorized.data.export MEDIUM" "demomentsomtres-wp-export 20200610 Reflected.Cross-Site.Scripting MEDIUM" "dazzlersoft-teams No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "device-theme-switcher No.known.fix Cross-Site.Request.Forgery MEDIUM" "dukapress 2.5.9.1 Unauthenticated.Blind.SQL.Injection CRITICAL" "delhivery-logistics-courier No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "dtabs No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dashylite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dashylite No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "daily-prayer-time-for-mosques 2023.10.21 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "daily-prayer-time-for-mosques 2023.05.05 Contributor+.Stored.XSS MEDIUM" "daily-prayer-time-for-mosques 2023.03.18 Settings.Update.via.CSRF MEDIUM" "daily-prayer-time-for-mosques 2022.03.01 Unauthenticated.SQLi HIGH" "daily-prayer-time-for-mosques 2021.08.10 Admin+.Stored.XSS LOW" "demomentsomtres-gravity-forms-improvements 201704251008 Reflected.Cross-Site.Scripting MEDIUM" "dynamic-widgets 1.6 Reflected.Cross-Site.Scripting MEDIUM" "dynamic-widgets 1.5.11 Authenticated.Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "dts-simple-share No.known.fix Admin+.XSS LOW" "dashboard-widgets-suite 3.4.4 Reflected.Cross-Site.Scripting MEDIUM" "dashboard-widgets-suite 3.4.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "dashboard-widgets-suite 3.2.2 Admin+.Stored.XSS LOW" "down-as-pdf No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "display-admin-page-on-frontend 1.21.1 Reflected.Cross-Site.Scripting MEDIUM" "display-admin-page-on-frontend 1.17.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "disable-user-login 1.3.9 User.Login.Toggle.via.CSRF MEDIUM" "dn-footer-contacts 1.6.3 Admin+.Stored.XSS LOW" "ds-site-message No.known.fix Cross-Site.Request.Forgery MEDIUM" "duplicator-pro 4.5.14.2 Unauthenticated.Sensitive.Data.Exposure HIGH" "duplicator-pro 4.5.11.1 Unauthenticated.Reflected.XSS HIGH" "duplicator-pro 3.8.7.1 Unauthenticated.Arbitrary.File.Download HIGH" "dl-verification No.known.fix Admin+.Stored.XSS LOW" "doneren-met-mollie 2.10.3 Unauthenticated.Reflected.Cross-Site.Scripting.via.search MEDIUM" "doneren-met-mollie 2.8.5 Unauthorised.CSV.Export.leading.to.Sensitive.Data.Disclosure MEDIUM" "dextaz-ping No.known.fix Admin+.RCE MEDIUM" "database-for-cf7 1.2.5 Subscriber+.CF7.DB.Entries.Deletion MEDIUM" "daext-autolinks-manager 1.10.05 CSRF MEDIUM" "donate-button 2.1.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "debug 1.11 CSRF MEDIUM" "delete-all-comments-easily No.known.fix All.Comments.Deletion.via.CSRF MEDIUM" "dh-anti-adblocker 37 Anti.AdBlocker.<.37.-.Settings.Update.via.CSRF MEDIUM" "duplicator 1.5.10 Full.Path.Disclosure MEDIUM" "duplicator 1.5.7.1 Settings.Removal.via.CSRF MEDIUM" "duplicator 1.3.0 Unauthenticated.RCE CRITICAL" "duplicator 1.5.7.1 Unauthenticated.Sensitive.Data.Exposure HIGH" "duplicator 1.4.7 Unauthenticated.Backup.Download HIGH" "duplicator 1.4.7.1 Unauthenticated.System.Information.Disclosure MEDIUM" "duplicator 1.3.28 Unauthenticated.Arbitrary.File.Download HIGH" "duplicator 1.2.42 Unauthenticated.Arbitrary.Code.Execution MEDIUM" "duplicator 1.2.33 Cross-Site.Scripting.(XSS) MEDIUM" "duplicator 1.2.29 Duplicator.<=.1,2,28.–.Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "dx-auto-save-images No.known.fix CSRF MEDIUM" "donation-button No.known.fix Subscriber+.Broken.Access.Control.leading.to.SMS.Spam MEDIUM" "donation-button No.known.fix Contributor+.Stored.XSS MEDIUM" "docket-cache 21.08.02 Reflected.Cross-Site.Scripting HIGH" "dw-promobar No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "debug-assistant 1.5 Administrator.Account.Creation.via.CSRF HIGH" "debug-assistant 1.5 Admin+.Stored.XSS LOW" "deal-of-the-day No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "disable-comments-wpz No.known.fix Authenticated.(Administrator+).SQL.Injection CRITICAL" "display-widgets 2.7 Backdoored MEDIUM" "delete-old-orders No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "drag-and-drop-multiple-file-upload-for-woocommerce 1.1.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "demo-awesome 1.0.3 Missing.Authorization MEDIUM" "demo-awesome 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "duracelltomi-google-tag-manager 1.15.2 Admin+.Stored.Cross-Site.Scripting LOW" "duracelltomi-google-tag-manager 1.15.1 Reflected.Cross-Site.Scripting MEDIUM" "demo-my-wordpress 1.1.0 Unauthenticated.Privilege.Escalation CRITICAL" "dtracker No.known.fix Unauthorised.Contract.Creation HIGH" "dtracker No.known.fix Multiple.Unauthenticated.Blind.SQL.Injections HIGH" "divi-builder 4.25.1 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "divi-builder 4.5.3 4.5.2,.Extra.2.0.-.4.5.2,.Divi.Builder.2.0.-.4.5.2).-.Authenticated.Arbitrary.File.Upload MEDIUM" "divi-builder 4.0.10 Authenticated.Code.Injection MEDIUM" "divi-builder 2.17.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "divi-builder 1.2.4 Privilege.Escalation HIGH" "delivery-and-pickup-scheduling-for-woocommerce 1.0.12 Reflected.Cross-Site.Scripting MEDIUM" "database-collation-fix 1.2.8 Cross-Site.Request.Forgery MEDIUM" "disable-dashboard-for-woocommerce 3.2.9 Reflected.Cross-Site.Scripting MEDIUM" "domain-mapping-system 1.9.3 Reflected.Cross-Site.Scripting MEDIUM" "domain-mapping-system 1.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "directories 1.3.46 Authenticated.Self-Reflected.Cross-Site.Scripting LOW" "directories 1.3.46 Authenticated.Reflected.Cross-Site.Scripting CRITICAL" "duplica 0.7 Authenticated.(Subscriber+).Missing.Authorization.to.Users/Posts.Duplicates.Creation MEDIUM" "dd-rating No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "dirtysuds-embed-pdf No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "download-info-page No.known.fix Admin+.Stored.XSS LOW" "dw-question-answer No.known.fix CSRF.Bypass.in.Multiple.Plugins MEDIUM" "duofaq-responsive-flat-simple-faq No.known.fix Reflected.Cross-Site.Scripting HIGH" "dropdown-multisite-selector 0.9.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "documentor-lite No.known.fix Unauthenticated.SQLi HIGH" "doofinder-for-woocommerce 2.1.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "doofinder-for-woocommerce 2.1.1 Missing.Authorization.via.multiple.AJAX.actions MEDIUM" "doofinder-for-woocommerce 2.1.8 Reflected.Cross-Site.Scripting HIGH" "disabler 4.0.0 CSRF MEDIUM" "different-menus-in-different-pages 2.4.0 Subscriber+.Menu.Duplication MEDIUM" "dse-divi-section-enhancer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "demomentsomtres-address No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "demomentsomtres-address No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "duplicate-variations-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "duplicate-variations-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "disqus-conditional-load 11.1.2 Admin+.Stored.Cross-Site.Scripting LOW" "directorypress No.known.fix Authenticated.(Contributor+).SQL.Injection CRITICAL" "directorypress 3.6.8 Reflected.Cross-Site.Scripting HIGH" "dpt-oauth-client No.known.fix CSRF MEDIUM" "dpt-oauth-client No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "display-custom-post No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dl-robotstxt No.known.fix Admin+.Stored.XSS LOW" "dynamic-qr-code-generator No.known.fix Reflected.XSS HIGH" "dsgvo-youtube 1.4.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dark-mode 1.7 Stored.XSS MEDIUM" "droit-dark-mode No.known.fix Cross-Site.Request.Forgery MEDIUM" "duplicate-post 3.2.4 Authenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "ds-cf7-math-captcha No.known.fix Reflected.XSS HIGH" "dn-popup No.known.fix Settings.Update.via.CSRF MEDIUM" "demomentsomtres-classify-on-publish No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "demomentsomtres-classify-on-publish No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "demomentsomtres-classify-on-publish No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "delete-custom-fields No.known.fix Cross-Site.Request.Forgery.to.Post.Meta.Deletion MEDIUM" "debug-log-config-tool 1.5 Unauthenticated.Information.Exposure.via.Logs MEDIUM" "digital-climate-strike-wp No.known.fix Redirect.to.Malicious.Website.due.to.Compromised.JS.Asset HIGH" "disable-comments 1.0.4 disable_comments_settings.php.Comment.Status.Manipulation.CSRF HIGH" "dokan-lite 3.7.6 Unauthenticated.SQLi HIGH" "dokan-lite 3.6.4 Vendor.Stored.Cross-Site.Scripting MEDIUM" "dokan-lite 3.2.1 CSRF.Nonce.Bypasses MEDIUM" "dokan-lite 3.0.9 Cross-Site.Request.Forgery MEDIUM" "dokan-lite 3.0.9 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "download-manager 3.2.98 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "download-manager 3.2.90 Improper.Authorization.via.protectMediaLibrary HIGH" "download-manager 3.2.94 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Multiple.Shortcodes MEDIUM" "download-manager 3.2.87 Authenticated.(Subscriber+).Stored.Self-Based.Cross-Site.Scripting MEDIUM" "download-manager 3.2.94 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpdm_modal_login_form.Shortcode MEDIUM" "download-manager 3.2.91 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpdm-all-packages.Shortcode MEDIUM" "download-manager 3.2.85 Contributor+.Stored.XSS MEDIUM" "download-manager 3.2.85 Unauthenticated.File.Download MEDIUM" "download-manager 3.2.86 Contributor+.Stored.XSS MEDIUM" "download-manager 3.2.83 Unauthenticated.Protected.File.Download.Password.Leak MEDIUM" "download-manager 3.2.71 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "download-manager 3.2.71 Broken.Access.Controls MEDIUM" "download-manager 6.3.0 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "download-manager 3.2.62 Contributor+.Stored.XSS MEDIUM" "download-manager 3.2.60 Reflected.XSS HIGH" "download-manager 3.2.55 Admin+.Arbitrary.File/Folder.Access.via.Path.Traversal MEDIUM" "download-manager 3.2.50 Contributor+.PHAR.Deserialization HIGH" "download-manager 3.2.53 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "download-manager 3.2.51 Contributor+.Arbitrary.File.Deletion HIGH" "download-manager 3.2.49 Clear.Stats.&.Cache.via.CSRF MEDIUM" "download-manager 3.2.49 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "download-manager 3.2.49 Multiple.CSRF MEDIUM" "download-manager 3.2.50 Bypass.IP.Address.Blocking.Restriction MEDIUM" "download-manager 3.2.44 Reflected.Cross-Site.Scripting MEDIUM" "download-manager 3.2.44 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "download-manager 3.2.48 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "download-manager 3.2.43 Reflected.Cross-Site.Scripting MEDIUM" "download-manager 3.2.39 Unauthenticated.brute.force.of.files.master.key MEDIUM" "download-manager 3.2.35 Sensitive.Information.Disclosure HIGH" "download-manager 3.2.34 Authenticated.SQL.Injection.to.Reflected.XSS MEDIUM" "download-manager 3.2.22 Subscriber+.Stored.Cross-Site.Scripting HIGH" "download-manager 3.2.16 Admin+.Stored.Cross-Site.Scripting LOW" "download-manager 3.2.13 Email.Template.Setting.Update.via.CSRF MEDIUM" "download-manager 3.1.25 Authenticated.File.Upload MEDIUM" "download-manager 3.1.25 .Authenticated.Directory.Traversal MEDIUM" "download-manager 3.1.23 Unauthorised.Asset.Manager.Usage HIGH" "download-manager 3.1.19 Authenticated.(author+).PHP4.File.Upload.to.RCE CRITICAL" "download-manager 3.1.22 Plugin.Settings.Change.via.CSRF MEDIUM" "download-manager 3.1.18 Unauthorised.Download.Duplication MEDIUM" "download-manager 2.9.97 Various.Sanitisation.Issues MEDIUM" "download-manager 2.9.94 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "download-manager 2.9.61 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "download-manager 2.9.51 Open.Redirect MEDIUM" "download-manager 2.9.50 Cross-Site.Scripting.(XSS) HIGH" "download-plugins-dashboard 1.8.8 Cross-Site.Request.Forgery MEDIUM" "download-plugins-dashboard 1.8.6 Authenticated.(Admin+).Arbitrary.File.Download MEDIUM" "download-plugins-dashboard 1.6.0 Unauthenticated.Stored.XSS MEDIUM" "devices No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "devices No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "devices No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "droip No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "droip No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Settings.Change MEDIUM" "demomentsomtres-categories No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "demomentsomtres-categories No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "demomentsomtres-categories No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "domain-check 1.0.17 Reflected.Cross-Site.Scripting MEDIUM" "dd-post-carousel 1.4.7 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "diary-availability-calendar No.known.fix Authenticated.(subscriber+).SQL.Injection HIGH" "duitku-social-payment-gateway 2.11.7 Missing.Authorization.via.check_duitku_response MEDIUM" "dans-gcal 1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "download-attachments 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "download-attachments 1.3 Contributor+.Stored.XSS MEDIUM" "delete-all-comments-of-website 4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "disable-right-click-for-wp No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "demomentsomtres-media-tools-auto No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "demomentsomtres-media-tools-auto No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "delivery-woo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "delivery-woo No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "delivery-drivers-for-vendors 1.1.1 Reflected.Cross-Site.Scripting MEDIUM" "delivery-drivers-for-vendors 1.0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "database-peek No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "delete-duplicate-posts 4.9 Missing.Authorization.via.AJAX.Actions MEDIUM" "delete-duplicate-posts 4.8.9 Reflected.Cross-Site.Scripting MEDIUM" "delete-duplicate-posts 4.7.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "delete-duplicate-posts 4.1.9.5 Subscriber+.Arbitrary.Option.Update CRITICAL" "download-zip-attachments No.known.fix Arbitrary.File.Download HIGH" "download-from-files No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "decorator-woocommerce-email-customizer 1.2.8 WooCommerce.Email.Customizer.<.1.2.8.-.Cross-Site.Request.Forgery MEDIUM" "denk-internet-solutions 6.0.0 Admin+.Stored.XSS LOW" "d-bargain 4.0.0 Admin+.Stored.XSS LOW" "delivery-drivers-manager 1.1.9 Reflected.Cross-Site.Scripting MEDIUM" "delivery-drivers-manager 1.1.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "directory-pro 1.9.5 Subscriber+.Privilege.Escalation CRITICAL" "delicious-recipes 1.7.0 Improper.Path.Validation.to.Authenticated.(Subscriber+).Arbitrary.File.Move.and.Read HIGH" "delicious-recipes 1.6.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "delicious-recipes 1.5.3 Reflected.Cross-Site.Scripting MEDIUM" "delicious-recipes 1.3.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "double-opt-in-for-download 2.1.0 Authenticated.SQL.Injection CRITICAL" "dropdown-and-scrollable-text 2.1 Reflected.Cross-Site.Scripting MEDIUM" "donation-thermometer 2.1.3 Admin+.Stored.Cross-Site.Scripting LOW" "download-magnet 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "digirisk 6.1.0.0 Reflected.Cross-Site.Scripting MEDIUM" "debug-log-manager 2.3.2 Missing.Authorization MEDIUM" "debug-log-manager 2.3.2 Missing.Authorization.via.toggle_debugging MEDIUM" "debug-log-manager 2.3.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "debug-log-manager 2.3.0 Sensitive.Logs.Exposure MEDIUM" "debug-log-manager 2.2.2 Debug.Log.Clearing.via.CSRF MEDIUM" "debug-log-manager 2.2.2 Subscriber+.Debug.Log.Clearing MEDIUM" "download-media No.known.fix Missing.Authorization.via.generate_link_for_media MEDIUM" "doctor-listing 1.3.6 Subscriber+.Privilege.Escalation CRITICAL" "dx-share-selection 1.5 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "duplicate-post-page-menu-custom-post-type 2.4.0 Subscriber+.Post.Duplication MEDIUM" "delete-usermetas 1.2.0 Cross-Site.Request.Forgery MEDIUM" "drip-feed-content-extended-for-learndash No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "database-cleaner 1.0.6 Authenticated.(Admin+).Arbitrary.File.Read MEDIUM" "database-cleaner 0.9.9 Sensitive.Information.Exposure.via.Log.File MEDIUM" "document-emberdder 1.7.9 Subscriber+.Arbitrary.Private/Draft.Post.Title.Disclosure MEDIUM" "document-emberdder 1.7.5 Unauthenticated.Arbitrary.Private/Draft.Post.Title.Disclosure MEDIUM" "dk-pricr-responsive-pricing-table 5.1.11 Author+.Stored.XSS MEDIUM" "dk-pricr-responsive-pricing-table 5.1.8 Admin+.Stored.Cross-Site.Scriping LOW" "dk-pricr-responsive-pricing-table 5.1.7 Contributor+.Stored.XSS MEDIUM" "dovetail No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "defa-online-image-protector No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "dynamic-featured-image No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.dfiFeatured.Parameter MEDIUM" "duplicate-wp-page-post 2.8 Admin+.Stored.Cross-Site.Scripting LOW" "duplicate-wp-page-post 2.5.7 SQL.Injections.due.to.Duplicated.Snippets HIGH" "dracula-dark-mode 1.0.9 The.Revolutionary.Dark.Mode.Plugin.For.WordPress.<.1.0.9.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "dracula-dark-mode 1.0.1 Reflected.Cross-Site.Scripting MEDIUM" "dearpdf-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "delete-old-posts-programmatically 3.4.3 Reflected.Cross-Site.Scripting MEDIUM" "delete-old-posts-programmatically 2.1.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "delightful-downloads No.known.fix Unauthenticated.Path.Traversal MEDIUM" "dsgvo-all-in-one-for-wp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dsgvo-all-in-one-for-wp 4.4 Cross-Site.Request.Forgery MEDIUM" "dsgvo-all-in-one-for-wp 4.2 Admin+.Stored.Cross-Site.Scripting LOW" "dsgvo-all-in-one-for-wp 4.0 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "dev-land 3.0.5 Reflected.Cross-Site.Scripting MEDIUM" "drug-search No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "democracy-poll No.known.fix Missing.Authorization MEDIUM" "democracy-poll 5.4 CSRF.&.XSS HIGH" "domain-replace No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "digital-publications-by-supsystic 1.7.8 Missing.Authorization MEDIUM" "digital-publications-by-supsystic 1.7.8 Cross-Site.Request.Forgery MEDIUM" "digital-publications-by-supsystic 1.7.7 Cross-Site.Request.Forgery.via.AJAX.action MEDIUM" "digital-publications-by-supsystic 1.7.4 Admin+.Stored.Cross-Site.Scripting LOW" "digital-publications-by-supsystic 1.7.0 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "digital-publications-by-supsystic 1.6.12 Authenticated.Path.Traversal LOW" "demomentsomtres-mailchimp-immediate-send 3.201704281627 Reflected.Cross-Site.Scripting MEDIUM" "dx-delete-attached-media 2.0.6 Settings.Update.via.CSRF MEDIUM" "download-plugin 2.0.5 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "download-plugin 2.0.0 Subscriber+.Website.Download HIGH" "download-plugin 1.6.1 Subscriber+.Arbitrary.Plugin.Activation MEDIUM" "daves-wordpress-live-search No.known.fix Admin+.Stored.XSS LOW" "debug-functions-time 1.41 Reflected.Cross-Site.Scripting MEDIUM" "database-backups No.known.fix CSRF.to.Backup.Download HIGH" "da-reactions 4.0.4 Reflected.Cross-Site.Scripting MEDIUM" "da-reactions 3.20.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "daggerhart-openid-connect-generic 3.8.2 Reflected.Cross.Site.Scripting.(XSS).via.Login.Error MEDIUM" "dl-yandex-metrika No.known.fix Admin+.Stored.XSS LOW" "data-tables-generator-by-supsystic 1.10.32 Missing.Authorization MEDIUM" "data-tables-generator-by-supsystic 1.10.20 Admin+.Stored.Cross-Site.Scripting LOW" "data-tables-generator-by-supsystic 1.10.0 Authenticated.SQL.Injection CRITICAL" "data-tables-generator-by-supsystic 1.10.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "data-tables-generator-by-supsystic 1.9.92 Authenticated.Stored.XSS MEDIUM" "data-tables-generator-by-supsystic 1.9.92 Insecure.Permissions.on.AJAX.Actions MEDIUM" "data-tables-generator-by-supsystic 1.9.92 CSRF.to.Stored.XSS,.Data.Table.Creations,.Settings.Modification CRITICAL" "dc-woocommerce-multi-vendor 4.2.1 Missing.Authorization.to.Limited.Vendor.Privilege.Escalation/Account.Takeover CRITICAL" "dc-woocommerce-multi-vendor 4.2.0 Reflected.Cross-Site.Scripting HIGH" "dc-woocommerce-multi-vendor 4.1.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.hover_animation.Parameter MEDIUM" "dc-woocommerce-multi-vendor 4.1.4 Missing.Authorization MEDIUM" "dc-woocommerce-multi-vendor 4.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dc-woocommerce-multi-vendor 4.0.26 Missing.Authorization HIGH" "dc-woocommerce-multi-vendor 4.0.24 Missing.Authorization.via.mvx_save_dashpages HIGH" "dc-woocommerce-multi-vendor 4.0.26 Improper.Authorization.on.REST.Routes.via.'save_settings_permission' HIGH" "dc-woocommerce-multi-vendor 3.8.12 Multiple.Reflected.Cross-Site.Scripting MEDIUM" "dc-woocommerce-multi-vendor 3.8.12 Unauthorised.AJAX.Calls HIGH" "dc-woocommerce-multi-vendor 3.8.12 Unauthenticated.LFI MEDIUM" "dc-woocommerce-multi-vendor 3.8.4 Reflected.Cross-Site.Scripting HIGH" "dc-woocommerce-multi-vendor 3.7.4 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "dc-woocommerce-multi-vendor 3.7.4 Unauthenticated.Arbitrary.Product.Comment MEDIUM" "dc-woocommerce-multi-vendor 3.5.8 Cross-Site.Request.Forgery MEDIUM" "dc-woocommerce-multi-vendor 3.5.8 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "dreamgrow-scroll-triggered-box No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "debug-info No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "drawblog No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "dupeoff No.known.fix Admin+.Stored.XSS LOW" "dbox-slider-lite No.known.fix Multiple.Authenticated.SQL.injection HIGH" "divebook No.known.fix Unauthenticated.Reflected.XSS LOW" "divebook No.known.fix Improper.Authorisation.Check MEDIUM" "divebook No.known.fix Unauthenticated.SQL.Injection CRITICAL" "draw-attention 2.0.16 Improper.Access.Control.via.register_cpt MEDIUM" "draw-attention 2.0.12 Subscriber+.Unauthorized.Featured.Image.Modification MEDIUM" "disable-update-notifications 2.4.2 Settings.Update.via.CSRF MEDIUM" "dnui-delete-not-used-image-wordpress No.known.fix Deletion.of.images.through.CSRF MEDIUM" "dynamic-content-for-elementor 2.12.5 Cross-Site.Request.Forgery MEDIUM" "dynamic-content-for-elementor 1.9.6 Authenticated.RCE CRITICAL" "dropbox-folder-share No.known.fix Unauthenticated.Server-Side.Request.Forgery.via.'link' HIGH" "dropbox-folder-share No.known.fix Unauthenticated.Remote.Code.Execution.via.LFI CRITICAL" "donate-extra No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "drop-shadow-boxes 1.7.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "drop-shadow-boxes 1.7.12 Reflected.Cross-Site.Scripting MEDIUM" "drop-shadow-boxes 1.7.11 Contributor+.Cross-Site.Scripting MEDIUM" "drop-shadow-boxes 1.7.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "drop-shadow-boxes 1.7.2 Subscriber+.Arbitrary.Option.Update CRITICAL" "date-time-picker-field 2.3 Reflected.Cross-Site.Scripting MEDIUM" "date-time-picker-field 2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "devbuddy-twitter-feed No.known.fix Admin+.Stored.XSS LOW" "demomentsomtres-grid-archive No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "demomentsomtres-grid-archive No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "dark-mode-for-wp-dashboard 1.2.4 Cross-Site.Request.Forgery MEDIUM" "donorbox-donation-form 7.1.7 Admin+.Stored.Cross-Site.Scripting LOW" "dancepress-trwa 3.1.1 Reflected.Cross-Site.Scripting MEDIUM" "dancepress-trwa 2.4.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "display-post-metadata 1.5.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "duplicate-page 4.4.3 Admin+.Stored.Cross-Site.Scripting LOW" "duplicate-page 3.4 Authenticated.SQL.Injection HIGH" "directorist 7.9.0 Missing.Authorization MEDIUM" "directorist 7.8.5 Missing.Authorization.to.Unauthenticated.Settings.Change MEDIUM" "directorist 7.5.5 Subscriber+.Insecure.Direct.Object.Reference.to.Arbitrary.Post.Deletion MEDIUM" "directorist 7.5.5 Subscriber+.Arbitrary.User.Password.Reset.to.Privilege.Escalation HIGH" "directorist 7.5.4 Admin+.LFI MEDIUM" "directorist 7.4.4 Subscriber+.Sensitive.Information.Disclosure MEDIUM" "directorist 7.4.2.2 Subscriber+.Arbitrary.User.Password.Update.via.IDOR HIGH" "directorist 7.3.1 Unauthenticated.Email.Address.Disclosure MEDIUM" "directorist 7.3.0 Subscriber+.Arbitrary.E-mail.Sending MEDIUM" "directorist 7.2.3 Business.Directory.Plugin.<.7.2.3.-.Admin+.Arbitrary.File.Upload MEDIUM" "directorist 7.0.6.2 CSRF.to.Remote.File.Upload CRITICAL" "dimage-360 No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "deny-all-firewall 1.1.7 CSRF HIGH" "dokan-pro 3.11.0 Unauthenticated.SQL.Injection CRITICAL" "download-button-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "distancr 1.1.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "decon-wp-sms No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "duplicate-page-or-post 1.5.1 Arbitrary.Settings.Update.to.Stored.XSS HIGH" "digiproveblog No.known.fix Reflected.Cross-Site-Scripting MEDIUM" "default-thumbnail-plus No.known.fix Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "don8 No.known.fix Admin+.Stored.XSS LOW" "dop-shortcodes No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "doko-box-builder 1.0.1 Reflected.Cross-Site.Scripting MEDIUM" "delucks-seo 2.5.5 Missing.Authorization MEDIUM" "embed-calendly-scheduling 3.7 Embed.Calendly.<.3,7.Contributor+.Stored.XSS MEDIUM" "easy2map-photos 1.1.0 SQL.Injection CRITICAL" "easy-notify-lite 1.1.33 Contributor+.Stored.XSS MEDIUM" "easy-notify-lite 1.1.30 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "easy-under-construction No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-under-construction 4.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "estatik-mortgage-calculator No.known.fix Reflected.XSS HIGH" "estatik-mortgage-calculator No.known.fix Reflected.XSS HIGH" "easy-contact-form-solution 1.7 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "evaluate No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "enable-wp-debug-from-admin-dashboard 1.86 Reflected.Cross-Site.Scripting MEDIUM" "external-media 1.0.36 Admin+.Stored.XSS LOW" "external-media 1.0.34 Authenticated.Arbitrary.File.Upload CRITICAL" "exchange-addon-invoices 1.4.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "exchange-addon-custom-url-tracking 1.1.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "easy-coming-soon No.known.fix Admin+.Stored.XSS LOW" "eonet-manual-user-approve No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "easy-redirect-manager No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "edit-comments No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "edit-comments No.known.fix Unauthenticated.SQL.Injection HIGH" "email-address-encoder 1.0.24 Cross-Site.Request.Forgery.via.eae_clear_caches() MEDIUM" "email-address-encoder 1.0.23 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "everest-admin-theme-lite 1.0.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "everest-counter-lite 2.0.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "et-core-plugin No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "et-core-plugin No.known.fix Authenticated.(Subscriber+).Limited.Arbitrary.File.Download MEDIUM" "et-core-plugin No.known.fix Unauthenticated.SQL.Injection CRITICAL" "et-core-plugin No.known.fix Missing.Authorization MEDIUM" "et-core-plugin No.known.fix Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "et-core-plugin No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "et-core-plugin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "et-core-plugin No.known.fix Authenticated.(Subscriber+).Limited.Arbitrary.File.Upload CRITICAL" "extensions-for-cf7 3.0.7 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "extensions-for-cf7 2.0.9 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "elasticpress 5.1.2 Data.Sync.via.CSRF MEDIUM" "elasticpress 3.5.4 Cross-Site.Request.Forgery MEDIUM" "easy-custom-code 1.0.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "easy-svg 3.3.0 Author+.Stored.Cross.Site.Scripting.via.SVG MEDIUM" "elastic-email-sender 1.2.7 Admin+.Stored.XSS LOW" "external-media-without-import No.known.fix Subscriber+.Blind.SSRF LOW" "external-media-without-import 1.0.1 Reflected.XSS HIGH" "easy-contact-form-pro 1.1.1.9 Authenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "easy-fancybox 1.8.18 Authenticated.Stored.XSS MEDIUM" "extended-search-plugin No.known.fix Settings.Update.via.CSRF MEDIUM" "easily-generate-rest-api-url No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "eg-attachments No.known.fix Reflected.XSS HIGH" "edit-comments-xt No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-textillate No.known.fix Authenticated(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-textillate 2.02 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "essential-blocks 4.7.0 Contributor+.Stored.XSS MEDIUM" "essential-blocks 4.5.13 Contributor+.Stored.XSS MEDIUM" "essential-blocks 4.5.10 Contributor+.DOM-Based.XSS.via.Social.Icons.Block MEDIUM" "essential-blocks 4.5.4 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "essential-blocks 4.4.10 Missing.Authorization MEDIUM" "essential-blocks 4.5.4 Contributor+.Stored.XSS MEDIUM" "essential-blocks 4.5.2 Contributor+.Stored.XSS MEDIUM" "essential-blocks 4.4.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "essential-blocks 4.2.1 Contributor+.Unauthorised.Actions LOW" "essential-blocks 4.2.1 Subscriber+.Unauthorised.Actions MEDIUM" "essential-blocks 4.4.3 Unauthenticated.Local.File.Inclusion CRITICAL" "essential-blocks 4.2.1 Missing.Authorization.via.AJAX.actions MEDIUM" "essential-blocks 4.2.1 Unauthenticated.Object.Injection HIGH" "essential-blocks 4.2.1 Unauthenticated.PHP.Object.Injection.via.products HIGH" "essential-blocks 4.2.1 Unauthenticated.PHP.Object.Injection.via.queries HIGH" "essential-blocks 4.0.7 Multiple.Functions.Missing.Authorization.Checks MEDIUM" "embedder-for-google-reviews 1.5.11 Reflected.Cross-Site.Scripting MEDIUM" "essential-widgets 1.9 Unauthorised.Plugin's.Setting.Change MEDIUM" "exquisite-paypal-donation No.known.fix Admin+.Stored.XSS LOW" "easy-pie-maintenance-mode No.known.fix Admin+.Stored.XSS LOW" "exxp-wp No.known.fix Subscriber+.Stored.Cross-Site.Scripting HIGH" "email-my-posts No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "emails-verification-for-woocommerce 2.7.5 Authentication.Bypass HIGH" "emails-verification-for-woocommerce 1.8.2 Loose.Comparison.to.Authentication.Bypass CRITICAL" "easy-table-of-contents 2.0.68 Editor+.Stored.XSS LOW" "easy-table-of-contents 2.0.67.1 Editor+.Stored.XSS LOW" "easy-table-of-contents 2.0.66 Admin+.Stored.XSS LOW" "events-addon-for-elementor 2.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "events-addon-for-elementor 2.1.3 Cross-Site.Request.Forgery MEDIUM" "events-addon-for-elementor 2.1.3 Missing.Authorization MEDIUM" "events-addon-for-elementor 2.0.3 Reflected.Cross-Site.Scripting MEDIUM" "events-addon-for-elementor 1.9.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ecommerce-two-factor-authentication 1.0.5 Two.Factor.Authentication.<.1.0.5.-.Reflected.Cross-Site.Scripting HIGH" "event-tickets-plus 5.9.1 Contributor+.Arbitrary.Events.Access LOW" "event-tickets-plus 5.9.1 Contributor+.Attendees.Lists.Disclosure LOW" "emag-marketplace-connector 1.0.1 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "everest-review-lite No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "embed-privacy 1.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-wp-cleaner 2.0 Data.Deletion.via.CSRF MEDIUM" "ecommerce-addon 1.4 Reflected.Cross-Site.Scripting MEDIUM" "ecommerce-addon 1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "essential-blocks-pro 1.1.1 Unauthenticated.Object.Injection HIGH" "essential-blocks-pro 1.1.1 Unauthenticated.PHP.Object.Injection.via.queries HIGH" "essential-blocks-pro 1.1.1 Unauthenticated.PHP.Object.Injection.via.products HIGH" "exchange-addon-stripe 1.2.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "eventON 4.4.1 Reflected.Cross-Site.Scripting MEDIUM" "eventON 4.5.9 Unauthenticated.Virtual.Event.Settings.Update MEDIUM" "eventON 4.5.5 Unauthenticated.Email.Address.Disclosure MEDIUM" "eventON 4.5.5 Admin+.Stored.Cross-Site.Scripting LOW" "eventON 4.5.6 Unauthenticated.Arbitrary.Post.Metadata.Update HIGH" "eventON 4.5.5 Reflected.XSS HIGH" "eventON 4.5.5 Unauthenticated.Virtual.Event.Password.Disclosure MEDIUM" "eventON 4.4.1 Reflected.Cross-Site.Scripting HIGH" "eventON 4.4 Unauthenticated.Event.Access HIGH" "eventON 4.4 Unauthenticated.Post.Access.via.IDOR HIGH" "erident-custom-login-and-dashboard 3.5.9 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "erident-custom-login-and-dashboard 3.5 Stored.Cross-Site.Scripting.(XSS) HIGH" "ele-blog No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ebay-feeds-for-wordpress 3.4 Admin+.Stored.XSS LOW" "ebay-feeds-for-wordpress 1.2 Cross-Site.Scripting.via.rss_url.Parameter MEDIUM" "easy-media-gallery-pro 1.3.0 CSRF.&.Cross-Site.Scripting.(XSS) MEDIUM" "easy-media-download 1.1.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "easy-media-download 1.1.5 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "epoll-wp-voting No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "epoll-wp-voting 3.4 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "epoll-wp-voting 3.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "enl-newsletter No.known.fix Campaign.Deletion.via.CSRF MEDIUM" "enl-newsletter No.known.fix Stored.XSS.via.CSRF HIGH" "enl-newsletter No.known.fix Admin+.SQL.Injection MEDIUM" "easy-maintenance-mode-coming-soon No.known.fix Information.Exposure MEDIUM" "elegant-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "extensions-leaflet-map 3.4.2 Reflected.XSS HIGH" "everest-gallery-lite 1.0.9 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "email-subscriber No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "ez-form-calculator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ethpress 2.1.1 Reflected.Cross-Site.Scripting MEDIUM" "ethpress 1.5.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-smooth-scroll-links No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-smooth-scroll-links 2.23.1 Admin+.Stored.Cross-Site.Scripting LOW" "easy-smooth-scroll-links 2.23.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "exit-popup-show No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "everest-faq-manager-lite 1.0.9 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "easy-modal 2.1.0 Authenticated.SQL.Injection HIGH" "email-subscribe 1.2.21 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "email-subscribe 1.2.20 Reflected.XSS HIGH" "email-subscribe 1.2.19 .Reflected.Cross-Site.Scripting MEDIUM" "email-subscribe 1.2.17 Reflected.XSS HIGH" "e-search No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "essential-addons-elementor 5.8.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Lightbox.and.Modal.Widget MEDIUM" "essential-addons-elementor 5.8.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Team.Member.Carousel.Widget MEDIUM" "essential-addons-elementor 5.8.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'title_html_tag' MEDIUM" "essential-addons-elementor 5.4.9 Reflected.XSS HIGH" "essential-addons-elementor 5.4.9 Unauthenticated.SSRF MEDIUM" "easy-admin-menu No.known.fix Admin+.Stored.XSS LOW" "extend-filter-products-by-price-widget No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "external-media-upload 0.5 Reflected.Cross-Site.Scripting MEDIUM" "embed-comment-images 0.6 Unauthenticated.Stored.XSS MEDIUM" "embed-power-bi No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-event-calendar No.known.fix Admin+.Stored.XSS LOW" "events-widgets-for-elementor-and-the-events-calendar 1.5 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "e2pdf 1.25.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "e2pdf 1.23.00 Missing.Authorization MEDIUM" "e2pdf 1.23.00 Cross-Site.Request.Forgery MEDIUM" "e2pdf 1.20.24 Authenticated(Administrator+).SQL.Injection MEDIUM" "e2pdf 1.20.26 Admin+.Arbitrary.File.Upload HIGH" "e2pdf 1.20.19 Authenticated.(Administrator+).PHP.Object.Injection HIGH" "e2pdf 1.20.20 Admin+.Stored.Cross-Site.Scriping LOW" "e2pdf 1.16.45 Admin+.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "enhanced-tooltipglossary 4.3.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "enhanced-tooltipglossary 4.3.0 Settings.Update.via.CSRF MEDIUM" "enhanced-tooltipglossary 3.9.21 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "enhanced-tooltipglossary 3.3.5 XSS MEDIUM" "event-geek No.known.fix Stored.Cross-site.Scripting.(XSS) MEDIUM" "easy-slideshow No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-slideshow No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "error-log-monitor 1.7.7 Reflected.Cross-Site.Scripting MEDIUM" "error-log-monitor 1.7.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "error-log-monitor 1.6.5 Subscriber+.Arbitrary.Option.Update CRITICAL" "easy-affiliate-links 3.7.4 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Reset MEDIUM" "easy-affiliate-links 3.7.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-affiliate-links 3.7.1 Contributor+.Stored.XSS MEDIUM" "export-users No.known.fix CSV.Injection MEDIUM" "enhanced-text-widget 1.6.6 Admin+.Stored.XSS LOW" "enhanced-text-widget 1.5.8 Subscriber+.Plugin.Installation MEDIUM" "enhanced-text-widget 1.5.8 Plugin.Installation.via.CSRF MEDIUM" "exchange-rates-widget 1.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "embed-form 1.3.2 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "email-encoder-bundle 2.2.2 Admin+.Stored.XSS LOW" "email-encoder-bundle 2.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "email-encoder-bundle 2.1.10 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "email-encoder-bundle 2.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "email-encoder-bundle 2.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "email-encoder-bundle 2.1.2 Reflected.Cross.Site.Scripting MEDIUM" "ebook-download 1.2 Directory.Traversal HIGH" "easy-countdowner No.known.fix Cross-Site.Request.Forgery MEDIUM" "elements-for-lifterlms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "elements-for-lifterlms No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "exchange-addon-2checkout 1.1.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "edge-gallery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "edge-gallery No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "exmage-wp-image-links 1.0.7 Admin+.Blind.SSRF LOW" "embed-swagger No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "extra-product-options-for-woocommerce 3.0.7 Missing.Authorization MEDIUM" "extra-product-options-for-woocommerce No.known.fix Authenticated.(Shop.manager+).Stored.Cross-Site.Scripting.via.plugin.settings MEDIUM" "envato-elements 2.0.11 Contributor+.Arbitrary.File.Upload HIGH" "essential-grid 3.1.2 Unauthenticated.Private.Post.Disclosure MEDIUM" "essential-grid 3.0.19 Missing.Authorization HIGH" "essential-grid 3.1.1 Reflected.XSS HIGH" "eyes-only-user-access-shortcode No.known.fix Admin+.Stored.XSS LOW" "easy-team-manager No.known.fix Authenticated.Blind.SQL.Injection CRITICAL" "event-tickets 5.11.0.5 Cross-Site.Request.Forgery MEDIUM" "event-tickets 5.8.3 Improper.Authorization.to.Information.Disclosure MEDIUM" "event-tickets 5.8.2 Missing.Authorization MEDIUM" "event-tickets 5.8.1 Contributor+.Arbitrary.Events.Access LOW" "event-tickets 5.6.0 Reflected.Cross-Site.Scripting MEDIUM" "event-tickets 5.3.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "event-tickets 5.2.2 Open.Redirect MEDIUM" "event-tickets 4.10.7.2 CSV.Injection HIGH" "easy-hide-login 1.0.8 Admin+.Stored.XSS LOW" "easy-hide-login 1.0.9 Arbitrary.settings.update.via.CSRF MEDIUM" "event-monster No.known.fix Unauthenticated.Information.Exposure MEDIUM" "event-monster No.known.fix Contributor+.PHP.Object.Injection.via.Custom.Meta MEDIUM" "event-monster No.known.fix Admin+.Stored.XSS LOW" "event-monster 1.2.0 Visitors.Deletion.via.CSRF MEDIUM" "event-monster 1.2.1 Admin+.SQLi MEDIUM" "emergency-password-reset 9.0 Cross-Site.Request.Forgery MEDIUM" "edd-cashapp No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-side-tab-cta 1.0.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "external-videos No.known.fix Admin+.Stored.XSS LOW" "edwiser-bridge 3.0.6 Authentication.Bypass.due.to.Missing.Empty.Value.Check CRITICAL" "edwiser-bridge 3.0.4 Authenticated.(Administrator+).SQL.Injection CRITICAL" "edwiser-bridge 2.0.7 Cross-Site.Request.Forgery MEDIUM" "edwiser-bridge 2.0.7 CSRF.Nonce.Bypass MEDIUM" "extra-user-details 0.5.1 Settings.Update.to.Stored.XSS.via.CSRF HIGH" "extra-user-details 0.5.1 Admin+.Stored.XSS LOW" "exports-and-reports 0.9.2 Contributor+.CSV.Injection LOW" "enweby-variation-swatches-for-woocommerce 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "easy-sticky-sidebar 1.5.9 Unauthenticated.AJAX.Actions.Call MEDIUM" "easy-image-collage 1.13.6 Missing.Authorization.to.Authenticated.(Contributor+).Data.Clearance MEDIUM" "embed-google-photos-album-easily 2.2.1 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "edd-venmo No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-custom-auto-excerpt 2.5.0 Sensitive.Information.Exposure MEDIUM" "easy-custom-auto-excerpt 2.4.7 XSS MEDIUM" "easy-table 1.7 Admin+.Stored.Cross-Site.Scripting LOW" "easy-table 1.5.3 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "embed-peertube-playlist 1.10 Editor+.Stored.XSS LOW" "easy-embed-for-youtube-wall 1.2.3 Reflected.Cross-Site.Scripting MEDIUM" "emails-blacklist-everest-forms 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "emails-blacklist-everest-forms 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "embed-youtube-video No.known.fix Authenticated.SQL.Injection MEDIUM" "everse-starter-sites 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "everse-starter-sites 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-accordion-free 2.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-accordion-free 2.2.0 Contributor+.Stored.XSS MEDIUM" "easy-accordion-free 2.0.22 Admin+.Stored.Cross-Site.Scripting LOW" "edd-tab-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "edd-tab-manager 1.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "edd-tab-manager 1.3.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "everest-backup 2.2.5 Admin+.Arbitrary.File.Upload MEDIUM" "everest-backup 2.2.0 Sensitive.Information.Exposure.via.Log.File HIGH" "exclusive-addons-for-elementor 2.6.9.9 Authenticated.(Contibutor+).Stored.Cross-Site.Scripting.via.Card.Widget MEDIUM" "exclusive-addons-for-elementor 2.6.9.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Team.Member.Widget MEDIUM" "exclusive-addons-for-elementor 2.6.9.2 Missing.Authorization.to.Post.Duplication MEDIUM" "exclusive-addons-for-elementor 2.6.9.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Expired.Title MEDIUM" "exclusive-addons-for-elementor 2.6.9.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Call.to.Action MEDIUM" "exclusive-addons-for-elementor 2.6.9.4 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "exclusive-addons-for-elementor 2.6.9.3 Contributor+.Stored.XSS MEDIUM" "exclusive-addons-for-elementor 2.6.9.3 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Post.Grid MEDIUM" "exclusive-addons-for-elementor 2.6.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "exclusive-addons-for-elementor 2.6.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "exclusive-addons-for-elementor 2.6.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "exclusive-addons-for-elementor 2.6.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Covid-19.Stats.Widget MEDIUM" "exclusive-addons-for-elementor 2.6.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Call.To.Action.Widget MEDIUM" "exclusive-addons-for-elementor 2.6.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Timer.Widget MEDIUM" "exclusive-addons-for-elementor 2.6.9 Contributor+.Stored.XSS MEDIUM" "exclusive-addons-for-elementor 2.6.9 Contributor+.Stored.XSS MEDIUM" "exclusive-addons-for-elementor 2.6.2 Arbitrary.Uninstall.Reason.Feedback.via.CSRF MEDIUM" "educare 1.4.7 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "educare 1.4.4 Students.&.Result.Management.System.<.1.4.4.-.Cross-Site.Request.Forgery.(CSRF) MEDIUM" "enhanced-catalog-images-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "enhanced-catalog-images-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "enhanced-catalog-images-for-woocommerce No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "easy-settings-for-learndash No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-settings-for-learndash No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "electric-studio-client-login No.known.fix Admin+.Stored.XSS LOW" "ethereum-wallet 4.10.6 Reflected.Cross-Site.Scripting MEDIUM" "ethereum-wallet 4.0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "expire-tags No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "expire-tags No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "easyevent No.known.fix Admin+.Stored.XSS LOW" "easy-newsletter-signups No.known.fix Admin+.SQLi MEDIUM" "easy-newsletter-signups No.known.fix Missing.Authorization MEDIUM" "easy-newsletter-signups 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-popup-show No.known.fix Cross-Site.Request.Forgery MEDIUM" "event-espresso-free 3.1.37.12.L Authenticated.Blind.SQL.Injection HIGH" "easy-call-now-button No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-call-now-button No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-media-replace 0.2.0 Author+.File.Deletion MEDIUM" "essential-real-estate 4.4.5 Insecure.Direct.Object.Reference.to.Arbitrary.Attachment.Deletion MEDIUM" "essential-real-estate 4.4.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "essential-real-estate 4.4.0 Subscriber+.Denial.of.Service.via.Arbitrary.Option.Update HIGH" "essential-real-estate 4.4.0 Subscriber+.Arbitrary.File.Upload CRITICAL" "essential-real-estate 4.4.0 Subscriber+.Stored.XSS HIGH" "essential-real-estate 4.4.0 Subscriber+.Arbitrary.File.Upload HIGH" "essential-real-estate 3.9.6 Reflected.Cross-Site-Scripting MEDIUM" "envira-gallery-lite 1.8.15 Missing.Authorization MEDIUM" "envira-gallery-lite 1.8.15 Author+.Stored.XSS MEDIUM" "envira-gallery-lite 1.8.8 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "envira-gallery-lite 1.8.7.3 Missing.Authorization.to.Gallery.Modification.via.envira_gallery_insert_images MEDIUM" "envira-gallery-lite 1.8.4.7 Reflected.Cross-Site.Scripting MEDIUM" "envira-gallery-lite 1.8.3.3 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "envira-gallery-lite 1.7.7 Authenticated.Stored.Cross-Site.Scripting.(XSS).Issue MEDIUM" "easy-courses No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "enable-accessibility 1.4.1 CSRF MEDIUM" "etsy-shop 3.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "exchange-addon-paypal-pro 1.1.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "ever-compare 1.2.4 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "everest-forms 2.0.8 Unauthenticated.Server-Side.Request.Forgery.via.font_url HIGH" "everest-forms 2.0.5 Admin+.Stored.XSS LOW" "everest-forms 1.8.0 Reflected.Cross-Site.Scripting MEDIUM" "everest-forms 1.5.0 SQL.Injection CRITICAL" "exchange-addon-membership 1.3.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "embedstories 0.7.5 Contributor+.Stored.XSS MEDIUM" "e-signature 1.5.6.8 Unauthenticated.Arbitrary.File.Upload.leading.to.RCE CRITICAL" "exportfeed-list-woocommerce-products-on-ebay-store No.known.fix Admin+.SQL.Injection MEDIUM" "exchange-addon-manual-purchases 1.1.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "easy-faq-with-expanding-text No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "elementor 3.24.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.in.the.URL.Parameter.in.Multiple.Widgets MEDIUM" "elementor 3.22.2 Contributor+.Arbitrary.SVG.Download MEDIUM" "elementor 3.21.6 Contributor+.DOM.Stored.XSS MEDIUM" "elementor 3.20.3 Contributor+.DOM.Stored.XSS MEDIUM" "elementor 3.19.1 Authenticated(Contributor+).Arbitrary.File.Deletion.and.PHAR.Deserialization HIGH" "elementor 3.19.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.get_image_alt MEDIUM" "elementor 3.18.2 Contributor+.Arbitrary.File.Upload.to.RCE.via.Template.Import HIGH" "elementor 3.16.5 Missing.Authorization.to.Arbitrary.Attachment.Read MEDIUM" "elementor 3.16.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.get_inline_svg() MEDIUM" "elementor 3.5.5 Iframe.Injection MEDIUM" "elementor 3.13.2 Missing.Authorization MEDIUM" "elementor 3.12.2 Admin+.SQLi MEDIUM" "elementor 3.5.6 DOM.Reflected.Cross-Site.Scripting MEDIUM" "elementor 3.6.3 Subscriber+.Arbitrary.File.Upload CRITICAL" "elementor 3.4.8 DOM.Cross-Site-Scripting MEDIUM" "elementor 3.1.4 Authenticated.Stored.Cross-Site.Scripting.(XSS).in.Divider.Widget MEDIUM" "elementor 3.1.4 Authenticated.Stored.Cross-Site.Scripting.(XSS).in.Icon.Box.Widget MEDIUM" "elementor 3.1.4 Authenticated.Stored.Cross-Site.Scripting.(XSS).in.Heading.Widget MEDIUM" "elementor 3.1.4 Authenticated.Stored.Cross-Site.Scripting.(XSS).in.Accordion.Widget MEDIUM" "elementor 3.1.4 Authenticated.Stored.Cross-Site.Scripting.(XSS).in.Image.Box.Widget MEDIUM" "elementor 3.1.4 Authenticated.Stored.Cross-Site.Scripting.(XSS).in.Column.Element MEDIUM" "elementor 3.0.14 SVG.Upload.Allowed.by.Default MEDIUM" "elementor 2.9.14 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "elementor 2.9.10 Authenticated.Stored.XSS HIGH" "elementor 2.9.8 SVG.Sanitizer.Bypass.leading.to.Authenticated.Stored.XSS MEDIUM" "elementor 2.9.6 Authenticated.Safe.Mode.Privilege.Escalation MEDIUM" "elementor 2.7.7 Authenticated.Stored.XSS MEDIUM" "elementor 2.8.5 Authenticated.Reflected.XSS MEDIUM" "elementor 2.8.4 Cross-Site.Scripting.(XSS) MEDIUM" "elementor 2.7.5 Authenticated.Arbitrary.File.Upload CRITICAL" "elementor 1.8.0 Authenticated.Unrestricted.Editing HIGH" "enable-svg 1.4.0 Author+.Stored.Cross.Site.Scripting.via.SVG MEDIUM" "embed-video-thumbnail 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "easy-testimonial-rotator 1.0.19 Admin+.Stored.XSS LOW" "easy-testimonial-rotator 1.0.16 Reflected.Cross-Site.Scripting HIGH" "events-search-addon-for-the-events-calendar 1.2 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "easy-wp-cookie-popup No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-wp-cookie-popup No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "enhanced-media-library 2.8.10 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "enhanced-e-commerce-for-woocommerce-store 7.1.1 All-in-one.Google.Analytics,.Pixels.and.Product.Feed.Manager.for.WooCommerce.<.7.1.1.-.Reflected.Cross-Site.Scripting MEDIUM" "enhanced-e-commerce-for-woocommerce-store 7.0.0 Reflected.Cross-Site.Scripting MEDIUM" "enhanced-e-commerce-for-woocommerce-store 7.0.8 Subscriber+.SQL.Injection HIGH" "enhanced-e-commerce-for-woocommerce-store 7.0.8 Subscriber+.SQL.Injection.via.ee_syncProductCategory HIGH" "enhanced-e-commerce-for-woocommerce-store 6.5.4 Reflected.XSS HIGH" "enhanced-e-commerce-for-woocommerce-store 5.2.4 Settings.Update.via.CSRF MEDIUM" "enhanced-e-commerce-for-woocommerce-store 4.6.2 Subscriber+.SQL.Injection HIGH" "email-customizer-for-woocommerce 2.6.1 Information.Exposure MEDIUM" "easy-appointments 3.11.19 Insufficient.Authorization MEDIUM" "easy-appointments 3.11.19 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-appointments 3.11.10 Cross-Site.Request.Forgery MEDIUM" "easy-appointments 3.11.2 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "easy-appointments 1.12.0 Cross-Site.Scripting.(XSS) MEDIUM" "easy-gallery-slideshow No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "extreme-blocks 0.8.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ere-recently-viewed 2.0 Unauthenticated.PHP.Object.Injection MEDIUM" "elementskit-lite 3.2.1 Unauthenticated.Information.Exposure.via.ekit_widgetarea_content.Function MEDIUM" "elementskit-lite 3.2.0 Missing.Authorization MEDIUM" "elementskit-lite 3.1.3 3.1.2.-.Contributor+.Stored.XSS MEDIUM" "elementskit-lite 3.1.1 Contributor+.Local.File.Inclusion.via.Onepage.Scroll.Module HIGH" "elementskit-lite 3.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Widget MEDIUM" "elementskit-lite 3.0.7 Contributor+.Stored.XSS MEDIUM" "elementskit-lite 3.0.7 Contributor+.Local.File.Inclusion HIGH" "elementskit-lite 3.0.4 Contributor+.Stored.XSS MEDIUM" "elementskit-lite 3.0.6 Contributor+.Stored.XSS MEDIUM" "elementskit-lite 3.0.5 Contributor+.Stored.XSS MEDIUM" "elementskit-lite 3.0.4 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "elementskit-lite 2.9.2 Missing.Authorization MEDIUM" "elementskit-lite 2.2.0 Contributor+.Stored.XSS MEDIUM" "elementor-pro 3.21.3 Reflected.Cross-Site.Scripting MEDIUM" "elementor-pro 3.21.2 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "elementor-pro 3.20.2 Authententicated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementor-pro 3.20.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementor-pro 3.20.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Form.Widget.SVGZ.File.Upload MEDIUM" "elementor-pro 3.20.2 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.video_html_tag MEDIUM" "elementor-pro 3.20.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.Navigation MEDIUM" "elementor-pro 3.19.3 Authenticated.(Contributor+).Information.Exposure MEDIUM" "elementor-pro 3.11.7 Subscriber+.Arbitrary.Options.Update HIGH" "elementor-pro 2.9.4 Authenticated.Arbitrary.File.Upload CRITICAL" "elementor-pro 2.0.10 XSS MEDIUM" "eupago-gateway-for-woocommerce 3.1.10 CSRF MEDIUM" "exchange-addon-easy-ue-vat-taxes 1.2.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "easy-order-view No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "enqueue-anything No.known.fix Subscriber+.Arbitrary.Asset/Post.Deletion MEDIUM" "easy-video-player 1.2.2.11 Contributor+.Stored.XSS MEDIUM" "easy-video-player 1.2.2.3 Contributor+.Stored.XSS MEDIUM" "enjoy-instagram-instagram-responsive-images-gallery-and-carousel No.known.fix Unauthenticated.Arbitrary.Instagram.Account.Unlinking MEDIUM" "enjoy-instagram-instagram-responsive-images-gallery-and-carousel No.known.fix Subscriber+.Plugin.Database.Reset MEDIUM" "enjoy-instagram-instagram-responsive-images-gallery-and-carousel 6.2.1 Reflected.Cross-Site.Scripting MEDIUM" "email-verification-for-woocommerce-pro 1.8.2 Loose.Comparison.to.Authentication.Bypass CRITICAL" "easy-svg-image-allow No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "echosign 1.2 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "export-users-to-csv No.known.fix CSV.Injection HIGH" "error-log-viewer 1.1.3 Directory.Listing.to.Sensitive.Data.Exposure LOW" "error-log-viewer 1.1.2 Arbitrary.Text.File.Deletion.via.CSRF LOW" "error-log-viewer 1.1.2 Admin+.Arbitrary.File.Clearing MEDIUM" "error-log-viewer 1.0.6 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "essential-content-types 1.9 Unauthorised.Plugin's.Setting.Change MEDIUM" "easy-code-snippets 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-code-snippets 1.0.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "eps-301-redirects 2.51 Easy.Redirect.Manager.<.2.51.-.Authenticated.SQL.Injection CRITICAL" "eps-301-redirects 2.45 Easy.Redirect.Manager.<.2.45.-.Authenticated.Arbitrary.Redirect.Injection.and.Modification,.XSS,.and.CSRF CRITICAL" "ethereumico 2.4.4 Reflected.Cross-Site.Scripting MEDIUM" "ethereumico 2.3.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ebecas No.known.fix Admin+.Stored.XSS LOW" "exportfeed-for-woocommerce-google-product-feed No.known.fix Admin+.SQLi MEDIUM" "easy-cookie-law No.known.fix Settings.Update.via.CSRF MEDIUM" "embed-any-document 2.7.2 Author+.Stored.XSS LOW" "easy2map 1.3.0 Local.File.Inclusion CRITICAL" "easy2map 1.3.0 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "easy-facebook-likebox-premium 6.2.7 Reflected.Cross-Site.Scripting HIGH" "email-artillery No.known.fix Multiple.Reflected.Cross-Site.Scripting HIGH" "email-artillery No.known.fix Arbitrary.File.Upload MEDIUM" "email-artillery No.known.fix CSRF.to.Stored.XSS HIGH" "email-artillery No.known.fix Multiple.Authenticated.SQL.Injections MEDIUM" "events-manager 6.4.9 Reflected.Cross-Site.Scripting MEDIUM" "events-manager 6.4.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.event,.location,.and.event_category.Shortcodes MEDIUM" "events-manager 6.4.7.2 Cross-Site.Request.Forgery MEDIUM" "events-manager 6.4.7 Missing.Authorization MEDIUM" "events-manager 6.4.7.2 Cross-Site.Request.Forgery MEDIUM" "events-manager 6.4.7.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "events-manager 6.4.7 Authenticated(Administator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "events-manager 6.4.6 Reflected.Cross-Site.Scripting MEDIUM" "events-manager 5.9.8 Cross-Site.Scripting.(XSS) LOW" "events-manager 5.9.8 Admin+.SQL.Injection MEDIUM" "events-manager 5.9.7.2 CSV.Injection MEDIUM" "events-manager 5.9.6 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "events-manager 5.9 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "events-manager 5.8.1.2 Unauthenticated.Stored.XSS CRITICAL" "events-manager 5.6 Cross-Site.Scripting.(XSS).&.Code.Injection MEDIUM" "events-manager 5.5.7.1 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "events-manager 5.5.7 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "events-manager 5.3.4 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "events-manager 5.5.2 Multiple.Unspecified.XSS.Vulnerabilities MEDIUM" "events-manager 5.3.9 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "events-manager 5.5 Cross-Site.Scripting.(XSS) MEDIUM" "easy-ad-manager No.known.fix Admin+.Stored.XSS LOW" "email-header-footer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "email-header-footer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-facebook-like-box 4.1.3 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "edubin No.known.fix Unauthenticated.Server-Side.Request.Forgery HIGH" "erp 1.13.1 Authenticated.(Accounting.Manager+).SQL.Injection.via.vendor_id HIGH" "erp 1.13.2 Authenticated.(AccountingManager+).SQL.Injection HIGH" "erp No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "erp No.known.fix Authenticated.(AccountingManager+).SQL.Injection HIGH" "erp No.known.fix Authenticated.(Accounting.Manager+).SQL.Injection HIGH" "erp No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "erp 1.30.0 Authenticated.(Accounting.Manager+).SQL.Injection.via.id HIGH" "erp 1.12.9 Authenticated.(Accounting.manager+).SQL.Injection HIGH" "erp 1.12.7 Missing.Authorization.via.admin.notice.dismissal MEDIUM" "erp 1.12.4 Admin+.SQL.Injection MEDIUM" "erp 1.12.4 Reflected.Cross-Site.Scripting HIGH" "erp 1.7.5 CSRF.Nonce.Bypasses MEDIUM" "erp 1.6.4 Cross-Site.Request.Forgery MEDIUM" "erp 1.6.4 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "email-tracker 5.3.9 Reflected.Cross-Site.Scripting MEDIUM" "email-tracker 5.3.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "email-tracker 5.2.6 Reflected.Cross-Site.Scripting HIGH" "email-tracker 5.2.7 Arbitrary.Email.Entry.Deletion.via.CSRF MEDIUM" "eventon-lite 2.2.17 Admin+.Stored.XSS LOW" "eventon-lite 2.2.16 Missing.Authorization.to.Unauthenticated.Stored.Cross-Site.Scripting.and.Plugin.Settings.Updates HIGH" "eventon-lite 2.2.15 Admin+.Stored.Cross-Site.Scripting.via.event.subtitle LOW" "eventon-lite 2.2.15 Admin+.Stored.XSS LOW" "eventon-lite 2.2.9 Unauthenticated.Virtual.Event.Settings.Update MEDIUM" "eventon-lite 2.2.8 Unauthenticated.Email.Address.Disclosure MEDIUM" "eventon-lite 2.2.7 Admin+.Stored.Cross-Site.Scripting LOW" "eventon-lite 2.2.8 Unauthenticated.Arbitrary.Post.Metadata.Update HIGH" "eventon-lite 2.2.8 Reflected.XSS HIGH" "eventon-lite 2.2.8 Unauthenticated.Virtual.Event.Password.Disclosure MEDIUM" "eventon-lite 2.2 Admin.+.Stored.HTML.Injection LOW" "eventon-lite 2.2.3 Reflected.Cross.Site.Scripting HIGH" "eventon-lite 2.2 Admin+.Stored.XSS LOW" "eventon-lite 2.1.2 Unauthenticated.Event.Access HIGH" "eventon-lite 2.1.2 Unauthenticated.Post.Access.via.IDOR HIGH" "elegant-calendar-lite 1.5.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "export-post-info 1.2.1 Author+.CSV.Injection MEDIUM" "export-post-info 1.2.0 Admin+.Stored.Cross-Site.Scripting LOW" "elex-woocommerce-google-product-feed-plugin-basic 1.2.4 Reflected.Cross-Site.Scripting.(XSS) HIGH" "eelv-newsletter 4.6.1 CSRF.&.XSS HIGH" "easylogo No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "exit-intent-popups-by-optimonk 2.0.5 Account.ID.Update.via.CSRF MEDIUM" "easy-testimonials No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "easy-testimonials 3.9.3 Contributor+.Stored.XSS MEDIUM" "easy-testimonials 3.9 Reflected.Cross-Site.Scripting MEDIUM" "easy-testimonials 3.7 Cross-Site.Request.Forgery MEDIUM" "easy-testimonials 3.7 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "easy-testimonials 3.6 Authenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "easy-testimonials 1.37 Authenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "eprolo-dropshipping 1.7.2 Missing.Authorization MEDIUM" "ether-and-erc20-tokens-woocommerce-payment-gateway 4.12.13 Reflected.Cross-Site.Scripting MEDIUM" "ether-and-erc20-tokens-woocommerce-payment-gateway 4.12.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "eu-vat-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting HIGH" "eexamhall No.known.fix CSRF MEDIUM" "easy-form-builder-by-bitware No.known.fix Unauthorised.AJAX.calls HIGH" "easy-form-builder-by-bitware No.known.fix Authenticated.Arbitrary.File.Upload CRITICAL" "express-shop 4.0.3 CSRF.Bypass MEDIUM" "elementskit 3.6.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementskit 3.6.7 Authenticated.(Contributor+).Sensitive.Information.Exposure MEDIUM" "elementskit 3.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Motion.Text.and.Table.Widgets MEDIUM" "elementskit 3.6.3 Authenticated.(Contributor+).Server-Side.Request.Forgery HIGH" "elementskit 3.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementskit 3.6.1 Authenticated.(Contributor+).Local.File.Inclusion.via.Price.Menu,.Hotspot,.and.Advanced.Toggle.Widgets HIGH" "elementskit 3.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'ekit_btn_id' MEDIUM" "elementskit 2.2.0 Contributor+.Stored.XSS MEDIUM" "embedalbum-pro 1.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "embedalbum-pro 1.1.28 Contributor+.Stored.XSS MEDIUM" "edd-courses 0.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "edd-courses 0.1.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "events-calendar-pro 7.0.2.1 Authenticated.(Administrator+).PHP.Object.Injection.to.Remote.Code.Execution CRITICAL" "events-calendar-pro 6.4.0.1 Contributor+.Arbitrary.Events.Access LOW" "easy-pixels-by-jevnet No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "easy-registration-forms No.known.fix Subscriber+.Information.Disclosure.via.Shortcode MEDIUM" "easy-registration-forms No.known.fix CSRF.to.Stored.Cross-Site.Scripting HIGH" "easy-registration-forms No.known.fix CSV.Injection MEDIUM" "eazydocs 2.5.1 Missing.Authorization MEDIUM" "eazydocs 2.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "eazydocs 2.5.0 Admin+.Stored.XSS LOW" "eazydocs 2.4.0 Subscriber+.Arbitrary.Posts.Deletion.and.Document.Management MEDIUM" "eazydocs 2.3.6 Subscriber+.Arbitrary.Posts.Deletion.and.Document.Management MEDIUM" "eazydocs 2.3.4 Subscriber.+.SQLi HIGH" "eazydocs 2.3.6 Reflected.XSS MEDIUM" "eazydocs 2.3.6 Unauthenticated.OnePage.Document.Update/Publish MEDIUM" "eazydocs 2.2.1 Reflected.Cross-Site.Scripting MEDIUM" "easy-form 1.2.1 Admin+.Stored.XSS LOW" "eroom-zoom-meetings-webinar 1.4.19 Missing.Authorization.to.Information.Exposure MEDIUM" "eroom-zoom-meetings-webinar 1.3.4 Reflected.Cross-Site.Scripting MEDIUM" "eroom-zoom-meetings-webinar 1.3.8 Sync.Meetings.via.CSRF MEDIUM" "eroom-zoom-meetings-webinar 1.3.9 Cache.Deletion.via.CSRF MEDIUM" "enhanced-wordpress-contactform 2.3 Admin+.Stored.XSS LOW" "embedpress 4.0.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "embedpress 4.0.10 Unauthenticated.Local.File.Inclusion CRITICAL" "embedpress 4.0.5 Missing.Authorization MEDIUM" "embedpress 3.9.11 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.PDF.Widget.URL MEDIUM" "embedpress 4.0.2 .Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.EmbedPress.PDF.Widget MEDIUM" "embedpress 3.9.13 Contributor+.PDF.Block.Embedding LOW" "embedpress 3.9.17 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "embedpress 3.9.12 Missing.Authorization MEDIUM" "embedpress 3.9.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Youtube.Block MEDIUM" "embedpress 3.9.9 Missing.Authorization.via.handle_calendly_data MEDIUM" "embedpress 3.9.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "embedpress 3.9.13 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Widget.Attribute MEDIUM" "embedpress 3.9.13 Authenticated.(Contributor+).Stored.Cross-site.Scripting.via.'embedpress_doc_custom_color' MEDIUM" "embedpress 3.9.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Wistia.Block MEDIUM" "embedpress 3.9.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.EmbedPress.PDF.Widget MEDIUM" "embedpress 3.9.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "embedpress 3.9.9 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Google.Calendar.Widget.Link MEDIUM" "embedpress 3.9.6 Contributor+.Stored.XSS MEDIUM" "embedpress 3.9.5 Missing.Authorization MEDIUM" "embedpress 3.9.2 Reflected.XSS HIGH" "embedpress 3.9.2 Reflected.XSS MEDIUM" "embedpress 3.8.4 Cross-Site.Request.Forgery MEDIUM" "embedpress 3.8.3 Subscriber+.Plugin.Settings.Delete MEDIUM" "embedpress 3.8.3 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "embedpress 2.0.3 Reflected.Cross-Site.Scripting MEDIUM" "embedpress 3.8.0 Sensitive.Data.Disclosure MEDIUM" "event-espresso-decaf 5.0.22.decaf Authenticated.(Subscriber+).Missing.Authorization.to.Limited.Plugin.Settings.Modification MEDIUM" "event-espresso-decaf 4.10.12 Cross-Site.Request.Forgery MEDIUM" "event-espresso-decaf 4.10.14 CSRF.Bypass MEDIUM" "easy-post-views-count 1.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-justified-gallery 1.1.1 Reflected.Cross-Site.Scripting.(XSS) HIGH" "easy-paypal-donation 1.3.4 Arbitrary.Post.Deletion.via.CSRF HIGH" "easy-paypal-donation 1.3.2 Admin+.Stored.Cross-Site.Scripting LOW" "easy-paypal-donation 1.3.1 Reflected.Cross-Site.Scripting.via.page.Parameter HIGH" "easy-paypal-donation 1.3.1 CSRF.to.Arbitrary.Post.Deletion MEDIUM" "easy-paypal-donation 1.3.1 CSRF.to.Stored.Cross-Site.Scripting HIGH" "event-tickets-with-ticket-scanner 2.3.2 Reflected.Cross-Site.Scripting MEDIUM" "event-tickets-with-ticket-scanner 2.3.8 Admin+.Stored.XSS LOW" "enteraddons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Events.Card.Widget MEDIUM" "enteraddons No.known.fix Contributor+.Stored.XSS MEDIUM" "enteraddons 2.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "enteraddons 2.1.6 Contributor+.Stored.XSS.via.Heading.widget MEDIUM" "enteraddons 2.1.6 Contributor+.Stored.XSS.via.Animation.Title.widget MEDIUM" "easy-caller-with-moceanapi No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "editable-table No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "examapp No.known.fix Authenticated.SQL.Injection./.Cross-Site.Scripting HIGH" "elfsight-pricing-table No.known.fix Cross-Site.Request.Forgery.via.ajax() MEDIUM" "elfsight-pricing-table No.known.fix Missing.Authorization MEDIUM" "easy-paypal-events-tickets 1.1.2 Reflected.Cross-Site.Scripting.via.page.Parameter HIGH" "eu-cookie-law No.known.fix Admin+.Stored.XSS LOW" "eu-cookie-law 3.1.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "email-templates 1.4.3 Email.Sending.via.CSRF MEDIUM" "email-log 2.4.9 Unauthenticated.Hook.Injection HIGH" "email-log 2.4.8 Reflected.Cross-Site.Scripting HIGH" "email-log 2.4.7 Admin+.SQL.Injection MEDIUM" "easy-form-builder 3.7.5 Authenticated.(Contributor+).SQL.Injection CRITICAL" "easy-form-builder 3.4.0 Admin+.Stored.XSS LOW" "easy-social-share-buttons3 9.5 Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "easy-social-share-buttons3 9.5 Missing.Authorization MEDIUM" "easy-social-share-buttons3 9.5 Reflected.Cross-Site.Scripting MEDIUM" "easy-schema-structured-data-rich-snippets 2.3.0 Reflected.Cross-Site.Scripting MEDIUM" "eventprime-event-calendar-management 4.0.4.4 Missing.Authorization.to.Unauthenticated.Private.or.Password-Protected.Events.Disclosure MEDIUM" "eventprime-event-calendar-management 4.0.4.0 Missing.Authorization.via.calendar_event_create() MEDIUM" "eventprime-event-calendar-management 3.3.5 Unauthenticated.Booking.Price.Manipulation MEDIUM" "eventprime-event-calendar-management 3.4.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "eventprime-event-calendar-management 3.4.4 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Email.Sending MEDIUM" "eventprime-event-calendar-management 3.4.3 Unauthenticated.Booking.Payment.Bypass MEDIUM" "eventprime-event-calendar-management 3.4.4 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Deletion MEDIUM" "eventprime-event-calendar-management 3.4.3 Missing.Authorization.to.Arbitrary.Post.Overwrite MEDIUM" "eventprime-event-calendar-management 3.4.4 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "eventprime-event-calendar-management 3.4.2 Missing.Authorization.to.Authenticated.(Subscriber+).Event.Export MEDIUM" "eventprime-event-calendar-management 3.4.1 Missing.Authorization.to.Authenticated.(Subscriber+).Attendee.List.Retrieval MEDIUM" "eventprime-event-calendar-management 3.4.0 Improper.Input.Validation.via.save_event_booking MEDIUM" "eventprime-event-calendar-management 3.3.6 Unauthenticated.Event.Access MEDIUM" "eventprime-event-calendar-management 3.3.3 Contributor+.Stored.XSS MEDIUM" "eventprime-event-calendar-management 3.3.6 Booking.Pricing.Bypass MEDIUM" "eventprime-event-calendar-management 3.1.6 Reflected.XSS HIGH" "eventprime-event-calendar-management 3.2.0 Reflected.XSS HIGH" "eventprime-event-calendar-management 3.2.0 Reflected.HTML.Injection.on.keyword.parameter MEDIUM" "eventprime-event-calendar-management 3.2.0 Booking.Creation.via.CSRF MEDIUM" "eventprime-event-calendar-management 3.0.6 Reflected.Cross-Site.Scripting HIGH" "eventprime-event-calendar-management 3.0.0 Unauthenticated.Reflected.XSS HIGH" "easy-testimonial-manager No.known.fix Authenticated.SQL.Injection MEDIUM" "edoc-employee-application No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-org-chart No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "envialosimple-email-marketing-y-newsletters-gratis 2.3 Reflected.Cross-Site.Scripting MEDIUM" "envialosimple-email-marketing-y-newsletters-gratis No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "envialosimple-email-marketing-y-newsletters-gratis No.known.fix Cross-Site.Request.Forgery MEDIUM" "envialosimple-email-marketing-y-newsletters-gratis 2.2 EnvíaloSimple.<.2,2.Unauthenticated.PHP.Object.Injection MEDIUM" "edd-recent-purchases No.known.fix Unauthenticated.Remote.File.Inclusion CRITICAL" "external-url-as-post-featured-image-thumbnail 2.03 Reflected.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 6.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Filterable.Gallery.Widget MEDIUM" "essential-addons-for-elementor-lite 6.0.4 Best.Elementor.Templates,.Widgets,.Kits.&.WooCommerce.Builders.<.6.0.4.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Fancy.Text.Widget MEDIUM" "essential-addons-for-elementor-lite 6.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.no_more_items_text.Parameter MEDIUM" "essential-addons-for-elementor-lite 5.9.27 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.9.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.9.23 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.9.22 Contributor+.Stored.Cross-Site.Scripting.via.Twitter.Feed MEDIUM" "essential-addons-for-elementor-lite 5.9.16 Contributor+.Stored.XSS MEDIUM" "essential-addons-for-elementor-lite 5.9.21 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.9.20 Contributor+.Stored.Cross-Site.Scripting.via.'Interactive.Circles' MEDIUM" "essential-addons-for-elementor-lite 5.9.20 Contributor+.DOM-Based.Stored.Cross-Site.Scripting.via.Several.Widgets MEDIUM" "essential-addons-for-elementor-lite 5.9.20 Contributor+.Stored.Cross-Site.Scripting.via.'Dual.Color.Header',.'Event.Calendar',.&.'Advanced.Data.Table' MEDIUM" "essential-addons-for-elementor-lite 5.9.18 Contributor+.Stored.XSS MEDIUM" "essential-addons-for-elementor-lite 5.9.16 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.9.16 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.9.16 Information.Exposure MEDIUM" "essential-addons-for-elementor-lite 5.9.15 Contributor+.Store.XSS.via.Widget.URL MEDIUM" "essential-addons-for-elementor-lite 5.9.14 Author+.PHP.Object.Injection MEDIUM" "essential-addons-for-elementor-lite 5.9.14 Unauthenticated.Private/Draft.Posts.Access MEDIUM" "essential-addons-for-elementor-lite 5.9.12 Contributor+.Stored.XSS MEDIUM" "essential-addons-for-elementor-lite 5.9.12 Contributor+.Stored.XSS MEDIUM" "essential-addons-for-elementor-lite 5.9.10 Contributor+.Stored.Cross-Site.Scripting.via.Event.Calendar HIGH" "essential-addons-for-elementor-lite 5.9.10 Contributor+.Stored.Cross-Site.Scripting.via.Data.Table MEDIUM" "essential-addons-for-elementor-lite 5.9.9 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.9.9 Contributor+.Stored.Cross-Site.Scripting.via.Filterable.Gallery MEDIUM" "essential-addons-for-elementor-lite 5.9.9 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.9.9 Contributor+.Stored.Cross-Site.Scripting.via.Accordion MEDIUM" "essential-addons-for-elementor-lite 5.9.8 Contributor+.Stored.XSS MEDIUM" "essential-addons-for-elementor-lite 5.9.5 Contributor+.Stored.Cross-Site.Scritping MEDIUM" "essential-addons-for-elementor-lite 5.9.5 Contributor+.Stored.Cross-Site.Scripting.via.Image.URl MEDIUM" "essential-addons-for-elementor-lite 5.9.3 Contributor+.Stored.XSS MEDIUM" "essential-addons-for-elementor-lite 5.8.9 Authenticated.(Contributor+).Privilege.Escalation HIGH" "essential-addons-for-elementor-lite 5.8.2 Unauthenticated.MailChimp.API.Key.Disclosure MEDIUM" "essential-addons-for-elementor-lite 5.7.2 Unauthenticated.Privilege.Escalation CRITICAL" "essential-addons-for-elementor-lite 5.0.9 Reflected.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.0.5 Unauthenticated.LFI CRITICAL" "essential-addons-for-elementor-lite 4.5.4 Contributor+.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "ebook-store No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "ebook-store 5.8002 Admin+.Stored.XSS LOW" "ebook-store 5.785 Reflected.XSS HIGH" "ebook-store 5.78 Unauthenticated.Sensitive.Data.Disclose MEDIUM" "ebook-store 5.78 Admin+.Stored.XSS LOW" "elegant-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Switcher,.Slider,.and.Iconbox.Widgets MEDIUM" "elegant-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.HTML.tags MEDIUM" "eventon-rsvp 2.9.5 Reflected.XSS HIGH" "easy-pie-coming-soon 1.0.7.4 Admin+.Stored.XSS LOW" "easy-career-openings No.known.fix jobid.Parameter.SQL.Injection MEDIUM" "exchange-addon-table-rate-shipping 1.1.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "eventr No.known.fix Blind.SQL.Injection CRITICAL" "easy-bootstrap-shortcodes No.known.fix Contributor+.Stored.XSS MEDIUM" "easy-social-icons 3.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "easy-social-icons 3.2.5 Missing.Authorization.via.cnss_save_ajax_order MEDIUM" "easy-social-icons 3.2.1 Unauthenticated.Arbitrary.Icon.Deletion MEDIUM" "easy-social-icons 3.2.1 Admin+.Stored.Cross-Site.Scripting.in.add.icon LOW" "easy-social-icons 3.2.0 Admin+.Stored.Cross-Site.Scripting LOW" "easy-social-icons 3.1.4 Admin+.SQL.Injection MEDIUM" "easy-social-icons 3.1.3 Reflected.Cross-Site.Scripting HIGH" "easy-social-icons 3.0.9 Reflected.Cross-Site.Scripting HIGH" "expandable-paywall 2.0.17 Reflected.Cross-Site.Scripting MEDIUM" "expandable-paywall 2.0.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "export-import-menus 1.9.0 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "easy-preloader No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "easy-table-booking No.known.fix Cross-Site.Request.Forgery MEDIUM" "eventify No.known.fix Admin+.Stored.XSS LOW" "exchange-addon-authorize-net 1.1.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "enable-media-replace 4.1.5 Reflected.Cross-Site.Scripting MEDIUM" "enable-media-replace 4.1.3 Author+.PHP.Object.Injection MEDIUM" "enable-media-replace 4.0.2 Author+.Arbitrary.File.Upload CRITICAL" "enable-media-replace 4.0.0 Admin+.Path.Traversal LOW" "email-subscribers 5.7.27 Email.Subscribers,.Newsletters.and.Marketing.Automation.Plugin.<.5.7.27.-.Missing.Authorization MEDIUM" "email-subscribers 5.7.26 Unauthenticated.SQL.Injection.via.unsubscribe CRITICAL" "email-subscribers 5.7.24 Email.Subscribers,.Newsletters.and.Marketing.Automation.Plugin.<.5.7.24.-.Unauthenticated.SQL.Injection.via.optin CRITICAL" "email-subscribers 5.7.23 Authenticated.(Subscriber+).SQL.Injection.Vulnerability.via.options[list_id] HIGH" "email-subscribers 5.7.21 Unauthenticated.SQL.Injection.via.hash CRITICAL" "email-subscribers 5.7.18 Missing.Authorization MEDIUM" "email-subscribers 5.7.20 Missing.Authorization.in.handle_ajax_request HIGH" "email-subscribers 5.7.15 Email.Subscribers,.Newsletters.and.Marketing.Automation.Plugin.<.5.7.15.-.Unauthenticated.SQL.Injection CRITICAL" "email-subscribers 5.7.14 Missing.Authorization MEDIUM" "email-subscribers 5.7.16 Authenticated.(Administrator+).Cross-Site.Scripting.via.CSV.import MEDIUM" "email-subscribers 5.7.12 Reflected.Cross-Site.Scripting.via.campaign_id MEDIUM" "email-subscribers 5.6.24 .Admin+.Directory.Traversal CRITICAL" "email-subscribers 5.5.3 Improper.Neutralization.of.Formula.Elements.in.a.CSV.File MEDIUM" "email-subscribers 5.5.1 Subscriber+.SQLi HIGH" "email-subscribers 5.3.2 Subscriber+.Blind.SQL.injection HIGH" "email-subscribers 5.3.2 Unauthenticated.arbitrary.option.update HIGH" "email-subscribers 4.5.6 Unauthenticated.email.forgery/spoofing HIGH" "email-subscribers 4.5.1 Authenticated.SQL.injection.in.es_newsletters_settings_callback() MEDIUM" "email-subscribers 4.5.1 Cross-site.Request.Forgery.in.send_test_email() LOW" "email-subscribers 4.2.3 Multiple.Issues HIGH" "email-subscribers 4.3.1 Unauthenticated.Blind.SQL.Injection CRITICAL" "email-subscribers 4.1.8 SQL.Injection HIGH" "email-subscribers 4.1.7 Cross-Site.Scripting.(XSS) CRITICAL" "email-subscribers 3.5.0 Cross-Site.Scripting.(XSS) MEDIUM" "email-subscribers 3.4.8 Unauthenticated.Subscriber.Download HIGH" "email-subscribers 2.9.1 Multiple.XSS.&.SQLi MEDIUM" "export-wp-page-to-static-html 2.2.3 Open.Redirect HIGH" "export-wp-page-to-static-html 2.2.0 Missing.Authorization.via.Multiple.AJAX.Actions MEDIUM" "export-wp-page-to-static-html 2.2.0 Cross-Site.Request.Forgery.via.Multiple.AJAX.Actions MEDIUM" "export-media-urls 2.0 Cross-Site.Request.Forgery MEDIUM" "events-calendar-for-google No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "easy-wp-smtp 2.3.1 Exposure.of.Sensitive.Information.via.the.UI LOW" "easy-wp-smtp 1.5.2 Admin+.Arbitrary.File.Deletion MEDIUM" "easy-wp-smtp 1.5.2 Admin+.RCE MEDIUM" "easy-wp-smtp 1.5.2 Admin+.Arbitrary.File.Access MEDIUM" "easy-wp-smtp 1.5.0 Admin+.PHP.Objection.Injection MEDIUM" "easy-wp-smtp 1.4.3 Debug.Log.Disclosure HIGH" "easy-wp-smtp 1.3.9.1 Unauthenticated.Arbitrary.wp_options.Import MEDIUM" "elespare 3.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Horizontal.Nav.Menu.Widge MEDIUM" "elespare 2.1.3 Missing.Authorization.to.Subscriber+.Arbitrary.Post.Creation MEDIUM" "exs-widgets 0.3.2 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "element-ready-lite 6.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "element-ready-lite 5.9.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "email-customizer-woocommerce 1.7.2 Multiple.Author+.SQLi MEDIUM" "export-woocommerce 2.0.12 Reflected.Cross-Site.Scripting MEDIUM" "export-woocommerce 2.0.9 Missing.Authorization MEDIUM" "export-woocommerce 2.0.11 Reflected.XSS HIGH" "ezpz-one-click-backup No.known.fix Cross-Site.Scripting.(XSS) CRITICAL" "evergreen-content-poster 1.4.3 Missing.Authorization MEDIUM" "evergreen-content-poster 1.4.2 Reflected.Cross-Site.Scripting MEDIUM" "evergreen-content-poster 1.4.1 Admin+.Stored.XSS LOW" "event-page-templates-addon-for-the-events-calendar 1.6 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "event-notifier 1.2.1 XSS MEDIUM" "envo-elementor-for-woocommerce 1.4.17 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "envo-elementor-for-woocommerce 1.4.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "envo-elementor-for-woocommerce 1.4.5 Subscriber+.Template.Creation MEDIUM" "envo-elementor-for-woocommerce 1.4.5 Arbitrary.Theme.Activation.via.CSRF MEDIUM" "envo-elementor-for-woocommerce 1.4.5 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "easy-google-map No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "easyazon No.known.fix Reflected.Cross-Site.Scripting.via.easyazon-cloaking-locale MEDIUM" "easyazon 5.1.1 Missing.Authorization.on.AJAX.actions MEDIUM" "easy-tiktok-feed No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-tiktok-feed 1.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "elements-plus 2.16.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elements-plus 2.16.3 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.widget.links MEDIUM" "embed-office-viewer 2.2.7 Reflected.Cross-Site.Scripting MEDIUM" "embed-office-viewer 2.2.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "event-registration-calendar-by-vcita No.known.fix CSRF.to.Stored.XSS.in.settings.page MEDIUM" "event-registration-calendar-by-vcita 1.4.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "extensive-vc-addon 1.9.1 Unauthenticated.RCE CRITICAL" "eid-easy-qualified-electonic-signature 3.3.1 Use.of.Polyfill.io MEDIUM" "ecpay-logistics-for-woocommerce 1.3.1910240 Unauthenticated.Reflected.XSS MEDIUM" "easy-sign-up No.known.fix Contributor+.Stored.XSS MEDIUM" "easy-captcha No.known.fix Missing.Authorization MEDIUM" "easy-captcha No.known.fix Reflected.Cross-Site.Scripting HIGH" "easy-prayer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-prayer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "export-woocommerce-customer-list 2.0.69 CSV.Injection LOW" "elementinvader-addons-for-elementor 1.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementinvader-addons-for-elementor 1.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "events-calendar-registration-booking-by-events-plus No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "email-posts-to-subscribers No.known.fix Admin+.Stored.XSS LOW" "email-posts-to-subscribers No.known.fix Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "email-posts-to-subscribers No.known.fix Unauthenticated.SQLi HIGH" "ezoic-integration 2.8.9 Admin+.Stored.XSS LOW" "ezoic-integration 2.8.9 Unauthenticated.Settings.Update.to.Stored.XSS MEDIUM" "extended-widget-options 5.1.3 Extended.<=.5.1.0.&..Widget.Options.<=.4.0.1.-.Authenticated.(Subscriber+).Information.Disclosure MEDIUM" "easy-zillow-reviews 1.6.2 Reflected.Cross-Site.Scripting MEDIUM" "easy-zillow-reviews 1.4.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-login-styler No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "event-calendar-wd 1.1.51 Reflected.Cross-Site.Scripting HIGH" "event-calendar-wd 1.1.51 Subscriber+.Event.Creation MEDIUM" "event-calendar-wd 1.1.46 Cross-Site.Scripting.(XSS) MEDIUM" "event-calendar-wd 1.1.45 Cross-Site.Scripting.(XSS) MEDIUM" "event-calendar-wd 1.1.22 Cross-Site.Scripting.(XSS) MEDIUM" "event-calendar-wd 1.0.94 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "easy-student-results No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-student-results No.known.fix Sensitive.Information.Disclosure.via.REST.API LOW" "expert-invoice No.known.fix Expert.Invoice.<=.1,0,2.-Admin+.Stored.XSS LOW" "ecommerce-product-catalog 3.3.33 Reflected.Cross-Site.Scripting MEDIUM" "ecommerce-product-catalog 3.3.29 Cross-Site.Request.Forgery MEDIUM" "ecommerce-product-catalog 3.3.27 Sensitive.Information.Exposure.via.CSV.Files MEDIUM" "ecommerce-product-catalog 3.3.27 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "ecommerce-product-catalog 3.3.26 Products.Deletion.via.CSRF MEDIUM" "ecommerce-product-catalog 3.3.9 Admin+.Stored.XSS LOW" "ecommerce-product-catalog 3.3.5 Admin+.Stored.XSS LOW" "ecommerce-product-catalog 3.0.72 Reflected.XSS MEDIUM" "ecommerce-product-catalog 3.0.72 Reflected.XSS.via.AJAX MEDIUM" "ecommerce-product-catalog 3.0.71 Reflected.XSS MEDIUM" "ecommerce-product-catalog 3.0.39 Reflected.Cross-Site.Scripting HIGH" "ecommerce-product-catalog 3.0.18 Cross-Site.Request.Forgery MEDIUM" "ecommerce-product-catalog 3.0.18 CSRF.Nonce.Bypass MEDIUM" "ecommerce-product-catalog 2.9.44 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "easyrecipe No.known.fix Cross-Site.Request.Forgery MEDIUM" "email-queue 1.1.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "easy-paypal-shopping-cart 1.1.11 Contributor+.Stored.XSS MEDIUM" "enquiry-quotation-for-woocommerce 2.2.13 Admin+.Stored.XSS LOW" "embed-docs 3.0.0 Reflected.Cross-Site.Scripting MEDIUM" "everest-google-places-reviews-lite 2.0.0 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "ewww-image-optimizer 7.3.0 Cross-Site.Request.Forgery MEDIUM" "ewww-image-optimizer 7.2.1 Unauthenticated.Sensitive.Information.Exposure.via.Debug.Log MEDIUM" "ewww-image-optimizer 7.2.1 Sensitive.Information.Exposure MEDIUM" "ewww-image-optimizer 5.9 Cross-Site.Request.Forgery MEDIUM" "event-feed-for-eventbrite 1.1.2 Reflected.Cross-Site.Scripting MEDIUM" "event-feed-for-eventbrite 1.0.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-twitter-feeds 1.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "empty-cart-button-for-woocommerce No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-slider-revolution 1.1.0 Author+.Stored.XSS MEDIUM" "events-made-easy No.known.fix Subscriber+.SQLi HIGH" "events-made-easy 2.3.17 Subscriber+.Unauthorised.AJAX.Calls MEDIUM" "events-made-easy 2.2.81 Unauthenticated.SQLi HIGH" "events-made-easy 2.2.36 Subscriber+.SQL.Injection HIGH" "events-made-easy 2.2.24 Admin+.Stored.Cross-Site.Scripting LOW" "events-made-easy 1.6.21 CSRF.to.Cross-Site.Scripting.(XSS) HIGH" "events-made-easy 1.5.50 Multi.CSRF.to.Stored.Cross-Site.Scripting.&.Event.Deletion HIGH" "easy-watermark 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "easy-watermark 0.7.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "ecwid-shopping-cart 6.12.11 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "ecwid-shopping-cart 6.12.5 Cross-Site.Request.Forgery MEDIUM" "ecwid-shopping-cart 6.12.5 Arbitrary.Plugin.Settings.Change.via.CSRF MEDIUM" "ecwid-shopping-cart 6.12.4 Missing.Authorization.on.multiple.functions MEDIUM" "ecwid-shopping-cart 6.11.5 Contributor+.Stored.Cross-Site.Scriping MEDIUM" "ecwid-shopping-cart 6.11.4 Import.via.CSRF MEDIUM" "ecwid-shopping-cart 6.10.24 Settings.Update.via.CSRF MEDIUM" "ecwid-shopping-cart 6.10.23 Insufficient.Access.Control MEDIUM" "everest-coming-soon-lite 1.1.1 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "elegant-themes-icons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-login-woocommerce 2.7.3 2.7.2.-.Missing.Authorization.to.Arbitrary.Options.Exposure MEDIUM" "easy-login-woocommerce 2.7.3 Missing.Authorization.to.Arbitrary.Options.Update HIGH" "easy-login-woocommerce 2.4 Settings.Reset.via.CSRF MEDIUM" "easy-login-woocommerce 2.3 Various.Versions.CSRF.to.Arbitrary.Options.Update HIGH" "easy-login-woocommerce 2.2 Reflected.Cross-Site.Scripting HIGH" "easy-login-woocommerce 1.5 Authenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "envo-extra 1.8.25 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Widget MEDIUM" "envo-extra 1.8.17 Authenticated.(Contributor+).Cross-Site.Scripting MEDIUM" "envo-extra 1.8.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "envo-extra 1.8.4 Cross-Site.Request.Forgery MEDIUM" "event-espresso-core-reg 4.10.7.p Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "estatik 4.1.1 Reflected.XSS HIGH" "estatik 4.1.1 Unauthenticated.PHP.Object.Injection HIGH" "estatik 4.1.1 Subscriber+.Arbitrary.Option.Update HIGH" "estatik 2.3.1 Arbitrary.File.Upload HIGH" "easyjobs 2.4.15 Reflected.Cross-Site.Scripting MEDIUM" "easyjobs 2.4.7 Subscriber+.Arbitrary.Settings.Update MEDIUM" "easyjobs 1.4.8 Reflected.Cross-Site.Scripting MEDIUM" "education-addon No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "education-addon 1.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "extensions-for-elementor 2.0.32 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "extensions-for-elementor 2.0.33 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.EE.Events.and.EE.Flipbox.Widget MEDIUM" "extensions-for-elementor 2.0.31 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.url.Parameter MEDIUM" "export-all-urls 4.6 Reflected.XSS HIGH" "export-all-urls 4.2 Editor+.Stored.XSS MEDIUM" "export-all-urls 4.4 Admin+.Arbitrary.System.File.Removal MEDIUM" "export-all-urls 4.2 Editor+.Stored.Cross-Site.Scripting LOW" "export-all-urls 4.3 Private/Draft.Post/Page.Title.Disclosure.via.CSRF MEDIUM" "export-all-urls 4.2 Reflected.Cross-Site.Scripting MEDIUM" "easy-custom-js-and-css No.known.fix Reflected.Cross-Site.Scripting HIGH" "enable-svg-uploads No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "everlightbox 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "everlightbox 1.1.18 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-pricing-tables 3.2.3 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "easy-pricing-tables 3.2.1 Reflected.Cross-Site-Scripting MEDIUM" "easy-pricing-tables 3.1.3 Author+.Stored.Cross-Site.Scripting MEDIUM" "easy-pricing-tables 3.1.3 Arbitrary.Post.Removal.via.CSRF MEDIUM" "easyrotator-for-wordpress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "easy-facebook-likebox 6.5.7 Cross-Site.Request.Forgery MEDIUM" "easy-facebook-likebox 6.5.6 Contributor+.Stored.XSS MEDIUM" "easy-facebook-likebox 6.5.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.fb_appid MEDIUM" "easy-facebook-likebox 6.5.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "easy-facebook-likebox 6.5.5 Cross-Site.Request.Forgery MEDIUM" "easy-facebook-likebox 6.5.5 Cross-Site.Request.Forgery MEDIUM" "easy-facebook-likebox 6.5.3 Subscriber+.Settings.Update MEDIUM" "easy-facebook-likebox 6.5.0 Reflected.Cross-Site.Scripting MEDIUM" "easy-facebook-likebox 6.4.0 Contributor+.Stored.XSS MEDIUM" "easy-facebook-likebox 6.3.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-facebook-likebox 6.2.7 Reflected.Cross-Site.Scripting.(XSS) HIGH" "easy-facebook-likebox 6.2.7 Reflected.Cross-Site.Scripting HIGH" "expand-maker 3.2.7 Admin+.PHP.Object.Injection LOW" "event-list 0.8.8 Admin+.Stored.Cross-Site.Scripting LOW" "event-list 0.7.10 XSS MEDIUM" "event-list 0.7.9 Authenticated.SQL.Injection HIGH" "email-before-download No.known.fix Cross-Site.Request.Forgery MEDIUM" "email-before-download 6.8 Admin+.SQL.Injection MEDIUM" "email-before-download 4.0 SMTP.Header.Injection MEDIUM" "embed-google-fonts No.known.fix Missing.Authorization MEDIUM" "eshop No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "eshop No.known.fix Authenticated.Blind.SQL.Injection HIGH" "eshop No.known.fix Reflected.Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "eshop 6.3.12 Remote.Code.Execution MEDIUM" "easy-property-listings 3.5.4 Arbitrary.Contact.Deletion.via.CSRF MEDIUM" "easy-property-listings 3.5.4 Missing.Authorization.via.epl_update_listing_coordinates() MEDIUM" "easy-property-listings 3.5.3 Authenticated(Contributor+).SQL.Injection.via.Shortcode HIGH" "easy-property-listings 3.4 Cross-Site.Request.Forgery.(CSRF) HIGH" "easy-property-listings 3.4 Cross-Site.Scripting.(XSS) MEDIUM" "email-users No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "email-users 4.8.4 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "email-users 4.8.3 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "email-users 4.7.6 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "everest-tab-lite 2.0.4 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "exportfeed-for-woocommerce-product-to-etsy 5.2.0 Reflected.Cross-Site.Scripting MEDIUM" "exportfeed-for-woocommerce-product-to-etsy 3.3.2 CSRF.Bypass MEDIUM" "exportfeed-for-woocommerce-product-to-etsy 3.3.2 Cross-Site.Request.Forgery MEDIUM" "easync-booking 1.3.12 Reflected.Cross-Site.Scripting HIGH" "easync-booking 1.3.7 Reflected.Cross-Site.Scripting MEDIUM" "easync-booking 1.1.16 Unauthenticated.Arbitrary.File.Upload CRITICAL" "easync-booking 1.1.10 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "everest-timeline-lite 1.1.2 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "easyappointments 1.3.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "easy-call-now No.known.fix Cross-Site.Request.Forgery.via.settings_page MEDIUM" "elex-woocommerce-dynamic-pricing-and-discounts 2.1.3 Cross-Site.Request.Forgery MEDIUM" "elex-woocommerce-dynamic-pricing-and-discounts 2.1.3 Cross-Site.Request.Forgery MEDIUM" "elex-woocommerce-dynamic-pricing-and-discounts 2.1.3 Reflected.Cross-Site.Scripting MEDIUM" "enhanced-plugin-admin 1.17 CSRF MEDIUM" "echo-knowledge-base 11.31.0 Unauthenticated.PHP.Object.Injection.in.is_article_recently_viewed CRITICAL" "easy-custom-js-and-css-pro No.known.fix Reflected.Cross-Site.Scripting HIGH" "enable-svg-webp-ico-upload No.known.fix Author+.Stored.XSS MEDIUM" "enable-svg-webp-ico-upload No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "enable-svg-webp-ico-upload No.known.fix Author+.Arbitrary.File.Upload HIGH" "ecab-taxi-booking-manager 1.1.0 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "exchange-addon-easy-us-sales-taxes 1.1.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "event-post 5.9.6 Unauthenticated.Local.File.Inclusion CRITICAL" "event-post No.known.fix Cross-Site.Request.Forgery MEDIUM" "event-post 5.9.5 Missing.Authorization MEDIUM" "event-post 5.9.1 Contributor+.Stored.XSS MEDIUM" "ean-for-woocommerce 4.9.0 Authenticated.(Shop.Manager+).Arbitrary.Options.Update MEDIUM" "ean-for-woocommerce 4.9.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.alg_wc_ean_product_meta.Shortcode MEDIUM" "ean-for-woocommerce 4.9.3 Insecure.Direct.Object.Reference.to.Sensitve.Information.Exposure.via.Shortcode MEDIUM" "ean-for-woocommerce 4.4.3 Contributor+.Stored.XSS MEDIUM" "easy-marijuana-age-verify 1.5.2 Reflected.Cross-Site.Scripting MEDIUM" "easy-marijuana-age-verify 1.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "editorial-calendar 3.8.3 Contributor+.Stored.XSS MEDIUM" "easy-pdf-restaurant-menu-upload 1.2 XSS MEDIUM" "everest-comment-rating-lite 2.0.5 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "easy-digital-downloads 3.3.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting.via.Currency.Settings MEDIUM" "easy-digital-downloads 3.3.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting.via.Agreement.Text LOW" "easy-digital-downloads 3.3.1 Missing.Authorization MEDIUM" "easy-digital-downloads 3.3.1 Unauthenticated.SQL.Injection CRITICAL" "easy-digital-downloads 3.2.12 Cross-Site.Request.Forgery MEDIUM" "easy-digital-downloads 3.2.12 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "easy-digital-downloads 3.2.7 Cross-Site.Request.Forgery MEDIUM" "easy-digital-downloads 3.2.10 Sensitive.Information.Exposure MEDIUM" "easy-digital-downloads 3.2.7 Shop.Manager+.Stored.XSS MEDIUM" "easy-digital-downloads 3.2.6 Contributor+.Stored.XSS MEDIUM" "easy-digital-downloads 3.2.0 Missing.Authorization MEDIUM" "easy-digital-downloads 3.1.1.4.2 Unauthenticated.Privilege.Escalation CRITICAL" "easy-digital-downloads 3.1.0.5 Contributor+.Stored.XSS MEDIUM" "easy-digital-downloads 3.1.0.4 Unauthenticated.SQLi HIGH" "easy-digital-downloads 3.0 Arbitrary.Post.Deletion.via.CSRF MEDIUM" "easy-digital-downloads 3.1.0.2 Unauthenticated.CSV.Injection MEDIUM" "easy-digital-downloads 3.0.2 Admin+.PHP.Object.Injection MEDIUM" "easy-digital-downloads 2.11.6 Arbitrary.Payment.Note.Insertion.via.CSRF LOW" "easy-digital-downloads 2.11.6 Admin+.Stored.Cross-Site.Scripting LOW" "easy-digital-downloads 2.11.2.1 Reflected.Cross-Site.Scripting HIGH" "easy-digital-downloads 2.10.3 Unauthorised.Stripe.Disconnect.via.CSRF MEDIUM" "easy-digital-downloads 2.9.16 Stored.XSS MEDIUM" "easy-digital-downloads 2.5.8 PHP.Object.Injection MEDIUM" "easy-digital-downloads 2.3.7 Cross-Site.Scripting.Issue MEDIUM" "easy-digital-downloads 2.3.3 SQL.Injection CRITICAL" "erocket 1.2.5 Admin+.Stored.XSS LOW" "easy-cookies-policy No.known.fix Broken.Access.Control.to.Stored.Cross-Site.Scripting HIGH" "email-newsletter No.known.fix SQL.Injection CRITICAL" "e-unlocked-student-result No.known.fix Student.Result.<=.1.0.4.-.Arbitrary.File.Upload.via.CSRF HIGH" "easy-set-favicon No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "exchange-addon-easy-canadian-sales-taxes 1.1.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "easy-panorama 1.1.5 Admin+.Stored.XSS LOW" "easy-age-verify 1.8.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "easy-age-verify 1.8.2 Reflected.Cross-Site.Scripting MEDIUM" "easy-age-verify 1.6.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "find-my-blocks 3.4.0 Private.Post.Titles.Disclosure MEDIUM" "faq-builder-ays 1.3.6 Authenticated.Blind.SQL.Injections HIGH" "foobar-notifications-lite 2.1.32 Reflected.Cross-Site.Scripting MEDIUM" "foobar-notifications-lite 2.1.15 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "facebook-wall-and-social-integration 1.11 Admin+.Stored.Cross-Site.Scripting LOW" "feedbackscout No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "feedbackscout No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "flatpm-wp 3.1.05 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "flatpm-wp 3.0.13 Reflected.Cross-Site.Scripting HIGH" "famethemes-demo-importer 1.1.6 Cross-Site.Request.Forgery MEDIUM" "foopeople No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "foopeople No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "faq-for-woocommerce 1.7.1 Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "faq-for-woocommerce 1.7.1 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "faq-for-woocommerce 1.6.4 WooCommerce.Product.FAQ.<.1.6.4.-.Reflected.Cross-Site.Scripting MEDIUM" "faq-for-woocommerce 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "forms-to-klaviyo No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fma-products-tabs-pro No.known.fix Arbitrary.Tab.Deletion/Edition.via.CSRF HIGH" "flickr-picture-backup No.known.fix Unauthenticated.File.Upload CRITICAL" "flowpaper-lite-pdf-flipbook 2.0.4 Contributor+.Stored.XSS MEDIUM" "flowpaper-lite-pdf-flipbook 2.0.0 Contributor+.Stored.XSS MEDIUM" "fontmeister No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fusion-builder 3.11.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.fusion_button.Shortcode MEDIUM" "fusion-builder 3.11.2 Cross.Site.Scripting.(XSS).vulnerability.in.the.User.Register.element HIGH" "fusion-builder 3.6.2 Unauthenticated.SSRF HIGH" "free-product-sample 1.2.1 Reflected.Cross-Site.Scripting MEDIUM" "free-product-sample 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "frontend-post-submission-manager-lite 1.2.3 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "favicon-switcher No.known.fix Arbitrary.Settings.Change.via.CSRF MEDIUM" "fg-drupal-to-wp 3.71.0 Sensitive.Information.Exposure MEDIUM" "fg-drupal-to-wp 3.68.0 Cross-Site.Request.Forgery.via.ajax_importer MEDIUM" "floating-div No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "fuse-social-floating-sidebar 5.4.11 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.File.Upload MEDIUM" "fuse-social-floating-sidebar 5.4.9 Reflected.Cross-Site.Scripting MEDIUM" "fuse-social-floating-sidebar 5.4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "forcefield 1.2.9 Reflected.Cross-Site.Scripting MEDIUM" "forcefield 1.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "formget-contact-form No.known.fix Contributor+.Stored.XSS MEDIUM" "finale-woocommerce-sales-countdown-timer-discount 2.18.1 Cross-Site.Request.Forgery MEDIUM" "finale-woocommerce-sales-countdown-timer-discount 2.18.1 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Plugin.Installation.and.Activation MEDIUM" "finale-woocommerce-sales-countdown-timer-discount 2.18.0 Missing.Authorization.to.Unauthenticated.System.Information.Disclosure MEDIUM" "finale-woocommerce-sales-countdown-timer-discount 2.17.0 Unauthenticated.Arbitrary.File.Deletion HIGH" "furnob-core No.known.fix Reflected.Cross-Site.Scripting HIGH" "florapress 1.0.8 Reflected.Cross-Site.Scripting MEDIUM" "florapress 1.0.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "font-awesome-integration No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "fileorganizer 1.0.8 Sensitive.Information.Exposure.via.Directory.Listing HIGH" "fileorganizer 1.0.7 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "fileorganizer 1.0.3 Admin+.Arbitrary.File.Access MEDIUM" "find-duplicates No.known.fix Authenticated.(Subscriber+).SQL.Injection CRITICAL" "flowfact-wp-connector 2.1.8 Reflected.XSS HIGH" "funnel-builder 3.4.7 Missing.Authorization.to.Authenticated.(Contributor+).Settings.Update MEDIUM" "funnel-builder 3.4.0 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.Upload MEDIUM" "funnel-builder 2.14.4 Authenticated(Administrator+).SQL.Injection MEDIUM" "fullworks-firewall No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fullworks-firewall No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "foobox-image-lightbox-premium 2.7.28 Admin+.Stored.XSS LOW" "folders 3.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "folders 3.0.1 Directory.Traversal.via.handle_folders_file_upload MEDIUM" "folders 3.0.3 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.User.First.Name.and.Last.Name MEDIUM" "folders 2.9.3 Authenticated.(Author+).Arbitrary.File.Upload.in.handle_folders_file_upload HIGH" "folders 2.9.3 Authenticated.(Author+).Arbitrary.File.Upload HIGH" "freesoul-deactivate-plugins 2.1.4 Cross-Site.Request.Forgery.via.eos_dp_pro_delete_transient MEDIUM" "fs-product-inquiry No.known.fix Reflected.XSS HIGH" "fs-product-inquiry No.known.fix Unauthenticated.Stored.XSS HIGH" "facebook-page-feed-graph-api 1.9.0 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "filedownload No.known.fix Multiple.Issues CRITICAL" "fixed-html-toolbar 1.0.8 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "flaming-forms No.known.fix Unauthenticated.Stored.XSS HIGH" "flaming-forms No.known.fix Reflected.XSS HIGH" "forty-four No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "floating-action-button 1.2.2 Cross-Site.Request.Forgery MEDIUM" "feed-them-social 4.2.1 Cross-Site.Request.Forgery.via.review_nag_check LOW" "feed-them-social 4.0.0 Settings.Update.via.CSRF MEDIUM" "feed-them-social 3.0.1 Subscriber+.Stored.XSS MEDIUM" "feed-them-social 3.0.1 Settings.Update.via.CSRF MEDIUM" "feed-them-social 3.0.1 Reflected.Cross-Site.Scripting MEDIUM" "feed-them-social 3.0.1 Reflected.Cross-Site.Scripting MEDIUM" "feed-them-social 2.9.8.6 Unauthenticated.PHAR.Deserialisation MEDIUM" "feed-them-social 2.8.7 Cross-Site.Request.Forgery MEDIUM" "feed-them-social 2.8.7 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "feed-them-social 1.7.0 XSS.&.Arbitrary.Shortcode.Execution CRITICAL" "fluent-security 1.0.2 Bypass.blocks.by.IP.Spoofing MEDIUM" "feedpress-generator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "feedpress-generator 1.2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "flexi-quote-rotator No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "formbuilder No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "formbuilder 1.08 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "formbuilder 1.0.8 Multiple.Authenticated.SQL.Injection MEDIUM" "floating-social-media-links No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "formscrm 3.6 Reflected.Cross-Site.Scripting MEDIUM" "freemage No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "freemage No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "freemage No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "free-facebook-reviews-and-recommendations-widgets 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "frontend-dashboard 2.2.5 Authenticated.(Subscriber+).Arbitrary.Function.Call HIGH" "frontend-dashboard 2.2.4 Frontend.Dashboard.<.2,2,4.- MEDIUM" "frontend-dashboard 2.2.2 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "facebook-like-send-button 1.2 Admin+.Stored.XSS LOW" "fusionspan-impexium-single-sign-on No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fusionspan-impexium-single-sign-on No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fscf-sms 2.4.0 Cross-Site.Scripting.(XSS) MEDIUM" "front-end-only-users 3.2.29 Authenticated.(Contributor+).Time-Based.SQL.Injection HIGH" "front-end-only-users 3.2.29 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "front-end-only-users 3.2.25 Cross-Site.Request.Forgery MEDIUM" "fluentforms-pdf 1.1.8 Cross-Site.Scripting MEDIUM" "f4-improvements 1.8.1 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "five-star-ratings-shortcode 1.2.48 Reflected.Cross-Site.Scripting MEDIUM" "five-star-ratings-shortcode 1.2.39 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "find-and-replace-all No.known.fix Arbitrary.Replacement.via.CSRF HIGH" "find-and-replace-all 1.3 Reflected.Cross.Site.Scripting MEDIUM" "filester 1.8.3 Authenticated.Plugin.Settings.Update HIGH" "filester 1.8.1 Admin+.Stored.Cross-Site.Scripting LOW" "filester 1.8.1 Admin+.Remote.Code.Execution MEDIUM" "filester 1.8 Remote.Code.Execution.via.CSRF CRITICAL" "fitness-calculators 2.0.9 Admin+.Stored.XSS LOW" "fitness-calculators 1.9.6 Cross-Site.Request.Forgery.to.Cross-Site.Scripting.(XSS) HIGH" "feeds-for-youtube 2.2.2 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "feeds-for-youtube 2.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "feeds-for-youtube 1.4.2 Reflected.Cross-Site.Scripting MEDIUM" "floating-awesome-button 1.7.0 Reflected.Cross-Site.Scripting MEDIUM" "floating-awesome-button 1.5.14 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "featured-image-pro 5.15 Reflected.XSS HIGH" "formcraft-form-builder 1.2.11 Missing.Authorization MEDIUM" "formcraft-form-builder 1.2.8 Missing.Authorization.via.formcraft_nag_update MEDIUM" "formcraft-form-builder 1.2.7 Admin+.Stored.XSS LOW" "formcraft-form-builder 3.9.7 Admin+.SQLi MEDIUM" "formcraft-form-builder 1.2.10 Contributor+.Stored.XSS MEDIUM" "formcraft-form-builder 1.2.6 Admin+.Stored.Cross.Site.Scripting LOW" "formcraft-form-builder 1.2.2 Cross-Site.Request.Forgery.(CSRF) HIGH" "flickr-justified-gallery No.known.fix Cross-Site.Request.Forgery MEDIUM" "flickr-justified-gallery 3.4.0 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "fooevents 1.19.21 Improper.Authorization.to.(Contributor+).Arbitrary.File.Upload HIGH" "f4-tree 1.1.15 Reflected.Cross-Site.Scripting MEDIUM" "f4-tree 1.1.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "form-to-sheet No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "form-to-sheet No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "forms-to-sendinblue No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "frontend-group-restriction-for-learndash No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "frontend-group-restriction-for-learndash No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "full-customer 3.1.13 Unauthenticated.Stored.Cross-Site.Scripting.via.License.Plan.Parameter HIGH" "full-customer 2.3 Customer.<.2.3.-.Subscriber+.Health.Check.Disclosure MEDIUM" "full-customer 2.3 Customer.<.2.3.-.Subscriber+.Arbitrary.Plugin.Installation HIGH" "fulltext-search 1.69.234 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "fulltext-search 1.70.236 Cross-Site.Request.Forgery MEDIUM" "fulltext-search 1.69.234 Missing.Authorization MEDIUM" "fulltext-search 1.60.213 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.WPFTS.Live.Search.Widget MEDIUM" "fs-shopping-cart No.known.fix Authenticated.SQL.Injection HIGH" "fontsampler 0.14.3 CSRF.to.Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "flower-delivery-by-florist-one No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "follow-me No.known.fix Stored.XSS.via.CSRF MEDIUM" "formfacade 1.3.3 Reflected.Cross-Site.Scripting MEDIUM" "formfacade 1.2.2 Contributor+.Stored.XSS MEDIUM" "first-graders-toolbox 1.0.2 Plugins.Deactivation.via.CSRF MEDIUM" "floating-links 3.6.2 Reflected.Cross-Site.Scripting MEDIUM" "floating-links 3.6.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fg-prestashop-to-woocommerce 4.47.0 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "formidable-registration 2.12 Contributor+.Arbitrary.User.Password.Reset.To.Account.Takeover HIGH" "full-site-editing 3.79150 Contributor+.Stored.XSS MEDIUM" "furikake No.known.fix Unauthenticated.Open.Redirect MEDIUM" "filter-portfolio-gallery No.known.fix Arbitrary.Gallery.Deletion.via.CSRF MEDIUM" "freshdesk-support 2.4.0 Open.Redirect MEDIUM" "freshdesk-support 1.8 Open.Redirect MEDIUM" "fossura-tag-miner 1.1.5 Cross-Site.Request.Forgery.(CSRF).&.XSS HIGH" "fx-private-site No.known.fix Sensitive.Information.Exposure MEDIUM" "foobox-image-lightbox 2.7.32 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.HTML.Data.Attributes MEDIUM" "foobox-image-lightbox 2.7.28 Admin+.Stored.XSS LOW" "foobox-image-lightbox 2.7.27 Reflected.Cross-Site.Scripting MEDIUM" "foobox-image-lightbox 2.7.17 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "foobox-image-lightbox 2.6.4 Subscriber+.Arbitrary.Option.Update CRITICAL" "full-picture-analytics-cookie-notice 5.0.0 Reflected.Cross-Site.Scripting MEDIUM" "full-picture-analytics-cookie-notice 3.2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "funnelforms-free 3.7.4.1 Missing.Authorization.to.Unauthenticated.Arbitrary.Media.Deletion MEDIUM" "funnelforms-free 3.7.4.1 Authenticated.(Administrator+).Arbitrary.File.Deletion MEDIUM" "funnelforms-free 3.7.4.1 Missing.Authorization.to.Unauthenticated.Arbitrary.Media.Upload MEDIUM" "funnelforms-free 3.7.4.1 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "funnelforms-free 3.4.2 Form.Deletion/Duplication.via.CSRF MEDIUM" "funnelforms-free 3.4.2 Missing.Authorization.to.Arbitrary.Post.Deletion MEDIUM" "funnelforms-free 3.4.2 Missing.Authorization.to.New.Category.Creation MEDIUM" "funnelforms-free 3.4.2 Missing.Authorization.to.Post.Modification MEDIUM" "funnelforms-free 3.4.2 Missing.Authorization.to.Enable/Disable.Dark.Mode MEDIUM" "funnelforms-free 3.4.2 Missing.Authorization.to.Category.Update MEDIUM" "funnelforms-free 3.4.2 Missing.Authorization.to.Arbitrary.Post.Duplication MEDIUM" "funnelforms-free 3.4.2 Missing.Authorization.to.Test.Email.Sending MEDIUM" "funnelforms-free 3.4.2 Cross-Site.Request.Forgery.to.Arbitrary.Post.Deletion MEDIUM" "funnelforms-free 3.4.2 Missing.Authorization.to.Category.Deletion MEDIUM" "funnelforms-free 3.4.2 Cross-Site.Request.Forgery.to.Arbitrary.Post.Duplication MEDIUM" "funnelforms-free 3.4 Funnelforms.Free.<.3,4.Unauthenticated.Stored.Cross-Site.Scripting CRITICAL" "funnelforms-free 3.3.8.5 Reflected.Cross-Site.Scripting MEDIUM" "facebook-comment-by-vivacity No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "filebird-document-library 2.0.8 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "filr-protection 1.2.5 Editor+.Stored.XSS LOW" "filr-protection 1.2.3.6 Author+.RCE.via.file.upload.with.phar.ext CRITICAL" "filr-protection 1.2.3 Reflected.Cross-Site.Scripting MEDIUM" "filr-protection 1.2.2.1 Secure.Document.Library.<.1.2.2.1.-.Subscriber+.AJAX.Calls CRITICAL" "filr-protection 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fatal-error-notify 1.5.3 Subscriber+.Test.Error.Email.Sending MEDIUM" "feed-instagram-lite 1.0.0.29 Arbitrary.Post.Duplication.via.CSRF MEDIUM" "flying-press 3.9.7 Arbitrary.Settings.Update.to.Stored.XSS HIGH" "fusion 1.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fullworks-ice-ide-integration No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fullworks-ice-ide-integration No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fullworks-anti-spam 1.3.10 Reflected.Cross-Site.Scripting MEDIUM" "fullworks-anti-spam 1.3.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "form-maker 1.15.27 Reflected.Cross-Site.Scripting HIGH" "form-maker 1.15.26 Admin+.Stored.XSS MEDIUM" "form-maker 1.15.25 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "form-maker 1.15.25 Authenticated.(Subscriber+).Stored.Self-Based.Cross-Site.Scripting MEDIUM" "form-maker 1.15.24 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "form-maker 1.15.23 Sensitive.Information.Exposure MEDIUM" "form-maker 1.15.22 CSRF.to.limited.RCE MEDIUM" "form-maker 1.15.21 Captcha.Bypass HIGH" "form-maker 1.15.19 Reflected.XSS HIGH" "form-maker 1.15.19 Unauthenticated.Stored.XSS CRITICAL" "form-maker 1.15.20 Unauthenticated.Arbitrary.File.Upload MEDIUM" "form-maker 1.15.6 Admin+.SQLI LOW" "form-maker 1.14.12 Admin+.Stored.Cross-Site.Scripting MEDIUM" "form-maker 1.13.60 Authenticated.Stored.XSS HIGH" "form-maker 1.13.40 Authenticated.Reflected.XSS HIGH" "form-maker 1.13.36 Authenticated.SQL.Injection HIGH" "form-maker 1.13.3 Authenticated.SQL.Injection HIGH" "form-maker 1.13.5 Cross-Site.Request.Forgery.(CSRF).to.LFI MEDIUM" "form-maker 1.12.24 CSV.Injection MEDIUM" "full-width-responsive-slider-wp 1.1.8 Reflected.XSS HIGH" "flexible-faqs No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "flexible-faqs 0.5.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fast-image-adder No.known.fix Unauthenticated.Remote.File.Upload CRITICAL" "featured-image-caption 0.8.11 Contributor+.Stored.XSS MEDIUM" "full-page-blog-designer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "feature-comments 1.2.5 wp-admin/admin-ajax.php.Comment.Status.Manipulation.CSRF MEDIUM" "free-event-banner No.known.fix Arbitrary.File.Upload.to.RCE CRITICAL" "free-google-fonts 3.0.1 Reflected.XSS HIGH" "fv-wordpress-flowplayer 7.5.47.7212 Authenticated.(Subscriber+).SQL.Injection.via.exclude.Parameter HIGH" "fv-wordpress-flowplayer 7.5.46.7212 Reflected.Cross-Site.Scripting MEDIUM" "fv-wordpress-flowplayer 7.5.45.7212 Authenticated.(Subscriber+).Server-side.Request.Forgery MEDIUM" "fv-wordpress-flowplayer 7.5.45.7212 Authenticated.(Contributor+).Arbitrary.Redirect MEDIUM" "fv-wordpress-flowplayer 7.5.44.7212 Reflected.Cross-Site.Scripting MEDIUM" "fv-wordpress-flowplayer 7.5.44.7212 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fv-wordpress-flowplayer 7.5.39.7212 Insufficient.Input.Validation.to.Unauthenticated.Stored.Cross-Site.Scripting.and.Arbitrary.Usermeta.Update MEDIUM" "fv-wordpress-flowplayer 7.5.35.7212 Reflected.XSS HIGH" "fv-wordpress-flowplayer 7.5.31.7212 Settings.Toggle.via.CSRF MEDIUM" "fv-wordpress-flowplayer 7.5.19.727 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "fv-wordpress-flowplayer 7.5.18.727 Author+.SQLi HIGH" "fv-wordpress-flowplayer 7.5.3.727 Reflected.Cross-Site.Scripting HIGH" "fv-wordpress-flowplayer 7.4.38.727 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "fv-wordpress-flowplayer 7.3.19.727 SQL.Injection CRITICAL" "fv-wordpress-flowplayer 7.3.15.727 SQL.Injection CRITICAL" "fv-wordpress-flowplayer 7.3.14.727 Unauthenticated.Stored.XSS MEDIUM" "fv-wordpress-flowplayer 7.3.15.727 CSV.Export MEDIUM" "formlift 7.5.18 Unauthenticated.SQL.Injection CRITICAL" "fin-accounting-for-woocommerce 4.4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "form-vibes 1.4.13 Missing.Authorization.in.Multiple.Functions MEDIUM" "form-vibes 1.4.11 Authenticated.(Subscriber+).SQL.Injection.via.fv_export_data HIGH" "form-vibes 1.4.9 Reflected.Cross-Site.Scripting MEDIUM" "form-vibes 1.4.6 Admin+.SQLi MEDIUM" "form-vibes 1.4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fullscreen-galleria 1.6.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "flickr-rss No.known.fix XSS.and.CSRF HIGH" "freshmail-newsletter 1.6 shortcode.php.SQL.Injection HIGH" "flat-preloader 1.5.5 Admin+.Stored.Cross-Site.Scripting MEDIUM" "flat-preloader 1.5.4 CSRF.to.Stored.Cross-Site.Scripting HIGH" "file-manager-advanced-shortcode 2.5.4 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "file-manager-advanced-shortcode 2.4.1 Authenticated.(Contributor+).Directory.Traversal HIGH" "file-manager-advanced-shortcode No.known.fix Unauthenticated.Remote.Code.Execution.through.shortcode CRITICAL" "font-awesome 4.3.2 Contributor+.Stored.XSS MEDIUM" "fetch-jft 1.8.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "facebook-conversion-pixel 2.6.4 Reflected.Cross-Site.Scripting MEDIUM" "facebook-conversion-pixel 2.6.3 Admin+.Stored.Cross-Site.Scripting LOW" "facebook-conversion-pixel 2.6.2 CSRF.to.Stored.Cross-Site.Scripting HIGH" "flipbox-builder No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "faq-manager-with-structured-data 5.4.4 Reflected.Cross-Site.Scripting MEDIUM" "faq-manager-with-structured-data 5.4.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "feedzy-rss-feeds 4.4.8 Authenticated(Contributor+).Blind.Server-Side.Request.Forgery.(SSRF) MEDIUM" "feedzy-rss-feeds 4.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode.Error.Message MEDIUM" "feedzy-rss-feeds 4.4.3 Missing.Authorization.to.Arbitrary.Page.Creation.and.Publication MEDIUM" "feedzy-rss-feeds 4.4.3 Authenticated(Contributor+).SQL.Injection HIGH" "feedzy-rss-feeds 4.4.2 Missing.Authorization MEDIUM" "feedzy-rss-feeds 4.3.3 Missing.Authorization MEDIUM" "feedzy-rss-feeds 4.3.3 Author+.Stored.Cross-Site.Scripting MEDIUM" "feedzy-rss-feeds 4.1.1 Contributor+.Stored.XSS MEDIUM" "feedzy-rss-feeds 3.4.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "feedzy-rss-feeds 3.4.3 Arbitrary.Settings.Update.via.CSRF MEDIUM" "finpose No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "featured-content-gallery No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "fancybox-for-wordpress 3.3.4 3.3.3.-.Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "flamix-bitrix24-and-contact-forms-7-integrations 3.2.0 Unauthenticated.Full.Path.Disclosure MEDIUM" "fast-flow-dashboard 1.2.12 Reflected.Cross-Site.Scripting MEDIUM" "fast-flow-dashboard 1.2.13 Admin+.Stored.Cross-Site.Scripting LOW" "fast-flow-dashboard 1.2.12 Reflected.Cross-Site.Scripting MEDIUM" "flexi 4.20 Guest.Submit.<.4.20.-.Reflected.Cross-Site.Scripting MEDIUM" "fg-joomla-to-wordpress 4.21.0 Sensitive.Information.Exposure MEDIUM" "fast-wp-speed No.known.fix Reflected.XSS HIGH" "font-farsi No.known.fix Administrator+.Stored.Cross-Site.Scripting MEDIUM" "font-farsi No.known.fix Admin+.Stored.XSS.in.Settings LOW" "font-farsi No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "far-future-expiry-header 1.5 Plugin's.Settings.Update.via.CSRF MEDIUM" "flexible-checkout-fields 4.1.3 Missing.Authorization MEDIUM" "featured-image-generator 1.3.3 Missing.Authorization.to.Authenticated.(Subscriber+).Images.Upload MEDIUM" "flo-forms No.known.fix Missing.Authorization MEDIUM" "flo-forms 1.0.42 Subscriber+.Test.Email.Sending MEDIUM" "flo-forms 1.0.41 Admin+.Stored.XSS LOW" "flo-forms 1.0.36 Authenticated.Options.Change.to.Stored.XSS CRITICAL" "formsite 1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "feedburner-alternative-and-rss-redirect 3.8 Plugin.Installation.via.CSRF MEDIUM" "feedburner-alternative-and-rss-redirect 3.8 Subscriber+.Plugin.Installation MEDIUM" "fd-elementor-imagebox No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fl3r-feelbox No.known.fix Unauthenticated.SQLi HIGH" "fl3r-feelbox No.known.fix Moods.Reset.via.CSRF MEDIUM" "fl3r-feelbox No.known.fix Settings.Update.via.CSRF.to.Stored.XSS HIGH" "fetch-tweets No.known.fix Reflected.Cross-Site.Scripting HIGH" "featured-images-for-rss-feeds 1.6.2 Reflected.Cross-Site.Scripting MEDIUM" "featured-images-for-rss-feeds 1.5.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "formidable 6.11.2 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "formidable 6.8 CSRF.to.Stored.Cross-Site.Scripting MEDIUM" "formidable 6.7.1 HTML.Injection MEDIUM" "formidable 6.7.1 Admin+.Stored.Cross-Site.Scripting MEDIUM" "formidable 6.3.1 Subscriber+.Remote.Code.Execution CRITICAL" "formidable 6.2 Unauthenticated.PHP.Object.Injection HIGH" "formidable 6.1 IP.Spoofing MEDIUM" "formidable 5.5.7 Arbitrary.Entry.Deletion.via.CSRF MEDIUM" "formidable 5.0.07 Admin+.Stored.Cross-Site.Scripting LOW" "formidable 4.09.05 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "formidable 4.02.01 Unsafe.Deserialisation CRITICAL" "formidable 2.05.03 Multiple.Vulnerabilities HIGH" "formidable 2.0 Authenticated.Blind.SQL.Injection MEDIUM" "formidable 1.06.03 Arbitrary.File.Upload.via.ofc_upload_image.php CRITICAL" "flexible-shipping 4.24.16 Missing.Authorization MEDIUM" "flexible-shipping 4.11.9 Reflected.Cross-Site.Scripting MEDIUM" "fast-search-powered-by-solr No.known.fix Settings.Update.via.CSRF MEDIUM" "fast-search-powered-by-solr No.known.fix Admin+.Stored.XSS LOW" "formassembly-web-forms 2.0.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "forms-gutenberg No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "forms-gutenberg 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "fsflex-local-fonts No.known.fix Admin+.Stored.Cross-Site-Scripting LOW" "forumwp No.known.fix Insecure.Direct.Object.Reference.to.Authenticated.(Subscriber+).Privilege.Escalation.via.Account.Takeover HIGH" "flexible-shipping-usps 1.10.0 Sensitive.Information.Exposure MEDIUM" "flexible-shipping-usps 1.9.3 Cross-Site.Request.Forgery MEDIUM" "float-menu 6.0.1 Menu.Deletion.via.CSRF MEDIUM" "float-menu 5.0.3 Admin+.Stored.Cross-Site.Scripting LOW" "float-menu 5.0.2 Reflected.XSS MEDIUM" "float-menu 4.3.1 Arbitrary.Menu.Deletion.via.CSRF MEDIUM" "favicon-by-realfavicongenerator 1.3.23 Reflected.Cross-Site.Scripting MEDIUM" "favicon-by-realfavicongenerator 1.3.22 Reflected.Cross-Site.Scripting.(XSS) HIGH" "facebook-by-weblizar 2.8.5 CSRF.&.XSS HIGH" "flash-album-gallery No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "flash-album-gallery 4.25 Full.Path.Disclosure MEDIUM" "flash-album-gallery No.known.fix admin/news.php.want2Read.Parameter.Traversal.Arbitrary.File.Access HIGH" "flash-album-gallery 2.72 "s".Cross-Site.Scripting HIGH" "ftp-access No.known.fix Subscriber+.Stored.XSS HIGH" "floating-contact 2.8 Admin+.Stored.XSS LOW" "flo-launch 2.4.1 Missing.Authentication.Allow.Full.Site.Takeover CRITICAL" "fileviewer No.known.fix Arbitrary.File.Upload/Deletion.via.CSRF CRITICAL" "fixed-ip-logins 1.0 Reflected.Cross-Site.Scripting MEDIUM" "fast-wp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fast-wp No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fast-wp No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "frontier-post No.known.fix Cross-Site.Request.Forgery MEDIUM" "file-manager-advanced 5.2.5 Sensitive.Information.Exposure.via.Directory.Listing MEDIUM" "file-manager-advanced 5.1.1 Admin+.Arbitrary.File/Folder.Access MEDIUM" "final-tiles-grid-gallery-lite 3.6.0 Contributor+.Stored.XSS MEDIUM" "final-tiles-grid-gallery-lite 3.5.8 Reflected.Cross-Site.Scripting MEDIUM" "final-tiles-grid-gallery-lite 3.5.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "final-tiles-grid-gallery-lite 3.5.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "final-tiles-grid-gallery-lite 3.4.19 Authenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "final-tiles-grid-gallery-lite 3.3.57 Subscriber+.Arbitrary.Option.Update CRITICAL" "fullworks-pricing-tables No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fullworks-pricing-tables No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "frontend-checklist No.known.fix Admin+.Stored.XSS.via.Items LOW" "frontend-checklist No.known.fix Admin+.Stored.XSS LOW" "fix-my-feed-rss-repair No.known.fix Cross-Site.Request.Forgery MEDIUM" "fullworks-slack No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fullworks-slack No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fastdup 2.2 Directory.Listing.to.Account.Takeover.and.Sensitive.Data.Exposure HIGH" "fastdup 2.1.8 Sensitive.Information.Exposure.via.Log.File MEDIUM" "fast-index 1.10 Reflected.Cross-Site.Scripting MEDIUM" "footer-putter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "floating-social-bar 1.1.7 Cross-Site.Scripting.(XSS) MEDIUM" "fancy-facebook-comments 1.2.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "fancy-facebook-comments 1.2.15 Contributor+.Stored.XSS MEDIUM" "fancy-facebook-comments 1.2.11 Contributor+.Stored.XSS MEDIUM" "freshing No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "freshing No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "formello 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "forms-for-divi 8.1.3 Reflected.Cross-Site.Scripting MEDIUM" "final-user-wp-frontend-user-profiles 1.2.2 Subscriber+.Privilege.Escalation CRITICAL" "fluent-support 1.7.7 Authenticated(Administrator+).SQL.Injection MEDIUM" "fluent-support 1.5.8 Admin+.SQLi MEDIUM" "flexible-shipping-ups 2.2.5 Cross-Site.Request.Forgery MEDIUM" "file-manager 6.5.6 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "file-manager 6.5.6 6.5.5.-.Unauthenticated.Remote.Code.Execution.via.Race.Condition HIGH" "file-manager 6.3 Admin+.Arbitrary.OS.File/Folder.Access.+.Path.Traversal MEDIUM" "file-manager 5.2.3 Subscriber+.Arbitrary.File.Creation/Upload/Deletion CRITICAL" "file-manager 5.0.2 Information.Disclosure HIGH" "fathom-analytics 3.1.0 Admin+.Stored.XSS LOW" "fathom-analytics 3.0.5 Admin+.Stored.Cross-Site.Scripting LOW" "free-comments-for-wordpress-vuukle 4.0 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "freshmail-integration No.known.fix Cross-Site.Request.Forgery MEDIUM" "freshmail-integration No.known.fix Reflected.XSS HIGH" "floating-social-buttons No.known.fix Cross-Site.Request.Forgery MEDIUM" "funnel-builder-pro 3.5.0 Funnel.Kit.Funnel.Builder.PRO.<.3,5,0.Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.allow_iframe_tag_in_post MEDIUM" "freemind-wp-browser No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "foogallery 2.4.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Gallery.Custom.URL MEDIUM" "foogallery 2.4.15 Author+.Stored.XSS MEDIUM" "foogallery 2.4.15 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Image.Attachment.Fields MEDIUM" "foogallery 2.4.15 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "foogallery 2.4.9 Best.WordPress.Gallery.Plugin.–.FooGallery.<.2,4,9.-Admin+.Stored.Cross-Site.Scripting LOW" "foogallery 2.3.2 Reflected.XSS HIGH" "foogallery 2.3.2 Extensions.Mgt.via.CSRF MEDIUM" "foogallery 2.2.44 Reflected.Cross-Site.Scripting MEDIUM" "foogallery 2.2.41 Reflected.XSS HIGH" "foogallery 2.1.34 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "foogallery 2.0.35 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "foogallery 1.9.25 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "foogallery 1.6.17 Subscriber+.Arbitrary.Option.Update CRITICAL" "formforall No.known.fix Contributor+.Stored.XSS MEDIUM" "fareharbor 3.6.8 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "fareharbor 3.6.7 Admin+.Stored.XSS LOW" "fast-custom-social-share-by-codebard No.known.fix Cross-Site.Request.Forgery MEDIUM" "fast-custom-social-share-by-codebard No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "fast-custom-social-share-by-codebard 1.1.0 Reflected.Cross-Site.Scripting MEDIUM" "favicon-generator 2.1 Arbitrary.File.Upload.via.CSRF HIGH" "favicon-generator 2.1 Cross-Site.Request.Forgery.to.Arbitrary.File.Deletion CRITICAL" "favicon-generator 2.1 Arbitrary.File.Deletion.via.CSRF HIGH" "files-download-delay 1.0.8 Reflected.Cross-Site.Scripting MEDIUM" "files-download-delay 1.0.7 Subscriber+.Settings.Reset MEDIUM" "files-download-delay 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fma-additional-registration-attributes No.known.fix Arbitrary.Field.Deletion.and.Form.Modification.via.CSRF HIGH" "form-block 1.0.2 Form.Submission.via.CSRF MEDIUM" "font-awesome-4-menus No.known.fix Contributor+.Stored.XSS MEDIUM" "font-awesome-4-menus No.known.fix Admin+.Stored.XSS LOW" "fastly 1.2.26 Missing.Authorization MEDIUM" "fastly 1.2.26 Missing.Authorization.via.AJAX.actions MEDIUM" "fusion-slider No.known.fix Authenticated.(Contributor+).PHP.Object.Injection MEDIUM" "fitness-trainer 1.4.1 Subscriber+.Privilege.Escalation CRITICAL" "fontsy No.known.fix Multiple.Unauthenticated.SQLi HIGH" "fotobook No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "find-any-think No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "favicon-rotator 1.2.11 Reflected.Cross-Site.Scripting MEDIUM" "facebook-button-plugin 2.74 Unauthenticated.Password.Protected.Post.Read MEDIUM" "facebook-button-plugin 2.54 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "formcraft No.known.fix Arbitrary.File.Deletion CRITICAL" "forms-by-made-it 1.12.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "flexible-captcha No.known.fix Contributor+.Stored.XSS MEDIUM" "flightlog No.known.fix Authenticated.(editor+).SQL.Injection HIGH" "fluent-smtp 2.2.5 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "fluent-smtp 2.2.3 Stored.XSS.via.Email.Logs HIGH" "fluent-smtp 2.0.1 Authenticated.Stored.XSS LOW" "floating-button 6.0.1 Cross-Site.Request.Forgery.via.process_bulk_action MEDIUM" "floating-button 5.3.1 Reflected.XSS MEDIUM" "form-forms No.known.fix Contact.Form.<=.1.2.4.-.Admin+.Stored.Cross-Site.Scripting LOW" "floating-cart-xforwc 1.3.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "font-awesome-more-icons No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "feedwordpress 2024.0428 Unauthenticated.Draft.Access MEDIUM" "feedwordpress 2022.0123 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "feedwordpress 2015.0514 XSS.&.SQL-Injection MEDIUM" "fontific No.known.fix Cross-Site.Request.Forgery.via.ajax_fontific_save_all HIGH" "fluid-responsive-slideshow 2.2.7 CSRF.&.XSS HIGH" "feedfocal 1.3.0 Unauthenticated.Tracking.Code.Update MEDIUM" "fx-toc No.known.fix Contributor+.Stored.XSS MEDIUM" "forms-to-zapier No.known.fix Authenticated.(Administrator+).SQL.Injection CRITICAL" "forms-to-zapier 1.1.10 Reflected.Cross-Site.Scripting MEDIUM" "forms-to-zapier 1.1.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "font-organizer No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "flexible-woocommerce-checkout-field-editor No.known.fix Missing.Authorization MEDIUM" "file-renaming-on-upload 2.5.2 Admin+.Stored.Cross-Site.Scripting LOW" "facebook-for-woocommerce 1.9.15 CSRF.allowing.Option.Update HIGH" "floating-tiktok-button 1.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "football-pool 2.11.10 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "football-pool 2.12.1 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "football-pool 2.11.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "football-pool 2.6.5 Multiple.XSS MEDIUM" "form-to-chat 1.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "foyer No.known.fix Content.Injection.via.Improper.Access.Control MEDIUM" "forms-for-campaign-monitor 2.8.16 Unauthenticated.Full.Path.Disclosure MEDIUM" "forms-for-campaign-monitor 2.8.14 Reflected.Cross-Site.Scripting HIGH" "formidable-sms 1.1.0 Cross-Site.Scripting.(XSS) MEDIUM" "feather-login-page 1.1.6 Cross-Site.Request.Forgery.via.saveData() MEDIUM" "feather-login-page 1.1.4 CSRF HIGH" "feather-login-page 1.1.2 Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "feather-login-page 1.1.2 Missing.Authorization.to.Authentication.Bypass.and.Privilege.Escalation MEDIUM" "fast-velocity-minify 2.7.7 Full.Path.Disclosure MEDIUM" "filter-gallery 0.1.6 Admin+.Stored.XSS LOW" "filter-gallery 0.0.7 Unauthorised.AJAX.Calls HIGH" "facebook-messenger-customer-chat 1.6 Authenticated.Options.Change.to.Chat.Takeover HIGH" "facebook-messenger-customer-chat 1.3 CSRF HIGH" "flog No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "front-end-pm 11.4.3 Sensitive.Data.Exposure.via.Directory.Listing MEDIUM" "front-end-pm 11.3.8 Reflected.Cross-Site.Scripting MEDIUM" "front-end-pm 11.3.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fotomoto No.known.fix Reflected.XSS HIGH" "forms-ada-form-builder No.known.fix Unauthenticated.Reflected.XSS HIGH" "fancier-author-box No.known.fix Admin+.Stored.XSS LOW" "fluentform 5.1.19 .Missing.Authorization.to.Authenticated.(Subscriber+).Mailchimp.Integration.Modification MEDIUM" "fluentform 5.1.20 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "fluentform 5.1.20 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "fluentform 5.1.20 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "fluentform 5.1.20 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.Welcome.Screen.Fields MEDIUM" "fluentform 5.1.16 Contributor+.PHP.Object.Injection MEDIUM" "fluentform 5.1.17 Unauthenticated.Limited.Privilege.Escalation MEDIUM" "fluentform 5.1.14 Subscriber+.Stored.XSS MEDIUM" "fluentform 5.1.17 Unauthenticated.Settings.Update MEDIUM" "fluentform 5.1.17 Contributor+.Stored.XSS MEDIUM" "fluentform 5.1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fluentform 5.1.7 Admin+.Stored.Cross-Site.Scripting.via.imported.form.title MEDIUM" "fluentform 5.0.9 Insecure.Direct.Object.Reference MEDIUM" "fluentform 5.0.0 SQL.Injection MEDIUM" "fluentform 4.3.25 Contributor+.Stored.XSS.via.Custom.HTML.Form.Field MEDIUM" "fluentform 4.3.13 CSV.Injection LOW" "fluentform 3.6.67 Cross-Site.Request.Forgery.(CSRF) HIGH" "free-shipping-label 2.6.11 Reflected.Cross-Site.Scripting MEDIUM" "floating-social-media-icon No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "foogallery-premium 2.4.15 Author+.Stored.XSS MEDIUM" "foogallery-premium 2.4.6 Contributor+.Stored.XSS MEDIUM" "filebird 5.6.4 Author+.Users.Folder.Deletion LOW" "filebird 5.6.4 Author+.Stored.XSS MEDIUM" "filebird 5.6.1 Admin+.Stored.XSS MEDIUM" "filebird 4.7.4 Unauthenticated.SQL.Injection HIGH" "forget-about-shortcode-buttons 2.1.3 CSRF MEDIUM" "forget-about-shortcode-buttons 1.1.2 XSS MEDIUM" "featured-image-toolkit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "featured-image-toolkit No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "featured-image-toolkit No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "feed-changer 0.3 Admin+.Stored.XSS LOW" "fb-account-kit-login No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fb-account-kit-login No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "frontend-admin 3.8.0 Reflected.Cross-Site.Scripting MEDIUM" "frontend-admin 3.3.33 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "formcraft3 3.8.28 Unauthenticated.SSRF MEDIUM" "formcraft3 3.4 Premium.WordPress.Form.Builder.<.3.4.-.Authenticated.Stored.XSS MEDIUM" "fudou 5.7.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "facebook-pagelike-widget 6.4 Admin+.Stored.XSS LOW" "fancy-product-designer 6.1.81 Admin+.Cross.Site.Scripting LOW" "fancy-product-designer 6.1.8 Reflected.Cross.Site.Scripting HIGH" "fancy-product-designer 6.1.81 Admin+.Cross.Site.Scripting.via.Product.Title LOW" "fancy-product-designer 6.1.5 Admin+.SQL.Injection MEDIUM" "fancy-product-designer 4.7.0 Subscriber+.Unauthorized.Access.and.Modification MEDIUM" "fancy-product-designer 4.7.0 Subscriber+.Unauthorized.Site.Options.Modification HIGH" "fancy-product-designer 4.7.6 Arbitrary.File.Upload.via.CSRF HIGH" "fancy-product-designer 4.7.5 Admin+.SQL.Injection MEDIUM" "fancy-product-designer 4.6.9 Unauthenticated.Arbitrary.File.Upload.and.RCE CRITICAL" "fancy-product-designer 4.5.1 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "falang 1.3.53 Missing.Authorization.to.Translation.Update.and.Information.Exposure MEDIUM" "falang 1.3.52 Cross-Site.Request.Forgery MEDIUM" "falang 1.3.50 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "falang 1.3.48 Authenticated.(Administrator+).SQL.Injection HIGH" "falang 1.3.40 Cross-Site.Request.Forgery MEDIUM" "falang 1.3.18 Reflected.Cross-Site.Scripting HIGH" "frontend-uploader No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "fs-poster No.known.fix Cross-Site.Request.Forgery MEDIUM" "faculty-weekly-schedule 1.2.0 Folders.Disclosure.via.Outdated.jQueryFileTree.Library MEDIUM" "flowplayer6-video-player 1.0.5 Contributor+.Stored.XSS MEDIUM" "forym No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "facebook-likebox-widget-and-shortcode 1.2.1 Admin+.Stored.XSS LOW" "food-recipes 2.6.1 Reflected.Cross-Site.Scripting MEDIUM" "food-recipes 2.1.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "feedback-suite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "feedback-suite No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "feedback-suite No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "formilla-live-chat 1.3.1 Admin+.Stored.XSS LOW" "for-the-visually-impaired No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "first-order-discount-woocommerce 1.22 Discount.Update.via.CSRF MEDIUM" "food-and-drink-menu 2.4.17 Missing.Authorization.to.Menu.Creation MEDIUM" "food-and-drink-menu 2.4.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "food-and-drink-menu 2.4.11 Unauthenticated.PHP.Object.Injection HIGH" "food-and-drink-menu 2.4.7 .Cross-Site.Request.Forgery MEDIUM" "food-and-drink-menu 2.2.1 Unauthenticated.PHP.Object.Injection HIGH" "frontpage-manager No.known.fix Cross-Site.Request.Forgery.via.admin_page MEDIUM" "fattura24 6.2.8 Reflected.Cross-Site.Scripting HIGH" "facebook-fan-page-widget 2.1 Admin+.Stored.XSS LOW" "fluid-notification-bar No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "favorites 2.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "favorites 2.3.3 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "futurio-extra 2.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Advanced.Text.Block.Widget MEDIUM" "futurio-extra 1.9.1 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "futurio-extra 1.6.3 Subscriber+.User.Email.Address.Disclosure MEDIUM" "futurio-extra 1.6.3 Authenticated.SQL.Injection MEDIUM" "food-store 1.4.7.5 Reflected.Cross-Site.Scripting MEDIUM" "food-store 1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "food-store 1.3.7 Unauthorised.AJAX.call.via.CSRF MEDIUM" "focus-on-reviews-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "file-away No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "forminator 1.34.1 Reflected.Cross-Site.Scripting MEDIUM" "forminator 1.29.2 HubSpot.Developer.API.Key.Sensitive.Information.Exposure HIGH" "forminator 1.15.4 Reflected.Cross-Site.Scripting MEDIUM" "forminator 1.29.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "forminator 1.29.3 Admin+.SQL.Injection MEDIUM" "forminator 1.29.3 Contributor+.Stored.Cross-Site.Scripting.via.forminator_form.Shortcode MEDIUM" "forminator 1.29.1 Unauthenticated.Stored.XSS HIGH" "forminator 1.29.1 Reflected.Cross-Site.Scripting HIGH" "forminator 1.28.0 Admin+.Arbitrary.File.Upload MEDIUM" "forminator 1.27.0 Admin+.Stored.Cross-Site.Scripting LOW" "forminator 1.25.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "forminator 1.24.4 Reflected.XSS HIGH" "forminator 1.24.1 Unauthenticated.Race.Condition.on.poll.vote MEDIUM" "forminator 1.15.4 Admin+.Stored.Cross-Site.Scripting LOW" "forminator 1.14.12 Unauthenticated.Stored.XSS HIGH" "forminator 1.14.8.1 CSRF.Nonce.Bypasses MEDIUM" "forminator 1.13.5 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "forminator 1.6 Authenticated.Multiple.Vulnerabilities MEDIUM" "formzu-wp 1.6.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "formzu-wp 1.6.7 Contributor+.Stored.XSS.via.id MEDIUM" "filter-custom-fields-taxonomies-light No.known.fix Missing.Authorization MEDIUM" "filter-custom-fields-taxonomies-light No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "fluent-crm 2.8.45 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "fluent-crm 2.8.0 Marketing.Automation.For.WordPress..<.2.8.0.-.Unauthenticated.Subscriptions.Update MEDIUM" "friends 2.8.6 Authenticated.(Admin+).Blind.Server-Side.Request.Forgery MEDIUM" "five-minute-webshop No.known.fix Admin+.SQLi.via.orderby MEDIUM" "five-minute-webshop No.known.fix Admin+.SQLi.via.id MEDIUM" "flattr No.known.fix Admin+.Stored.XSS LOW" "folders-pro 3.0.3 Directory.Traversal.via.handle_folders_file_upload MEDIUM" "folders-pro 3.0.3 Authenticated(Author+).Arbitrary.File.Upload.via.handle_folders_file_upload HIGH" "flash-video-player No.known.fix Cross-Site.Request.Forgery MEDIUM" "front-editor No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "front-editor No.known.fix Admin+.Stored.XSS LOW" "front-editor 4.0.4 Reflected.Cross-Site.Scripting MEDIUM" "front-editor 3.4.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "free-sales-funnel-squeeze-pages-landing-page-builder-templates-make 0.99 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "free-sales-funnel-squeeze-pages-landing-page-builder-templates-make No.known.fix Multiple.Cross-Site.Request.Forgery.(CSRF) MEDIUM" "featured-image-from-url 4.8.3 Missing.Authorization MEDIUM" "featured-image-from-url 4.8.2 Missing.Authorization MEDIUM" "featured-image-from-url 4.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.fifu_input_url MEDIUM" "featured-image-from-url 4.5.4 Contributor+.Stored.XSS MEDIUM" "featured-image-from-url 4.0.1 Admin+.Stored.Cross-Site.Scripting LOW" "featured-image-from-url 4.0.0 Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "foxyshop 4.8.2 Reflected.Cross-Site.Scripting MEDIUM" "flyzoo No.known.fix Admin+.Stored.XSS LOW" "file-gallery No.known.fix Reflected.Cross-Site.Scripting.via.post_id MEDIUM" "file-gallery 1.8.5.4 Contributor+.Stored.XSS MEDIUM" "footer-text No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "fast-checkout-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fast-checkout-for-woocommerce 1.1.17 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "flynsarmy-iframe-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "float-to-top-button No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "fancy-elementor-flipbox No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Fancy.Elementor.Flipbox.Widget MEDIUM" "featured-products-first-for-woocommerce 1.9.6 Reflected.Cross-Site.Scripting MEDIUM" "featured-products-first-for-woocommerce 1.9.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "formidablepro-2-pdf 3.11 Subscriber+.SQLi HIGH" "fullworks-directory No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fullworks-directory No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "frontend-registration-contact-form-7 No.known.fix Authenticated.(Editor+).Privilege.Escalation HIGH" "flight-search-widget-blocks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "flight-search-widget-blocks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "flight-search-widget-blocks No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "gs-facebook-comments 1.7.4 Missing.Authorization.via.wpfc_allow_comments() MEDIUM" "graphcomment-comment-system 2.3.5 Reflected.Cross-Site.Scripting MEDIUM" "google-language-translator 6.0.12 Google.Language.Translator.<.6.0.12.-.Admin+.Stored.Cross-Site.Scripting LOW" "google-language-translator 6.0.10 Authenticated.Cross-Site.Scripting.(XSS) LOW" "google-language-translator 6.0.10 Authenticated.(author+).Cross-Site.Scripting.(XSS) MEDIUM" "google-language-translator 5.0.06 XSS MEDIUM" "giveasap 2.46.1 CSRF MEDIUM" "giveasap 2.46.1 Reflected.Cross-Site.Scripting LOW" "giveasap 2.45.1 Admin+.Stored.XSS LOW" "giveasap 2.45.1 Editor+.Stored.Cross-Site.Scripting LOW" "giveasap 2.45.1 Admin+.Stored.Cross-Site.Scripting MEDIUM" "giveasap 2.42.1 Unauthorised.AJAX.Calls.via.Freemius HIGH" "giveasap 2.36.2 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) CRITICAL" "gold-addons-for-elementor 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gsheetconnector-gravity-forms 1.3.5 Access.Code.Update.via.CSRF MEDIUM" "google-one 1.3.4 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "go-dash No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gistpress 3.0.2 Authenticated.Stored.XSS MEDIUM" "gf-zendesk 1.0.8 Reflected.Cross-Site.Scripting HIGH" "getresponse-integration No.known.fix Contributor+.Stored.XSS MEDIUM" "getresponse-integration 5.5.32 Contributor+.Stored.XSS MEDIUM" "getresponse-integration 5.5.21 API.Key.Update.via.CSRF MEDIUM" "google-adsense-and-hotel-booking No.known.fix Open.Proxy CRITICAL" "google-analytics-dashboard-for-wp 7.14.2 Contributor+.Stored.XSS MEDIUM" "google-analytics-dashboard-for-wp 7.12.1 Contributor+.Stored.XSS MEDIUM" "geo-mashup 1.13.12 Reflected.Cross-Site.Scripting MEDIUM" "geo-mashup 1.13.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "geo-mashup 1.10.4 Unspecified.Cross-Site.Scripting.(XSS) CRITICAL" "gs-pinterest-portfolio 1.8.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shorcode MEDIUM" "gs-pinterest-portfolio 1.8.1 Missing.Authorization.via._update_shortcode MEDIUM" "ghactivity No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "google-analyticator 6.5.6 Admin+.PHP.Object.Injection LOW" "google-analyticator 6.5.6 Admin+.PHP.Object.Injection MEDIUM" "google-analyticator 6.4.9.6 Multiple.Cross-Site.Scripting.(XSS) HIGH" "google-analyticator 6.4.9.4 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "gamepress No.known.fix Reflected.Cross-Site.Scripting HIGH" "go-viral No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "go-viral 1.8.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gift-certificate-creator 1.1 Stored.XSS MEDIUM" "guest-author-name 4.35 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "glossary-by-codeat 2.2.27 Unauthenticated.Full.Path.Disclosure MEDIUM" "glossary-by-codeat 2.2.3 Reflected.Cross-Site.Scripting MEDIUM" "glossary-by-codeat 2.1.28 Contributor+.Stored.XSS MEDIUM" "glossary-by-codeat 2.1.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "greenwallet-gateway 1.0.2 Reflected.Cross.Site.Scripting.in.checkout.page MEDIUM" "ga-for-wp 2.2.0 Reflected.Cross-Site.Scripting MEDIUM" "ga-for-wp 1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "google-maps-advanced No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "goodbarber 1.0.24 Settings.Update.via.CSRF MEDIUM" "gsheetconnector-for-elementor-forms 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "gsheetconnector-for-elementor-forms 1.0.7 Reflected.XSS HIGH" "give 3.16.0 Unauthenticated.Full.Path.Disclosure MEDIUM" "give 3.14.2 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.File.Deletion MEDIUM" "give 3.14.0 Missing.Authorization.to.Unauthenticated.Event.Settings.Update MEDIUM" "give 3.14.0 Missing.Authorization.to.Limited.Information.Exposure MEDIUM" "give 3.14.2 Unauthenticated.PHP.Object.Injection.to.RCE CRITICAL" "give 3.14.0 Insecure.Direct.Object.Reference.to.Authenticated.(GiveWP.Worker+).Arbitrary.Post.Actions MEDIUM" "give 3.12.1 Reflected.Cross-Site.Scripting MEDIUM" "give 3.11.0 Contributor+.Stored.XSS MEDIUM" "give 3.5.0 Authenticated.(GiveWP.Manager+).PHP.Object.Injection HIGH" "give 3.7.0 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "give 3.6.0 Contributor+.Stored.XSS MEDIUM" "give 3.4.0 Reflected.Cross-Site.Scripting HIGH" "give 3.3.0 Contributor+.Stored.XSS MEDIUM" "give 2.33.4 Cross-Site.Request.Forgery.to.plugin.installation MEDIUM" "give 2.33.4 Cross-Site.Request.Forgery.to.plugin.deactivation MEDIUM" "give 2.33.4 Cross-Site.Request.Forgery.to.Stripe.Integration.Deletion MEDIUM" "give 2.33.2 Missing.Authorization.via.handleBeforeGateway MEDIUM" "give 2.33.1 Donation.Plugin.<.2.33.1.-.Authenticated(Give.Manager+).Privilege.Escalation HIGH" "give 2.25.3 Cross-Site.Request.Forgery MEDIUM" "give 2.25.2 Cross-Site.Request.Forgery MEDIUM" "give 2.25.2 Author+.Stored.Cross-Site.Scripting MEDIUM" "give 2.25.2 Contributor+.Arbitrary.Content.Deletion MEDIUM" "give 2.25.2 Admin+.Server-Side.Request.Forgery MEDIUM" "give 2.25.2 Contributor+.Stored.XSS MEDIUM" "give 2.24.1 Unauthenticated.SQLi HIGH" "give 2.24.0 Contributor+.Stored.XSS MEDIUM" "give 2.21.0 Manager+.Arbitrary.File.Access.via.Export MEDIUM" "give 2.21.0 Manager+.Arbitrary.File.Creation.via.Export HIGH" "give 2.21.3 Admin+.Stored.Cross-Site.Scripting LOW" "give 2.21.3 DoS.via.CSRF LOW" "give 2.21.0 Reflected.Cross-Site.Scripting MEDIUM" "give 2.21.0 Donor.Information.Disclosure MEDIUM" "give 2.17.3 Reflected.Cross-Site.Scripting.via.Donation.Forms.Dashboard HIGH" "give 2.17.3 Reflected.Cross-Site.Scripting.via.Import.Tool MEDIUM" "give 2.17.3 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "give 2.12.0 Admin+.Stored.XSS MEDIUM" "give 2.10.4 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "give 2.10.0 Reflected.Cross.Site.Scripting.(XSS) HIGH" "give 2.5.10 Multiple.Issues HIGH" "give 2.5.5 Authentication.Bypass HIGH" "give 2.5.1 SQL.Injection CRITICAL" "give 2.4.7 Stored.XSS MEDIUM" "give 2.3.1 Cross-Site.Scripting.(XSS) MEDIUM" "gnucommerce 1.4.2 XSS MEDIUM" "gnucommerce 0.5.7-beta XSS MEDIUM" "goal-tracker-ga 1.0.11 Reflected.Cross-Site.Scripting MEDIUM" "giveaway No.known.fix Authenticated.SQL.Injection HIGH" "geo-my-wp 4.5.0.2 Unauthenticated.LFI.to.RCE/PHAR.Deserialization CRITICAL" "geo-my-wp 4.2 Cross-Site.Request.Forgery MEDIUM" "geo-my-wp 4.0.3 Authenticated(Administrator+).SQL.Injection MEDIUM" "geo-my-wp 4.0.1 Contributor+.Stored.XSS MEDIUM" "gmap-embed 1.8.4 Arbitrary.Post.Deletion.and.Plugin's.Settings.Update.via.CSRF MEDIUM" "gmap-embed 1.8.1 Subscriber+.Arbitrary.Post.Deletion.and.Plugin's.Settings.Update MEDIUM" "gmap-embed 1.8.1 Subscriber+.Map.Creation/Update/Deletion MEDIUM" "gmap-embed 1.7.7 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "grand-media 1.20.0 Admin+.Stored.Cross-Site.Scripting LOW" "grand-media 1.18.5 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "google-analytics-top-posts-widget 1.5.7 Reflected.XSS MEDIUM" "gdpr-data-request-form 1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gs-woocommerce-products-slider 1.5.9 Contributor+.Stored.XSS MEDIUM" "gwp-histats No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gallery-slideshow No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "geodirectory 2.3.71 Missing.Authorization.via.geodirectory_rated() MEDIUM" "geodirectory 2.3.62 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "geodirectory 2.3.49 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'gd_single_tabs'.Shortcode MEDIUM" "geodirectory 2.3.29 Authenticated(Administrator+).SQL.Injection MEDIUM" "geodirectory 2.3.29 Authenticated.(Administrator+).SQL.Injection.via.orderby HIGH" "geodirectory 2.2.24 Admin+.SQLi MEDIUM" "geodirectory 2.2.22 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "geodirectory 2.1.1.3 Authenticated.(admin+).Stored.Cross-Site.Scripting.(XSS) MEDIUM" "gallery-images 2.0.6 Stored.Cross-Site.Scripting.(XSS) CRITICAL" "genesis-blocks 3.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Sharing.Block.Attributes MEDIUM" "genesis-blocks No.known.fix Contributor+.Stored.XSS MEDIUM" "genesis-blocks 3.1.3 Contributor+.Stored.XSS MEDIUM" "genesis-blocks 3.1.3 Contributor+.Stored.XSS MEDIUM" "go-fetch-jobs-wp-job-manager 1.8.4.5 Reflected.Cross-Site.Scripting MEDIUM" "go-fetch-jobs-wp-job-manager 1.7.3.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "google-typography No.known.fix Missing.Authorization MEDIUM" "gsheetconnector-wpforms-pro 2.5.7 Reflected.XSS HIGH" "generate-dummy-posts No.known.fix Missing.Authorization MEDIUM" "google-sitemap-plugin 3.0.8 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "gold-price-chart-widget No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.plugin.settings MEDIUM" "gf-constant-contact 1.0.6 Reflected.Cross-Site.Scripting HIGH" "goods-catalog No.known.fix Contributor+.Stored.XSS MEDIUM" "gianism No.known.fix Admin+.Stored.XSS LOW" "gd-mylist No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "gutentor 3.3.6 Gutenberg.Blocks.-.Page.Builder.for.Gutenberg.Editor.<.3.3.6.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gutentor 3.3.6 Contributor+.Stored.XSS MEDIUM" "gutentor 1.0.3 Reflected.Cross-Site.Scripting MEDIUM" "gsheetconnector-ninja-forms-pro 1.5.2 Reflected.XSS HIGH" "gutenberg 18.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Template.Part.Block MEDIUM" "gutenberg 18.01 18.0.0.-.Unauthenticated.&.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Avatar.Block MEDIUM" "gutenberg 16.8.1 Contributor+.Stored.XSS MEDIUM" "gutenberg 16.8.1 Contributor+.Stored.XSS.via.Navigation.Links.Block MEDIUM" "gutenberg 14.3.1 Multiple.Stored.XSS LOW" "gutenberg 12.7.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "gutenberg 12.7.2 Prototype.Pollution.via.Gutenberg’s.wordpress/url.package MEDIUM" "greenshiftquery 3.9.2 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "gf-zoho 1.1.6 Reflected.Cross-Site.Scripting HIGH" "gsheetconnector-ninja-forms 1.2.8 Reflected.Cross-Site.Scripting MEDIUM" "gsheetconnector-ninja-forms 1.2.7 Reflected.XSS HIGH" "gsheetconnector-ninja-forms 1.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gsheetconnector-easy-digital-downloads 1.6.6 Reflected.Cross-Site.Scripting MEDIUM" "gsheetconnector-easy-digital-downloads 1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "global-elementor-buttons No.known.fix Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.button.link MEDIUM" "grid-shortcodes 1.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "grid-shortcodes 1.1.1 Contributor+.Stored.XSS MEDIUM" "gs-team-members 2.2.4 Contributor+.Stored.XSS MEDIUM" "gs-team-members 2.2.2 Reflected.Cross-Site.Scripting MEDIUM" "gs-team-members 1.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gwyns-imagemap-selector No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "galleria No.known.fix Cross-Site.Request.Forgery MEDIUM" "googmonify No.known.fix CSRF.&.XSS MEDIUM" "gotowp No.known.fix Contributor+.Stored.XSS MEDIUM" "getwid 2.0.11 Missing.Authentication.to.MailChimp.API.key.update MEDIUM" "getwid 2.0.11 Missing.Authorization.to.Google.API.key.update MEDIUM" "getwid 2.0.8 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.'Countdown' MEDIUM" "getwid 2.0.6 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Block.Content MEDIUM" "getwid 2.0.5 Captcha.Bypass MEDIUM" "getwid 2.0.5 Missing.Authorization.to.Recaptcha.API.Key.Modification MEDIUM" "getwid 2.0.3 Unauthenticated.Arbitrary.Email.Sending.to.Admin MEDIUM" "getwid 1.8.4 Subscriber+.SSRF MEDIUM" "gravitate-qa-tracker No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "gf-infusionsoft 1.1.5 Reflected.Cross-Site.Scripting HIGH" "gdpr-cookie-consent 3.3.0 Unauthenticated.Stored.Cross-Site.Scripting.via.Client-IP.header HIGH" "gdpr-cookie-consent 3.1.0 Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "gumroad No.known.fix Contributor+.Stored.XSS MEDIUM" "gallery-from-files No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "gallery-from-files No.known.fix Unauthenticated.RCE CRITICAL" "gd-bbpress-attachments 4.4 Admin+.Stored.XSS LOW" "giveaways-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "giveaways-for-woocommerce No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "google-sitemap-generator 4.1.3 Admin+.Stored.Cross-Site.Scripting LOW" "google-sitemap-generator 4.1.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "gigpress No.known.fix Admin+.Stored.Cross.Site.Scripting LOW" "gigpress No.known.fix Subscriber+.SQLi HIGH" "gigpress 2.3.28 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "gigpress 2.3.11 Authenticated.XSS.&.Blind.SQLi HIGH" "gallery-images-ape No.known.fix Contributor+.Stored.XSS MEDIUM" "gs-portfolio 1.6.1 Contributor+.Stored.XSS MEDIUM" "gamipress-link 1.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "greeklish-permalink 3.5 Unauthenticated.Post.Slug.Update MEDIUM" "get-site-to-phone-by-qr-code No.known.fix Stored.XSS.via.CSRF MEDIUM" "game-server-status No.known.fix Contributor+.SQL.Injection HIGH" "game-server-status No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "game-server-status No.known.fix Admin+.SQL.Injection MEDIUM" "gf-block-ips 1.0.2 Cross-Site.Request.Forgery MEDIUM" "googleanalytics 2.5.2 Reflected.Cross-Site.Scripting.(XSS) HIGH" "gamipress-vimeo-integration 1.0.9 Contributor+.Stored.XSS MEDIUM" "gfirem-advance-search No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gfirem-advance-search No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gfirem-advance-search No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "groundhogg 3.4.3 Reflected.Cross-Site.Scripting MEDIUM" "groundhogg 3.4.3 Cross-Site.Request.Forgery MEDIUM" "groundhogg 2.7.11.11 Admin+.Stored.XSS LOW" "groundhogg 2.7.11.1 CSRF MEDIUM" "groundhogg 2.7.11.1 Admin+.SQLi MEDIUM" "groundhogg 2.7.10 Lack.of.Authorization.for.Non-Arbitrary.File.upload MEDIUM" "groundhogg 2.7.10 Contributor+.Stored.XSS MEDIUM" "groundhogg 2.7.10 Privilege.Escalation.via.CSRF HIGH" "groundhogg 2.7.10 Disable.All.Plugins.via.CSRF MEDIUM" "groundhogg 2.7.10 Ticket.Creation.via.CSRF MEDIUM" "groundhogg 2.7.9.4 Admin+.SQLi MEDIUM" "groundhogg 1.3.11.8 Authenticated.SQL.Injection HIGH" "gallery-album No.known.fix Authenticated.(Contributor+).SQL.Injection CRITICAL" "gallery-album No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gallery-album No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gallery-album No.known.fix Unauthenticated.Stored.XSS HIGH" "gallery-album No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "gallery-album No.known.fix Missing.Authorization.via.Multiple.AJAX.Actions MEDIUM" "gallery-album 2.0.2 Reflected.XSS HIGH" "gallery-album 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "gallery-album 1.2.1 Admin+.SQLi MEDIUM" "greenshift-animation-and-page-builder-blocks 8.9.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "greenshift-animation-and-page-builder-blocks 7.6.3 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "greenshift-animation-and-page-builder-blocks 4.3 Reflected.Cross-Site.Scripting MEDIUM" "greenshift-animation-and-page-builder-blocks 5.0.0 Author+.Stored.XSS MEDIUM" "greenshift-animation-and-page-builder-blocks 5.0 Contributor+.Stored.XSS MEDIUM" "greenshift-animation-and-page-builder-blocks 4.8.9 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "greenshift-animation-and-page-builder-blocks 1.1.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "google-captcha 1.28 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "gc-testimonials No.known.fix Contributor+.Stored.XSS MEDIUM" "gravity-forms-sticky-list No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gravity-forms-sticky-list No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gravity-forms-sticky-list No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "gettext-override-translations 2.0.0 Admin+.Stored.Cross-Site.Scripting LOW" "google-apps-login 3.4.5 Admin+.Stored.XSS LOW" "glorious-services-support 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "glorious-services-support 2.0.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gutenslider 5.10.2 Reflected.Cross-Site.Scripting MEDIUM" "gutenslider 5.7.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gutenslider 5.2.0 Contributor+.Stored.XSS MEDIUM" "getyourguide-ticketing 1.0.4 Admin+.Stored.XSS LOW" "gocodes No.known.fix Authenticated.XSS.&.Blind.SQL.Injection HIGH" "gf-dynamics-crm 1.0.8 Reflected.Cross-Site.Scripting HIGH" "good-reviews-wp 2.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Review.URL MEDIUM" "google-maps-v3-shortcode No.known.fix Contributor+.XSS MEDIUM" "guestofy-restaurant-reservations No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "guestofy-restaurant-reservations No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gp-premium 2.4.1 Reflected.Cross-Site.Scripting MEDIUM" "google-document-embedder No.known.fix Authenticated.(Contributor+).Blind.Server.Side.Request.Forgery MEDIUM" "google-document-embedder 2.6.2 CSRF.&.XSS MEDIUM" "google-document-embedder 2.6.1 XSS MEDIUM" "google-news-sitemap No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "gallery-plugin 4.7.0 Author+.SQL.Injection MEDIUM" "gallery-plugin 4.7.0 Author+.Stored.Cross-Site.Scripting MEDIUM" "gallery-plugin 4.5.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "gestion-pymes No.known.fix Admin+.Stored.XSS LOW" "google-places-reviews 2.0.0 Admin+.Stored.Cross.Site.Scripting LOW" "global-notification-bar No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "gallery-categories 1.0.9 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "get-post-custom-taxonomy-term-shortcode No.known.fix CSRF.Bypass NONE" "g-auto-hyperlink No.known.fix Admin+.SQL.Injection MEDIUM" "generate-pdf-using-contact-form-7 4.1.3 Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "generate-pdf-using-contact-form-7 4.1.3 Cross-Site.Request.Forgery.to.Arbitrary.File.Deletion HIGH" "generate-pdf-using-contact-form-7 3.6 Admin+.Stored.Cross-Site.Scripting LOW" "gdpr-cookie-compliance 4.12.5 License.Update/Deactivation.via.CSRF MEDIUM" "guardgiant 2.2.6 Admin+.SQLi MEDIUM" "google-site-kit 1.8.0 Privilege.Escalation.to.gain.Search.Console.Access CRITICAL" "gdpr-compliance-by-supsystic No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "google-analytics-opt-out 2.3.5 Admin+.Stored.XSS LOW" "google-map-shortcode No.known.fix Settings.Update.via.CSRF MEDIUM" "google-map-shortcode No.known.fix Reflected.XSS HIGH" "google-map-shortcode No.known.fix Contributor+.Stored.XSS HIGH" "gecka-terms-thumbnails No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "gfirem-action-after No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gfirem-action-after No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "get-custom-field-values 4.1 Admin+.Stored.XSS LOW" "get-custom-field-values 4.0.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "get-custom-field-values 4.0 Contributors+.Arbitrary.Post.Metadata.Access MEDIUM" "get-your-number No.known.fix Admin+.Stored.XSS LOW" "generatepress-premium 2.4.0 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Custom.Meta MEDIUM" "glass No.known.fix CSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "gs-instagram-portfolio 1.4.5 Contributor+.Stored.XSS MEDIUM" "gsheetconnector-for-elementor-forms-pro 1.0.5 Reflected.XSS HIGH" "genie-wp-favicon No.known.fix Arbitrary.Favicon.Change.via.CSRF MEDIUM" "global-income-stats-from-freemius No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "global-income-stats-from-freemius No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "global-income-stats-from-freemius No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "gnu-mailman-integration No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gotmls 4.23.56 Unauthenticated.Remote.Code.Execution CRITICAL" "gotmls 4.21.83 Reflected.Cross-Site.Scripting MEDIUM" "gotmls 4.20.96 Reflected.Cross-Site.Scripting LOW" "gotmls 4.20.94 Admin+.Reflected.Cross-Site.Scripting LOW" "gamipress-button 1.0.8 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "gixaw-chat No.known.fix Stored.XSS.via.CSRF HIGH" "gradient-text-widget-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gtmetrix-for-wordpress 0.4.8 Arbitrary.Post.Deletion.via.CSRF MEDIUM" "gtmetrix-for-wordpress 0.4.6 Reflected.Cross-Site.Scripting HIGH" "gtmetrix-for-wordpress 0.4.6 Reflected.XSS HIGH" "gift-up 2.22 Settings.Update.via.CSRF MEDIUM" "gift-up 2.20.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "gallery-by-supsystic 1.15.17 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "gallery-by-supsystic 1.15.6 Arbitrary.Settings.Update.via.CSRF MEDIUM" "gallery-by-supsystic 1.8.6 Arbitrary.Image.Adding.via.CSRF MEDIUM" "gallery-by-supsystic 1.8.6 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "gd-mail-queue 4.0 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "google-shortlink 1.5.3 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "gutenverse 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gutenverse 1.9.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gutenverse 1.9.1 Contributor+.Stored.XSS MEDIUM" "gdpr-compliance No.known.fix Authenticated.(Subscriber+).Information.Exposure MEDIUM" "gseor No.known.fix Authenticated.SQL.Injection MEDIUM" "godaddy-email-marketing-sign-up-forms 1.1.4 Cross-Site.Request.Forgery.(CSRF) HIGH" "genesis-columns-advanced 2.0.4 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "gd-security-headers 1.7.1 Admin+.SQLi MEDIUM" "gd-security-headers 1.7 Reflected.XSS HIGH" "goon-plugin-control 1.2.9.2 Reflected.Cross-Site.Scripting MEDIUM" "goon-plugin-control 1.2.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "great-quotes No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "get-cash 3.2 Reflected.Cross-Site.Scripting MEDIUM" "gpt3-ai-content-generator 1.8.67 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gpt3-ai-content-generator 1.8.13 Cross-Site.Request.Forgery MEDIUM" "gpt3-ai-content-generator 1.8.3 Missing.Authorization.to.Sensitive.Data.Exposure MEDIUM" "gpt3-ai-content-generator 1.7.38 Reflected.Cross-Site.Scripting MEDIUM" "gpt3-ai-content-generator 1.4.38 Subscriber+.Arbitrary.Post.Content.Update MEDIUM" "gravityforms 2.7.5 Reflected.XSS HIGH" "gravityforms 2.7.4 Unauthenticated.PHP.Object.Injection HIGH" "gravityforms 2.4.9 Hashed.Password.Leakage LOW" "giphypress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gsheetconnector-wpforms 3.4.6 Reflected.XSS HIGH" "google-calendar-events 3.2.8 Contributor+.Stored.XSS.via.shortcode MEDIUM" "google-calendar-events 3.2.5 Cross-Site.Request.Forgery.via.duplicate_feed MEDIUM" "google-calendar-events 3.2.6 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "gravity-forms-multiple-form-instances 1.1.2 Unauthenticated.Full.Path.Disclosure MEDIUM" "grid-plus 1.3.4 Subscriber+.Local.File.Inclusion MEDIUM" "grid-plus 1.3.3 Subscriber+.Grid.Layout.Creation/Deletion/Update MEDIUM" "grid-plus 1.3.5 Reflected.XSS HIGH" "google-image-sitemap No.known.fix Map.generation.through.CSRF MEDIUM" "gwa-autoresponder No.known.fix Unauthenticated.SQL.Injection HIGH" "ghost 1.5.0 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "ghost 0.5.6 Unrestricted.Export.Download MEDIUM" "gregs-high-performance-seo 1.6.2 Reflected.XSS MEDIUM" "gestpay-for-woocommerce 20240307 Cross-Site.Request.Forgery.(CSRF).via.ajax_delete_card MEDIUM" "gestpay-for-woocommerce 20240307 Cross-Site.Request.Forgery.(CSRF).via.ajax_unset_default_card MEDIUM" "gestpay-for-woocommerce 20240307 Cross-Site.Request.Forgery.(CSRF).via.ajax_set_default_card MEDIUM" "google-maps-easy 1.11.16 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "google-maps-easy 1.11.12 Cross-Site.Request.Forgery MEDIUM" "google-maps-easy 1.11.8 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "google-maps-easy 1.10.1 Admin+.Stored.Cross-Site.Scripting LOW" "google-maps-easy 1.9.32 Reflected.Cross-Site.Scripting MEDIUM" "gs-envato-portfolio 1.4.0 Contributor+.Stored.XSS MEDIUM" "gf-hubspot 1.0.9 Reflected.Cross-Site.Scripting HIGH" "google-cse No.known.fix Admin+.Stored.XSS LOW" "google-cse No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "gsearch-plus No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "gyta-buyback 1.2.9 Reflected.Cross-Site.Scripting MEDIUM" "gyta-buyback 1.1.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "guruwalk-affiliates No.known.fix Admin+.Stored.XSS LOW" "genealogical-tree 2.2.1 Reflected.Cross-Site.Scripting MEDIUM" "genealogical-tree 2.1.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "good-bad-comments No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "gtranslate 3.0.4 Admin+.Stored.XSS LOW" "gtranslate 2.9.9 CSRF.to.Account.Takeover HIGH" "gtranslate 2.9.7 Reflected.Cross-Site.Scripting LOW" "gtranslate 2.8.65 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "gtranslate 2.8.52 Unauthenticated.Reflected.Cross.Site.Scripting.(XSS) MEDIUM" "gs-books-showcase 1.3.1 Contributor+.Stored.XSS MEDIUM" "gallery-image-gallery-photo 1.1.6 Grid.Gallery.<.1.1.6.-.Admin+.Stored.Cross-Site.Scripting LOW" "gps-plotter No.known.fix Admin+.Stored.XSS LOW" "graphina-elementor-charts-and-graphs 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "graphina-elementor-charts-and-graphs 1.8.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "gf-freshdesk 1.2.9 Reflected.Cross-Site.Scripting HIGH" "g-business-reviews-rating 5.3 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "gravity-file-ajax-upload-free No.known.fix Arbitrary.File.Upload CRITICAL" "gplus-comments No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "genki-pre-publish-reminder No.known.fix Stored.XSS.&.RCE.via.CSRF HIGH" "gs-logo-slider 3.6.9 Admin+.Stored.XSS LOW" "gs-logo-slider 3.5.2 Cross-Site.Request.Forgery MEDIUM" "gs-logo-slider 3.3.8 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "goodlms 2.1.5 Unauthenticated.SQL.Injection CRITICAL" "gp-unique-id 1.5.6 Unauthenticated.Form.Submission.Unique.ID.Modification LOW" "guest-author 2.4 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "guest-author 2.4 Contributor+.Stored.XSS MEDIUM" "gf-salesforce-crmperks 1.2.6 Reflected.Cross-Site.Scripting HIGH" "gn-publisher 1.5.6 Reflected.XSS HIGH" "gracemedia-media-player No.known.fix Local.File.Inclusion.(LFI) CRITICAL" "gallery-photo-gallery 5.7.1 Administrator+.HTML.Injection MEDIUM" "gallery-photo-gallery 5.5.3 Reflected.Cross-Site.Scripting MEDIUM" "gallery-photo-gallery 5.2.7 CSRF MEDIUM" "gallery-photo-gallery 5.1.4 Reflected.XSS HIGH" "gallery-photo-gallery 5.1.7 Reflected.XSS MEDIUM" "gallery-photo-gallery 4.4.4 Responsive.Image.Gallery.<.4.4.4.-.Authenticated.Blind.SQL.Injections HIGH" "gallery-photo-gallery 4.4.4 Reflected.Cross-Site.Scripting.(XSS) HIGH" "gallery-photo-gallery 1.0.1 SQL.Injection CRITICAL" "gd-rating-system 3.6.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "gd-rating-system 3.5.1 Unauthenticated.Stored.Cross-Site.Scripting.via.IP MEDIUM" "gd-rating-system 2.3.1 Multiple.Vulnerabilities HIGH" "gd-rating-system 2.1 XSS MEDIUM" "grid-kit-premium 2.2.0 Multiple.Reflected.Cross-Site.Scripting HIGH" "grid-kit-premium 2.1.2 Reflected.Cross-Site.Scripting HIGH" "grid-kit-premium 2.1.2 Reflected.Cross-Site.Scripting HIGH" "gallery-factory-lite No.known.fix Contributor+.Stored.XSS MEDIUM" "google-mobile-sitemap No.known.fix Cross-Site.Request.Forgery MEDIUM" "gutenify 1.4.1 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "google-picasa-albums-viewer 4.0.3 Reflected.Cross-Site.Scripting MEDIUM" "greenshiftwoo 1.9.8 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "geo-request No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "geo-request No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "glorious-sites-installer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "glorious-sites-installer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "get-directions 2.16.2 Reflected.Cross-Site.Scripting MEDIUM" "get-directions 2.15.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gift-voucher 4.4.1 Cross-Site.Request.Forgery MEDIUM" "gift-voucher 4.3.3 Subscriber+.SQLi HIGH" "gift-voucher 4.1.8 Unauthenticated.Blind.SQL.Injection HIGH" "gfirem-fields No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gfirem-fields No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gfirem-fields No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "gourl-bitcoin-payment-gateway-paid-downloads-membership 1.4.14 Shell.Upload HIGH" "goftino 1.7 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "geounit-maps 0.0.7 Reflected.Cross-Site.Scripting MEDIUM" "gg-woo-feed 1.2.7 Missing.Authorization MEDIUM" "gg-woo-feed No.known.fix Unauthenticated.Settings.Update MEDIUM" "gsheetconnector-gravityforms-pro 4.3.6 Access.Code.Update.via.CSRF MEDIUM" "goauth No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "goauth 2.20 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gift-message-for-woocommerce 1.7.5 Reflected.Cross-Site.Scripting MEDIUM" "gift-message-for-woocommerce 1.6.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "global-multisite-search No.known.fix CSRF.Bypass MEDIUM" "gamipress-reset-user 1.0.1 Reset.User.<=.1.0.0.-.GamiPress.User.Data.Removal.via.CSRF MEDIUM" "gf-insightly 1.0.7 Reflected.Cross-Site.Scripting HIGH" "gallery-videos 2.2.6 Admin+.SQLi MEDIUM" "gallery-videos 1.7.7 Admin+.Stored.XSS LOW" "gsheetconnector-caldera-forms 1.3 Access.Code.Update.via.CSRF MEDIUM" "go-fetch-jobs-jobengine No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "go-fetch-jobs-jobengine No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "gm-woocommerce-quote-popup 3.2 Reflected.XSS HIGH" "gm-woocommerce-quote-popup 3.1 Arbitrary.Enquiry.Deletion.via.CSRF MEDIUM" "gm-woocommerce-quote-popup 3.1 Admin+.Stored.XSS LOW" "gm-woocommerce-quote-popup 3.1 Cross-Site.Request.Forgery MEDIUM" "gm-woocommerce-quote-popup 3.1 Unauthenticated.Stored.XSS HIGH" "gm-woocommerce-quote-popup 3.2 Reflected.XSS HIGH" "gs-behance-portfolio 3.0.2 Reflected.Cross-Site.Scripting MEDIUM" "gwolle-gb 4.2.0 Reflected.Cross-Site.Scripting MEDIUM" "gwolle-gb 2.5.4 Cross-Site.Scripting.(XSS) MEDIUM" "gwolle-gb 2.1.1 Cross-Site.Request.Forgery.(CSRF) CRITICAL" "genesis-simple-love No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "garden-gnome-package 2.2.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "gamipress 6.8.9 Broken.Access.Control LOW" "gamipress 6.8.6 Cross-Site.Request.Forgery MEDIUM" "gamipress 6.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "gamipress 6.8.7 Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "gamipress 2.5.7.1 Unauthenticated.SQLi HIGH" "gmace No.known.fix Arbitrary.File.Creation/Deletion/Update.via.CSRF HIGH" "gmace No.known.fix Admin+.Path.Traversal MEDIUM" "google-maps-anywhere No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "gdpr-compliance-cookie-consent 1.3 CSRF MEDIUM" "gravity-forms-sms-notifications 2.4.0 Cross-Site.Scripting.(XSS) MEDIUM" "google-pagespeed-insights 4.0.7 Multiple.CSRF MEDIUM" "google-pagespeed-insights 4.0.4 Reflected.Cross-Site.Scripting MEDIUM" "guest-author-affiliate 1.1.6 Reflected.Cross-Site.Scripting MEDIUM" "guest-author-affiliate 1.1.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "google-analytics-for-wordpress 8.22.0 Missing.Authorization MEDIUM" "google-analytics-for-wordpress 8.14.1 Contributor+.Stored.XSS MEDIUM" "google-analytics-for-wordpress 8.12.1 Contributor+.Stored.XSS MEDIUM" "google-analytics-for-wordpress 8.9.1 Stored.Cross-Site.Scripting.via.Google.Analytics MEDIUM" "generate-child-theme 2.0.1 Cross-Site.Request.Forgery.via.process_create_form() MEDIUM" "generate-child-theme 1.6 Unauthorised.Plugin's.Setting.Change MEDIUM" "gallery-with-thumbnail-slider 6.1 Contributor+.Stored.XSS MEDIUM" "gmb-manager No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "goolytics-simple-google-analytics 1.1.2 Simple.Google.Analytics.<.1.1.2.-.Admin+.Stored.Cross-Site.Scripting LOW" "gum-elementor-addon 1.3.6 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "gum-elementor-addon 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Price.Table.and.Post.Slider.Widgets MEDIUM" "gum-elementor-addon 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.Meta.Widget MEDIUM" "gs-testimonial 3.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gs-testimonial 1.9.7 Contributor+.Stored.XSS MEDIUM" "gs-testimonial 1.9.7 Author+.Stored.Cross-Site.Scripting MEDIUM" "gallery-bank 4.0.19 Reflected.Cross-Site.Scripting MEDIUM" "gallery-bank No.known.fix Author+.Stored.XSS.via.Gallery.Description MEDIUM" "gallery-bank No.known.fix Author+.Stored.XSS.via.Media.Upload.Module MEDIUM" "gallery-bank 3.0.330 Authenticated.Blind.SQL.Injection MEDIUM" "gravity-forms-pdf-extended 6.3.1 Reflected.Cross-Site.Scripting MEDIUM" "gallery-metabox No.known.fix Subscriber+.Unauthorized.Data.Access MEDIUM" "gallery-metabox No.known.fix Gallery.Removal.via.CSRF MEDIUM" "gt3-photo-video-gallery 2.7.7.22 GT3.Image.Gallery.&.Gutenberg.Block.Gallery.<.2.7.7.22.-.Authenticated.(Author+).Cross-Site.Scripting MEDIUM" "gAppointments No.known.fix Admin+.Stored.XSS LOW" "gAppointments 1.10.0 Reflected.Cross-Site.Scripting HIGH" "gm-woo-product-list-widget No.known.fix Reflected.XSS HIGH" "generateblocks 1.8.3 Contributor+.Arbitrary.Draft/Private.Post.Access LOW" "generateblocks 1.4.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "gratisfaction-all-in-one-loyalty-contests-referral-program-for-woocommerce 4.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "google-maps-widget 4.25 Admin+.Stored.XSS LOW" "gs-woo-variation-swatches 1.6.0 Reflected.Cross-Site.Scripting MEDIUM" "hrm 2.2.6 Multiple.Issues HIGH" "hostinger 1.9.8 Unauthenticated.Maintenance.Mode.Toggle MEDIUM" "hire-me-widget 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "hire-me-widget 1.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "honeypot 2.1.14 Reflected.XSS HIGH" "honeypot 1.5.7 Authenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "history-log-by-click5 1.0.13 Admin+.Time-Based.Blind.SQL.Injection MEDIUM" "happy-elementor-addons-pro 2.10.0 Reflected.Cross-Site.Scripting HIGH" "happy-elementor-addons-pro 2.8.1 Reflected.XSS HIGH" "happy-elementor-addons-pro 1.17.0 Contributor+.Stored.XSS MEDIUM" "honeypot-for-wp-comment No.known.fix Reflected.Cross-Site.Scripting.via.page MEDIUM" "honeypot-for-wp-comment No.known.fix Directory.Traversal.to.Unauthenticated.Arbitrary.File.Deletion CRITICAL" "hooked-editable-content No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hooked-editable-content No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "html5-soundcloud-player-with-playlist No.known.fix Authenticated.(Author+).PHP.Object.Injection HIGH" "hl-twitter No.known.fix Settings.Update.via.CSRF MEDIUM" "hl-twitter No.known.fix Unlink.Twitter.Account.via.CSRF MEDIUM" "hl-twitter No.known.fix Admin+.Stored.XSS.via.Widget LOW" "hdw-tube No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "hm-multiple-roles 1.9 Reflected.Cross-Site.Scripting MEDIUM" "hm-multiple-roles 1.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "hm-multiple-roles 1.3 Arbitrary.Role.Change CRITICAL" "hub2word No.known.fix Subscriber+.Arbitrary.Options.Update CRITICAL" "hashthemes-demo-importer 1.1.2 Improper.Access.Control.to.Blog.Reset HIGH" "how-to-wp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "header-enhancement 1.5 Unauthorised.Plugin's.Setting.Change MEDIUM" "hdw-player-video-player-video-gallery No.known.fix Cross-Site.Scripting MEDIUM" "html5-video-player 2.5.35 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Options.Update MEDIUM" "html5-video-player 2.5.33 Missing.Authorization.in.multiple.functions.via.h5vp_ajax_handler MEDIUM" "html5-video-player 2.5.31 Missing.Authorization MEDIUM" "html5-video-player 2.5.32 Authenticated.(Subscriber+).Information.Exposure MEDIUM" "html5-video-player 2.5.27 Unauthenticated.SQLi HIGH" "html5-video-player 2.5.25 Unauthenticated.SQLi HIGH" "html5-video-player 2.5.19 Subscriber+.Stored.XSS HIGH" "house-manager No.known.fix Reflected.XSS HIGH" "ht-menu-lite 1.2.2 Cross-Site.Request.Forgery MEDIUM" "ht-slider-for-elementor 1.4.0 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "ht-contactform 1.1.6 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "hm-testimonial No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hm-testimonial 1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "header-image-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hueman-addons No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "hal 2.2 Admin+.Stored.Cross-Site.Scripting LOW" "helpie-faq 1.9.13 Reflected.Cross-Site.Scripting MEDIUM" "helpie-faq 1.9.9 Reflected.XSS MEDIUM" "helpie-faq 1.7.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "helpie-faq 0.7.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "hot-linked-image-cacher No.known.fix Image.upload/cache.abuse.via.CSRF LOW" "houzez-theme-functionality 3.2.3 Functionality.<.3.2.3.-.Authenticated.(Seller+).SQL.Injection HIGH" "hms-testimonials 2.0.11 CSRF MEDIUM" "hmapsprem 2.2.3 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "happy-scss-compiler No.known.fix Compile.SCSS.to.CSS.automatically.<=.1.3.10.-.Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "highlight 0.9.3 Authenticated.Stored.Cross-Site.Scripting LOW" "hotjar 1.0.16 Admin+.Stored.XSS MEDIUM" "hm-cool-author-box-widget 2.9.5 Reflected.Cross-Site.Scripting MEDIUM" "hashbar-wp-notification-bar 1.4.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "hashbar-wp-notification-bar 1.3.6 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "htaccess-redirect No.known.fix Reflected.Cross-Site.Scripting HIGH" "hs-brand-logo-slider No.known.fix Authenticated.Arbitrary.File.Upload CRITICAL" "ht-easy-google-analytics 1.1.8 Reflected.Cross-Site.Scripting MEDIUM" "ht-easy-google-analytics 1.2.0 Missing.Authorization.to.Unauthenticated.GA4.Email.Update MEDIUM" "ht-easy-google-analytics 1.0.7 Plugin.Activation.via.CSRF MEDIUM" "hitsteps-visitor-manager 5.87 Admin+.Stored.XSS LOW" "hitsteps-visitor-manager 5.87 Arbitrary.Settings.Update.via.CSRF MEDIUM" "hotel-listing 1.3.7 Subscriber+.Privilege.Escalation CRITICAL" "hotel-listing 1.3.3 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "header-footer-elementor 1.6.36 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "header-footer-elementor 1.6.36 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Site.Title.Widget MEDIUM" "header-footer-elementor 1.6.26.1 Contributor+.Stored.XSS MEDIUM" "header-footer-elementor 1.6.27 Authenticated.(Author+).HTML.Injection MEDIUM" "header-footer-elementor 1.6.29 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "header-footer-elementor 1.6.25 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "header-footer-elementor 1.5.8 Header,.Footer.&.Blocks.Template.<.1.5.8.-.Contributor+.Stored.XSS MEDIUM" "hiweb-migration-simple No.known.fix hiWeb.Migration.Simple.<=.2,0,0,1.Reflected.Cross-Site.Scripting HIGH" "ht-instagram 1.2.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ht-instagram 1.2.8 Cross-Site.Request.Forgery MEDIUM" "hummingbird-performance 3.9.2 Missing.Authorization MEDIUM" "hummingbird-performance 3.9.2 Cross-Site.Request.Forgery MEDIUM" "hummingbird-performance 3.7.4 Missing.Authorization MEDIUM" "hummingbird-performance 3.4.2 Unauthenticated.Path.Traversal HIGH" "hummingbird-performance 3.3.2 Admin+.Stored.Cross-Site.Scripting LOW" "ht-portfolio 1.1.6 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "hide-shipping-method-for-woocommerce 1.3.3 Reflected.Cross-Site.Scripting MEDIUM" "hide-shipping-method-for-woocommerce 1.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "hide-my-wp 5.2.02 Hidden.Login.Page.Disclosure MEDIUM" "hide-my-wp 5.0.20 IP.Address.Spoofing MEDIUM" "homepage-product-organizer-for-woocommerce No.known.fix Subscriber+.SQLi HIGH" "htaccess 1.8.2 CSRF.to.edit..htaccess HIGH" "htaccess 1.7.6 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "helloasso 1.1.11 Missing.Authorization.to.Authenticated.(Contributor+).Limited.Options.Update MEDIUM" "helloasso 1.1.11 Missing.Authorization MEDIUM" "helloasso 1.1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "helloasso 1.1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "heart-this No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "happyforms 1.26.1 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "happyforms 1.25.11 Missing.Authorization MEDIUM" "happyforms 1.25.10 Reflected.Cross-Site.Scripting MEDIUM" "happyforms 1.22.0 Contributor+.Stored.XSS MEDIUM" "h5p 1.15.8 Contributor+.Stored.XSS MEDIUM" "header-footer-code-manager 1.1.35 Snippets.Activation/Deactivation/Deletion.via.CSRF MEDIUM" "header-footer-code-manager 1.1.24 Reflected.Cross-Site.Scripting MEDIUM" "header-footer-code-manager 1.1.17 Reflected.Cross-Site.Scripting MEDIUM" "header-footer-code-manager 1.1.14 Admin+.SQL.Injections MEDIUM" "hotscot-contact-form 1.3 Admin+.SQL.Injection MEDIUM" "hermit No.known.fix Unauthenticated.SQLi HIGH" "hermit No.known.fix Arbitrary.Cache/Source.Deletion.&.Source.Creation.via.CSRF MEDIUM" "hermit No.known.fix Subscriber+.SQLi HIGH" "hermit No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "haxcan No.known.fix Arbitrary.File.Access MEDIUM" "haxcan No.known.fix CSRF.Bypass MEDIUM" "host-webfonts-local 5.7.10 Unauthenticated.Directory.Deletion.&.Stored.XSS HIGH" "host-webfonts-local 4.5.12 Admin+.Arbitrary.Folder.Deletion.via.Path.Traversal MEDIUM" "host-webfonts-local 4.5.4 Subscriber+.Arbitrary.File/Folder.Deletion CRITICAL" "host-webfonts-local 4.5.4 Unauthenticated.Path.Traversal.in.REST.API MEDIUM" "hc-custom-wp-admin-url No.known.fix Unauthenticated.Secret.URL.Disclosure MEDIUM" "hc-custom-wp-admin-url No.known.fix Unauthenticated.Arbitrary.Settings.Update.via.CSRF MEDIUM" "hero-maps-pro No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "hover-image No.known.fix CSRF MEDIUM" "html5-audio-player 2.2.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "html5-audio-player 2.2.22 Best.WordPress.Audio.Player.Plugin.<.2.2.22.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "html5-audio-player 2.1.12 Contributor+.Stored.XSS MEDIUM" "html5-audio-player 2.1.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "hurrytimer 2.10.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "happy-elementor-addons 3.11.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.PDF.View.Widget MEDIUM" "happy-elementor-addons 3.11.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Gradient.Heading.Widget MEDIUM" "happy-elementor-addons 3.11.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.Navigation.Widget MEDIUM" "happy-elementor-addons 3.11.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Accordion MEDIUM" "happy-elementor-addons 3.10.9 Contributor+.Stored.XSS MEDIUM" "happy-elementor-addons 3.10.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Event.Calendar.Widget MEDIUM" "happy-elementor-addons 3.10.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Stack.Group.Widget MEDIUM" "happy-elementor-addons 3.10.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "happy-elementor-addons 3.10.5 Contributor+.Stored.XSS MEDIUM" "happy-elementor-addons 3.10.6 Contributor+.Stored.XSS.via.HTML.Tags MEDIUM" "happy-elementor-addons 3.10.4 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.title_tag MEDIUM" "happy-elementor-addons 3.10.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Calendy MEDIUM" "happy-elementor-addons 3.10.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.Title.HTML.Tag MEDIUM" "happy-elementor-addons 3.10.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Photo.Stack.Widget MEDIUM" "happy-elementor-addons 3.10.5 Incorrect.Authorization.to.Information.Exposure MEDIUM" "happy-elementor-addons 3.10.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Page.Title.HTML.Tag MEDIUM" "happy-elementor-addons 3.10.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Archive.Title.Widget MEDIUM" "happy-elementor-addons 3.10.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Author.Meta.Widget MEDIUM" "happy-elementor-addons 3.10.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "happy-elementor-addons 3.10.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "happy-elementor-addons 3.10.2 Missing.Authorization.via.add_row_actions MEDIUM" "happy-elementor-addons 3.10.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "happy-elementor-addons 3.10.0 Reflected.Cross-Site.Scripting HIGH" "happy-elementor-addons 3.10.0 Contributor+.SSRF LOW" "happy-elementor-addons 3.8.3 Cross-Site.Request.Forgery MEDIUM" "happy-elementor-addons 2.24.0 Contributor+.Stored.XSS MEDIUM" "highlight-search-terms-results 1.04 Reflected.Cross-Site.Scripting MEDIUM" "hcaptcha-for-forms-and-more 4.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.cf7-hcaptcha.Shortcode MEDIUM" "hd-quiz 1.8.12 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.plugin.settings MEDIUM" "hd-quiz 1.8.4 Authenticated.Stored.XSS MEDIUM" "html5-mp3-player-with-playlist No.known.fix Authenticated.(Author+).PHP.Object.Injecton HIGH" "html5-mp3-player-with-playlist 2.8.0 Full.Path.Disclosure.(FPD) MEDIUM" "hungarian-pickup-points-for-woocommerce 1.9.0.3 Multiple.CSRF MEDIUM" "hana-flv-player No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "helpdeskwp No.known.fix Editor+.Stored.XSS LOW" "html5-responsive-faq No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "hover-effects 2.1.1 Admin+.LFI MEDIUM" "helloprint 1.4.7 Reflected.Cross-Site.Scripting MEDIUM" "horizontal-scrolling-announcement No.known.fix Authenticated.(subscriber+).Blind.SQL.Injection HIGH" "horizontal-scrolling-announcement No.known.fix Horizontal.scrolling.announcement.for.WordPress.<=.9,2.Contributor+.Stored.XSS MEDIUM" "hm-logo-showcase 2.0.4 Reflected.Cross-Site.Scripting MEDIUM" "hm-logo-showcase 1.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "houzez-crm 1.4.3 Authenticated.(Seller+).SQL.Injection HIGH" "hypercomments No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "html2wp No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "html2wp No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "html2wp No.known.fix Subscriber+.Arbitrary.File.Deletion HIGH" "heateor-social-login 1.1.33 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "heateor-social-login 1.1.33 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "heateor-social-login 1.1.32 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "heateor-social-login 1.1.31 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "hash-form 1.1.1 Unauthenticated.PHP.Object.Injection HIGH" "hash-form 1.1.1 Unauthenticated.Arbitrary.File.Upload.to.Remote.Code.Execution CRITICAL" "holler-box 2.3.3 Admin+.Stored.XSS LOW" "holler-box 2.1.4 Admin+.SQL.Injection MEDIUM" "hero-banner-ultimate 1.4 Contributor+.Stored.XSS MEDIUM" "health-check 1.6.0 CSRF MEDIUM" "health-check 1.2.4 Missing.Authorization.Checks MEDIUM" "hash-elements 1.3.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.url.Parameter.in.Multiple.Widgets MEDIUM" "hash-elements 1.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "h5p-css-editor No.known.fix Reflected.Cross-Site.Scripting HIGH" "hostel 1.1.5.3 Reflected.XSS HIGH" "hostel 1.1.5.4 Cross-Site.Request.Forgery MEDIUM" "hostel 1.1.5.2 Admin+.Stored.XSS LOW" "hostel 1.1.4 Unauthenticated.Stored.XSS MEDIUM" "html5-mp3-player-with-mp3-folder-feedburner-playlist No.known.fix Authenticated.(Author+).PHP.Object.Injection HIGH" "hreflang-manager-lite 1.07 Cross-Site.Request.Forgery MEDIUM" "http-headers 1.19.0 Admin+.SSRF MEDIUM" "http-headers 1.19.0 Admin+.Stored.XSS LOW" "http-headers 1.18.11 Admin+.Remote.Code.Execution MEDIUM" "http-headers 1.18.8 Admin+.SQL.Injection MEDIUM" "homepage-pop-up No.known.fix CSRF MEDIUM" "homepage-pop-up No.known.fix Admin+.Stored.XSS LOW" "hotjar-connecticator No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "hotjar-connecticator No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "hqtheme-extra No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hqtheme-extra No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "horizontal-scrolling-announcements 2.5 .Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "header-footer-code 1.2 Admin+.Stored.XSS LOW" "header-footer-code 1.2 Admin+.Stored.XSS.via.CSS.Styles LOW" "http-https-remover 3.2.4 Plugin.Installation.via.CSRF MEDIUM" "http-https-remover 3.2.4 Subscriber+.Plugin.Installation MEDIUM" "hide-my-site No.known.fix Unauthenticated.Information.Exposure MEDIUM" "hot-random-image 1.8.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "html-forms 1.3.34 Bulk.Delete.via.CSRF MEDIUM" "html-forms 1.3.33 Admin+.Stored.XSS LOW" "html-forms 1.3.30 Admin+.Stored.XSS LOW" "html-forms 1.3.25 Admin+.SQLi MEDIUM" "html5-maps 1.7.1.5 Arbitrary.Settings.Update.via.CSRF MEDIUM" "html5-maps 1.6.5.7 CSRF.&.XSS HIGH" "html5-virtual-classroom No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "history-collection No.known.fix Arbitraty.File.Download HIGH" "hide-admin-bar-based-on-user-roles 3.5.0 Reflected.Cross-Site.Scripting MEDIUM" "hide-admin-bar-based-on-user-roles 3.1.0 Settings.Update.via.CSRF MEDIUM" "hide-admin-bar-based-on-user-roles 3.0.0 Subscriber+.Settings.Update MEDIUM" "http-auth 1.0.0 Settings.Update.via.CSRF MEDIUM" "handl-utm-grabber 2.6.5 Authenticated.Option.Change.via.CSRF HIGH" "hpbtool No.known.fix Admin+.Stored.Cross.Site.Scripting LOW" "helpful 4.5.26 Information.Disclosure MEDIUM" "helpful 4.5.15 Votes.Tampering MEDIUM" "helpful 4.4.59 Admin+.Stored.Cross-Site.Scripting LOW" "handsome-testimonials 2.1.1 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "hkdev-maintenance-mode 3.0.2 Unauthenticated.IP.Spoofing MEDIUM" "hkdev-maintenance-mode 3.0.2 Unauthenticated.Post/Page.Content.Disclosure MEDIUM" "hercules-core 6.7 Missing.Authorization.to.Settings.Update MEDIUM" "hercules-core 6.5 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "heureka 1.1.0 Cross-Site.Request.Forgery MEDIUM" "host-analyticsjs-local 4.7.15 Unauthenticated.Settings.Update MEDIUM" "host-analyticsjs-local 4.1.9 Admin+.Arbitrary.Folder.Deletion.via.Path.Traversal MEDIUM" "ht-mega-for-elementor 2.5.8 Authenticated.(Contributor+).JSON.File.Directory.Traversal MEDIUM" "ht-mega-for-elementor 2.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "ht-mega-for-elementor 2.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Video.Player.Widget.Settings MEDIUM" "ht-mega-for-elementor 2.5.3 Contributor+.Stored.XSS MEDIUM" "ht-mega-for-elementor 2.5.3 Subscriber+.Options.Update HIGH" "ht-mega-for-elementor 2.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Tooltip.&.Popover.Widget MEDIUM" "ht-mega-for-elementor 2.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Gallery.Justify MEDIUM" "ht-mega-for-elementor 2.4.8 Missing.Authorization.to.Information.Exposure MEDIUM" "ht-mega-for-elementor 2.5.0 Contributor+.Stored.XSS.via.Countdown.Widget MEDIUM" "ht-mega-for-elementor 2.4.9 Contributor+.Stored.XSS.via.Accordion/FAQ MEDIUM" "ht-mega-for-elementor 2.4.7 Unauthenticated.Order.Data.Disclosure HIGH" "ht-mega-for-elementor 2.5.0 Contributor+.Stored.XSS.via.Image.Grid.Widget MEDIUM" "ht-mega-for-elementor 2.4.7 Contributor+.Stored.XSS.via.size MEDIUM" "ht-mega-for-elementor 2.4.7 Contributor+.Stored.XSS.via.Lightbox.Widget MEDIUM" "ht-mega-for-elementor 2.4.4 Contributor+.Stored.XSS MEDIUM" "ht-mega-for-elementor 2.4.7 Contributor+.Directory.Traversal HIGH" "ht-mega-for-elementor 2.4.5 Contributor+.Stored.Cross-Site.Scripting.via.Post.Carousel.Widget MEDIUM" "ht-mega-for-elementor 2.4.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.titleTag MEDIUM" "ht-mega-for-elementor 2.3.4 Arbitrary.Plugin/Theme.Activation.via.CSRF MEDIUM" "ht-mega-for-elementor 2.3.9 Reflected.Cross-Site.Scripting HIGH" "ht-mega-for-elementor 1.5.7 Absolute.Addons.for.Elementor.Page.Builder.<.1.5.7.-.Contributor+.Stored.XSS MEDIUM" "hr-management 1.1.2 Unauthenticated.PHP.Object.Injection HIGH" "highlight-focus No.known.fix Admin+.Stored.Cross.Site.Scripting LOW" "headline-analyzer 1.3.4 Cross-Site.Request.Forgery MEDIUM" "headline-analyzer 1.3.2 Missing.Authorization.via.REST.APIs MEDIUM" "hitpay-payment-gateway No.known.fix Information.Exposure.via.Log.Files MEDIUM" "heat-trackr 1.01 XSS MEDIUM" "hk-filter-and-search No.known.fix Contributor+.Local.File.Inclusion HIGH" "hk-filter-and-search 2.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "ht-event 1.4.6 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "heateor-social-comments 1.6.2 Contributor+.Stored.XSS MEDIUM" "i-recommend-this 3.9.0 Admin+.Stored.XSS LOW" "i-recommend-this No.known.fix CSRF MEDIUM" "i-recommend-this 3.8.2 Authenticated.SQL.Injection HIGH" "icalendrier 1.81 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "integration-for-szamlazz-hu-gravity-forms 1.2.7 Multiple.CSRF MEDIUM" "insert-estimated-reading-time No.known.fix Admin+.Stored.XSS LOW" "image-protector No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "icegram 3.1.26 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "icegram 3.1.25 Missing.Authorization MEDIUM" "icegram 3.1.25 Missing.Authorization.to.Unauthenticated.Message.Duplication MEDIUM" "icegram 3.1.22 Contributor+.Campaign.Status.Toggle./.Duplication LOW" "icegram 3.1.19 Cross-Site.Request.Forgery.via.save_campaign_preview MEDIUM" "icegram 3.1.20 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Campaign.Message MEDIUM" "icegram 3.1.12 Reflected.XSS HIGH" "icegram 2.1.8 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "icegram 2.0.5 Reflected.Cross-Site.Scripting MEDIUM" "icegram 2.0.3 Admin+.Stored.Cross-Site.Scripting LOW" "icegram 1.10.29 CSRF.to.Stored.XSS MEDIUM" "icegram 1.9.19 Cross-Site.Request.Forgery.(CSRF).&.XSS MEDIUM" "imagelinks-pro 1.5.3 Reflected.Cross-Site.Scripting HIGH" "inline-tweet-sharer 2.6 Admin+.Stored.XSS LOW" "interactive-polish-map 1.2.1 Admin+.Stored.XSS LOW" "images-asynchronous-load 1.06 Reflected.Cross-Site.Scripting MEDIUM" "interactive-geo-maps 1.6.1 Reflected.Cross-Site.Scripting MEDIUM" "interactive-geo-maps 1.5.11 Editor+.Stored.XSS LOW" "interactive-geo-maps 1.5.9 Contributor+.Stored.XSS MEDIUM" "interactive-geo-maps 1.5.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "inquiry-cart No.known.fix Stored.XSS.via.CSRF HIGH" "import-social-statistics 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "import-social-statistics No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "import-social-statistics No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "inspirational-quote-rotator No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "insert-pages 3.7.5 Contributor+.Stored.XSS MEDIUM" "insert-pages 3.7.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "insert-pages 3.7.0 Contributor+.Arbitrary.Posts/Pages.Access MEDIUM" "insert-pages 3.2.4 Directory.Traversal CRITICAL" "ithemes No.known.fix New-Password.Requirements.Not.Enforced.Until.second.Login HIGH" "ip-address-blocker No.known.fix IP.Spoofing MEDIUM" "ip-address-blocker No.known.fix Cross-Site.Request.Forgery MEDIUM" "invitation-code-content-access 1.5.5 Reflected.Cross-Site.Scripting MEDIUM" "integration-for-szamlazzhu-woocommerce 5.6.3.3 Multiple.CSRF MEDIUM" "ibtana-ecommerce-product-addons 0.2.4 Ecommerce.Product.Addons.<.0.2.4.-.Reflected.Cross-Site.Scripting HIGH" "insert-or-embed-articulate-content-into-wordpress 4.3000000024 Author+.Arbitrary.File.Upload CRITICAL" "insert-or-embed-articulate-content-into-wordpress No.known.fix Author+.Upload.to.RCE CRITICAL" "insert-or-embed-articulate-content-into-wordpress No.known.fix Iframe.Injection LOW" "insert-or-embed-articulate-content-into-wordpress 4.3000000023 Contributor+.Stored.XSS MEDIUM" "insert-or-embed-articulate-content-into-wordpress 4.3000000021 Reflected.Cross-Site.Scripting MEDIUM" "insert-or-embed-articulate-content-into-wordpress 4.3000000016 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "insert-or-embed-articulate-content-into-wordpress 4.29991 Authenticated.Arbitrary.Folder.Deletion.and.Rename MEDIUM" "insert-or-embed-articulate-content-into-wordpress 4.2999 Unauthenticated.RCE CRITICAL" "insert-or-embed-articulate-content-into-wordpress 4.2997 Subscriber+.Arbitrary.Option.Update CRITICAL" "indeed-affiliate-pro 4.0 Authenticated.Stored.XSS MEDIUM" "importify 1.0.5 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "image-upload-for-bbpress 1.1.19 Cross-Site.Request.Forgery.via.hm_bbpui_admin_page MEDIUM" "intergeo-maps No.known.fix Contributor+.Stored.XSS MEDIUM" "intergeo-maps 1.1.6 Reflected.Cross-Site.Scripting MEDIUM" "integration-for-gravity-forms-and-pipedrive 1.0.7 Reflected.Cross-Site.Scripting HIGH" "integration-dynamics 1.3.18 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "import-external-images No.known.fix CSRF MEDIUM" "interactive-world-map 3.4.4 Reflected.Cross-Site.Scripting HIGH" "interactive-world-map 3.4.4 CSRF MEDIUM" "instalinker 1.1.2 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "impreza 8.18 Reflected.Cross-Site.Scripting MEDIUM" "iconic-woothumbs 5.5.4 Reflected.Cross-Site.Scripting MEDIUM" "indeed-membership-pro No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "indeed-membership-pro No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "indeed-membership-pro No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "ideapush 8.66 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "ideapush 8.61 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "ideapush 8.58 Subscriber+.Memory.Tab/Routine/Taxonomy.Creation MEDIUM" "ideapush 8.53 Admin+.Stored.XSS LOW" "iframe 5.1 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "iframe 5.1 Contributor+.Stored.XSS MEDIUM" "iframe 4.9 Contributor+.Stored.XSS LOW" "iframe 4.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'iframe'.Shortcode MEDIUM" "iframe 4.5 Authenticated.Stored.Cross.Site.Scripting.(XSS) MEDIUM" "infusionsoft-landing-pages No.known.fix Settings.Update.via.CSRF MEDIUM" "imdb-widget 1.0.9 Local.File.Inclusion.(LFI) HIGH" "iva-business-hours-pro No.known.fix Unauthenticated.Arbitrary.File.Upload.to.RCE CRITICAL" "integration-of-capsule-crm-for-contact-form-7 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "integration-of-capsule-crm-for-contact-form-7 No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "igniteup No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "igniteup 3.4.1 Multiple.Issues HIGH" "idx-broker-platinum 3.0.6 Reflected.Cross-Site.Scripting HIGH" "idx-broker-platinum 2.6.2 Authenticated.Stored.Cross-Site.Scripting.(XSS).via.unprotected.'idx_update_recaptcha_key'.AJAX MEDIUM" "idx-broker-platinum 2.6.2 Authenticated.Post.Creation,.Modification,.and.Deletion MEDIUM" "integrate-automate No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "integrate-automate 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "integrate-google-drive 1.3.94 Missing.Authorization MEDIUM" "integrate-google-drive 1.3.91 Missing.Authorization MEDIUM" "integrate-google-drive 1.3.91 Missing.Authorization MEDIUM" "integrate-google-drive 1.3.9 Missing.Authorization.to.Unauthenticated.Settings.Modification.and.Export CRITICAL" "integrate-google-drive 1.3.4 Subscriber+.Settings.Update MEDIUM" "integrate-google-drive 1.3.5 Cross-Site.Request.Forgery MEDIUM" "integrate-google-drive 1.3.3 Open.Redirect.via.state MEDIUM" "integrate-google-drive 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "integrate-google-drive 1.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "instantio 1.2.6 CSRF.Bypass MEDIUM" "iws-geo-form-fields No.known.fix Geo.Form.Fields.<=.1.0.-.Unauthenticated.SQLi HIGH" "import-xml-feed 2.1.6 Authenticated.(Administrator+).Arbitrary.File.Upload CRITICAL" "import-xml-feed 2.1.5 Unauthenticated.RCE CRITICAL" "import-xml-feed 2.1.4 Admin+.Arbitrary.File.Upload MEDIUM" "import-xml-feed 2.0.3 Authenticated.Server-side.Request.Forgery.(SSRF) MEDIUM" "image-hover-effects-addon-for-elementor 1.4.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.eihe_link.Parameter MEDIUM" "image-hover-effects-addon-for-elementor 1.4.2 Elementor.Addon.<.1.4.2.-.Authenticated(Contributor+).DOM-based.Stored.Cross-Site.Scripting.via.Image.Hover.Effects.Widget MEDIUM" "image-hover-effects-addon-for-elementor 1.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'eihe_align' MEDIUM" "image-hover-effects-addon-for-elementor 1.3.4 Elementor.Addon.<.1.3.4.-.Contributor+.Stored.XSS MEDIUM" "import-spreadsheets-from-microsoft-excel No.known.fix Authenticated.(Editor+).Arbitrary.File.Upload CRITICAL" "import-spreadsheets-from-microsoft-excel 10.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "information-for-help 0.0.3 Reflected.Cross-Site.Scripting MEDIUM" "idpay-contact-form-7 No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "incoming-links 0.9.10b referrers.php.XSS MEDIUM" "idbbee No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "ibtana-visual-editor 1.2.3.4 WordPress.Website.Builder.<.1.2.3.4.-.Unauthenticated.reCAPTCHA.Settings.Update MEDIUM" "ibtana-visual-editor 1.2.2.1 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "ibtana-visual-editor 1.1.8.8 Contributor+.Stored.XSS.via.Shortcode HIGH" "ibtana-visual-editor 1.1.4.9 Subscriber+.Settings.Update.to.Stored.XSS MEDIUM" "invitation-based-registrations No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "ithemes-sync 3.0.1 Stored.Cross-Site.Scripting.via.packages MEDIUM" "ithemes-sync 2.1.14 Cross-Site.Request.Forgery.and.Missing.Authorization.via.'hide_authenticate_notice' MEDIUM" "insert-post-ads No.known.fix Missing.Authorization MEDIUM" "interact-quiz-embed 3.1 Contributor+.Stored.XSS MEDIUM" "indigitall-web-push-notifications 3.2.3 Admin+.Stored.XSS LOW" "inline-call-to-action-builder-lite 1.1.1 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "icon 1.0.0.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "icon 1.0.0.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "icons-with-links-widget No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "ip2location-country-blocker 2.34.3 Cross-Site.Request.Forgery MEDIUM" "ip2location-country-blocker 2.33.4 Unauthenticated.Sensitive.Information.Exposure.via.Debug.Log.File MEDIUM" "ip2location-country-blocker 2.26.9 Admin+.Stored.Cross-Site.Scripting LOW" "ip2location-country-blocker 2.26.6 Arbitrary.Country.Ban.via.CSRF MEDIUM" "ip2location-country-blocker 2.26.5 Ban.Bypass MEDIUM" "ip2location-country-blocker 2.26.5 Subscriber+.Arbitrary.Country.Ban MEDIUM" "imagemapper No.known.fix Contributor+.Stored.XSS MEDIUM" "imagemapper No.known.fix Settings.Update.via.CSRF MEDIUM" "imagemapper No.known.fix Subscriber+.Arbitrary.Post.Deletion MEDIUM" "imagemapper No.known.fix Stored.XSS.via.CSRF HIGH" "ilab-media-tools 4.5.25 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "ilab-media-tools 4.5.21 Reflected.Cross-Site.Scripting MEDIUM" "ilab-media-tools 4.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "images-to-webp 1.9 Authenticated.Local.File.Inclusion LOW" "images-to-webp 1.9 Multiple.Cross.Site.Request.Forgery.(CSRF) MEDIUM" "instagram-feed 2.9.2 Reflected.Cross-Site.Scripting MEDIUM" "ip-metaboxes No.known.fix Unauthenticated.Reflected.XSS HIGH" "ip-metaboxes No.known.fix Admin+.Stored.XSS LOW" "infogram No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ithemeland-bulk-posts-editing-lite 4.2.4 Cross-Site.Request.Forgery MEDIUM" "ithemeland-bulk-posts-editing-lite 4.2.4 Authenticated.(Subscriber+).Missing.Authorization MEDIUM" "institutions-directory 1.3.1 Subscriber+.Privilege.Escalation CRITICAL" "ipages-flipbook-pro 1.4.3 Reflected.Cross-Site.Scripting HIGH" "i2-pro-cons No.known.fix Contributor+.Stored.XSS MEDIUM" "iq-testimonials No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "ics-calendar 10.12.0.2 Authenticated(Contributor+).Directory.Traversal.via._url_get_contents MEDIUM" "import-holded-products-woocommerce 2.0 Reflected.Cross-Site.Scripting MEDIUM" "import-holded-products-woocommerce 2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "imagemagick-sharpen-resized-images No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "index-wp-mysql-for-speed 1.4.18 Admin+.Reflected.XSS HIGH" "indeed-job-importer No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "infusionsoft 1.5.12 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "infusionsoft 1.5.10 1.5.10.Arbitrary.File.Upload MEDIUM" "integracao-rd-station 5.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "integracao-rd-station 5.2.1 Multiple.CSRF MEDIUM" "inline-google-spreadsheet-viewer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "ifolders 1.5.1 Admin+.XSS MEDIUM" "imdb-info-box No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "insight-core No.known.fix Subscriber+.PHP.Object.Injection.&.Stored.XSS MEDIUM" "iloveimg 1.0.6 iLoveIMG.<.1.0.6.-.Admin+.PHP.Object.Injection HIGH" "interactive-image-map-builder 1.1 Admin+.Stored.XSS LOW" "interactive-world-maps 2.5 Reflected.Cross-Site.Scripting MEDIUM" "inactive-user-deleter 1.60 Cross-Site.Request.Forgery MEDIUM" "infolinks-ad-wrap No.known.fix Settings.Update.via.CSRF MEDIUM" "integration-for-contact-form-7-and-pipedrive 1.2.1 Cross-Site.Request.Forgery MEDIUM" "integration-for-contact-form-7-and-pipedrive 1.1.1 Reflected.Cross-Site.Scripting HIGH" "insert-php 2.5.1 Woody.code.snippets.–.Insert.Header.Footer.Code,.AdSense.Ads.<.2,5,1.-Authenticated.(Contributor+).Remote.Code.Execution CRITICAL" "insert-php No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "insert-php 2.4.6 Reflected.Cross-Site.Scripting MEDIUM" "insert-php 2.3.10 Arbitrary.Settings.Update.via.CSRF MEDIUM" "insert-php 2.3.10 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "insert-php 2.2.9 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "insert-php 2.2.6 Arbitrary.Post.Deletion MEDIUM" "insert-php 2.2.5 Multiple.issues.leading.to.RCE HIGH" "information-reel 10.1 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "image-horizontal-reel-scroll-slideshow 13.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "image-horizontal-reel-scroll-slideshow 13.3 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "ipanorama-360-virtual-tour-builder-lite 1.8.4 Missing.Authorization MEDIUM" "ipanorama-360-virtual-tour-builder-lite 1.8.2 Missing.Authorization MEDIUM" "ipanorama-360-virtual-tour-builder-lite 1.8.1 .Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "ipanorama-360-virtual-tour-builder-lite 1.8.0 Authenticated.(Admin+).SQL.injection HIGH" "ipanorama-360-virtual-tour-builder-lite 1.6.30 Contributor+.Stored.XSS MEDIUM" "ipanorama-360-virtual-tour-builder-lite 1.6.22 Reflected.Cross-Site.Scripting HIGH" "invite-anyone 1.4.8 Reflected.Cross-Site.Scripting MEDIUM" "invite-anyone 1.3.19 Unauthenticated.PHP.Object.Injection CRITICAL" "invite-anyone 1.3.16 Multiple.Issues MEDIUM" "idonate 2.0.0 Admin+.Stored.XSS LOW" "indexisto No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "image-map-pro 5.6.9 Cross-Site.Scripting HIGH" "image-map-pro 5.6.9 Cross-Site.Request.Forgery MEDIUM" "iwp-client 1.12.3.1 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "iwp-client 1.12.1 Unauthenticated.Sensitive.Information.Exposure HIGH" "iwp-client 1.9.4.5 Authentication.Bypass CRITICAL" "image-hover-effects-with-carousel No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via._id,.oxi_addons_f_title_tag,.and.content_description_tag.Parameters MEDIUM" "image-hover-effects-with-carousel 3.0 Reflected.XSS HIGH" "import-shopify-to-woocommerce 1.1.13 Import.Shopify.to.WooCommerce.<.1.1.13.-.Admin+.Arbitrary.File.Access MEDIUM" "inactive-logout 3.2.3 Cross-Site.Request.Forgery MEDIUM" "inactive-logout 3.2.3 Missing.Authorization MEDIUM" "invoicing 2.8.12 Missing.Authorization.via.column_subscription() MEDIUM" "invoicing 2.3.4 Authenticated.Stored.XSS HIGH" "iframe-popup No.known.fix Admin+.Stored.XSS LOW" "independent-analytics 1.25.1 Reflected.Cross-Site.Scripting MEDIUM" "insert-php-code-snippet 1.3.7 Cross-Site.Request.Forgery.to.Code.Snippet.Activate/Deactivate/Deletion MEDIUM" "insert-php-code-snippet 1.3.5 Admin+.Stored.XSS LOW" "improved-include-page No.known.fix Contributor+.Arbitrary.Posts/Pages.Access MEDIUM" "image-map-pro-lite No.known.fix Subscriber+.Stored.XSS MEDIUM" "image-map-pro-lite No.known.fix CSRF.to.Stored.XSS MEDIUM" "inbound-brew No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "inbound-brew No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "inbound-brew No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "instagram-slider-widget No.known.fix Missing.Authorization MEDIUM" "instagram-slider-widget 2.0.7 Admin+.Stored.XSS.via.Feeds LOW" "instagram-slider-widget 2.0.6 Admin+.Stored.XSS.via.API.Key LOW" "instagram-slider-widget 2.0.5 Subscriber+.Stored.XSS.via.Feeds HIGH" "instagram-slider-widget 2.0.5 Subscriber+.Arbitrary.API.Key.Update.to.Stored.XSS HIGH" "instagram-slider-widget 2.0.5 Subscriber+.Arbitrary.Feed.Deletion MEDIUM" "instagram-slider-widget 2.0.5 Reflected.Cross-Site.Scripting MEDIUM" "instagram-slider-widget 1.8.5 Authenticated.Reflected.Cross-Site.Scripting.(XSS) CRITICAL" "import-users-from-csv 1.3 Authenticated.(Admin+).PHP.Object.Injection HIGH" "icons-font-loader 1.1.5 Authenticated(Administrator+).Arbitrary.File.Upload MEDIUM" "icons-font-loader 1.1.2.1 Improper.Neutralization.of.Special.Elements.used.in.an.SQL.Command.('SQL.Injection') HIGH" "image-export No.known.fix Directory.Traversal CRITICAL" "insert-headers-and-footers 2.0.13.1 Reflected.XSS HIGH" "insert-headers-and-footers 2.0.9 Arbitrary.Log.File.Deletion.via.CSRF MEDIUM" "insert-headers-and-footers 2.0.7 Contributor+.WPCode.Library.Auth.Key.Update/Deletion LOW" "inavii-social-feed-for-elementor 2.1.3 Reflected.Cross-Site.Scripting MEDIUM" "icustomizer 1.5.0 Reflected.Cross-Site.Scripting.(XSS) HIGH" "image-hover-effects-ultimate-visual-composer 2.6.1 Authenticated.Arbitrary.Options.Update HIGH" "infusionsoft-official-opt-in-forms No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "infusionsoft-official-opt-in-forms No.known.fix Admin+.Stored.XSS LOW" "iframe-forms No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "ithemes-mobile 1.2.8 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "imagerecycle-pdf-image-compression 3.1.15 Missing.Authorization.in.Several.AJAX.Actions MEDIUM" "imagerecycle-pdf-image-compression 3.1.15 Cross-Site.Request.in.Several.AJAX.Actions MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Cross-Site.Request.Forgery.to.Settings.Update.in.stopOptimizeAll MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Cross-Site.Request.Forgery.to.Settings.Update.in.optimizeAllOn MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Missing.Authorization.to.Settings.Update.in.enableOptimization MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Missing.Authorization.to.Settings.Update.in.disableOptimization MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Missing.Authorization.to.Plugin.Data.Removal.in.reinitialize MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Missing.Authorization.to.Settings.Update.in.optimizeAllOn MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Cross-Site.Request.Forgery.to.Settings.Update.in.enableOptimization MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Missing.Authorization.to.Settings.Update.in.stopOptimizeAll MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Cross-Site.Request.Forgery.to.Settings.Update.in.disableOptimization MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Cross-Site.Request.Forgery.to.Plugin.Data.Removal.in.reinitialize MEDIUM" "imagerecycle-pdf-image-compression 3.1.11 Reflected.XSS HIGH" "imagerecycle-pdf-image-compression 3.1.12 Reflected.XSS HIGH" "image-source-control-isc 2.17.1 Sensitive.Information.Exposure.via.Log.File MEDIUM" "image-source-control-isc 2.3.1 Contributor+.Arbitrary.Post.Meta.Value.Change MEDIUM" "ignitiondeck No.known.fix Missing.Authorization MEDIUM" "image-carousel-for-divi 1.6.1 Reflected.Cross-Site.Scripting MEDIUM" "image-carousel-for-divi 1.5.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "instant-images 6.1.1 Author+.Arbitrary.Options.Update HIGH" "instant-images 5.2.0 Author+.SSRF LOW" "instant-images 4.4.0.1 Authenticated.Stored.XSS.&.XFS MEDIUM" "inpost-gallery 2.1.4.2 Reflected.XSS HIGH" "inpost-gallery 2.1.4.1 Unauthenticated.LFI.to.RCE CRITICAL" "imagements No.known.fix Unauthenticated.Arbitrary.File.Upload.to.RCE CRITICAL" "iksweb 3.8 Admin+.Stored.XSS LOW" "internal-link-building-plugin No.known.fix Admin+.Stored.XSS LOW" "internal-link-building-plugin No.known.fix CSRF MEDIUM" "image-hover-effects-ultimate 9.8.5 Admin+.Stored.XSS LOW" "image-hover-effects-ultimate 9.7.2 Authenticated.Arbitrary.Options.Change HIGH" "image-hover-effects-ultimate 9.8.0 Authenticated.Stored.XSS MEDIUM" "image-hover-effects-ultimate 9.7.2 Reflected.Cross-Site.Scripting MEDIUM" "image-hover-effects-ultimate 9.7.1 Reflected.Cross-Site.Scripting HIGH" "image-hover-effects-ultimate 9.7.0 Unauthenticated.Arbitrary.Option.Update CRITICAL" "ithemes-security-pro 6.8.4 Hide.Backend.Bypass MEDIUM" "image-over-image-vc-extension 3.0 Contributor+.Stored.XSS MEDIUM" "ipages-flipbook 1.5.2 Missing.Authorization MEDIUM" "ipages-flipbook 1.5.0 Authenticated.(Administrator+).SQL.Injection HIGH" "ipages-flipbook 1.4.7 Contributor+.Stored.XSS MEDIUM" "ipages-flipbook 1.4.3 Reflected.Cross-Site.Scripting HIGH" "iflychat No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "iflychat 4.7.0 Admin+.Stored.Cross-Site.Scripting.(XSS) LOW" "instagram-for-wordpress No.known.fix Contributor+.Stored.XSS MEDIUM" "ipblocklist No.known.fix CSRF MEDIUM" "ipanorama-pro 1.6.22 Reflected.Cross-Site.Scripting HIGH" "image-watermark 1.7.4 Missing.Authorization.to.Authenticated.(Subscriber+).Watermark.Modification MEDIUM" "include-lottie-animation-for-elementor 1.10.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "icegram-rainmaker 1.3.15 Missing.Authorization MEDIUM" "icegram-rainmaker 1.3.9 Contributor+.Stored.XSS MEDIUM" "internallink-audit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "imageboss 3.0.6 Admin+.Stored.Cross-Site.Scripting LOW" "ifeature-slider No.known.fix Contributor+.Stored.XSS MEDIUM" "instagrate-to-wordpress 1.3.8 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "image-hover-effects-css3 No.known.fix Admin+.Stored.XSS LOW" "indieweb-post-kinds 1.3.1.1 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "ip-vault-wp-firewall 2.1 IP.Address.Spoofing.to.Protection.Mechanism.Bypass MEDIUM" "ip-vault-wp-firewall 2.1 WP.Firewall.<.2.1.-.Admin+.Stored.XSS LOW" "instagram-widget-by-wpzoom 2.1.14 Missing.Authorization.to.Authenticated.(Subscriber+).Instagram.Image.Deletion MEDIUM" "improved-variable-product-attributes 5.3.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "insta-gallery 4.4.0 Missing.Authorization MEDIUM" "insta-gallery 2.4.8 CSRF.&.Missing.Authorisation.Checks HIGH" "ip-blacklist-cloud No.known.fix Admin+.SQLi MEDIUM" "ip-blacklist-cloud No.known.fix Admin+.Stored.XSS LOW" "ip-blacklist-cloud 3.43 Admin+.Arbitrary.File.Disclosure MEDIUM" "integration-for-billingo-gravity-forms 1.0.4 Multiple.CSRF MEDIUM" "iq-block-country 1.2.20 Protection.Bypass.due.to.IP.Spoofing MEDIUM" "iq-block-country 1.2.13 Admin+.Arbitrary.File.Deletion.via.Zip.Slip MEDIUM" "iq-block-country 1.2.12 Admin+.Stored.Cross-Site.Scripting LOW" "iq-block-country 1.1.20 Reflected.Cross-Site.Scripting.(XSS) CRITICAL" "include-me 1.2.2 Authenticated.Remote.Code.Execution.(RCE).via.LFI.log.poisoning HIGH" "ithemes-exchange 1.12.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "image-vertical-reel-scroll-slideshow 9.1 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "image-vertical-reel-scroll-slideshow No.known.fix Admin+.Stored.XSS LOW" "iubenda-cookie-law-solution 3.3.3 Subscriber+.Privileges.Escalation.to.Admin HIGH" "itempropwp No.known.fix Admin+.Stored.XSS LOW" "imagemagick-engine 1.7.6 PHAR.Deserialization.via.CSRF HIGH" "imagemagick-engine 1.7.6 Command.Injection.via.CSRF HIGH" "instant-css 1.2.2 Theme/CSS/Minify/Preprocessor.Data.Update.via.CSRF MEDIUM" "instant-css 1.1.5 Subscriber+.Unauthorised.AJAX.Calls MEDIUM" "intimate-io-cryptocurrency-payments No.known.fix CSRF.Bypass MEDIUM" "internal-links 2.24.4 Cross-Site.Request.Forgery MEDIUM" "internal-links 2.23.5 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "internal-links 2.23.3 Reflected.Cross-Site.Scripting MEDIUM" "internal-links 1.3.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "internal-link-flow-topical-authority-topical-map No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "images-optimize-and-upload-cf7 No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "image-tag-manager No.known.fix Reflected.Cross-Site.Scripting.via.default_class MEDIUM" "inventorypress No.known.fix Author+.Stored.XSS MEDIUM" "image-hover-effects-visual-composer-extension 5.0 Contributor+.Stored.XSS MEDIUM" "image-regenerate-select-crop 7.3.1 Sensitive.Information.Exposure MEDIUM" "improved-sale-badges 4.4.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "intelligence No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "interactive-3d-flipbook-powered-physics-engine 1.15.7 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "interactive-3d-flipbook-powered-physics-engine 1.15.5 Authenticated.(Author+).Stored.Cross-Site.Scritping.via.Bookmark.URL MEDIUM" "interactive-3d-flipbook-powered-physics-engine 1.15.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Bookmarks MEDIUM" "interactive-3d-flipbook-powered-physics-engine 1.15.3 Contributor+.Stored.XSS MEDIUM" "interactive-3d-flipbook-powered-physics-engine 1.13.3 Contributor+.Stored.XSS MEDIUM" "interactive-3d-flipbook-powered-physics-engine 1.12.1 Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "imagelinks-interactive-image-builder-lite 1.6.0 Admin+.SQLi MEDIUM" "imagelinks-interactive-image-builder-lite 1.5.4 Contributor+.Stored.XSS MEDIUM" "imagelinks-interactive-image-builder-lite 1.5.3 Reflected.Cross-Site.Scripting HIGH" "issues-tracker 1.2.3 Reflected.Cross-Site.Scripting MEDIUM" "issues-tracker 1.0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "icon-widget 1.4.0 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "icon-widget 1.3.0 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "integrar-getnet-con-woo 0.0.5 Unauthenticated.Authorization.Bypass HIGH" "imgspider 2.3.11 Authenticated.(Contributor+).Arbitrary.File.Upload.via.'upload_img_file' HIGH" "imgspider 2.3.11 Authenticated.(Contributor+).Arbitrary.File.Upload.via.'upload' HIGH" "iframe-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "image-optimizer-wd 1.0.27 Admin+.Path.Traversal MEDIUM" "image-optimizer-wd 1.0.27 Reflected.Cross-Site.Scripting HIGH" "ilc-thickbox No.known.fix Settings.update.via.CSRF MEDIUM" "idcrm-contacts-companies 1.0.3 Reflected.Cross-Site.Scripting MEDIUM" "iks-menu 1.11.2 Reflected.Cross-Site.Scripting MEDIUM" "iks-menu 1.9.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "image-gallery-with-slideshow No.known.fix Multiple.XSS.and.SQL.Injection CRITICAL" "inpost-for-woocommerce 1.4.5 Missing.Authorization.to.Unauthenticated.Arbitrary.File.Read.and.Delete CRITICAL" "infographic-and-list-builder-ilist 4.7.5 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Title.Update MEDIUM" "infographic-and-list-builder-ilist 4.6.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "infographic-and-list-builder-ilist 4.3.8 iList.<.4.3.8.-.Unauthenticated.SQL.Injection HIGH" "import-csv-files No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "image-slider-widget 1.1.127 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "image-slider-widget 1.1.123 Arbitrary.Post.Duplication.via.CSRF MEDIUM" "ithemelandco-woo-report 1.5.0 Reflected.Cross-Site.Scripting MEDIUM" "import-legacy-media No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "ipushpull 2.3.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "instawp-connect 0.1.0.45 Authentication.Bypass.to.Admin CRITICAL" "instawp-connect 0.1.0.39 Unauthenticated.Arbitrary.File.Upload CRITICAL" "instawp-connect 0.1.0.39 Missing.Authorization.to.Unauthenticated.API.setup/Arbitrary.Options.Update/Administrative.User.Creation CRITICAL" "instawp-connect 0.1.0.25 Missing.Authorization MEDIUM" "instawp-connect 0.1.0.23 Unauthenticated.Arbitrary.File.Upload CRITICAL" "instawp-connect 0.1.0.9 Authenticated.(Subscriber+).Remote.Code.Execution HIGH" "instawp-connect 0.1.0.10 Missing.Authorization.to.Sensitive.Information.Dislcosure MEDIUM" "instawp-connect 0.1.0.10 Authenticated.(Subscriber+).SQL.Injection HIGH" "instawp-connect 0.1.0.9 Missing.Authorization.to.Arbitrary.Options.Update HIGH" "instawp-connect 0.1.0.9 Cross-Site.Request.Forgery.via.create_file_db_manager MEDIUM" "instawp-connect 0.0.9.19 Unauthenticated.Data.Modification CRITICAL" "intuitive-custom-post-order 3.1.5 Admin+.SQLi LOW" "intuitive-custom-post-order 3.1.4 Subscriber+.Arbitrary.Menu.Order.Update MEDIUM" "intuitive-custom-post-order 3.1.4 Arbitrary.Menu.Order.Update.via.CSRF MEDIUM" "imageseo 3.1.2 Unauthenticated.Full.Path.Disclosure MEDIUM" "imageseo 2.0.8 Settings.Update.via.CSRF LOW" "internal-comments No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "internal-comments 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "innovs-hr-manager No.known.fix Employee.Creation.via.CSRF MEDIUM" "innovs-hr-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "import-users-from-csv-with-meta 1.26.9 Unauthenticated.Information.Exposure MEDIUM" "import-users-from-csv-with-meta 1.26.7 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "import-users-from-csv-with-meta 1.26.7 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "import-users-from-csv-with-meta 1.26.6 Missing.Authorization MEDIUM" "import-users-from-csv-with-meta 1.26.3 Authenticated.(Admin+).PHP.Object.Injection HIGH" "import-users-from-csv-with-meta 1.24.7 Missing.Authorization.via.fire_cron.REST.endpoint MEDIUM" "import-users-from-csv-with-meta 1.24.4 Contributor+.Stored.XSS MEDIUM" "import-users-from-csv-with-meta 1.24.3 Admin+.Arbitrary.File.Read/Deletion MEDIUM" "import-users-from-csv-with-meta 1.20.5 Subscriber+.CSV.Injection MEDIUM" "import-users-from-csv-with-meta 1.19.2.1 Admin+.Stored.Cross-Site.Scripting LOW" "import-users-from-csv-with-meta 1.16.3.6 CSV.Injection MEDIUM" "import-users-from-csv-with-meta 1.15.0.1 Unauthorised.Authenticated.Users.Export LOW" "import-users-from-csv-with-meta 1.14.2.2 CSRF.leading.to.attachment.deletion.&.Path.Traversal HIGH" "import-users-from-csv-with-meta 1.14.1.3 XSS MEDIUM" "import-users-from-csv-with-meta 1.14.0.3 XSS.and.CSRF HIGH" "import-users-from-csv-with-meta 1.12.1 Import.Cross-Site.Scripting.(XSS) MEDIUM" "image-hover-effects 5.6 Caption.Settings.Update.via.CSRF MEDIUM" "image-hover-effects 5.5 Admin+.Stored.XSS LOW" "interactive-medical-drawing-of-human-body 2.6 Admin+.Stored.XSS LOW" "if-so 1.8.0.4 Admin+.Stored.XSS LOW" "if-so 1.8.0.4 Reflected.XSS MEDIUM" "if-so 1.7.1.1 Missing.Authorization MEDIUM" "if-so 1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "intelly-related-posts 3.8.0 Admin+.Stored.XSS LOW" "intelly-related-posts 3.7.0 Reflected.XSS HIGH" "intelly-related-posts 3.4.0 Tracking.Toggle.via.CSRF MEDIUM" "intelly-related-posts 3.6.0 Subscriber+.Password.Protected.Post.Read MEDIUM" "intelly-related-posts 3.5.0 Admin+.Stored.XSS LOW" "intelly-related-posts 3.0.5 Admin+.Cross-Site.Scripting LOW" "ideal-interactive-map No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jetgridbuilder 1.1.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "jet-elements 2.6.20.1 Authenticated.(Contributor+).Arbitrary.Local.File.Inclusion HIGH" "jet-elements 2.6.20.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jet-elements 2.6.13.1 Missing.Authorization.to.Unauthenticated.Arbitrary.Attachment.Download MEDIUM" "jp-staticpagex No.known.fix Arbitrary.Settings.Update.via.CSRF.to.Stored.XSS MEDIUM" "jreviews No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "jazz-popups No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting HIGH" "json-content-importer 1.6.0 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "json-content-importer 1.5.4 Reflected.XSS HIGH" "json-content-importer 1.3.16 Admin+.Stored.XSS LOW" "jw-player-7-for-wp No.known.fix Missing.Authorization MEDIUM" "joli-table-of-contents 2.0.10 Reflected.Cross-Site.Scripting MEDIUM" "joli-table-of-contents 1.3.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "js-css-script-optimizer No.known.fix Cross-Site.Request.Forgery MEDIUM" "jsmol2wp No.known.fix Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "jsmol2wp No.known.fix Unauthenticated.Server.Side.Request.Forgery.(SSRF) HIGH" "job-board 1.1.4 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "job-board 1.0.1 Admin+.Stored.XSS LOW" "jc-importer 2.13.1 Admin+.Server-side.Request.Forgery MEDIUM" "jc-importer 2.4.6 Admin+.Arbitrary.File.Upload.to.RCE MEDIUM" "jeg-elementor-kit 2.6.8 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File MEDIUM" "jeg-elementor-kit 2.6.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.JKit.-.Tabs.and.JKit.-.Accordion.Widgets MEDIUM" "jeg-elementor-kit 2.6.5 Contributor+.Stored.XSS.via.Countdown.Widget MEDIUM" "jeg-elementor-kit 2.6.5 Contributor+.Stored.XSS.via.Elementor.Widget.URL.Custom.Attributes MEDIUM" "jeg-elementor-kit 2.6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.JKit.-.Banner MEDIUM" "jeg-elementor-kit 2.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Box MEDIUM" "jeg-elementor-kit 2.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Testimonial MEDIUM" "jeg-elementor-kit 2.6.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "jeg-elementor-kit 2.5.7 Subscriber+.Authorization.Bypass MEDIUM" "jeg-elementor-kit 2.5.7 Unauthenticated.Settings.Update MEDIUM" "jvm-rich-text-icons 1.2.4 Subscriber+.Arbitrary.File.Upload HIGH" "jvm-rich-text-icons 1.2.7 Subscriber+.Arbitrary.File.Deletion HIGH" "jh-404-logger No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "joli-faq-seo 1.3.3 Cross-Site.Request.Forgery MEDIUM" "joli-faq-seo 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "joli-faq-seo 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "justified-gallery 1.8.0b1 Reflected.Cross-Site.Scripting MEDIUM" "justified-gallery 1.7.1 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "justified-gallery 1.5.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "just-custom-fields No.known.fix Cross-Site.Request.Forgery.via.AJAX.actions MEDIUM" "just-custom-fields No.known.fix Missing.Authorization.via.AJAX.actions MEDIUM" "just-custom-fields No.known.fix Cross-Site.Request.Forgery.on.AJAX.Actions MEDIUM" "just-custom-fields No.known.fix Missing.Authorization.on.AJAX.Actions MEDIUM" "jet-tabs 2.2.3.1 Authenticated.(Contributor+).Arbitrary.Local.File.Inclusion HIGH" "jobwp 2.2 Sensitive.Information.Exposure HIGH" "jobwp 2.0 Reflected.Cross-Site.Scripting MEDIUM" "justified-image-grid No.known.fix Unauthenticated.Server-Side.Request.Forgery MEDIUM" "jquery-validation-for-contact-form-7 5.3 Arbitrary.Options.Update.via.CSRF HIGH" "jquery-accordion-slideshow 8.2 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "judgeme-product-reviews-woocommerce 1.3.21 Contributor+.Stored.XSS MEDIUM" "job-manager-career 1.4.5 Cross-Site.Request.Forgery.to.PHP.Object.Injection HIGH" "job-manager-career 1.4.4 Directory.listing.to.Sensitive.Data.Exposure HIGH" "jetformbuilder 3.3.4.2 Authenticated.(Administrator+).Privilege.Escalation HIGH" "jetformbuilder 3.1.5 Unauthenticated.Content.Injection MEDIUM" "jetformbuilder 3.0.7 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "joomsport-sports-league-results-management 5.5.7 Missing.Authorization MEDIUM" "joomsport-sports-league-results-management 5.2.8 Unauthenticated.SQLi HIGH" "joomsport-sports-league-results-management 5.2.6 Admin+.SQLi MEDIUM" "joomsport-sports-league-results-management 5.1.8 Unauthenticated.PHP.Object.Injection MEDIUM" "joomsport-sports-league-results-management 3.4 SQL.Injection CRITICAL" "jibu-pro No.known.fix Stored.XSS MEDIUM" "job-board-vanilla No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "jet-engine 3.2.5 Missing.Authorization HIGH" "jet-engine 3.2.5 Authenticated.(Contributor+).Privilege.Escalation HIGH" "jet-engine 3.1.3.1 Author+.Remote.Code.Execution HIGH" "jquery-reply-to-comment No.known.fix CSRF.to.Stored.Cross-Site.Scripting HIGH" "json-api-user 3.9.4 Unauthenticated.Privilege.Escalation CRITICAL" "job-postings 2.7.6 Reflected.Cross-Site.Scripting.via.job-search MEDIUM" "job-postings 2.7.6 Reflected.Cross-Site.Scripting MEDIUM" "job-postings 2.7.4 Contributor+.Stored.XSS MEDIUM" "job-postings 2.5.11 Admin+.Stored.XSS LOW" "job-postings 2.6.0 Author+.Stored.XSS MEDIUM" "jet-theme-core 2.2.1 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "joan 5.6.3 Authenticated.Stored.Cross-Site.Scripting LOW" "joan 5.6.2 Reflected.Cross-Site.Scripting HIGH" "joan 5.6.2 Arbitrary.Plugin's.Settings.Update.via.CSRF MEDIUM" "joli-clear-lightbox No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "joli-clear-lightbox 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "jc-ajax-search-for-woocommerce 1.0.3 Reflected.Cross-Site.Scripting MEDIUM" "jungbillig-portfolio-gallery No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "js-support-ticket 2.8.7 Unauthenticated.PHP.Code.Injection.to.Remote.Code.Execution CRITICAL" "js-support-ticket 2.8.4 Missing.Authorization MEDIUM" "js-support-ticket 2.8.2 Unauthenticated.SQL.Injection.via.email.and.trackingid CRITICAL" "js-support-ticket 2.7.8 Best.Help.Desk.&.Support.<.2.7.8.-.Subscriber+.Ticket.Manipulation.via.IDOR MEDIUM" "js-support-ticket 2.7.2 CSRF MEDIUM" "js-support-ticket 2.0.6 CSRF HIGH" "jivochat 1.3.5.4 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "jetpack-boost 3.4.7 Admin+.SSRF MEDIUM" "javascript-logic No.known.fix CSRF.to.Stored.XSS HIGH" "jonradio-private-site 3.1.0 Improper.Access.Control.to.Sensitive.Information.Exposure.via.REST.API MEDIUM" "jonradio-private-site 3.0.8 Arbitrary.Settings.Update.via.CSRF MEDIUM" "jekyll-exporter 2.2.1 Unauthenticated.RCE.via.PHPUnit CRITICAL" "job-manager No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "job-manager No.known.fix .Insecure.Direct.Object.Reference.(IDOR) MEDIUM" "job-manager 0.7.25 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "joy-of-text No.known.fix Settings.Update.via.CSRF MEDIUM" "joy-of-text 2.3.1 Unauthenticated.SQLi HIGH" "jquery-news-ticker 3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "jquery-news-ticker 3.1 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "jtrt-responsive-tables No.known.fix Cross-Site.Request.Forgery MEDIUM" "jtrt-responsive-tables 4.1.2 JTRT.Responsive.Tables.<.4,1,2.–.Authenticated.SQL.Injection HIGH" "job-board-manager 2.1.59 Subscriber+.Stored.XSS HIGH" "jeeng-push-notifications 2.0.4 Admin+.Stored.Cross-Site.Scripting LOW" "js-jobs 2.0.1 Multiple.CSRF MEDIUM" "js-jobs 2.0.1 Missing.Authorization MEDIUM" "js-jobs 2.0.1 Subscriber+.Stored.XSS HIGH" "js-jobs 1.1.9 Unauthenticated.Arbitrary.Plugin.Installation/Activation CRITICAL" "js-jobs 1.0.7 CSRF HIGH" "jquery-vertical-accordion-menu No.known.fix Contributor+.Stored.XSS MEDIUM" "journey-analytics 1.0.13 Unauthorised.AJAX.call.via.CSRF MEDIUM" "jet-blocks 1.3.12.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jet-blocks 1.3.8.1 Reflected.Cross.Site.Scripting MEDIUM" "jupiterx-core 3.4.3 Unauthenticated.Privilege.Escalation CRITICAL" "jupiterx-core 3.3.8 Unauthenticated.Arbitrary.File.Upload CRITICAL" "jupiterx-core No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "jupiterx-core 2.0.7 Subscriber+.Arbitrary.Plugin.Deactivation.and.Settings.Update MEDIUM" "jupiterx-core 2.0.8 Subscriber+.Privilege.Escalation.and.Post.Deletion CRITICAL" "jupiterx-core 2.0.7 Information.Disclosure,.Modification,.and.Denial.of.Service MEDIUM" "jds-portfolio No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "just-tables 1.5.0 Cross-Site.Request.Forgery MEDIUM" "jiangqie-official-website-mini-program 1.1.1 Authenticated.SQL.Injection CRITICAL" "job-portal No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "jm-twitter-cards 14.1.0 Password.Protected.Post.Access MEDIUM" "juicer 1.11 Contributor+.Stored.XSS MEDIUM" "jetwidgets-for-elementor 1.0.18 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.layout_type.and.id.Parameters MEDIUM" "jetwidgets-for-elementor 1.0.17 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Widget.Button.URL MEDIUM" "jetwidgets-for-elementor 1.0.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Animated.Box.Widget MEDIUM" "jetwidgets-for-elementor 1.0.13 Settings.Update.via.CSRF MEDIUM" "jetwidgets-for-elementor 1.0.14 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "jetwidgets-for-elementor 1.0.9 Contributor+.Stored.XSS MEDIUM" "jch-optimize 4.2.1 Authenticated.(Subscriber+).Directory.Traversal MEDIUM" "jch-optimize 3.2.3 Admin+.Stored.XSS LOW" "jquery-collapse-o-matic No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "jquery-collapse-o-matic 1.8.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "jquery-collapse-o-matic No.known.fix Contributor+.Stored.XSS MEDIUM" "jquery-collapse-o-matic 1.8.3 Contributor+.Stored.XSS MEDIUM" "joomdev-wp-pros-cons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jquery-tagline-rotator No.known.fix Reflected.Cross-Site.Scripting HIGH" "jet-search 3.5.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jobboardwp 1.2.2 Unauthenticated.Arbitrary.File.Upload CRITICAL" "jobboardwp 1.1.0 Admin+.Stored.Cross-Site.Scripting LOW" "jayj-quicktag 1.3.2 CSRF HIGH" "jetpack 13.4 Contributor+.Stored.Cross-Site.Scripting.via.wpvideo.Shortcode MEDIUM" "jetpack 13.2.1 Contributor+.Stored.XSS MEDIUM" "jetpack 12.8-a.3 Contributor+.Stored.XSS.via.block.attribute MEDIUM" "jetpack 12.7 Authenticated(Contributor+).Clickjacking.via.Iframe.Injection MEDIUM" "jetpack 12.7 Improper.Authorization.via.WPCom.External.Media.REST.endpoints MEDIUM" "jetpack 12.1.1 Author+.Arbitrary.File.Manipulation.via.API HIGH" "jetpack 9.8 Carousel.Module.Non-Published.Page/Post.Attachment.Comment.Leak MEDIUM" "jetpack 7.9.1 Vulnerability.in.Shortcode.Embed.Code MEDIUM" "jetpack 6.5 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "jetpack 4.0.4 Multiple.Vulnerabilities MEDIUM" "jetwoo-widgets-for-elementor 1.1.8 Authenticated.(Contributor+).Limited.Local.File.Inclusion HIGH" "jquery-t-countdown-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.tminus.Shortcode MEDIUM" "jquery-t-countdown-widget 2.3.24 Contributor+.Stored.XSS MEDIUM" "jazzcash-woocommerce-gateway No.known.fix Reflected.Cross-Site.Scripting HIGH" "just-writing-statistics 4.6 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "korea-sns 1.6.5 Settings.Update.via.CSRF MEDIUM" "kattene 1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kenta-blocks 1.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kenta-blocks 1.3.4 Reflected.Cross-Site.Scripting MEDIUM" "ketchup-restaurant-reservations No.known.fix Unauthenticated.Stored.XSS HIGH" "ketchup-restaurant-reservations No.known.fix Unauthenticated.Blind.SQLi HIGH" "kanban No.known.fix Missing.Authorization MEDIUM" "kanban No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kanban 2.5.21 Admin+.Stored.XSS LOW" "kanban 2.5.21 Admin+.Stored.XSS LOW" "kanban No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "kau-boys-backend-localization No.known.fix Settings.Update.via.CSRF MEDIUM" "kaswara No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "knr-author-list-widget 3.0.0 Unauthenticated.SQL.Injection CRITICAL" "kioken-blocks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "kingcomposer No.known.fix Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "kingcomposer No.known.fix Open.Redirect MEDIUM" "kingcomposer 2.9.5 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "kingcomposer 2.9.4 Multiple.Critical.Issues CRITICAL" "kingcomposer 2.8.2 Authenticated.Stored.XSS HIGH" "kingcomposer 2.8.1 Reflected.Cross-Site.Scripting MEDIUM" "kraken-image-optimizer 2.6.6 Settings.Update.via.CSRF MEDIUM" "kbucket 4.1.5 Reflected.XSS MEDIUM" "kbucket 4.1.6 Admin+.Stored.XSS LOW" "kopatheme No.known.fix Cross-Site.Request.Forgery MEDIUM" "kodex-posts-likes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kodex-posts-likes 2.5.0 Settings.Update.via.CSRF MEDIUM" "krsp-frontend-file-upload No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "krsp-frontend-file-upload No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "kodo-qiniu 1.5.1 Cross-Site.Request.Forgery MEDIUM" "keydatas 2.6.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "kjm-admin-notices No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "keep-backup-daily 2.0.3 Reflected.Cross-Site.Scripting MEDIUM" "kontxt-semantic-engine No.known.fix CSRF.Bypass MEDIUM" "kangu 2.2.10 Reflected.XSS HIGH" "kalender-digital 1.0.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kento-post-view-counter No.known.fix CSRF.&.multiple.XSS HIGH" "konnichiwa No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "klarna-checkout-for-woocommerce 2.0.10 Authenticated.Arbitrary.Plugin.Deactivation,.Activation.and.Installation CRITICAL" "kudos-donations 3.1.2 Arbitrary.Items.Deletion.via.CSRF HIGH" "kk-star-ratings 5.4.6 Rating.Tampering.via.Race.Condition LOW" "kk-star-ratings 5.4.6 Missing.Authorization MEDIUM" "kk-star-ratings 5.4.5 Reflected.Cross-Site.Scripting MEDIUM" "kk-star-ratings 5.2.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "kivicare-clinic-management-system No.known.fix Authenticated.(Patient+).Insecure.Direct.Object.Reference MEDIUM" "kivicare-clinic-management-system 3.2.1 Subscriber+.Unauthorised.AJAX.Calls HIGH" "kivicare-clinic-management-system 3.2.1 Reflected.Cross-Site.Scripting HIGH" "kivicare-clinic-management-system 3.2.1 Multiple.CSRF HIGH" "kivicare-clinic-management-system 3.2.1 Subscriber+.Sensitive.Information.Disclosure MEDIUM" "kivicare-clinic-management-system 2.3.9 Unauthenticated.SQLi HIGH" "kwayy-html-sitemap 4.0 Admin+.Stored.XSS LOW" "knight-lab-timelinejs No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "knight-lab-timelinejs 3.9.3.4 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "knight-lab-timelinejs 3.7.0.0 Outdated.TimelineJS.library.could.Lead.to.Stored.XSS MEDIUM" "kubio 2.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kanzu-support-desk No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kanzu-support-desk No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "kanzu-support-desk No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "kadence-starter-templates 1.2.17 Admin+.PHP.Object.Injection MEDIUM" "kb-support 1.6.1 Missing.Authorization MEDIUM" "kb-support 1.5.6 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "kadence-woocommerce-email-designer 1.5.12 CSRF MEDIUM" "kadence-woocommerce-email-designer 1.5.7 Admin+.PHP.Objection.Injection MEDIUM" "kimili-flash-embed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kimili-flash-embed No.known.fix Cross-Site.Request.Forgery MEDIUM" "klarna-payments-for-woocommerce 3.3.0 Missing.Authorization MEDIUM" "kitestudio-core 2.3.1 Reflected.Cross-Site-Scripting MEDIUM" "kali-forms 2.3.42 Missing.Authorization MEDIUM" "kali-forms 2.3.42 Missing.Authorization.to.Arbitrary.Plugin.Deactivation HIGH" "kali-forms 2.3.37 Kali.Forms.<.2.3.37.-.Insecure.Direct.Object.Reference MEDIUM" "kali-forms 2.3.28 Kali.Forms.<.2.3.28.-.Missing.Authorization.via.Contact.Form MEDIUM" "kali-forms 2.3.29 Kali.Forms.<.2.3.29.-.Missing.Authorization.via.get_log MEDIUM" "kali-forms 2.1.2 Form.builder.by.Kali.Forms.<.2.1.2.-.Unauthenticated.Arbitrary.Post.Deletion HIGH" "kali-forms 2.1.2 Form.builder.by.Kali.Forms.<.2.1.2.-.Multiple.CSRF.Bypass.Issues MEDIUM" "kali-forms 2.1.2 Form.builder.by.Kali.Forms.<.2.1.2.-.Authenticated.Plugin's.Settings.Change HIGH" "kd-coming-soon No.known.fix Unauthenticated.PHP.Object.Injection.via.cetitle HIGH" "kiwi-logo-carousel 1.7.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "kn-fix-your No.known.fix Authenticated.Stored.XSS LOW" "keyword-meta No.known.fix CSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "kp-fastest-tawk-to-chat No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "klaviyo 3.0.10 Admin+.Stored.XSS LOW" "klaviyo 3.0.8 Admin+.Stored.XSS LOW" "kkprogressbar No.known.fix Progress.Bar.Deletion.via.CSRF MEDIUM" "kkprogressbar No.known.fix Admin+.SQL.Injection MEDIUM" "kkprogressbar No.known.fix Stored.XSS.via.CSRF HIGH" "kaya-qr-code-generator 1.5.3 Contributor+.Stored.XSS MEDIUM" "kadence-blocks 3.2.53 Contributor+.Stored.XSS MEDIUM" "kadence-blocks 3.2.46 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.HTML.Data.Attributes MEDIUM" "kadence-blocks 3.2.43 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.in.Google.Maps.Widget MEDIUM" "kadence-blocks 3.2.39 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.titleFont.Parameter MEDIUM" "kadence-blocks 3.2.37 Contributor+.Stored.XSS MEDIUM" "kadence-blocks 3.2.38 Contributor+.Stored.Cross-Site.Scripting.via.Typer.Effect MEDIUM" "kadence-blocks 3.2.38 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "kadence-blocks 3.2.37 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Timer MEDIUM" "kadence-blocks 3.2.37 Contributor+.Stored.Cross-Site.Scripting.via.Block.Link MEDIUM" "kadence-blocks 3.2.35 Contributor+.Stored.XSS MEDIUM" "kadence-blocks 3.2.12 Contributor+.Server-Side.Request.Forgery HIGH" "kadence-blocks 3.2.32 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.and.CountUp.Widget MEDIUM" "kadence-blocks 3.2.18 Authenticated(Editor+).Stored.Cross-Site.Scripting.via.Contact.Form.Message.Settings MEDIUM" "kadence-blocks 3.2.26 Authenticated.(Author+).Server-Side.Request.Forgery MEDIUM" "kadence-blocks 3.2.20 Contributor+.Server-Side.Request.Forgery MEDIUM" "kadence-blocks 3.2.26 Contributor+.Stored.XSS MEDIUM" "kadence-blocks 3.2.26 Contributor+.Stored.XSS MEDIUM" "kadence-blocks 3.2.26 Contributor+.Stored.XSS MEDIUM" "kadence-blocks 3.2.24 Contributor+.Stored.XSS MEDIUM" "kv-tinymce-editor-fonts No.known.fix Font.List.Update.via.CSRF MEDIUM" "kiwi-social-share 2.1.8 Information.Disclosure MEDIUM" "kiwi-social-share 2.1.3 Kiwi.2.1.0.-.Unauthenticated.Arbitrary.WordPress.Options.Update.and.Read CRITICAL" "kiwi-social-share 2.0.11 Kiwi.<.2.0.11.-.Arbitrary.WordPress.Options.Update CRITICAL" "kvoucher No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kvoucher No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "kenta-companion 1.1.9 Reflected.Cross-Site.Scripting MEDIUM" "kadence-blocks-pro 2.3.8 Contributor+.Arbitrary.Option.Access MEDIUM" "ko-fi-button 1.3.3 Admin+.Stored.XSS LOW" "kama-clic-counter 3.5.0 Authenticated.Blind.SQL.Injection HIGH" "kama-clic-counter 3.5.0 XSS MEDIUM" "kunze-law 2.1 Admin+.Stored.Cross-Site.Scripting LOW" "login-with-ajax 4.2 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "login-with-ajax 4.2 Missing.Authorization MEDIUM" "localseomap-for-elementor No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "list-pages-shortcode 1.7.6 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "light-messages No.known.fix CSRF.to.Stored.XSS HIGH" "lgx-owl-carousel No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lifterlms 7.7.6 Authenticated.(Admin+).SQL.Injection HIGH" "lifterlms 7.6.3 Authenticated.(Contributor+).SQL.Injection.via.Shortcode CRITICAL" "lifterlms 7.5.1 Cross-Site.Request.Forgery MEDIUM" "lifterlms 7.5.2 Missing.Authorization.via.process_review MEDIUM" "lifterlms 7.5.0 Authenticated(Administrator+).Directory.Traversal.to.Arbitrary.CSV.File.Deletion LOW" "lifterlms 4.21.2 Access.Other.Student.Grades/Answers.via.IDOR MEDIUM" "lifterlms 4.21.1 Reflected.Cross-Site.Scripting.(XSS).via.Coupon.Code.in.Checkout MEDIUM" "lifterlms 4.21.1 Authenticated.Stored.XSS.in.Edit.Profile HIGH" "lifterlms 3.37.15 Arbitrary.File.Writing CRITICAL" "lifterlms 3.35.1 Unauthenticated.Options.Import CRITICAL" "lastudio-element-kit 1.3.9.2 Contributor+.Stored.XSS MEDIUM" "lastudio-element-kit 1.3.9 Authenticated.(Contributor+).Local.File.Inclusion.via.'progress_type' MEDIUM" "lastudio-element-kit 1.3.9 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "lastudio-element-kit 1.3.7.4 Missing.Authorization MEDIUM" "lastudio-element-kit 1.3.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "lastudio-element-kit 1.3.7.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.LaStudioKit.Post.Author.Widget MEDIUM" "lastudio-element-kit 1.3.7.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lastudio-element-kit 1.1.6 Missing.Authorization MEDIUM" "livechat-woocommerce 2.2.17 Cross-Site.Request.Forgery MEDIUM" "lana-shortcodes 1.2.0 Contributor+.Stored.XSS MEDIUM" "lead-capturing-call-to-actions-by-vcita No.known.fix Settings.Update.Via.CSRF MEDIUM" "lead-capturing-call-to-actions-by-vcita 2.7.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "loginpress 1.6.3 Unauthenticated.Settings.Update MEDIUM" "loginpress 1.5.12 Reflected.Cross-Site.Scripting MEDIUM" "loginpress 1.1.14 Unauthorized.Blind.SQL.Injection CRITICAL" "league-table-lite 1.14 Tables.Cloning/Update/Deletion.via.CSRF MEDIUM" "livesupporti No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "lws-cleaner 2.3.1 Cross-Site.Request.Forgery MEDIUM" "livestream-notice 1.3.0 Admin+.Stored.XSS LOW" "lawpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "lawpress 1.4.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "local-delivery-drivers-for-woocommerce 1.9.1 Missing.Authorization.to.Driver.Account.Takeover HIGH" "local-delivery-drivers-for-woocommerce 1.9.0 Reflected.Cross-Site.Scripting MEDIUM" "local-delivery-drivers-for-woocommerce 1.8.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "linker 1.2.2 Contributor+.Stored.XSS MEDIUM" "launchpad-by-obox No.known.fix Admin+.Stored.XSS LOW" "launchpad-by-obox No.known.fix CSRF MEDIUM" "laposta No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "logo-slider No.known.fix Admin+.SQLi MEDIUM" "lifterlms-gateway-paypal 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "lws-affiliation No.known.fix Missing.Authorization MEDIUM" "livechat-elementor 1.0.14 Cross-Site.Request.Forgery MEDIUM" "logo-showcase-ultimate 1.4.2 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "logo-showcase-ultimate 1.3.9 Authenticated(Contributor+).PHP.Object.Injection HIGH" "location-weather 1.3.4 Contributor+.Stored.XSS MEDIUM" "login-logo-editor-by-oizuled No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "leopard-wordpress-offload-media No.known.fix WordPress.offload.media.<=.2.0.36.-.Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "leopard-wordpress-offload-media No.known.fix WordPress.offload.media.<=.2.0.36.-.Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "leaky-paywall 4.21.3 Cross-Site.Request.Forgery MEDIUM" "leaky-paywall 4.20.9 Missing.Authorization.to.Price.Manipulation MEDIUM" "leaky-paywall 4.16.7 Admin+.Stored.Cross-Site.Scripting LOW" "libreform 2.0.9 Unauthenticated.Arbitrary.Submissions.Listing.&.Deletion HIGH" "list-category-posts 0.89.7 Contributor+.Stored.XSS MEDIUM" "list-category-posts 0.89.4 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "logaster-logo-generator No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "layerslider 7.11.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.ls_search_form.Shortcode MEDIUM" "layerslider 7.10.1 7.10.0.-.Unauthenticated.SQL.Injection CRITICAL" "layerslider 7.7.10 Cross-Site.Request.Forgery MEDIUM" "layerslider 7.7.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "login-with-phone-number 1.7.50 Authenticated.(Subscriber+).Authorization.Bypass.to.Privilege.Escalation HIGH" "login-with-phone-number 1.7.36 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "login-with-phone-number 1.7.35 Insecure.Password.Reset.Mechanism HIGH" "login-with-phone-number 1.7.27 Authentication.Bypass.due.to.Missing.Empty.Value.Check CRITICAL" "login-with-phone-number 1.7.20 Missing.Authorization MEDIUM" "login-with-phone-number 1.6.94 Missing.Authorization MEDIUM" "login-with-phone-number 1.7.17 Unauthorized.Account.Password.Change.to.Privilege.Escalation HIGH" "login-with-phone-number 1.6.94 Cross-Site.Request.Forgery MEDIUM" "login-with-phone-number 1.5.7 User.Password.Change.via.CSRF HIGH" "login-with-phone-number 1.4.2 Reflected.Cross-Site.Scripting HIGH" "login-with-phone-number 1.3.8 Multiple.Admin+.Stored.XSS LOW" "login-with-phone-number 1.3.7 Unauthenticated.remote.plugin.deletion MEDIUM" "logo-scheduler-great-for-holidays-events-and-more 1.2.2 Admin+.Stored.XSS LOW" "last-viewed-posts 1.0.1 Unauthenticated.PHP.Object.Injection CRITICAL" "log-http-requests 1.3.2 Stored.Cross-Site.Scripting MEDIUM" "ldap-ad-staff-employee-directory-search 1.3 Admin.LDAP.Credentials.Retrieval LOW" "ldap-ad-staff-employee-directory-search 1.2.3 Improper.escaping.of.LDAP.entries HIGH" "lw-all-in-one 1.6.5 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "lead-form-builder 1.9.2 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "lead-form-builder No.known.fix Admin+.Stored.XSS LOW" "lead-form-builder 1.9.0 Cross-Site.Request.Forgery MEDIUM" "lead-form-builder 1.9.0 Missing.Authorization MEDIUM" "lead-form-builder 1.7.4 Multiple.Subscriber+.Settings.Update MEDIUM" "lead-form-builder 1.7.0 Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "lead-form-builder 1.6.8 Subscriber+.Arbitrary.Lead.Deletion MEDIUM" "lead-form-builder 1.6.4 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "logdash-activity-log 1.1.4 Unauthenticated.SQLi HIGH" "lws-tools 2.4.2 Cross-Site.Request.Forgery MEDIUM" "lbstopattack 1.1.3 Arbitrary.Settings.Update.via.CSRF MEDIUM" "laposta-signup-basic 1.4.2 CSRF MEDIUM" "laposta-signup-basic 1.4.2 Missing.Authorization MEDIUM" "login-or-logout-menu-item 1.2.0 Unauthenticated.Options.Change MEDIUM" "list-all-posts-by-authors-nested-categories-and-titles 2.8.3 CSRF MEDIUM" "logo-showcase-with-slick-slider 3.2.1 Reflected.Cross-Site.Scripting MEDIUM" "logo-showcase-with-slick-slider 2.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "logo-showcase-with-slick-slider 2.0.1 Arbitrary.Media.Title/Description/Alt.Text/URL.Update.via.CSRF MEDIUM" "logo-showcase-with-slick-slider 1.2.5 Subscriber+.Arbitrary.Media.Title/Description/Alt.Text/URL.Update MEDIUM" "logo-showcase-with-slick-slider 1.2.4 Author+.Stored.Cross.Site.Scripting MEDIUM" "login-and-logout-redirect No.known.fix .Open.Redirect MEDIUM" "linked-orders-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "linked-orders-for-woocommerce 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "language-switcher-for-transposh 1.6.0 Reflected.Cross-Site.Scripting MEDIUM" "login-logout-menu 1.4.0 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "layouts-for-elementor 1.8 Missing.Authorization.to.Unauthenticated.Arbitrary.File.Upload CRITICAL" "liquid-speech-balloon 1.2 Settings.Update.via.CSRF MEDIUM" "lightbox-popup 2.1.6 Admin+.Stored.XSS LOW" "link-library 7.7.2 Reflected.Cross-Site.Scripting MEDIUM" "link-library 7.6.4 Reflected.Cross-Site.Scripting MEDIUM" "link-library 7.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.link-library.Shortcode MEDIUM" "link-library 7.6.1 Reflected.Cross-Site.Scripting MEDIUM" "link-library 7.6.7 Reflected.Cross-Site.Scripting MEDIUM" "link-library 7.6.1 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "link-library 7.6 Cross-Site.Request.Forgery.via.action_admin_init MEDIUM" "link-library 7.6 Reflected.Cross-Site.Scripting.via.'link_price'.and.'link_tags' MEDIUM" "link-library 7.4.1 Admin+.Stored.XSS LOW" "link-library 7.2.9 Reflected.Cross-Site.Scripting MEDIUM" "link-library 7.2.8 Unauthenticated.Arbitrary.Links.Deletion MEDIUM" "link-library 7.2.8 Library.Settings.Reset.via.CSRF MEDIUM" "letsrecover-woocommerce-abandoned-cart 1.2.0 Unauthenticated.SQLi HIGH" "letsrecover-woocommerce-abandoned-cart 1.2.0 Admin+.SQLi MEDIUM" "letsrecover-woocommerce-abandoned-cart 1.2.0 Admin+.SQLi MEDIUM" "learning-management-system 1.11.5 LMS.<.1.11.5.-.Authenticated.(Student+).Insecure.Direct.Object.Reference MEDIUM" "learning-management-system 1.12.0 LMS.<.1.12.0.-.Missing.Authorization MEDIUM" "learning-management-system 1.11.5 LMS.<.1.11.5.-.Missing.Authorization MEDIUM" "learning-management-system 1.7.4 LMS.<.1.7.4.-.Insecure.Direct.Object.Reference MEDIUM" "learning-management-system 1.7.3 LMS.<.1.7.3.-.Unauthenticated.Privilege.Escalation CRITICAL" "learning-management-system 1.6.8 Information.Exposure MEDIUM" "live-chat-facebook-fanpage No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "learnpress-import-export 4.0.4 Reflected.Cross-Site.Scripting MEDIUM" "learnpress-import-export 4.0.4 Authenticated.(Administrator+).SQL.Injection CRITICAL" "learnpress-import-export 4.0.3 Reflected.XSS HIGH" "latex No.known.fix Arbitrary.Settings.Update.via.CSRF.to.Stored.XSS MEDIUM" "logo-manager-for-enamad No.known.fix Admin+.Stored.XSS.via.Widget LOW" "logo-manager-for-enamad No.known.fix Stored.XSS.via.CSRF HIGH" "live-scores-for-sportspress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "live-scores-for-sportspress 1.9.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "live-scores-for-sportspress 1.9.1 Reflected.Cross-Site.Scripting HIGH" "live-scores-for-sportspress 1.9.1 Authenticated.Local.File.Inclusion MEDIUM" "leaflet-maps-marker 3.12.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "leaflet-maps-marker 3.12.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "leaflet-maps-marker 3.12.7 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "leaflet-maps-marker 3.12.5 Admin+.SQLi MEDIUM" "limit-attempts 1.3.0 Reflected.Cross-Site.Scripting MEDIUM" "limit-attempts 1.1.8 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "limit-attempts 1.1.1 SQL.Injection CRITICAL" "like-box 0.8.41 Contributor+.Stored.XSS MEDIUM" "like-box 0.8.40 Admin+.Stored.XSS LOW" "livejournal-shortcode No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "lazy-load-for-videos 2.18.3 Arbitrary.Settings.Update.via.CSRF MEDIUM" "leadin 11.1.34 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.HubSpot.Meeting.Widget MEDIUM" "leadin 8.8.15 Contributor+.Blind.SSRF MEDIUM" "livemesh-table-rate-shipping 1.2 Reflected.Cross-Site.Scripting MEDIUM" "login-screen-manager No.known.fix Stored.XSS.via.CSRF HIGH" "login-screen-manager No.known.fix Admin+.Stored.XSS LOW" "livesync No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "link-to-bible 2.5.10 Administrator+.Stored.XSS LOW" "lara-google-analytics 2.0.5 Authenticated.Stored.XSS HIGH" "login-with-cognito 1.4.9 Admin+.Stored.XSS LOW" "login-with-cognito 1.4.4 Reflected.Cross-Site.Scripting.via.appId HIGH" "live-composer-page-builder 1.5.43 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "live-composer-page-builder 1.5.43 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "live-composer-page-builder No.known.fix Author+.Stored.XSS MEDIUM" "live-composer-page-builder 1.5.39 Missing.Authorization MEDIUM" "live-composer-page-builder 1.5.36 Cross-Site.Request.Forgery MEDIUM" "live-composer-page-builder 1.5.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "live-composer-page-builder 1.5.29 .Author+.PHP.Object.Injection MEDIUM" "live-composer-page-builder 1.5.23 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "lava-directory-manager No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "lava-directory-manager No.known.fix Unauthenticated.Stored.XSS HIGH" "livemesh-dynamic-pricing 1.2 Reflected.Cross-Site.Scripting MEDIUM" "live-weather-station 3.8.13 Mode.Switch.via.CSRF MEDIUM" "listplus No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "leadsquared-suite No.known.fix Admin+.Stored.XSS LOW" "leadsquared-suite No.known.fix CSRF MEDIUM" "list-categories 0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "list-custom-taxonomy-widget 4.2 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "loco-translate 2.6.10 Cross-Site.Request.Forgery MEDIUM" "loco-translate 2.6.1 Authenticated.Stored.Cross-Site.Scripting HIGH" "loco-translate 2.5.4 Authenticated.PHP.Code.Injection HIGH" "loco-translate 2.2.2 Authenticated.LFI MEDIUM" "lktags-linkedin-insight-tags 1.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "lawyer-directory 1.2.9 Subscriber+.Privilege.Escalation CRITICAL" "logwpmail No.known.fix Email.Logs.Publicly.Accessible HIGH" "license-manager-for-woocommerce 3.0.7 Improper.Authorization.to.Authenticated(Contributor+).Sensitive.Information.Exposure MEDIUM" "license-manager-for-woocommerce 2.2.11 Authenticated.(Administrator+).SQL.Injection HIGH" "license-manager-for-woocommerce 2.3b1 Reflected.Cross-Site.Scripting MEDIUM" "license-manager-for-woocommerce 2.2.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "loading-page 1.0.83 Admin+.Stored.Cross-Site.Scripting LOW" "lock-user-account 1.0.4 Arbitrary.Account.Lock/Unlock.via.CSRF MEDIUM" "login-designer 1.6.2 Reflected.Cross-Site.Scripting MEDIUM" "limb-gallery 1.5.6 Reflected.Cross-Site.Scripting MEDIUM" "limb-gallery 1.5.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "limb-gallery 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "login-rebuilder 2.8.1 Admin+.Stored.XSS LOW" "lpagery 1.2.6 Reflected.Cross-Site.Scripting MEDIUM" "liveforms 3.4.0 XSS MEDIUM" "liveforms 3.2.0 Visual.Form.Builder.3.0.1.-.Blind.SQL.Injection CRITICAL" "llama-redirect No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "login-with-azure 1.4.5 Reflected.Cross-Site.Scripting.via.appId HIGH" "lws-optimize 2.0 Cross-Site.Request.Forgery MEDIUM" "leaflet-map 3.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "leaflet-map 3.0.0 Arbitrary.Settings.Update.via.CSRF.Leading.to.Stored.XSS MEDIUM" "leaflet-map 3.0.0 Contributor+.Stored.XSS MEDIUM" "launcher No.known.fix Admin+.Stored.XSS MEDIUM" "launcher 1.0.11 Multiple.Stored.XSS MEDIUM" "ldap-login-for-intranet-sites 4.1.10 Unauthenticated.Log.Disclosure MEDIUM" "ldap-login-for-intranet-sites 4.2 Admin.LDAP.Passback LOW" "ldap-login-for-intranet-sites 4.1.6 Sensitive.Information.Disclosure HIGH" "ldap-login-for-intranet-sites 4.1.5 SQL.Injection.via.CSRF LOW" "ldap-login-for-intranet-sites 4.1.1 Unauthenticated.Data.Disclosure MEDIUM" "ldap-login-for-intranet-sites 3.6.95 Reflected.Cross-Site.Scripting HIGH" "link-whisper 0.7.0 Link.Whisper.Free.<.0,7,0 MEDIUM" "link-whisper 0.7.2 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "link-whisper 0.6.9 Reflected.Cross-Site.Scripting MEDIUM" "link-whisper 0.6.6 Authenticated.(Contributor+).SQL.Injection HIGH" "localize-remote-images No.known.fix Settings.Update.via.CSRF MEDIUM" "login-as-users 1.4.4 Missing.Authorization.to.Privielge.Escalation.via.Account.Takeover HIGH" "login-as-users 1.4.3 Authentication.Bypass CRITICAL" "lana-downloads-manager 1.8.0 Contributor+.Arbitrary.File.Download HIGH" "labtools No.known.fix Subscriber+.Arbitrary.Publication.Deletion MEDIUM" "lean-wp No.known.fix Arbitrary.Plugin.Installation.from.Dependency.via.CSRF LOW" "lean-wp No.known.fix Subscriber+.Arbitrary.Plugin.Activation MEDIUM" "link-party No.known.fix Settings.Update.via.CSRF MEDIUM" "link-party No.known.fix Unauthenticated.Stored.XSS HIGH" "link-party No.known.fix Unauthenticated.Arbitrary.Link.Deletion MEDIUM" "link-party No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "likebtn-like-button No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "likebtn-like-button 2.6.45 Arbitrary.e-mail.Sending MEDIUM" "likebtn-like-button 2.6.38 Unauthorised.Vote.Export.to.Email.&.IP.Addresses.Disclosure HIGH" "likebtn-like-button 2.6.32 Unauthenticated.Full-Read.SSRF HIGH" "likebtn-like-button 2.5.4 Unauthenticated.Arbitrary.Blog.Settings.Change HIGH" "lifeline-donation No.known.fix Authentication.Bypass CRITICAL" "login-with-yourmembership 1.1.4 Admin+.Stored.XSS LOW" "localize-my-post No.known.fix Unauthenticated.Local.File.Inclusion.(LFI) HIGH" "lastform No.known.fix Drag.&.Drop.Contact.Form.Builder.<=.1.0.5.-.Admin+.Arbitrary.System.File.Read MEDIUM" "left-right-image-slideshow-gallery 12.1 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "loan-comparison 1.5.3 Reflected.XSS.via.shortcode MEDIUM" "loan-comparison 1.5.3 Contributor+.Stored.XSS.via.shortcode MEDIUM" "locations No.known.fix Contributor+.Stored.XSS MEDIUM" "locations 4.0 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "locations 4.0 Cross-Site.Request.Forgery HIGH" "limit-login-attempts No.known.fix Subscriber+.Stored.XSS HIGH" "limit-login-attempts 1.7.2 Unauthenticated.Stored.XSS HIGH" "limit-login-attempts 1.7.1 Auth.Cookies.Brute.Force.Bypass LOW" "live-news-lite 1.07 Settings.Update.via.CSRF MEDIUM" "locations-and-areas 1.7.2 Reflected.Cross-Site.Scripting MEDIUM" "locations-and-areas 1.7.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "legal-pages 1.4.3 Cross-Site.Request.Forgery MEDIUM" "legal-pages 1.3.9 Cross-Site.Request.Forgery.via.moveToTrash.and.fetch_and_insert_template_data MEDIUM" "legal-pages 1.3.9 Missing.Authorization MEDIUM" "legal-pages 1.3.8 Missing.Authorization.on.'deleteLegalTemplate' MEDIUM" "leadconnector 1.8 Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "link-list-manager No.known.fix Reflected.Cross-Site.Scripting HIGH" "landingi-landing-pages 3.1.2 Cross-Site.Request.Forgery MEDIUM" "learn-manager 1.1.5 Unauthenticated.Arbitrary.User.Field.Edition/Creation MEDIUM" "learn-manager 1.1.3 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "login-block-ips No.known.fix IP.Spoofing.Bypass LOW" "login-block-ips No.known.fix Arbitrary.Setting.Update.via.CSRF MEDIUM" "lordicon-interactive-icons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "learnpress 4.2.7.1 Unauthenticated.SQL.Injection.via.'c_fields' CRITICAL" "learnpress 4.2.7.1 Unauthenticated.SQL.Injection.via.'c_only_fields' CRITICAL" "learnpress 4.2.6.9.4 Authenticated.(Contributor+).SQL.Injection.via.order.Parameter HIGH" "learnpress 4.2.6.9 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "learnpress 4.2.6.9 Cross-Site.Request.Forgery MEDIUM" "learnpress 4.2.6.9 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "learnpress 4.2.6.8.2 Missing.Authorization.to.Unauthenticated.User.Registration.Bypass MEDIUM" "learnpress 4.2.6.8.2 Unauthenticated.Bypass.to.User.Registration MEDIUM" "learnpress 4.2.6.8.1 Basic.Information.Disclosure.via.JSON.API MEDIUM" "learnpress 4.2.6.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "learnpress 4.2.6.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.layout_html.Parameter MEDIUM" "learnpress 4.2.6.6 Unauthenticated.Bypass.to.User.Registration MEDIUM" "learnpress 4.2.6.6 Unauthenticated.Time-Based.SQL.Injection CRITICAL" "learnpress 4.2.6.6 Authenticated.(Instructor+).Arbitrary.File.Upload HIGH" "learnpress 4.2.6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "learnpress 4.2.6.4 Insecure.Direct.Object.Reference MEDIUM" "learnpress 4.2.6.4 Authenticated(LP.Instructor+).Stored.Cross-Site.Scripting MEDIUM" "learnpress 4.0.1 Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "learnpress 4.2.5.8 Unauthenticated.Command.Injection HIGH" "learnpress 4.2.5.8 Unauthenticated.SQLi HIGH" "learnpress 4.2.5.8 Subscriber+.Arbitrary.Course.Progress.Disclosure MEDIUM" "learnpress 4.2.5.5 Reflected.Cross-Site.Scripting HIGH" "learnpress 4.2.0 Unauthenticated.SQLi HIGH" "learnpress 4.2.0 Unauthenticated.LFI CRITICAL" "learnpress 4.2.0 Subscriber+.SQLi HIGH" "learnpress 4.1.7.2 Unauthenticated.PHP.Object.Injection.via.REST.API MEDIUM" "learnpress 4.1.6.7 Reflected.Cross-Site.Scripting MEDIUM" "learnpress 4.1.6 Reflected.Cross-Site.Scripting MEDIUM" "learnpress 4.1.5 Arbitrary.Image.Renaming MEDIUM" "learnpress 4.1.4 Admin+.SQL.Injection MEDIUM" "learnpress 4.1.3.2 Admin+.Stored.Cross-Site.Scripting LOW" "learnpress 4.1.3.1 Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "learnpress 3.2.7.3 CSRF.&.XSS LOW" "learnpress 3.2.6.8 Authenticated.Time.Based.Blind.SQL.Injection HIGH" "learnpress 3.2.6.9 Privilege.Escalation.to."LP.Instructor" HIGH" "learnpress 3.2.6.9 Authenticated.Post.Creation.and.Status.Modification HIGH" "learnpress 3.2.6.7 Privilege.Escalation MEDIUM" "lastunes No.known.fix Settings.Update.via.CSRF HIGH" "luckywp-table-of-contents No.known.fix Admin+.Stored.XSS LOW" "luckywp-table-of-contents No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "luckywp-table-of-contents No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "luckywp-table-of-contents No.known.fix Authenticated(Administrator+).Cross-Site.Scripting MEDIUM" "landing-pages 2.2.5 Reflected.Cross-Site.Scripting.(XSS) HIGH" "landing-pages 1.9.2 Unauthenticated.Remote.Command.Execution MEDIUM" "leadinfo 1.1 Settings.Update.via.CSRF MEDIUM" "login-configurator No.known.fix Reflected.Cross-Site.Scripting HIGH" "login-configurator No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "login-configurator No.known.fix Reflected.XSS HIGH" "libsyn-podcasting No.known.fix Cross-Site.Request.Forgery MEDIUM" "libsyn-podcasting No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "libsyn-podcasting No.known.fix Reflected.XSS HIGH" "libsyn-podcasting No.known.fix Sensitive.Information.Exposure MEDIUM" "login-as-customer-or-user No.known.fix Admin.Account.Takeover HIGH" "login-as-customer-or-user No.known.fix Authentication.Bypass CRITICAL" "login-as-customer-or-user 3.3 Unauthenticated.Privilege.Escalation.to.Admin CRITICAL" "login-as-customer-or-user 2.1 Arbitrary.Plugin.Installation/Activation.via.CSRF CRITICAL" "login-as-customer-or-user 1.8 Arbitrary.Plugin.Installation/Activation.via.Low.Privilege.User CRITICAL" "leadster-marketing-conversacional 1.1.3 Cross-Site.Request.Forgery.via.leadster_script_code_action MEDIUM" "leadster-marketing-conversacional 1.1.3 Settings.Update.via.CSRF MEDIUM" "lana-email-logger 1.1.0 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "leenkme 2.6.0 XSS.&.CSRF MEDIUM" "layouts-importer 1.0.3 Reflected.Cross-Site.Scripting MEDIUM" "loginpress-pro 3.0.0 Unauthenticated.License.Activation/Deactivation MEDIUM" "loginpress-pro 3.0.0 Captcha.Bypass MEDIUM" "logo-carousel-free 3.4.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "logo-carousel-free 3.4.2 Unauthorised.Private.Post.Access MEDIUM" "lazy-facebook-comments 2.0.5 Admin+.Stored.Cross-Site.Scripting LOW" "link-juice-keeper 2.0.3 Admin+.Stored.XSS LOW" "lws-hide-login 2.1.9 Protection.Mechanism.Bypass MEDIUM" "lws-hide-login 2.1.7 Plugin.Settings.Page.Creation.via.CSRF MEDIUM" "login-logout-register-menu No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'llrmloginlogout'.Shortcode MEDIUM" "login-logout-register-menu No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "login-page-styler 6.2.5 Admin+.Stored.XSS LOW" "lh-add-media-from-url 1.30 Reflected.Cross-Site.Scripting MEDIUM" "lh-add-media-from-url 1.23 Reflected.Cross-Site.Scripting MEDIUM" "letterpress No.known.fix Subscriber.Deletion.via.CSRF MEDIUM" "letterpress No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "linkify-text No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "login-attempts-limit-wp No.known.fix IP.Address.Spoofing.to.Protection.Mechanism.Bypass MEDIUM" "login-attempts-limit-wp No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "littlebot-invoices No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "littlebot-invoices No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "light-poll No.known.fix Poll.Answers.Deletion.via.CSRF MEDIUM" "light-poll No.known.fix Polls.Deletion.via.CSRF MEDIUM" "login-form-recaptcha No.known.fix Admin+.Stored.XSS LOW" "leads-5050-visitor-insights 1.1.0 Unauthorised.License.Change HIGH" "leads-5050-visitor-insights 1.0.4 Unauthenticated.License.Change HIGH" "lite-wp-logger No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "lightbox-gallery 0.9.5 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "link-optimizer-lite No.known.fix Stored.Cross-Site.Scripting.via.CSRF HIGH" "landing-page-cat 1.7.3 Unauthenticated.Information.Exposure MEDIUM" "logo-slider-wp 4.0.0 Contributor+.Stored.XSS MEDIUM" "logo-slider-wp 3.6.0 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "lana-text-to-image 1.1.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "listingpro-plugin No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "listingpro-plugin No.known.fix Authenticated.(Subscriber+).SQL.Injection CRITICAL" "listingpro-plugin No.known.fix Unauthenticated.SQL.Injection CRITICAL" "listingpro-plugin No.known.fix Authenticated.(Author+).Local.File.Inclusion HIGH" "loginizer 1.7.9 Reflected.XSS HIGH" "loginizer 1.7.6 Reflected.XSS HIGH" "loginizer 1.7.6 Cross-Site.Request.Forgery MEDIUM" "loginizer 1.6.4 Unauthenticated.SQL.Injection CRITICAL" "loginizer 1.4.0 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "loginizer 1.3.6 Blind.SQL.Injection CRITICAL" "loginizer 1.3.6 Cross-Site.Request.Forgery.(CSRF) HIGH" "latepoint 4.9.9.1 Missing.Authorization.and.Sensitive.Information.Exposure.via.IDOR CRITICAL" "ldap-wp-login-integration-with-active-directory 3.0.2 Reflected.Cross-Site.Scripting MEDIUM" "ldap-wp-login-integration-with-active-directory 3.0.2 Unauthenticated.Settings.Update.to.Auth.Bypass CRITICAL" "lets-box 1.13.3 Reflected.Cross-Site.Scripting MEDIUM" "latest-tweets-widget No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "larsens-calender No.known.fix Stored.Cross-Site.Scripting.(XSS) HIGH" "live-search-xforwc 2.1.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "locked-payment-methods-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "locked-payment-methods-for-woocommerce 1.3.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "login-customizer 2.2.3 Reflected.Cross-Site.Scripting MEDIUM" "login-customizer 2.1.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ladipage No.known.fix Missing.Authorization.via.init_endpoint MEDIUM" "ladipage No.known.fix Missing.Authorization.on.publish_lp() MEDIUM" "ladipage No.known.fix Cross-Site.Request.Forgery.via.publish_lp() MEDIUM" "ladipage No.known.fix Cross-Site.Request.Forgery.via.ladiflow_save_hook() MEDIUM" "ladipage No.known.fix Missing.Authorization.via.ladiflow_save_hook() MEDIUM" "ladipage No.known.fix Missing.Authorization.via.save_config() MEDIUM" "ladipage No.known.fix Cross-Site.Request.Forgery.via.save_config() MEDIUM" "ladipage No.known.fix Cross-Site.Request.Forgery.via.init_endpoint MEDIUM" "ladipage No.known.fix Missing.Authorization MEDIUM" "litespeed-cache 6.5.0.1 Unauthenticated.Sensitive.Information.Exposure.via.Log.Files HIGH" "litespeed-cache 6.4 Unauthenticated.Privilege.Escalation HIGH" "litespeed-cache 6.3 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "litespeed-cache 5.7.0.1 Unauthenticated.Stored.XSS HIGH" "litespeed-cache 5.7.0.1 Unauthenticated.CDN.Status.Update MEDIUM" "litespeed-cache 5.7 Contributor+.Stored.XSS MEDIUM" "litespeed-cache 5.3.1 CSRF MEDIUM" "litespeed-cache 4.4.4 Admin+.Reflected.Cross-Site.Scripting LOW" "litespeed-cache 4.4.4 IP.Check.Bypass.to.Unauthenticated.Stored.XSS HIGH" "litespeed-cache 3.6.1 Authenticated.Stored.Cross-Site.Scripting LOW" "livemesh-weight-based-shipping 1.4 Reflected.Cross-Site.Scripting MEDIUM" "linkworth-wp-plugin 3.3.4 Arbitrary.Setting.Update.via.CSRF MEDIUM" "language-bar-flags No.known.fix CSRF.to.Stored.XSS HIGH" "link-log No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "link-log No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "link-log 2.1 SQL.Injection CRITICAL" "link-log 2.0 HTTP.Response.Splitting HIGH" "login-recaptcha 1.7 IP.Check.Bypass LOW" "leyka 3.31.2 Missing.Authorization MEDIUM" "leyka 3.30.7.1 Subscriber+.Sensitive.Information.Disclosure MEDIUM" "leyka 3.30.4 Admin+.Stored.XSS LOW" "leyka 3.30.3 Reflected.XSS HIGH" "leyka 3.30.3 Subscriber+.Privilege.Escalation HIGH" "leyka 3.30.2 Reflected.XSS HIGH" "leyka 3.30 Unauthenticated.Stored.XSS HIGH" "login-lockdown 2.09 Subscriber+.Options.Leak MEDIUM" "login-lockdown 2.07 Admin+.SQLi MEDIUM" "login-lockdown 2.07 Administrator+.SQL.Injection HIGH" "luckywp-scripts-control No.known.fix Missing.Authorization MEDIUM" "luckywp-scripts-control No.known.fix Missing.Authorization.via.multiple.AJAX.actions MEDIUM" "lightbox-plus 2.8 CSRF.to.XSS MEDIUM" "library-viewer 2.0.6.1 Contributor+.Stored.XSS MEDIUM" "livemesh-siteorigin-widgets 3.3 Reflected.Cross-Site.Scripting MEDIUM" "livemesh-siteorigin-widgets 2.8.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "livemesh-siteorigin-widgets 2.5.2 Subscriber+.Arbitrary.Option.Update CRITICAL" "lightweight-accordion 1.5.17 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "lightweight-accordion 1.5.15 Contributor+.Stored.XSS MEDIUM" "locatoraid 3.9.31 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "locatoraid 3.9.24 Reflected.XSS HIGH" "locatoraid 3.9.19 Subscriber+.Stored.XSS HIGH" "locatoraid 3.9.15 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "locatoraid 3.9.12 CSRF MEDIUM" "laybuy-gateway-for-woocommerce No.known.fix Missing.Authorization MEDIUM" "laybuy-gateway-for-woocommerce No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lock-my-bp 1.7.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "linkedin-login 1.1 Reflected.Cross-Site.Scripting MEDIUM" "limit-login-attempts-reloaded 2.25.27 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "limit-login-attempts-reloaded 2.25.26 Admin+.Missing.Authorization.to.Toggle.Plugin.Auto-Update LOW" "limit-login-attempts-reloaded 2.16.0 Authenticated.Reflected.Cross-Site.Scripting HIGH" "limit-login-attempts-reloaded 2.17.4 Login.Rate.Limiting.Bypass LOW" "mantenimiento-web 0.14 Stored.XSS.via.CSRF MEDIUM" "mantenimiento-web 0.14 Admin+.Stored.XSS LOW" "menu-image 3.11 Admin+.Stored.XSS LOW" "menu-image 3.10 Reflected.Cross-Site.Scripting MEDIUM" "menu-image 3.0.8 Subscriber+.Stored.Cross-Site.Scripting HIGH" "menu-image 3.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "music-store 1.1.14 WordPress.eCommerce.<.1.1.14.-.Authenticated.(Admin+).SQL.Injection CRITICAL" "music-store 1.0.43 Cross-Site.Scripting.(XSS) MEDIUM" "mycred 2.7.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mycred 2.7.3 Unauthenticated.PHP.Object.Injection HIGH" "mycred 2.7.3 Unauthenticated.Information.Exposure MEDIUM" "mycred 2.6.4 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "mycred 2.6.2 Contributor+.Stored.XSS MEDIUM" "mycred 2.5.3 Reflected.Cross-Site.Scripting MEDIUM" "mycred 2.5.1 Cross-Site.Request.Forgery MEDIUM" "mycred 2.4.4.1 Subscriber+.User.E-mail.Addresses.Disclosure MEDIUM" "mycred 2.4.4 Subscriber+.Arbitrary.Post.Creation MEDIUM" "mycred 2.4.4 Subscriber+.Import/Export.to.Email.Address.Disclosure MEDIUM" "mycred 2.4.4 Reflected.Cross-Site.Scripting MEDIUM" "mycred 2.4.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mycred 2.4 Reflected.Cross-Site.Scripting HIGH" "mycred 2.3 Subscriber+.SQL.Injection HIGH" "mycred 1.7.8 Reflected.Cross-Site.Scripting HIGH" "membersonic-lite 1.302 Authentication.Bypass CRITICAL" "mobile-booster No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mobile-booster 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "map-block-gutenberg 1.32 Unauthorised.Google.API.Key.change MEDIUM" "menu-ordering-reservations 2.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "menu-ordering-reservations 2.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "menu-ordering-reservations 2.3.7 Reflected.XSS HIGH" "menu-ordering-reservations 2.3.6 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "menu-ordering-reservations 2.3.1 Unauthorised.AJAX.Calls MEDIUM" "menu-ordering-reservations 2.3.2 Multiple.CSRF MEDIUM" "meow-gallery 5.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "meow-gallery 4.1.9 Contributor+.SQL.Injection HIGH" "meow-gallery 4.2.0 Unauthorised.Arbitrary.Options.Update.via.REST.API HIGH" "microkids-related-posts No.known.fix Cross-Site.Request.Forgery MEDIUM" "miniorange-saml-20-single-sign-on 5.0.5 Missing.Authorization.to.notice.dismissal MEDIUM" "miniorange-saml-20-single-sign-on 16.0.8 Open.Redirect.in.SSO.login MEDIUM" "miniorange-saml-20-single-sign-on 20.0.7 Open.Redirect.in.SSO.login MEDIUM" "miniorange-saml-20-single-sign-on 12.1.0 Open.Redirect.in.SSO.login MEDIUM" "miniorange-saml-20-single-sign-on 4.8.84 Cross-Site.Scripting.(XSS).via.Crafted.SAML.XML.Response MEDIUM" "miniorange-saml-20-single-sign-on 4.8.73 Cross-Site.Scripting.(XSS) MEDIUM" "members-import No.known.fix XSS.via.Imported.CSV MEDIUM" "mihanpanel-lite 12.7 Cross-Site.Request.Forgery MEDIUM" "mage-eventpress 4.2.2 Authenticated.(Contributor+).Local.File.Inclusion CRITICAL" "mage-eventpress 4.1.2 Authenticated.(Contributor+).PHP.Object.Injection.in.mep_event_meta_save HIGH" "mage-eventpress 3.9.6 Editor+.Stored.Cross-Site.Scripting MEDIUM" "mage-eventpress 3.8.7 Admin+.Stored.XSS LOW" "mage-eventpress 3.7.8 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "mage-eventpress 3.8.0 Contributor+.Stored.XSS MEDIUM" "mage-eventpress 3.5.8 Contributor+.SQL.Injection HIGH" "mage-eventpress 3.5.3 Unauthenticated.Arbitrary.Options.Reset HIGH" "mage-eventpress 3.5.3 Unauthenticated.Arbitrary.Elementor.Template.Import MEDIUM" "multiple-domain 1.0.3 XSS.in.Canonical/Alternate.Tags LOW" "mystickymenu 2.7.3 Admin+.Stored.XSS LOW" "mystickymenu 2.7.2 Admin+.Stored.XSS LOW" "mystickymenu 2.6.8 Admin+.Stored.XSS LOW" "mystickymenu 2.6.7 CSV.Export.via.CSRF.to.Sensitive.Information.Disclosure LOW" "mystickymenu 2.6.5 Subscriber+.Arbitrary.Form.Leads.Deletion MEDIUM" "mystickymenu 2.5.2 Authenticated.Stored.XSS MEDIUM" "molie-instructure-canvas-linking-tool No.known.fix Authenticated.SQL.Injection HIGH" "molie-instructure-canvas-linking-tool No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "meta-box 5.9.11 Missing.Authorization.to.Information.Exposure MEDIUM" "meta-box 5.9.4 Contributor+.Arbitrary.Posts'.Custom.Field.Disclosure LOW" "meta-box 5.9.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "meta-box 4.16.3 Unauthorised.File.Deletion MEDIUM" "meta-box 4.16.2 Mishandled.Uploaded.Files HIGH" "miniorange-otp-verification 4.2.2 Missing.Authorization.via.dismiss_notice MEDIUM" "miniorange-login-security 1.0.8 Reflected.Cross-Site.Scripting HIGH" "meeting-scheduler-by-vcita 4.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "meeting-scheduler-by-vcita 4.4.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "meeting-scheduler-by-vcita 4.4.3 Reflected.Cross-Site.Scripting MEDIUM" "meeting-scheduler-by-vcita 4.4.3 Missing.Authorization.to.Unauthenticated.Stored.Cross-Site.Scripting HIGH" "meeting-scheduler-by-vcita 4.4.3 Reflected.Cross-Site.Scripting MEDIUM" "meeting-scheduler-by-vcita 4.3.3 Reflected.XSS HIGH" "meeting-scheduler-by-vcita 4.3.1 Unauthenticated.Stored.Cross-Site.Scripting CRITICAL" "meeting-scheduler-by-vcita 4.3.0 Subscriber+.Denial.of.Service.by.account.logout MEDIUM" "meeting-scheduler-by-vcita No.known.fix Missing.Capability.Checks MEDIUM" "meeting-scheduler-by-vcita No.known.fix Missing.authentication CRITICAL" "meeting-scheduler-by-vcita No.known.fix Denial.of.Service.via.CSRF MEDIUM" "master-blocks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "master-blocks No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "multiparcels-shipping-for-woocommerce 1.16.9 Cross-Site.Request.Forgery MEDIUM" "multiparcels-shipping-for-woocommerce 1.15.4 Reflected.XSS HIGH" "multiparcels-shipping-for-woocommerce 1.15.2 Arbitrary.Shipment.Deletion.via.CSRF MEDIUM" "multiparcels-shipping-for-woocommerce 1.14.14 Subscriber+.Arbitrary.Shipment.Deletion MEDIUM" "multiparcels-shipping-for-woocommerce 1.15.4 Reflected.XSS HIGH" "multiparcels-shipping-for-woocommerce 1.14.15 Subscriber+.SQLi HIGH" "my-content-management 1.7.7 Admin+.Stored.XSS LOW" "mobile-app-builder-by-wappress No.known.fix Unauthenticated.File.Upload CRITICAL" "my-shortcodes No.known.fix Missing.Authorization.via.Multiple.AJAX.Actions MEDIUM" "mass-delete-unused-tags 3.0.0 Tags.Deletion.via.CSRF MEDIUM" "marketing-performance No.known.fix Reflected.XSS HIGH" "menu-shortcode No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "mycurator 3.77 Reflected.Cross-Site.Scripting MEDIUM" "mycurator 3.75 Cross-Site.Request.Forgery MEDIUM" "magical-posts-display 1.2.39 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "memphis-documents-library 3.1.6 Arbitrary.File.Download CRITICAL" "modal-popup-box 1.5.3 Authenticated.(Contributor+).PHP.Object.Injection.in.awl_modal_popup_box_shortcode HIGH" "mybb-cross-poster No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "magic-action-box No.known.fix Contributor+.Stored.XSS MEDIUM" "mortgage-calculators-wp 1.60 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mortgage-calculators-wp 1.56 Admin+.Stored.Cross-Site.Scripting LOW" "meks-themeforest-smart-widget No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "metronet-profile-picture 2.6.2 Authenticated.(Author+).Insecure.Direct.Object.Reference.to.Profile.Picture.Update MEDIUM" "metronet-profile-picture 2.6.0 Arbitrary.User.Picture.Change/Deletion.via.IDOR MEDIUM" "metronet-profile-picture 2.5.0 Sensitive.Information.Disclosure MEDIUM" "mobile-blocks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mobile-blocks 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "m-chart 1.10 Contributor+.Stored.XSS MEDIUM" "mapsvg-lite-interactive-vector-maps 3.3.0 Cross-Site.Request.Forgery.(CSRF) HIGH" "my-wp-translate 1.0.4 CSRF.&.XSS HIGH" "my-chatbot No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "my-chatbot No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "multiple-roles 1.3.2 Cross-Site.Request.Forgery MEDIUM" "multiple-roles 1.3.2 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "mmm-file-list No.known.fix Contributor+.Stored.XSS MEDIUM" "mmm-file-list No.known.fix Subscriber+.Arbitrary.Directory.Listing MEDIUM" "meta-tags-for-seo 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mrkwp-footer-for-divi No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mrkwp-footer-for-divi No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "more-from-google No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mabel-shoppable-images-lite 1.2.4 Arbitrary.Post.Deletion.via.CSRF MEDIUM" "mm-breaking-news No.known.fix Stored.XSS.via.CSRF HIGH" "mm-breaking-news No.known.fix Reflected.XSS MEDIUM" "make-paths-relative No.known.fix Settings.Update.via.CSRF MEDIUM" "mobile-address-bar-changer No.known.fix Settings.Update.via.CSRF MEDIUM" "multi-page-toolkit No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "momoyoga-integration 2.8.0 Contributor+.Stored.XSS MEDIUM" "mesmerize-companion 1.6.149 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.mesmerize_contact_form.Shortcode MEDIUM" "mesmerize-companion 1.6.135 Contributor+.Stored.XSS MEDIUM" "minimal-coming-soon-maintenance-mode 2.39 Missing.Authorization.to.Limited.Settings.Change MEDIUM" "minimal-coming-soon-maintenance-mode 2.38 Unauthenticated.Maintenance.Mode.Bypass LOW" "minimal-coming-soon-maintenance-mode 2.35 Multiple.Authenticated.Stored.XSS LOW" "minimal-coming-soon-maintenance-mode 2.15 Insecure.Permissions:.Enable.and.Disable.Maintenance.Mode HIGH" "minimal-coming-soon-maintenance-mode 2.15 CSRF.to.Stored.XSS.and.Setting.Changes HIGH" "minimal-coming-soon-maintenance-mode 2.17 Insecure.permissions:.Export.Settings/Theme.Change MEDIUM" "mega-forms 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "mega-forms 1.2.5 Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "mycryptocheckout 2.126 CSRF MEDIUM" "mycryptocheckout 2.124 Reflected.XSS HIGH" "motopress-hotel-booking 4.8.5 Unauthenticated.Arbitrary.File.Download.&.Deletion CRITICAL" "modify-profile-fields-dashboard-menu-buttons 1.04 Reflected.Cross-Site.Scripting MEDIUM" "molongui-authorship 4.7.8 Authenticated.(Author+).Insecure.Direct.Object.Reference MEDIUM" "molongui-authorship 4.7.8 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "molongui-authorship 4.7.5 Information.Exposure.via.ma_debug MEDIUM" "molongui-authorship 4.7.4 Missing.Authorization MEDIUM" "molongui-authorship 4.6.20 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "molongui-authorship 4.6.20 Reflected.XSS HIGH" "mainwp-piwik-extension 4.0.5 CSRF MEDIUM" "mwb-point-of-sale-pos-for-woocommerce 1.0.1 CSRF.Bypass./.Unauthorised.AJAX.Call MEDIUM" "mapplic 6.2.1 SSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "menu-swapper 1.1.1 Cross-Site.Request.Forgery MEDIUM" "menu-swapper 1.1.1 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "mailoptin 1.2.54.1 Admin+.Stored.XSS LOW" "mailoptin 1.2.50.0 Unauthenticated.Campaign.Cache.Deletion MEDIUM" "mailoptin 1.2.35.2 Unauthorised.AJAX.Call MEDIUM" "mj-update-history No.known.fix Missing.Authorization MEDIUM" "mj-update-history No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "media-library-plus 8.2.4 Missing.Authorization.on.Various.Functions MEDIUM" "media-library-plus 8.2.3 Authenticated.(Subscriber+).Second-Order.SQL.Injection CRITICAL" "media-library-plus 8.2.1 Reflected.Cross-Site.Scripting.via.'s' MEDIUM" "media-library-plus 8.1.9 Authenticated.(Author+).Directory.Traversal MEDIUM" "media-library-plus 8.1.8 Authenticated.(Author+).SQL.Injection CRITICAL" "media-library-plus 7.1.2 Plugin.Reset.via.CSRF MEDIUM" "mortgage-loan-calculator 1.5.17 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "mf-gig-calendar No.known.fix Cross-Site.Request.Forgery MEDIUM" "mf-gig-calendar No.known.fix Editor+.Stored.XSS LOW" "mf-gig-calendar No.known.fix Arbitrary.Event.Deletion.via.CSRF MEDIUM" "mf-gig-calendar No.known.fix Authenticated(Contributor+).SQL.Injection HIGH" "mf-gig-calendar 1.2.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "mf-gig-calendar 1.2 Reflected.Cross-Site.Scripting.(XSS) HIGH" "mail-integration-365 1.9.1 Reflected.XSS HIGH" "metorik-helper 1.7.2 Cross-Site.Request.Forgery MEDIUM" "members-list 4.3.7 Reflected.Cross-Site.Scripting MEDIUM" "membership-simplified-for-oap-members-only No.known.fix Unauthenticated.Arbitrary.File.Download CRITICAL" "mjm-clinic 1.1.23 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "mjm-clinic 1.1.23 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "mapsvg 6.2.20 Unauthenticated.SQLi HIGH" "miniorange-2-factor-authentication 5.6.6 Missing.Authorization.to.Plugin.Settings.Change HIGH" "miniorange-2-factor-authentication 5.6.2 Subscriber+.Settings.Update MEDIUM" "miniorange-2-factor-authentication 5.5.75 Reflected.Cross-Site.Scripting MEDIUM" "miniorange-2-factor-authentication 5.5.6 Admin+.Stored.Cross-Site.Scripting LOW" "miniorange-2-factor-authentication 5.5 Unauthenticated.Arbitrary.Options.Deletion CRITICAL" "miniorange-2-factor-authentication 5.4.40 Reflected.Cross-Site.Scripting HIGH" "mail-subscribe-list 2.1.10 Contributor+.Stored.XSS MEDIUM" "mail-subscribe-list 2.1.4 Arbitrary.Subscribed.User.Deletion.via.CSRF MEDIUM" "mail-subscribe-list 2.1 Stored.XSS MEDIUM" "mobile-banner 1.6 CSRF MEDIUM" "mp3-jplayer No.known.fix Multiple.CSRF MEDIUM" "mp3-jplayer 2.5 Full.Path.Disclosure MEDIUM" "miniorange-discord-integration 2.1.6 Subscriber+.App.Disabling MEDIUM" "microsoft-advertising-universal-event-tracking-uet 1.0.4 Admin+.Stored.Cross-Site.Scripting LOW" "microsoft-clarity 0.9.4 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "microsoft-clarity 0.4 Admin+.Stored.Cross-Site.Scripting LOW" "mappress-google-maps-for-wordpress 2.88.17 Contributor+.Stored.XSS.via.Map.Settings MEDIUM" "mappress-google-maps-for-wordpress 2.88.16 Unauthenticated.Arbitrary.Private/Draft.Post.Disclosure MEDIUM" "mappress-google-maps-for-wordpress 2.88.15 Contributor+.Stored.XSS MEDIUM" "mappress-google-maps-for-wordpress 2.88.14 Contributor+.Stored.XSS MEDIUM" "mappress-google-maps-for-wordpress 2.88.5 Contributor+.Stored.XSS MEDIUM" "mappress-google-maps-for-wordpress 2.85.5 Contributor+.SQL.Injection MEDIUM" "mappress-google-maps-for-wordpress 2.73.13 Admin+.File.Upload.to.Remote.Code.Execution MEDIUM" "mappress-google-maps-for-wordpress 2.73.4 Reflected.Cross-Site.scripting MEDIUM" "mappress-google-maps-for-wordpress 2.54.6 Improper.Capability.Checks.in.AJAX.Calls CRITICAL" "mappress-google-maps-for-wordpress 2.53.9 Authenticated.Map.Creation/Deletion.Leading.to.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "mappress-google-maps-for-wordpress 2.53.9 Remote.Code.Execution.(RCE).due.to.Incorrect.Access.Control.in.AJAX.Actions CRITICAL" "mww-disclaimer-buttons 3.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "mobile-friendly-app-builder-by-easytouch No.known.fix Unauthenticated.File.Upload CRITICAL" "mojito-shipping 1.3.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "modify-comment-fields 1.04 Reflected.Cross-Site.Scripting MEDIUM" "mp-restaurant-menu 2.4.2 Admin+.Stored.Cross.Site.Scripting LOW" "mypixs No.known.fix Unauthenticated.Local.File.Inclusion.(LFI) HIGH" "mailpoet 3.23.2 Reflected.Cross-Site.Scripting.Issue HIGH" "modern-events-calendar-lite 7.13.0 Subscriber+.Server.Side.Request.Forgery HIGH" "modern-events-calendar-lite 7.12.0 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "modern-events-calendar-lite 7.1.0 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "modern-events-calendar-lite 6.5.2 Admin+.Stored.XSS LOW" "modern-events-calendar-lite 6.3.0 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "modern-events-calendar-lite 6.5.2 Admin+.Stored.Cross-Site.Scripting LOW" "modern-events-calendar-lite 6.4.7 Reflected.Cross-Site.Scripting MEDIUM" "modern-events-calendar-lite 6.4.0 Contributor+.Stored.Cross.Site.Scripting MEDIUM" "modern-events-calendar-lite 6.2.0 Subscriber+.Category.Add.Leading.to.Stored.XSS MEDIUM" "modern-events-calendar-lite 6.1.5 Reflected.Cross-Site.Scripting HIGH" "modern-events-calendar-lite 6.1.5 Unauthenticated.Blind.SQL.Injection HIGH" "modern-events-calendar-lite 5.22.3 Authenticated.Stored.Cross.Site.Scripting LOW" "modern-events-calendar-lite 5.22.2 Admin+.Stored.Cross-Site.Scripting LOW" "modern-events-calendar-lite 5.16.6 Authenticated.SQL.Injection CRITICAL" "modern-events-calendar-lite 5.16.5 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "modern-events-calendar-lite 5.16.5 Authenticated.Arbitrary.File.Upload.leading.to.RCE CRITICAL" "modern-events-calendar-lite 5.16.5 Unauthenticated.Events.Export MEDIUM" "modern-events-calendar-lite 5.1.7 Multiple.Subscriber+.Stored.XSS MEDIUM" "moceansms-order-sms-notification-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mwp-forms No.known.fix Admin+.SQL.Injection HIGH" "multicons 3.0 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "mainwp-child 4.4.1.2 Sensitive.File.Disclosure MEDIUM" "mainwp-child 4.1.8 Admin+.SQL.Injection MEDIUM" "maz-loader 1.4.1 Arbitrary.Loader.Deletion.via.CSRF MEDIUM" "maz-loader 1.3.3 Contributor+.SQL.Injection HIGH" "mediamatic No.known.fix Cross-Site.Request.Forgery MEDIUM" "mediamatic 2.8.1 Subscriber+.SQL.Injection HIGH" "marketing-optimizer No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mybooktable 3.5.0 Stored.XSS.via.CSRF MEDIUM" "mybooktable 3.3.8 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "mybooktable 3.3.5 API.Key.Update.via.CSRF MEDIUM" "meks-easy-ads-widget 2.0.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "media-net-ads-manager No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "mediabay-lite No.known.fix Missing.Authorization.via.AJAC.actions MEDIUM" "mediabay-lite No.known.fix Editor+.Stored.XSS MEDIUM" "media-list 1.4.0 Contributor+.Stored.XSS MEDIUM" "media-list 1.4.1 Contributor+.Stored.XSS MEDIUM" "media-from-ftp 11.17 Author+.Arbitrary.File.Access CRITICAL" "media-from-ftp 9.85 Authenticated.Directory.Traversal MEDIUM" "most-popular-posts-widget-lite 0.9 Admin+.SQL.injection MEDIUM" "min-and-max-quantity-for-woocommerce 1.1.1 Reflected.Cross-Site.Scripting MEDIUM" "material-design-icons-for-elementor 1.4.3 Contributor+.Stored.XSS MEDIUM" "material-design-icons-for-elementor 1.4.3 Settings.Update.via.CSRF MEDIUM" "moolamojo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "m-wp-popup No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "m-wp-popup 1.3.1 Unauthenticated.Denial.of.Service HIGH" "multilist-subscribe-for-sendy No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "multilist-subscribe-for-sendy No.known.fix Subscriber+.Arbitrary.Options.Update HIGH" "multilist-subscribe-for-sendy No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "multilist-subscribe-for-sendy No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "mainwp-child-reports 2.2.1 Cross-Site.Request.Forgery.to.Arbitrary.Options.Update HIGH" "mainwp-child-reports 2.2 Cross-Site.Request.Forgery MEDIUM" "mainwp-child-reports 2.0.8 Admin+.SQL.Injection MEDIUM" "miniorange-wp-as-saml-idp 1.13.4 Admin+.Stored.Cross-Site.Scripting LOW" "microblog-poster 1.6.2 Authenticated.Blind.SQL.Injection HIGH" "mangboard 1.8.1 Reflected.Cross-Site.Scripting MEDIUM" "mangboard 1.7.8 Admin+.Stored.XSS LOW" "mangboard 1.8.2 Settings.Update.via.CSRF MEDIUM" "mangboard 1.6.9 SQL.Injection HIGH" "maxbuttons 9.8.0 Full.Path.Disclosure MEDIUM" "maxbuttons 9.7.8 Editor+.Stored.XSS LOW" "maxbuttons 9.7.7 Contributor+.Stored.XSS MEDIUM" "maxbuttons 9.7.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "maxbuttons 9.6 Contributor+.Stored.XSS MEDIUM" "maxbuttons 9.3 Arbitrary.Settings.Update.via.CSRF MEDIUM" "maxbuttons 9.3 Admin+.Stored.Cross-Site.Scripting LOW" "maxbuttons 6.19 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "mwp-herd-effect 5.2.7 Effect.Deletion.via.CSRF MEDIUM" "mwp-herd-effect 5.2.4 Effect.Deletion.via.CSRF MEDIUM" "mwp-herd-effect 5.2.3 Admin+.Stored.XSS LOW" "mwp-herd-effect 5.2.2 Reflected.XSS MEDIUM" "mwp-herd-effect 5.2.1 Admin+.LFI MEDIUM" "mainwp-maintenance-extension 4.1.2 Subscriber+.SQL.Injection.(SQLi) HIGH" "mailchimp-for-woocommerce 2.7.2 Admin+.SSRF LOW" "mailchimp-for-woocommerce 2.7.1 Subscriber+.SSRF MEDIUM" "my-calendar 3.4.24 Authenticated.Stored.XSS MEDIUM" "my-calendar 3.4.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "my-calendar 3.4.22 Unauthenticated.SQL.Injection CRITICAL" "my-calendar 3.4.4 Cross-Site.Request.Forgery MEDIUM" "my-calendar 3.3.25 Event/Location.Deletion.via.CSRF MEDIUM" "my-calendar 3.2.18 Subscriber+.Reflected.Cross-Site.Scripting MEDIUM" "my-calendar 3.1.10 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "mendeleyplugin No.known.fix Admin+.Stored.XSS LOW" "masterslider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "masterslider No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "masterslider No.known.fix Authenticated.(Editor+).SQL.Injection HIGH" "media-cleaner 6.7.3 Unauthenticated.Information.Exposure MEDIUM" "meta-tag-manager 3.1 Subscriber+.PHP.Object.Injection HIGH" "meta-tag-manager 2.1 Reflected.Cross-Site.Scripting MEDIUM" "multiple-shipping-address-woocommerce 2.0 Unauthenticated.SQLi HIGH" "mailarchiver 2.11.0 Unauthenticated.Stored.XSS HIGH" "multilevel-referral-plugin-for-woocommerce 2.23 Reflected.Cross-Site.Scripting MEDIUM" "mts-url-shortener No.known.fix Admin+.Stored.XSS LOW" "mts-url-shortener No.known.fix Reflected.XSS HIGH" "month-name-translation-benaceur 2.3.8 Admin+.Stored.XSS LOW" "mighty-addons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "makestories-helper 3.0.4 Authenticated.(Subscriber+).Arbitrary.File.Download.and.Server-Side.Request.Forgery MEDIUM" "makestories-helper 3.0.3 Settings.Update.via.CSRF MEDIUM" "min-and-max-purchase-for-woocommerce No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ml-slider 3.70.1 Contributor+.Stored.Cross-Site.Scripting.via.metaslider.Shortcode MEDIUM" "ml-slider 3.29.1 Reflected.XSS HIGH" "ml-slider 3.27.9 Admin+.Stored.Cross.Site.Scripting LOW" "ml-slider 3.17.2 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "moloni 4.8.0 Reflected.Cross-Site.Scripting MEDIUM" "menu-items-visibility-control No.known.fix Admin+.Arbitrary.PHP.Code.Execution MEDIUM" "miniorange-limit-login-attempts 4.0.72 Admin+.Stored.Cross-Site.Scripting LOW" "miniorange-limit-login-attempts 4.0.50 Unauthenticated.Stored.Cross-Site.Scripting CRITICAL" "maintenance 4.03 Authenticated.Stored.XSS MEDIUM" "media-element-html5-video-and-audio-player No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "miniorange-google-authenticator 1.0.5 CSRF.to.Stored.Cross-Site.Scripting MEDIUM" "miniorange-google-authenticator 1.0.8 Admin+.Stored.Cross-Site.Scripting LOW" "most-and-least-read-posts-widget 2.5.17 Authenticated(Contributor+).SQL.Injection.via.Widget.settings HIGH" "media-hygiene 3.0.2 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Attachment.Deletion MEDIUM" "move-addons 1.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "move-addons 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "move-addons 1.3.0 Missing.Authorization MEDIUM" "move-addons 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "monarch 1.2.7 Privilege.Escalation HIGH" "multiple-pages-generator-by-porthas 3.4.1 Cross-Site.Request.Forgery MEDIUM" "multiple-pages-generator-by-porthas 3.4.1 Missing.Authorization.via.mpg_get_log_by_project_id MEDIUM" "multiple-pages-generator-by-porthas 3.4.1 Authenticated.(Editor+).Remote.Code.Execution HIGH" "multiple-pages-generator-by-porthas 3.0.0 Reflected.Cross-Site.Scripting MEDIUM" "multiple-pages-generator-by-porthas 3.3.20 SQL.Injection MEDIUM" "multiple-pages-generator-by-porthas 3.3.18 SQLi.via.CSRF LOW" "multiple-pages-generator-by-porthas 3.3.18 Admin+.SQLi MEDIUM" "multiple-pages-generator-by-porthas 3.3.10 MPG.<.3.3.10.-.Multiple.CSRF MEDIUM" "myagileprivacy 2.1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.vis.Shortcode MEDIUM" "mapping-multiple-urls-redirect-same-page No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "minimum-purchase-for-woocommerce No.known.fix Contributor+.Stored.XSS MEDIUM" "magic-fields 1.7.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "mautic-integration-for-woocommerce 1.0.3 Arbitrary.Options.Update.via.CSRF HIGH" "mainwp-broken-links-checker-extension No.known.fix Unauthenticated.SQLi CRITICAL" "markdown-on-save-improved 2.5.1 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "media-usage No.known.fix Reflected.Cross-Site.Scripting HIGH" "minify-html-markup 2.1.8 Settings.Update.via.CSRF MEDIUM" "my-waze No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "media-slider 1.4.0 Missing.Authorization MEDIUM" "monetize No.known.fix Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "mailin 3.1.83 Cross-Site.Request.Forgery MEDIUM" "mailin 3.1.78 Reflected.Cross-Site.Scripting MEDIUM" "mailin 3.1.78 Reflected.XSS HIGH" "mailin 3.1.61 Reflected.XSS HIGH" "mailin 3.1.31 Reflected.Cross-Site.Scripting MEDIUM" "mailin 3.1.25 Reflected.XSS HIGH" "miniorange-login-openid 7.6.7 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "miniorange-login-openid 7.6.5 Authentication.Bypass CRITICAL" "miniorange-login-openid 7.6.0 Admin+.Stored.XSS LOW" "miniorange-login-openid 7.5.15 Multiple.CSRF MEDIUM" "miniorange-login-openid 7.6.1 Unauthenticated.Arbitrary.Content.Deletion MEDIUM" "mq-woocommerce-products-price-bulk-edit No.known.fix XSS MEDIUM" "multiplayer-plugin No.known.fix Reflected.Cross-Site.Scripting HIGH" "metform 3.3.0 Unauthenticated.Double-Extension.Arbitrary.File.Upload HIGH" "metform 3.8.9 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "metform 3.8.4 Missing.Authorization.to.Notice.Dismissal MEDIUM" "metform 3.8.6 Contributor+.Stored.XSS MEDIUM" "metform 3.8.4 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "metform 3.8.2 Cross-Site.Request.Forgery MEDIUM" "metform 3.3.2 Authenticated.(Subscriber+).Information.Disclosure.via.'mf_first_name'.shortcode MEDIUM" "metform 3.3.3 Cross-Site.Request.Forgery MEDIUM" "metform 3.3.1 Unauthenticated.CSV.Injection HIGH" "metform 3.3.2 Multiple.Subscriber+.Sensitive.Information.Disclosure.Issues MEDIUM" "metform 3.3.1 Multiple.Contributor+.Stored.XSS.via.Shortcode MEDIUM" "metform 3.3.2 Unauthenticated.Permalink.Structure.Update MEDIUM" "metform 3.2.2 reCaptcha.Bypass MEDIUM" "metform 3.2.0 Unauthenticated.Stored.XSS HIGH" "metform 2.1.4 Unauthenticated.API.keys.and.Secrets.Disclosure HIGH" "mass-email-to-users 1.1.5 Reflected.XSS HIGH" "meks-easy-social-share 1.2.8 Admin+.Stored.Cross-Site.Scripting LOW" "mygallery No.known.fix Unauthenticated.File.Inclusion CRITICAL" "moose-elementor-kit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "miniorange-malware-protection 4.7.3 Unauthenticated.Privilege.Escalation CRITICAL" "miniorange-malware-protection 4.7.3 Admin+.SQLi MEDIUM" "miniorange-malware-protection 4.7.2 IP.Spoofing MEDIUM" "miniorange-malware-protection 4.5.2 Admin+.Stored.Cross-Site.Scripting LOW" "modern-events-calendar 7.13.0 Subscriber+.Server.Side.Request.Forgery HIGH" "modern-events-calendar 7.12.0 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "media-file-renamer 5.7.8 Admin+.Remote.Code.Execution MEDIUM" "media-file-renamer 5.7.0 Sensitive.Information.Exposure.via.Log.File MEDIUM" "media-file-renamer 5.2.7 Auto.&.Manual.Rename.<.5.2.7.-.Media.Title/Filename/Locking.State.Update.via.CSRF MEDIUM" "mini-loops No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "matrix-pre-loader No.known.fix Cross-Site.Request.Forgery MEDIUM" "memberpress 1.11.30 Reflected.Cross-Site.Scripting.via.mepr_screenname.and.mepr_key.Parameters MEDIUM" "memberpress No.known.fix Missing.Authorization MEDIUM" "memberpress 1.11.30 Authenticated.(Contributor+).Blind.Server-Side.Request.Forgery.via.mepr-user-file.Shortcode HIGH" "memberpress 1.11.30 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.arglist.Parameter MEDIUM" "memberpress 1.11.27 Reflected.Cross-Site.Scripting.via.message.and.error MEDIUM" "mobilook 1.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "memberlite-shortcodes 1.3.9 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "multi-rating No.known.fix Unauthenticated.Ratings.Update MEDIUM" "multi-rating No.known.fix Admin+.Stored.XSS LOW" "multi-rating 5.0.6 Reflected.XSS HIGH" "multi-rating 5.0.6 Ratings.Deletion.via.CSRF MEDIUM" "mediaburst-email-to-sms No.known.fix Authenticated(Administrator+).SQL.Injection MEDIUM" "mediaburst-email-to-sms 3.0.0 Cross-Site.Scripting.(XSS) MEDIUM" "menukaart 1.4 Reflected.Cross-Site.Scripting MEDIUM" "maintenance-coming-soon-redirect-animation No.known.fix IP.Spoofing.to.Bypass MEDIUM" "mapplic-lite 1.0.1 SSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "mwp-skype 4.0.4 Button.Deletion.via.CSRF MEDIUM" "mwp-skype 4.0.2 Reflected.XSS MEDIUM" "maintenance-page 1.0.9 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "maintenance-page 1.0.9 Security.Mechanism.Bypass.via.REST.API MEDIUM" "my-instagram-feed 3.1.2 Reflected.Cross-Site.Scripting MEDIUM" "my-instagram-feed 3.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mailcwp 1.110 Unauthenticated.Arbitrary.File.Upload CRITICAL" "mass-pagesposts-creator 2.1.7 Reflected.Cross-Site.Scripting MEDIUM" "mass-pagesposts-creator 2.1.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mass-pagesposts-creator 1.2.5 DoS MEDIUM" "miguras-divi-enhancer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "miguras-divi-enhancer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "miniorange-oauth-20-server 4.0.1 Authentication.Bypass CRITICAL" "my-wpdb 2.5 Arbitrary.SQL.Query.via.CSRF MEDIUM" "mwp-countdown No.known.fix Admin+.SQLi MEDIUM" "meks-flexible-shortcodes 1.3.5 Contributor+.Stored.XSS MEDIUM" "mollie-payments-for-woocommerce 7.8.0 .Unauthenticated.Full.Path.Disclosure MEDIUM" "mollie-payments-for-woocommerce 7.3.12 Authenticated.(Shop.Manager+).Arbitrary.File.Upload HIGH" "melapress-login-security 1.3.1 Authenticated.(Admin+).Remote.File.Inclusion MEDIUM" "mm-email2image No.known.fix Stored.XSS.via.CSRF HIGH" "mm-email2image No.known.fix Contributor+.Stored.XSS MEDIUM" "more-better-reviews-for-woocommerce No.known.fix Missing.Authorization MEDIUM" "more-better-reviews-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "more-better-reviews-for-woocommerce 3.0.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "momo-venmo 4.2 Reflected.Cross-Site.Scripting MEDIUM" "moreads-se 1.4.7 XSS MEDIUM" "mytube No.known.fix Reflected.Cross-Site.Scripting.via.addplaylistid MEDIUM" "maxi-blocks 1.9.3 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "menubar 5.9 Cross-Site.Request.Forgery MEDIUM" "menubar 5.8 Reflected.Cross-Site.Scripting MEDIUM" "mail-control 0.3.0 Reflected.Cross-Site.Scripting MEDIUM" "mail-control 0.3.2 Unauthenticated.Stored.XSS.via.Email.Subject HIGH" "meteor-slides 1.5.7 Contributor+.Stored.XSS MEDIUM" "magazine-blocks 1.3.7 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "media-download No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "media-download 1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "makecommerce 3.5.2 Reflected.Cross-Site.Scripting MEDIUM" "multiple-image-uploads-with-preview-for-wpforms No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "magic-post-voice No.known.fix Reflected.Cross-Site.Scripting HIGH" "manage-shipyaari-shipping No.known.fix Admin+.Stored.XSS LOW" "miniorange-openid-connect-client 2.1.5 Reflected.Cross-Site.Scripting.via.appId HIGH" "music-player-for-elementor 1.5.9.9 Reflected.Cross-Site.Scripting MEDIUM" "music-player-for-elementor 1.5.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mail-masta No.known.fix Multiple.SQL.Injection CRITICAL" "mail-masta No.known.fix Unauthenticated.Local.File.Inclusion.(LFI) HIGH" "multi-step-form 1.7.19 Form.Deletion.via.CSRF MEDIUM" "multi-step-form 1.7.17 Admin+.Stored.XSS LOW" "multi-step-form 1.7.13 Form.Update/Deletion.via.CSRF MEDIUM" "multi-step-form 1.7.8 Admin+.Stored.XSS LOW" "multi-step-form 1.2.6 Cross-Site.Scripting.(XSS) MEDIUM" "multi-step-form 1.2.6 Multiple.Unauthenticated.Reflected.XSS MEDIUM" "movies No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "media-mirror No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "metricool 1.18 Admin+.Stored.XSS LOW" "marketo-forms-and-tracking No.known.fix CSRF.to.XSS HIGH" "member-hero No.known.fix Unauthenticated.RCE CRITICAL" "microcopy No.known.fix Authenticated.SQL.Injection MEDIUM" "myshopkit-popup-smartbar-slidein No.known.fix .Unauthenticated.Sensitive.Information.Exposure MEDIUM" "map-location-picker-at-checkout-for-woocommerce 1.9.0 Missing.Authorization.via.checkout_map_rules_order_ajax_handler MEDIUM" "map-location-picker-at-checkout-for-woocommerce 1.8.5 Reflected.Cross-Site.Scripting MEDIUM" "map-location-picker-at-checkout-for-woocommerce 1.4.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "manage-notification-emails 1.8.6 Missing.Authorization MEDIUM" "manage-notification-emails 1.8.3 Settings.Reset.via.CSRF MEDIUM" "manage-notification-emails 1.8.3 Settings.Reset.via.CSRF MEDIUM" "mobile-events-manager 1.4.8 Admin+.CSV.Injection LOW" "mobile-events-manager 1.4.4 Admin+.Stored.Cross-Site.Scripting LOW" "morpheus-slider No.known.fix Authenticated.SQL.Injection MEDIUM" "mimetic-books No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "m-vslider No.known.fix Authenticated.(admin+).SQL.Injection HIGH" "maintenance-switch No.known.fix Theme.Files.Creation/Deletion.via.CSRF MEDIUM" "maintenance-switch No.known.fix Reflected.XSS HIGH" "magicform No.known.fix Reflected.Cross-Site.Scripting HIGH" "mpoperationlogs No.known.fix Unauthenticated.Stored.XSS HIGH" "media-file-organizer No.known.fix Directory.Traversal MEDIUM" "memberpress-downloads 1.2.6 Subscriber+.Arbitrary.File.Upload CRITICAL" "multiple-post-passwords 1.1.2 Admin+.Stored.XSS LOW" "moveto No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "moveto No.known.fix Unauthenticated.SQL.Injection CRITICAL" "moveto No.known.fix Missing.Authorization.to.Unauthenticated.Options.Update CRITICAL" "moveto No.known.fix Unauthenticated.Directory.Traversal.to.Arbitrary.File.Deletion CRITICAL" "mx-time-zone-clocks 3.4.1 Contributor+.Cross-Site.Scripting MEDIUM" "mobile-menu 2.8.5 Missing.Authorization.to._mobmenu_icon.Post.Meta.Modification MEDIUM" "mobile-menu 2.8.4.4 Cross-Site.Request.Forgery MEDIUM" "mobile-menu 2.8.4.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Alt MEDIUM" "mobile-menu 2.8.4 Reflected.Cross-Site.Scripting MEDIUM" "mobile-menu 2.8.2.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mobile-menu 2.8.2.3 Reflected.Cross-Site.Scripting.(XSS) HIGH" "mobile-menu 2.7.3 Subscriber+.Arbitrary.Option.Update CRITICAL" "meks-easy-instagram-widget 1.2.4 Subscriber+.Settings.Update.to.Stored.XSS MEDIUM" "multisite-post-duplicator 1.1.3 Cross-Site.Request.Forgery.(CSRF) HIGH" "mediavine-control-panel 2.10.5 Contributor+.Stored.XSS MEDIUM" "mdc-youtube-downloader 2.1.1 Local.File.Inclusion HIGH" "mark-posts 2.0.1 Admin+.Stored.Cross-Site.Scripting LOW" "mstore-api 4.15.4 Authenticated.(Subscriber+).Limited.Arbitrary.File.Upload MEDIUM" "mstore-api 4.15.4 Unauthorized.User.Registration HIGH" "mstore-api 4.15.3 Authentication.Bypass.to.Account.Takeover HIGH" "mstore-api 4.15.0 Authentication.Bypass CRITICAL" "mstore-api 4.10.2 Cross-Site.Request.Forgery MEDIUM" "mstore-api 4.0.7 Subscriber+.SQLi HIGH" "mstore-api 3.9.8 Unauthenticated.SQL.Injection HIGH" "mstore-api 4.0.2 Unauthenticated.SQL.Injection CRITICAL" "mstore-api 3.9.7 Subscriber+.Unauthorized.Settings.Update MEDIUM" "mstore-api 4.10.8 Unauthenticated.Privilege.Escalation CRITICAL" "mstore-api 3.9.9 Unauthenticated.Privilege.Escalation CRITICAL" "mstore-api 3.9.8 Unauthenticated.Blind.SQLi HIGH" "mstore-api 3.9.7 Multiple.CSRF MEDIUM" "mstore-api 3.9.3 Authentication.Bypass CRITICAL" "mstore-api 3.9.2 Authentication.Bypass CRITICAL" "mstore-api 3.9.1 Authentication.Bypass CRITICAL" "mstore-api 3.4.5 Unauthenticated.PHP.File.Upload CRITICAL" "mstore-api 3.2.0 Authentication.Bypass.With.Sign.In.With.Apple HIGH" "mstore-api 2.1.6 Unauthenticated.Arbitrary.Account.Creation/Edition HIGH" "map-multi-marker No.known.fix Reflected.Cross-Site.Scripting HIGH" "mystickyelements 2.1.4 Unauthenticated.Unauthorised.Action MEDIUM" "mystickyelements 2.1.2 Admin+.Stored.Cross-Site.Scripting LOW" "mystickyelements 2.0.9 Admin+.SQLi MEDIUM" "mystickyelements 2.0.4 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "msync No.known.fix Authenticated.(Administrator+).SQL.Injection HIGH" "multi-column-tag-map 17.0.27 Cross-Site.Request.Forgery MEDIUM" "multi-column-tag-map 17.0.25 Contributor+.Stored.XSS MEDIUM" "mapifylite-master 4.0.0 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "magic-login-api No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "machic-core No.known.fix Reflected.Cross-Site.Scripting HIGH" "multilanguage 1.2.3 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "media-file-manager No.known.fix Authenticated.Multiple.Vulnerabilities MEDIUM" "mihdan-no-external-links 5.0.2 Admin+.Stored.Cross-Site.Scripting LOW" "mobile-call-now-map-buttons No.known.fix Admin+.Stored.XSS LOW" "marmoset-viewer 1.9.3 Reflected.Cross.Site.Scripting HIGH" "mmt-eventon-exim-lite 1.1.2 Reflected.Cross-Site.Scripting MEDIUM" "my-account-page-editor 1.3.2 Subscriber+.Arbitrary.File.Upload CRITICAL" "menu-icons 0.13.14 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.Upload MEDIUM" "meks-smart-social-widget No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "meks-smart-social-widget 1.6.4 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "my-tickets 1.9.11 Bulk.Emailing.via.CSRF MEDIUM" "my-tickets 1.8.31 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "my-custom-css No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "membership-for-woocommerce 2.1.7 Unauthenticated.Arbitrary.File.Upload CRITICAL" "manage-gravity-forms-stripe-subscriptions 4.1.6 Reflected.Cross-Site.Scripting MEDIUM" "manage-gravity-forms-stripe-subscriptions 4.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mailmunch 3.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mailmunch 3.1.3 Settings.Update.via.CSRF MEDIUM" "mainwp-google-analytics-extension 4.0.5 Subscriber+.SQLi HIGH" "mainwp-google-analytics-extension 4.0.5 Subscriber+.Settings.Update MEDIUM" "member-database No.known.fix Reflected.XSS HIGH" "mailtree-log-mail 1.0.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "materialis-companion 1.3.42 Authenticated.(Contributor+).Store.Cross-Site.Scripting.via.materialis_contact_form.Shortcode MEDIUM" "materialis-companion 1.3.40 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "mimo-woocommerce-order-tracking No.known.fix Missing.Authorization.to.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "multi-feed-reader 2.2.4 SQL.Injection HIGH" "masterstudy-lms-learning-management-system 3.3.24 Privilege.Escalation.to.Instructor MEDIUM" "masterstudy-lms-learning-management-system 3.2.2 Cross-Site.Request.Forgery MEDIUM" "masterstudy-lms-learning-management-system 3.2.13 Missing.Authorization MEDIUM" "masterstudy-lms-learning-management-system 3.3.9 Missing.Authorization MEDIUM" "masterstudy-lms-learning-management-system 3.3.4 Unauthenticated.Local.File.Inclusion.via.template CRITICAL" "masterstudy-lms-learning-management-system 3.3.2 Unauthenticated.Privilege.Escalation HIGH" "masterstudy-lms-learning-management-system 3.3.1 Unauthenticated.Local.File.Inclusion.via.modal CRITICAL" "masterstudy-lms-learning-management-system 3.3.0 Missing.Authorization.to.Sensitive.Information.Exposure.in.search_posts MEDIUM" "masterstudy-lms-learning-management-system 3.2.11 Basic.Information.Exposure.via.REST.route MEDIUM" "masterstudy-lms-learning-management-system 3.2.6 Unauthenticated.SQL.Injection CRITICAL" "masterstudy-lms-learning-management-system 3.0.18 Unauthenticated.Instructor.Account.Creation MEDIUM" "masterstudy-lms-learning-management-system 2.8.0 Reflected.Cross-Site.Scripting MEDIUM" "masterstudy-lms-learning-management-system 3.0.9 Subscriber+.Course.Category.Creation MEDIUM" "masterstudy-lms-learning-management-system 3.0.9 Contributor+.Stored.XSS MEDIUM" "masterstudy-lms-learning-management-system 2.7.6 Unauthenticated.Admin.Account.Creation CRITICAL" "menu-item-scheduler No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "masterstudy-elementor-widgets 1.2.3 Missing.Authorization MEDIUM" "mindbody-access-management 2.0.9 Unauthorised.AJAX.call MEDIUM" "mojoplug-slide-panel No.known.fix Admin+.Stored.XSS LOW" "modern-designs-for-gravity-forms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "modern-designs-for-gravity-forms No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "master-elements No.known.fix Unauthenticated.SQLi CRITICAL" "meta-data-filter 2.2.8 Arbitrary.Settings.Update.via.CSRF MEDIUM" "magical-addons-for-elementor 1.1.42 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "magical-addons-for-elementor 1.1.42 Contributor+.Stored.XSS MEDIUM" "magical-addons-for-elementor 1.1.40 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "magical-addons-for-elementor 1.1.35 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "magical-addons-for-elementor 1.1.38 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Text.Effect.Widget MEDIUM" "master-popups-lite No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "matomo 5.1.1 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "matomo 5.0.1 Reflected.Cross-Site.Scripting.via.idsite MEDIUM" "moceanapi-abandoned-carts No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "magee-shortcodes No.known.fix Contributor+.Stored.XSS.via.shortcode MEDIUM" "magee-shortcodes 2.0.9 Reflected.Cross-Site.Scripting MEDIUM" "mega-addons-for-visual-composer 4.3.0 Contributor+.Stored.XSS MEDIUM" "mega-addons-for-visual-composer No.known.fix Subscriber+.Settings.Update MEDIUM" "mega-addons-for-visual-composer No.known.fix Settings.Update.via.CSRF MEDIUM" "mediaburst-ecommerce-sms-notifications 2.4.2 Cross-Site.Scripting.(XSS) MEDIUM" "miniorange-oauth-oidc-single-sign-on 48.4.9 SSO.(OAuth.Client).Enterprise.<.48.4.9.-.IdP.Deletion.via.CSRF MEDIUM" "miniorange-oauth-oidc-single-sign-on 28.4.9 SSO.(OAuth.Client).Standard.<.28.4.9.-.IdP.Deletion.via.CSRF MEDIUM" "miniorange-oauth-oidc-single-sign-on 38.4.9 SSO.(OAuth.Client).Premium.<.38.4.9.-.IdP.Deletion.via.CSRF MEDIUM" "mapster-wp-maps 1.2.39 Contributor+.Stored.XSS MEDIUM" "mapster-wp-maps 1.2.36 Reflected.Cross-Site.Scripting MEDIUM" "maxgalleria 6.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.maxgallery_thumb.Shortcode MEDIUM" "maxgalleria 6.4.3 Missing.Authorization MEDIUM" "maxgalleria 6.2.7 Author+.Stored.Cross-Site.Scripting MEDIUM" "miniorange-login-with-eve-online-google-facebook 6.23.4 Improper.Authentication HIGH" "miniorange-login-with-eve-online-google-facebook 6.24.2 SSO.(OAuth.Client).Free.<.6.24.2.-.IdP.Deletion.via.CSRF MEDIUM" "miniorange-login-with-eve-online-google-facebook 6.24.2 SSO.(OAuth.Client).<.6.24.2.-.IdP.Discard.via.CSRF MEDIUM" "miniorange-login-with-eve-online-google-facebook 6.22.6 Authentication.Bypass CRITICAL" "miniorange-login-with-eve-online-google-facebook 6.20.3 Reflected.Cross-Site.Scripting.via.appId HIGH" "magic-post-thumbnail 5.2.10 Reflected.Cross-Site.Scripting MEDIUM" "magic-post-thumbnail 5.2.8 Admin+.Stored.XSS LOW" "magic-post-thumbnail 4.1.13 Reflected.Cross-Site.Scripting MEDIUM" "magic-post-thumbnail 4.1.11 Reflected.XSS HIGH" "magic-post-thumbnail 3.3.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "magic-post-thumbnail 3.3.7 Reflected.Cross-Site.Scripting.(XSS) HIGH" "mousewheel-smooth-scroll 5.7 Plugin's.Setting.Update.via.CSRF MEDIUM" "misiek-paypal No.known.fix Stored.XSS.via.CSRF HIGH" "mpl-publisher 1.30.4 Self-publish.your.book.&.ebook.<.1.30.4.-.Admin+.Stored.Cross-Site.Scripting LOW" "mpl-publisher 1.29.2 Reflected.Cross-Site.Scripting.via.PHPRelativePath.Library HIGH" "my-wish-list 1.4.2 Multiple.Parameter.XSS MEDIUM" "moceanapi-sendsms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mihdan-yandex-turbo-feed 1.6.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "meks-smart-author-widget 1.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mailchimp-forms-by-mailmunch 3.2.2 Cross-Site.Request.Forgery MEDIUM" "mailchimp-forms-by-mailmunch 3.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "mailchimp-forms-by-mailmunch 3.1.5 Arbitrary.Actions.via.CSRF MEDIUM" "manager-for-icomoon 2.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "manager-for-icomoon 2.2 Contributor+.Stored.XSS MEDIUM" "mz-mindbody-api 2.8.3 Unauthorised.AJAX.Calls HIGH" "meet-my-team No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "mapfig-studio No.known.fix Stored.XSS.via.CSRF HIGH" "mega-elements-addons-for-elementor 1.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mega-elements-addons-for-elementor 1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Widget MEDIUM" "mega-elements-addons-for-elementor 1.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mailrelay 2.1.2 Arbitrary.Settings.Update.via.CSRF MEDIUM" "menu-manager-ultra 1.0.8 Reflected.Cross-Site.Scripting MEDIUM" "motopress-slider-lite No.known.fix Reflected.Cross-Site.Scripting HIGH" "motopress-slider-lite No.known.fix Subscriber+.Stored.Cross-Site.Scripting CRITICAL" "mainwp-code-snippets-extension 4.0.3 Subscriber+.Stored.XSS HIGH" "mainwp-code-snippets-extension 4.0.3 Subscriber+.Settings.Update MEDIUM" "mainwp-code-snippets-extension 4.0.3 Subscriber+.PHP.Objection.Injection HIGH" "mailchimp-for-wp 4.9.10 Unauthenticated.Unpublished.Form.Preview MEDIUM" "mailchimp-for-wp 4.8.7 Admin+.Stored.Cross-Site.Scripting LOW" "mailchimp-for-wp 4.8.7 Admin+.Stored.Cross-Site.Scripting LOW" "mailchimp-for-wp 4.8.5 Unauthorised.Actions.via.CSRF MEDIUM" "mailchimp-for-wp 4.8.5 Authenticated.Arbitrary.Redirect MEDIUM" "mailchimp-for-wp 4.1.7 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "mailchimp-for-wp 4.1.8 XSS MEDIUM" "manual-image-crop 1.11 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "mailchimp-subscribe-sm No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "mailchimp-subscribe-sm 4.0.9.2 Admin+.Stored.XSS LOW" "multisafepay 4.16.0 Unauthenticated.Arbitrary.File.Access HIGH" "muslim-prayer-time-bd No.known.fix Settings.Reset.via.CSRF MEDIUM" "martins-link-network 1.2.30 Reflected.XSS HIGH" "mhr-post-ticker 1.2 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "mp3-music-player-by-sonaar 5.7.1 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Deletion CRITICAL" "mp3-music-player-by-sonaar 5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sonaar_audioplayer.Shortcode MEDIUM" "mp3-music-player-by-sonaar 5.0 Unauthenticated.Arbitrary.File.Download MEDIUM" "mp3-music-player-by-sonaar 5.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mp3-music-player-by-sonaar 5.1.1 Missing.Authorization MEDIUM" "mp3-music-player-by-sonaar 4.10.1 Missing.Authorization.to.Template.Import MEDIUM" "mp3-music-player-by-sonaar 2.4.2 Multiple.Admin+.Cross.Site.Scripting LOW" "marker-io 1.1.9 Cross-Site.Request.Forgery MEDIUM" "marker-io 1.1.7 Cross-Site.Request.Forgery MEDIUM" "mobile-app-editor 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "mobile-app-editor 1.1.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mw-wp-form 5.1.0 Editor+.Stored.XSS MEDIUM" "mw-wp-form 5.0.4 Improper.Limitation.of.File.Name.to.Unauthenticated.Arbitrary.File.Deletion HIGH" "mw-wp-form 5.0.2 Unauthenticated.Arbitrary.File.Upload HIGH" "mw-wp-form 5.0.0 Missing.Authorization MEDIUM" "mw-wp-form 4.4.3 Unauthenticated.Path.Traversal MEDIUM" "media-library-assistant 3.19 Authenticated.(Author+).Arbitrary.File.Upload.via.mla-inline-edit-upload-scripts.AJAX.Action HIGH" "media-library-assistant 3.18 Reflected.Cross-Site.Scripting MEDIUM" "media-library-assistant 3.17 Authenticated.(Contributor+).SQL.Injection.via.order.Parameter HIGH" "media-library-assistant 3.16 Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "media-library-assistant 3.16 Reflected.Cross-Site.Scripting HIGH" "media-library-assistant 3.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.mla_gallery.Shortcode MEDIUM" "media-library-assistant 3.14 Authenticated.(Contributor+).SQL.Injection.via.Shortcode MEDIUM" "media-library-assistant 3.12 Author+.Stored.XSS MEDIUM" "media-library-assistant 3.11 Contributor+.Stored.XSS MEDIUM" "media-library-assistant 3.10 Unauthenticated.Local/Remote.File.Inclusion.&.Remote.Code.Execution HIGH" "media-library-assistant 3.08 Reflected.Cross-Site.Scripting MEDIUM" "media-library-assistant 3.06 Admin+.SQLi MEDIUM" "media-library-assistant 3.01 Unauthenticated.Error.Log.Access LOW" "media-library-assistant 2.90 Authenticated.Blind.SQL.Injection MEDIUM" "media-library-assistant 2.82 Authenticated.RCE CRITICAL" "media-library-assistant 2.82 Unauthenticated.Limited.Local.File.Inclusion HIGH" "media-library-assistant 2.82 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "media-library-assistant 2.7.4 Cross-Site.Scripting.(XSS) MEDIUM" "my-wp-health-check No.known.fix Cross-Site.Request.Forgery MEDIUM" "mooberry-book-manager 4.15.13 Unauthenticated.Information.Exposure.via.Export.Files MEDIUM" "mailchimp-wp 2.5.5 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "media-library-helper 1.3.0 Cross-Site.Request.Forgery MEDIUM" "multimedial-images No.known.fix Admin+.SQLi MEDIUM" "mapwiz No.known.fix Admin+.SQLi MEDIUM" "master-addons 2.0.6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.data-jltma-wrapper-link.Element MEDIUM" "master-addons 2.0.6.3 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "master-addons 2.0.6.2 Missing.Authorization.to.Unauthenticated.Stored.Cross-Site.Scripting.via.Navigation.Menu.Widget HIGH" "master-addons 2.0.6.2 Missing.Authorization.to.MA.Template.Creation.or.Modification MEDIUM" "master-addons 2.0.5.6 Missing.Authorization.via.get_jltma_save_menuitem_settings() MEDIUM" "master-addons 2.0.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "master-addons 2.0.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "master-addons 2.0.6.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "master-addons 2.0.5.6 Missing.Authorization.on.Duplicate.Post MEDIUM" "master-addons 2.0.5.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Pricing.Table.Widget MEDIUM" "master-addons 2.0.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "master-addons 2.0.4 Contributor+.Stored.XSS MEDIUM" "master-addons 2.0.3 Reflected.Cross-Site.Scripting MEDIUM" "master-addons 1.8.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "master-addons 1.8.2 Reflected.Cross-Site.Scripting MEDIUM" "media-alt-renamer No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via._wp_attachment_image_alt.postmeta MEDIUM" "modal-dialog 3.5.15 Reflected.XSS HIGH" "modal-dialog 3.5.10 Admin+.Stored.XSS LOW" "mashsharer 3.8.7 Contributor+.Stored.XSS MEDIUM" "mashsharer 3.8.5 Admin+.Stored.Cross-Site.Scripting LOW" "market-exporter 2.0.20 Missing.Authorization.to.Arbitrary.File.Deletion HIGH" "market-exporter 2.0.19 Reflected.Cross-Site.Scripting MEDIUM" "market-exporter 2.0.14 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "my-favorites No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "max-addons-pro-bricks 1.6.2 Missing.Authorization MEDIUM" "max-addons-pro-bricks 1.6.2 Reflected.Cross-Site.Scripting MEDIUM" "message-ticker 9.3 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "meks-video-importer 1.0.13 Missing.Authorization.to.Authenticated.(Subscriber+).API.Keys.Modification MEDIUM" "meks-video-importer No.known.fix Missing.Authorization MEDIUM" "megamenu 3.3.1 Missing.Authorization MEDIUM" "megamenu 2.4 Authenticated.XSS MEDIUM" "mailpress No.known.fix Arbitrary.Settings.Update.&.Log.Files.Purge.via.CSRF MEDIUM" "mihdan-index-now 2.6.4 Cross-Site.Request.Forgery.via.reset_form HIGH" "media-tags No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "misiek-photo-album No.known.fix Stored.XSS.via.CSRF HIGH" "misiek-photo-album No.known.fix Album.Deletion.via.CSRF MEDIUM" "multisite-robotstxt-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "multisite-robotstxt-manager No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "modal-window 6.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "modal-window 5.3.10 Modal.Deletion.via.CSRF MEDIUM" "modal-window 5.3.9 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "modal-window 5.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "modal-window 5.2.2 RFI.leading.to.RCE.via.CSRF HIGH" "mshop-mysite 1.1.8 Subscriber+.Settings.Update MEDIUM" "mapifylite 4.0.0 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "multi-scheduler No.known.fix Arbitrary.Record.Deletion.via.CSRF HIGH" "mobile-login-woocommerce 2.3 Unauthenticated.Privilege.Escalation HIGH" "membership-by-supsystic No.known.fix Authenticated.SQL.Injection CRITICAL" "mediavine-create 1.9.9 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "mediavine-create 1.9.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mediavine-create 1.9.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Schema.Meta.Shortcode MEDIUM" "mediavine-create 1.9.5 Unauthenticated.SQLi HIGH" "music-request-manager No.known.fix Unauthenticated.Stored.XSS MEDIUM" "music-request-manager No.known.fix Stored.XSS.via.CSRF HIGH" "music-request-manager No.known.fix Reflected.XSS MEDIUM" "motors-car-dealership-classified-listings 1.4.11 Missing.Authorization MEDIUM" "motors-car-dealership-classified-listings 1.4.7 Unauthenticated.SSRF MEDIUM" "motors-car-dealership-classified-listings 1.4.7 Reflected.XSS HIGH" "motors-car-dealership-classified-listings 1.4.5 CSRF MEDIUM" "motors-car-dealership-classified-listings 1.4.4 Car.Dealer,.Classifieds.&.Listing.<.1.4.4.-.Arbitrary.File.Upload CRITICAL" "motors-car-dealership-classified-listings 1.4.1 Multiple.Issues MEDIUM" "mailster 4.0.10 Reflected.Cross-Site.Scripting MEDIUM" "mailster 4.0.7 Unauthenticated.Local.File.Inclusion CRITICAL" "mailster 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "mailster 2.4.9 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "modula-best-grid-gallery 2.7.5 Incomplete.Authorization.via.'save_image'.and.'save_images' LOW" "modula-best-grid-gallery 2.6.91 Unauthenticated.Troubleshooting.Settings.Update MEDIUM" "modula-best-grid-gallery 2.6.7 Reflected.Cross-Site.Scripting MEDIUM" "modula-best-grid-gallery 2.2.5 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "mobile-browser-color-select No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "mycss No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "migrate-users No.known.fix CSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "mastercurrency-wp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Currency.Converter.Form.Shortcode MEDIUM" "motopress-hotel-booking-lite 4.11.2 Unauthenticated.PHP.Object.Injection CRITICAL" "motopress-hotel-booking-lite 4.8.5 Unauthenticated.Arbitrary.File.Download.&.Deletion CRITICAL" "motopress-hotel-booking-lite 4.7.0 Settings.Update.via.CSRF MEDIUM" "missing-widgets-for-elementor 1.3.5 Reflected.Cross-Site.Scripting MEDIUM" "missing-widgets-for-elementor 1.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mainwp 5.0 Cross-Site.Request.Forgery.via.posting_bulk MEDIUM" "mainwp 4.4.3.4 Authenticated.(Administrator+).SQL.Injection HIGH" "mainwp 4.5.1.3 Authenticated(Administrator+).CSS.Injection LOW" "modern-addons-elementor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "modern-addons-elementor 1.2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mail-boxes-etc 2.2.1 Cross-Site.Request.Forgery MEDIUM" "mail-boxes-etc 2.2.1 Information.Exposure MEDIUM" "mail-boxes-etc No.known.fix Reflected.Cross-Site.Scripting HIGH" "motor-racing-league No.known.fix Admin+.XSS LOW" "multifox-plus 1.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mobile-pages No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mobile-pages 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mp-timetable 2.4.14 Admin+.PHP.Object.Injection MEDIUM" "mp-timetable 2.4.12 Authenticated.(Contributor+).SQL.Injection CRITICAL" "mp-timetable 2.4.2 Unauthorised.Event.TimeSlot.Update MEDIUM" "mp-timetable 2.3.19 Author+.Stored.Cross-Site.Scripting MEDIUM" "mp-timetable 2.4.2 Unauthorised.Event.TimeSlot.Deletion MEDIUM" "mp-timetable 2.4.0 Arbitrary.User's.Hashed.Password/Email/Username.Disclosure MEDIUM" "modern-footnotes 1.4.17 Contributor+.Stored.XSS MEDIUM" "modern-footnotes 1.4.16 Admin+.Stored.XSS LOW" "material-design-for-contact-form-7 No.known.fix Subscriber+.Arbitrary.Settings.Update.leading.to.DoS MEDIUM" "material-design-for-contact-form-7 No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ms-reviews No.known.fix Subscriber+.Stored.XSS HIGH" "membermouse 2.2.9 Blind.SQL.Injection CRITICAL" "miguras-divi-maker No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mtouch-quiz No.known.fix Admin+.Stored.Cross.Site.Scripting LOW" "mtouch-quiz 3.1.3 Multiple.Vulnerabilities.XSS.&.CSRF MEDIUM" "mime-types-extended No.known.fix Author+.Stored.XSS.via.SVG.Upload MEDIUM" "multipurpose-block 1.7.6 Reflected.Cross-Site.Scripting MEDIUM" "multipurpose-block 1.7.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mollie-forms 2.6.14 Cross-Site.Request.Forgery.to.Arbitrary.Post.Duplication MEDIUM" "mollie-forms 2.6.4 Missing.Authorization.to.Arbitrary.Post.Duplication MEDIUM" "mollie-forms 2.6.4 Missing.Authorization MEDIUM" "medibazar-core No.known.fix Reflected.Cross-Site.Scripting HIGH" "moova-for-woocommerce 3.8 Reflected.Cross-Site.Scripting HIGH" "master-slider No.known.fix CSRF.to.slider.deletion MEDIUM" "master-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "master-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.ms_layer.Shortcode MEDIUM" "master-slider 3.9.10 Responsive.Touch.Slider.<.3.9.10.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "master-slider 3.9.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "master-slider 3.9.7 Unauthenticated.PHP.Object.Injection CRITICAL" "master-slider 3.9.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "master-slider No.known.fix Editor+.Stored.XSS.via.slider.callback MEDIUM" "master-slider No.known.fix Sliders.Deletion.via.CSRF MEDIUM" "master-slider No.known.fix Contributor+.Stored.XSS MEDIUM" "master-slider 3.7.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "master-slider 2.8.0 Reflected.Cross-Site.Scripting.(XSS) HIGH" "master-slider 2.5.2 Authenticated.Blind.SQL.Injection CRITICAL" "nextgen-gallery-geo 2.0.3 Unauthenticated.PHP.Object.Injection MEDIUM" "newsletter 8.3.5 Unauthenticated.Stored.Cross-Site.Scripting.via.np1 MEDIUM" "newsletter 8.2.1 IP.Spoofing MEDIUM" "newsletter 7.9.0 Contributor+.Stored.XSS MEDIUM" "newsletter 7.6.9 Reflected.XSS HIGH" "newsletter 7.4.6 Admin+.Stored.Cross-Site.Scripting LOW" "newsletter 7.4.5 Reflected.Cross-Site.Scripting LOW" "newsletter 6.8.2 Authenticated.PHP.Object.Injection MEDIUM" "newsletter 6.8.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "newsletter 6.7.7 Authenticated.Stored.Cross-Site.Scripting LOW" "newsletter 6.5.4 CSV.Injection LOW" "newsletter 3.8.3 Open.Redirect LOW" "newsletter 3.2.7 Cross-Site.Scripting.(XSS) MEDIUM" "newsletter 3.0.9 SQL.Injection MEDIUM" "no-future-posts No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "newsletter-api 2.4.6 API.v1.and.v2.addon.for.Newsletter.<.2.4.6.-.Missing.Authorization.to.Email.Subscribers.Management MEDIUM" "ntzantispam No.known.fix Settings.Update.via.CSRF HIGH" "newspack-ads 1.47.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nugget-by-ingot No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "nugget-by-ingot No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "new-user-email-set-up No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "newsletter-by-supsystic No.known.fix Authenticated.SQL.Injection CRITICAL" "newsletter-by-supsystic 1.1.8 Authenticated.Stored.XSS.&.CSRF HIGH" "notices No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "next-order-coupon-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "next-order-coupon-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "next-order-coupon-woocommerce No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "nudgify 1.3.4 Cross-Site.Request.Forgery.via.sync_orders_manually() MEDIUM" "newstatpress 1.3.6 Reflected.Cross-Site.Scripting MEDIUM" "newstatpress 1.2.5 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "newstatpress 1.0.6 SQL.Injection CRITICAL" "newstatpress 1.0.6 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "newstatpress 1.0.4 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "newstatpress 1.0.1 SQL.Injection CRITICAL" "ninja-forms 3.8.12 Administrator+.Stored.Cross-Site.Scripting MEDIUM" "ninja-forms 3.8.11 Reflected.XSS HIGH" "ninja-forms 3.8.7 Cross-Site.Request.Forgery MEDIUM" "ninja-forms 3.8.5 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "ninja-forms 3.8.1 Admin+.Stored.Cross-Site.Scripting MEDIUM" "ninja-forms 3.8.1 Author+.Stored.XSS LOW" "ninja-forms 3.8.1 Publicly.Accessible.Form.Submission.Export.via.CSRF MEDIUM" "ninja-forms 3.7.2 Unauthenticated.Second.Order.SQL.Injection MEDIUM" "ninja-forms 3.6.34 Admin+.Stored.XSS NONE" "ninja-forms 3.6.26 Admin+.Stored.HTML.Injection NONE" "ninja-forms 3.6.26 Reflected.Cross-Site.Scripting HIGH" "ninja-forms 3.6.26 Contributor+.Form.Entries.Export MEDIUM" "ninja-forms 3.6.26 Subscriber+.Form.Entries.Export MEDIUM" "ninja-forms 3.6.25 Admin+.Arbitrary.File.Deletion LOW" "ninja-forms 3.6.22 Reflected.XSS HIGH" "ninja-forms 3.6.13 Admin+.PHP.Objection.Injection MEDIUM" "ninja-forms 3.6.11 Unauthenticated.PHP.Object.Injection CRITICAL" "ninja-forms 3.6.10 Admin+.Stored.Cross-Site.Scripting LOW" "ninja-forms 3.6.10 Admin+.Stored.Cross-Site.Scripting.via.Import LOW" "ninja-forms 3.6.8-wp Unauthenticated.Email.Address.Disclosure MEDIUM" "ninja-forms 3.6.4 Admin+.SQL.Injection MEDIUM" "ninja-forms 3.5.8.2 Admin+.Stored.Cross-Site.Scripting LOW" "ninja-forms 3.5.8 Unprotected.REST-API.to.Email.Injection MEDIUM" "ninja-forms 3.5.8 Unprotected.REST-API.to.Sensitive.Information.Disclosure MEDIUM" "ninja-forms 3.5.5 Reflected.Cross-Site.Scripting MEDIUM" "ninja-forms 3.4.34 CSRF.to.OAuth.Service.Disconnection MEDIUM" "ninja-forms 3.4.34 Authenticated.SendWP.Plugin.Installation.and.Client.Secret.Key.Disclosure CRITICAL" "ninja-forms 3.4.34 Administrator.Open.Redirect MEDIUM" "ninja-forms 3.4.34.1 Authenticated.OAuth.Connection.Key.Disclosure HIGH" "ninja-forms 3.4.27.1 Validation.Bypass.via.Email.Field MEDIUM" "ninja-forms 3.4.27.1 CSRF.leading.to.Arbitrary.Plugin.Installation HIGH" "ninja-forms 3.4.28 Stored.Cross-Site.Scripting MEDIUM" "ninja-forms 3.4.24.2 CSRF.to.Stored.XSS HIGH" "ninja-forms 3.4.23 CSRF.to.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "ninja-forms 3.3.21.3 XSS.and.SQLi CRITICAL" "ninja-forms 3.3.21.2 SQL.Injection MEDIUM" "ninja-forms 3.3.19.1 Authenticated.Open.Redirect MEDIUM" "ninja-forms 3.3.18 Unauthenticated.Cross-Site.Scripting.(XSS) HIGH" "ninja-forms 3.3.14 Cross-Site.Scripting.(XSS).in.Import.Function CRITICAL" "ninja-forms 3.3.14 CSV.Injection HIGH" "ninja-forms 3.3.9 Insufficient.Restrictions.during.Export.Personal.Data.requests MEDIUM" "ninja-forms 3.2.15 Parameter.Tampering MEDIUM" "ninja-forms 3.2.14 Cross-Site.Scripting.(XSS) CRITICAL" "ninja-gdpr-compliance 2.7.1 Missing.Authorization.to.Settings.Update.and.Stored.Cross-Site.Scripting MEDIUM" "ninja-gdpr-compliance 2.4 Unauthenticated.PHP.Object.Injection HIGH" "network-summary No.known.fix Unauthenticated.SQL.Injection CRITICAL" "nextend-facebook-connect 3.1.13 Reflected.Self-Based.Cross-Site.Scripting.via.error_description MEDIUM" "no-update-nag No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "nelio-ab-testing 4.6.4 CSRF HIGH" "nelio-ab-testing 4.5.11 SSRF CRITICAL" "nelio-ab-testing 4.5.9 Server.Side.Request.Forgery.(SSRF) CRITICAL" "nelio-ab-testing 4.5.0 Path.Traversal MEDIUM" "newspack-popups 2.31.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nexter-extension 2.0.4 Reflected.XSS HIGH" "nexter-extension 2.0.4 Authenticated(Editor+).Remote.Code.Execution.via.metabox HIGH" "nex-forms-express-wp-form-builder 8.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nex-forms-express-wp-form-builder 8.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "nex-forms-express-wp-form-builder 8.5.7 Missing.Authorization.via.set_read() MEDIUM" "nex-forms-express-wp-form-builder 8.5.7 Missing.Authorization.via.set_starred() MEDIUM" "nex-forms-express-wp-form-builder 8.5.7 Missing.Authorization.via.restore_records() MEDIUM" "nex-forms-express-wp-form-builder 8.5.5 Cross-Site.Request.Forgery MEDIUM" "nex-forms-express-wp-form-builder 8.5.6 Authenticated.(Admin+).SQL.Injection MEDIUM" "nex-forms-express-wp-form-builder 8.4.4 Authenticated.Stored.XSS LOW" "nex-forms-express-wp-form-builder 8.4 Admin+.SQL.Injection MEDIUM" "nex-forms-express-wp-form-builder 8.3.3 Contributor+.Stored.XSS MEDIUM" "nex-forms-express-wp-form-builder 7.9.7 Authenticated.SQLi MEDIUM" "nex-forms-express-wp-form-builder 8.4.3 Stored.Cross-Site.Scripting.via.CSRF HIGH" "nex-forms-express-wp-form-builder 7.8 Subscriber+.Unauthorised.AJAX.Calls MEDIUM" "nex-forms-express-wp-form-builder 4.6.1 Unauthenticated.Blind.SQL.Injection CRITICAL" "notifier 2.6.1 Admin+.Stored.XSS LOW" "ns-woocommerce-watermark No.known.fix Abuse.of.Functionality MEDIUM" "ninjafirewall 4.3.4 Authenticated.(admin+).PHAR.Deserialization LOW" "notificationx 2.8.3 Unauthenticated.SQL.Injection CRITICAL" "notificationx 2.3.12 Unauthenticated.SQLi HIGH" "notificationx 2.3.9 Unauthenticated.Blind.SQL.Injection HIGH" "notificationx 1.8.3 Cross-Site.Request.Forgery MEDIUM" "notificationx 1.8.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "new-photo-gallery 1.4.3 Contributor+.PHP.Object.Injection.via.Shortcode MEDIUM" "netforum-directory-with-importer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "netforum-directory-with-importer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "nimble-portfolio No.known.fix Unauthenticated.Server-Side.Request.Forgery CRITICAL" "new-album-gallery 1.5.8 Missing.Authorization MEDIUM" "new-album-gallery 1.5.0 Cross-Site.Request.Forgery MEDIUM" "note-press No.known.fix Admin+.SQLi.via.id MEDIUM" "note-press No.known.fix Admin+.SQLi.via.Bulk.Actions MEDIUM" "note-press No.known.fix Admin+.SQLi.via.Update MEDIUM" "note-press 0.1.2 SQL.Injection CRITICAL" "number-chat No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "number-chat No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "new-order-notification-for-woocommerce No.known.fix Missing.Authorization MEDIUM" "noo-timetable No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "noo-timetable No.known.fix Cross-Site.Request.Forgery MEDIUM" "neshan-maps No.known.fix Admin+.SQLi MEDIUM" "nofollow No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "news-announcement-scroll 9.1.0 .Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "news-announcement-scroll 9.0.0 Admin+.Stored.XSS LOW" "nd-booking No.known.fix Contributor+.Stored.XSS MEDIUM" "nd-booking 2.5 Unauthenticated.Options.Change MEDIUM" "nooz 1.7.0 Admin+.Stored.XSS LOW" "newsletter-popup No.known.fix Subscriber.Deletion.via.CSRF MEDIUM" "newsletter-popup No.known.fix List.Deletion.via.CSRF MEDIUM" "newsletter-popup No.known.fix Unauthenticated.Stored.XSS HIGH" "newsletter-popup No.known.fix Admin+.Stored.XSS LOW" "newsletter-popup No.known.fix Record.Deletion.via.CSRF MEDIUM" "newsletter-popup No.known.fix Unauthenticated.Stored.XSS HIGH" "newsplugin 1.1.0 CSRF.to.Stored.Cross-Site.Scripting HIGH" "new-order-popup No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "nextgen-gallery-sell-photo No.known.fix Authenticated.Stored.Cross-Site.Scripting LOW" "nextcellent-gallery-nextgen-legacy No.known.fix Admin+.Stored.XSS LOW" "nextend-smart-slider3-pro 3.5.0.9 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "nmedia-user-file-uploader 22.8 Sensitive.Information.Exposure.via.user.uploads MEDIUM" "nmedia-user-file-uploader 22.7 Editor+.Arbitrary.File.Download HIGH" "nmedia-user-file-uploader 21.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "nmedia-user-file-uploader 21.4 File.Upload.via.CSRF MEDIUM" "nmedia-user-file-uploader 21.3 Unauthenticated.File.Renaming CRITICAL" "nmedia-user-file-uploader 21.3 Subscriber+.Arbitrary.File.Upload CRITICAL" "nmedia-user-file-uploader 18.3 Privilege.Escalation MEDIUM" "nmedia-user-file-uploader 18.3 Authenticated.Arbitrary.Settings.Change.to.Arbitrary.File.Upload CRITICAL" "nmedia-user-file-uploader 18.3 Unauthenticated.Post.Meta.Change.to.Arbitrary.File.Download HIGH" "nmedia-user-file-uploader 18.3 Unauthenticated.Content.Injection.and.Stored.XSS HIGH" "nmedia-user-file-uploader 18.3 Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "nmedia-user-file-uploader 18.3 Unauthenticated.HTML.Injection MEDIUM" "nd-projects No.known.fix Contributor+.Stored.XSS MEDIUM" "nd-projects No.known.fix Contributor+.Stored.XSS MEDIUM" "nd-projects 1.6 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "nd-projects No.known.fix Authenticated.Local.File.Inclusion MEDIUM" "ninja-forms-uploads 3.3.18 Unauthenticated.Stored.Cross-Site.Scripting.via.File.Upload HIGH" "ninja-forms-uploads 3.3.13 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "ninja-forms-uploads 3.3.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "ninja-forms-uploads 3.0.23 Unauthenticated.Arbitrary.File.Upload HIGH" "no-api-amazon-affiliate 4.4.0 Admin+.Stored.XSS LOW" "nuajik-cdn No.known.fix Admin+.Stored.XSS LOW" "news-element 1.0.6 Unauthenticated.LFI HIGH" "n5-uploadform No.known.fix Unauthenticated.Arbitrary.File.Upload.to.RCE CRITICAL" "newsletter2go No.known.fix Authenticated(Subscriber+).Stored.Cross-Site.Scripting.via.style MEDIUM" "nofollow-jquery-links 1.5.2 Reflected.Cross-Site.Scripting MEDIUM" "nofollow-jquery-links 1.4.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ni-woocommerce-custom-order-status 1.9.7 Subscriber+.SQL.Injection HIGH" "next-page No.known.fix Admin+.Stored.XSS LOW" "ninja-beaver-lite-addons-for-beaver-builder No.known.fix .Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Widgets MEDIUM" "nd-learning 5.0 Admin+.Stored.Cross-Site.Scripting LOW" "nd-learning 4.8 Unauthenticated.Options.Change MEDIUM" "nlinks No.known.fix Authenticated.SQL.Injection HIGH" "ninjalibs-ses No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "nitek-carousel-cool-transitions No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "nitek-carousel-cool-transitions No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "nitek-carousel-cool-transitions No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "nitropack 1.16.8 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "nitropack 1.10.3 Multiple.CSRF MEDIUM" "nitropack 1.10.0 Missing.Authorization.via.multiple.AJAX.functions MEDIUM" "ninja-tables 5.0.13 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "ninja-tables 5.0.10 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "ninja-tables 5.0.7 Contributor+.Table.Data.Access LOW" "ninja-tables 4.3.5 Admin+.Stored.XSS LOW" "ninja-tables 4.1.8 Admin+.Stored.Cross-Site.Cross-Site.Scripting LOW" "newspack-newsletters 2.13.3 Missing.Authorization MEDIUM" "newspack-newsletters 2.13.3 Cross-Site.Request.Forgery MEDIUM" "no-bot-registration 2.0 Cross-Site.Request.Forgery MEDIUM" "nd-donations No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "nd-donations No.known.fix Unauthenticated.SQLi HIGH" "nd-donations 1.4 Unauthenticated.Options.Change MEDIUM" "nowpayments-for-woocommerce 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "navigation-menu-as-dropdown-widget 1.3.5 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "night-mode 1.4.0 Admin+.Stored.Cross-Site.Scripting LOW" "notice-bar 3.1.1 Contributor+.Stored.XSS MEDIUM" "newsletter-image-generator No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "namaste-lms 2.6.1.2 Reflected.Cross-Site.Scripting MEDIUM" "namaste-lms 2.6 Admin+.Stored.XSS LOW" "namaste-lms 2.5.9.4 Admin+.Stored.XSS LOW" "namaste-lms 2.5.9.2 Admin+.Stored.XSS LOW" "nirweb-support 2.8.2 Unauthenticated.SQLi HIGH" "new-contact-form-widget 1.4.0 Sensitive.Information.Exposure MEDIUM" "nova-poshta-ttn 1.7.49 Reflected.Cross-Site.Scripting MEDIUM" "newsletter-optin-box 3.4.3 Missing.Authorization.to.Unauthenticated.Form.Submission MEDIUM" "newsletter-optin-box 1.6.5 Open.Redirect MEDIUM" "nextgen-gallery 3.59.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "nextgen-gallery 3.59.3 Admin+.Stored.XSS LOW" "nextgen-gallery 3.59.1 Admin+.Stored.XSS LOW" "nextgen-gallery 3.59.1 Missing.Authorization.to.Unauthenticated.Information.Disclosure MEDIUM" "nextgen-gallery 3.39 Admin+.PHAR.Deserialization HIGH" "nextgen-gallery 3.39 Admin+.Local.File.Inclusion MEDIUM" "nextgen-gallery 3.39 Admin+.Arbitrary.File.Read.and.Delete MEDIUM" "nextgen-gallery 3.3.10 Reflected.Cross-Site.Scripting MEDIUM" "nextgen-gallery 3.29 Thumbnail.Deletion.via.CSRF MEDIUM" "nextgen-gallery 3.5.0 CSRF.allows.File.Upload HIGH" "nextgen-gallery 3.5.0 CSRF.allows.File.Upload,.Stored.XSS,.and.RCE CRITICAL" "nextgen-gallery 3.2.11 SQL.Injection CRITICAL" "nextgen-gallery 3.1.7 Subscriber+.Arbitrary.Option.Update CRITICAL" "nextgen-gallery 3.1.6 Authenticated.PHP.Object.Injection HIGH" "nextgen-gallery 2.2.50 Galley.Paths.Not.Secured HIGH" "nextgen-gallery 2.2.45 Cross-Site.Scripting.(XSS) MEDIUM" "nextgen-gallery 2.1.79 Unauthenticated.SQL.Injection HIGH" "nextgen-gallery 2.1.57 Authenticated.Local.File.Inclusion.(LFI).&.SQLi CRITICAL" "nextgen-gallery 2.1.15 Unrestricted.File.Upload HIGH" "nextgen-gallery 2.1.10 Multiple.XSS MEDIUM" "nextgen-gallery 2.1.9 Authenticated.Path.Traversal MEDIUM" "nextgen-gallery 2.1.15 Path.Traversal MEDIUM" "nextgen-gallery 2.0.77.3 CSRF.&.Arbitrary.File.Upload HIGH" "nextgen-gallery 2.0.0 gallerypath.Parameter.Stored.XSS HIGH" "nextgen-gallery 2.0.0 Full.Path.Disclosure CRITICAL" "ninja-job-board 1.3.3 Resume.Disclosure.via.Directory.Listing MEDIUM" "novo-map No.known.fix CSRF MEDIUM" "nice-paypal-button-lite No.known.fix CSRF MEDIUM" "news-wall No.known.fix Cross-Site.Request.Forgery.to.Plugin.Settings.Update MEDIUM" "new-adman No.known.fix Settings.Update.via.CSRF MEDIUM" "new-adman No.known.fix Admin+.Stored.XSS LOW" "new-user-approve 2.5.2 Cross-Site.Request.Forgery.via.admin_notices MEDIUM" "new-user-approve 2.5.1 Reflected.Cross-Site.Scripting MEDIUM" "new-user-approve 2.4 Arbitrary.Settings.Update.&.Invitation.Code.Creation.via.CSRF MEDIUM" "new-user-approve 2.4.1 Reflected.Cross-Site.Scripting MEDIUM" "new-user-approve 2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "neuvoo-jobroll No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "n-media-woocommerce-checkout-fields 18.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "notifyvisitors-lead-form No.known.fix Admin+.Stored.XSS LOW" "nps-computy 2.7.6 Admin+.Stored.XSS LOW" "nps-computy 2.7.6 Results.Deletion.via.CSRF MEDIUM" "new-royalslider 3.4.3 Reflected.Cross-Site.Scripting MEDIUM" "nichetable 2.8.0 Reflected.Cross-Site.Scripting MEDIUM" "nichetable 2.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "nd-travel No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "nd-travel 1.7 Unauthenticated.Options.Change MEDIUM" "notice-board No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "nifty-coming-soon-and-under-construction-page 1.58 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "nextend-twitter-connect 1.5.2 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "navz-photo-gallery 2.7 Missing.Authorization MEDIUM" "navz-photo-gallery 2.0 Subscriber+.UserMeta.Update MEDIUM" "navz-photo-gallery 1.7.5 Reflected.Cross-Site.Scripting MEDIUM" "nova-blocks 2.1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.align.Attribute MEDIUM" "naver-map No.known.fix Contributor+.Stored.XSS MEDIUM" "netreviews 2.3.15 Admin+.Stored.XSS LOW" "newsletter-manager No.known.fix Unauthenticated.Insecure.Deserialisation HIGH" "newsletter-manager 1.5 Unauthenticated.Open.Redirect MEDIUM" "newsletter-manager 1.0.2 Authenticated.Reflected.Cross.Site.Scripting HIGH" "newsletter-manager 1.0.2 Cross-Site.Request.Forgery MEDIUM" "newspack-content-converter 1.0.0 Missing.Authorization MEDIUM" "ns-facebook-pixel-for-wp No.known.fix Admin+.Stored.XSS LOW" "nd-shortcodes 7.6 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "nd-shortcodes 7.0 Contributor+.Stored.XSS.via.Shortcodes MEDIUM" "nd-shortcodes 7.0 Subscriber+.LFI HIGH" "nd-shortcodes 6.0 Unauthenticated.WP.Options.Update MEDIUM" "new-image-gallery 1.4.6 Missing.Authorization MEDIUM" "netgsm No.known.fix Missing.Authorization MEDIUM" "netgsm 2.9.1 Reflected.Cross-Site.Scripting MEDIUM" "no-external-links No.known.fix Admin+.Stored.XSS LOW" "nexus No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "nexus No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "nexus No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "name-directory 1.29.1 Reflected.Cross-Site.Scripting MEDIUM" "name-directory 1.27.2 Settings.Update.via.CSRF MEDIUM" "name-directory 1.25.5 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "name-directory 1.25.4 Arbitrary.Directory/Name.Deletion.via.CSRF MEDIUM" "name-directory 1.25.4 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "name-directory 1.25.3 Reflected.Cross-Site.Scripting MEDIUM" "name-directory 1.18 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "nimble-builder 3.2.2 Reflected.Cross-Site.Scripting MEDIUM" "narnoo-distributor No.known.fix Unauthenticated.LFI.to.Arbitrary.File.Read./.RCE HIGH" "notification 6.1.0 Reflected.Cross-Site.Scripting MEDIUM" "notification 8.0.0 Admin+.Stored.Cross-Site.Scripting LOW" "new-video-gallery 1.5.4 Missing.Authorization MEDIUM" "nelio-content 3.2.1 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "notification-plus No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ns-coupon-to-become-customer No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "nex-forms 7.8.8 Authentication.Bypass.for.Excel.Reports MEDIUM" "nex-forms 7.8.8 Authentication.Bypass.for.PDF.Reports MEDIUM" "ni-purchase-orderpo-for-woocommerce 1.2.2 Admin+.File.Upload.to.Remote.Code.Execution MEDIUM" "nofollow-links 1.0.11 Cross-Site.Scripting.(XSS) MEDIUM" "noted-pro No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "noted-pro No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "nafeza-prayer-time No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "new-year-firework No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "nd-restaurant-reservations No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nd-restaurant-reservations 2.0 Directory.Traversal.to.Authenticated.(Contributor+).Local.File.Inclusion HIGH" "nd-restaurant-reservations 1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nd-restaurant-reservations 1.5 Unauthenticated.Options.Change CRITICAL" "newsletters-lite 4.9.9.3 Authenticated.Privilege.Escalation HIGH" "newsletters-lite 4.9.9 Reflected.Cross-Site.Scripting MEDIUM" "newsletters-lite 4.9.9.1 Unauthenticated.Full.Path.Disclosure MEDIUM" "newsletters-lite 4.9.8 Cross-Site.Request.Forgery MEDIUM" "newsletters-lite 4.9.6 Reflected.Cross-Site.Scripting MEDIUM" "newsletters-lite 4.9.6 Information.Exposure.via.Log.files MEDIUM" "newsletters-lite 4.9.6 Authenticated.(Admin+).Arbitrary.File.Upload CRITICAL" "newsletters-lite 4.9.3 Admin+.Command.Injection CRITICAL" "newsletters-lite 4.6.19 Multiple.Issues HIGH" "newsletters-lite 4.6.8.6 PHP.Object.Injection CRITICAL" "newspack-blocks 3.0.9 Authenticated.(Contributor+).Arbitrary.Directory.Deletion MEDIUM" "newspack-blocks 3.0.9 Authenticated.(Contributor+).Arbitrary.File.Upload CRITICAL" "newspack-blocks 3.0.9 Missing.Authorization MEDIUM" "newspack-blocks 3.0.9 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "new-grid-gallery 1.4.4 Contributor+.PHP.Object.Injection.via.shortcode MEDIUM" "new-grid-gallery 1.2.5 Authenticated.Stored.Cross.Site.Scripting.(XSS) LOW" "newsletter-bulk-email No.known.fix Contributor+.Stored.XSS MEDIUM" "nd-elements 2.2 Authenticated.(Contributor+).Local.File.Inclusion.via.Multiple.Widget.Attributes HIGH" "ni-woocommerce-sales-report 3.7.4 Subscriber+.Sale.&.Order.Reports.Access MEDIUM" "nktagcloud No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "neon-text 1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "novelist 1.2.3 Cross-Site.Request.Forgery MEDIUM" "novelist 1.2.1 Admin+.Stored.XSS MEDIUM" "nextgen-gallery-pro 3.1.11 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "oliver-pos 2.4.1.9 Cross-Site.Request.Forgery MEDIUM" "oliver-pos 2.4.2.1 Subscriber+.Unauthorized.AJAX.Calls MEDIUM" "order-tracking 3.3.13 Missing.Authorization.via.send_test_email() MEDIUM" "order-tracking 3.3.7 Admin+.Stored.Cross-Site.Scripting LOW" "order-tracking 3.3.7 Reflected.Cross-Site.Scripting HIGH" "one-user-avatar 2.3.7 Avatar.Update.via.CSRF LOW" "one-user-avatar 2.3.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "order-export-and-more-for-woocommerce 3.24 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "oauth-client 1.11.4 Authenticated.Bypass CRITICAL" "one-click-close-comments No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "one-click-login No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ovic-import-demo No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Download MEDIUM" "options-for-twenty-seventeen 2.5.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "ota-sync-booking-engine-widget No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "oauth2-server No.known.fix Authentication.Bypass MEDIUM" "oxygen 4.4 CSRF MEDIUM" "ooohboi-steroids-for-elementor 2.1.5 Arbitrary.File.Upload MEDIUM" "ooohboi-steroids-for-elementor 2.1.5 Subscriber+.Attachment.Deletion MEDIUM" "oik 4.12.1 Cross-Site.Request.Forgery MEDIUM" "oik 4.12.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.bw_button.Shortcode MEDIUM" "oik 4.10.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "out-of-stock-display-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "onwebchat 3.2.0 Live.support.<.3.2.0.-.Cross-Site.Request.Forgery MEDIUM" "olive-one-click-demo-import No.known.fix Unauthenticated.Information.Exposure MEDIUM" "olive-one-click-demo-import 1.1.2 Missing.Authorization MEDIUM" "olive-one-click-demo-import No.known.fix Admin+.Arbitrary.File.Upload MEDIUM" "oxyextras 1.4.5 Unauthenticated.Cross-Site.Scripting MEDIUM" "one-page-blocks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "one-page-blocks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "one-page-blocks No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "opal-widgets-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "obfuscate-email No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "orbisius-child-theme-creator 1.5.5 Reflected.Cross-Site.Scripting MEDIUM" "orbisius-child-theme-creator 1.5.2 CSRF.to.Arbitrary.File.Modification/Creation HIGH" "orbisius-child-theme-creator 1.2.8 Arbitrary.File.Write MEDIUM" "otp-easy-login-with-mocean No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "openpgp-form-encryption 1.5.1 Contributor+.Stored.XSS MEDIUM" "oauth-twitter-feed-for-developers No.known.fix Admin+.Stored.XSS LOW" "open-social No.known.fix Admin+.Stored.XSS LOW" "order-your-posts-manually No.known.fix Admin+.SQLi MEDIUM" "order-your-posts-manually No.known.fix Reflected.XSS HIGH" "optinmonster 2.16.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "optinmonster 2.16.0 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "optinmonster 2.12.2 Subscriber+.Arbitrary.Post.Content.Disclosure MEDIUM" "optinmonster 2.6.5 Unprotected.REST-API.Endpoints HIGH" "optinmonster 2.6.1 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "optinmonster 1.1.4.6 Execution.of.Arbitrary.Shortcodes MEDIUM" "og-tags 2.0.2 Plugin's.Settings.Update.via.CSRF MEDIUM" "outbound-link-manager No.known.fix Settings.Update.via.CSRF MEDIUM" "open-user-map 1.3.27 Admin+.Stored.XSS LOW" "open-user-map 1.3.15 Reflected.Cross-Site.Scripting MEDIUM" "open-user-map 1.2.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "open-external-links-in-a-new-window 1.43 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "open-external-links-in-a-new-window 1.43 Tabnabbing LOW" "optinly 1.0.19 Missing.Authorization MEDIUM" "optinly 1.0.16 CSRF MEDIUM" "openbook-book-data No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "opening-hours 1.47 Admin+.Stored.XSS LOW" "opening-hours 1.46 Cross-Site.Request.Forgery MEDIUM" "opening-hours 1.45 Missing.Authorization MEDIUM" "opening-hours 1.42 Admin+.Stored.Cross-Site.Scripting LOW" "opening-hours 1.38 Admin+.Stored.XSS LOW" "octrace-support 1.2.5 Reflected.Cross-Site.Scripting MEDIUM" "octrace-support 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ocean-extra 2.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ocean-extra 2.2.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Flickr.Widget MEDIUM" "ocean-extra 2.2.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "ocean-extra 2.2.5 Contributor+.Stored.XSS MEDIUM" "ocean-extra 2.2.3 Cross-Site.Request.Forgery.to.Arbitrary.Plugin.Activation MEDIUM" "ocean-extra 2.1.8 Reflected.Cross-Site.Scripting MEDIUM" "ocean-extra 2.1.3 Subscriber+.Arbitrary.Post.Content.Disclosure MEDIUM" "ocean-extra 2.1.3 Contributor+.Stored.XSS MEDIUM" "ocean-extra 2.1.2 Contributor+.Stored.XSS MEDIUM" "ocean-extra 2.0.5 Admin+.PHP.Objection.Injection MEDIUM" "ocean-extra 1.9.5 Reflected.Cross-Site.Scripting MEDIUM" "ocean-extra 1.9.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ocean-extra 1.6.6 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "ocean-extra 1.5.9 Unauthenticated.Settings.change.and.CSS.injection HIGH" "organization-chart 1.5.1 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.title_input.and.node_description.Parameters MEDIUM" "organization-chart 1.4.5 Multiple.CSRF MEDIUM" "organization-chart 1.4.5 Admin+.Stored.XSS LOW" "online-accessibility No.known.fix Subscriber+.SQLi HIGH" "online-accessibility No.known.fix Subscriber+.SQLi MEDIUM" "optin-forms 1.3.7 Admin+.Stored.Cross-Site.Scripting LOW" "optin-forms 1.3.3 Admin+.Stored.XSS LOW" "opal-membership No.known.fix Authenticated.(Subscriber+).Information.Disclosure MEDIUM" "opal-membership No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "order-redirects-for-woocommerce 0.8.1 Reflected.Cross-Site.Scripting MEDIUM" "oneclick-whatsapp-order 1.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "oneclick-whatsapp-order 1.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "oneclick-whatsapp-order 1.0.5 Admin+.Stored.XSS LOW" "oneclick-whatsapp-order 1.0.4.2 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "orange-form No.known.fix SQL.Injection.via.CSRF HIGH" "orange-form No.known.fix Unauthenticated.Arbitrary.Post.Deletion CRITICAL" "official-mailerlite-sign-up-forms 1.7.7 1.7.6.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "official-mailerlite-sign-up-forms 1.7.7 Missing.Authorization MEDIUM" "official-mailerlite-sign-up-forms 1.5.8 Signup.forms.(official).<.1.5.8.-.API.Key.Update.via.CSRF MEDIUM" "official-mailerlite-sign-up-forms 1.5.4 Reflected.Cross-Site.Scripting MEDIUM" "official-mailerlite-sign-up-forms 1.4.5 Multiple.CSRF.Issues HIGH" "official-mailerlite-sign-up-forms 1.4.4 Unauthenticated.SQL.Injection CRITICAL" "osd-subscribe No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "osm No.known.fix Authenticated.(Contributor+).SQL.Injection CRITICAL" "osm No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "osm No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "osm No.known.fix CSRF MEDIUM" "order-import-export-for-woocommerce 2.5.0 Authenticated.(Administrator+).PHP.Object.Injection HIGH" "order-import-export-for-woocommerce 2.4.4 Shop.Manager+.Arbitrary.File.Upload HIGH" "open-rdw-kenteken-voertuiginformatie 2.1.0 Reflected.XSS HIGH" "order-tip-woo 1.4.0 Missing.Authorization.to.Unauthenticated.Data.Export MEDIUM" "open-graphite 1.6.1 Reflected.Cross-Site.Scripting HIGH" "order-delivery-date-for-woocommerce 3.21.1 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "order-delivery-date-for-woocommerce 3.20.1 Reflected.XSS HIGH" "opti-marketing No.known.fix Unauthenticated.SQLi HIGH" "onclick-show-popup 6.6 Admin+.Stored.XSS LOW" "otter-pro 2.6.12 Authenticated.(Subscriber+).Information.Exposure MEDIUM" "otter-pro 2.6.4 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.File.Field.CSS MEDIUM" "otter-pro 2.6.4 Unauthenticated.Stored.Cross-Site.Scripting.via.SVG.Upload MEDIUM" "otter-blocks 2.6.10 Contributor+.Stored.XSS.via.titleTag MEDIUM" "otter-blocks 2.6.9 Contributor+.Stored.Cross-Site.Scripting.via.Block.Attributes MEDIUM" "otter-blocks 2.6.9 Author+.Stored.XSS.via.SVG.Upload MEDIUM" "otter-blocks 2.6.6 Contributor+.Stored.XSS MEDIUM" "otter-blocks 2.6.6 Contributor+.Stored.XSS MEDIUM" "otter-blocks 2.6.5 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "otter-blocks 2.2.6 Gutenberg.Blocks.<.2.2.6.-.Author+.PHAR.Deserialization MEDIUM" "official-facebook-pixel 3.0.0 PHP.Object.Injection.with.POP.Chain CRITICAL" "official-facebook-pixel 3.0.4 CSRF.to.Stored.XSS.and.Settings.Deletion HIGH" "osmapper No.known.fix Unauthenticated.Arbitrary.Post.Deletion HIGH" "one-click-ssl 1.4.7 Multiple.Issues HIGH" "order-auto-complete-for-woocommerce 1.2.1 Admin+.Stored.XSS LOW" "original-texts-yandex-webmaster No.known.fix Cross-Site.Request.Forgery MEDIUM" "owm-weather 5.6.12 Post.Duplication.via.CSRF MEDIUM" "owm-weather 5.6.9 Contributor+.SQLi HIGH" "option-tree 2.7.3 Object.Injection.Bypass CRITICAL" "option-tree 2.7.0 PHP.Object.Injection CRITICAL" "option-tree 2.6.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "option-tree 2.5.4 XSS MEDIUM" "omnisend-connect 1.14.4 Cross-Site.Request.Forgery MEDIUM" "omnisend-connect 1.13.9 Sensitive.Information.Exposure MEDIUM" "one-click-plugin-updater No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "ovic-vc-addon No.known.fix Missing.Authorization MEDIUM" "ovic-vc-addon 1.2.9 Subscriber+.Option.Update HIGH" "optimole-wp 3.13.0 Author+.Stored.Cross-Site.Scripting.via.SVG.Upload MEDIUM" "optimole-wp 3.3.2 Admin+.Stored.Cross-Site.Scripting LOW" "ocim-mp3 No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "order-delivery-date No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "order-delivery-date No.known.fix Admin+.Stored.XSS LOW" "order-delivery-date No.known.fix Settings.Update.via.CSRF MEDIUM" "opcache No.known.fix Reflected.XSS HIGH" "one-click-order-reorder 1.1.10 Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "olivewp-companion No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "official-sendle-shipping-method 5.18 Reflected.XSS HIGH" "oembed-gist No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "onesignal-free-web-push-notifications 1.17.8 Stored.XSS MEDIUM" "oopspam-anti-spam 1.1.45 Cross-Site.Request.Forgery MEDIUM" "oopspam-anti-spam 1.1.36 Admin+.Stored.XSS LOW" "osm-map-elementor 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "oss-aliyun 1.4.11 Authenticated.(Administrator+).SQL.Injection CRITICAL" "open-graph-metabox No.known.fix CSRF MEDIUM" "openid No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "one-page-express-companion 1.6.38 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.one_page_express_contact_form.Shortcode MEDIUM" "oi-yamaps No.known.fix Contributor+.Stored.XSS MEDIUM" "olimometer 2.57 Unauthenticated.SQL.Injection CRITICAL" "ovic-addon-toolkit No.known.fix Missing.Authorization MEDIUM" "oauth2-provider 4.4.0 Open.Redirect MEDIUM" "oauth2-provider 4.3.0 Subscriber+.Arbitrary.Client.Deletion MEDIUM" "oauth2-provider 4.2.5 Arbitrary.Post.Deletion.via.CSRF MEDIUM" "oauth2-provider 3.4.2 Client.Secret.Regeneration.via.CSRF MEDIUM" "oauth2-provider 4.2.2 Admin+.Stored.XSS LOW" "oauth2-provider 3.1.5 Insecure.Pseudor&om.Number.Generation CRITICAL" "only-tweet-like-share-and-google-1 No.known.fix Admin+.Stored.XSS LOW" "order-on-chat-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "order-on-chat-for-woocommerce 1.6.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "onelogin-saml-sso 2.4.3 Signature.Wrapping HIGH" "official-statcounter-plugin-for-wordpress 2.0.7 Admin+.Stored.Cross-Site.Scripting LOW" "oxygenbuilder 4.9 Missing.Authorization.to.Authenticated.(Subscriber+).Stylesheet.Update MEDIUM" "oxygenbuilder 4.8.3 Authenticated.(Contributor+).Remote.Code.Execution HIGH" "oxygenbuilder 4.8.1 Contributor+.Stored.XSS MEDIUM" "opal-estate No.known.fix CSRF.Bypass MEDIUM" "opal-estate No.known.fix Missing.Authorization MEDIUM" "opal-estate No.known.fix Cross-Site.Request.Forgery MEDIUM" "overlay-image-divi-module 1.5 Reflected.Cross-Site.Scripting MEDIUM" "overlay-image-divi-module 1.3.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "order-and-inventory-manager-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "order-and-inventory-manager-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "opal-estate-pro No.known.fix Contributor+.Stored.XSS MEDIUM" "olympus-google-fonts 3.7.8 Cross-Site.Request.Forgery MEDIUM" "olympus-google-fonts 3.7.8 Missing.Authorization MEDIUM" "olympus-google-fonts 3.0.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "online-lesson-booking-system 0.8.7 CSRF.&.XSS HIGH" "order-picking-for-woocommerce 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "off-canvas-sidebars 0.5.8.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ovic-product-bundle No.known.fix Missing.Authorization MEDIUM" "opal-hotel-room-booking No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "optima-express 7.3.1 Admin+.Stored.XSS LOW" "offload-videos-bunny-netaws-s3 1.0.1 Offload.Videos.–.Bunny,net,.AWS.S3.<=.1,0,1.Subscriber+.CSRF MEDIUM" "one-click-demo-import 3.2.1 Authenticated.(Admin+).PHP.Object.Injection HIGH" "one-click-demo-import 3.1.0 Admin+.Arbitrary.File.Upload MEDIUM" "out-of-the-box 1.20.3 Reflected.Cross-Site.Scripting MEDIUM" "owl-carousel No.known.fix Contributor+.Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "oauth-client-for-user-authentication 3.0.4 Unauthenticated.Settings.Update.to.Authentication.Bypass CRITICAL" "opensea No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "opensea 1.0.3 Admin+.Stored.XSS MEDIUM" "opensea 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "olevmedia-shortcodes No.known.fix Contributor+.Stored.XSS MEDIUM" "olevmedia-shortcodes 1.1.9 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "ops-robots-txt 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "opengraph 1.11.3 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "payment-form-for-paypal-pro 1.1.65 Unauthenticated.SQL.Injection CRITICAL" "payment-form-for-paypal-pro 1.0.2 Multiple.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "pmpro-membership-maps 0.7 Membership.Maps.Add.On.<.0.7.-.Contributor+.Sensitive.Information.Disclosure MEDIUM" "prevent-content-copy-image-save No.known.fix CSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "premium-blog-addons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "photographer-directory 1.0.9 Subscriber+.Privilege.Escalation CRITICAL" "pearl-header-builder 1.3.8 Missing.Authorization.to.Unauthenticated.Arbitrary.Site.Options.Deletion MEDIUM" "pearl-header-builder 1.3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "pearl-header-builder 1.3.5 CSRF MEDIUM" "product-size-chart-for-woo 1.1.6 Settings.Update.via.CSRF MEDIUM" "private-files No.known.fix Protection.Disabling.via.CSRF MEDIUM" "product-filter-for-woocommerce-product No.known.fix Unauthenticated.SQLi HIGH" "pdf-invoices-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "plausible-analytics 1.3.4 Reflected.XSS HIGH" "plausible-analytics 1.2.4 Subscriber+.Arbitrary.Settings.Update MEDIUM" "plausible-analytics 1.2.3 Admin+.Stored.Cross-Site.Scripting MEDIUM" "pretty-link 3.6.3 Reflected.Cross-Site.Scripting.via.post_status HIGH" "pretty-link 3.6.4 Plugin.Settings.Update.via.CSRF MEDIUM" "pretty-link 3.4.1 Link.Visit.Stats.Clear.via.CSRF MEDIUM" "pretty-link 2.1.10 Stored.XSS.and.CSV.Injection HIGH" "pretty-link 1.6.8 Authenticated.SQL.Injection MEDIUM" "pmpro-member-directory 1.2.6 Member.Directory.Add.On.<.1.2.6.-.Contributor+.Sensitive.Information.Disclosure.and.SQLi MEDIUM" "print-page 1.0.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pressference-exporter No.known.fix Authenticated.(Administrator+).SQL.Injection HIGH" "pdq-csv 2.0.0 Admin+.Stored.Cross-Site.Scripting LOW" "play-ht No.known.fix Missing.Authorization MEDIUM" "play-ht No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "play-ht No.known.fix Missing.Authorization MEDIUM" "play-ht No.known.fix Cross-Site.Request.Forgery MEDIUM" "product-import-export-for-woo 2.4.2 Authenticated(Shop.Manager+).Arbitrary.File.Upload HIGH" "product-import-export-for-woo 2.3.8 Shop.Manager+.Arbitrary.File.Upload.via.upload_import_file HIGH" "payhere-payment-gateway 2.2.12 Unauthenticated.Log.Data.Disclosure MEDIUM" "polo-video-gallery No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "player No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "player No.known.fix Reflected.XSS HIGH" "pure-chat 2.23 Cross-Site.Request.Forgery MEDIUM" "pure-chat No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "product-catalog-feed 2.2.0 Cross-Site.Request.Forgery MEDIUM" "product-catalog-feed 2.1.1 Reflected.XSS HIGH" "product-catalog-feed 2.1.1 Reflected.XSS HIGH" "pdf-viewer-by-themencode 2.9.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "price-bands-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "price-bands-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "price-bands-for-woocommerce No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "pdf24-post-to-pdf No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "payments-stripe-gateway No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "payments-stripe-gateway 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "post-indexer 3.0.6.2 PHP.Object.Injection.via.MitM HIGH" "post-indexer 3.0.6.2 Authenticated.SQL.Injection HIGH" "paypal-payment-button-by-vcita No.known.fix CSRF.to.Stored.XSS.in.settings.page MEDIUM" "paypal-payment-button-by-vcita 3.10.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "pwa-for-wp 1.7.72 PWA.For.WP.&.AMP.<.1,7,72.Administrator+.Stored.XSS LOW" "pwa-for-wp 1.7.33 Authenticated.(Subscriber+).Settings.Change MEDIUM" "pwa-for-wp 1.7.33 Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "pixel-for-web-stories 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "post-list-designer 3.3.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "post-list-designer 3.3.1 Reflected.Cross-Site.Scripting MEDIUM" "post-list-designer 3.2 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "post-list-designer 2.1.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "post-title-counter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pb-seo-friendly-images No.known.fix Admin+.Stored.XSS LOW" "product-configurator-for-woocommerce 1.2.32 Unauthenticated.Arbitrary.File.Deletion HIGH" "pocket-news-generator No.known.fix .Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "pocket-news-generator No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-pinterest No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-pinterest No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pods 3.2.1.1 Contributor+.Stored.Cross-Site.Scripting.via.Pod.Form.Redirect.URL MEDIUM" "pods 3.1 Contributor+.Remote.Code.Execution HIGH" "pods 3.1 Contributor+.Pods/Users.Creation MEDIUM" "pods 3.1 Contributor+.SQLi MEDIUM" "pods 2.8.0 Reflected.Cross-Site.Scripting MEDIUM" "pods 2.9.11 Pods.Deletion.via.CSRF MEDIUM" "pods 2.7.29 Multiple.Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "pods 2.7.27 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "pods 2.7.27 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "process-steps-template-designer 1.3 CSRF.to.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "peepso-photos 6.3.1.0 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "podcast-box No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "podcast-box 1.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "personalize-woocommerce-cart-page 2.5 Cross-Site.Request.Forgery.(CSRF) HIGH" "preloader-for-website 1.3 Missing.Authorization.via.plwao_register_settings() MEDIUM" "premium-blocks-for-gutenberg 2.1.28 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pdf-viewer-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.render MEDIUM" "pdf-viewer-for-elementor No.known.fix Arbitrary.JavaScript.Execution MEDIUM" "pdf-viewer-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pdf-embedder 4.8.0 Arbitrary.JavaScript.Execution MEDIUM" "pdf-embedder 4.7.1 Contributor+.Stored.XSS MEDIUM" "power-ups-for-elementor 1.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pinterest-rss-widget No.known.fix Contributor+.Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "photospace No.known.fix Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "photospace No.known.fix Subscriber+.Arbitrary.Settings.Update MEDIUM" "product-input-fields-for-woocommerce 1.8.0 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "product-input-fields-for-woocommerce 1.2.7 Unauthenticated.File.Download HIGH" "phppoet-checkout-fields 3.5.13 Unauthenticated.Arbitrary.File.Upload CRITICAL" "premmerce-woocommerce-toolkit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-toolkit No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "preprocess-dezrez No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "preprocess-dezrez No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pi-woocommerce-order-date-time-and-type 3.0.20 Admin+.Stored.XSS LOW" "post-type-archive-mapping No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-type-archive-mapping 5.3.0 Missing.Authorization.via.REST.Routes MEDIUM" "prenotazioni No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "push-notification-for-post-and-buddypress 1.9.4 Multiple.Unauthenticated.SQLi HIGH" "photoxhibit No.known.fix Reflected.XSS.Issues MEDIUM" "post-carousel-divi 1.2 Reflected.Cross-Site.Scripting MEDIUM" "post-carousel-divi 1.1.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "private-google-calendars 20240106 Contributor+.Stored.XSS MEDIUM" "pardot 2.1.1 Missing.Authorization MEDIUM" "portfolio-filter-gallery 1.6.5 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "portfolio-filter-gallery 1.5.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "plerdy-heatmap 1.3.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "primary-addon-for-elementor 1.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Pricing.Table.Widget MEDIUM" "primary-addon-for-elementor 1.5.3 Reflected.Cross-Site.Scripting MEDIUM" "primary-addon-for-elementor 1.5.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pixtypes No.known.fix Reflected.XSS HIGH" "pixtypes 1.4.15 Cross-Site.Request.Forgery MEDIUM" "popup-maker-wp 1.3.7 Subscriber+.Stored.XSS HIGH" "prime-mover 1.9.3 Directory.Listing.to.Sensitive.Data.Exposure HIGH" "prime-mover 1.8.8 Reflected.Cross-Site.Scripting MEDIUM" "prime-mover 1.5.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pray-for-me No.known.fix Settings.Update.via.CSRF MEDIUM" "pray-for-me No.known.fix Unauthenticated.Stored.XSS HIGH" "popup-builder No.known.fix Sensitive.Information.Exposure.via.Imported.Subscribers.CSV.File MEDIUM" "popup-builder 4.3.2 Missing.Authorization.in.Multiple.AJAX.Actions HIGH" "popup-builder 4.3.2 Missing.Authorization.and.Nonce.Exposure HIGH" "popup-builder 4.3.0 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Custom.JS MEDIUM" "popup-builder 4.2.7 Contributor.Stored.XSS MEDIUM" "popup-builder 4.2.6 Admin+.SSRF.&.File.Read MEDIUM" "popup-builder 4.2.3 Unauthenticated.Stored.XSS HIGH" "popup-builder 4.2.0 Admin+.Stored.Cross-Site.Scripting LOW" "popup-builder 4.1.12 Settings.Update.via.CSRF MEDIUM" "popup-builder 4.1.11 Admin+.Stored.Cross-Site.Scripting LOW" "popup-builder 4.1.1 Popup.Status.Change.via.CSRF MEDIUM" "popup-builder 4.1.1 SQL.Injection.to.Reflected.Cross-Site.Scripting MEDIUM" "popup-builder 4.0.7 LFI.to.RCE CRITICAL" "popup-builder 4.0.7 Admin+.SQL.Injection MEDIUM" "popup-builder 3.74 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "popup-builder 3.64.1 Multiple.Issues MEDIUM" "popup-builder 3.0 SQL.injection.via.PHP.Deserialization CRITICAL" "popup-builder 3.45 SQL.Injection CRITICAL" "pmpro-mailchimp 2.3.5 Unauthenticated.Information.Disclosure MEDIUM" "powerpress 11.9.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.media_url.Parameter MEDIUM" "powerpress 11.9.6 Injected.Backdoor CRITICAL" "powerpress 11.0.12 Contributor+.Stored.XSS HIGH" "powerpress 11.0.7 Contributor+.SSRF MEDIUM" "powerpress 10.0.2 Contributor+.Stored.XSS MEDIUM" "powerpress 10.0.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "powerpress 8.3.8 Authenticated.Arbitrary.File.Upload.leading.to.RCE CRITICAL" "powerpress 6.0.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "powerpress 6.0.1 Cross-Site.Scripting.(XSS) CRITICAL" "pdf-generator-for-wp 1.1.2 Reflected.XSS HIGH" "product-delivery-date 1.1.5 Reflected.Cross-Site.Scripting MEDIUM" "paypal-donations 1.9.9 Admin+.Stored.XSS LOW" "popup-by-supsystic 1.10.28 Missing.Authorization MEDIUM" "popup-by-supsystic 1.10.20 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "popup-by-supsystic 1.10.19 Prototype.Pollution MEDIUM" "popup-by-supsystic 1.10.9 Unauthenticated.Subscriber.Email.Addresses.Disclosure HIGH" "popup-by-supsystic 1.10.5 Reflected.Cross-Site.scripting.(XSS) HIGH" "popup-by-supsystic 1.7.9 Cross-Site.Request.Forgery.(CSRF) HIGH" "popup4phone No.known.fix Editor+.Stored.XSS LOW" "popup4phone No.known.fix Unauthenticated.Stored.XSS HIGH" "preferred-languages 2.3.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "premmerce-redirect-manager 1.0.12 Admin+.Stored.XSS MEDIUM" "premmerce-redirect-manager 1.0.10 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-redirect-manager 1.0.12 Admin+.Stored.XSS LOW" "premmerce-redirect-manager 1.0.11 Cross-Site.Request.Forgery MEDIUM" "premmerce-redirect-manager 1.0.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "popup-more 2.3.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "popup-more 2.2.5 Admin+.Directory.Traversal.to.Limited.Local.File.Inclusion MEDIUM" "pepro-cf7-database No.known.fix Cross-Site.Request.Forgery MEDIUM" "pepro-cf7-database 1.8.0 Unauthenticated.Stored.XSS HIGH" "portfolio-elementor 3.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "portfolio-elementor 2.3.1 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "portfolio-elementor 2.1.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "payflex-payment-gateway 2.6.0 Missing.Authorization.to.Order.Status.Update MEDIUM" "pop-up-pop-up 1.2.0 Subscriber+.Plugin.Installation MEDIUM" "pop-up-pop-up 1.2.0 Plugin.Installation.via.CSRF MEDIUM" "pop-up-pop-up 1.1.6 Arbitrary.Settings.Update.via.CSRF MEDIUM" "pdf-light-viewer 1.4.12 Authenticated.Command.Injection LOW" "pagerank-tools No.known.fix Reflected.XSS HIGH" "pirate-forms 2.5.2 HTML.Injection.&.CSRF MEDIUM" "progress-planner 0.9.2 Missing.Authorization MEDIUM" "progress-planner 0.9.3 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "page-visit-counter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "page-visit-counter No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "paypal-pay-buy-donation-and-cart-buttons-shortcode No.known.fix Admin+.Stored.XSS LOW" "paypal-pay-buy-donation-and-cart-buttons-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "paypal-pay-buy-donation-and-cart-buttons-shortcode No.known.fix .Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "perelandra-sermons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "perelandra-sermons No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "perelandra-sermons No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "profilegrid-user-profiles-groups-and-communities 5.9.0 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.0 Authenticated.(Subscriber+).Authorization.Bypass.to.Privilege.Escalation HIGH" "profilegrid-user-profiles-groups-and-communities 5.8.8 Missing.Authorization MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.8.7 Missing.Authorization MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.7.2 Authenticated.(Contributor+).SQL.Injection MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.8.0 Insecure.Direct.Object.Reference MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.8.3 Bypass.Group.Members.Limit MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.8.0 Insecure.Direct.Object.Reference MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.8.4 Missing.Authorization MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.7.9 Cross-Site.Request.Forgery MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.7.7 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.7.9 Unauthenticated.SQL.Injection CRITICAL" "profilegrid-user-profiles-groups-and-communities 5.7.3 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.7.9 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "profilegrid-user-profiles-groups-and-communities 5.6.7 Missing.Authorization MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.7.2 Cross-Site.Request.Forgery MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.5.3 Group.Owner+.Unauthorized.Data.Modification HIGH" "profilegrid-user-profiles-groups-and-communities 5.5.2 Subscriber+.Unauthorized.Data.Modification MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.5.2 Subscriber+.Arbitrary.Option.Update HIGH" "profilegrid-user-profiles-groups-and-communities 5.3.1 Subscriber+.Arbitrary.Password.Reset HIGH" "profilegrid-user-profiles-groups-and-communities 5.1.8 Subscriber+.CSV.Injection MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.0.4 Subscriber+.Private.Message.Read/Edition MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.1.1 Reflected.Cross-Site.Scripting MEDIUM" "profilegrid-user-profiles-groups-and-communities 4.7.5 Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "profilegrid-user-profiles-groups-and-communities 2.8.6 Authenticated.Code.Execution HIGH" "popcashnet-code-integration-tool 1.1 Cross-Site.Scripting.(XSS) MEDIUM" "polldaddy 3.1.0 Rating.Update.via.CSRF MEDIUM" "polldaddy 3.1.0 Reflected.Cross-Site.Scripting HIGH" "polldaddy 3.0.10 Contributor+.Rating.Settings.Update MEDIUM" "polldaddy 3.0.8 Reflected.Cross-Site.Scripting MEDIUM" "photo-video-gallery-master No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "prdctfltr 8.2.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "page-views-count 2.6.1 Contributor+.Stored.XSS MEDIUM" "page-views-count 2.5.6 Settings.Reset.via.CSRF MEDIUM" "page-views-count 2.4.15 Unauthenticated.SQL.Injection HIGH" "page-views-count 2.4.9 Contributor+.Stored.XSS MEDIUM" "ptoffice-sign-ups No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "popup-contact-form No.known.fix Admin+.Stored.XSS LOW" "popup-contact-form No.known.fix Admin+.Stored.XSS LOW" "panda-pods-repeater-field 1.5.4 Reflected.XSS HIGH" "page-layout-builder No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "premium-addons-pro 2.9.14 Contributor+.Stored.XSS MEDIUM" "premium-addons-pro 2.9.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Custom.Mouse.Cursor.Module MEDIUM" "premium-addons-pro 2.9.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Premium.Magic.Scroll.Module MEDIUM" "premium-addons-pro 2.9.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Messenger.Chat.Widget MEDIUM" "premium-addons-pro 2.9.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multi.Scroll.Widget MEDIUM" "premium-addons-pro 2.9.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Global.Badge.Module MEDIUM" "premium-addons-pro 2.9.13 .Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.widget.link MEDIUM" "premium-addons-pro 2.8.25 Reflected.XSS HIGH" "postaffiliatepro 1.26.10 Admin+.Stored.XSS LOW" "projectopia-core 5.1.5 Reflected.Cross-Site.Scripting MEDIUM" "projectopia-core 5.0.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "premmerce-search 2.2.4 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-search 2.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "parallax-image 1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "persian-woocommerce 9.0.0 Missing.Authorization MEDIUM" "persian-woocommerce 5.9.8 Reflected.Cross-Site.Scripting MEDIUM" "post-slider-and-carousel 3.2.1 Reflected.Cross-Site.Scripting MEDIUM" "post-slider-and-carousel 2.1.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "perelink No.known.fix Settings.Update.via.CSRF MEDIUM" "preview-link-generator 1.0.4 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "pressforward 5.2.4 Reflected.Cross-Site.Scripting.(XSS) HIGH" "product-blocks 3.1.5 PHP.Object.Injection.via.wopb_wishlist.and.wopb_compare CRITICAL" "product-blocks 3.0.0 Missing.Authorization.via.option_data_save MEDIUM" "patreon-connect 1.9.1 Protection.Mechanism.Bypass MEDIUM" "patreon-connect 1.8.8 Cross-Site.Request.Forgery MEDIUM" "patreon-connect 1.8.2 Admin+.Stored.Cross-Site.Scripting LOW" "patreon-connect 1.7.2 Reflected.XSS.on.Login.Form HIGH" "patreon-connect 1.7.0 Unauthenticated.Local.File.Disclosure HIGH" "patreon-connect 1.7.0 CSRF.to.Disconnect.Sites.From.Patreon MEDIUM" "patreon-connect 1.7.2 Reflected.XSS.on.patreon_save_attachment_patreon_level.AJAX.action HIGH" "patreon-connect 1.7.0 CSRF.to.Overwrite/Create.User.Meta MEDIUM" "patreon-connect 1.2.2 PHP.Object.Injection CRITICAL" "plugin-logic 1.0.8 Admin+.SQLi MEDIUM" "perfect-survey 1.5.2 Unauthenticated.SQL.Injection HIGH" "perfect-survey No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "perfect-survey 1.5.2 Unauthorised.AJAX.Call.to.Stored.XSS./.Survey.Settings.Update HIGH" "perfect-survey 1.5.2 Reflected.Cross-Site.Scripting HIGH" "petfinder-listings 1.1 Admin+.Stored.Cross-Site.Scripting LOW" "pagemash No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "premmerce-user-roles 1.0.13 Missing.Authorization.via.role.management.functions HIGH" "premmerce-user-roles 1.0.12 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-user-roles 1.0.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pdf-block No.known.fix Contributor+.Stored.XSS MEDIUM" "pets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pets 1.4.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "password-protect-page 1.9.0 .Protection.Mechanism.Bypass MEDIUM" "password-protect-page 1.8.6 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "preloader-for-divi No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "preloader-for-divi No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "personal-dictionary 1.3.4 Unauthenticated.SQLi HIGH" "parsi-font 4.3 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "protected-page No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "protected-page No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pre-publish-checklist 1.1.2 Insecure.Direct.Object.Reference.to.Arbitrary.Post.'_ppc_meta_key'.Update MEDIUM" "pz-linkcard 2.5.3 Reflected.XSS HIGH" "pz-linkcard 2.5.3 Admin+.Stored.XSS LOW" "pz-linkcard 2.5.3 Contributor+.SSRF LOW" "pz-linkcard 2.5.3 Caching.Management.via.CSRF MEDIUM" "pz-linkcard 2.4.5.3 Reflected.Cross-Site.Scripting MEDIUM" "parcelpanel 4.3.3 Reflected.Cross-Site.Scripting MEDIUM" "parcelpanel 3.9.0 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "pricing-table No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "page-loading-effects 3.0.0 Admin+.Stored.XSS LOW" "pet-manager No.known.fix Reflected.XSS HIGH" "pet-manager No.known.fix Contributor+.Stored.XSS MEDIUM" "post-duplicator 2.32 Missing.Authorization.via.mtphr_duplicate_post MEDIUM" "post-duplicator 2.27 Admin+.Stored.Cross-Site.Scripting LOW" "project-app No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "peters-collaboration-e-mails No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "pretty-url No.known.fix Admin+.Stored.XSS.in.plugin.settings LOW" "preloader-plus No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "preloader-plus 2.1 Reflected.Cross-Site.Scripting MEDIUM" "pvn-auth-popup No.known.fix Contributor+.XSS.via.Shortcode MEDIUM" "pvn-auth-popup No.known.fix Admin+.Stored.XSS LOW" "powerpack-lite-for-elementor 2.7.21 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Link.Effects.Widget MEDIUM" "powerpack-lite-for-elementor 2.7.20 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "powerpack-lite-for-elementor 2.7.18 Contributor+.Stored.XSS MEDIUM" "powerpack-lite-for-elementor 2.7.19 Contributor+.Stored.XSS MEDIUM" "powerpack-lite-for-elementor 2.7.16 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "powerpack-lite-for-elementor 2.7.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "powerpack-lite-for-elementor 2.7.14 Settings.Reset/Update.via.CSRF MEDIUM" "powerpack-lite-for-elementor 2.6.2 Reflected.Cross-Site.Scripting HIGH" "powerpack-lite-for-elementor 2.3.2 Contributor+.Stored.XSS MEDIUM" "platinum-seo-pack No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "post-grid-carousel-ultimate 1.6.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-grid-carousel-ultimate 1.6.8 Authenticated.(Contributor+).PHP.Object.Injection.in.outpost_shortcode_metabox_markup HIGH" "post-grid-carousel-ultimate 1.5.0 Admin+.Stored.XSS LOW" "podcast-channels 0.28 Unauthenticated.Reflected.XSS MEDIUM" "post-block 5.3.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "post-list-with-featured-image No.known.fix Reflected.XSS HIGH" "portugal-ctt-tracking-woocommerce 2.2 Reflected.Cross-Site.Scripting MEDIUM" "popups 1.8 Reflected.Cross-Site.Scripting MEDIUM" "popups No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "publishpress 1.9.5 Reflected.Cross-Site.Scripting MEDIUM" "publishpress 3.5.1 Reflected.Cross-Site.Scripting HIGH" "premmerce-woocommerce-wholesale-pricing 1.1.10 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-wholesale-pricing 1.1.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "premmerce-woocommerce-wholesale-pricing 1.1.4 Subscriber+.Arbitrary.Option.Update CRITICAL" "protected-posts-logout-button 1.4.6 Admin+.Stored.XSS LOW" "protected-posts-logout-button 1.4.5 Settings.Update.via.CSRF MEDIUM" "protected-posts-logout-button 1.4.6 Missing.Authorization MEDIUM" "product-category-tree No.known.fix Reflected.XSS HIGH" "product-category-tree No.known.fix CSRF MEDIUM" "print-my-blog 3.27.1 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "print-my-blog 3.26.3 Missing.Authorization MEDIUM" "print-my-blog 3.25.2 Reflected.Cross-Site.Scripting MEDIUM" "print-my-blog 3.11.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "print-my-blog 3.4.2 Plugin.Deactivation.via.CSRF MEDIUM" "print-my-blog 1.6.6 Unauthenticated.Server.Side.Request.Forgery.(SSRF) CRITICAL" "phoenix-media-rename 3.4.4 Author.Arbitrary.Media.File.Renaming MEDIUM" "product-expiry-for-woocommerce 2.6 Subscriber+.Settings.Update MEDIUM" "pre-orders-for-woocommerce 1.2.14 Contributor+.Stored.XSS MEDIUM" "premium-seo-pack No.known.fix Unauthenticated.Information.Exposure MEDIUM" "propovoice-pro No.known.fix Unauthenticated.SQL.Injection CRITICAL" "page-generator 1.7.2 Authenticated(Administrator+).SQL.Injection MEDIUM" "page-generator 1.6.6 Arbitrary.Keywords.Deletion/Duplication.via.CSRF MEDIUM" "page-generator 1.6.5 Admin+.Stored.Cross-Site.Scripting LOW" "page-generator 1.5.9 Reflected.Cross-Site.Scripting HIGH" "prevent-file-access 2.5.2 Admin+.Arbitrary.File.Upload MEDIUM" "progress-bar 2.2.2 Contributor+.Stored.XSS MEDIUM" "page-studio-lite No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "page-studio-lite No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "product-slider-for-woocommerce-lite No.known.fix Contributor+.Stored.XSS MEDIUM" "product-slider-for-woocommerce-lite 1.1.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "peters-login-redirect 3.0.0.5 Reflected.Cross-Site.Scripting HIGH" "peters-login-redirect 2.9.2 Multiple.CSRF HIGH" "peters-login-redirect 2.9.1 Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "product-specifications 0.7.0 Reflected.Cross-Site.Scripting HIGH" "prime-affiliate-links No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "product-filter-widget-for-elementor 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "page-or-post-clone 6.1 Insecure.Direct.Object.Reference.to.Authenticated.(Author+).Sensitive.Information.Exposure MEDIUM" "payu-india No.known.fix Reflected.Cross-Site.Scripting.via.type MEDIUM" "photospace-responsive 2.1.2 Admin+.Stored.XSS MEDIUM" "profit-products-tables-for-woocommerce 1.0.6.4 Reflected.Cross-Site.Scripting MEDIUM" "profit-products-tables-for-woocommerce 1.0.6.3 Missing.Authorization MEDIUM" "profit-products-tables-for-woocommerce 1.0.6.2 Missing.Authorization MEDIUM" "profit-products-tables-for-woocommerce 1.0.6.2 Cross-Site.Request.Forgery MEDIUM" "profit-products-tables-for-woocommerce 1.0.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "profit-products-tables-for-woocommerce 1.0.6.1 Unauthenticated.PHP.Object.Injection CRITICAL" "profit-products-tables-for-woocommerce 1.0.5 Reflected.Cross-Site-Scripting MEDIUM" "profit-products-tables-for-woocommerce 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "powr-pack 2.2.0 Contributor+.Stored.XSS MEDIUM" "print-google-cloud-print-gcp-woocommerce 4.5.4 Missing.Authorization.via.showTemplatePreview() MEDIUM" "print-google-cloud-print-gcp-woocommerce 4.5.6 Cross-Site.Request.Forgery.to.Cross-Site.Scripting.via.process.php MEDIUM" "print-google-cloud-print-gcp-woocommerce 4.5.4 Printer.Settings.Update.via.CSRF MEDIUM" "print-google-cloud-print-gcp-woocommerce 4.5.4 Unauthenticated.WC.Order.Data.Access MEDIUM" "payment-gateway-payfabric 1.0.13 Reflected.Cross-Site.Scripting MEDIUM" "payment-gateway-payfabric 1.0.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "paritypress No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "payment-gateway-for-telcell 2.0.4 Unauthenticated.Open.Redirect MEDIUM" "post-highlights 2.6.1 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "publish-post-email-notification 1.0.2.3 Admin+.Stored.XSS LOW" "postmash No.known.fix Reflected.Cross-Site.Scripting.via.m MEDIUM" "postmash No.known.fix Unauthenticated.SQL.Injection CRITICAL" "pandavideo 1.4.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "pandavideo 1.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pdf-builder-for-wpforms 1.2.117 Unauthenticated.Full.Path.Disclosure MEDIUM" "pdf-builder-for-wpforms 1.2.89 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "profile-extra-fields 1.2.8 Unauthenticated.Sensitive.Data.Disclosure MEDIUM" "profile-extra-fields 1.2.4 Reflected.Cross-Site.Scripting HIGH" "profile-extra-fields 1.0.7 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "post-grid-elementor-addon 2.0.17 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.title_tag MEDIUM" "photo-contest No.known.fix CSRF.Bypass MEDIUM" "photo-contest No.known.fix Cross-Site.Request.Forgery MEDIUM" "persian-woocommerce-sms 3.3.4 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "push-notification-by-feedify 2.1.9 Reflected.Cross-Site.Scripting MEDIUM" "product-delivery-date-for-woocommerce-lite 2.7.3 Missing.Authorization MEDIUM" "product-delivery-date-for-woocommerce-lite 2.7.1 Missing.Authorization MEDIUM" "product-layouts 1.1.4 Reflected.Cross-Site.Scripting MEDIUM" "premmerce 1.3.18 Reflected.Cross-Site.Scripting MEDIUM" "premmerce 1.3.17 Cross-Site.Request.Forgery MEDIUM" "premmerce 1.3.16 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "page-scroll-to-id 1.7.9 Contributor+.Stored.XSS MEDIUM" "page-scroll-to-id 1.7.6 Contributor+.Stored.XSS MEDIUM" "producer-retailer No.known.fix Subscriber+.Privilege.Escalation CRITICAL" "print-o-matic No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "print-o-matic No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "print-o-matic 2.1.8 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "print-o-matic 2.0.3 Admin+.Stored.Cross-Site.Scripting LOW" "pretty-google-calendar 2.0.0 Contributor+.Stored.XSS MEDIUM" "pretty-google-calendar 1.6.0 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.pretty_google_calendar.shortcode MEDIUM" "profilepro No.known.fix Subscriber+.Stored.Cross.Site.Scripting HIGH" "progressive-license No.known.fix CSRF.to.Stored.XSS MEDIUM" "phonetrack-meu-site-manager No.known.fix Authenticated.Stored.XSS MEDIUM" "plugmatter-optin-feature-box-lite 2.0.14 Unauthenticated.Blind.SQL.Injection CRITICAL" "pootle-button 1.2.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "pocket-widget No.known.fix Admin+.Stored.XSS LOW" "pardakht-delkhah No.known.fix Form.Fields.Reset.via.CSRF MEDIUM" "pardakht-delkhah 2.9.3 Unauthenticated.Stored.XSS HIGH" "page-list 5.3 Contributor+.Stored.XSS MEDIUM" "premmerce-woocommerce-product-filter 3.7.3 Missing.Authorization MEDIUM" "premmerce-woocommerce-product-filter 3.7.2 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-product-filter 3.6.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "premmerce-woocommerce-product-filter 3.2 Subscriber+.Arbitrary.Option.Update CRITICAL" "podlove-subscribe-button 1.3.11 Authenticated.(Contributor+).SQL.Injection HIGH" "podlove-subscribe-button 1.3.9 Admin+.Stored.XSS LOW" "podlove-subscribe-button 1.3.9 Multiple.CSRF MEDIUM" "paid-membership 1.9.6 Arbitrary.Settings.Update.via.CSRF MEDIUM" "pubsubhubbub 3.2.0 Admin+.Stored.XSS MEDIUM" "pdf-print 2.0.3 Unauthenticated.Cross-Site-Scripting.(XSS) MEDIUM" "pdf-print 1.9.4 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "prismatic 2.8 Reflected.Cross-Site.Scripting.(XSS) HIGH" "prismatic 2.8 Contributor+.Stored.XSS MEDIUM" "pootle-page-builder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pootle-page-builder No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pootle-page-builder 5.7.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "post-category-image-with-grid-and-slider 1.4.8 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "postcode-redirect 5.0.0 Reflected.Cross-Site.Scripting MEDIUM" "postcode-redirect 4.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "post-connector 1.0.10 Admin+.Stored.Cross-Site.Scripting MEDIUM" "post-connector 1.0.4 XSS MEDIUM" "push-notification-for-wp-by-pushassist No.known.fix Reflected.Cross-Site.Scripting HIGH" "post-grid-for-elementor 1.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "post-index No.known.fix CSRF.to.Stored.XSS HIGH" "pagination 1.2.3 Admin+.Stored.XSS LOW" "pagination 1.0.7 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "post-smtp 2.9.4 Administrator+.SQL.Injection MEDIUM" "post-smtp 2.8.8 Authorization.Bypass.via.type.connect-app.API CRITICAL" "post-smtp 2.8.8 Unauthenticated.Stored.Cross-Site.Scripting.via.device HIGH" "post-smtp 2.8.7 Reflected.Cross-Site.Scripting HIGH" "post-smtp 2.8.7 Admin+.SQL.Injection MEDIUM" "post-smtp 2.7.1 Unauthenticated.Cross-site.Scripting HIGH" "post-smtp 2.6.1 Authenticated.(Administrator+).SQL.Injection HIGH" "post-smtp 2.5.8 Reflected.Cross-Site.Scripting MEDIUM" "post-smtp 2.5.8 Unauthenticated.Stored.Cross-Site.Scripting.via.Email.Contents HIGH" "post-smtp 2.5.7 Account.Takeover.via.CSRF MEDIUM" "post-smtp 2.5.7 Arbitrary.Log.Deletion.via.CSRF MEDIUM" "post-smtp 2.1.7 Admin+.Blind.SSRF LOW" "post-smtp 2.1.4 Admin+.Stored.Cross-Site.Scripting LOW" "post-smtp 2.0.21 CSRF.Nonce.Bypass MEDIUM" "podlove-web-player 5.7.4 Missing.Authorization.to.Unauthenticated.Information.Exposure MEDIUM" "podlove-web-player 5.7.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting HIGH" "posttabs No.known.fix Arbitrary.Settings.Update.via.CSRF.to.Stored.XSS MEDIUM" "pdf-poster 2.1.22 Arbitrary.JavaScript.Execution MEDIUM" "pdf-poster 2.1.18 PDF.Embedder.Plugin.for.WordPress.<.2.1.18.-.Reflected.Cross-Site.Scripting MEDIUM" "pickup-and-delivery-from-customer-locations-for-woocommerce 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "pickup-and-delivery-from-customer-locations-for-woocommerce 1.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "piotnet-addons-for-elementor 2.4.31 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "piotnet-addons-for-elementor 2.4.30 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "piotnet-addons-for-elementor 2.4.29 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widget.Attributes HIGH" "piotnet-addons-for-elementor 2.4.28 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "piotnet-addons-for-elementor 2.4.27 Contributor+.Stored.XSS MEDIUM" "piotnet-addons-for-elementor 2.4.26 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "plugmatter-pricing-table No.known.fix Reflected.Cross-Site.Scripting HIGH" "promobar 1.1.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "popup-manager No.known.fix Unauthenticated.Arbitrary.Popup.Deletion MEDIUM" "popup-manager No.known.fix Unauthenticated.Stored.XSS HIGH" "phastpress 1.111 Open.Redirect MEDIUM" "press-elements No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "press-elements No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "press-elements No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "portfolio-responsive-gallery 1.1.8 Authenticated.Blind.SQL.Injections HIGH" "portfolio-responsive-gallery 1.1.8 Reflected.Cross-Site.Scripting.(XSS) HIGH" "page-builder-by-azexo No.known.fix Contributor+.Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "page-builder-by-azexo No.known.fix Subscriber+.Post.Creation MEDIUM" "page-builder-by-azexo No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "page-builder-by-azexo No.known.fix Cross-Site.Request.Forgery.(CSRF).to.Stored.XSS MEDIUM" "premium-addons-for-elementor 4.10.39 Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.Content.Deletion.and.Arbitrary.Title.Update MEDIUM" "premium-addons-for-elementor 4.10.37 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.Animated.Text.Widget MEDIUM" "premium-addons-for-elementor 4.10.35 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.10.36 Regular.Expressions.Denial.of.Service LOW" "premium-addons-for-elementor 4.10.36 Contributor+.Stored.Cross-Site.Scripting.via.Countdown.Widget MEDIUM" "premium-addons-for-elementor 4.10.34 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.10.32 Missing.Authorization.to.Information.Disclosure MEDIUM" "premium-addons-for-elementor 4.10.32 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Fancy.Text.Widget MEDIUM" "premium-addons-for-elementor 4.10.32 Missing.Authorization.to.Information.Disclosure MEDIUM" "premium-addons-for-elementor 4.10.32 Contributor+.DOM-Based.Stored.Cross-Site.Scripting.via.Global.Tooltip MEDIUM" "premium-addons-for-elementor 4.10.32 Contributor+.Stored.XSS MEDIUM" "premium-addons-for-elementor 4.10.31 Contributor+.Stored.XSS MEDIUM" "premium-addons-for-elementor 4.10.29 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.10.29 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.10.26 Contributor+.Stored.XSS MEDIUM" "premium-addons-for-elementor 4.10.25 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.10.17 Contributor+.Stored.Cross-Site.Scripting.via.Wrapper.Link.Widget MEDIUM" "premium-addons-for-elementor 4.10.28 Contributor+.Stored.Cross-Site.Scripting.via.Button MEDIUM" "premium-addons-for-elementor 4.10.25 Contributor+.DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.10.23 Authenticated.(Contributor+).Sensitive.Information.Exposure MEDIUM" "premium-addons-for-elementor 4.10.24 Contributor+.Stored.XSS MEDIUM" "premium-addons-for-elementor 4.10.22 Contributor+.Stored.XSS MEDIUM" "premium-addons-for-elementor 4.10.19 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.10.19 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.10.17 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.5.2 Subscriber+.Arbitrary.Blog.Option.Update HIGH" "premium-addons-for-elementor 4.2.8 Contributor+.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "popup-anything-on-click 2.8.1 Missing.Authorization MEDIUM" "popup-anything-on-click 2.2.2 Popup.Settings.Reset.via.CSRF MEDIUM" "popup-anything-on-click 2.1.7 Reflected.Cross-Site.Scripting MEDIUM" "popup-anything-on-click 2.0.4 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "parallax-slider-block 1.2.6 Author+.Stored.XSS MEDIUM" "pricing-deals-for-woocommerce No.known.fix Missing.Authorization.via.vtprd_ajax_clone_rule MEDIUM" "pricing-deals-for-woocommerce 2.0.3 Unauthenticated.SQLi HIGH" "pixcodes 2.3.7 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "poptin 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "plezi 1.0.3 Unauthenticated.Stored.XSS HIGH" "paytr-taksit-tablosu-woocommerce No.known.fix CSRF MEDIUM" "paytr-taksit-tablosu-woocommerce 1.3.2 Unauthenticated.Settings.Update MEDIUM" "package-quantity-xforwc 1.2.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "pie-register-social-site 1.7.8 Social.Sites.Login.(Add.on).<.1.7.8.-.Unauthenticated.Privilege.Escalation CRITICAL" "phpsword-favicon-manager No.known.fix Authenticated.(Admin+).Arbitrary.File.Upload CRITICAL" "performance-lab 2.3.0 CSRF MEDIUM" "profile-builder-pro 3.10.1 Authenticated.(Subscriber+).Time-Based.One-Time.Password.Sensitive.Information.Exposure MEDIUM" "profile-builder-pro 3.10.1 Reflected.Cross-Site.Scripting MEDIUM" "profile-builder-pro 3.10.1 Cross-Site.Request.Forgery HIGH" "profile-builder-pro 3.6.2 Reflected.Cross-Site.Scripting MEDIUM" "profile-builder-pro 3.3.3 Authenticated.Blind.SQL.Injection MEDIUM" "profile-builder-pro 3.1.1 User.Registration.With.Administrator.Role CRITICAL" "parcel-tracker-ecourier 1.0.2 Plugin's.Settings.Update.via.CSRF MEDIUM" "protect-admin-account 2.0.2 Reflected.Cross-Site.Scripting MEDIUM" "pb-oembed-html5-audio-with-cache-support No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "plugin-groups 2.0.7 Missing.Authorization.to.Unauthenticated.Denial.of.Service MEDIUM" "pdf-invoices-and-packing-slips-for-woocommerce 1.3.8 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "phraseanet-client No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "product-gtin-ean-upc-isbn-for-woocommerce No.known.fix Contributor+.Stored.XSS MEDIUM" "product-image-watermark-for-woo 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "post-plugin-library No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "podcast-subscribe-buttons 1.4.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "podcast-subscribe-buttons 1.4.2 Contributor+.Stored.XSS MEDIUM" "per-page-add-to No.known.fix Authenticated.Stored.XSS LOW" "per-page-add-to 1.4.4 CSRF.to.Stored.XSS HIGH" "popup-with-fancybox 3.6 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "photo-gallery 1.8.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Zipped.SVG MEDIUM" "photo-gallery 1.8.24 Authenticated.(Contributor+).Path.Traversal.via.esc_dir.Function MEDIUM" "photo-gallery 1.8.26 Subscriber+.Notice.Dismiss MEDIUM" "photo-gallery 1.8.21 Missing.Authorization MEDIUM" "photo-gallery 1.8.22 Admin+.Stored.XSS.via.SVG LOW" "photo-gallery 1.8.22 Multiple.Reflected.XSS HIGH" "photo-gallery 1.8.20 Mobile-Friendly.Image.Gallery.<.1.8.20.-.Directory.Traversal.to.Arbitrary.File.Rename CRITICAL" "photo-gallery 1.8.19 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Widget MEDIUM" "photo-gallery 1.8.15 Admin+.Path.Traversal MEDIUM" "photo-gallery 1.8.3 Stored.XSS.via.CSRF MEDIUM" "photo-gallery 1.7.1 Reflected.Cross-Site.Scripting MEDIUM" "photo-gallery 1.6.4 Admin+.Stored.Cross-Site.Scripting LOW" "photo-gallery 1.6.3 Unauthenticated.SQL.Injection HIGH" "photo-gallery 1.6.3 Reflected.Cross-Site.Scripting MEDIUM" "photo-gallery 1.6.0 Unauthenticated.SQL.Injection HIGH" "photo-gallery 1.5.79 Stored.XSS.via.Uploaded.SVG.in.Zip MEDIUM" "photo-gallery 1.5.75 File.Upload.Path.Traversal LOW" "photo-gallery 1.5.75 Stored.Cross-Site.Scripting.via.Uploaded.SVG MEDIUM" "photo-gallery 1.5.67 Authenticated.Stored.Cross-Site.Scripting.via.Gallery.Title MEDIUM" "photo-gallery 1.5.69 Multiple.Reflected.Cross-Site.Scripting.(XSS) HIGH" "photo-gallery 1.5.69 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "photo-gallery 1.5.68 Reflected.Cross-Site.Scripting.(XSS) HIGH" "photo-gallery 1.5.55 Unauthenticated.SQL.Injection CRITICAL" "photo-gallery 1.5.46 Multiple.Cross-Site.Scripting.(XSS).Issues MEDIUM" "photo-gallery 1.5.35 SQL.Injection.&.XSS CRITICAL" "photo-gallery 1.5.31 SQL.Injection CRITICAL" "photo-gallery 1.5.25 Authenticated.LFI MEDIUM" "photo-gallery 1.5.23 Authenticated.XSS MEDIUM" "photo-gallery 1.3.67 Cross-Site.Scripting.(XSS) HIGH" "photo-gallery 1.3.51 Authenticated.SQL.Injection MEDIUM" "photo-gallery 1.3.43 Authenticated.Path.Traversal HIGH" "photo-gallery 1.3.36 Authenticated.SQL.Injection MEDIUM" "photo-gallery 1.2.13 Cross-Site.Scripting.(XSS) HIGH" "project-panorama-lite 1.5.1 WordPress.Project.Management.<.1.5.1.-.Admin+.Stored.XSS LOW" "phone-orders-for-woocommerce 3.7.2 Subscriber+.Sensitive.Data.Exposure MEDIUM" "popup-maker 1.19.1 Admin+.Stored.XSS LOW" "popup-maker 1.19.1 Contributor+.Stored.XSS MEDIUM" "popup-maker 1.18.3 Contributor+.Stored.XSS MEDIUM" "popup-maker 1.16.11 Contributor+.Stored.Cross.Site.Scripting MEDIUM" "popup-maker 1.16.9 Contributor+.Stored.XSS.via.Subscription.Form MEDIUM" "popup-maker 1.16.9 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "popup-maker 1.16.5 Admin+.Stored.Cross-Site.Scripting LOW" "popup-maker 1.8.13 Multiple.Vulnerabilities CRITICAL" "popup-maker 1.8.3 Subscriber+.Arbitrary.Option.Update CRITICAL" "popup-maker 1.6.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "product-page-shipping-calculator-for-woocommerce 1.3.26 Admin+.Stored.XSS LOW" "product-page-shipping-calculator-for-woocommerce 1.3.21 Admin+.Stored.XSS LOW" "pinterest-pin-it-button-on-image-hover-and-post 3.4 Subscriber+.Arbitrary.Settings.Update MEDIUM" "pz-frontend-manager 1.0.6 CSRF.change.user.profile.picture MEDIUM" "password-protected 2.6.7 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "password-protected 2.6.7 Admin+.Stored.XSS LOW" "password-protected 2.6.3.2 Reflected.Cross-Site.Scripting MEDIUM" "password-protected 2.6.3 Admin+.Stored.XSS LOW" "post-timeline 2.2.6 Reflected.XSS HIGH" "pixelyoursite-pro 10.4.3 Unauthenticated.Information.Exposure.and.Log.Deletion MEDIUM" "pixelyoursite-pro 9.6.2 Admin+.Stored.Cross-Site.Scripting LOW" "projecthuddle-child-site 1.0.35 Missing.Authorization.via.ph_child_ajax_notice_handler MEDIUM" "payment-gateway-stripe-and-woocommerce-integration 3.8.0 Unauthenticated.SQL.Injection CRITICAL" "payment-gateway-stripe-and-woocommerce-integration 3.8.0 Unauthenticated.WC.Order.Status.Update MEDIUM" "payment-gateway-stripe-and-woocommerce-integration 3.7.8 Authentication.Bypass HIGH" "payment-gateway-stripe-and-woocommerce-integration 3.6.0 Reflected.Cross-Site.Scripting.(XSS) HIGH" "parsian-bank-gateway-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting HIGH" "proofreading 1.1 Reflected.XSS HIGH" "plugnedit 6.2.0 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "playlist-for-youtube No.known.fix Editor+.Stored.XSS LOW" "paid-member-subscriptions 2.11.1 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "paid-member-subscriptions 2.11.2 Missing.Authorization.via.pms_stripe_connect_handle_authorization_return MEDIUM" "paid-member-subscriptions 2.11.2 Missing.Authorization.via.creating_pricing_table_page MEDIUM" "paid-member-subscriptions 2.10.5 Cross-Site.Request.Forgery.via.ajax_add_log_entry MEDIUM" "paid-member-subscriptions 2.4.2 Authenticated.SQL.Injection MEDIUM" "paid-member-subscriptions 2.4.2 Reflected.Cross-Site.Scripting.(XSS) HIGH" "page-builder-add 1.5.2.1 Authenticated.(Editor+).Local.File.Inlcusion HIGH" "page-builder-add 1.5.1.9 Reflected.Cross-Site.Scripting.via.pageType MEDIUM" "page-builder-add 1.5.1.8 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "page-builder-add 1.5.1.6 Open.Redirect MEDIUM" "page-builder-add 1.5.1.3 Admin+.Stored.XSS LOW" "page-builder-add 1.4.9.9 Contributor+.Cross-Site.Scripting.via.Shortcode MEDIUM" "page-builder-add 1.4.9.6 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "post-snippets 4.0.4 Reflected.Cross-Site.Scripting MEDIUM" "post-snippets 4.0.3 Admin+.Stored.XSS LOW" "post-snippets 3.1.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "post-snippets 3.1.4 CSRF.to.Stored.Cross-Site.Scripting HIGH" "post-snippets 3.0.4 Subscriber+.Arbitrary.Option.Update CRITICAL" "post-status-notifier-lite 1.11.1 Reflected.Cross-Site.Scripting MEDIUM" "post-status-notifier-lite 1.10.1 Reflected.XSS HIGH" "posts-to-page No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "powerkit 2.9.2 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "powerkit 2.5.9 Post.Views.Settings.Update/Reset.via.CSRF MEDIUM" "postie 1.9.41 Post.Submission.Spoofing.&.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "post-carousel 3.0.1 Editor+.Stored.XSS LOW" "post-carousel 2.4.28 Editor+.Stored.XSS LOW" "post-carousel 2.4.19 Contributor+.Stored.XSS MEDIUM" "post-carousel 2.3.5 CSRF.Bypass./.Unauthorised.AJAX.Calls MEDIUM" "passwordless-login 1.1.3 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "perfect-pullquotes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "posts-in-page 1.3.0 Directory.Traversal HIGH" "past-events-extension No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "past-events-extension No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "past-events-extension No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "printfriendly 5.5.2 Admin+.Stored.XSS LOW" "printfriendly 5.2.3 Admin+.Stored.Cross-Site.Scripting LOW" "pepro-ultimate-invoice 2.0.2 Missing.Authorisation MEDIUM" "pepro-ultimate-invoice 1.9.8 Unauthenticated.Arbitrary.Invoice.Access HIGH" "pmpro-register-helper 1.8.1 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "ps-phpcaptcha 1.2.0 PS.PHPCaptcha.<.1,2,0.-Denial.of.Service CRITICAL" "plainview-activity-monitor 20180826 Remote.Command.Execution.(RCE) HIGH" "podcast-importer-secondline 1.3.8 Admin+.SQLi MEDIUM" "podcast-importer-secondline 1.1.5 Server-Side.Request.Forgery.(SSRF) MEDIUM" "persian-fonts No.known.fix Admin+.Stored.XSS LOW" "project-source-code-download No.known.fix Unauthenticated.Backup.Download HIGH" "post-type-modifier-simple 1.04 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-wishlist 1.1.10 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-wishlist 1.1.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "premmerce-woocommerce-wishlist 1.1.2 Subscriber+.Arbitrary.Option.Update CRITICAL" "pb-mailcrypt-antispam-email-encryption No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "paytium 4.4.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "paytium 4.3.7 Admin+.Stored.XSS LOW" "paytium 3.1.2 Stored.Cross-Site.Scripting.(XSS) CRITICAL" "php-execution-plugin No.known.fix Settings.Update.via.CSRF HIGH" "post-slider-carousel 1.0.21 Admin+.Stored.XSS LOW" "plugins-on-steroids 4.1.3 Missing.Authorization.via.update_options MEDIUM" "podpress 8.8.10.17 players/1pixelout/1pixelout_player.swf.playerID.Parameter.XSS MEDIUM" "pubydoc-data-tables-and-charts No.known.fix Admin+.Stored.XSS MEDIUM" "product-loops 1.7.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "post-grid 2.2.91 2.2.90.-.Subscriber+.Privilege.Escalation HIGH" "post-grid 2.2.88 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Accordion.Block MEDIUM" "post-grid 2.2.87 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-grid 2.2.86 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.redirectURL.Parameter.of.Date.Countdown.Widget MEDIUM" "post-grid 2.2.81 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-grid 2.2.81 Combo.Blocks.<.2.2.81.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Block.Attribute MEDIUM" "post-grid 2.2.81 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-grid 2.2.79 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "post-grid 2.2.76 Reflected.Cross-Site.Scripting MEDIUM" "post-grid 2.2.76 Unauthenticated.Password.Protected.Posts.Access MEDIUM" "post-grid 2.2.69 Information.Exposure.via.get_posts.API.Endpoint HIGH" "post-grid 2.2.65 Authenticated.(Contributor+).Cross-Site.Scripting MEDIUM" "post-grid 2.1.16 Reflected.Cross-Site.Scripting.via.post_types MEDIUM" "post-grid 2.1.16 Reflected.Cross-Site.Scripting.via.keyword MEDIUM" "post-grid 2.1.13 Contributor+.SQL.Injection MEDIUM" "post-grid 2.1.8 Reflected.Cross-Site.Scripting.(XSS) HIGH" "post-grid 2.0.73 PHP.Object.Injection HIGH" "post-grid 2.0.73 Authenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "post-and-page-builder 1.26.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.File.Upload MEDIUM" "post-and-page-builder 1.26.5 Authenticated.(Contributer+).Stored.Cross-Site.Scripting MEDIUM" "post-and-page-builder 1.26.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-and-page-builder 1.24.2 Editor.Settings.Update.via.CSRF MEDIUM" "propovoice No.known.fix Unauthenticated.Insecure.Direct.Object.Reference MEDIUM" "propovoice No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "product-table No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "product-table No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "photoswipe-masonry 1.2.15 Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "penci-data-migrator 1.3.1 Unauthenticated.Local.File.Inclusion CRITICAL" "pramadillo-activecampaign-email-preference-center 2.0.12 Reflected.Cross-Site.Scripting MEDIUM" "pramadillo-activecampaign-email-preference-center 2.0.10 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pixelyoursite 9.7.2 Unauthenticated.Information.Exposure.and.Log.Deletion MEDIUM" "pixelyoursite 9.6.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "pixelyoursite 9.3.7 Admin+.Stored.Cross-Site.Scripting LOW" "pixelyoursite 5.3.0 XSS MEDIUM" "ptypeconverter No.known.fix Authenticated.(Editor+).SQL.Injection HIGH" "pricing-table-by-supsystic 1.9.13 Admin+.Content.Injection LOW" "pricing-table-by-supsystic 1.9.5 Reflected.Cross-Site.Scripting MEDIUM" "pricing-table-by-supsystic 1.8.9 Authenticated.SQL.Injections CRITICAL" "pricing-table-by-supsystic 1.9.0 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "pricing-table-by-supsystic 1.8.2 Insecure.Permissions.on.AJAX.Actions HIGH" "pricing-table-by-supsystic 1.8.1 Cross-Site.Request.Forgery.to.XSS.and.Setting.Changes HIGH" "pricing-table-by-supsystic 1.8.2 Unauthenticated.Stored.XSS HIGH" "posts-reminder No.known.fix Settings.Update.via.CSRF MEDIUM" "photoshow 1.0.19 Update/Delete.Google.API.Key.via.CSRF MEDIUM" "post-layouts No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pagemanager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pondol-formmail No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "pretty-simple-popup-builder No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "pretty-simple-popup-builder 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "purple-xmls-google-product-feed-for-woocommerce No.known.fix Authenticated.(Administrator+).SQL.Injection CRITICAL" "purple-xmls-google-product-feed-for-woocommerce 3.2.3.4 Reflected.Cross-Site.Scripting MEDIUM" "purple-xmls-google-product-feed-for-woocommerce 3.3.1.0 Authenticated.SQL.Injection MEDIUM" "planso-forms No.known.fix Authenticated.Stored.Cross-Site.Scripting LOW" "pay-addons-for-elementor 1.2.1 Reflected.Cross-Site.Scripting MEDIUM" "photo-feed No.known.fix Reflected.XSS HIGH" "perfect-woocommerce-brands 2.0.5 Subscriber+.Sensitive.Information.Disclosure MEDIUM" "perfect-woocommerce-brands 2.0.5 Subscriber+.Arbitrary.Brand.Creation MEDIUM" "product-recommendation-quiz-for-ecommerce 2.1.2 Missing.Authorization.in.prq_set_token MEDIUM" "powerpack-elements 2.10.15 Contributor+.Privilege.Escalation HIGH" "powerpack-elements 2.10.18 Authenticated.(Contributor+).Privilege.Escalation HIGH" "powerpack-elements 2.10.8 Cross-Site.Request.Forgery.to.Plugin.Settings.Modification.and.Cross-Site.Scripting MEDIUM" "powerpack-elements 2.10.8 Missing.Authorization.to.Settings.Reset HIGH" "powerpack-elements 2.9.24 Reflected.Cross-Site.Scripting MEDIUM" "pinblocks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pinblocks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "permalinks-customizer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pagerestrict No.known.fix Unauthenticated.Protected.Post.Access MEDIUM" "pagerestrict No.known.fix Cross-Site.Request.Forgery.via.pr_admin_page MEDIUM" "plugins-list 2.5.1 Admin+.Stored.XSS LOW" "portfolio-slideshow No.known.fix Contributor+.XSS MEDIUM" "portfolio-gallery 2.1.11 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "private-only No.known.fix CSRF.&.XSS HIGH" "portfolio-wp 2.1.0 Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "pdf-viewer 1.0.0 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "post-to-csv 1.4.1 Author+.CSV.Injection MEDIUM" "post-to-csv 1.3.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "pdfjs-viewer-shortcode 2.2 Arbitrary.JavaScript.Execution MEDIUM" "pdfjs-viewer-shortcode 2.1.8 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "pdfjs-viewer-shortcode 2.0.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "post-content-xmlrpc No.known.fix Admin+.SQL.Injections HIGH" "payment-forms-for-paystack No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "post-shortcode No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "php-everywhere 3.0.0 Subscriber+.RCE.via.Shortcode CRITICAL" "php-everywhere 3.0.0 Contributor+.RCE.via.Gutenberg.Block CRITICAL" "php-everywhere 3.0.0 Contributor+.RCE.via.Metabox CRITICAL" "php-everywhere 2.0.3 Arbitrary.Settings.Update.via.CSRF MEDIUM" "publish-confirm-message 2.0 Settings.Update.via.CSRF MEDIUM" "paid-memberships-pro 3.0.6 Authenticated.(Administrator+).SQL.Injection CRITICAL" "paid-memberships-pro 3.0.5 Unauthenticated.Insecure.Direct.Object.Reference.to.Order.Status.Update MEDIUM" "paid-memberships-pro 3.0 Cross-Site.Request.Forgery.to.Membership.Modification MEDIUM" "paid-memberships-pro 3.0.2 Cross-Site.Request.Forgery MEDIUM" "paid-memberships-pro 3.0 Cross-Site.Request.Forgery MEDIUM" "paid-memberships-pro 2.12.9 Contributor+.Arbitrary.User.Custom.Field.Disclosure MEDIUM" "paid-memberships-pro 2.12.8 Cross-Site.Request.Forgery MEDIUM" "paid-memberships-pro 2.12.7 Information.Exposure.in.Debug.Logs MEDIUM" "paid-memberships-pro 2.12.6 Missing.Authorization.via.API MEDIUM" "paid-memberships-pro 2.12.4 Subscriber+.Arbitrary.File.Upload HIGH" "paid-memberships-pro 2.9.12 Subscriber+.SQL.Injection HIGH" "paid-memberships-pro 2.9.9 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "paid-memberships-pro 2.9.8 Unauthenticated.SQLi HIGH" "paid-memberships-pro 2.6.7 Unauthenticated.Blind.SQL.Injection CRITICAL" "paid-memberships-pro 2.6.6 Reflected.Cross-Site.Scripting HIGH" "paid-memberships-pro 2.5.10 Cross-Site.Scripting.(XSS) MEDIUM" "paid-memberships-pro 2.5.6 Authenticated.SQL.Injection MEDIUM" "paid-memberships-pro 2.5.3 Unauthorised.Order.Information.Disclosure MEDIUM" "paid-memberships-pro 2.5.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "paid-memberships-pro 2.4.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "paid-memberships-pro 2.4.3 Arbitrary.Settings.Update.via.CSRF MEDIUM" "paid-memberships-pro 2.3.3 Authenticated.SQL.Injection MEDIUM" "paid-memberships-pro 2.0.6 Authenticated.Open.Redirect MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.1.14 Cross-Site.Request.Forgery.to.Remote.Code.Execution HIGH" "podlove-podcasting-plugin-for-wordpress 4.1.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.0.15 Cross-Site.Request.Forgery MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.0.12 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.1.1 Missing.Authorization MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.0.14 Authenticated.(Contributor+).SQL.Injection CRITICAL" "podlove-podcasting-plugin-for-wordpress 4.0.10 Reflected.Cross-Site.Scripting MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.0.12 Missing.Authorization.to.Settings.Import MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.0.12 Missing.Authorization.to.Unauthenticated.Data.Export MEDIUM" "podlove-podcasting-plugin-for-wordpress 3.8.4 Cross-Site.Request.Forgery MEDIUM" "podlove-podcasting-plugin-for-wordpress 3.8.3 Admin+.Stored.XSS LOW" "podlove-podcasting-plugin-for-wordpress 3.5.6 Unauthenticated.SQL.Injection MEDIUM" "podlove-podcasting-plugin-for-wordpress 2.6.0 Authenticated.SQL.Injection HIGH" "podlove-podcasting-plugin-for-wordpress 2.3.16 Multiple.SQLi.&.XSS CRITICAL" "payplus-payment-gateway 7.0.8 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "payplus-payment-gateway 6.6.9 Reflected.Cross-Site.Scripting MEDIUM" "payplus-payment-gateway 6.6.9 Unauthenticated.SQLi HIGH" "photography-portfolio 1.4.9 Reflected.Cross-Site.Scripting MEDIUM" "price-commander-xforwc 1.3.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "pie-register 3.8.3.5 Basic.<=.3.8.3.4.-.Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Plugin.Installation.and.Activation/Deactivation HIGH" "pie-register No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "pie-register 3.8.2.3 Open.Redirect MEDIUM" "pie-register 3.8.1.3 Unauthenticated.Arbitrary.User.Deletion HIGH" "pie-register 3.7.2.4 Open.Redirect MEDIUM" "pie-register 3.1.7.6 Unauthenticated.Arbitrary.Login CRITICAL" "pie-register 3.7.1.6 Unauthenticated.SQL.Injection HIGH" "pie-register 3.7.0.1 Reflected.Cross-Site.Scripting.(XSS) HIGH" "pie-register 3.1.2 SQL.Injection CRITICAL" "pie-register 3.0.18 Unauthenticated.Cross-Site.Scripting.(XSS) CRITICAL" "progressive-wp No.known.fix Missing.Authorization MEDIUM" "popup-zyrex 1.1 Admin+.Arbitrary.File.Upload MEDIUM" "paytm-donation 2.2.1 Reflected.XSS HIGH" "post-expirator 2.6.0 Contributor+.Arbitrary.Post.Schedule.Deletion HIGH" "paytm-payments 2.7.7 Editor+.SQLi MEDIUM" "product-carousel-slider-for-woocommerce No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "page-and-post-restriction 1.3.5 Unauthenticated.Protected.Post.Access MEDIUM" "page-and-post-restriction 1.2.7 Admin+.Stored.Cross-Site.Scripting LOW" "pop-over-xyz No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pop-over-xyz No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "premmerce-woocommerce-multi-currency 2.3.5 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-multi-currency 2.3.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "product-shipping-countdown-free-version No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "product-shipping-countdown-free-version No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pc-robotstxt 1.10 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "payment-page 1.2.9 Reflected.Cross-Site.Scripting MEDIUM" "payment-page 1.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "packlink-pro-shipping 3.4.7 Missing.Authorization MEDIUM" "pj-news-ticker No.known.fix Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "puredevs-customer-history-for-woocommerce 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "puredevs-customer-history-for-woocommerce 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "premmerce-woocommerce-variation-swatches 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-variation-swatches 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "premmerce-woocommerce-variation-swatches 1.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "post-views-stats No.known.fix Reflected.Cross-Site.Scripting.via.from.and.to MEDIUM" "payment-gateway-groups-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "payment-gateway-groups-for-woocommerce 1.1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "peepso-core 6.4.6.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.content.Parameter MEDIUM" "peepso-core 6.4.6.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "peepso-core 6.2.7.1 Unauthenticated.Sensitive.Information.Disclosure.via.Log.file MEDIUM" "peepso-core 6.3.1.2 User.Post.Creation.via.CSRF MEDIUM" "peepso-core 6.3.1.2 Reflected.XSS HIGH" "peepso-core 6.2.7.0 Reflected.Cross-Site.Scripting HIGH" "peepso-core 6.2.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "peepso-core 6.2.0.0 Cross-Site.Request.Forgery.via.delete MEDIUM" "peepso-core 6.0.3.0 Multiple.CSRF MEDIUM" "peepso-core 1.6.1 Authenticated.Privilege.Escalation HIGH" "powies-whois 0.9.33 Authenticated.Stored.Cross-Site.Scripting LOW" "padma-advanced 0.0.17 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "plugin-notes-plus 1.2.8 Authenticated.(Subscriber+).Arbitrary.Note.Deletion MEDIUM" "plugin-notes-plus 1.2.7 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "pondol-carousel No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "panorama 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "panorama 1.0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "project-status No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "phpinfo-wp 6.0 Unauthenticated.Information.Exposure MEDIUM" "printus-cloud-printing-for-woocommerce 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "post-to-google-my-business 3.1.14 Reflected.Cross-Site.Scripting MEDIUM" "post-to-google-my-business 3.0.10 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "page-builder-sandwich No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "page-builder-sandwich No.known.fix Missing.Authorization MEDIUM" "page-builder-sandwich No.known.fix Sensitive.Information.Exposure MEDIUM" "page-builder-sandwich No.known.fix Missing.Authorization.to.Authenticated(Subscriber+).Arbitrary.Post.Editing MEDIUM" "page-builder-sandwich No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "page-builder-sandwich 4.5.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "product-visibility-by-country-for-woocommerce No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "promotion-slider No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "profile-builder 3.12.2 Admin+.Stored.Cross.Site.Scripting LOW" "profile-builder 3.11.9 Unauthenticated.Privilege.Escalation CRITICAL" "profile-builder 3.11.8 Unauthenticated.Media.Upload MEDIUM" "profile-builder 3.11.3 Restricted.Email.Bypass MEDIUM" "profile-builder 3.10.9 Missing.Authorization.to.Plugin.Settings.Change.via.wppb_two_factor_authentication_settings_update HIGH" "profile-builder 3.10.8 Contributor+.User.Metadata.Disclosure MEDIUM" "profile-builder 3.10.4 Plugins.Activation/Deactivation.CSRF MEDIUM" "profile-builder 3.9.8 Unauthenticated.Plugin's.Pages.Creation MEDIUM" "profile-builder 3.9.1 Subscriber+.Arbitrary.User.Meta.Disclosure MEDIUM" "profile-builder 3.9.1 Unauthorised.Password.Reset HIGH" "profile-builder 3.6.1 Settings.Import.via.CSRF LOW" "profile-builder 3.6.8 Admin+.Stored.Cross-Site.Scripting LOW" "profile-builder 3.6.2 Reflected.Cross-Site.Scripting MEDIUM" "profile-builder 3.5.1 Reflected.Cross-Site.Scripting MEDIUM" "profile-builder 3.4.9 Admin.Access.via.Password.Reset CRITICAL" "profile-builder 3.4.8 Authenticated.Stored.XSS MEDIUM" "profile-builder 3.3.3 Authenticated.Blind.SQL.Injection MEDIUM" "profile-builder 3.1.1 User.Registration.With.Administrator.Role CRITICAL" "profile-builder 2.5.8 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "profile-builder 2.4.2 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "profile-builder 2.4.1 Privilege.Escalation HIGH" "profile-builder 2.2.5 XSS MEDIUM" "profile-builder 2.1.4 Missing.Access.Controls HIGH" "profile-builder 2.0.3 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "profile-builder 1.1.60 Password.Recovery.Bypass MEDIUM" "profile-builder 1.1.66 Multiple.XSS MEDIUM" "popupally 2.1.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "popupally No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "popupally 2.1.1 Cross-Site.Request.Forgery.via.optin_submit_callback MEDIUM" "premmerce-woocommerce-product-bundles No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-product-bundles No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "post-thumbnail-editor No.known.fix Sensitive.Information.Exposure MEDIUM" "piotnet-addons-for-elementor-pro No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "piotnet-addons-for-elementor-pro No.known.fix Cross-Site.Request.Forgery MEDIUM" "piotnet-addons-for-elementor-pro No.known.fix Unauthenticated.Server-Side.Request.Forgery HIGH" "piotnet-addons-for-elementor-pro No.known.fix Missing.Authorization.to.Arbitrary.Post/Page.Deletion MEDIUM" "piotnet-addons-for-elementor-pro No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pricetable No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-brands 1.2.13 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-brands 1.2.12 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "polls-widget No.known.fix Admin+.Stored.XSS LOW" "polls-widget 1.5.3 Unauthenticated.Blind.SQL.Injection CRITICAL" "postmatic No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "postmatic 2.2.10 Subscriber+.PHP.Object.Injection MEDIUM" "postmatic 2.2.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "postmatic 1.4.6 Cross-Site.Scripting.(XSS) MEDIUM" "partdo-core No.known.fix Reflected.Cross-Site.Scripting HIGH" "portable-phpmyadmin No.known.fix /pma/phpinfo.php.Direct.Request.System.Information.Disclosure CRITICAL" "portable-phpmyadmin No.known.fix Multiple.Script.Direct.Request.Authentication.Bypass CRITICAL" "powerpack-addon-for-beaver-builder 1.3.0.4 Authenticated.(Editor+).Local.File.Inclusion HIGH" "powerpack-addon-for-beaver-builder 1.3.0.5 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "powerpack-addon-for-beaver-builder 1.3.0.1 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.element.link MEDIUM" "powerpack-addon-for-beaver-builder 1.2.9.1 Reflected.Cross-Site.Scripting MEDIUM" "powerpack-addon-for-beaver-builder 1.2.9.3 Reflected.Cross-Site.Scripting MEDIUM" "promolayer-popup-builder 1.1.1 Missing.Authorization MEDIUM" "porto-functionality 3.1.0 Functionality.<.3.1.0.-.Authenticated.(Contributor+).Local.File.Inclusion.via.Post.Meta HIGH" "porto-functionality 3.1.1 Functionality.<.3.1.1.-.Authenticated.(Contributor+).Local.File.Inclusion.via.Shortcode HIGH" "porto-functionality No.known.fix Functionality.<.2.12.1.-.Missing.Authorization MEDIUM" "porto-functionality No.known.fix Functionality.<.2.12.1.-.Unauthenticated.SQL.Injection CRITICAL" "pmpro-payfast 1.4.2 Unauthenticated.Information.Exposure MEDIUM" "permalink-manager-pro 2.2.15 Reflected.Cross-Site.Scripting MEDIUM" "product-lister-walmart No.known.fix Unauthenticated.RCE.via.Outdated.PHPUnit CRITICAL" "post-pay-counter 2.790 Reflected.XSS HIGH" "post-pay-counter 2.731 PHP.Obj.Injection.&.Access.Control.Issues CRITICAL" "publish-to-schedule 4.5.5 Admin+.Stored.XSS LOW" "pagelayer 1.8.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "pagelayer 1.8.8 Admin+.Stored.XSS LOW" "pagelayer 1.8.2 Missing.Authorization MEDIUM" "pagelayer 1.8.5 Contributor+.Stored.XSS MEDIUM" "pagelayer 1.8.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Custom.Attributes MEDIUM" "pagelayer 1.8.3 Contributor+.Stored.XSS MEDIUM" "pagelayer 1.8.0 Author+.Stored.XSS LOW" "pagelayer 1.7.9 Contributor+.Stored.XSS MEDIUM" "pagelayer 1.8.1 Admin+.Stored.XSS LOW" "pagelayer 1.7.8 Author+.Stored.XSS MEDIUM" "pagelayer 1.7.7 Unauthenticated.Stored.XSS HIGH" "pagelayer 1.7.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pagelayer 1.3.5 Multiple.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "pagelayer 1.1.2 Drag.and.Drop.website.builder.<.1.1.2.-.Unprotected.AJAX's.leading.to.XSS HIGH" "pagelayer 1.1.2 Drag.and.Drop.website.builder.<.1.1.2.-.CSRF.leading.to.XSS HIGH" "picture-gallery 1.5.12 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "picture-gallery 1.4.4 Authenticated.Stored.XSS LOW" "permalink-manager 2.4.4.1 Missing.Authorization.to.Unauthenticated.Sensitive.Information.Exposure MEDIUM" "permalink-manager 2.4.3.4 Reflected.Cross-Site.Scripting MEDIUM" "permalink-manager 2.4.3.2 Reflected.Cross-Site.Scripting MEDIUM" "permalink-manager 2.4.3.2 Missing.Authorization.via.get_uri_editor MEDIUM" "permalink-manager 2.4.3.2 Missing.Authorization.to.Authenticated(Author+).arbitrary.post.slug.modification MEDIUM" "permalink-manager 2.4.3.1 Reflected.Cross-Site.Scripting MEDIUM" "permalink-manager 2.3.0 Authenticated.Stored.XSS MEDIUM" "permalink-manager 2.2.20.2 Settings.Update.via.CSRF MEDIUM" "permalink-manager 2.2.20.1 Unauthenticated.URI.Deletion MEDIUM" "permalink-manager 2.2.15 Reflected.Cross-Site.Scripting MEDIUM" "permalink-manager 2.2.13.1 Admin+.SQL.Injection MEDIUM" "product-code-for-woocommerce 1.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "png-to-jpg 4.1 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "push-notifications-for-wp 6.0.1 Settings.Update.via.CSRF MEDIUM" "plainview-protect-passwords No.known.fix Reflected.XSS HIGH" "plainview-protect-passwords No.known.fix Cross-Site.Request.Forgery MEDIUM" "poll-maker 5.1.9 Missing.Authorization.to.Unauthenticated.Stored.Cross-Site.Scripting HIGH" "poll-maker 5.1.9 .Missing.Authorization.to.Unauthenticated.Email.Enumeration MEDIUM" "poll-maker 4.8.1 Missing.Authorization MEDIUM" "poll-maker 4.7.2 Missing.Authorization MEDIUM" "poll-maker 4.7.1 Reflected.XSS HIGH" "poll-maker 4.0.2 Admin+.Stored.Cross-Site.Scripting LOW" "poll-maker 3.4.2 Unauthenticated.Time.Based.SQL.Injection CRITICAL" "poll-maker 3.2.9 Reflected.Cross-Site.Scripting HIGH" "poll-maker 3.2.1 Authenticated.Blind.SQL.Injections HIGH" "piotnetforms 1.0.29 Unauthenticated.Arbitrary.File.Upload CRITICAL" "piotnetforms 1.0.30 Missing.Authorization.via.multiple.AJAX.actions MEDIUM" "piotnetforms No.known.fix Unauthenticated.Arbitrary.File.Upload HIGH" "propertyhive 2.0.20 Cross-Site.Request.Forgery.via.save_account_details HIGH" "propertyhive 2.0.10 Missing.Authorization MEDIUM" "propertyhive 2.0.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "propertyhive 2.0.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "propertyhive 2.0.13 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Deletion MEDIUM" "propertyhive 2.0.9 Reflected.Cross-Site.Scripting MEDIUM" "propertyhive 2.0.10 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "propertyhive 2.0.7 Missing.Authorization.via.activate_pro_feature MEDIUM" "propertyhive 2.0.6 Unauthenticated.PHP.Object.Injection.via.propertyhive_currency HIGH" "propertyhive 1.5.49 Reflected.XSS HIGH" "propertyhive 1.5.47 Reflected.XSS HIGH" "propertyhive 1.4.26 Unvalidated.Input.to.do_action() MEDIUM" "poll-wp 1.5.9 Reflected.Cross-Site.Scripting HIGH" "poll-wp 1.3.4 Broken.Authentication.and.Missing.Capability.Checks.on.AJAX.calls CRITICAL" "peters-custom-anti-spam-image 3.2.3 Reflected.XSS HIGH" "portfolio 2.40 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "pilotpress 2.0.31 Subscriber+.Report.Access.&.DB.Transients.Purging MEDIUM" "pagebar 2.70 Arbitrary.Settings.Update.via.CSRF.to.Stored.XSS MEDIUM" "pro-links-maintainer-dev No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pro-links-maintainer-dev No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "product-designer 1.0.34 Unauthenticated.Arbitrary.Attachment.Deletion MEDIUM" "product-designer 1.0.33 Unauthenticated.PHP.Object.Injection CRITICAL" "php-compatibility-checker 1.6.0 Cross-Site.Request.Forgery MEDIUM" "pagepost-content-shortcode No.known.fix Contributor+.Arbitrary.Posts/Pages.Access MEDIUM" "participants-database 2.5.9.3 Unauthenticated.PHP.Object.Injection HIGH" "participants-database 2.5.6 Missing.Authorization MEDIUM" "participants-database 1.9.5.6 Authenticated.Time.Based.SQL.Injection HIGH" "participants-database 1.7.5.10 Cross-Site.Scripting MEDIUM" "participants-database 1.5.4.9 Unauthenticated.SQL.Injection CRITICAL" "perfmatters 2.1.7 Reflected.Cross-Site.Scripting MEDIUM" "perfmatters 2.1.7 Cross-Site.Request.Forgery MEDIUM" "perfmatters 2.2.0 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "perfmatters 2.1.7 Missing.Authorization MEDIUM" "password-protected-woo-store 2.3 Unauthenticated.Arbitrary.Post.Tile.&.Content.Access MEDIUM" "pop-up No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "pie-forms-for-wp 1.4.9.4 Admin+.Stored.Cross-Site.Scripting LOW" "private-messages-for-wordpress No.known.fix Arbitrary.Message.Sent.via.CSRF MEDIUM" "private-messages-for-wordpress No.known.fix Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "protect-uploads-with-login-page No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "protect-uploads-with-login-page No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pricing-tables-for-wpbakery-page-builder 3.0 Contributor+.Stored.XSS MEDIUM" "pricing-tables-for-wpbakery-page-builder 3.0 Subscriber+.LFI HIGH" "postman-smtp No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "post-meta-data-manager 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-meta-data-manager 1.2.2 Cross-Site.Request.Forgery.to.Post,.Term,.and.User.Meta.Deletion MEDIUM" "post-meta-data-manager 1.2.1 Unauthenticated.Data.Deletion HIGH" "post-meta-data-manager 1.2.1 Subscriber+.Privilege.Escalation HIGH" "post-meta-data-manager 1.2.1 Missing.Authorization.to.Post,.Term,.and.User.Meta.Deletion MEDIUM" "performance-kit No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "popup-modal-for-youtube No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "private-content 8.4.4 Brute.Force.Protection.Bypass MEDIUM" "pre-party-browser-hints 1.8.20 Admin+.SQLi MEDIUM" "photoblocks-grid-gallery 1.3.0 Reflected.Cross-Site.Scripting MEDIUM" "photoblocks-grid-gallery 1.2.7 Contributor+.Stored.XSS MEDIUM" "photoblocks-grid-gallery 1.2.9 Cross-Site.Request.Forgery MEDIUM" "photoblocks-grid-gallery 1.2.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "photoblocks-grid-gallery 1.2.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "photoblocks-grid-gallery 1.1.43 Authenticated.Reflected.XSS HIGH" "photoblocks-grid-gallery 1.1.41 Unauthenticated.Reflected.XSS MEDIUM" "presto-player 3.0.3 Missing.Authorization MEDIUM" "presto-player 2.2.3 Contributor+.Stored.XSS MEDIUM" "prepost-seo No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "postmagthemes-demo-import 1.0.8 Admin+.Arbitrary.File.Upload MEDIUM" "pixfields 0.7.1 Arbitrary.Settings.Update.via.CSRF MEDIUM" "pixfields No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "prevent-landscape-rotation 2.1 Settings.Update.via.CSRF MEDIUM" "patron-button-and-widgets-by-codebard No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "patron-button-and-widgets-by-codebard 2.2.0 Cross-Site.Request.Forgery MEDIUM" "patron-button-and-widgets-by-codebard 2.2.0 Reflected.XSS MEDIUM" "patron-button-and-widgets-by-codebard 2.1.9 Reflected.XSS HIGH" "post-type-x 1.7.7 Sensitive.Information.Exposure.via.Product.CSV MEDIUM" "post-type-x 1.7.6 Cross-Site.Request.Forgery.via.ic_system_status MEDIUM" "post-type-x 1.7.0 Reflected.XSS HIGH" "post-type-x 1.5.13 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "post-type-x 1.5.13 Cross-Site.Request.Forgery MEDIUM" "prettyphoto No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.url.Parameter MEDIUM" "poeditor 0.9.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "poeditor 0.9.5 CSRF MEDIUM" "poeditor 0.9.8 Settings.Reset.via.CSRF MEDIUM" "print-invoices-packing-slip-labels-for-woocommerce 4.4.3 Missing.Authorization.to.Unauthenticated.Settings.Reset MEDIUM" "print-invoices-packing-slip-labels-for-woocommerce 4.4.1 Reflected.Cross-Site.Scripting MEDIUM" "print-invoices-packing-slip-labels-for-woocommerce 4.4.2 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "print-invoices-packing-slip-labels-for-woocommerce 4.3.1 Subscriber+.Arbitrary.Order.Export MEDIUM" "print-invoices-packing-slip-labels-for-woocommerce 4.3.0 Shop.Manager+.Arbitrary.Options.Update HIGH" "php-to-page No.known.fix Authenticated.(Subscriber+).Local.File.Inclusion.to.Remote.Code.Execution.via.Shortcode CRITICAL" "pretty-opt-in-lite 1.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pretty-grid 1.0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pdf-viewer-block 1.0.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "pdf24-posts-to-pdf No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "popup-box 2.2.7 Popup.Deletion.via.CSRF MEDIUM" "popup-box 2.2.2 Reflected.XSS MEDIUM" "popup-box 2.2 Admin+.LFI MEDIUM" "product-price-history 2.1.5 Reflected.Cross-Site.Scripting MEDIUM" "posts-table-filterable 1.0.1 Reflected.Cross-Site.Scripting MEDIUM" "post-views-counter 1.4.5 Cross-Site.Request.Forgery.via.save_bulk_post_views() MEDIUM" "post-views-counter 1.3.5 Authenticated.Stored.XSS LOW" "quasar-form No.known.fix Subscriber+.SQLi HIGH" "quizlord No.known.fix Admin+.Stored.XSS LOW" "quick-edit-template-link No.known.fix Cross-Site.Request.Forgery MEDIUM" "quick-subscribe No.known.fix Arbitrary.Settings.Update.via.CSRF.to.Stored.XSS MEDIUM" "quick-restaurant-menu 2.1.0 Admin+.Stored.XSS LOW" "quick-restaurant-menu 2.1.0 Subscriber+.Arbitrary.Post.Deletion/Updating MEDIUM" "quick-restaurant-menu 2.1.0 .Menu.Items.Update.via.CSRF MEDIUM" "quick-interest-slider 2.9.5 Cross-Site.Request.Forgery MEDIUM" "quick-interest-slider 2.9.4 Admin+.Stored.XSS LOW" "qubely 1.8.6 Unauthenticated.Arbitrary.E-mail.Sending MEDIUM" "qubely 1.8.5 Contributor+.Stored.XSS MEDIUM" "qubely 1.8.1 Authenticated.Arbitrary.Settings.Update MEDIUM" "qubely 1.7.8 Subscriber+.Arbitrary.Post.Deletion MEDIUM" "quote-press No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "quote-press No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "quadmenu 2.0.7 Unauthenticated.RCE.via.compiler_save CRITICAL" "quick-restaurant-reservations 1.5.5 CSRF MEDIUM" "quick-restaurant-reservations 1.4.2 Reflected.Cross-Site.Scripting MEDIUM" "quillforms 3.4.0 Cross-Site.Request.Forgery MEDIUM" "qt-kentharadio 2.0.2 Unauthenticated.RFI.and.SSRF MEDIUM" "qubotchat 1.1.6 Qubotchat.<.1,1,6.–.Admin+.Stored.XSS LOW" "qubotchat 1.1.6 Unauthenticated.Stored.XSS HIGH" "quick-event-manager 9.8.5.3 Reflected.Cross-Site.Scripting MEDIUM" "quick-event-manager 9.6.5 Admin+.Stored.XSS LOW" "quick-event-manager 9.7.5 Registration.Deletion/Update.via.CSRF MEDIUM" "quick-event-manager 9.7.5 Unauthenticated.Stored.XSS HIGH" "quick-event-manager 9.7.5 Reflected.Cross-Site HIGH" "quick-event-manager 9.2.17 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "qi-blocks 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "qi-blocks 1.3.0 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "query-wrangler 1.5.52 Reflected.XSS HIGH" "qwiz-online-quizzes-and-flashcards 3.62 Admin+.Stored.Cross.Site.Scripting LOW" "quiz-maker 6.5.9.9 Admin+.Stored.XSS LOW" "quiz-maker 6.5.8.4 Unauthenticated.SQL.Injection.via.'ays_questions'.Parameter CRITICAL" "quiz-maker 6.5.2.5 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Quiz.Creation.&.Modification MEDIUM" "quiz-maker 6.5.2.5 Missing.Authorization.to.Unauthenticated.Quiz.Data.Retrieval MEDIUM" "quiz-maker 6.5.0.6 Denial.of.Service MEDIUM" "quiz-maker 6.5.1.2 Missing.Authorization MEDIUM" "quiz-maker 6.4.9.5 Unauthenticated.Email.Address.Disclosure MEDIUM" "quiz-maker 6.4.9.5 Reflected.Cross-Site.Scripting HIGH" "quiz-maker 6.4.2.7 Reflected.XSS MEDIUM" "quiz-maker 6.2.0.9 Multiple.Authenticated.Blind.SQL.Injections HIGH" "quote-o-matic No.known.fix Admin+.SQLi MEDIUM" "quotes-llama 1.0.0 Admin+.Stored.Cross-Site.Scripting LOW" "quotes-and-tips 1.45 Admin+.Arbitrary.File.Upload MEDIUM" "quotes-and-tips 1.32 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "quotes-and-tips 1.20 Cross-Site.Scripting.(XSS) MEDIUM" "qtranslate-slug No.known.fix CSRF.Bypass.in.Multiple.Plugins MEDIUM" "qtranslate-slug No.known.fix Cross-Site.Request.Forgery MEDIUM" "quick-audio-player No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "quick-audio-player No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "qi-addons-for-elementor 1.7.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "qi-addons-for-elementor 1.7.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Widget MEDIUM" "qi-addons-for-elementor 1.7.1 Contributor+.Stored.XSS MEDIUM" "qi-addons-for-elementor 1.6.8 Contributor+.Stored.XSS MEDIUM" "qi-addons-for-elementor 1.6.5 Contributor+.Stored.XSS MEDIUM" "qi-addons-for-elementor 1.6.4 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "qode-twitter-feed 2.0.1 Open.Redirect HIGH" "quiz-expert No.known.fix Cross-Site.Request.Forgery MEDIUM" "quotes-for-woocommerce 2.0.2 Missing.Authorization MEDIUM" "quotes-for-woocommerce 2.0.2 Quote.Status.Update./.Quote.Sending.via.CSRF MEDIUM" "qards No.known.fix Server.Side.Request.Forgery.(SSRF) MEDIUM" "quttera-web-malware-scanner 3.4.2.1 Directory.Listing.to.Sensitive.Data.Exposure MEDIUM" "quttera-web-malware-scanner 3.4.2.1 Admin+.Path.Traversal MEDIUM" "qr-twitter-widget No.known.fix Contributor+.Stored.XSS MEDIUM" "qe-seo-handyman No.known.fix Admin+.SQLi MEDIUM" "qe-seo-handyman No.known.fix Admin+.SQLi MEDIUM" "qr-code-composer 2.0.4 Subscriber+.Stored.XSS HIGH" "quick-call-button No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "quick-featured-images 13.7.1 Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.Thumbnail.Deletion/Setting MEDIUM" "quick-code No.known.fix Stored.XSS.via.CSRF HIGH" "q2w3-inc-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "quick-view-and-buy-now-for-woocommerce 1.5.9 Authenticated.(Shop.manager+).Stored.Cross-Site.Scripting.via.Custom.CSS.Code MEDIUM" "qr-redirector 1.6.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "qr-redirector 1.6 Subscriber+.Arbitrary.QR.Redirect.Response.Status.Update MEDIUM" "quiz-tool-lite No.known.fix Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "quick-pagepost-redirect-plugin 5.2.4 Admin+.Stored.XSS LOW" "quick-pagepost-redirect-plugin 5.2.0 Authenticated.Settings.Update CRITICAL" "quotes-collection No.known.fix Admin+.SQL.Injection MEDIUM" "quotes-collection 2.0.6 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "qodeblock No.known.fix Missing.Authorization.to.Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "qodeblock No.known.fix Missing.Authorization MEDIUM" "quote-requests-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "quote-requests-for-woocommerce 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "qyrr-code 1.4.4 Reflected.Cross-Site.Scripting MEDIUM" "qyrr-code 0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "qyrr-code 0.7 Authenticated.(contributor+).Stored.XSS MEDIUM" "qtranslate-x No.known.fix Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "qtranslate-x 3.4.4 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "quick-paypal-payments 5.7.28 Reflected.Cross-Site.Scripting MEDIUM" "quick-paypal-payments 5.7.26.4 Admin+.Stored.XSS LOW" "quick-paypal-payments 5.7.26 Contributor+.Stored.XSS MEDIUM" "quick-paypal-payments 5.7.26 Unauthenticated.Stored.XSS HIGH" "quick-paypal-payments 5.7.26 Unauthenticated.Payment.Message.Deletion/Update MEDIUM" "quick-paypal-payments 5.7.26 Admin+.Stored.XSS LOW" "quick-paypal-payments 5.7.22 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "qode-instagram-widget 2.0.2 Open.Redirect HIGH" "quickiebar No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "quick-affiliate-store No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "quick-adsense 2.8.2 Subscriber+.Post.Stats.Reset MEDIUM" "quick-chat No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "quick-chat No.known.fix Authenticated.Stored.Cross-Site.Scripting HIGH" "quick-chat 4.00 SQL.Injection CRITICAL" "q2w3-post-order No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "quiz-master-next 9.1.1 Contributor+.Stored.XSS MEDIUM" "quiz-master-next 9.1.0 Contributor+.Stored.XSS MEDIUM" "quiz-master-next 9.0.5 Contributor+.Stored.XSS MEDIUM" "quiz-master-next 9.0.2 Contributor+.SQLi MEDIUM" "quiz-master-next 9.0.2 Contributor+.Stored.XSS MEDIUM" "quiz-master-next 9.0.2 Authenticated.(Contributor+).SQL.Injection CRITICAL" "quiz-master-next 8.2.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "quiz-master-next 8.1.19 Quiz.Results.Deletion.via.CSRF MEDIUM" "quiz-master-next 8.1.17 Unauthenticated.Unauthorised.Action MEDIUM" "quiz-master-next 8.1.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "quiz-master-next 8.1.19 Multiple.Cross-Site.Request.Forgery MEDIUM" "quiz-master-next 8.1.16 Cross-Site.Request.Forgery.via.'display_results' MEDIUM" "quiz-master-next 8.1.11 Contributor+.Stored.XSS MEDIUM" "quiz-master-next 8.0.8 Text.Message.Setting.Update.via.CSRF MEDIUM" "quiz-master-next 8.0.9 Unauthenticated.Arbitrary.Media.File.Delete MEDIUM" "quiz-master-next 8.0.5 Improper.Input.Validation MEDIUM" "quiz-master-next 8.0.5 Unauthenticated.iFrame.Injection HIGH" "quiz-master-next 7.3.7 Multiple.Author+.IDOR LOW" "quiz-master-next 7.3.11 Sensitive.Information.Disclosure MEDIUM" "quiz-master-next 7.3.11 Subscriber+.XSS MEDIUM" "quiz-master-next 7.3.5 Admin+.SQL.Injection MEDIUM" "quiz-master-next 7.3.5 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "quiz-master-next 7.3.5 Contributor+.Stored.XSS MEDIUM" "quiz-master-next 7.3.11 Bypass MEDIUM" "quiz-master-next 7.3.5 Reflected.Cross-Site.Scripting MEDIUM" "quiz-master-next 7.3.5 Quiz.Update.via.IDOR LOW" "quiz-master-next 7.3.7 CSRF MEDIUM" "quiz-master-next 7.3.7 Low.Privilege.Stored.Cross-Site.Scripting MEDIUM" "quiz-master-next 7.3.7 Reflected.Cross-Site.Scripting MEDIUM" "quiz-master-next 7.3.2 Admin+.Stored.Cross-Site.Scripting LOW" "quiz-master-next 7.1.14 Reflected.Cross-Site.Scripting HIGH" "quiz-master-next 7.1.18 Reflected.Cross-Site.Scripting.(XSS) HIGH" "quiz-master-next 7.1.19 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "quiz-master-next 7.1.14 Authenticated.SQL.injection.via.Rest.API HIGH" "quiz-master-next 7.1.12 Authenticated.SQL.injection.via.shortcode HIGH" "quiz-master-next 7.0.2 Unauthenticated.Arbitrary.File.Upload HIGH" "quiz-master-next 7.0.1 Unauthenticated..Arbitrary.File.Deletion CRITICAL" "quiz-master-next 7.0.1 Arbitrary.File.Upload CRITICAL" "quiz-master-next 7.0.0 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "quiz-master-next 6.3.5 Authenticated.Reflected.XSS HIGH" "quiz-master-next 6.2.2 Authenticated.Cross-Site.Scripting.(XSS) HIGH" "quiz-master-next 4.7.9 Stored.Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "quiz-master-next 4.4.4 Authenticated.Blind.SQL.Injection MEDIUM" "quickswish 1.1.0 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "quiz-cat 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "querywall No.known.fix Admin+.SQLi MEDIUM" "qr-code-tag No.known.fix Contributor+.Stored.XSS MEDIUM" "quicksand-jquery-post-filter No.known.fix Cross-Site.Request.Forgery.via.renderAdmin MEDIUM" "quicksand-jquery-post-filter No.known.fix Missing.Authorization.via.quicksand_admin_ajax CRITICAL" "quick-orders-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "quick-orders-for-woocommerce No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "qqworld-auto-save-images No.known.fix Missing.Authorization.to.Arbitrary.Post.Content.Retrieval MEDIUM" "quick-contact-form 8.0.6.8 Reflected.Cross-Site.Scripting MEDIUM" "quick-contact-form 8.0.4 Admin+.Stored.XSS LOW" "quick-contact-form 8.0.4 Contributor+.Stored.XSS MEDIUM" "quick-contact-form 8.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "qode-essential-addons 1.5.3 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Plugin.Installation/Activation MEDIUM" "responsive-cookie-consent 1.8 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "rimons-twitter-widget 1.3 XSS MEDIUM" "responsive-accordion-tabs No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "redirect-by-cookie 1.07 Reflected.Cross-Site.Scripting MEDIUM" "rest-routes 5.5.4 Reflected.Cross-Site.Scripting MEDIUM" "rest-routes 4.24.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "refer-a-friend-widget-for-wp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "regenerate-post-permalinks No.known.fix Cross-Site.Request.Forgery MEDIUM" "relevanssi-live-ajax-search 2.5 Unauthenticated.WP_Query.Argument.Injection MEDIUM" "responsive-column-widgets No.known.fix Reflected.XSS HIGH" "responsive-column-widgets No.known.fix Open.Redirect.via.responsive_column_widgets_link MEDIUM" "rocket-font No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "review-widgets-for-hotels-com 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "rating-bws 1.6 Rating.Denial.of.Service MEDIUM" "rating-bws 0.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "rb-internal-links No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "remember-me-controls 2.1 Unauthenticated.Full.Path.Disclosure MEDIUM" "rest-api-to-miniprogram No.known.fix Subscriber+.Attachment.Deletion MEDIUM" "responsive-vector-maps 6.4.2 Responsive.Vector.Maps.<.6.4.2.-.Subscriber+.Arbitrary.File.Read HIGH" "rucy No.known.fix CSRF.Bypass MEDIUM" "rucy No.known.fix Cross-Site.Request.Forgery MEDIUM" "role-based-bulk-quantity-pricing 1.1.7 Reflected.Cross-Site.Scripting MEDIUM" "responsive-facebook-and-twitter-widget No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "responsive-gallery-grid 2.3.11 Admin+.Stored.XSS LOW" "responsive-gallery-grid 2.3.14 Settings.Update.via.CSRF MEDIUM" "responsive-gallery-grid 2.3.9 Contributor+.Stored.XSS MEDIUM" "review-widgets-for-amazon 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "redirect-after-login No.known.fix Admin+.Stored.XSS LOW" "real-estate-manager No.known.fix Subscriber+.Privilege.Escalation HIGH" "real-estate-manager 7.0 Subscriber+.Settings.Update MEDIUM" "responsive-add-ons 3.0.6 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "responsive-add-ons 2.2.6 Unprotected.AJAX.Endpoints CRITICAL" "rich-event-timeline No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "review-widgets-for-foursquare 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "recent-posts-slider No.known.fix Cross-Site.Request.Forgery MEDIUM" "recent-posts-slider No.known.fix Unauthenticated.Stored.XSS HIGH" "related-post 2.0.54 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "restricted-content 2.2.5 Reflected.XSS HIGH" "restricted-content 2.1.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "removehide-author-date-category-like-entry-meta No.known.fix Settings.Update.via.CSRF MEDIUM" "real-media-library-lite 4.11.12 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "real-media-library-lite 4.22.8 Contributor+.Stored.XSS MEDIUM" "real-media-library-lite 4.18.29 Author+.Stored.XSS MEDIUM" "real-media-library-lite 4.14.2 Author.Stored.Cross-Site.Scripting MEDIUM" "regpack No.known.fix Admin+.Stored.XSS LOW" "rezgo 4.1.8 Reflected.Cross-Site-Scripting MEDIUM" "rezgo 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "reservation-studio-widget 1.0.12 Admin+.Stored.XSS LOW" "reservation-studio-widget 1.0.12 Cross-Site.Request.Forgery MEDIUM" "read-more-without-refresh 3.2 Admin+.Stored.Cross-Site.Scripting LOW" "restrict-for-elementor 1.0.8 Protection.Mechanism.Bypass MEDIUM" "restrict-for-elementor 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "re-attacher 1.0.9 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "rate-star-review 1.5.2 Reflected.Cross-Site.Scripting MEDIUM" "robotcpa No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "reviewx 1.6.29 Insufficient.Rating.Validation MEDIUM" "reviewx 1.6.28 Missing.Authorization MEDIUM" "reviewx 1.6.22 Missing.Authorization MEDIUM" "reviewx 1.6.23 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "reviewx 1.6.14 Subscriber+.Privilege.Escalation HIGH" "reviewx 1.6.4 Subscriber+.SQLi HIGH" "reviewx 1.2.9 Unauthorised.AJAX.call.via.CSRF MEDIUM" "responsive-header-image-slider No.known.fix Contributor+.Stored.XSS MEDIUM" "real-kit 5.1.1 Contributor+.Stored.XSS MEDIUM" "restrict-categories No.known.fix Reflected.XSS HIGH" "review-widgets-for-airbnb 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "rehub-framework 19.6.2 Authenticated.(Subscriber+).SQL.Injection HIGH" "redirect-redirection 1.2.0 Subscriber+.Unauthorised.Action.Calls MEDIUM" "redirect-redirection 1.1.4 Plugin.Installation.via.CSRF MEDIUM" "redirect-redirection 1.1.4 Subscriber+.Plugin.Installation MEDIUM" "redirect-redirection 1.1.5 Plugin.Reset.via.CSRF MEDIUM" "redirect-redirection 1.1.4 Redirect.Creation.via.CSRF MEDIUM" "role-based-pricing-for-woocommerce 1.6.3 Subscriber+.PHAR.Deserialization HIGH" "role-based-pricing-for-woocommerce 1.6.2 Subscriber+.Arbitrary.File.Upload HIGH" "realbig-media 1.0.7 Settings.Update.via.CSRF MEDIUM" "react-webcam No.known.fix Contributor+.Stored.XSS MEDIUM" "recently 3.0.5 Authenticated.Code.Injection HIGH" "recently 3.0.5 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "relevanssi-premium 2.25.2 Missing.Authorization.to.Unauthenticated.Count.Option.Update MEDIUM" "relevanssi-premium 2.25 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "relevanssi-premium 2.25.0 Unauthenticated.Private/Draft.Post.Disclosure MEDIUM" "relevanssi-premium 2.16.5 Subscriber+.Unauthorised.AJAX.Calls MEDIUM" "relevanssi-premium 1.14.6.1 SQL.Injection.&.PHP.Object.Injection HIGH" "recurwp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "recurwp No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rustolat No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "real-time-auto-find-and-replace 1.6.2 Unauthenticated.PHP.Object.Injection HIGH" "real-time-auto-find-and-replace 1.3.6 Admin+.SQLi MEDIUM" "real-time-auto-find-and-replace 1.2.9 Reflected.Cross-Site.Scripting HIGH" "read-and-understood 2.2 Authenticated.Stored.XSS.&.CSRF HIGH" "read-offline No.known.fix Folders.Disclosure.via.Outdated.jQueryFileTree.Library MEDIUM" "read-offline No.known.fix Reflected.Cross-Site.Scripting.via.PHPRelativePath.Library HIGH" "revolution-for-elementor No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "revolution-for-elementor No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "review-widgets-for-tripadvisor 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "randomtext No.known.fix Subscriber+.SQLi HIGH" "romethemeform 1.1.6 Missing.Authorization.via.export_entries,.rtformnewform,.and.rtformupdate MEDIUM" "romethemeform 1.1.3 Missing.Authorization MEDIUM" "relicwp-helper No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "rotating-posts No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "real3d-flipbook-lite 3.72 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "real3d-flipbook-lite 3.63 Reflected.Cross-Site.Scripting MEDIUM" "responsive-lightbox2 1.0.4 Contributor+.Stored.XSS MEDIUM" "responsive-lightbox2 1.0.3 Authenticated.Stored.Cross-Site.Scripting LOW" "review-stream 1.6.6 Admin+.Stored.XSS LOW" "rich-reviews No.known.fix Arbitrary.Reviews.Deletion.via.CSRF MEDIUM" "rich-reviews 1.9.6 Admin+.SQL.Injection MEDIUM" "radio-buttons-for-taxonomies 2.0.6 Cross-Site.Request.Forgery MEDIUM" "radio-buttons-for-taxonomies 2.0.6 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "responsive-css-editor No.known.fix Admin+.SQLi MEDIUM" "royal-elementor-addons 1.3.985 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "royal-elementor-addons 1.3.981 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.Magazine.Grid/Slider.Widget MEDIUM" "royal-elementor-addons 1.3.977 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "royal-elementor-addons 1.3.977 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.Uploads MEDIUM" "royal-elementor-addons 1.3.976 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Back.to.Top.Widget MEDIUM" "royal-elementor-addons 1.3.976 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "royal-elementor-addons 1.3.975 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Form.Builder.Widget MEDIUM" "royal-elementor-addons 1.3.95 Unauthenticated.IP.Spoofing MEDIUM" "royal-elementor-addons 1.3.972 Contributor+.DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "royal-elementor-addons 1.3.972 Contributor+.Stored.Cross-Site.Scripting.via.Flip.Carousel,.Flip.Box,.Post.Grid,.and.Taxonomy.List.Widget.Attributes MEDIUM" "royal-elementor-addons 1.3.972 Contributor+.Stored.Cross-Site.Scripting.via.Advanced.Accordion.Title.Tags MEDIUM" "royal-elementor-addons 1.3.972 Contributor+.Stored.Cross-Site.Scripting.via.HTML.Tags MEDIUM" "royal-elementor-addons 1.3.95 Unauthenticated.Limited.File.Upload HIGH" "royal-elementor-addons 1.3.95 Contributor+.Stored.Cross-Site.Scriting MEDIUM" "royal-elementor-addons 1.3.92 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Logo.Widget MEDIUM" "royal-elementor-addons 1.3.88 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "royal-elementor-addons 1.3.88 Multiple.Cross-Site.Request.Forgery MEDIUM" "royal-elementor-addons 1.3.88 Missing.Authorization.via.wpr_update_form_action_meta MEDIUM" "royal-elementor-addons 1.3.81 Unauthenticated.Arbitrary.Post.Read MEDIUM" "royal-elementor-addons No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "royal-elementor-addons 1.3.79 Unauthenticated.Arbitrary.File.Upload CRITICAL" "royal-elementor-addons 1.3.71 Reflected.Cross-Site.Scripting MEDIUM" "royal-elementor-addons 1.3.71 Unauthenticated.API.Key.Disclosure MEDIUM" "royal-elementor-addons 1.3.60 Menu.Template.Creation.via.CSRF MEDIUM" "royal-elementor-addons 1.3.60 Subscriber+.Arbitrary.Template.Import MEDIUM" "royal-elementor-addons 1.3.60 Subscriber+.Mega.Menu.Settings.Update MEDIUM" "royal-elementor-addons 1.3.60 Subscriber+.Arbitrary.Import.Deletion MEDIUM" "royal-elementor-addons 1.3.60 Subscriber+.Arbitrary.Plugin.Deactivation MEDIUM" "royal-elementor-addons 1.3.60 Reflected.XSS HIGH" "royal-elementor-addons 1.3.60 Subscriber+.Template.Kit.Import MEDIUM" "royal-elementor-addons 1.3.60 Subscriber+.Template.Condition.Update MEDIUM" "royal-elementor-addons 1.3.60 Subscriber+.Arbitrary.Template.Activation MEDIUM" "royal-elementor-addons 1.3.60 Subscriber+.Arbitrary.Plugin.Activation MEDIUM" "royal-elementor-addons 1.3.60 Subscriber+.Arbitrary.Theme.Activation MEDIUM" "royal-elementor-addons 1.3.56 Subscriber+.Arbitrary.Post.Creation MEDIUM" "royal-elementor-addons 1.3.56 Subscriber+.Arbitrary.Post.Deletion HIGH" "royal-elementor-addons 1.3.33 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "request-a-quote 2.4.1 Admin+.Stored.XSS LOW" "request-a-quote 2.3.9 Admin+.Stored.Cross-Site.Scripting LOW" "request-a-quote 2.3.9 Admin+.Stored.Cross-Site.Scripting LOW" "request-a-quote 2.3.4 Authenticated.Stored.XSS MEDIUM" "revslider 6.7.14 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "revslider 6.7.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Elementor.wrapperid.and.zindex MEDIUM" "revslider 6.7.11 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Add.Layer.class,.id,.and.title.Attributes MEDIUM" "revslider 6.7.11 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "revslider 6.7.0 Missing.Authorization MEDIUM" "revslider 6.7.8 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.htmltag.Parameter MEDIUM" "revslider 6.7.0 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "revslider 6.6.19 Author+.Insecure.Deserialization.leading.to.RCE HIGH" "revslider 6.6.16 Authenticated.(Author+).Arbitrary.File.Upload HIGH" "revslider 6.6.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "revslider 6.6.13 Author+.Remote.Code.Execution MEDIUM" "revslider 4.1.5 Local.File.Disclosure HIGH" "revslider 3.0.96 WordPress.Slider.Revolution.Shell.Upload CRITICAL" "remove-add-to-cart-woocommerce 1.4.5 Settings.Update.via.CSRF MEDIUM" "remove-add-to-cart-woocommerce 1.4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "restrict-usernames-emails-characters 3.1.4 Admin+.Stored.XSS LOW" "rometheme-for-elementor 1.4.2 Missing.Authorization MEDIUM" "rometheme-for-elementor 1.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "review-buddypress-groups 2.8.4 Subscriber+.Arbitrary.Settings.Update.&.Review.Modification MEDIUM" "review-buddypress-groups 2.8.1 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "rating-widget 3.2.0 Reflected.Cross-Site.Scripting MEDIUM" "rating-widget 3.2.1 Contributor+.Stored.XSS MEDIUM" "rating-widget 3.1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "review-engine No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "review-engine No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "review-engine No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "rsfirewall 1.1.25 IP.Block.Bypass MEDIUM" "rays-grid 1.2.3 CSRF.Bypass MEDIUM" "rsvp 2.7.8 Unauthenticated.Entries.Export HIGH" "rsvp 2.7.5 Reflected.Cross-Site.Scripting MEDIUM" "rsvp 2.3.8 XSS MEDIUM" "related-youtube-videos 1.9.9 CSRF.&.XSS HIGH" "responsive-menu-pro 4.0.4 CSRF.to.Arbitrary.File.Upload HIGH" "responsive-menu-pro 4.0.4 CSRF.to.Settings.Update MEDIUM" "responsive-menu-pro 4.0.4 4.0.3.-.Authenticated.Arbitrary.File.Upload CRITICAL" "revolut-gateway-for-woocommerce 4.9.8 Missing.Authorization MEDIUM" "restricted-site-access 7.3.2 Access.Bypass.via.IP.Spoofing MEDIUM" "responsive-lightbox 2.4.8 Missing.Authorization MEDIUM" "responsive-lightbox 2.4.8 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.File.Upload MEDIUM" "responsive-lightbox 2.4.7 Information.Disclosure MEDIUM" "responsive-lightbox 2.4.6 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.name MEDIUM" "responsive-lightbox 1.7.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "review-widgets-for-arukereso 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "resmushit-image-optimizer 0.4.7 Multiple.CSRF MEDIUM" "resmushit-image-optimizer 0.4.4 Subscriber+.AJAX.Calls MEDIUM" "resmushit-image-optimizer 0.4.6 Admin+.Cross-Site.Scripting LOW" "reviewscouk-for-woocommerce 1.2.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "robin-image-optimizer 1.7.0 Missing.Authorization MEDIUM" "ravpage 2.25 Reflected.Cross-Site.Scripting MEDIUM" "remove-schema 1.6 Cross-Site.Request.Forgery MEDIUM" "remove-schema 1.6 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "rencontre 3.11 Unauthenticated.Arbitrary.File.Upload CRITICAL" "rencontre 3.11.2 Subscriber+.PHP.Object.Injection HIGH" "rencontre 3.11 Privilege.Escalation CRITICAL" "rencontre 3.2.3 Multiple.CSRF CRITICAL" "restaurant-solutions-checklist No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "redirect-404-to-parent 1.3.1 Reflected.Cross-Site.Scripting.(XSS) HIGH" "responsive-video No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "read-more No.known.fix Cross-Site.Request.Forgery MEDIUM" "review-widgets-for-opentable 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "rss-feed-widget 2.9.8 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "rss-feed-widget 2.8.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "reviews-plus 1.3.5 Missing.Authorization.to.Notice.Dismissal MEDIUM" "reviews-plus 1.2.14 Subscriber+.Reviews.DoS LOW" "really-simple-ssl 8.0.0 Admin+.Server-Side.Request.Forgery MEDIUM" "rafflepress 1.12.16 Editor+.Stored.XSS LOW" "rafflepress 1.12.14 Editor+.Stored.XSS LOW" "rafflepress 1.12.5 Missing.Authorization MEDIUM" "rafflepress 1.12.11 IP.Spoofing MEDIUM" "rafflepress 1.12.7 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "rafflepress 1.12.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "rafflepress 1.11.3 Contributor+.Stored.XSS MEDIUM" "responsive-owl-carousel-elementor 1.2.1 Local.File.Inclusion HIGH" "raygun4wp 1.8.3 XSS MEDIUM" "raygun4wp 1.8.1 Unauthenticated.Reflected.XSS MEDIUM" "rockhoist-badges No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "radio-forge No.known.fix Reflected.Cross-Site.Scripting HIGH" "review-widgets-for-capterra 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "recently-viewed-and-most-viewed-products No.known.fix Authenticated.(Shop.Manager+).Stored.Cross-Site.Scripting MEDIUM" "resume-upload-form No.known.fix Captcha.Bypass MEDIUM" "reviews-widgets-for-yelp 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "rate-my-post 3.4.5 Insecure.Direct.Object.Reference MEDIUM" "rate-my-post 3.4.3 IP.Spoofing MEDIUM" "rate-my-post 3.3.9 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "rate-my-post 3.3.5 Cross-Site.Request.Forgery MEDIUM" "rate-my-post 3.3.5 Subscriber+.Votes.Tampering.via.Race.Condition MEDIUM" "realteo 1.2.4 Arbitrary.Property.Deletion.via.IDOR HIGH" "realteo 1.2.4 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "relevant 1.2.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "relevant 1.0.8 Cross-Site.Scripting.(XSS) MEDIUM" "review-schema 2.2.0 Missing.Authorization.to.Arbitrary.Review.Update MEDIUM" "rk-responsive-contact-form No.known.fix Authenticated.Blind.SQL.Injection CRITICAL" "rock-form-builder 2.5 Privilege.Escalation HIGH" "responsive-video-embed 0.5.1 Contributor+.Stored.XSS MEDIUM" "registrations-for-the-events-calendar 2.12.2 Missing.Authorization MEDIUM" "registrations-for-the-events-calendar 2.12.3 Authenticated.(Contributor+).SQL.Injection CRITICAL" "registrations-for-the-events-calendar 2.7.10 Reflected.Cross-Site.Scripting HIGH" "registrations-for-the-events-calendar 2.7.6 Unauthenticated.SQL.Injection HIGH" "registrations-for-the-events-calendar 2.7.5 Reflected.Cross-Site.Scripting HIGH" "rough-chart No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "relevanssi 4.23.0 Unauthenticated.Information.Exposure MEDIUM" "relevanssi 4.22.2 Missing.Authorization.to.Unauthenticated.Count.Option.Update MEDIUM" "relevanssi 4.22.1 Unauthenticated.Query.Log.Export MEDIUM" "relevanssi 4.22.0 Unauthenticated.Private/Draft.Post.Disclosure MEDIUM" "relevanssi 4.14.6 Subscriber+.Unauthorised.AJAX.Calls MEDIUM" "relevanssi 4.14.3 A.Better.Search.<.4.14.3.-.Unauthenticated.Stored.Cross-Site.Scripting HIGH" "relevanssi 4.0.5 Cross-Site.Scripting.(XSS) MEDIUM" "relevanssi 3.6.1 Authenticated.Admin.SQL.Injection MEDIUM" "rise-blocks 3.2 Cross-Site.Request.Forgery MEDIUM" "redi-restaurant-reservation 24.0712 Missing.Authorization MEDIUM" "redi-restaurant-reservation 24.0303 Cross-Site.Request.Forgery.via.redi_restaurant_admin_options_page() MEDIUM" "redi-restaurant-reservation 24.0303 Cross-Site.Request.Forgery.via.redi_restaurant_admin_options_page() MEDIUM" "redi-restaurant-reservation 24.0303 Reflected.Cross-Site.Scripting MEDIUM" "redi-restaurant-reservation 21.0426 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "restaurant-cafe-addon-for-elementor 1.5.4 Missing.Authorization.via.multiple.AJAX.functions LOW" "restaurant-cafe-addon-for-elementor 1.5.3 Cross-Site.Request.Forgery MEDIUM" "restaurant-cafe-addon-for-elementor 1.5.3 Missing.Authorization MEDIUM" "restaurant-cafe-addon-for-elementor 1.4.8 Reflected.Cross-Site.Scripting MEDIUM" "restaurant-cafe-addon-for-elementor 1.4.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "real-cookie-banner 3.4.10 Contributor+.Stored.XSS MEDIUM" "real-cookie-banner 2.18.2 Reflected.Cross-Site.Scripting MEDIUM" "real-cookie-banner 2.14.2 Settings.Reset.via.CSRF MEDIUM" "redirect-404-error-page-to-homepage-or-custom-page 1.8.8 Authenticated.(Administrator+).SQL.Injection HIGH" "redirect-404-error-page-to-homepage-or-custom-page 1.8.0 Reflected.Cross-Site.Scripting MEDIUM" "redirect-404-error-page-to-homepage-or-custom-page 1.7.9 Log.Deletion.via.CSRF MEDIUM" "rm-mailchimp-manager No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rm-mailchimp-manager No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "rsvpmaker-excel No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "replace-image 1.1.11 Insecure.Direct.Object.Reference MEDIUM" "rich-snippets-vevents No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.Options.Update HIGH" "rearrange-woocommerce-products 3.0.8 Subscriber+.SQL.Injection HIGH" "recall-products No.known.fix Authenticated.Cross-Site.Scripting MEDIUM" "recall-products No.known.fix Authenticated.SQL.Injection MEDIUM" "responsive-coming-soon 2.2.2 Maintenance.Mode.Bypass MEDIUM" "responsive-coming-soon 1.8.2 Arbitrary.Settings.Reset MEDIUM" "require-taxonomy-image-category-tag 1.27 Reflected.Cross-Site.Scripting MEDIUM" "resads 1.0.2 .Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "rename-media-files No.known.fix Authenticated.(Contributor+).Remote.Code.Execution HIGH" "rara-one-click-demo-import 1.3.0 Arbitrary.File.Upload.via.CSRF HIGH" "redirection 3.6.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "redirection 2.8 Authenticated.Local.File.Inclusion MEDIUM" "responsive-tabs 4.0.11 Contributor+.Stored.XSS MEDIUM" "responsive-tabs 4.0.7 Contributor+.Stored.XSS MEDIUM" "responsive-tabs 2.2.7 Editor+.Stored.Cross-Site.Scripting MEDIUM" "responsive-tabs 4.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive-tabs 4.0.6 Authenticated.(Contributor+).Content.Injection MEDIUM" "responsive-tabs 4.0.6 Author+.Stored.Cross-Site.Scripting MEDIUM" "real-time-find-and-replace 4.0.2 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting HIGH" "realty 1.1.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "royal-slider 3.2.7 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "remove-cpt-base 5.9 CPT.Deletion.via.CSRF MEDIUM" "raise-prices-with-sales-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "raise-prices-with-sales-for-woocommerce 1.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "responsive-menu 4.1.8 Subscriber+.Arbitrary.File.Upload./.Theme.Deletion./.Plugin.Settings.Update HIGH" "responsive-menu 4.0.4 CSRF.to.Settings.Update MEDIUM" "responsive-menu 4.0.4 4.0.3.-.Authenticated.Arbitrary.File.Upload CRITICAL" "responsive-menu 4.0.4 CSRF.to.Arbitrary.File.Upload HIGH" "responsive-menu 3.1.4 XSS.and.CSRF HIGH" "reglevel No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "responsivevoice-text-to-speech 1.7.7 Contributor+.Stored.XSS MEDIUM" "resize-at-upload-plus No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "resermy No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "resermy No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "resermy No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "recent-backups No.known.fix Remote.File.Download HIGH" "ruven-toolkit No.known.fix tinymce/popup.php.popup.Parameter.Reflected.XSS MEDIUM" "racar-clear-cart-for-woocommerce 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "real-wysiwyg No.known.fix Reflected.Cross-Site.Scripting HIGH" "realia No.known.fix User.Email.Change.via.Cross-Site.Request.Forgery HIGH" "realia No.known.fix Unauthenticated.IDOR.leading.to.Arbitrary.Post.Deletion HIGH" "responsive-horizontal-vertical-and-accordion-tabs 1.1.18 Authenticated.(Contributor+).SQL.Injection CRITICAL" "responsive-horizontal-vertical-and-accordion-tabs 1.1.18 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive-horizontal-vertical-and-accordion-tabs 1.1.16 Reflected.XSS HIGH" "responsive-horizontal-vertical-and-accordion-tabs 1.1.16 Reflected.Cross-Site.Scripting MEDIUM" "reviews-widgets 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "remove-duplicate-posts 1.3 Reflected.Cross-Site.Scripting MEDIUM" "reflex-gallery 3.1.5 jQuery.prettyPhoto.DOM.Cross-Site.Scripting.(XSS) MEDIUM" "recipes-writer No.known.fix XSS MEDIUM" "rotatingtweets No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "rentpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "review-widgets-for-booking-com 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "redirects No.known.fix Missing.Authorization.via.save MEDIUM" "redirects No.known.fix Missing.Authorization MEDIUM" "recurring-donation 1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "ratings-shorttags No.known.fix Stored.XSS.via.CSRF HIGH" "rich-table-of-content 1.3.9 Contributor+.Stored.XSS MEDIUM" "reusable-text-blocks No.known.fix Author+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "rocket-addons No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "really-simple-featured-video 0.7.2 Reflected.Cross-Site.Scripting MEDIUM" "really-simple-featured-video 0.5.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "responsive-block-editor-addons 1.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rumbletalk-chat-a-chat-with-themes 6.2.0 Missing.Authorization.via.handleRequest HIGH" "rvg-optimize-database 5.1 Missing.Authorization.via.'odb_csv_download' MEDIUM" "rvg-optimize-database 5.1.1 Database.Optimization.via.CSRF MEDIUM" "rsvpmaker 10.6.7 Improper.Neutralization.of.Special.Elements.used.in.an.SQL.Command.('SQL.Injection') LOW" "rsvpmaker 9.9.4 Improper.Neutralization.of.Special.Elements.used.in.an.SQL.Command.('SQL.Injection') CRITICAL" "rsvpmaker 10.6.7 Admin+.Stored.XSS HIGH" "rsvpmaker 10.6.7 Unauthenticated.PHP.Object.Injection HIGH" "rsvpmaker 10.6.7 Unauthenticated.Stored.XSS HIGH" "rsvpmaker 10.5.5 Admin+.SQL.Injection.(SQLi) HIGH" "rsvpmaker 9.2.7 Unauthenticated.SQLi MEDIUM" "rsvpmaker 9.2.6 Unauthenticated.SQLi CRITICAL" "rsvpmaker 8.7.3 Authenticated.(admin+).SSRF HIGH" "rsvpmaker 7.8.2 Unauthenticated.SQL.Injection HIGH" "rsvpmaker 6.2 SQL.Injection CRITICAL" "responsive-tabs-for-wpbakery No.known.fix Contributor+.Stored.XSS MEDIUM" "reset-course-progress-for-learndash No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "reset-course-progress-for-learndash No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "revision-manager-tmc 2.8.20 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Email.Sending MEDIUM" "revision-manager-tmc 2.8.0 Folders.Disclosure.via.Outdated.jQueryFileTree.Library MEDIUM" "reveal-template No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "related-posts-for-wp 2.2.2 Cross-Site.Request.Forgery MEDIUM" "related-posts-for-wp 2.0.5 Authenticated.Stored.XSS.&.XFS MEDIUM" "related-posts-for-wp 2.0.4 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "related-posts-for-wp 1.8.2 Cross-Site.Scripting.(XSS) CRITICAL" "recurring-bookings-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "recurring-bookings-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rate-limiting-for-contact-form-7 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rw-divi-unite-gallery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "rw-divi-unite-gallery No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rw-divi-unite-gallery No.known.fix Security.Bypass.via.Outdated.Freemius CRITICAL" "random-sorting-order-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "random-sorting-order-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "random-sorting-order-for-woocommerce No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "remove-old-slugspermalinks 2.7.0 Cross-Site.Request.Forgery MEDIUM" "randomize No.known.fix Authenticated.(Contributor+).SQL.Injection HIGH" "rename-wp-login No.known.fix Secret.URL.Update.via.CSRF MEDIUM" "rocket-maintenance-mode 4.4 Admin+.Stored.XSS LOW" "rocket-maintenance-mode 4.4 Reflected.Cross-Site.Scripting MEDIUM" "rocket-maintenance-mode 4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "radio-station 2.5.8 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "radio-station 2.5.0 Reflected.XSS HIGH" "radio-station 2.5.5 Reflected.Cross-Site.Scripting MEDIUM" "radio-station 2.4.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rescue-shortcodes 2.6 Contributor+.Stored.XSS MEDIUM" "realty-workstation 1.0.15 Agent.SQLi HIGH" "responsive-coming-soon-page No.known.fix Unauthenticated.Information.Exposure MEDIUM" "responsive-coming-soon-page 1.6.0 Improper.Neutralization.of.Special.Elements.used.in.an.SQL.Command.('SQL.Injection') HIGH" "rduplicator No.known.fix Contributor+.SQLi HIGH" "real-estate-listing-realtyna-wpl No.known.fix Authenticated.(Admin+).Arbitrary.File.Upload CRITICAL" "real-estate-listing-realtyna-wpl 4.14.8 Reflected.XSS HIGH" "real-estate-listing-realtyna-wpl 4.14.8 Unauthenticated.SQLi HIGH" "related-posts 1.8.2 XSS MEDIUM" "remove-footer-credit 1.0.14 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "remove-footer-credit 1.0.11 Admin+.Stored.Cross-Site.Scripting LOW" "remove-footer-credit 1.0.6 CSRF.to.Stored.Cross-Site.Scripting HIGH" "rapidexpcart No.known.fix Stored.XSS.via.CSRF CRITICAL" "replace-word No.known.fix Cross-Site.Request.Forgery MEDIUM" "rss-for-yandex-turbo 1.31 Admin+.Stored.Cross-Site.Scripting LOW" "rss-for-yandex-turbo 1.30 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "remove-wp-update-nags 1.5.0 Reflected.Cross-Site.Scripting MEDIUM" "remove-wp-update-nags 1.4.0 Subscriber+.Arbitrary.Option.Update CRITICAL" "restrict-user-access 2.6 Reflected.Cross-Site.Scripting MEDIUM" "restrict-user-access 2.6 Information.Exposure MEDIUM" "restrict-user-access 2.4.3 Reflected.Cross-Site.Scripting MEDIUM" "restrict-user-access 2.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rolo-slider No.known.fix Missing.Authorization.to.Authenticated(Subscriber+).Settings.Change MEDIUM" "rife-elementor-extensions 1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Writing.Effect.Headline.Widget MEDIUM" "rife-elementor-extensions 1.1.6 Contributor+.Stored.XSS MEDIUM" "recaptcha-jetpack No.known.fix Settings.Update.via.CSRF MEDIUM" "recaptcha-jetpack No.known.fix Stored.XSS.via.CSRF HIGH" "rock-convert 3.0.0 Admin+.Stored.XSS LOW" "rock-convert 2.6.0 Reflected.Cross-Site.Scripting MEDIUM" "rock-convert 2.11.0 Admin+.Stored.Cross-Site.Scripting LOW" "run-time-image-resizing No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "run-time-image-resizing No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "ruby-help-desk 1.3.4 Subscriber+.Ticket.Update.via.IDOR MEDIUM" "remove-add-to-cart-button-for-woocommerce 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "remove-add-to-cart-button-for-woocommerce 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "reviews-feed 1.2.0 Cross-Site.Request.Forgery MEDIUM" "reviews-feed 1.2.0 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Settings.Update MEDIUM" "random-banner No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "random-banner 4.1.6 Admin+.Stored.Cross-Site.Scripting LOW" "random-banner 2.0 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "role-and-customer-based-pricing-for-woocommerce 1.4.1 Reflected.Cross-Site.Scripting MEDIUM" "role-and-customer-based-pricing-for-woocommerce 1.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "remove-slug-from-custom-post-type No.known.fix Settings.Update.via.CSRF MEDIUM" "remote-content-shortcode No.known.fix Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "remote-content-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "remote-content-shortcode No.known.fix Authenticated(Contributor+).Local.File.Inclusion.via.shortcode MEDIUM" "read-more-excerpt-link 1.6.1 Settings.Update.via.CSRF MEDIUM" "read-more-excerpt-link 1.6.1 Settings.Update.via.CSRF MEDIUM" "restropress 3.1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "restropress 3.1.2.1 Cross-Site.Request.Forgery.via.rpress_orders_list_table_process_bulk_actions MEDIUM" "restropress 2.8.3 Cart.Manipulation.via.CSRF MEDIUM" "restropress 2.8.3.1 Unauthorised.AJAX.Calls HIGH" "rich-counter 1.2.0 Cross-Site.Scripting.(XSS) MEDIUM" "review-widgets-for-szallas-hu 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "resume-builder No.known.fix Subscriber+.Stored.XSS HIGH" "responsive-filterable-portfolio 1.0.20 Reflected.XSS HIGH" "restaurant-reservations 2.6.17 Missing.Authorization MEDIUM" "restaurant-reservations 2.6.8 Reflected.Cross-Site.Scripting HIGH" "restaurant-reservations 2.4.12 Unauthenticated.Arbitrary.Payment.Status.Update.to.Stored.XSS HIGH" "restaurant-reservations 2.4.8 Subscriber+.Stored.Cross-Site.Scripting HIGH" "republish-old-posts 1.27 Cross-Site.Request.Forgery.via.rop_options_page MEDIUM" "role-scoper 1.3.67 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "restaurant-pickup-delivery-dine-in No.known.fix Admin+.Stored.XSS LOW" "retain No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "robo-gallery 3.2.20 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Gallery.Title MEDIUM" "robo-gallery 3.2.20 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Image.Title MEDIUM" "robo-gallery 3.2.20 Cross-Site.Request.Forgery.to.Post.Creation.and.Limited.Data.Loss HIGH" "robo-gallery 3.2.19 Unauthenticated.Information.Exposure MEDIUM" "robo-gallery 3.2.18 Author+.Stored.XSS MEDIUM" "robo-gallery 3.2.16 Admin+.Stored.XSS LOW" "robo-gallery 3.2.13 Contributor+.Stored.XSS MEDIUM" "robo-gallery 3.2.11 Plugin.Activation/Deactivation.via.CSRF MEDIUM" "robo-gallery 3.2.12 Cross-Site.Request.Forgery MEDIUM" "recencio-book-reviews No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "redux-framework 4.4.18 .4.4.17.-.Unauthenticated.JSON.File.Upload.to.Stored.Cross-Site.Scripting HIGH" "redux-framework 4.2.13 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "redux-framework 4.2.13 Contributor+.Arbitrary.Plugin.Installation.and.Post.Deletion HIGH" "redux-framework 4.1.24 4.1.23.-.CSRF.Nonce.Validation.Bypass MEDIUM" "redux-framework 4.1.21 CSRF.Nonce.Validation.Bypass MEDIUM" "reviewpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "reviewpress No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "reviewpress No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "reader-mode No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "recipe-card-blocks-by-wpzoom 3.3.2 Missing.Authorization MEDIUM" "recipe-card-blocks-by-wpzoom 2.8.1 Reflected.Cross-Site.Scripting HIGH" "recipe-card-blocks-by-wpzoom 2.8.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "rss-import No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "required-taxonomies 1.1.8 Reflected.Cross-Site.Scripting MEDIUM" "required-taxonomies 1.1.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rss-control 3.0.8 Reflected.Cross-Site.Scripting MEDIUM" "rss-control 2.0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "really-simple-google-tag-manager 1.0.7 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "reach-us-contact-form No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "reach-us-contact-form No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "reach-us-contact-form No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "rss-chimp 1.2.5 Reflected.Cross-Site.Scripting MEDIUM" "rss-chimp 1.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rankbear No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "rankbear No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rt-easy-builder-advanced-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-site.Scripting MEDIUM" "rt-easy-builder-advanced-addons-for-elementor 2.1 Missing.Authorization MEDIUM" "rt-easy-builder-advanced-addons-for-elementor 1.9 Reflected.Cross-Site.Scripting MEDIUM" "rt-easy-builder-advanced-addons-for-elementor 1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "real-estate-pro 1.7.1 Subscriber+.Privilege.Escalation CRITICAL" "rabbit-loader 2.19.14 Missing.Authorization.via.multiple.AJAX.actions MEDIUM" "reciply 1.1.8 Unauthenticated.File.Upload MEDIUM" "restrict-content 3.2.9 Missing.Authorization MEDIUM" "restrict-content 3.2.8 Information.Exposure.via.legacy.log.file MEDIUM" "restrict-content 3.2.5 Reflected.Cross-Site.Scripting MEDIUM" "restrict-content 3.2.3 Restrict.Content.<.3.2.3.-.Reflected.XSS HIGH" "radio-player 2.0.74 Missing.Authorization.to.Player.Deletion MEDIUM" "radio-player 2.0.74 Missing.Authorization.to.Settings.Update MEDIUM" "radio-player 2.0.74 Missing.Authorization.to.Player.Update MEDIUM" "radio-player 2.0.74 Missing.Authorization MEDIUM" "radio-player 2.0.74 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "radio-player 2.0.74 Unauthenticated.Server-Side.Request.Forgery HIGH" "radio-player 2.0.74 Missing.Authorization.to.Authenticated.(Subscriber+).Information.Disclosure MEDIUM" "radio-player 2.0.74 Missing.Authorization.via.get_players MEDIUM" "radio-player 2.0.5 Reflected.Cross-Site.Scripting MEDIUM" "radio-player 1.0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "smtp-mail 1.3.21 Cross.Site.Request.Forgery MEDIUM" "smtp-mail No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "smtp-mail 1.2.2 Authenticated.SQL.Injections MEDIUM" "smtp-mail 1.2 Reflected.Cross-Site.Scripting.(XSS) HIGH" "stock-exporter-for-woocommerce 1.2.0 Reflected.XSS HIGH" "spam-control-xforwc 1.5.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "supportcandy 3.2.4 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "supportcandy 3.1.7 Subscriber+.SQLi HIGH" "supportcandy 3.1.7 Admin+.SQLi MEDIUM" "supportcandy 3.1.5 Unauthenticated.SQLi HIGH" "supportcandy 2.2.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "supportcandy 2.2.7 Reflected.Cross-Site.Scripting MEDIUM" "supportcandy 2.2.5 Unauthenticated.Arbitrary.Ticket.Deletion HIGH" "supportcandy 2.2.7 CSRF.to.Cross-Site.Scripting MEDIUM" "supportcandy 2.2.7 Arbitrary.Ticket.Deletion.via.CSRF HIGH" "supportcandy 2.0.1 Arbitrary.File.Upload CRITICAL" "smart-id 4.7 Reflected.Cross-Site.Scripting MEDIUM" "smartcrawl-seo 3.10.9 Unauthenticated.Full.Path.Disclosure MEDIUM" "smartcrawl-seo 3.10.3 Missing.Authorization MEDIUM" "smartcrawl-seo 3.8.3 Unauthenticated.Password.Protected.Post.Disclosure MEDIUM" "social-testimonials-and-reviews-widget 5.00 Missing.Authorization MEDIUM" "social-testimonials-and-reviews-widget 5.02 CSRF MEDIUM" "simple-sponsorships No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-sponsorships 1.8.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "social-photo-gallery No.known.fix Remote.Code.Execution.(RCE) HIGH" "spin360 No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "spideranalyse No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-cod-fee-for-woocommerce No.known.fix Missing.Authorization MEDIUM" "sayfa-sayac No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "sayfa-sayac No.known.fix Unauthenticated.SQL.Injection CRITICAL" "seraphinite-post-docx-source 2.16.10 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "seraphinite-post-docx-source 2.16.10 Missing.Authorization MEDIUM" "seraphinite-post-docx-source 2.16.7 Settings.Update/Reset/Import.via.CSRF MEDIUM" "safe-editor 1.2 Unauthenticated.CSS/JS-injection MEDIUM" "smart-phone-field-for-gravity-forms 2.1 Reflected.Cross-Site.Scripting MEDIUM" "slick-popup 1.7.15 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "slick-popup 1.7.2 Privilege.Escalation HIGH" "simple-file-downloader No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "solidres No.known.fix Multiple.Reflected.XSS HIGH" "solidres No.known.fix Admin+.Stored.XSS LOW" "social-pixel No.known.fix Admin+.Stored.XSS LOW" "semalt No.known.fix Admin+.Stored.XSS LOW" "speakout 2.14.15.1 Unauthenticated.SQLi HIGH" "speakout 2.13.3 Reflected.Cross-Site.Scripting HIGH" "shariff 4.6.14 Unauthenticated.Local.File.Inclusion CRITICAL" "shariff 4.6.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "shariff 4.6.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shariff 4.6.10 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "shariff 4.6.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shariff 4.6.10 Admin+.Stored.XSS LOW" "seo-automatic-wp-core-tweaks No.known.fix Arbitrary.Admin.Account.Creation./.Admin.Email.Update.via.CSRF HIGH" "simple-ajax-chat 20240412 Admin+.Stored.XSS LOW" "simple-ajax-chat 20240223 .Unauthenticated.Stored.Cross-Site.Scripting HIGH" "simple-ajax-chat 20240216 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "simple-ajax-chat 20240223 Unauthenticated.Stored.XSS HIGH" "simple-ajax-chat 20220216 Log.Clearing.&.Arbitrary.Chat.Message.Deletion.via.CSRF MEDIUM" "simple-ajax-chat 20220216 Sensitive.Information.Disclosure MEDIUM" "simple-ajax-chat 20220216 Unauthenticated.Stored.XSS MEDIUM" "sv-forms 2.0.2 Reflected.Cross-Site.Scripting MEDIUM" "sv-forms 1.8.10 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "social-link-pages No.known.fix Missing.Authorization.to.Arbitrary.Page.Creation.and.Cross-Site.Scripting HIGH" "smart-email-alerts No.known.fix Reflected.Cross-Site.Scripting HIGH" "simple-page-transition No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "slider-image 2.8.7 Authenticated.Blind.SQL.Injection HIGH" "sharethis-share-buttons 2.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sharethis-inline-buttons.Shortcode MEDIUM" "simple-schools-staff-directory No.known.fix Admin+.Arbitrary.File.Upload CRITICAL" "smart-recent-posts-widget No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "shorten-url No.known.fix Cross-Site.Request.Forgery.via.configuration_page MEDIUM" "shorten-url No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "shorten-url No.known.fix Missing.Authorization.via.multiple.AJAX.functions MEDIUM" "shorten-url No.known.fix CSRF MEDIUM" "shorten-url 1.6.5 Admin+.Cross.Site.Scripting LOW" "shorten-url 1.6.5 Subscriber+.SQLi HIGH" "shorten-url 1.6.5 Admin+.Stored.Cross-Site.Scripting MEDIUM" "sp-news-and-widget 4.0.1 Reflected.Cross-Site.Scripting MEDIUM" "smartsoftbutton-widget-de-botones-de-chat No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF HIGH" "sell-media 2.5.7.3 CSRF.Bypass MEDIUM" "sell-media 2.4.2 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "starbox 3.5.3 Contributor+.Stored.XSS MEDIUM" "starbox 3.5.2 Admin+.Stored.XSS LOW" "starbox 3.5.0 Contributor+.Stored.XSS MEDIUM" "starbox 3.5.0 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.Job.Settings MEDIUM" "starbox 3.5.0 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.Profile.Display.Name.and.Social.Settings MEDIUM" "starbox 3.4.8 Subscriber+.Plugin.Preferences./.User.Settings.Access.via.IDOR MEDIUM" "simple-blog-card 1.32 Subscriber+.Arbitrary.Post.Access MEDIUM" "simple-blog-card 1.31 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "secure-admin-ip No.known.fix Missing.Authorization.via.'saveSettings' MEDIUM" "subscribe-sidebar No.known.fix Authenticated.Reflected.Cross-Site.Scripting CRITICAL" "shortcodes-ui No.known.fix Contributor+.Stored.XSS MEDIUM" "shortcodes-ui No.known.fix CSRF MEDIUM" "spider-faq No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "solid-affiliate No.known.fix Sensitive.Information.Exposure MEDIUM" "section-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "section-slider No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "section-slider No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "sitemap 4.4 Contributor+.Stored.XSS MEDIUM" "smart-seo-tool 3.0.6 Reflected.Cross-Site.Scripting MEDIUM" "simple-theme-options 1.7 Admin+.Stored.Cross-Site.Scripting LOW" "simple-pdf-viewer No.known.fix Contributor+.XSS MEDIUM" "sf-booking 3.2 Unauthenticated.Local.File.Disclosure HIGH" "sexy-author-bio No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sexy-author-bio No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "shortcode-for-font-awesome 1.4.1 Contributor+.Stored.XSS MEDIUM" "stars-menu No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "sidebar-adder No.known.fix Reflected.Cross-Site.Scripting HIGH" "soundy-background-music No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "simple-al-slider No.known.fix Reflected.XSS HIGH" "simplified-content 1.0.1 XSS MEDIUM" "specific-content-for-mobile 0.1.9.6 Reflected.Cross-Site.Scripting MEDIUM" "slicknav-mobile-menu 1.9.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "siteorigin-panels 2.29.16 Contributor+.Stored.XSS.via.siteorigin_widget.Shortcode MEDIUM" "siteorigin-panels 2.29.7 Contributor+.Stored.XSS MEDIUM" "siteorigin-panels 2.10.16 CSRF.to.Reflected.Cross-Site.Scripting.(XSS) HIGH" "stockists-manager No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "simplr-registration-form No.known.fix Subscriber+.Arbitrary.User.Password.Change.via.IDOR HIGH" "site-notes No.known.fix Admin.Note.Deletion.via.CSRF MEDIUM" "surveys No.known.fix Authenticated.SQL.Injection CRITICAL" "smartsupp-live-chat 3.7 Cross-Site.Request.Forgery MEDIUM" "sfwd-lms 4.10.2 Sensitive.Information.Exposure.via.API MEDIUM" "sfwd-lms 4.10.3 Sensitive.Information.Exposure.via.API MEDIUM" "sfwd-lms 4.10.2 Sensitive.Information.Exposure.via.assignments MEDIUM" "sfwd-lms 4.5.3.1 SQL.Injection MEDIUM" "sfwd-lms 4.6.0.1 User.Account.Takeover.via.Insecure.Direct.Object.References HIGH" "sfwd-lms 3.1.6 Unauthenticated.SQL.Injection CRITICAL" "sfwd-lms 3.1.2 Reflected.Cross.Site.Scripting.(XSS).issue.on.the.[ld_profile].search.field. MEDIUM" "sfwd-lms 2.5.4 Unauthenticated.Arbitrary.File.Upload CRITICAL" "spectra-pro 1.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Block.IDs MEDIUM" "spectra-pro 1.1.6 Authenticated.(Author+).Privilege.Escalation HIGH" "superior-faq No.known.fix CSRF MEDIUM" "security-ninja 5.159 Reflected.Cross-Site.Scripting MEDIUM" "security-ninja 5.135 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-headline-rotator No.known.fix Stored.XSS.via.CSRF HIGH" "simply-featured-video No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sticky-popup No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "simply-schedule-appointments 1.6.7.43 Admin+.Template.Injection.to.RCE MEDIUM" "simply-schedule-appointments 1.6.7.18 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simply-schedule-appointments 1.6.6.24 Reflected.Cross-Site.Scripting MEDIUM" "simply-schedule-appointments 1.6.7.9 Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "simply-schedule-appointments 1.6.7.9 Authenticated.(Subscriber+).SQL.Injection HIGH" "simply-schedule-appointments 1.6.6.24 Cross-Site.Request.Forgery.to.Plugin.Data.Reset MEDIUM" "simply-schedule-appointments 1.6.6.1 Authenticated(Administrator+).SQL.Injection MEDIUM" "simply-schedule-appointments 1.5.7.7 Unauthenticated.Email.Address.Disclosure MEDIUM" "simply-schedule-appointments 1.5.7.7 Admin+.Stored.Cross-Site.Scripting LOW" "sales-page-addon 1.4.1 Reflected.Cross-Site.Scripting MEDIUM" "sales-page-addon 1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "stm-megamenu 2.3.13 Unauthenticated.Local.File.Inclusion CRITICAL" "simple-yearly-archive 2.1.9 Admin+.Stored.XSS LOW" "simple-long-form No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "sb-elementor-contact-form-db 1.8.0 Reflected.Cross-Site.Scripting MEDIUM" "sb-elementor-contact-form-db 1.6 Unauthenticated.&.Unauthorised.Form.Submissions.Export HIGH" "sb-elementor-contact-form-db 1.6 Plugin.Settings.Cross-Site.Request.Forgery MEDIUM" "save-as-image-by-pdfcrowd 3.2.2 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "save-as-image-by-pdfcrowd 3.2.2 Admin+.Stored.XSS LOW" "save-as-image-by-pdfcrowd 2.16.1 Admin+.Stored.XSS LOW" "simple-image-popup No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "simple-image-popup 2.0.0 Admin+.Stored.XSS LOW" "social-login-wp No.known.fix CSRF MEDIUM" "social-buttons-pack 1.1.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "sliding-widgets No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "sell-photo 1.0.6 Authenticated.Stored.Cross-Site.Scripting LOW" "stepbyteservice-openstreetmap No.known.fix Use.of.Polyfill.io MEDIUM" "stepbyteservice-openstreetmap 1.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-slug-translate 2.7.3 Admin+.Stored.XSS LOW" "simple-download-button-shortcode No.known.fix Sensitive.Data.Disclosure MEDIUM" "stylish-price-list 7.1.8 Contributor+.Stored.XSS MEDIUM" "stylish-price-list 7.0.18 Missing.Authorization MEDIUM" "stylish-price-list 6.9.1 Subscriber+.Arbitrary.Image.Upload MEDIUM" "stylish-price-list 6.9.0 Unauthenticated.Arbitrary.Image.Upload MEDIUM" "slide-anything 2.4.9 Author+.Stored.XSS MEDIUM" "slide-anything 2.3.47 Author+.Cross.Site.Scripting.in.slide.title MEDIUM" "slide-anything 2.3.44 Editor+.Stored.Cross-Site.Scripting LOW" "slide-anything 2.3.41 Contributor+.SQLi HIGH" "sunshine-photo-cart 3.2.6 Reflected.Cross-Site.Scripting MEDIUM" "sunshine-photo-cart 3.2.2 Missing.Authorization MEDIUM" "sunshine-photo-cart 3.1.2 Unauthenticated.PHP.Object.Injection CRITICAL" "sunshine-photo-cart 3.1.2 Reflected.Cross-Site.Scripting MEDIUM" "sunshine-photo-cart 3.1 Unauthenticated.Sensitive.Information.Exposure.via.Invoice MEDIUM" "sunshine-photo-cart 3.0 Insecure.Direct.Object.Reference.to.Order.Manipulation MEDIUM" "sunshine-photo-cart 2.9.15 Reflected.XSS HIGH" "sunshine-photo-cart 2.9.14 Image.Location.Update.via.CSRF MEDIUM" "sunshine-photo-cart 2.8.29 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "superlogoshowcase-wp 2.3 Unauthenticated.Arbitrary.File.Upload CRITICAL" "school-management-pro No.known.fix Authenticated.(School.Admin+).SQL.Injection CRITICAL" "school-management-pro 9.9.7 Unauthenticated.RCE.via.REST.api CRITICAL" "skt-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "super-testimonial-pro 1.0.8 Admin+.Stored.Cross-Site.Scripting LOW" "site-reviews 7.0.0 IP.Spoofing MEDIUM" "site-reviews 6.11.7 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "site-reviews 6.11.7 Authenticated(Subscriber+).Stored.Cross-Site.Scripting.via.display.name MEDIUM" "site-reviews 6.10.3 Missing.Authorization MEDIUM" "site-reviews 6.7.1 Admin+.Stored.XSS LOW" "site-reviews 6.6.0 Contributor+.Stored.XSS MEDIUM" "site-reviews 6.6.0 Contributor+.Stored.XSS MEDIUM" "site-reviews 6.4.0 Unauthenticated.CSV.Injection MEDIUM" "site-reviews 5.17.3 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "site-reviews 5.13.1 Admin+.Stored.XSS LOW" "site-reviews 2.15.3 Cross-Site.Scripting.(XSS) MEDIUM" "site-offline 1.5.7 Admin+.Stored.XSS LOW" "site-offline 1.5.3 Access.Bypass MEDIUM" "site-offline 1.4.4 Multiple.Cross-Site.Request.Forgery MEDIUM" "system-dashboard 2.8.10 XSS.via.Header.Injection LOW" "system-dashboard 2.8.8 Missing.Authorization.to.Information.Disclosure.(sd_db_specs) MEDIUM" "system-dashboard 2.8.8 Missing.Authorization.to.Information.Disclosure.(sd_option_value) MEDIUM" "system-dashboard 2.8.8 Missing.Authorization.to.Information.Disclosure.(sd_php_info) MEDIUM" "system-dashboard 2.8.8 Missing.Authorization.to.Information.Disclosure.(sd_global_value) MEDIUM" "system-dashboard 2.8.8 Missing.Authorization.to.Information.Disclosure.(sd_constants) MEDIUM" "speed-booster-pack 4.3.3.1 Admin+.SQL.Injection MEDIUM" "speed-booster-pack 4.2.0 Authenticated.(admin+).RCE CRITICAL" "search-filter-pro 2.5.18 Admin+.Stored.XSS LOW" "smart-grid-gallery 1.1.5 Vimeo.and.YouTube.Gallery.<.1.1.5.-.Admin+.Stored.Cross-Site.Scripting LOW" "slider-responsive-slideshow 1.4.2 Missing.Authorization MEDIUM" "slider-responsive-slideshow 1.4.0 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "salient-core 2.0.8 Authenticated.(Contributor+).Local.File.Inclusion.via.Shortcode HIGH" "salient-core 2.0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "salient-core 2.0.3 Reflected.Cross-Site.Scripting MEDIUM" "super-transactional-emails-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "super-transactional-emails-for-woocommerce 1.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "symbiostock No.known.fix Authenticated.(Shop.Manager+).Arbitrary.File.Upload HIGH" "superfast-mailgun-newsletter 1.1.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "shared-files 1.7.29 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "shared-files 1.7.20 Missing.Authorization MEDIUM" "shared-files 1.7.17 Missing.Authorization.to.Notice.Dismissal MEDIUM" "shared-files 1.7.6 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "shared-files 1.7.1 Reflected.Cross-Site.Scripting MEDIUM" "shared-files 1.6.72 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "shared-files 1.6.61 Admin+.Stored.Cross-Site.Scripting LOW" "shared-files 1.6.57 Admin+.Stored.Cross-Site.Scripting LOW" "spotlight-social-photo-feeds 1.6.11 Cross-Site.Request.Forgery MEDIUM" "spotlight-social-photo-feeds 1.6.1 Reflected.Cross-Site.Scripting MEDIUM" "spotlight-social-photo-feeds 1.4.3 Contributor+.Stored.XSS MEDIUM" "spotlight-social-photo-feeds 0.10.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sitemap-by-click5 1.0.36 Unauthenticated.Arbitrary.Options.Update CRITICAL" "social-kit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "social-kit No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-lightbox-gallery No.known.fix Authenticated.(Contributor+).PHP.Object.Injection MEDIUM" "sola-newsletters No.known.fix CSRF.to.Stored.XSS HIGH" "saan-world-clock No.known.fix Contributor+.Stored.XSS MEDIUM" "stream 4.0.2 Cross-Site.Request.Forgery.to.Arbitrary.Options.Update HIGH" "stream 3.9.3 Missing.Authorization.via.load_alerts_settings MEDIUM" "stream 3.9.3 CSRF MEDIUM" "stream 3.9.2 Subscriber+.Alert.Creation MEDIUM" "stream 3.8.2 Admin+.SQL.Injection MEDIUM" "simple-custom-author-profiles No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "sendpress No.known.fix Admin+.Stored.XSS.via.Settings LOW" "sendpress No.known.fix Admin+.Stored.XSS.via.Form.Settings LOW" "sendpress No.known.fix Reflected.XSS HIGH" "sendpress 1.23.11.6 Contributor+.Stored.XSS MEDIUM" "sendpress No.known.fix Admin+.Stored.XSS LOW" "sendpress No.known.fix CSRF MEDIUM" "sendpress 1.20.7.13 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "sendpress 1.2 Authenticated.SQL.Injection MEDIUM" "simply-static 3.1.4 Unauthenticated.Information.Exposure MEDIUM" "simply-static 3.1.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "slash-admin 3.8.2 Cross-Site.Request.Forgery MEDIUM" "sharebar No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "sharebar 1.2.2 SQL.Injection.&.Cross.Site.Scripting CRITICAL" "startend-subscription-add-on-for-gravityforms 4.0.6 Reflected.Cross-Site.Scripting MEDIUM" "seos-contact-form No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "smart-logo-showcase-lite No.known.fix Contributor+.Stored.XSS MEDIUM" "smart-logo-showcase-lite 1.1.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "search-exclude 1.2.7 Author+.Stored.Cross-Site.Scripting MEDIUM" "search-exclude 1.2.4 Arbitrary.Settings.Change HIGH" "spider-facebook No.known.fix Cross-Site.Request.Forgery MEDIUM" "spider-facebook No.known.fix Reflected.XSS HIGH" "svg-flags-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "svg-flags-lite 0.9.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sitemap-index No.known.fix Admin+.XSS LOW" "sticky-buttons 3.2.4 Button.Deletion.via.CSRF MEDIUM" "sticky-buttons 3.2.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "sticky-buttons 3.1.1 Reflected.XSS MEDIUM" "super-notes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "super-notes No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "schema-app-structured-data-for-schemaorg 2.2.1 Cross-Site.Request.Forgery MEDIUM" "schema-app-structured-data-for-schemaorg 2.2.1 Missing.Authorization MEDIUM" "schema-app-structured-data-for-schemaorg 1.22.4 Missing.Authorization.via.page_init MEDIUM" "snow-monkey-forms 5.0.7 Unauthenticated.Path.Traversal MEDIUM" "social-media-feather 2.1.4 Subscriber+.Unauthorised.Action MEDIUM" "social-media-feather 2.0.5 Admin+.Stored.Cross-Site.Scripting LOW" "store-locator-le No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "store-locator-le 5.9 Authenticated.Privilege.Escalation CRITICAL" "store-locator-le 5.9 Unauthenticated.Stored.XSS HIGH" "steam-group-viewer No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "sitepress-multilingual-cms 4.6.13 Contributor+.RCE.via.Twig.Server-Side.Template.Injection CRITICAL" "sitepress-multilingual-cms 4.6.1 Reflected.Cross-Site.Scripting HIGH" "sitepress-multilingual-cms 4.5.14 CSRF MEDIUM" "sitepress-multilingual-cms 4.5.11 Subscriber+.Translation.Job.Status.Update MEDIUM" "sitepress-multilingual-cms 4.5.11 Subscriber+.Settings.Update MEDIUM" "sitepress-multilingual-cms 4.3.7 Authenticated.Cross.Site.Request.Forgery.leading.to.Remote.Code.Execution HIGH" "sitepress-multilingual-cms 4.0 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "sitepress-multilingual-cms 3.2.7 Cross-Site.Scripting.(XSS).in.Accept-Language.Header MEDIUM" "spamreferrerblock No.known.fix Admin+.Stored.XSS LOW" "spamreferrerblock No.known.fix Cross-Site.Request.Forgery MEDIUM" "simple-page-access-restriction 1.0.23 Improper.Access.Control.to.Sensitive.Information.Exposure.via.REST.API MEDIUM" "slider-factory 1.3.6 Subscriber+.Arbitrary.Post.Access MEDIUM" "slider-factory 1.3.2 Slider.Clone/Save/Delete.via.CSRF MEDIUM" "stockdio-historical-chart 2.8.1 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "smarty-for-wordpress No.known.fix Admin+.Stored.XSS LOW" "smarty-for-wordpress No.known.fix Settings.Update.via.CSRF MEDIUM" "shopping-pages No.known.fix Stored.XSS.via.CSRF HIGH" "story-chief 1.0.31 Reflected.Cross-Site.Scripting.(XSS) HIGH" "story-chief 1.0.31 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "structured-content 1.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "structured-content 1.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Classic.Editor.Shortcode MEDIUM" "structured-content 1.6 Contributor+.Stored.XSS MEDIUM" "structured-content 1.6 Contributor+.PHP.Object.Injection HIGH" "structured-content 1.5.1 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "smooth-page-scroll-updown-buttons No.known.fix Authenticated.Stored.XSS.via.psb_positioning MEDIUM" "smooth-page-scroll-updown-buttons 1.4 Authenticated.Stored.XSS MEDIUM" "shopbuilder 2.1.13 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "shopbuilder 2.1.9 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "sv-posts 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "sv-posts 1.8.03 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "staff-directory-pro 4.0 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "staff-directory-pro 4.0 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "simple-youtube-gdpr No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-youtube-gdpr No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "shortcode-variables 4.1.5 Cross-Site.Request.Forgery MEDIUM" "squelch-tabs-and-accordions-shortcodes 0.4.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.tab.Shortcode MEDIUM" "squelch-tabs-and-accordions-shortcodes 0.4.8 Cross-Site.Request.Forgery MEDIUM" "squelch-tabs-and-accordions-shortcodes 0.4.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.accordions.Shortcode MEDIUM" "sitewide-notice-wp 2.3 Admin+.Stored.XSS LOW" "seo-simple-pack 3.3.0 Information.Exposure MEDIUM" "simple-testimonials-showcase No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-testimonials-showcase No.known.fix Cross-Site.Request.Forgery MEDIUM" "spider-contacts No.known.fix Reflected.XSS HIGH" "spice-blocks 1.3 Reflected.Cross-Site.Scripting MEDIUM" "social-login-bws 0.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "security-antivirus-firewall No.known.fix IP.Address.Spoofing.to.Protection.Mechanism.Bypass MEDIUM" "shipping-manager-for-woocommerce 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "shipping-manager-for-woocommerce 1.3.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "scrollto-bottom No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "spice-post-slider 2.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "spice-post-slider 2.0.1 Reflected.Cross-Site.Scripting MEDIUM" "socialdriver-framework 2024.04.30 Contributor+.Stored.XSS MEDIUM" "socialdriver-framework 2024.04.30 Reflected.XSS HIGH" "socialdriver-framework 2024.04.30 Admin+.Stored.XSS.via.Settings LOW" "socialdriver-framework 2024.0.0 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "simple-image-popup-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "slider-range-htapps 1.1.6 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "sirv 7.2.8 Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "sirv 7.2.8 Authenticated(Subscriber+).Missing.Authorization.to.Plugin.Settings.Update MEDIUM" "sirv 7.2.7 Authenticated.(Contributor+).Arbitrary.File.Upload CRITICAL" "sirv 7.2.3 Missing.Authorization.to.Arbitrary.Options.Update CRITICAL" "sirv 7.2.1 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "sirv 7.2.1 Missing.Authorization MEDIUM" "sirv 7.1.3 Missing.Authorization.via.sirv_disconnect MEDIUM" "sirv 6.8.1 Admin+.Stored.XSS LOW" "sirv 1.3.2 Authenticated.SQL.Injection HIGH" "simple-popup No.known.fix Admin+.Stored.XSS LOW" "shared-counts 1.5.0 Missing.Authorization.to.Arbitrary.Email.Sending MEDIUM" "shareaholic 9.7.12 Missing.Authorization.via.accept_terms_of_service MEDIUM" "shareaholic 9.7.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "shareaholic 9.7.6 Information.Disclosure MEDIUM" "skype-online-status No.known.fix Contributor+.Stored.XSS MEDIUM" "shopp No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "scrollbar-customizer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "smart-forms 2.6.92 Missing.Authorization.to.Notice.Dismissal MEDIUM" "smart-forms 2.6.96 Admin+.Stored.XSS LOW" "smart-forms 2.6.94 Subscriber+.Edit.Entries.via.Broken.Access.Control MEDIUM" "smart-forms 2.6.94 Edit.Entries.via.CSRF MEDIUM" "smart-forms 2.6.87 Subscriber+.Arbitrary.Entry.Deletion MEDIUM" "smart-forms 2.6.85 Subscriber+.Arbitrary.Options.Update HIGH" "smart-forms 2.6.71 Subscriber+.Form.Data.Download MEDIUM" "smart-forms 2.6.16 Cross-Site.Request.Forgery.(CSRF) HIGH" "save-as-pdf-by-pdfcrowd 4.0.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "save-as-pdf-by-pdfcrowd 3.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "save-as-pdf-by-pdfcrowd 3.2.1 Missing.Authorization MEDIUM" "save-as-pdf-by-pdfcrowd 3.2.0 Admin+.Stored.XSS LOW" "save-as-pdf-by-pdfcrowd 3.2.2 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "save-as-pdf-by-pdfcrowd 2.16.1 Admin+.Stored.XSS LOW" "sync-post-with-other-site 1.7 Missing.Authorization.to.Authenticated.(Subscriber+).Post.Creation.and.Update MEDIUM" "sync-post-with-other-site 1.5.2 Cross-Site.Request.Forgery MEDIUM" "subscribers-text-counter 1.7.1 Settings.Update.via.CSRF.to.Stored.XSS HIGH" "secondary-title 2.1.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "simple-author-box 2.52 Contributor+.Arbitrary.User.Information.Disclosure.via.IDOR LOW" "simple-author-box 2.4 Reflected.Cross-Site.Scripting MEDIUM" "super-social-content-locker-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-share-buttons-adder 8.5.1 Admin+.Stored.XSS LOW" "simple-share-buttons-adder 8.4.12 Authenticated(Administrator+).Stored.Cross-Site.Scripting.via.CSS.Settings MEDIUM" "simple-share-buttons-adder 8.5.1 CSRF MEDIUM" "simple-share-buttons-adder 6.0.1 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "secure-downloads 1.2.3 Admin+.Arbitrary.File.Download MEDIUM" "slideshow-se 2.5.18 Authenticated.(Author+).Limited.Local.File.Inclusion HIGH" "slideshow-se No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "slideshow-se 2.5.6 Author+.Stored.XSS MEDIUM" "slideshow-se 2.5.6 Subscriber+.Stored.XSS HIGH" "slideshow-ck 1.4.10 Admin+.Stored.Cross-Site.Scripting LOW" "support-genix-lite 1.2.4 Missing.Authorization MEDIUM" "salon-booking-system 10.9 Unauthenticated.Open.Redirect MEDIUM" "salon-booking-system 10.8 Authenticated.(Administrator+).SQL.Injection CRITICAL" "salon-booking-system 10.3 Unauthenticated.Arbitrary.File.Upload CRITICAL" "salon-booking-system 10.0 Missing.Authorization MEDIUM" "salon-booking-system 10.0 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "salon-booking-system 9.6.6 Settings.Update.via.CSRF MEDIUM" "salon-booking-system 9.6.6 Editor+.Stored.XSS LOW" "salon-booking-system 9.6.6 Editor+.Stored.XSS.via.Email.Settings LOW" "salon-booking-system 9.5.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "salon-booking-system 9.6.3 Unauthenticated.Stored.XSS HIGH" "salon-booking-system 9.6.3 Unauthenticated.Stored.XSS HIGH" "salon-booking-system 8.7 Authenticated.(Editor+).Privilege.Escalation HIGH" "salon-booking-system 8.4.9 Reflected.Cross-Site.Scripting MEDIUM" "salon-booking-system 8.4.8 User.Role.change.via.CSRF MEDIUM" "salon-booking-system 7.9.4 Reflected.Cross-Site.Scripting MEDIUM" "salon-booking-system 7.6.3 Unauthenticated.Sensitive.Data.Disclosure MEDIUM" "salon-booking-system 7.6.3 Customer+.Bookings/Customers.Data.Disclosure HIGH" "salon-booking-system 7.6.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "salon-booking-system 6.3.1 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "snazzyadmin-wp-admin-theme No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "snazzyadmin-wp-admin-theme No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "snazzyadmin-wp-admin-theme No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "show-website-content-in-wordpress-page-or-post 2024.04.09 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "saphali-woocommerce-lite 1.9.0 Settings.Update/Reset.via.CSRF MEDIUM" "shapepress-dsgvo 3.1.33 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "shapepress-dsgvo 3.1.24 Unauthenticated.Arbitrary.Post.Deletion HIGH" "shapepress-dsgvo 3.1.24 Unauthenticated.Plugin's.Settings.Update.to.Stored.Cross-Site.Scripting HIGH" "shapepress-dsgvo 2.2.19 Authenticated.Reflected.XSS MEDIUM" "salon-booking-plugin-pro 7.6.3 Customer+.Bookings/Customers.Data.Disclosure HIGH" "salon-booking-plugin-pro 7.6.3 Unauthenticated.Sensitive.Data.Disclosure MEDIUM" "seo-by-rank-math 1.0.219 Authenticated.Stored.XSS LOW" "seo-by-rank-math 1.0.219-beta Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "seo-by-rank-math 1.0.218 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "seo-by-rank-math 1.0.217 Contributor+.Stored.Cross-Site.Scripting.via.'titleWrapper' MEDIUM" "seo-by-rank-math 1.0.215 Contributor+.Stored.XSS MEDIUM" "seo-by-rank-math 1.0.119.1 Contributor+.Stored.XSS MEDIUM" "seo-by-rank-math 1.0.107.3 Contributor+.LFI MEDIUM" "seo-by-rank-math 1.0.95.1 Unauthenticated.SSRF MEDIUM" "seo-by-rank-math 1.0.42.2 Authenticated.Missing.Access.Controls.to.Disable.Competitor.Plugins MEDIUM" "seo-by-rank-math 1.0.41 Rank.Math.<.1.0.41.-.Redirect.Creation.via.Unprotected.REST.API.Endpoint MEDIUM" "seo-by-rank-math 1.0.41 Rank.Math.<.1.0.41.-.Privilege.Escalation.via.Unprotected.REST.API.Endpoint CRITICAL" "seo-by-rank-math 1.0.27.1 Authenticated.Settings.Reset MEDIUM" "sitepact-klaviyo-contact-form-7 No.known.fix Unauthenticated.SQL.Injection CRITICAL" "site-audit No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "syndication-links 1.0.2.1 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "securimage-wp No.known.fix Cross-Site.Request.Forgery MEDIUM" "shortcode-addons No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "shortcode-addons No.known.fix Authenticated.(Admin+).Arbitrary.File.Upload CRITICAL" "shortcode-addons 3.2.0 Authenticated.Arbitrary.Options.Update MEDIUM" "shortcode-addons 3.1.0 Unauthenticated.Arbitrary.Option.Update CRITICAL" "stock-locations-for-woocommerce 2.6.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "siteimprove 2.0.7 Cross-Site.Request.Forgery MEDIUM" "share-on-diaspora 0.7.2 XSS MEDIUM" "side-cart-woocommerce 2.3 Admin+.Stored.XSS LOW" "side-cart-woocommerce 2.2 Settings.Reset.via.CSRF MEDIUM" "side-cart-woocommerce 2.1 Various.Versions.CSRF.to.Arbitrary.Options.Update HIGH" "script-planner No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "script-planner No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-admin-language-change 2.0.2 Arbitrary.User.Locale.Change MEDIUM" "side-menu 3.1.5 Authenticated.(admin+).SQL.Injection HIGH" "simple-photo-gallery No.known.fix Admin+.SQLi MEDIUM" "svg-vector-icon-plugin No.known.fix Admin+.Remote.Code.Execution.(RCE) MEDIUM" "svg-vector-icon-plugin 3.2.3 Cross-Site.Request.Forgery.(CSRF).leading.to.RCE HIGH" "squirrly-seo-pack No.known.fix Advanced.Pack.<=.2.3.8.-.Authenticated(Administrator+).SQL.Injection MEDIUM" "simple-tags 3.20.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "simple-tags 3.6.5 Editor+.Stored.XSS LOW" "simple-tags 3.4.5 Reflected.Cross-Site.Scripting MEDIUM" "simple-tags 3.0.7.2 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "seo-slider 1.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "scriptless-social-sharing 3.2.2 Contributor+.Stored.XSS MEDIUM" "slick-contact-forms No.known.fix Contributor+.Stored.XSS MEDIUM" "sis-handball No.known.fix Settings.Update.via.CSRF MEDIUM" "smart-tools-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "smart-tools-for-woocommerce 1.0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "stagtools 2.3.8 Reflected.XSS HIGH" "stagtools 2.3.7 Contributor+.Stored.XSS MEDIUM" "simple-mobile-url-redirect No.known.fix Cross-Site.Request.Forgery MEDIUM" "simple-event-planner 1.5.5 Author+.Stored.Cross-Site.Scripting MEDIUM" "simple-event-planner 1.5.5 Contributor+.Stored.XSS LOW" "sendgrid-email-delivery-simplified No.known.fix Authenticated.Authorization.Bypass MEDIUM" "svg-uploads-support No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "simple-membership 4.4.6 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "simple-membership 4.4.4 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "simple-membership 4.4.3 Unauthenticated.Stored.Self-Based.Cross-Site.Scripting MEDIUM" "simple-membership 4.4.2 Open.Redirect MEDIUM" "simple-membership 4.3.9 Reflected.Cross-Site.Scripting.Vulnerability.via.environment_mode MEDIUM" "simple-membership 4.3.5 Account.Takeover.via.Password.Reset HIGH" "simple-membership 4.3.5 Privilege.escalation.via.Registration HIGH" "simple-membership 4.3.6 Reflected.XSS HIGH" "simple-membership 4.2.2 Contributor+.Stored.XSS MEDIUM" "simple-membership 4.1.3 Membership.Privilege.Escalation MEDIUM" "simple-membership 4.1.3 Unauthenticated.Membership.Privilege.Escalation MEDIUM" "simple-membership 4.1.1 Reflected.Cross-Site.Scripting MEDIUM" "simple-membership 4.1.0 Arbitrary.Transaction.Deletion.via.CSRF MEDIUM" "simple-membership 4.0.9 Arbitrary.Member.Deletion.via.CSRF MEDIUM" "simple-membership 4.0.4 Authenticated.SQL.Injections CRITICAL" "simple-membership 3.8.5 Cross-Site.Request.Forgery.(CSRF) HIGH" "simple-membership 3.5.7 XSS MEDIUM" "simple-membership 3.3.3 Multiple.CSRF HIGH" "social-tape No.known.fix CSRF.to.Stored.XSS HIGH" "smart-cookie-kit 2.3.2 Contributor+.Stored.XSS MEDIUM" "sexy-contact-form 1.0.0 Shell.Upload CRITICAL" "stackable-ultimate-gutenberg-blocks 3.13.2 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "stackable-ultimate-gutenberg-blocks 3.12.12 Contributor+.Stored.XSS.via.Posts.Block MEDIUM" "stackable-ultimate-gutenberg-blocks 3.9.1 Reflected.Cross-Site.Scripting MEDIUM" "stackable-ultimate-gutenberg-blocks 3.1.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sidebar-manager 1.1.5 Cross-Site.Request.Forgery MEDIUM" "sidebar-manager 1.1.4 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "surbma-gdpr-proof-google-analytics 17.8.2 Reflected.Cross-Site.Scripting MEDIUM" "surbma-gdpr-proof-google-analytics 17.6.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "surbma-gdpr-proof-google-analytics 17.5.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "shortcode-for-current-date 2.1.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "simple-301-redirects-addon-bulk-uploader 1.2.5 Multiple.Issues MEDIUM" "ssl-atlas-free-ssl-certificate-https-redirect 1.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "single-sign-on-client No.known.fix Authentication.Bypass HIGH" "seamless-donations 5.1.9 Arbitrary.Settings.Update.via.CSRF MEDIUM" "squeeze 1.4.1 Authenticated.(Admin+).Arbitrary.File.Upload CRITICAL" "snapshot-backup No.known.fix Stored.XSS.via.CSRF HIGH" "social-login-lite-for-woocommerce No.known.fix Authentication.Bypass CRITICAL" "s3bubble-amazon-s3-html-5-video-with-adverts No.known.fix Directory.Traversal.leading.to.Arbitrary.File.Access HIGH" "share-woocommerce-email No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "swifty-page-manager No.known.fix Admin+.Stored.XSS LOW" "swifty-page-manager No.known.fix Page.Creation/Deletion.via.CSRF MEDIUM" "seriously-simple-podcasting 3.3.0 Admin+.Stored.XSS LOW" "seriously-simple-podcasting 3.1.0 Reflected.Cross-Site.Scripting MEDIUM" "seriously-simple-podcasting 3.0.0 Unauthenticated.Administrator.Email.Disclosure MEDIUM" "seriously-simple-podcasting 2.19.1 Contributor+.Stored.XSS MEDIUM" "seriously-simple-podcasting 2.16.1 Arbitrary.Settings.Update.via.CSRF MEDIUM" "smart-app-banner 1.1.4 Admin+.Stored.XSS LOW" "smart-app-banner 1.1.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "slider-hero 8.7.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "slider-hero 8.4.4 Admin+.Stored.Cross-Site.Scripting LOW" "slider-hero 8.2.7 Contributor+.SQL.Injection CRITICAL" "slider-hero 8.2.1 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "sb-child-list No.known.fix Settings.Update.via.CSRF MEDIUM" "social-warfare 4.4.7.3 Injected.Backdoor CRITICAL" "social-warfare 4.4.6 Cross-Site.Request.Forgery MEDIUM" "social-warfare 4.4.6.2 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "social-warfare 4.4.4 Social.Warfare.<.4.4.4.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "social-warfare 4.3.1 Subscriber+.Post.Meta.Deletion MEDIUM" "social-warfare 4.4.0 Post.Meta.Deletion.via.CSRF MEDIUM" "social-warfare 3.5.3 Unauthenticated.Remote.Code.Execution.(RCE) MEDIUM" "suretriggers 1.0.48 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Trigger.Link.Shortcode MEDIUM" "suretriggers 1.0.24 Cross-Site.Request.Forgery MEDIUM" "srbtranslatin 2.4.1 Cross-Site.Scripting.From.Third-party.Library HIGH" "srbtranslatin 1.47 Stored.XSS.&.CSRF HIGH" "ship-to-ecourier 1.0.2 Plugin's.Settings.Update.via.CSRF MEDIUM" "smtp2go 1.5.0 Admin+.Stored.XSS LOW" "square-thumbnails No.known.fix Missing.Authorization MEDIUM" "simple-bitcoin-faucets No.known.fix Unauthorised.AJAX.Call.to.Stored.XSS MEDIUM" "stratum 1.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Widget MEDIUM" "stratum 1.3.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "seraphinite-accelerator 2.21 Authenticated.(Subscriber+).Server-Side.Request.Forgery.in.OnAdminApi_HtmlCheck MEDIUM" "seraphinite-accelerator 2.20.48 Unauthenticated.Sensitive.Information.Exposure.via.Log.File MEDIUM" "seraphinite-accelerator 2.20.29 Reflected.Cross-Site.Scripting.via.rt MEDIUM" "seraphinite-accelerator 2.20.32 Unauthorised.Settings.Reset/Import MEDIUM" "seraphinite-accelerator 2.2.29 Authenticated.Arbitrary.Redirect MEDIUM" "seraphinite-accelerator 2.2.29 Reflected.XSS HIGH" "sensei-lms 4.24.2 Unauthenticated.Email.Template.Leak MEDIUM" "sensei-lms 4.24.0 Unauthenticated.Rewrite.Rules.Flushing MEDIUM" "sensei-lms 4.18.0 Contributor+.Stored.XSS MEDIUM" "sensei-lms 4.20.0 Teacher+.Users.Email.Address.Disclosure MEDIUM" "sensei-lms 4.5.2 Arbitrary.Private.Message.Sending.via.IDOR LOW" "sensei-lms 4.5.0 Unauthenticated.Private.Messages.Disclosure.via.Rest.API MEDIUM" "seo-site-auditor-agency 1.2.9 Reflected.Cross-Site.Scripting MEDIUM" "seo-site-auditor-agency 1.2.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "setka-editor No.known.fix Cross-Site.Request.Forgery.via.handleRequest MEDIUM" "setka-editor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "setka-editor 2.1.17 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sender-net-automated-emails 2.6.16 Reflected.Cross-Site.Scripting MEDIUM" "sender-net-automated-emails 2.6.19 Cross-Site.Request.Forgery MEDIUM" "seo-by-10web No.known.fix Reflected.XSS HIGH" "seo-by-10web 1.2.7 Admin+.Stored.XSS LOW" "searchwp 4.2.6 Subscriber+.Settings.Update MEDIUM" "simplemortgage No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sort-searchresult-by-title 11.0 CSRF MEDIUM" "slidedeck2 2.3.5 Unspecified.File.Inclusion CRITICAL" "sabai-discuss 1.4.14 Reflected.Cross.Site.Scripting MEDIUM" "shopengine 4.1.2 CSRF MEDIUM" "simple-facebook-plugin 1.5.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "simple-facebook-plugin 1.5.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "s3bubble-amazon-s3-audio-streaming No.known.fix Arbitrary.File.Download HIGH" "smpl-shortcodes No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "seosamba-webmasters 1.0.6 Access.Key.Update.via.CSRF MEDIUM" "sv-media-library 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "sv-media-library 1.8.01 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "stellissimo-text-box No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "stax No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "stax 1.3.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sticky-chat-widget 1.1.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "seo-redirection 9.1 Multiple.CSRF MEDIUM" "seo-redirection 9.1 404.Error.&.History.Deletion.via.CSRF MEDIUM" "seo-redirection 8.2 Subscriber+.SQL.Injection HIGH" "seo-redirection 7.9 Arbitrary.Redirect.Deletion.via.CSRF MEDIUM" "seo-redirection 7.4 Reflected.Cross-Site.Scripting HIGH" "seo-redirection 7.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "seo-redirection 6.4 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "seo-redirection 4.3 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "seo-redirection 2.9 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "seo-redirection 2.3 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "super-interactive-maps 2.2 Unauthenticated.SQL.Injections CRITICAL" "super-interactive-maps 2.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "supreme-modules-for-divi 2.5.52 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "supreme-modules-for-divi 2.5.4 Contrib+.DOM-Based.Cross-Site.Scripting MEDIUM" "spider-event-calendar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "spider-event-calendar 1.5.52 Admin+.SQL.injection MEDIUM" "spider-event-calendar 1.5.52 Authenticated.Blind.SQL.Injection CRITICAL" "spider-event-calendar 1.4.14 Unauthenticated.SQL.Injection HIGH" "seo-title-tag No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sociable No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "sheets-to-wp-table-live-sync 3.7.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "simple-real-estate-pack-4 No.known.fix Admin+.Stored.Cross.Site.Scripting LOW" "sendpulse-web-push 1.3.2 CSRF MEDIUM" "sync-qcloud-cos 2.0.1 Admin+.Stored.Cross-Site.Scripting LOW" "spice-starter-sites 1.1 Reflected.Cross-Site.Scripting MEDIUM" "sponsors-carousel No.known.fix Admin+.Stored.XSS LOW" "seo-wordpress No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "subaccounts-for-woocommerce 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "simplelender-by-umatidocs-com No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "slideshow-gallery 1.8.2 Authenticated.(Contributor+).SQL.Injection HIGH" "slideshow-gallery 1.8.1 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "slideshow-gallery 1.7.9 Contributor+.SQLi MEDIUM" "slideshow-gallery 1.7.9 Settings.Reset.via.CSRF MEDIUM" "slideshow-gallery 1.7.4 Admin+.Stored.Cross-Site.Scripting LOW" "slideshow-gallery 1.6.9 XSS.and.SQLi CRITICAL" "slideshow-gallery 1.6.6 Multiple.Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "smartarget-message-bar No.known.fix Admin+.Stored.XSS LOW" "sp-client-document-manager No.known.fix Authenticated.(Subscriber+).Directory.Traversal MEDIUM" "sp-client-document-manager No.known.fix Authenticated.(Subscriber+).Arbitrary.Folder.Name.Update MEDIUM" "sp-client-document-manager No.known.fix Missing.Authorization MEDIUM" "sp-client-document-manager No.known.fix Subscriber+.File.Download.via.IDOR MEDIUM" "sp-client-document-manager No.known.fix Data.Update.via.IDOR MEDIUM" "sp-client-document-manager No.known.fix Authenticated.(Author+).SQL.Injeciton CRITICAL" "sp-client-document-manager No.known.fix Missing.Authorization.Stored.Cross-Site.Scripting MEDIUM" "sp-client-document-manager 4.70 Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "sp-client-document-manager 4.68 Subscriber+.SQLi HIGH" "sp-client-document-manager 4.68 Admin+.Stored.XSS LOW" "sp-client-document-manager 4.68 Subscriber+.Insecure.Direct.Object.References HIGH" "sp-client-document-manager 4.62 Reflected.Cross-Site.Scripting MEDIUM" "sp-client-document-manager 4.58 Sensitive.File.Disclosure MEDIUM" "sp-client-document-manager 4.26 Reflected.Cross-Site.Scripting HIGH" "sp-client-document-manager 4.24 Subscriber+.Shell.Upload HIGH" "sp-client-document-manager 4.22 Authenticated.Shell.Upload MEDIUM" "syncee-global-dropshipping 1.0.10 Global.Dropshipping.<.1.0.10.-.Authentication.Token.Disclosure HIGH" "sailthru-triggermail No.known.fix Admin+.Stored.XSS LOW" "sailthru-triggermail No.known.fix Reflected.XSS HIGH" "smart-protect No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "smart-protect No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sangar-slider-lite No.known.fix Cross-Site.Request.Forgery MEDIUM" "secupress-pro 2.0 Unauthenticated.Arbitrary.IP.Ban MEDIUM" "show-all-comments-in-one-page 7.0.1 Reflected.XSS HIGH" "spam-byebye 2.2.2 Cross-Site.Scripting.(XSS) MEDIUM" "shortcode-factory 2.8 Local.File.Inclusion CRITICAL" "shortcode-factory 1.1.1 XSS MEDIUM" "studiocart 2.5.20 Reflected.Cross-Site.Scripting MEDIUM" "studiocart 2.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-local-avatars 2.7.11 Cross-Site.Request.Forgery.via.save_default_avatar_file_id() MEDIUM" "skt-builder 4.2 Missing.Authorization.to.Authenticated(Subscriber+).Content.Injection MEDIUM" "subscribers-com 1.5.4 Free.Web.Push.Notifications.<.1.5.4.-.Admin+.Stored.XSS LOW" "shibboleth 1.8 Cross-Site.Scripting.(XSS) MEDIUM" "shiftcontroller 4.9.58 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "shiftcontroller 4.9.24 CSRF MEDIUM" "shiftcontroller 4.9.26 Reflected.Cross-Site.Scripting MEDIUM" "sp-announcement 2.0.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "search-meter 2.13.3 CSV.Injection MEDIUM" "select-all-categories-and-taxonomies-change-checkbox-to-radio-buttons 1.3.2 Reflected.Cross-Site.Scripting.(XSS) HIGH" "storefront-footer-text No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "simple-icons 2.7.8 Simple.Icons.<.2.7.8.-.Contributor+.Stored.XSS MEDIUM" "schema-and-structured-data-for-wp 1.34.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.url.Attribute MEDIUM" "schema-and-structured-data-for-wp 1.30 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.How.To.and.FAQ.Blocks MEDIUM" "schema-and-structured-data-for-wp 1.27 Contributor+.reCaptcha.Key.Update MEDIUM" "schema-and-structured-data-for-wp 1.27 Authenticated.Stored.XSS MEDIUM" "schema-and-structured-data-for-wp 1.26 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "schema-and-structured-data-for-wp 1.24 Contributor+.Stored.XSS MEDIUM" "sparkle-demo-importer 1.4.8 Missing.Authorization.to.Authorized(Subscriber+).Post/Pages/Attachements.Deletion.and.Demo.Data.Import MEDIUM" "simple-iframe 1.2.0 Contributor+.Stored.XSS MEDIUM" "shop-as-a-customer-for-woocommerce 1.2.4 Shop.Manager+.Privilege.Escalation CRITICAL" "shop-as-a-customer-for-woocommerce 1.1.8 Subscriber+.Privilege.Escalation CRITICAL" "sticky-social-link No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "seraphinite-old-slugs-mgr 1.4 Cross-Site.Request.Forgery MEDIUM" "stock-market-charts-from-finviz 1.0.2 Admin+.Stored.XSS LOW" "slicewp 1.1.21 Reflected.Cross-Site.Scripting MEDIUM" "slicewp 1.1.11 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "slicewp 1.0.46 Reflected.Cross-Site.Scripting.(XSS) HIGH" "simple-custom-website-data No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sv-gravity-forms-enhancer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sv-gravity-forms-enhancer 1.8.00 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "splash-header 1.20.8 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "simpleshop-cz 2.10.1 Cross-Site.Request.Forgery MEDIUM" "simpleshop-cz 2.10.3 Missing.Authorization MEDIUM" "shopkeeper-extender No.known.fix Contributor+.Stored.XSS MEDIUM" "simple-sitemap 3.5.14 Cross-Site.Request.Forgery.via.admin_notices MEDIUM" "simple-sitemap 3.5.10 Reflected.Cross-Site.Scripting MEDIUM" "simple-sitemap 3.5.8 Contributor+.Stored.XSS MEDIUM" "simple-sitemap 3.5.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-woocommerce-csv-loader No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "scroll-triggered-animations 3.0.11 Missing.Authorization.to.Plugin.Settings.Update MEDIUM" "scroll-top 1.4.1 Admin+.Stored.Cross-Site.Scripting LOW" "streamweasels-twitch-integration 1.8.0 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "streamweasels-twitch-integration 1.7.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "streamweasels-twitch-integration 1.3.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "searchterms-tagging-2 No.known.fix XSS.&.Authenticated.SQL.Injection HIGH" "scheduled-announcements-widget 1.0 Contributor+.Stored.XSS MEDIUM" "search-field-for-gravity-forms 0.6 Reflected.Cross-Site.Scripting MEDIUM" "smart-scroll-posts 2.0.9 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "subscribe2 10.41 Sending.Emails.via.CSRF MEDIUM" "subscribe2 10.41 Missing.Access.Controls MEDIUM" "subscribe2 10.38 User.Deletion.via.CSRF HIGH" "subscribe2 10.16 XSS MEDIUM" "sketchfab-oembed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "stock-ticker 3.24.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.stock_ticker.Shortcode MEDIUM" "stock-ticker 3.23.5 Authenticated.(Contributor+).Stored.Cross-Site.Scritping MEDIUM" "stock-ticker 3.23.4 Reflected.XSS HIGH" "stock-ticker 3.23.3 Reflected.XSS HIGH" "stock-ticker 3.23.1 Missing.Authorization.in.AJAX.Actions MEDIUM" "sticky-menu-or-anything-on-scroll 2.21 CSRF.&.XSS LOW" "smart-maintenance-mode No.known.fix Cross-Site.Request.Forgery MEDIUM" "squirrly-seo 12.3.20 Contributor+.SQL.Injection.via.url.Parameter MEDIUM" "squirrly-seo 12.3.17 Reflected.Cross-Site.Scripting HIGH" "squirrly-seo 12.3.16 Admin+.Stored.XSS LOW" "squirrly-seo 12.1.21 Reflected.Cross-Site.Scripting HIGH" "squirrly-seo 12.1.21 Missing.Authorization MEDIUM" "squirrly-seo 12.1.11 Contributor+.Arbitrary.File.Upload CRITICAL" "squirrly-seo 11.1.12 Reflected.Cross-Site.Scripting MEDIUM" "subscribe-to-category No.known.fix Unauthenticated.SQLi HIGH" "social-rocket 1.3.4 Reflected.Cross-Site.Scripting MEDIUM" "social-rocket 1.3.3 Admin+.Stored.Cross-Site.Scripting LOW" "social-rocket 1.2.10 Cross-Site.Request.Forgery.in.Settings MEDIUM" "share-one-drive 1.15.3 Reflected.Cross-Site.Scripting MEDIUM" "star-cloudprnt-for-woocommerce 2.0.4 Reflected.XSS HIGH" "star-cloudprnt-for-woocommerce No.known.fix Reflected.XSS HIGH" "seo-dashboard-by-gutewebsites-de No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "sticky-ad-bar No.known.fix Admin+.Stored.XSS LOW" "schedule-posts-calendar 5.3 CSRF MEDIUM" "schedule-posts-calendar 5.3 Admin+.Stored.XSS LOW" "sola-support-tickets 3.13 XSS.&.Configuration.Change MEDIUM" "simple-responsive-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "supersaas-appointment-scheduling 2.1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "supportboard 3.4.2 Multiple.Authenticated.SQLi HIGH" "supportboard 3.3.6 Arbitrary.File.Deletion.via.CSRF HIGH" "supportboard 3.3.5 Agent+.Stored.Cross-Site.Scripting MEDIUM" "supportboard 3.3.4 Multiple.Unauthenticated.SQL.Injections CRITICAL" "supportboard 1.2.9 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "supportboard 1.2.4 Stored.Cross-Site.Scripting MEDIUM" "starcat-review No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "starcat-review 0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "social-locker No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "social-locker 4.2.5 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "social-stickers No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "sky-elementor-addons 2.5.8 Contributor+.Stored.XSS MEDIUM" "sky-elementor-addons 2.5.0 Authenticated(Contributor+).Stored.Cross-site.scripting.via.Wrapper.Link.URL MEDIUM" "stylish-cost-calculator 7.0.4 Subscriber+.Unauthorised.AJAX.Calls.to.Stored.XSS HIGH" "survey-maker 4.2.9 Admin+.Stored.XSS.via.Plugin.Settings LOW" "survey-maker 4.1.0 IP.Address.Spoofing MEDIUM" "survey-maker 3.6.4 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "survey-maker 4.0.7 Reflected.Cross-Site.Scripting MEDIUM" "survey-maker 4.0.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "survey-maker 3.4.7 Reflected.XSS HIGH" "survey-maker 3.1.2 Subscriber+.SQLi HIGH" "survey-maker 3.1.4 Unauthenticated.Stored.XSS HIGH" "survey-maker 2.0.7 Unauthenticated.Store.Cross-Site.Scripting MEDIUM" "survey-maker 1.5.6 Reflected.Cross-Site.Scripting.(XSS) HIGH" "survey-maker 1.5.6 Authenticated.Blind.SQL.Injections HIGH" "sparrow No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sparrow No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-facebook-twitter-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-facebook-twitter-widget No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "social-auto-poster 5.3.15 Missing.Authorization.via.Multiple.Functions HIGH" "social-auto-poster 5.3.15 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "social-auto-poster 5.3.15 Cross-Site.Request.Forgery.via.Multiple.Functions MEDIUM" "social-auto-poster 5.3.15 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "social-auto-poster 5.3.15 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "social-auto-poster 5.3.15 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Meta.Update.via.wpw_auto_poster_update_tweet_template MEDIUM" "social-auto-poster 5.3.15 Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "subway No.known.fix Improper.Access.Control.to.Sensitive.Information.Exposure.via.REST.API MEDIUM" "sql-reporting-services No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sql-reporting-services No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "smtp-mailing-queue 1.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "smtp-mailing-queue 2.0.1 Admin+.Stored.XSS LOW" "seo-for-woocommerce 1.6.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "seed-fonts 2.4.0 Admin+.Stored.XSS LOW" "sassy-social-share 3.3.63 Sassy.social.share.<.3,3,63.Admin+.Stored.Cross-Site.scripting LOW" "sassy-social-share 3.3.61 Contributor+.Stored.XSS MEDIUM" "sassy-social-share 3.3.59 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "sassy-social-share 3.3.57 Contributor+.Stored.XSS MEDIUM" "sassy-social-share 3.3.45 Contributor+.Stored.XSS MEDIUM" "sassy-social-share 3.3.40 Reflected.Cross-Site.Scripting MEDIUM" "sassy-social-share 3.3.24 Missing.Access.Controls.to.PHP.Object.Injection MEDIUM" "social-gallery-lite No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "social-gallery-lite No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "supportflow 0.7 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "simple-revisions-delete 1.5.4 Cross-Site.Request.Forgery MEDIUM" "sitekit 1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "sitekit 1.5 Contributor+.Stored.XSS MEDIUM" "sitekit 1.4 Contributor+.Stored.XSS MEDIUM" "stockholm-core 2.4.2 Reflected.Cross-Site.Scripting MEDIUM" "stockholm-core 2.4.2 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "shortcodehub 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "seo-wizard No.known.fix Unauthorised.robots.txt.&..htaccess.Edit.via.CSRF HIGH" "seo-wizard No.known.fix Unauthorised.AJAX.Calls HIGH" "simple-tooltips No.known.fix Admin+.Stored.XSS LOW" "simple-tooltips 2.1.4 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "simple-blueprint-installer 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "sign-up-sheets 2.2.13 Reflected.XSS HIGH" "sign-up-sheets 2.2.13 Missing.Authorization MEDIUM" "sign-up-sheets 2.2.12 Cross-Site.Request.Forgery MEDIUM" "sign-up-sheets 2.2.9 Settings.Update/Reset.via.CSRF MEDIUM" "sign-up-sheets 1.0.14 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "sign-up-sheets 1.0.14 Authenticated.CSV.Injection MEDIUM" "sydney-toolbox 1.32 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.aThemes:.Portfolio.Widget MEDIUM" "sydney-toolbox 1.31 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sydney-toolbox 1.29 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Filterable.Gallery MEDIUM" "sydney-toolbox 1.27 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via._id MEDIUM" "sydney-toolbox 1.26 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "seo-optimized-images 2.1.4 Injected.Backdoor CRITICAL" "seo-optimized-images 2.1 Reflected.Cross-Site.Scripting MEDIUM" "simple-add-pages-or-posts 1.7 CSRF MEDIUM" "social-media-buttons-toolbar No.known.fix Admin+.Stored.XSS MEDIUM" "seers-cookie-consent-banner-privacy-policy 8.1.1 Cross-Site.Request.Forgery MEDIUM" "seers-cookie-consent-banner-privacy-policy 8.1.2 Unauthenticated.Cookie.Policy.Update MEDIUM" "send-email-only-on-reply-to-my-comment No.known.fix Stored.XSS.via.CSRF HIGH" "send-email-only-on-reply-to-my-comment No.known.fix Reflected.XSS HIGH" "supra-csv-parser No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "starterblocks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "starterblocks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-matted-thumbnails No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sender 1.2.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "simple-spoiler 1.4 1.3.-.Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "simple-spoiler 1.3 Admin+.Stored.XSS LOW" "sina-extension-for-elementor 3.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.read_more_text.Parameter MEDIUM" "sina-extension-for-elementor 3.5.5 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "sina-extension-for-elementor 3.5.4 Authenticated.(Contributor+).Stored.Cross-site.Scriping.via.'Sina.Particle.Layer' MEDIUM" "sina-extension-for-elementor 3.5.4 Authenticated.(Contributor+).DOM-Based.Cross-Site.Scripting MEDIUM" "sina-extension-for-elementor 3.5.2 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "sina-extension-for-elementor 3.5.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Sina.Fancy.Text.Widget MEDIUM" "sina-extension-for-elementor 3.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sina-extension-for-elementor 3.3.12 Contributor+.Stored.XSS MEDIUM" "sina-extension-for-elementor 2.2.1 LFI HIGH" "scrollsequence 1.5.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "scrollsequence 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "scrollsequence 1.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-download-counter 1.6.1 Contributor+.Stored.XSS MEDIUM" "smart-scroll-to-top-lite 1.0.4 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "seo-automated-link-building 2.1.1 Multiple.Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "soundcloud-shortcode 4.0.2 Contributor+.Stored.XSS MEDIUM" "soundcloud-shortcode 4.0.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "seo-local-rank 2.2.4 Unauthenticated.Arbitrary.File.Access.via.Path.Traversal HIGH" "simple-e-commerce-shopping-cart No.known.fix Arbitrary.File.Upload CRITICAL" "simple-student-result 1.7.5 Stored.Cross.Site.Scripting.via.CSRF MEDIUM" "simple-student-result 1.8.0 Unauthorised.REST.Calls MEDIUM" "simple-student-result 1.6.4 Auth.Bypass CRITICAL" "surbma-magyar-woocommerce 2022.0.3 Reflected.Cross-Site.Scripting MEDIUM" "surbma-magyar-woocommerce 30.3.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "scalable-vector-graphics-svg No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "seraphinite-accelerator-ext 2.21.13.1 Cross-Site.Request.Forgery.to.Arbitrary.File.Deletion MEDIUM" "soisy-pagamento-rateale No.known.fix Missing.Authorization.to.Sensitive.Information.Exposure HIGH" "smart-manager-for-wp-e-commerce 8.28.0 Admin+.SQL.Injection MEDIUM" "simple-cart-solution No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-cart-solution 1.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "spicebox 2.2 Reflected.Cross-Site.Scripting MEDIUM" "sprout-invoices 20.5.4 Sensitive.Information.Exposure MEDIUM" "sprout-invoices 19.0.1 Reflected.Cross-Site.Scripting MEDIUM" "sprout-invoices 19.9.7 Admin+.Stored.Cross-Site.Scripting LOW" "spiffy-calendar 4.9.12 Authenticated.(Administrator+).SQL.Injection CRITICAL" "spiffy-calendar 4.9.11 Missing.Authorization MEDIUM" "spiffy-calendar 4.9.10 Reflected.Cross-Site.Scripting MEDIUM" "spiffy-calendar 4.9.9 Broken.Access.Control LOW" "spiffy-calendar 4.9.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "spiffy-calendar 4.9.4 Reflected.XSS MEDIUM" "spiffy-calendar 4.9.2 SQL.Injection HIGH" "spiffy-calendar 4.9.1 Subscriber+.Arbitrary.Event.Edition/Deletion.via.IDOR MEDIUM" "spiffy-calendar 4.9.1 Arbitrary.Event.Deletion.via.CSRF MEDIUM" "spiffy-calendar 3.3.0 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "simply-excerpts No.known.fix Admin+.Stored.XSS LOW" "stops-core-theme-and-plugin-updates 8.0.5 Insufficient.Restrictions.on.Option.Changes MEDIUM" "sms-ovh No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "slingblocks 1.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shopconstruct No.known.fix Admin+.Stored.XSS LOW" "super-video-player 1.6.13 Reflected.Cross-Site.Scripting MEDIUM" "super-video-player 1.6.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-slider-ssp No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "sg-security 1.5.1 Missing.Authorization.via.hide_notice() MEDIUM" "sg-security 1.3.1 Admin+.SQLi MEDIUM" "sg-security 1.2.6 Authentication.Bypass.via.2-FA.Authentication.Setup CRITICAL" "sg-security 1.2.6 Authorization.Weakness.to.Authentication.Bypass.via.2-FA.Back-up.Codes HIGH" "sportspress 2.7.22 Admin+.Stored.XSS LOW" "sportspress 2.7.21 Missing.Authorization.to.Notice.Dismissal LOW" "sportspress 2.7.18 Missing.Authorization.to.Unauthenticated.Event.Permalink.Update MEDIUM" "sportspress 2.7.9 Reflected.Cross-Site.Scripting HIGH" "sportspress 2.7.2 Authenticated.Stored.Cross-Site.Scripting HIGH" "security-safe 2.5.2 Reflected.Cross-Site.Scripting MEDIUM" "security-safe 2.4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "scroll-post-excerpt No.known.fix Admin+.Stored.XSS LOW" "skaut-bazar 1.3.3 Reflected.Cross-Site.Scripting HIGH" "slider-video 1.4.8 Slider.Carousel.<.1.4.8.-.Admin+.Stored.Cross-Site.Scripting LOW" "sprout-clients No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sprout-clients 3.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sprout-clients 3.2 Subscriber+.Arbitrary.Option.Update CRITICAL" "scoutnet-kalender No.known.fix Stored.Cross-Site.Scripting.(XSS) MEDIUM" "simple-file-list 6.1.10 Admin+.Stored.XSS LOW" "simple-file-list 6.1.10 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "simple-file-list 6.0.10 Admin+.Stored.XSS LOW" "simple-file-list 4.4.12 Admin+.Stored.Cross-Site.Scripting LOW" "simple-file-list 4.4.13 Page.Creation.via.CSRF MEDIUM" "simple-file-list 4.4.12 Reflected.Cross-Site.Scripting MEDIUM" "simple-file-list 4.2.8 Authenticated.Arbitrary.File.Deletion HIGH" "simple-file-list 4.2.3 Unauthenticated.Arbitrary.File.Upload.RCE CRITICAL" "simple-file-list 3.2.8 Unauthenticated.Arbitrary.File.Download HIGH" "sms-alert 3.7.0 Cross-Site.Request.Forgery MEDIUM" "sms-alert 3.4.7 SMS.Alert.Order.Notifications.–.WooCommerce.<.3,4,7.Authenticated.Cross.Site.Scripting LOW" "sync-ecommerce-neo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sync-ecommerce-neo No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "slick-social-share-buttons No.known.fix Authenticated.(Subscriber+).Arbitrary.Option.Update HIGH" "spacer 3.0.7 Admin+.Stored.XSS LOW" "simple-portfolio-gallery No.known.fix Admin+.Stored.XSS MEDIUM" "slider-blocks 2.7.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-staff-list 2.2.5 Missing.Authorization.via.ajax_flush_rewrite_rules.and.staff_member_export MEDIUM" "simple-staff-list 2.2.4 Editor+.Stored.XSS MEDIUM" "simple-staff-list 2.2.3 Contributor+.Stored.XSS MEDIUM" "simply-gallery-block 3.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.galleryID.and.className.Parameters MEDIUM" "simply-gallery-block 3.1.5 Reflected.Cross-Site.Scripting MEDIUM" "simply-gallery-block 3.0.8 Subscriber+.Arbitrary.Options.Update HIGH" "simply-gallery-block 2.3.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simply-gallery-block 2.2.1 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "search-analytics 1.4.10 Missing.Authorization MEDIUM" "search-analytics 1.4.8 Reflected.XSS HIGH" "search-analytics 1.4.6 Admin+.Stored.XSS LOW" "simple-alert-boxes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Alert.Shortcode MEDIUM" "slivery-extender No.known.fix Authenticated(Contributor+).Remote.Code.Execution.via.shortcode HIGH" "sell-downloads 1.0.8 Insufficient.Restrictions.when.Brute-Force.Purchase.IDs HIGH" "sema-api 4.02 Unauthenticated.SQLi HIGH" "spotim-comments 4.0.4 Multiple.Vulnerabilities MEDIUM" "simple-site-verify 1.0.8 Admin+.Stored.XSS LOW" "slp-gravity-forms-locations No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "slp-gravity-forms-locations 5.9.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "smart-donations No.known.fix Smart.Donations.<=.4.0.12.-.Stored.XSS.via.CSRF HIGH" "smart-donations No.known.fix Cross-Site.Request.Forgery MEDIUM" "smart-donations No.known.fix Smart.Donations.<=.4.0.12.-.Admin+.SQLi MEDIUM" "smart-donations No.known.fix Smart.Donations.<=.4.0.12.-.Reflected.XSS HIGH" "south-pole-the-offset-movement No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "south-pole-the-offset-movement 1.0.2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "shipping-labels-for-woo 2.3.9 Authenticated.(Shop.Manager+).Stored.Cross-Site.Scripting LOW" "soundcloud-is-gold 2.3.2 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "surecart 2.29.4 Reflected.Cross-Site.Scripting MEDIUM" "surecart 2.5.1 Admin+.Stored.XSS LOW" "salt-shaker 1.4.2 Reflected.Cross-Site.Scripting MEDIUM" "string-locator 2.6.6 Reflected.Cross-Site.Scripting MEDIUM" "string-locator 2.6.0 Authenticated.PHAR.Deserialization MEDIUM" "string-locator 2.5.0 Admin+.Arbitrary.File.Read LOW" "stock-in No.known.fix Authenticated.SQL.Injection MEDIUM" "stock-in No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "scrollrevealjs-effects No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "social-icons-widget-by-wpzoom 4.2.18 Admin+.Stored.XSS LOW" "social-icons-widget-by-wpzoom 4.2.16 Missing.Authorization MEDIUM" "special-box-for-content No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "search-and-replace 3.2.3 Unauthenticated.PHP.Object.Injection MEDIUM" "search-and-replace 3.2.2 Admin+.SQL.injection MEDIUM" "search-and-replace 3.2.2 Administrator+.SQL.injection LOW" "seo-booster 3.8.10 Cross-Site.Request.Forgery MEDIUM" "seo-booster 3.8.9 Reflected.Cross-Site.Scripting MEDIUM" "seo-booster 3.8.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "seo-booster 3.8 Admin+.SQL.Injection MEDIUM" "simple-quotation No.known.fix Quote.Creation/Edition.via.CSRF.to.Stored.Cross-Site.Scripting MEDIUM" "simple-quotation No.known.fix Subscriber+.SQL.injection HIGH" "simple-buttons-creator No.known.fix Unauthenticated.Stored.XSS HIGH" "simple-buttons-creator No.known.fix Aribtrary.Button.Deletion.via.CSRF MEDIUM" "sliderpro 4.8.7 Missing.Authorization.via.AJAX.actions MEDIUM" "subscriber 1.3.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "seo-automatic-links No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "sermone-online-sermons-management No.known.fix Reflected.XSS HIGH" "sermone-online-sermons-management No.known.fix Contributor+.Stored.XSS MEDIUM" "seed-social 2.0.4 Admin+.Stored.XSS LOW" "simple-media-directory 1.4.4 Contributor+.Stored.XSS MEDIUM" "simple-media-directory 1.4.3 Unauthenticated.SQLi HIGH" "seo-backlink-monitor 1.6.0 Reflected.Cross-Site.Scripting MEDIUM" "stop-user-enumeration 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "stop-user-enumeration 1.3.20 Subscriber+.Arbitrary.Option.Update CRITICAL" "stop-user-enumeration 1.3.9 REST.API.Bypass MEDIUM" "stop-user-enumeration 1.3.8 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "stopbadbots 10.24 Missing.Authorization.to.Information.Expsoure MEDIUM" "stopbadbots 7.32 Admin+.Stored.XSS LOW" "stopbadbots 7.24 Subscriber+.Arbitrary.Plugin.Installation HIGH" "stopbadbots 6.930 Unauthenticated.SQLi HIGH" "stopbadbots 6.88 Unauthenticated.SQLi HIGH" "stopbadbots 6.67 Unauthenticated.SQL.Injection CRITICAL" "stopbadbots 6.62 Reflected.Cross-Site.Scripting HIGH" "stopbadbots 6.60 Authenticated.SQL.Injections MEDIUM" "snazzy-maps 1.1.5 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "swifty-bar 1.2.11 Admin+.Stored.XSS LOW" "sagepay-server-gateway-for-woocommerce 1.0.9 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "shortpixel-critical-css 1.0.3 Missing.Authorization MEDIUM" "slp-extenders No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "slp-extenders 5.9.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sucuri-scanner 1.8.34 Event.log.Entry.Creation.via.CSRF MEDIUM" "sendit No.known.fix Authenticated.(admin+).SQL.Injection MEDIUM" "send-users-email 1.5.2 Unauthenticated.Information.Exposure MEDIUM" "send-users-email 1.4.4 Sensitive.Information.Exposure.via.Error.Logs MEDIUM" "send-users-email 1.4.1 Reflected.Cross-Site.Scripting MEDIUM" "store-locator 3.98.8 Settings.Update.via.CSRF MEDIUM" "store-locator 3.34 SQL.Injection CRITICAL" "subscriptions-memberships-for-paypal 1.1.3 Reflected.Cross-Site.Scripting.via.page.Parameter HIGH" "simple-membership-wp-user-import 1.8 Admin+.SQLi MEDIUM" "spotify-play-button-for-wordpress 2.11 Settings.Update.via.CSRF MEDIUM" "spotify-play-button-for-wordpress 2.08 Admin+.Stored.XSS LOW" "spotify-play-button-for-wordpress 2.06 Contributor+.Stored.XSS MEDIUM" "soundy-audio-playlist No.known.fix XSS MEDIUM" "send-emails-with-mandrill 1.4.2 Missing.Authorization MEDIUM" "simple-cloudflare-turnstile 1.23.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "smoothscroller No.known.fix Admin+.Stored.XSS LOW" "ssl-zen 4.6.0 Unauthenticated.Private.Keys.Access MEDIUM" "ssl-zen 4.5.2 Reflected.Cross-Site.Scripting MEDIUM" "ssl-zen 4.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "schedulicity-online-appointment-booking No.known.fix Easy.Online.Scheduling.<=.2.21.-.Contributor+.Stored.XSS MEDIUM" "station-pro 2.3.4 Reflected.Cross-Site.Scripting MEDIUM" "station-pro 2.2.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "station-pro 2.2.2 Reflected.Cross-Site.Scripting.(XSS) HIGH" "sitebuilder-dynamic-components No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "stock-sync-for-woocommerce 2.4.1 Reflected.XSS HIGH" "synved-shortcodes No.known.fix Contributor+.Stored.XSS MEDIUM" "scripts-organizer 3.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "sola-testimonials No.known.fix Cross-Site.Request.Forgery MEDIUM" "simple-image-manipulator No.known.fix Remote.File.Download HIGH" "seo-backlinks No.known.fix CSRF.to.Stored.XSS HIGH" "standout-color-boxes-and-buttons No.known.fix Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "spoontalk-social-media-icons-widget No.known.fix Cross-Site.Request.Forgery MEDIUM" "sv-provenexpert 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "sv-provenexpert 1.8.01 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "server-info No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "server-info 0.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "svg-support 2.5.8 Author+.Cross-Site.Scripting.via.SVG MEDIUM" "svg-support 2.5.2 Author+.Stored.XSS MEDIUM" "svg-support 2.5 Author+.Stored.Cross-Site.Scripting MEDIUM" "svg-support 2.3.20 Admin+.Stored.Cross-Site.Scripting LOW" "secure-copy-content-protection 4.1.7 Admin+.Stored.XSS LOW" "secure-copy-content-protection 4.1.7 Admin+.Stored.XSS LOW" "secure-copy-content-protection 4.0.9 Admin+.Stored.XSS LOW" "secure-copy-content-protection 3.9.1 Missing.Authorization MEDIUM" "secure-copy-content-protection 3.7.2 Missing.Authorization MEDIUM" "secure-copy-content-protection 2.8.2 Unauthenticated.SQL.Injection HIGH" "secure-copy-content-protection 2.6.7 Authenticated.Blind.SQL.Injections HIGH" "simple-post No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "seatgeek-affiliate-tickets No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "show-hidecollapse-expand 1.3.0 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "show-hidecollapse-expand No.known.fix Subscriber+.Settings.Update MEDIUM" "srs-simple-hits-counter 1.1.1 Settings.Update.via.CSRF MEDIUM" "srs-simple-hits-counter 1.1.0 1.0.4.-.Unauthenticated.Blind.SQL.Injection CRITICAL" "swipehq-payment-gateway-woocommerce No.known.fix Unauthenticated.Reflected.XSS MEDIUM" "shortcode-gallery-for-matterport-showcase 2.2.0 Cross-Site.Request.Forgery MEDIUM" "shortcode-gallery-for-matterport-showcase 2.1.8 Contributor+.Stored.XSS.via.shortcode MEDIUM" "shortcode-gallery-for-matterport-showcase 2.1.7 Reflected.XSS HIGH" "shortcode-gallery-for-matterport-showcase 2.1.5 Contributor+.Stored.XSS MEDIUM" "shortcut-macros No.known.fix Subscriber+.Arbitrary.Settings.Update MEDIUM" "subscribe-to-comments 2.3 Authenticated.Local.File.Inclusion MEDIUM" "smart-marketing-for-wp 2.0.0 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "shantz-wordpress-qotd No.known.fix Arbitrary.Setting.Update.via.CSRF MEDIUM" "salert 1.2.2 Subscriber+.Missing.Authorization MEDIUM" "salert 1.2.2 Reflected.XSS HIGH" "st-daily-tip No.known.fix CSRF.to.Stored.Cross-Site.Scripting HIGH" "seo-alert No.known.fix Admin+.Stored.XSS LOW" "simple-photoswipe No.known.fix Subscriber+.Arbitrary.Settings.Update MEDIUM" "simple-photoswipe No.known.fix Admin+.Stored.XSS LOW" "shortcodes-finder 1.5.5 Reflected.Cross-Site.Scripting MEDIUM" "shortcodes-finder 1.5.4 Reflected.XSS HIGH" "simple-feature-requests 2.2.5 Reflected.Cross-Site.Scripting MEDIUM" "simple-feature-requests 2.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "socialsnap 1.3.6 Missing.Authorization MEDIUM" "seo-landing-page-generator 1.62.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "smart-wishlist-for-more-convert 1.7.3 Missing.Authorization MEDIUM" "smart-wishlist-for-more-convert 1.7.9 Missing.Authorization MEDIUM" "set-admin-colour-on-staging-and-dev No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "set-admin-colour-on-staging-and-dev No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-jwt-login 3.2.1 Arbitrary.Settings.Update.to.Site.Takeover.via.CSRF HIGH" "simple-jwt-login 3.3.0 Insecure.Password.Creation LOW" "smooth-slider 2.8.7 Authenticated.SQL.Injection HIGH" "smooth-slider 2.7 Authenticated.SQL.Injection HIGH" "slickquiz No.known.fix Authenticated.SQL.Injection HIGH" "slickquiz No.known.fix Unauthenticated.Stored.XSS MEDIUM" "shortcodes-ultimate 7.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.su_lightbox.Shortcode MEDIUM" "shortcodes-ultimate 7.1.6 Contributor+.Stored.XSS.via.su_members.Shortcode MEDIUM" "shortcodes-ultimate 7.1.3 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 7.1.2 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 7.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.su_lightbox MEDIUM" "shortcodes-ultimate 7.1.0 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 7.0.5 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 7.0.5 Contributor+.Stored.Cross-Site.Scripting.via.'note_color'.Shortcode MEDIUM" "shortcodes-ultimate 7.0.4 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 7.0.3 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 7.0.2 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "shortcodes-ultimate 7.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shortcodes-ultimate 7.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shortcodes-ultimate 7.0.0 Insecure.Direct.Object.Reference.to.Information.Disclosure MEDIUM" "shortcodes-ultimate 5.13.1 Reflected.Cross-Site.Scripting MEDIUM" "shortcodes-ultimate 5.12.8 Subscriber+.User.Meta.Disclosure MEDIUM" "shortcodes-ultimate 5.12.8 Subscriber+.Arbitrary.Post.Access MEDIUM" "shortcodes-ultimate 5.12.7 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 5.12.7 Subscriber+.Arbitrary.File.Access MEDIUM" "shortcodes-ultimate 5.12.7 Subscriber+.SSRF MEDIUM" "shortcodes-ultimate 5.12.1 Stored.XSS.via.CSRF MEDIUM" "shortcodes-ultimate 5.12.1 Settings.Preset.Update.via.CSRF MEDIUM" "shortcodes-ultimate 5.10.2 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 5.0.1 Authenticated.Contributor.Code.Execution CRITICAL" "shortcodes-ultimate 4.10.0 Authenticated.Directory.Traversal MEDIUM" "simple-youtube-responsive 3.0 Contributor+.Stored.XSS MEDIUM" "scheduled-notification-bar No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "software-license-manager 4.5.1 Arbitrary.Domain.Deletion.via.CSRF HIGH" "software-license-manager 4.5.0 Admin+.Stored.Cross-Site.Scripting LOW" "software-license-manager 4.4.8 Reflected.Cross-Site.Scripting HIGH" "software-license-manager 4.4.6 CSRF.to.Stored.XSS HIGH" "social-sharing-toolkit No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "social-share-boost No.known.fix Plugin.Settings.Update.via.CSRF MEDIUM" "social-share-boost 4.5 Admin+.Stored.XSS LOW" "social-share-boost 4.5 Contributor+.Stored.XSS MEDIUM" "shortcode-imdb No.known.fix Cross-Site.Request.Forgery MEDIUM" "shortcode-imdb No.known.fix Admin+.SQLi MEDIUM" "stax-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "scripts-n-styles 3.5.8 Admin+.Stored.XSS LOW" "single-post-exporter No.known.fix Plugin's.Settings.Update.via.CSRF MEDIUM" "swift-performance-lite 2.3.6.21 Cross-Site.Request.Forgery MEDIUM" "swift-performance-lite 2.3.6.19 Subscriber+.Settings.Update MEDIUM" "swift-performance-lite 2.3.6.15 Unauthenticated.Configuration.Export MEDIUM" "slp-extended-data-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "slp-extended-data-manager 5.9.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-post-notes 1.7.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "simple-post-notes 1.7.7 Cross-Site.Request.Forgery MEDIUM" "simple-post-notes 1.7.6 Admin+.Stored.Cross-Site.Scripting LOW" "shortcode-to-display-post-and-user-data 1.3.0 Insecure.Direct.Object.Reference.to.Authenticated.(Contributor+).Post.Meta.Disclosure MEDIUM" "shortcode-to-display-post-and-user-data 1.3.0 Authenticated.(Contributor+).Code.Injection HIGH" "shortcode-to-display-post-and-user-data 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.vg_display_data MEDIUM" "show-posts 1.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "smart-custom-fields 5.0.0 Missing.Authorization.to.Authenticated.(Subscriber+).Post.Content.Disclosure MEDIUM" "stop-spam-comments No.known.fix Access.Token.Bypass LOW" "super-forms-bundle 4.9.703 Unauthenticated.PHP.File.Upload.to.RCE CRITICAL" "stylist No.known.fix Cross-Site.Request.Forgery MEDIUM" "sticky-related-posts No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "stripe-payments 2.0.87 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.accept_stripe_payment_ng.Shortcode MEDIUM" "stripe-payments 2.0.80 Insecure.Direct.Object.Reference MEDIUM" "stripe-payments 2.0.64 Admin+.Stored.Cross-Site.Scripting LOW" "stripe-payments 2.0.40 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "shortcoder 6.3.1 Subscriber+.Unauthorised.AJAX.Call MEDIUM" "simplemodal-contact-form-smcf No.known.fix Admin+.Stored.XSS LOW" "surferseo 1.3.3.379 Missing.Authorization MEDIUM" "soliloquy-lite 2.7.7 Missing.Authorization.to.Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "soliloquy-lite 2.7.3 Subscriber+.Slider.Data.Access MEDIUM" "simple-user-listing 1.9.3 Reflected.XSS HIGH" "stop-wp-emails-going-to-spam 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "super-progressive-web-apps 2.2.22 Missing.Authorization MEDIUM" "super-progressive-web-apps 2.1.12 Authenticated.(Low.Privileged).Arbitrary.File.Upload.to.RCE HIGH" "super-progressive-web-apps 2.1.13 Authenticated.(High.Privileged).Arbitrary.File.Upload.to.RCE HIGH" "shortpixel-image-optimiser 5.4.2 Authenticated(Editor+).PHP.Object.Injection MEDIUM" "shortpixel-image-optimiser 4.22.10 Reflected.Cross-Site.Scripting MEDIUM" "safe-svg 1.9.10 SVG.Sanitisation.Bypass MEDIUM" "safe-svg 1.9.6 XSS.Protection.Bypass HIGH" "social-lite 1.3.0 Reflected.Cross-Site.Scripting MEDIUM" "simplesamlphp-authentication No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-basic-contact-form 20240511 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "simple-basic-contact-form 20240502 Reflected.Cross-Site.Scripting MEDIUM" "simple-basic-contact-form 20221201 Admin+.Stored.XSS LOW" "stock-quotes-list 2.9.12 Contributor+.Stored.XSS MEDIUM" "simple-embed-code 2.3.7 Authenticated(Contributor+).Denial.of.Service MEDIUM" "speedycache 1.1.9 Cross-Site.Request.Forgery MEDIUM" "speedycache 1.1.4 Missing.Authorization.to.Plugin.Options.Update MEDIUM" "speedycache 1.1.3 .Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "super-socializer 7.13.64 Editor+.Stored.XSS MEDIUM" "super-socializer 7.13.55 Missing.Authorization MEDIUM" "super-socializer 1.13.53 Contributor+.Stored.XSS MEDIUM" "super-socializer 7.13.52 Reflected.XSS HIGH" "super-socializer 7.13.44 Contributor+.Stored.XSS MEDIUM" "super-socializer 7.13.30 Reflected.Cross-Site.Scripting MEDIUM" "super-socializer 7.11 Authentication.Bypass CRITICAL" "social-connect No.known.fix Authentication.Bypass CRITICAL" "similar-posts No.known.fix Admin+.Stored.XSS LOW" "similar-posts 3.1.6 Admin+.Arbitrary.PHP.Code.Execution HIGH" "sitesupercharger 5.2.0 Unauthenticated.SQLi HIGH" "static-html-output-plugin 6.0 Reflected.Cross-Site.Scripting MEDIUM" "search-console 2.1.2 Reflected.Cross-Site.Scripting MEDIUM" "super-forms 6.0.4 Reflected.Cross-Site.Scripting MEDIUM" "super-forms 4.9.703 Unauthenticated.PHP.File.Upload.to.RCE CRITICAL" "simplepress 6.8.1 Unauthenticated.Stored.XSS.via.Forum.Replies HIGH" "simplepress 6.8.1 Admin+.Arbitrary.File.Update LOW" "simplepress 6.8.1 Subscriber+.Arbitrary.File.Deletion HIGH" "simplepress 6.8.1 Subscriber+.Stored.XSS.via.Profile.Signatures MEDIUM" "simplepress 6.6.1 Broken.Access.Control.leading.to.RCE CRITICAL" "sv100-companion 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "sv100-companion 1.8.12 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "shortpixel-adaptive-images 3.8.4 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "shortpixel-adaptive-images 3.8.4 Cross-Site.Request.Forgery MEDIUM" "shortpixel-adaptive-images 3.8.3 Missing.Authorization.in.activate_ai_handler.and.deactivate_ai_handler MEDIUM" "shortpixel-adaptive-images 3.7.2 Settings.Update.via.CSRF MEDIUM" "shortpixel-adaptive-images 3.6.3 Reflected.XSS HIGH" "shortpixel-adaptive-images 3.4.0 Subscriber+.Arbitrary.Settings.Update MEDIUM" "simple-ads-manager No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "simple-ads-manager 2.9.5.118 SQL.Injection MEDIUM" "slideonline No.known.fix Contributor+.Stored.XSS MEDIUM" "smart-google-code-inserter 3.5 Unauthenticated.Cross-Site.Scripting.(XSS) CRITICAL" "smart-google-code-inserter 3.5 Unauthenticated.SQL.Injection CRITICAL" "salient-shortcodes 1.5.4 Authenticated.(Contributor+).Local.File.Inclusion.via.Shortcode HIGH" "salient-shortcodes 1.5.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "simple-banner 2.12.0 Admin+.Stored.Cross.Site.Scripting LOW" "simple-banner 2.12.0 Admin+.Stored.Cross-Site.Scripting LOW" "simple-banner 2.10.4 Admin+.Stored.XSS MEDIUM" "svg-block 1.1.20 Author+.Stored.XSS.via.SVG.File.Upload MEDIUM" "s3-video No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "siteguard 1.7.7 Login.Page.Disclosure MEDIUM" "simple-events-calendar No.known.fix Authenticated.(admin+).SQL.Injection MEDIUM" "sheet-to-wp-table-for-google-sheet 1.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.STWT_Sheet_Table.Shortcode MEDIUM" "support-svg 1.1.0 Stored.XSS.via.SVG.Upload MEDIUM" "safety-exit 1.7.1 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "shop-page-wp 1.2.8 Admin+.Stored.Cross-Site.Scripting MEDIUM" "social-share-buttons-by-supsystic 2.2.4 Subscriber+.Unauthorised.Actions MEDIUM" "social-share-buttons-by-supsystic 2.2.4 Subscriber+.SQLi HIGH" "social-share-buttons-by-supsystic 2.2.4 Multiple.CSRF MEDIUM" "simple-behace-portfolio No.known.fix Reflected.Cross-Site.Scripting HIGH" "simple-behace-portfolio No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "skt-skill-bar 2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "similarity No.known.fix Plugin.Reset.via.CSRF MEDIUM" "similarity No.known.fix Stored.XSS.via.CSRF HIGH" "side-menu-lite 4.2.1 Menu.Deletion.via.CSRF MEDIUM" "side-menu-lite 4.0.2 Reflected.XSS MEDIUM" "side-menu-lite 2.2.6 Authenticated.SQL.Injection HIGH" "side-menu-lite 2.2.1 Authenticated.SQL.Injection LOW" "simple-form 2.12.2 Admin+.Stored.XSS LOW" "send-pdf-for-contact-form-7 1.0.2.4 Missing.Authorization MEDIUM" "send-pdf-for-contact-form-7 0.9.9.2 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "slider-by-supsystic 1.8.11 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "slider-by-supsystic 1.8.11 Authenticated.(Admin+).SQL.Injection CRITICAL" "slider-by-supsystic 1.8.7 Missing.Authorization MEDIUM" "slider-by-supsystic 1.8.7 CSRF MEDIUM" "stetic 1.0.9 CSRF.to.Stored.Cross-Site.Scripting HIGH" "skt-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "skt-addons-for-elementor 2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Age.Gate.and.Creative.Slider.Widgets HIGH" "skt-addons-for-elementor 1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Widget.Page.Title MEDIUM" "skt-addons-for-elementor 1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Block MEDIUM" "simply-exclude No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-link-directory 7.7.2 Unauthenticated.SQL.injection HIGH" "simple-link-directory 7.3.5 Cross-Site.Scripting.(XSS) MEDIUM" "sermon-browser No.known.fix Arbitrary.File.Upload.via.CSRF MEDIUM" "sermon-browser 0.45.16 Multiple.XSS MEDIUM" "social-autho-bio No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "sellkit 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "sellkit 1.8.3 Authenticated.(Subscriber+).Arbitrary.File.Download MEDIUM" "school-management-system 4.2 Admin+.SQLi MEDIUM" "salat-times 3.2.2 Admin+.Stored.Cross-Site.Scripting LOW" "sp-rental-manager No.known.fix Unauthenticated.SQL.Injection HIGH" "superstorefinder-wp 6.9.8 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "superstorefinder-wp 6.9.8 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "superstorefinder-wp 6.9.8 Unauthenticated.SQL.Injection CRITICAL" "superstorefinder-wp 6.9.4 Unauthenticated.Email.Creation/Sending MEDIUM" "superstorefinder-wp 6.5 Unauthenticated.SQL.Injections CRITICAL" "superstorefinder-wp 6.2 Unauthenticated.Arbitrary.File.Upload CRITICAL" "strategery-migrations No.known.fix Unauthenticated.Arbitrary.File.Deletion HIGH" "startklar-elmentor-forms-extwidgets No.known.fix Unauthenticated.Path.Traversal.to.Arbitrary.Directory.Deletion CRITICAL" "startklar-elmentor-forms-extwidgets 1.7.14 Unauthenticated.Arbitrary.File.Upload CRITICAL" "startklar-elmentor-forms-extwidgets 1.7.14 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "sully 4.3.1 Reflected.XSS HIGH" "sully 4.3.1 Plugin.Reset.via.CSRF MEDIUM" "sully 4.3.1 Admin+.Stored.XSS LOW" "sully 4.3.1 Admin+.Stored.XSS.via.CSRF HIGH" "sticky-banner 1.3.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "seriously-simple-stats 1.5.2 Reflected.XSS HIGH" "seriously-simple-stats 1.5.1 Podcast.Manager+.SQLi HIGH" "sparkpost 2.3.6 Admin+.Stored.XSS LOW" "service-area-postcode-checker No.known.fix Admin+.Stored.XSS LOW" "sv-columns-manager 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "sv-columns-manager 1.8.02 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "socialmark 2.0.7 Reflected.Cross-Site.Scripting MEDIUM" "socialmark 2.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "stars-rating 3.5.1 Comments.Denial.of.Service MEDIUM" "simple-urls 121 Arbitrary.Actions.via.CSRF MEDIUM" "simple-urls 118 Reflected.XSS HIGH" "simple-urls 115 Subscriber+.SQLi HIGH" "simple-urls 115 Multiple.Reflected.XSS HIGH" "shortcode-ninja No.known.fix Unauthenticated.Reflected.XSS MEDIUM" "slideshow-jquery-image-gallery No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "slideshow-jquery-image-gallery No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "slideshow-jquery-image-gallery 2.2.22 Option.Value.Disclosure HIGH" "sticky-add-to-cart-for-woo No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "save-grab No.known.fix Cross-Site.Request.Forgery MEDIUM" "save-grab No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-social-buttons 5.1.1 Unauthenticated.Password.Protected.Post.Access MEDIUM" "simple-social-buttons 3.2.4 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "simple-social-buttons 3.2.3 Contributor+.Stored.XSS MEDIUM" "simple-social-buttons 3.2.1 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "simple-social-buttons 3.2.0 Reflected.Cross-Site.Scripting CRITICAL" "simple-social-buttons 2.0.22 Authenticated.Option.Injection HIGH" "site-editor No.known.fix Local.File.Inclusion.(LFI) HIGH" "sloth-logo-customizer No.known.fix Stored.XSS.via.CSRF HIGH" "sticky-header-oceanwp No.known.fix CSRF MEDIUM" "security-malware-firewall 2.121 IP.Spoofing MEDIUM" "security-malware-firewall 2.51 Security.Nonce.Leak.leading.to.Unauthorised.AJAX.call HIGH" "sahu-tiktok-pixel No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "search-filter 1.2.16 Contributor+.Stored.XSS MEDIUM" "slickr-flickr No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "svs-pricing-tables No.known.fix Cross-Site.Request.Forgery.to.Pricing.Table.Edit/Creation MEDIUM" "svs-pricing-tables No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "svs-pricing-tables No.known.fix Cross-Site.Request.Forgery.to.Pricing.Table.Deletion MEDIUM" "svgmagic No.known.fix Stored.XSS.via.SVG.Upload MEDIUM" "simple-popup-plugin 4.5 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "stop-referrer-spam 1.3.1 CSRF MEDIUM" "simple-responsive-image-gallery No.known.fix Reflected.Cross-Site.Scripting HIGH" "shortcode-menu No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "swift-framework No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcodes MEDIUM" "swift-framework No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Content.Update MEDIUM" "sv-tracking-manager 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "sv-tracking-manager 1.8.02 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "searchiq 4.6 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "searchiq 4.5 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "searchiq 3.9 Unauthenticated.Stored.XSS HIGH" "shockingly-simple-favicon No.known.fix Settings.Update.via.CSRF MEDIUM" "shiftnav-responsive-mobile-menu 1.7.2 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "schreikasten No.known.fix Author+.SQL.Injections HIGH" "sumo-divi-modules No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sumo-divi-modules 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "spreadshirt-rss-3d-cube-flash-gallery No.known.fix Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "spotify-play-button No.known.fix Contributor+.Stored.XSS MEDIUM" "special-feed-items No.known.fix Stored.XSS.via.CSRF HIGH" "streak-crm-for-gmail-integration-for-contact-form-7 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "streak-crm-for-gmail-integration-for-contact-form-7 No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-tweet No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "simple-tweet No.known.fix Admin+.Stored.XSS LOW" "splashscreen No.known.fix Settings.Update.via.CSRF MEDIUM" "simple-video-embedder No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "site-is-offline-plugin No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "swatchly 1.2.1 Cross-Site.Request.Forgery MEDIUM" "sumome 1.35 Cross-Site.Request.Forgery MEDIUM" "simple-popup-manager No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "smartsearchwp 2.4.6 Unauthenticated.OpenAI.Key.Disclosure MEDIUM" "smartsearchwp 2.4.5 Unauthenticated.Log.Purge MEDIUM" "smartsearchwp 2.4.5 Unauthenticated.SQLi HIGH" "smartsearchwp 2.4.5 Unauthenticated.Stored.XSS HIGH" "stop-spammer-registrations-plugin 2024.5 Cross-Site.Request.Forgery.(CSRF).via.sfs_process MEDIUM" "stop-spammer-registrations-plugin 2023 Admin+.Stored.XSS LOW" "stop-spammer-registrations-plugin 2023 Reflected.XSS HIGH" "stop-spammer-registrations-plugin 2022.6 Unauthenticated.PHP.Object.Injection MEDIUM" "stop-spammer-registrations-plugin 2021.18 Authenticated.Stored.XSS LOW" "stop-spammer-registrations-plugin 2021.9 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "super-testimonial No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "super-testimonial 3.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "super-testimonial 3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "super-testimonial 2.7 Admin+.Stored.Cross-Site.Scripting LOW" "super-testimonial 2.7 Admin+.Stored.Cross-Site.Scripting LOW" "split-test-for-elementor 1.7.0 Cross-Site.Request.Forgery MEDIUM" "seo-by-rank-math-pro 3.0.36 Unauthenticated.Reflected.XSS MEDIUM" "streamcast 2.2.4 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "streamcast 2.1.9 Reflected.Cross-Site.Scripting MEDIUM" "streamcast 2.1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "streamcast 2.1.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "salesking 1.6.30 Missing.Authorization.to.Settings.Change MEDIUM" "salesking 1.6.30 Unauthenticated.Sensitive.Information.Exposure HIGH" "salesking 1.6.30 Unauthenticated.Privilege.Escalation CRITICAL" "strong-testimonials 3.1.13 Authenticated(Contributor+).Improper.Authorization.to.Views.Modification MEDIUM" "strong-testimonials 3.1.12 Contributor+.Stored.XSS MEDIUM" "strong-testimonials 3.1.11 Settings.Update.via.CSRF MEDIUM" "strong-testimonials 3.0.3 Contributor+.Stored.XSS MEDIUM" "strong-testimonials 3.0.3 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "strong-testimonials 2.51.3 Unauthorised.AJAX.Call MEDIUM" "strong-testimonials 2.40.1 Stored.Cross.Site.Scripting.(XSS) MEDIUM" "snap-pixel No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "snap-pixel No.known.fix Admin+.Stored.XSS LOW" "smart-admin-menu-filter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "smart-admin-menu-filter No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "searchwp-live-ajax-search 1.6.3 Unauthenticated.Local.File.Inclusion MEDIUM" "searchwp-live-ajax-search 1.6.2 Unauthenticated.Arbitrary.Post.Title.Disclosure MEDIUM" "seo-checklist No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "seo-checklist No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "smsa-shipping-for-woocommerce 1.0.5 Subscriber+.Arbitrary.File.Download HIGH" "so-pinyin-slugs 2.3.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "simple-tour-guide 1.0.6 Reflected.Cross-Site.Scripting MEDIUM" "simple-login-log 1.1.2 Authenticated.SQL.Injection CRITICAL" "sitetweet-tweets-user-behaviors-on-your-site-on-twitter No.known.fix Stored.XSS.via.CSRF HIGH" "seur 1.7.2 Admin+.Arbitrary.File.Download MEDIUM" "seur 1.7.0 Admin+.Stored.Cross-Site.Scripting MEDIUM" "swiss-toolkit-for-wp 1.0.8 Contributor+.Authentication.Bypass HIGH" "social-proof-testimonials-slider 2.2.4 Admin+.Stored.XSS LOW" "stafflist 3.1.7 Reflected.Cross-Site.Scripting MEDIUM" "stafflist 3.1.6 Reflected.Cross-Site.Scripting MEDIUM" "stafflist 3.1.5 Admin+.SQLi MEDIUM" "stafflist 3.1.6 Arbitrary.Staff.Deletion.via.CSRF MEDIUM" "staggs 1.4.2 Reflected.Cross-Site.Scripting MEDIUM" "seo-content-randomizer 3.28.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "slider-comparison-image-before-and-after No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "swipehq-payment-gateway-wp-e-commerce No.known.fix Multiple.XSS.Issues MEDIUM" "skt-templates 4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "shopello No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "search-everything 8.1.7 SQL.Injection CRITICAL" "search-everything 8.1.6 SQL.Injection CRITICAL" "social-pug 1.33.2 PHP.Object.Injection HIGH" "social-pug 1.33.1 Unauthenticated.Password.Protected.Posts.Access MEDIUM" "social-pug 1.32.0 Admin+.Stored.XSS LOW" "social-pug 1.30.1 Missing.Authorization.via.multiple.admin_init.actions MEDIUM" "social-pug 1.19.0 Reflected.Cross-Site.Scripting MEDIUM" "social-pug 1.2.6 Social.Pug.<=.1.2.5.-.Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "securimage-wp-fixed No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "so-widgets-bundle 1.62.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.in.Image.Grid.widget MEDIUM" "so-widgets-bundle 1.62.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.SiteOrigin.Blog.Widget MEDIUM" "so-widgets-bundle 1.61.0 Contributor+.Stored.XSS.via.siteorigin_widget.Shortcode MEDIUM" "so-widgets-bundle 1.58.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "so-widgets-bundle 1.58.4 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "so-widgets-bundle 1.58.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "so-widgets-bundle 1.58.2 Contributor+.Stored.XSS MEDIUM" "so-widgets-bundle 1.51.0 Admin+.Local.File.Inclusion MEDIUM" "simple-support-ticket-system 1.2.1 Unauthenticated.SQL.Injection CRITICAL" "slider-wd 1.2.59 Admin+.Stored.XSS LOW" "slider-wd 1.2.58 Authenticated.(Contributor+).SQL.Injection.via.id.Parameter HIGH" "slider-wd 1.2.57 Editor+.Stored.XSS LOW" "slider-wd 1.2.56 Editor+.Stored.XSS LOW" "slider-wd 1.2.55 Reflected.Cross-Site.Scripting MEDIUM" "slider-wd 1.2.53 Admin+.Stored.XSS LOW" "slider-wd 1.2.52 Admin+.Stored.Cross-Site.Scripting LOW" "slider-wd 1.2.36 Multiple.Authenticated.SQL.Injection HIGH" "simple-popup-newsletter No.known.fix Reflected.Cross-Site.Scripting HIGH" "s2member 240325 Limited.Privilege.Escalation MEDIUM" "s2member 240315 Information.Exposure MEDIUM" "superfly-menu 5.0.30 Cross-Site.Request.Forgery.to.Arbitrary.File.Deletion HIGH" "superfly-menu No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "send-prebuilt-emails No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "send-prebuilt-emails No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "svgator No.known.fix Stored.XSS.via.SVG.Upload MEDIUM" "svgator 1.2.5 API.Token.Update/Deletion.&.Import.Projects.via.CSRF MEDIUM" "stout-google-calendar No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "simple-restrict 1.2.7 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "simple-fields No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "simple-fields 1.4.11 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "superb-slideshow-gallery 13.2 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "simple-download-monitor 3.9.11 Contributor+.Stored.Cross-Site.Scripting.via.Shortcodes MEDIUM" "simple-download-monitor 3.9.9 Multiple.CSRF MEDIUM" "simple-download-monitor 3.9.6 Unauthorised.Log.Reset MEDIUM" "simple-download-monitor 3.9.6 Unauthenticated.Log.Access MEDIUM" "simple-download-monitor 3.9.5 Contributor+.Stored.Cross-Site.Scripting.via.File.Thumbnail MEDIUM" "simple-download-monitor 3.9.6 Arbitrary.Thumbnails.Removal MEDIUM" "simple-download-monitor 3.9.5 Reflected.Cross-Site.Scripting HIGH" "simple-download-monitor 3.9.5 Contributor+.Arbitrary.File.Download.via.Path.Traversal MEDIUM" "simple-download-monitor 3.8.9 Unauthenticated.Cross-Site.Scripting MEDIUM" "simple-download-monitor 3.8.9 SQL.Injection MEDIUM" "simple-download-monitor 3.5.4 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "si-contact-form 4.0.38 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "smart-slider-3 3.5.1.23 Contributor+.Stored.XSS.via.SVG.Upload MEDIUM" "smart-slider-3 3.5.1.14 Contributor+.Stored.XSS MEDIUM" "smart-slider-3 3.5.1.11 Contributor+.Stored.XSS MEDIUM" "smart-slider-3 3.5.1.11 PHP.Object.Injection MEDIUM" "smart-slider-3 3.5.0.9 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "searchpro 1.7.7 Unauthenticated.Arbitrary.File.Uplaod CRITICAL" "searchpro 1.7.6 Unauthenticated.Server-Side.Request.Forgery HIGH" "simply-show-hooks No.known.fix Injected.Backdoor CRITICAL" "shortcodes-ultimate-pro 7.2.1 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate-pro 7.1.5 Contributor+.Stored.Cross-Site.Scripting.XSS MEDIUM" "simple-sortsearch No.known.fix Ccontributor+.Stored.XSS MEDIUM" "sky-login-redirect 3.7.3 Reflected.Cross-Site.Scripting MEDIUM" "sky-login-redirect 3.6.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sideblog No.known.fix Arbitrary.Settings.Update.via.CSRF.to.Stored.XSS MEDIUM" "smart-variations-images 5.2.8 Reflected.Cross-Site.Scripting MEDIUM" "smart-variations-images 5.1.10 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "serial-codes-generator-and-validator 2.4.15 Admin+.Stored.XSS LOW" "shiny-buttons No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "slider-slideshow No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "slider-slideshow No.known.fix Contributor+.Stored.XSS MEDIUM" "slider-slideshow No.known.fix Cross-Site.Request.Forgery HIGH" "simple-posts-ticker 1.1.6 Contributor+.Stored.XSS MEDIUM" "simple-posts-ticker 1.1.6 Admin+.Stored.XSS LOW" "server-status-by-hostnameip No.known.fix Authenticated.SQL.Injection HIGH" "social-metrics No.known.fix Admin+.Stored.XSS LOW" "secupress 2.2.5.2 Cross-Site.Request.Forgery.to.Banned.IP.Address MEDIUM" "secupress 2.0 Unauthenticated.Arbitrary.IP.Ban MEDIUM" "seo-for-local 9.2.1 Reflected.Cross-Site.Scripting MEDIUM" "seo-for-local 9.1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "social-media-builder No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "simple-301-redirects 2.0.8 Missing.Authorization.via.clicked MEDIUM" "simple-301-redirects 2.0.8 Cross-Site.Request.Forgery.via.'clicked' MEDIUM" "simple-301-redirects 2.0.4 2.0.0.–.2.0.3.-.Unauthenticated.Redirect.Export CRITICAL" "simple-301-redirects 2.0.4 2.0.0.–.2.0.3.-.Arbitrary.Plugin.Installation HIGH" "simple-301-redirects 2.0.4 2.0.0.–.2.0.3.-.Arbitrary.Plugin.Activation HIGH" "simple-301-redirects 2.0.4 2.0.0.–.2.0.3.-.Unauthenticated.Redirect.Import CRITICAL" "simple-301-redirects 2.0.4 2.0.0.–.2.0.3.-.Update.and.Retrieve.Wildcard.Value MEDIUM" "sliced-invoices 3.9.3 Missing.Authorization MEDIUM" "sliced-invoices 3.8.4 Multiple.Vulnerabilities HIGH" "share-print-pdf-woocommerce 2.8.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "social-networks-auto-poster-facebook-twitter-g No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "social-networks-auto-poster-facebook-twitter-g 4.4.4 Cross-Site.Request.Forgery.to.Arbitrary.Post.Deletion MEDIUM" "social-networks-auto-poster-facebook-twitter-g 4.4.4 Unauthenticated.Stored.Cross-Site.Scripting.via.User.Agent MEDIUM" "social-networks-auto-poster-facebook-twitter-g 4.4.4 Subscriber+.Sensitive.Information.Exposure MEDIUM" "social-networks-auto-poster-facebook-twitter-g 4.4.3 Reflected.Cross-Site.Scripting.via.code MEDIUM" "social-networks-auto-poster-facebook-twitter-g 4.3.26 Reflected.Cross-Site.Scripting MEDIUM" "social-networks-auto-poster-facebook-twitter-g 4.3.24 Unauthenticated.Stored.XSS HIGH" "social-networks-auto-poster-facebook-twitter-g 4.3.25 Arbitrary.Post.Deletion.via.CSRF MEDIUM" "social-networks-auto-poster-facebook-twitter-g 4.3.21 Reflected.Cross-Site.Scripting HIGH" "social-networks-auto-poster-facebook-twitter-g 4.3.18 Insufficient.Privilege.Validation HIGH" "social-networks-auto-poster-facebook-twitter-g 4.2.8 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "social-networks-auto-poster-facebook-twitter-g 3.4.18 CSRF.to.Stored.XSS MEDIUM" "site-favicon 0.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "scrollto-top No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "scribble-maps No.known.fix Reflected.Cross-Site.Scripting HIGH" "simpel-reserveren No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "simple-mail-address-encoder 1.7 Reflected.Authenticated.XSS MEDIUM" "salesmanago 3.2.5 Log.Injection.via.Weak.Authentication.Token MEDIUM" "smooth-scrolling-links-ssl No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "simple-job-board 2.12.4 Authenticated.(Editor+).PHP.Object.Injection HIGH" "simple-job-board 2.12.2 Admin+.Stored.XSS LOW" "simple-job-board 2.12.6 Unauthenticated.Resumes.Download LOW" "simple-job-board 2.11.1 Unauthenticated.PHP.Object.Injection.via.Job.Application.Fields CRITICAL" "simple-job-board 2.11.0 Missing.Authorization.to.Unauthenticated.Information.Disclosure MEDIUM" "simple-job-board 2.10.7 Cross-Site.Request.Forgery MEDIUM" "simple-job-board 2.10.6 Missing.Authorization MEDIUM" "simple-job-board 2.10.4 Settings.Update.via.CSRF MEDIUM" "simple-job-board 2.10.0 Resume.Disclosure.via.Directory.Listing MEDIUM" "simple-job-board 2.9.5 Admin+.Stored.Cross-Site.Scripting LOW" "simple-job-board 2.9.4 Authenticated.Path.Traversal.Leading.to.Arbitrary.File.Download HIGH" "simple-job-board 2.4.4 Reflected.XSS MEDIUM" "scroll-baner No.known.fix CSRF.to.RCE CRITICAL" "simple-table-manager No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "sheetpress No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sheetpress No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "stylish-cost-calculator-premium 7.9.0 Unauthenticated.Stored.XSS HIGH" "search-logger No.known.fix Admin+.SQLi MEDIUM" "simple-org-chart No.known.fix Unauthenticated.Tree.Settings.Update MEDIUM" "simple-org-chart No.known.fix Settings.Update.via.CSRF MEDIUM" "social-media-widget 4.0.9 Admin+.Stored.XSS LOW" "seo-301-meta No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "soccer-engine-lite 1.13 Cross-Site.Request.Forgery MEDIUM" "supportbubble No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "supportbubble No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "social-network-tabs No.known.fix Social.Media.API.Key.Leakage CRITICAL" "subscribe-to-comments-reloaded 240119 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "subscribe-to-comments-reloaded 220502 Multiple.CSRF MEDIUM" "subscribe-to-comments-reloaded 150820 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "smart-youtube No.known.fix Cross-Site.Request.Forgery MEDIUM" "simple-history 3.4.0 Improper.Neutralization.of.Formula.Elements.in.a.CSV.File MEDIUM" "showbizpro No.known.fix Shell.Upload CRITICAL" "secure-file-manager No.known.fix Admin+.Arbitrary.File.Upload MEDIUM" "secure-file-manager No.known.fix Admin+.RCE MEDIUM" "secure-file-manager No.known.fix Admin+.RCE MEDIUM" "secure-file-manager 2.8.2 Authenticated.Remote.Code.Execution CRITICAL" "share-this-image 2.04 Open.Redirect.via.link.Parameter HIGH" "share-this-image 2.03 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.STI.Buttons.Shortcode MEDIUM" "share-this-image 2.02 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.alignment.Parameter MEDIUM" "share-this-image 1.99 Open.Redirect MEDIUM" "share-this-image 1.81 Reflected.Cross-Site.Scripting MEDIUM" "share-this-image 1.67 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "share-this-image 1.20 Stored.XSS MEDIUM" "simple-social-share No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "secure-ip-logins No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "secure-ip-logins No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sonawp-simple-payment-block 1.0.1 Reflected.Cross-Site.Scripting MEDIUM" "simple-post-gallery No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "starfish-reviews 3.1.0 Reflected.Cross-Site.Scripting MEDIUM" "starfish-reviews 3.0.26 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "starfish-reviews 2.0.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "simplemap No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "selection-lite 1.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tk-google-fonts 2.2.12 Missing.Authorization.to.Font.Deletion MEDIUM" "tk-google-fonts 2.2.11 Reflected.Cross-Site.Scripting MEDIUM" "tk-google-fonts 2.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "tagregator No.known.fix Stored.XSS MEDIUM" "tc-custom-javascript 1.2.2 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "tier-pricing-table 3.5.1 Reflected.Cross-Site.Scripting MEDIUM" "tier-pricing-table 2.6.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "temporary-login-without-password 1.7.1 Subscriber+.Plugin's.Settings.Update MEDIUM" "thrive-ovation 2.4.5 Unauthenticated.Option.Update MEDIUM" "the-events-calendar 6.5.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "the-events-calendar 6.5.1.5 Cross-Site.Request.Forgery.via.action_restore_events MEDIUM" "the-events-calendar 6.4.0.1 Contributor+.Missing.Authorization.to.Authenticated.Arbitrary.Events.Access MEDIUM" "the-events-calendar 6.4.0.1 Contributor+.Arbitrary.Events.Access LOW" "the-events-calendar 6.4.0.1 Reflected.XSS HIGH" "the-events-calendar 6.2.9 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "the-events-calendar 6.2.8.1 Unauthenticated.Arbitrary.Password.Protected.Post.Read MEDIUM" "the-events-calendar 6.1.0 Reflected.Cross-Site.Scripting MEDIUM" "the-events-calendar 5.14.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "the-events-calendar 5.14.0 Reflected.Cross-Site.Scripting MEDIUM" "the-events-calendar 4.8.2 XSS MEDIUM" "tweet-old-custom-post No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "travelpayouts 1.1.17 Open.Redirect MEDIUM" "travelpayouts 1.1.13 Settings.Update.via.CSRF MEDIUM" "travelpayouts 1.1.14 Reflected.XSS HIGH" "travelpayouts 1.0.17 CSRF.Bypass.due.to.Outdated.Redux.Framework MEDIUM" "tedwp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tedwp 0.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "testimonial-slider-and-showcase 2.3.8 Admin+.Stored.XSS LOW" "testimonial-slider-and-showcase 2.3.7 Author+.Settings.Update LOW" "theme-my-login 7.1.8 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "theme-my-login 7.1.7 Missing.Authorization.to.Notice.Dismissal MEDIUM" "tablesome 1.0.34 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "tablesome 1.0.26 Cross-Site.Request.Forgery MEDIUM" "tablesome 1.0.28 Reflected.Cross-Site.Scripting MEDIUM" "tablesome 1.0.15 Reflected.Cross-Site.Scripting MEDIUM" "tablesome 1.0.9 Reflected.XSS MEDIUM" "tablesome 0.6.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "textme-sms-integration 1.9.1 Subscriber+.Settings.Update MEDIUM" "textme-sms-integration 1.8.9 Authenticated.Stored.XSS LOW" "toast-stick-anything No.known.fix Missing.Authorization HIGH" "toast-stick-anything No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "telsender 1.14.12 Subscriber+.Settings.Update MEDIUM" "tml-2fa 1.2 .Lack.of.Rate.Limiting MEDIUM" "testimonials No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "themify-ptb-search 1.4.0 Post.Type.Builder.Search.Addon.<.1.4.0.-.Reflected.Cross-Site.Scripting MEDIUM" "table-maker No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "team-showcase 2.2 Contributor+.Stored.XSS MEDIUM" "to-top 2.3 Unauthorised.Plugin's.Setting.Change MEDIUM" "ti-woocommerce-wishlist No.known.fix Unauthenticated.SQL.Injection HIGH" "ti-woocommerce-wishlist 1.7.0 Reflected.Cross-Site.Scripting MEDIUM" "ti-woocommerce-wishlist 1.40.1 Unauthenticated.Blind.SQL.Injection HIGH" "ti-woocommerce-wishlist 1.21.12 Authenticated.WP.Options.Change HIGH" "task-manager-pro 3.6.34 Follower+.SQLi HIGH" "task-manager-pro 3.6.34 Multiple.Cross-Site.Scripting MEDIUM" "tochat-be 1.3.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "taggbox-widget No.known.fix Cross-Site.Request.Forgery MEDIUM" "taggbox-widget 3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "taggbox-widget 3.2 Unauthenticated.PHP.Object.Injection CRITICAL" "taggbox-widget No.known.fix Missing.Authorization MEDIUM" "taggbox-widget No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "taggbox-widget No.known.fix Cross-Site.Request.Forgery MEDIUM" "timeline-awesome No.known.fix Author+.Stored.Cross-Site.Scripting LOW" "telefication No.known.fix Open.Relay.&.Server-Side.Request.Forgery MEDIUM" "ts-webfonts-for-conoha 2.0.4 Admin+.Stored.XSS LOW" "tk-event-weather No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tk-event-weather No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "tarteaucitronjs 1.6.1 Cookies.legislation.&.GDPR.<.1.6.1.-.Admin.+.Stored.Cross-Site.Scripting LOW" "tarteaucitronjs 1.6 Cookies.legislation.&.GDPR.<.1.6.-.CSRF.to.Stored.Cross-Site.Scripting MEDIUM" "the-buffer-button No.known.fix Authenticated.Stored.Cross.Site.Scripting.(XSS) MEDIUM" "themify-wc-product-filter 1.5.0 WooCommerce.Product.Filter.<.1.5.0.-.Unauthenticated.SQL.Injection.via.conditions.Parameter CRITICAL" "themify-wc-product-filter 1.4.4 Reflected.XSS HIGH" "themify-wc-product-filter 1.4.4 Filter.Deletion.via.CSRF MEDIUM" "themify-wc-product-filter 1.4.4 Admin+.Stored.XSS LOW" "themify-wc-product-filter 1.3.8 WooCommerce.Product.Filter.<.1.3.8.-.Reflected.Cross-Site.Scripting MEDIUM" "totalpoll-lite 4.10.0 Missing.Authorization MEDIUM" "tubepress 1.6.5 XSS MEDIUM" "tenweb-speed-optimizer 2.24.18 Unauthenticated.Arbitrary.Option.Deletion HIGH" "the-plus-addons-for-block-editor 3.2.6 Missing.Authorization MEDIUM" "the-plus-addons-for-block-editor 3.2.6 Reflected.Cross-Site.Scripting MEDIUM" "table-addons-for-elementor 2.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via._id.Parameter MEDIUM" "tablepress 2.3.2 Authenticated.(Author+).Server-Side.Request.Forgery.via.DNS.Rebind MEDIUM" "tablepress 2.2.5 Authenticated(Author+).Server.Side.Request.Forgery(SSRF).via._get_import_files MEDIUM" "tablepress 2.1.5 Reflected.Cross-Site.Scripting MEDIUM" "tablepress 1.8.1 Authenticated.XML.External.Entity.(XXE) MEDIUM" "tune-library 1.5.5 SQL.Injection HIGH" "tags-cloud-manager No.known.fix Reflected.XSS HIGH" "thrive-leads 2.3.9.4 Unauthenticated.Option.Update MEDIUM" "theme-demo-import 1.1.1 Admin+.Arbitrary.File.Upload MEDIUM" "testimonial-slider 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "testimonial-slider 1.3.2 Stored.XSS.via.CSRF MEDIUM" "testimonial-slider 1.2.5 Authenticated.SQL.Injection HIGH" "testimonial-slider 1.3.2 Authenticated.Stored.Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "template-events-calendar 2.3.2 Authenticated.(Contributor+).SQL.Injection.via.shortcode HIGH" "template-events-calendar 2.0 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "template-events-calendar 1.7.2 Reflected.Cross-Site.Scripting.(XSS) HIGH" "thrive-ab-page-testing 1.4.13.3 Unauthenticated.Option.Update MEDIUM" "telugu-bible-verse-daily No.known.fix CSRF.to.Stored.XSS HIGH" "tawkto-live-chat 0.6.0 Subscriber+.Visitor.Monitoring.&.Chat.Removal HIGH" "tori-ajax No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "theme-switcha 3.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "telegram-bot No.known.fix Cross-Site.Request.Forgery MEDIUM" "telegram-bot 3.6.3 Admin+.Stored.XSS LOW" "total-gdpr-compliance-lite 1.0.5 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "tweeple No.known.fix Reflected.XSS HIGH" "tweet-wheel 1.0.3.3 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "the-post-grid 7.5.0 Editor+.Stored.XSS.via.Grid.Creation LOW" "the-post-grid 7.7.12 Authenticated.(Contributor+).Information.Disclosure MEDIUM" "the-post-grid 7.7.5 Missing.Authorization.via.save_block_css MEDIUM" "the-post-grid 7.7.5 Missing.Authorization.via.REST.API MEDIUM" "the-post-grid 7.7.5 Missing.Authorization.via.AJAX MEDIUM" "the-post-grid 7.7.2 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.section.title.tag MEDIUM" "the-post-grid 7.7.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-post-grid 7.7.0 Missing.Authorization MEDIUM" "the-post-grid 7.2.8 Block.CSS.Update.via.CSRF MEDIUM" "the-post-grid 5.0.5 Settings.Update.via.CSRF MEDIUM" "th23-social No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "tweet-old-post 9.0.11 PHP.Object.Injection LOW" "telephone-number-linker No.known.fix Contributor+.Stored.XSS MEDIUM" "tlp-team 4.1.2 Subscriber+.Arbitrary.File.Read.and.Deletion CRITICAL" "theme-junkie-shortcodes No.known.fix Contributor+.Stored.XSS.via.Shortcodes MEDIUM" "templatespare 2.4.3 Missing.Authorization.to.Authenticated.(Subscriber+).Theme.Update MEDIUM" "thrive-visual-editor 2.6.7.4 Unauthenticated.Option.Update MEDIUM" "tabs-responsive 2.2.8 Editor+.Stored.Cross-Site.Scripting LOW" "team-members 5.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "team-members 5.3.2 Author+.Stored.XSS MEDIUM" "team-members 5.2.1 Editor+.Stored.XSS LOW" "team-members 5.1.1 Admin+.Stored.Cross-Site.Scripting LOW" "team-members 5.0.4 Authenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "two-factor-authentication 1.3.13 Disable.Two.Factor.Authentication.CSRF HIGH" "two-factor-authentication 1.1.10 XSS MEDIUM" "tranzly No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tranzly 1.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "tripay-payment-gateway 3.2.8 Admin+.Stored.XSS LOW" "tourfic 2.11.21 Cross-Site.Request.Forgery.in.Multiple.Functions MEDIUM" "tourfic 2.11.8 Reflected.Cross-Site.Scripting MEDIUM" "tourfic 2.11.16 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "tourfic 2.11.19 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "tourfic 2.11.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "typofr No.known.fix Reflected.Cross-Site.Scripting HIGH" "ts-webfonts-for-sakura 3.1.3 Font.Settings.Change.via.CSRF MEDIUM" "ts-webfonts-for-sakura 3.1.1 Admin+.Stored.Cross-Site.Scripting LOW" "ts-webfonts-for-sakura 3.1.3 Font.Type.Settings.Change.via.CSRF MEDIUM" "toggle-the-title No.known.fix XSS MEDIUM" "tera-charts No.known.fix Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "timely-booking-button No.known.fix Admin+.Stored.XSS LOW" "the-very-simple-vimeo-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "the-holiday-calendar 1.11.3 Cross-Site.Scripting.(XSS) MEDIUM" "text-hover 4.2 Admin+.Stored.Cross-Site.Scripting. LOW" "total-team-lite 1.1.2 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "tuxedo-big-file-uploads 2.1.3 Authenticated.(Author+).Full.Path.Disclosure MEDIUM" "tuxedo-big-file-uploads 2.1.2 Cross-Site.Request.Forgery.via.actions MEDIUM" "task-scheduler 1.6.1 Folders.Disclosure.via.Outdated.jQueryFileTree.Library MEDIUM" "the-plus-addons-for-elementor-page-builder 5.6.3 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "the-plus-addons-for-elementor-page-builder 5.6.3 Missing.Authorization MEDIUM" "the-plus-addons-for-elementor-page-builder 5.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Testimonials.Widget.Settings MEDIUM" "the-plus-addons-for-elementor-page-builder 5.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Video.Widget MEDIUM" "the-plus-addons-for-elementor-page-builder 5.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.TP.Page.Scroll.Widget MEDIUM" "the-plus-addons-for-elementor-page-builder 5.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Widget MEDIUM" "the-plus-addons-for-elementor-page-builder 5.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-plus-addons-for-elementor-page-builder 5.5.3 Contributor+.Stored.XSS MEDIUM" "the-plus-addons-for-elementor-page-builder 5.5.5 Contributor+.Stored.XSS.via.Hover.Card.Widget MEDIUM" "the-plus-addons-for-elementor-page-builder 5.5.3 Contributor+.Stored.XSS MEDIUM" "the-plus-addons-for-elementor-page-builder 5.5.5 Contributor+.Stored.XSS.in.Widgets MEDIUM" "the-plus-addons-for-elementor-page-builder 5.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Age.Gate MEDIUM" "the-plus-addons-for-elementor-page-builder 5.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-plus-addons-for-elementor-page-builder 5.5.0 Contributor+.Stored.Cross-Site.Scripting.via.Countdown.Widget MEDIUM" "the-plus-addons-for-elementor-page-builder 5.4.2 Contributor+.LFI MEDIUM" "the-plus-addons-for-elementor-page-builder 5.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.Header.Meta.Content.Widget MEDIUM" "the-plus-addons-for-elementor-page-builder 5.3.4 Contributor+.Stored.XSS MEDIUM" "the-plus-addons-for-elementor-page-builder 2.0.7 Contributor+.Privilege.Escalation HIGH" "the-plus-addons-for-elementor-page-builder 2.0.7 Contributor+.Arbitrary.File.Access MEDIUM" "the-plus-addons-for-elementor-page-builder 2.0.6 Contributor+.Stored.XSS MEDIUM" "tutor-lms-migration-tool No.known.fix Missing.Authorization.in.tutor_lp_export_xml MEDIUM" "tutor-lms-migration-tool No.known.fix Missing.Authorization.in.tutor_import_from_xml MEDIUM" "truebooker-appointment-booking No.known.fix Settings.Update.via.CSRF MEDIUM" "truebooker-appointment-booking No.known.fix Multiple.Unauthenticated.SQLi HIGH" "transposh-translation-filter-for-wordpress No.known.fix Settings.Update.via.Authorization.Bypass MEDIUM" "transposh-translation-filter-for-wordpress No.known.fix Subscriber+.Unauthorised.Calls MEDIUM" "transposh-translation-filter-for-wordpress No.known.fix Admin+.SQL.Injection MEDIUM" "transposh-translation-filter-for-wordpress No.known.fix Usernames.Disclosure MEDIUM" "transposh-translation-filter-for-wordpress No.known.fix Unauthenticated.Settings.Change MEDIUM" "transposh-translation-filter-for-wordpress 1.0.8 Admin+.RCE MEDIUM" "transposh-translation-filter-for-wordpress 1.0.8 CSRF.to.Stored.XSS HIGH" "transposh-translation-filter-for-wordpress 1.0.8 Reflected.Cross-Site.Scripting MEDIUM" "transposh-translation-filter-for-wordpress 1.0.8 Stored.Cross-Site.Scripting MEDIUM" "table-of-contents-plus 2309 Settings.Update.via.CSRF MEDIUM" "table-of-contents-plus 2309 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "table-of-contents-plus 2212 Contributor+.Stored.XSS MEDIUM" "theme-tweaker-lite No.known.fix Cross-Site.Request.Forgery MEDIUM" "td-subscription 1.5 Authenticated.(Admin+).SQL.Injection HIGH" "td-subscription 1.5 Authenticated.(Admin+).SQL.Injection HIGH" "toolbar-to-share No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "testimonial-slider-shortcode 1.1.9 Contributor+.Stored.XSS MEDIUM" "td-composer 5.1 Reflected.Cross-Site.Scripting.via.envato_code[] MEDIUM" "td-composer 5.1 Reflected.Cross-Site.Scripting.via.envato_code[] MEDIUM" "td-composer 4.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.button.Shortcode MEDIUM" "td-composer 4.9 Authenticated.(Contributor+).Local.File.Inclusion.via.Shortcode HIGH" "td-composer 4.9 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Attachment.Meta MEDIUM" "td-composer 4.2 Admin+.Stored.XSS LOW" "td-composer 4.2 Unauthenticated.Stored.XSS HIGH" "td-composer 4.0 Reflected.Cross-site.Scripting HIGH" "td-composer 3.5 Unauthenticated.Account.Takeover CRITICAL" "thrive-clever-widgets 1.57.1 Unauthenticated.Option.Update MEDIUM" "totop-link No.known.fix Unauthenticated.PHP.Object.Injection MEDIUM" "teachpress 9.0.6 Cross-Site.Request.Forgery.via.delete_database() MEDIUM" "teachpress 9.0.5 Cross-Site.Request.Forgery MEDIUM" "teachpress 9.0.3 Reflected.Cross-Site.Scripting HIGH" "teachpress 8.1.9 Reflected.Cross-Site.Scripting HIGH" "timed-content 2.73 Contributor+.Stored.XSS MEDIUM" "total-sales-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "trust-form 2.0.1 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "twitter-plugin 2.55 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "tabs-for-visual-composer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "timeline-event-history 3.2 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "twentyfourth-wp-scraper No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "twentyfourth-wp-scraper No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "triberr-wordpress-plugin 4.1.2 Admin+.Stored.XSS LOW" "tournamatch 4.6.1 Admin+.Stored.XSS.via.Ladders LOW" "tournamatch 4.6.1 Subscriber+.Stored.XSS HIGH" "timeline-calendar No.known.fix Authenticated.(admin+).SQL.Injection HIGH" "treepress 3.0.1 Reflected.Cross-Site.Scripting MEDIUM" "treepress 3.0.0 Admin+.Stored.Cross-Site.Scripting LOW" "treepress 2.0.21 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "tabbed 1.3.2 Accordion,.FAQ.<.1.3.2.-.Unauthenticated.AJAX.Calls CRITICAL" "testimonial-rotator No.known.fix Authenticated.Stored.Cross-Site.Scripting HIGH" "testimonial-rotator 3.0.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "trustmate-io-integration-for-woocommerce 1.7.1 Subscriber+.Arbitrary.Blog.Option.Update HIGH" "trustmate-io-integration-for-woocommerce 1.8.12 Subscriber+.Arbitrary.Plugin's.Settings.Update HIGH" "template-kit-import 1.0.15 Author+.Stored.XSS MEDIUM" "translation-exchange No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "theme-blvd-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "tiny-bar 2.1 Reflected.Cross-Site.Scripting MEDIUM" "tooltip-ck No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "tracked-tweets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tracked-tweets No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "thank-me-later No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "themify-shortcodes 2.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themify-shortcodes 2.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.themify_button.Shortcode MEDIUM" "themify-shortcodes 2.0.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themify-shortcodes 2.0.8 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "thumbs-rating No.known.fix Unauthenticated.Insecure.Direct.Object.Reference MEDIUM" "turn-off-comments-for-all-posts No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "teamleader-form-integration 2.1.0 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "twchat 3.1.5 Multiple.CSRF MEDIUM" "twchat 3.1.5 Admin+.Local.File.Inclusion LOW" "timeline-for-beaver-builder 1.1.4 Editor+.Stored.XSS LOW" "tidio-gallery No.known.fix .Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "twitter-friends-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "typing-text 1.2.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "testimonial-add 3.5.8.5 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "tree-website-map 3.1 Arbitrary.Plugin.Installation/Activation.via.CSRF CRITICAL" "tree-website-map 2.9 Arbitrary.Plugin.Installation/Activation.via.Low.Privilege.User CRITICAL" "templatesnext-toolkit 3.2.9 Contributor+.Stored.XSS MEDIUM" "templatesnext-toolkit 3.2.8 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "templatesnext-toolkit 3.2.8 Contributor+.Stored.XSS MEDIUM" "testimonial-widgets 1.4.4 Authenticated.(Contributor+).SQL.Injection HIGH" "testimonial-widgets 1.4.3 Widget.Deletion.via.CSRF MEDIUM" "transcoder 1.3.6 Cross-Site.Request.Forgery MEDIUM" "twitter-cards-meta 2.5.0 CSRF.and.XSS HIGH" "tiempocom No.known.fix Stored.XSS.via.CSRF HIGH" "tiempocom No.known.fix Reflected.XSS HIGH" "tiempocom No.known.fix Shortcode.Deletion.via.CSRF MEDIUM" "taxonomy-filter 2.2.10 Settings.Update.via.CSRF MEDIUM" "tinymce-annotate No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "tinymce-annotate No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "themify-ptb 2.1.4 Subscriber+.Arbitrary.Post/Page.Creation MEDIUM" "themify-ptb 2.1.1 Reflected.Cross-Site.Scripting HIGH" "top-bar 3.0.4 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "top-bar 3.0.5 Admin+.Stored.XSS LOW" "top-bar 3.0.4 Admin+.Stored.Cross-Site.Scripting LOW" "the-events-calendar-pro 6.4.0.1 Contributor+.Missing.Authorization.to.Authenticated.Arbitrary.Events.Access MEDIUM" "teaser-maker-standard No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "themify-builder 7.6.2 Missing.Authorization.to.Authenticated.(Contributor+).Post.Duplication MEDIUM" "themify-builder 7.5.8 Open.Redirect MEDIUM" "themify-builder 7.0.6 Cross-Site.Request.Forgery MEDIUM" "themify-builder 5.3.2 Reflected.Cross-Site.Scripting HIGH" "templatesnext-onepager No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tipsacarrier 1.5.0.5 Unauthenticated.Orders.Disclosure MEDIUM" "tipsacarrier 1.5.0.5 Unauthenticated.SQLi HIGH" "transition-slider-lite No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "tainacan 0.21.8 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Read MEDIUM" "tainacan 0.21.4 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "tainacan 0.21.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tainacan 0.20.8 Missing.Authorization MEDIUM" "tainacan 0.20.7 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "tainacan 0.20.5 Reflected.Cross-Site.Scripting MEDIUM" "themesflat-addons-for-elementor 2.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Widget.Tags MEDIUM" "themesflat-addons-for-elementor 2.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.URLs MEDIUM" "themesflat-addons-for-elementor 2.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.in.Multiple.Widgets MEDIUM" "themesflat-addons-for-elementor 2.1.3 Contributor+.Stored.XSS.via.Widget.Titles MEDIUM" "tabs-pro 1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "theme-editor 2.9 Authenticated.(Admin+).PHAR.Deserialization HIGH" "theme-editor 2.8 Admin+.Arbitrary.File.Upload HIGH" "theme-editor 2.6 Authenticated.Arbitrary.File.Download MEDIUM" "theme-editor 2.2 Multiple.Vulnerabilities CRITICAL" "timesheet 0.1.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "temp-mail 1.0.1 Reflected.Cross-Site.Scripting MEDIUM" "ti-woocommerce-wishlist-premium 1.40.1 Unauthenticated.Blind.SQL.Injection HIGH" "ti-woocommerce-wishlist-premium 1.21.5 Authenticated.WP.Options.Change HIGH" "tk-smugmug-slideshow-shortcode No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tk-smugmug-slideshow-shortcode No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "toolbar-extras No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tidio-form No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "tripetto 7.0.1 Reflected.Cross-Site.Scripting MEDIUM" "tripetto 5.2.0 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "tripetto 5.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "thrive-headline-optimizer 1.3.7.3 Unauthenticated.Option.Update MEDIUM" "templately 2.2.6 Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "tajer No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "taboola 2.0.2 CSRF MEDIUM" "total-security 3.4.1 XSS.&.Settings.Change MEDIUM" "tax-rate-upload No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tax-rate-upload No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tt-custom-post-type-creator No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "trackship-for-woocommerce 1.7.6 Missing.Authorization MEDIUM" "thesis-openhook 4.3.1 Subscriber+.Remote.Code.Execution CRITICAL" "timeline-widget-addon-for-elementor 1.5.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "twittee-text-tweet No.known.fix Reflected.XSS HIGH" "twb-woocommerce-reviews 1.7.6 Admin+.Stored.XSS LOW" "tcd-google-maps No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "timeline-and-history-slider 2.4 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "tx-onepager No.known.fix Admin+.SQLi MEDIUM" "thrive-ultimatum 2.3.9.4 Unauthenticated.Option.Update MEDIUM" "throws-spam-away 3.3.1 Comment.Deletion.via.CSRF MEDIUM" "tradetracker-store 4.6.60 Admin+.SQL.Injection MEDIUM" "tf-numbers-number-counter-animaton 2.0.1 Subscriber+.Arbitrary.Option.Update HIGH" "tickera-event-ticketing-system 3.5.2.9 Missing.Authorization.to.Authenticated.(Susbcriber+).Ticket.Deletion MEDIUM" "tickera-event-ticketing-system 3.5.2.7 Missing.Authorization MEDIUM" "tickera-event-ticketing-system 3.5.2.5 Ticket.leakage.through.IDOR MEDIUM" "tickera-event-ticketing-system 3.5.1.0 Plugin.Data.Deletion.via.CSRF LOW" "tickera-event-ticketing-system 3.4.9.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "tickera-event-ticketing-system 3.4.8.3 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "tickera-event-ticketing-system 3.4.6.9 Unauthenticated.Sensitive.Data.Exposure HIGH" "ticket-tailor 1.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "top-10 3.2.5 Admin+.Stored.XSS LOW" "top-10 3.2.3 Contributor+.Stored.XSS MEDIUM" "top-10 2.9.5 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "terraclassifieds No.known.fix Cross-Site.Request.Forgery HIGH" "terraclassifieds No.known.fix TerraClassifieds.<=.2,0,3.Unauthenticated.Arbitrary.File.Upload CRITICAL" "tradedoubler-affiliate-tracker 2.0.22 Unauthenticated.LFI HIGH" "thinkific-uploader No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "timetics 1.0.24 Authorization.Bypass MEDIUM" "timetics 1.0.22 AI-powered.Appointment.Booking.with.Visual.Seat.Plan.and.ultimate.Calendar.Scheduling.Plugin.<.1.0.22.-.Missing.Authorization.to.Limited.Privilege.Escalation HIGH" "targetfirst-wordpress-plugin 1.0 Unauthenticated.Stored.XSS.via.Licence.Key HIGH" "testimonial-builder 1.6.2 Editor+.Stored.Cross-Site.Scripting LOW" "testimonial-builder 1.6.0 Admin+.Stored.Cross-Site.Scripting LOW" "testimonials-carousel-elementor 10.2.3 Contributor+.Stored.XSS MEDIUM" "testimonials-carousel-elementor 10.2.1 Missing.Authorization.to.Limited.Setting.Update MEDIUM" "testimonials-carousel-elementor 10.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "travel-light No.known.fix CSRF.Bypass MEDIUM" "tippy No.known.fix Contributor+.Stored.XSS MEDIUM" "transbank-webpay-plus-rest 1.6.7 Admin+.SQLi MEDIUM" "timthumb-vulnerability-scanner No.known.fix Scan.Initialisation.via.CSRF MEDIUM" "tag-groups 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "tag-groups 1.43.10.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "thinktwit 1.7.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "thesography No.known.fix Admin+.Stored.XSS LOW" "thirstyaffiliates 3.10.5 Subscriber+.unauthorized.image.upload.+.CSRF LOW" "thirstyaffiliates 3.10.5 Subscriber+.Arbitrary.Affiliate.Links.Creation LOW" "thirstyaffiliates 3.9.3 Authenticated.Stored.XSS MEDIUM" "tr-easy-google-analytics No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "tecslider 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "tecslider 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "team 1.22.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "team 1.22.16 PHP.Object.Injection HIGH" "team 1.22.16 Authenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "torro-forms No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "tutor-lms-elementor-addons 2.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Course.Carousel.Widget MEDIUM" "tutor-lms-elementor-addons 2.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tcs3 No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "titan-framework No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "titan-framework 1.6 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "traffic-manager No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "traffic-manager No.known.fix Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "thim-elementor-kit 1.1.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "thim-elementor-kit 1.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tec-subscriber-addons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tec-subscriber-addons 2.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "tm-woocommerce-compare-wishlist No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "tin-canny-learndash-reporting 4.3.0.8 Reflected.Cross-Site.Scripting MEDIUM" "tinymce-custom-styles 1.1.4 Admin+.Stored.Cross-Site.Scripting LOW" "tinymce-custom-styles 1.1.3 Admin+.Stored.XSS LOW" "title-field-validation No.known.fix Unauthorised.AJAX.Calls HIGH" "terms-and-conditions-per-product 1.2.6 Reflected.Cross-Site.Scripting MEDIUM" "themeisle-companion 2.10.37 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "themeisle-companion 2.10.35 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Services.and.Post.Type.Grid.Widgets MEDIUM" "themeisle-companion 2.10.33 Authenticated.(Contributor+).Stored.Cross-Site.Scripiting.via.Registration.Form.Widget MEDIUM" "themeisle-companion 2.10.32 Contributor+.Stored.XSS.via.Post.Type.Grid.Widget MEDIUM" "themeisle-companion 2.10.31 Contributor+.Stored.XSS.via.Pricing.Table.Widget MEDIUM" "themeisle-companion 2.10.31 Contributor+.Stored.XSS.via.Form.Widget MEDIUM" "themeisle-companion 2.10.30 Connected.API.Keys.Update.via.CSRF MEDIUM" "themeisle-companion 2.10.29 Unauthenticated.Connected.API.Keys.Update MEDIUM" "themeisle-companion 2.10.28 Contributor+.Stored.XSS MEDIUM" "themeisle-companion 2.10.27 Contributor+.Stored.XSS MEDIUM" "themeisle-companion 2.10.24 Author+.Server-Side.Request.Forgery MEDIUM" "themeisle-companion 2.10.3 Authenticated.Stored.Cross.Site.Scripting MEDIUM" "themeisle-companion 2.10.3 Authenticated.Privilege.Escalation CRITICAL" "tiger-form 2.1.0 Reflected.XSS HIGH" "taskbuilder 1.0.8 Subscriber+.Stored.XSS.via.SVG.file.upload MEDIUM" "testimonial-free 2.6.0 Contributor+.Stored.XSS MEDIUM" "testimonial-free 2.1.7 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "template-kit-export 1.0.22 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "thrive-apprentice 2.3.9.4 Unauthenticated.Option.Update MEDIUM" "tabs-with-posts No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tabs-with-posts No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "tour-booking-manager 1.7.8 Missing.Authorization MEDIUM" "tour-booking-manager 1.7.2 Missing.Authorization.via.ttbm_new_place_save MEDIUM" "tour-booking-manager 1.6.1 Cross-Site.Request.Forgery MEDIUM" "tinymce-and-tinymce-advanced-professsional-formats-and-styles No.known.fix Cross-Site.Request.Forgery.via.bb_taps_backend_page MEDIUM" "tlp-portfolio 2.8.11 WordPress.Portfolio.<.2.8.11.-.Contributor+.Stored.XSS MEDIUM" "tiny-carousel-horizontal-slider No.known.fix Admin+.Stored.XSS LOW" "time-sheets 1.29.3 Admin+.Stored.XSS LOW" "time-sheets 1.5.2 Multiple.XSS MEDIUM" "tiny-contact-form No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "track-geolocation-of-users-using-contact-form-7 2.1 Admin+.Stored.XSS LOW" "typebot No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "typebot 1.4.3 Admin+.Stored.Cross.Site.Scripting LOW" "tweetscroll-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "travelers-map 2.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tutor 2.7.5 Cross-Site.Request.Forgery.via.'addon_enable_disable' MEDIUM" "tutor 2.7.3 Authenticated.(Administrator+).SQL.Injection HIGH" "tutor 2.7.4 Authenticated.(Instructor+).Stored.Cross-Site.Scripting MEDIUM" "tutor 2.7.4 Missing.Authorization MEDIUM" "tutor 2.7.3 Cross-Site.Request.Forgery MEDIUM" "tutor 2.7.3 Authenticated.(Tutor.Instructor+).Stored.Cross-Site.Scripting MEDIUM" "tutor 2.7.2 Authenticated.(Admin+).Path.Traversal LOW" "tutor 2.7.2 Tutor.LMS.–.eLearning.and.online.course.solution.<.2,7,2.-Authenticated.(Administrator+).SQL.Injection HIGH" "tutor 2.7.2 Authenticated.(Instructor+).Insecure.Direct.Object.Reference.to.Arbitrary.Quiz.Attempt.Deletion MEDIUM" "tutor 2.7.1 Authenticated.(Instructor+).SQL.Injection HIGH" "tutor 2.7.1 Authenticated.(Instructor+).Insecure.Direct.Object.Reference.to.Arbitrary.Course.Deletion MEDIUM" "tutor 2.7.1 Missing.Authorization CRITICAL" "tutor 2.7.0 Missing.Authorization.to.Unauthenticated.Limited.Options.Update MEDIUM" "tutor 2.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'tutor_instructor_list'.Shortcode MEDIUM" "tutor 2.6.2 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Deletion MEDIUM" "tutor 2.6.2 Cross-Site.Request.Forgery.to.Plugin.Deactivation.and.Data.Erase MEDIUM" "tutor 2.6.2 Authenticated.(Subscriber+).SQL.Injection HIGH" "tutor 2.6.1 Student+.HTML.Injection.via.Q&A MEDIUM" "tutor 2.6.1 Missing.Authorization MEDIUM" "tutor 2.3.0 Admin+.Stored.XSS LOW" "tutor 2.3.0 Subscriber+.Stored.Cross-Site.Scripting HIGH" "tutor 2.2.1 Unauthenticated.Access.to.Tutor.LMS.Lesson.Resources.via.REST.API MEDIUM" "tutor 2.2.0 Unauthenticate.SQL.Injection HIGH" "tutor 2.2.1 Student+.SQL.Injection HIGH" "tutor 2.2.0 Instructor+.SQL.Injection MEDIUM" "tutor 2.0.10 Reflected.Cross-Site.Scripting HIGH" "tutor 2.0.10 Admin+.Stored.Cross-Site.Scripting LOW" "tutor 2.0.9 Reflected.Cross-Site.Scripting MEDIUM" "tutor 1.9.13 Reflected.Cross-Site.Scripting MEDIUM" "tutor 1.9.12 Subscriber+.Stored.Cross-Site.Scripting HIGH" "tutor 1.9.12 Reflected.Cross-Site.Scripting HIGH" "tutor 1.9.11 Reflected.Cross-Site.Scripting MEDIUM" "tutor 1.9.9 Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "tutor 1.9.6 Reflected.Cross-Site.Scripting HIGH" "tutor 1.9.2 Authenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "tutor 1.8.8 Authenticated.Local.File.Inclusion MEDIUM" "tutor 1.7.7 SQL.Injection.via.tutor_place_rating MEDIUM" "tutor 1.8.3 SQL.Injection.via.tutor_quiz_builder_get_answers_by_question MEDIUM" "tutor 1.7.7 Unprotected.AJAX.including.Privilege.Escalation HIGH" "tutor 1.8.3 SQL.Injection.via.tutor_answering_quiz_question/get_answer_by_id MEDIUM" "tutor 1.7.7 SQL.Injection.via.tutor_mark_answer_as_correct MEDIUM" "tutor 1.8.3 SQL.Injection.via.tutor_quiz_builder_get_question_form MEDIUM" "tutor 1.5.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "team-showcase-supreme 4.5 Editor+.Stored.Cross-Site.Scripting LOW" "themify-portfolio-post 1.2.5 Editor+.Stored.XSS LOW" "themify-portfolio-post 1.2.2 Contributor+.Stored.XSS MEDIUM" "themify-portfolio-post 1.2.1 Contributor+.Stored.XSS MEDIUM" "themify-portfolio-post 1.1.7 Reflected.Cross-Site.Scripting MEDIUM" "themify-portfolio-post 1.1.6 Authenticated.Stored.Cross-Site.Scripting HIGH" "translatepress-multilingual 2.3.3 Admin+.SQLi MEDIUM" "translatepress-multilingual 2.0.9 Authenticated.Stored.Cross-Site.Scripting LOW" "total-cost-input-for-woocommerce 1.0.1 Reflected.Cross-Site.Scripting MEDIUM" "term-and-category-based-posts-widget 4.9.13 Admin+.Stored.XSS LOW" "ttv-easy-embed-player 2.1.1 Admin+.Stored.XSS LOW" "template-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "template-manager No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "tracking-code-manager 2.3.0 Admin+.Stored.Cross-Site.Scripting LOW" "tracking-code-manager 2.1.0 Tracking.Code.Manager.<.2,1,0.-Admin+.Stored.Cross-Site.Scripting MEDIUM" "top-25-social-icons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "td-cloud-library 2.7 Unauthenticated.Arbitrary.User.Metadata.Update.to.Privilege.Escalation CRITICAL" "thrive-quiz-builder 2.3.9.4 Unauthenticated.Option.Update MEDIUM" "tutor-pro 2.7.3 Missing.Authorization.to.Authenticated.(Subscriber+).Insecure.Direct.Object.Reference HIGH" "tutor-pro 2.7.1 Missing.Authorization.to.Privilege.Escalation HIGH" "tutor-pro 2.7.1 Missing.Authorization.to.SQL.Injection HIGH" "tutor-pro 2.7.1 Missing.Authorization HIGH" "typea-ftc-disclosure No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "typea-ftc-disclosure No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "this-day-in-history No.known.fix Unauthenticated.Reflected.XSS HIGH" "tatsu 3.3.12 Unauthenticated.RCE CRITICAL" "tiny-carousel-horizontal-slider-plus No.known.fix Admin+.Stored.XSS MEDIUM" "theme-blvd-responsive-google-maps No.known.fix Contributor+.XSS MEDIUM" "track-the-click 0.3.12 Author+.Time-Based.Blind.SQL.Injection HIGH" "tilda-publishing 0.3.24 Subscriber+.Unauthorised.Action MEDIUM" "the-pack-addon 2.0.8.7 Authenticated.(contributor+).Local.File.Inclusion HIGH" "the-pack-addon 2.0.8.3 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "the-pack-addon 2.0.8.4 Reflected.Cross-Site.Scripting MEDIUM" "tabs-shortcode-and-widget No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "tumult-hype-animations 1.9.12 Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "tumult-hype-animations 1.9.13 Authenticated.(Author+).Arbitrary.File.Upload HIGH" "tapfiliate 3.0.13 Admin+.Stored.XSS LOW" "thecartpress No.known.fix Unauthenticated.Arbitrary.Admin.Account.Creation CRITICAL" "thecartpress 1.3.9.3 Multiple.Vulnerabilities HIGH" "the-sorter No.known.fix Authenticated.SQL.Injection MEDIUM" "table-genie No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "table-genie No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "timber-library 1.23.1 Authenticated.(Admin+).PHP.Object.Injection HIGH" "tagembed-widget 5.9 Missing.Authorization MEDIUM" "tagembed-widget 4.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "turbo-widgets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "turbo-widgets No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "turbo-widgets No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "themify-event-post 1.2.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "terms-descriptions 3.4.5 Reflected.XSS HIGH" "theatre 0.18.4 Admin+.Stored.XSS LOW" "tp-education 4.5 Contributor+.Stored.XSS MEDIUM" "the-moneytizer 10.0.1 Cross-Site.Request.Forgery.via.multiple.AJAX.actions HIGH" "the-moneytizer 10.0.1 Missing.Authorization.via.multiple.AJAX.actions HIGH" "the-moneytizer 9.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "templates-patterns-collection 1.2.3 Sensitive.Information.Exposure.via.Log.File MEDIUM" "testimonial 2.3.8 Admin+.Stored.Cross-Site.Scripting LOW" "thrive-dashboard 2.3.9.3 Unauthenticated.Option.Update MEDIUM" "thrive-automator 1.17.1 Cross-Site.Request.Forgery MEDIUM" "twenty20 No.known.fix Contributor+.Stored.XSS MEDIUM" "titan-labs-security-audit No.known.fix Admin+.Stored.Cross.Site.Scripting LOW" "themify-icons 2.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "total-donations No.known.fix Update.Arbitrary.WordPress.Option.Values CRITICAL" "testimonials-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "testimonials-widget No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.testimonials.Shortcode MEDIUM" "testimonials-widget 4.0.0 Multiple.Authenticated.Stored.XSS MEDIUM" "theme-per-user No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "themereps-helper No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "thrive-comments 1.4.15.3 Unauthenticated.Option.Update MEDIUM" "ultimate-auction 4.2.8 Missing.Authorization.to.Unauthenticated.Email.Creation MEDIUM" "ultimate-auction 4.2.6 Cross-Site.Request.Forgery MEDIUM" "ultimate-sms-notifications 1.9.9.6 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-sms-notifications 1.8.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ultimate-sms-notifications 1.4.2 CSV.Injection MEDIUM" "ultimate-addons-for-gutenberg 2.15.1 Authenticated.(Contributor+).Stored.Cross-site.Scripting MEDIUM" "ultimate-addons-for-gutenberg 2.13.8 Missing.Authorization.via.generate_ai_content MEDIUM" "ultimate-addons-for-gutenberg 2.13.1 Author+.Stored.XSS MEDIUM" "ultimate-addons-for-gutenberg 2.12.9 Contributor+.Stored.XSS.via.Image.Gallery.Block MEDIUM" "ultimate-addons-for-gutenberg 2.12.9 Contributor+.Stored.XSS.via.Testimonial.Block MEDIUM" "ultimate-addons-for-gutenberg 2.12.7 Contributor+.Path.Traversal MEDIUM" "ultimate-addons-for-gutenberg 2.10.4 Authenticated(Contributor+).Cross-Site.Scripting.via.Custom.CSS MEDIUM" "ultimate-addons-for-gutenberg 2.7.10 Contributor+.Stored.XSS MEDIUM" "ultimate-addons-for-gutenberg 1.15.0 Contributor+.Stored.Cross-Side.Scripting MEDIUM" "ultimate-addons-for-gutenberg 1.25.6 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-reviews 3.2.9 Unauthenticated.stored.Cross-Site.Scripting.via.reviews MEDIUM" "ultimate-reviews 3.0.16 Admin+.Stored.Cross-Site.Scripting LOW" "ultimate-reviews 2.1.33 Unauthenticated.PHP.Object.Injection MEDIUM" "uleak-security-dashboard No.known.fix Subscriber+.Stored.Cross-Site.Scripting HIGH" "user-meta-manager No.known.fix Reflected.XSS HIGH" "user-meta-manager No.known.fix CSRF MEDIUM" "uninstall No.known.fix WordPress.Deletion.via.CSRF HIGH" "user-location-and-ip No.known.fix Contributor+.Stored.XSS MEDIUM" "ultra-elementor-addons No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "universal-star-rating No.known.fix CSRF MEDIUM" "ultimate-carousel-for-divi 4.5.1 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-carousel-for-divi 4.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ultimate-appointment-scheduling 1.1.10 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "updraftplus 1.23.11 Google.Drive.Storage.Update.via.CSRF MEDIUM" "updraftplus 1.23.4 CSRF MEDIUM" "updraftplus 1.22.9 Reflected.Cross-Site.Scripting MEDIUM" "updraftplus 1.22.3 Subscriber+.Backup.Download HIGH" "updraftplus 1.16.69 Reflected.Cross-Site.Scripting HIGH" "updraftplus 1.16.66 Reflected.Cross-Site.Scripting HIGH" "updraftplus 1.16.59 Admin+.Local.File.Inclusion MEDIUM" "updraftplus 1.6.59 Admin+.Stored.Cross-Site.Scripting LOW" "updraftplus 1.13.5 XSS MEDIUM" "updraftplus 1.9.64 XSS MEDIUM" "user-activation-email No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "uncanny-learndash-toolkit 3.6.4.2 Cross-Site.Request.Forgery.(CSRF) HIGH" "upcasted-s3-offload 3.0.3 Reflected.Cross-Site.Scripting MEDIUM" "upcasted-s3-offload 3.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "upload-file-type-settings-plugin No.known.fix Admin+.Stored.XSS LOW" "ua-marketplace No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ua-marketplace 1.4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ultraaddons-elementor-lite 1.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "ultraaddons-elementor-lite 1.1.0 Reflected.Cross-Site.Scripting MEDIUM" "utilitify 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "utilitify 1.0.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "unusedcss 2.2.12 Unauthenticated.Server-Side.Request.Forgery HIGH" "unusedcss 1.7.2 Multiple.Subscriber+.Unauthorised.AJAX.Calls MEDIUM" "unusedcss 1.7.2 Unauthorised.AJAX.Calls MEDIUM" "unusedcss 1.6.36 Subscriber+.SQLi HIGH" "ultimate-addons-for-contact-form-7 3.2.1 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-addons-for-contact-form-7 3.2.11 Missing.Authorization MEDIUM" "ultimate-addons-for-contact-form-7 3.2.1 Reflected.XSS HIGH" "ultimate-addons-for-contact-form-7 3.1.29 Admin+.Stored.XSS LOW" "ultimate-addons-for-contact-form-7 3.1.29 Reflected.XSS HIGH" "ultimate-addons-for-contact-form-7 3.1.24 Subscriber+.SQL.Injection HIGH" "ultimate-addons-for-contact-form-7 3.1.24 Subscriber+.SQLi HIGH" "ultimate-addons-for-contact-form-7 3.1.24 Unauthenticated.SQLi HIGH" "ultimate-social-media-icons 2.9.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-social-media-icons 2.8.9 Admin+.Stored.XSS.via.settings LOW" "ultimate-social-media-icons 2.8.6 Subscriber+.Sensitive.Information.Exposure MEDIUM" "ultimate-social-media-icons 2.8.6 Arbitrary.Settings.Update.via.CSRF MEDIUM" "ultimate-social-media-icons 2.8.4 Reflected.XSS HIGH" "ultimate-social-media-icons 2.8.2 Plugin.Installation.via.CSRF MEDIUM" "ultimate-social-media-icons 2.8.2 Subscriber+.Plugin.Installation MEDIUM" "ultimate-social-media-icons 2.8.2 Admin+.Stored.XSS LOW" "ultimate-downloadable-products-for-woocommerce 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "update-theme-and-plugins-from-zip-file No.known.fix CSRF MEDIUM" "ultimate-social-media-plus 3.6.3 Missing.Authorization.to.Notice.Dismissal MEDIUM" "ultimate-social-media-plus 3.5.8 Plugin.Installation.via.CSRF MEDIUM" "ultimate-social-media-plus 3.5.8 Subscriber+.Plugin.Installation MEDIUM" "ultimate-social-media-plus 3.2.8 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-social-media-plus 3.0.4 Subscriber+.Arbitrary.Option.Update CRITICAL" "utubevideo-gallery 2.0.8 Contributor+.Stored.XSS MEDIUM" "unite-gallery-lite No.known.fix Authenticated.(Contributor+).SQL.Injection CRITICAL" "unite-gallery-lite 1.7.62 Admin+.Stored.XSS LOW" "unite-gallery-lite 1.7.60 Admin+.Local.File.Inclusion MEDIUM" "unite-gallery-lite 1.5 CSRF.&.Authenticated.SQL.Injection HIGH" "under-construction-maintenance-mode 1.1.2 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "under-construction-maintenance-mode 1.1.2 Server.Side.Request.Forgery.(SSRF) MEDIUM" "under-construction-page 3.97 Multiple.CSRF MEDIUM" "under-construction-page 3.86 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "user-domain-whitelist 1.5 .user-domain-whitelist.php.Domain.Whitelisting.Manipulation.CSRF HIGH" "updater 1.35 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-carousel-for-visual-composer No.known.fix Contributor+.Stored.XSS MEDIUM" "ultimate-category-excluder 1.2 Cross-Site.Request.Forgery MEDIUM" "uncanny-automator 5.1.0.3 Sensitive.Information.Exposure.via.Log.File MEDIUM" "uk-cookie-consent 3.2.1 Missing.Authorization.via.handle_consent_toggle() MEDIUM" "uk-cookie-consent 2.3.10 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "ucontext No.known.fix Stored.Cross-Site.Scripting.via.CSRF HIGH" "user-private-files 2.1.1 Insecure.Direct.Object.Reference.to.Authenticated.(Subscriber+).Private.File.Access MEDIUM" "user-private-files 2.0.5 Subscriber+.Sensitive.Data.and.Files.Exposure.via.IDOR MEDIUM" "user-private-files 2.0.4 Admin+.Stored.XSS MEDIUM" "user-private-files 1.1.3 Subscriber+.Arbitrary.File.Upload CRITICAL" "upunzipper No.known.fix Authenticated.(Admin+).Arbitrary.File.Deletion MEDIUM" "user-activity-log-pro No.known.fix Missing.Authorization MEDIUM" "user-activity-log-pro No.known.fix Authenticated.(Subscriber+).SQL.Injection CRITICAL" "user-activity-log-pro 2.3.4 Unauthenticated.Stored.Cross-Site.Scripting.via.User.Agent HIGH" "user-activity-log-pro 2.3.4 IP.Spoofing MEDIUM" "ultimate-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-addons-for-elementor 1.9 Missing.Authorization MEDIUM" "ulisting 2.0.9 Arbitrary.Blog.Option.Update.via.CSRF HIGH" "ulisting 2.0.6 Unauthenticated.Privilege.Escalation MEDIUM" "ulisting 2.0.6 Authenticated.IDOR MEDIUM" "ulisting 2.0.6 Multiple.CSRF MEDIUM" "ulisting 2.0.6 Settings.Update.via.CSRF MEDIUM" "ulisting 2.0.6 Reflected.Cross-Site.Scripting MEDIUM" "ulisting 2.0.6 Modify.User.Roles.via.CSRF MEDIUM" "ulisting 2.0.4 Unauthenticated.SQL.Injection HIGH" "ulisting 1.7 Unauthenticated.Arbitrary.Roles.and.Capabilities.Creation/Deletion MEDIUM" "ulisting 1.7 Unauthenticated.Arbitrary.Post/Page.Deletion HIGH" "ulisting 1.7 Missing.Access.Controls CRITICAL" "ulisting 1.7 Unauthenticated.Arbitrary.Account.Change HIGH" "ulisting 1.7 Unauthenticated.Information.Disclosure HIGH" "ulisting 1.7 Unauthenticated.SQL.Injections CRITICAL" "ulisting 1.7 Unauthenticated.Arbitrary.Account.Creation CRITICAL" "ulisting 1.7 Unauthenticated.WordPress.Options.Change CRITICAL" "uji-countdown 2.3.1 Admin+.Stored.XSS LOW" "uji-countdown 2.0.7 Cross-Site.Scripting.(XSS) MEDIUM" "url-shortify 1.7.9.1 Admin+.Stored.XSS LOW" "url-shortify 1.7.6 Unauthenticated.Stored.XSS.via.referer.header CRITICAL" "url-shortify 1.7.3 Reflected.Cross-Site.Scripting MEDIUM" "url-shortify 1.7.0 Admin+.Cross.Site.Scripting LOW" "url-shortify 1.5.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "url-shortify 1.5.1 Arbitrary.Link/Group.Deletion.via.CSRF MEDIUM" "urvanov-syntax-highlighter 2.8.34 Highlighting.Blocks.Mgt.via.CSRF MEDIUM" "ultimate-addons-for-beaver-builder-lite 1.5.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-addons-for-beaver-builder-lite 1.5.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Advanced.Icons.Widget MEDIUM" "ultimate-addons-for-beaver-builder-lite 1.5.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Separator.Widget MEDIUM" "ultimate-addons-for-beaver-builder-lite 1.5.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Info.Table.Widget MEDIUM" "ultimate-addons-for-beaver-builder-lite 1.5.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Heading.Widget MEDIUM" "ultimate-addons-for-beaver-builder-lite 1.5.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Widget MEDIUM" "user-submitted-posts 20240516 Admin+.Stored.XSS LOW" "user-submitted-posts 20230914 Unauthenticated.Arbitrary.File.Upload CRITICAL" "user-submitted-posts 20230902 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "user-submitted-posts 20230901 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "user-submitted-posts 20230811 Unauthenticated.Stored.XSS HIGH" "user-submitted-posts 20190501 Arbitrary.File.Upload MEDIUM" "ultimate-classified-listings 1.4 Reflected.XSS HIGH" "ultimate-classified-listings 1.3 Unauthenticated.LFI HIGH" "ultimate-classified-listings 1.3 Reflected.XSS HIGH" "useful-banner-manager No.known.fix Modify.banners.via.CSRF MEDIUM" "user-activity-tracking-and-log 4.1.4 IP.Spoofing MEDIUM" "user-activity-tracking-and-log 4.0.9 License.Update/Deactivation.via.CSRF MEDIUM" "ultimate-author-box-lite 1.1.3 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "url-params 2.5 Contributor+.Stored.XSS MEDIUM" "ultimate-infinite-scroll 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-store-kit 2.0.4 Unauthenticated.PHP.Object.Injection CRITICAL" "ultimate-store-kit 2.0.0 Unauthenticated.PHP.Object.Injection CRITICAL" "ultimate-store-kit 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-store-kit 2.0.4 Unauthenticated.PHP.Object.Injection MEDIUM" "ultimate-store-kit 1.6.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-faqs 2.1.2 Subscriber+.Arbitrary.FAQ.Creation MEDIUM" "ultimate-faqs 1.8.30 Unauthenticated.Reflected.XSS MEDIUM" "ultimate-faqs 1.8.25 Unauthenticated.Options.Import/Export HIGH" "ultimate-faqs 1.8.22 Cross-Site.Scripting.(XSS) MEDIUM" "unlimited-popups No.known.fix Author+.SQL.Injection HIGH" "ubermenu 3.8.4 Cross-Site.Request.Forgery.to.Settings.Reset HIGH" "ubermenu 3.8.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Shortcodes MEDIUM" "user-access-manager 2.2.18 IP.Spoofing LOW" "user-access-manager 2.0.9 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "user-export-with-their-meta-data No.known.fix Subscriber+.CSV.Injection LOW" "user-export-with-their-meta-data 0.6.5 Admin+.SQLi MEDIUM" "ultimate-gutenberg No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ultimate-gutenberg No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ultimate-custom-scrollbar 1.2 Reflected.Cross-Site.Scripting MEDIUM" "uncanny-toolkit-pro 4.1.4.1 Missing.Authorization.to.Arbitrary.Page/Post.Duplication MEDIUM" "uncanny-toolkit-pro 4.1.4.1 Reflected.Cross-Site.Scripting MEDIUM" "uncanny-toolkit-pro 4.1.4.1 Cross-Site.Request.Forgery MEDIUM" "up-down-image-slideshow-gallery 12.1 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "user-rights-access-manager No.known.fix Missing.Authorization MEDIUM" "user-rights-access-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "user-rights-access-manager 1.0.8 Access.Restriction.Bypass MEDIUM" "user-rights-access-manager 1.0.4 Improper.Access.Controls MEDIUM" "ultimate-post 4.1.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-post 4.1.3 Missing.Authorization.to.Arbitrary.Options.Update HIGH" "ultimate-post 4.1.0 Authenticated.(Contributor+).Stored.Cross=Site.Scripting MEDIUM" "ultimate-post 4.1.0 Contributor+.Stored.XSS MEDIUM" "ultimate-post 4.0.2 Contributor+.Stored.XSS MEDIUM" "ultimate-post 4.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-post 3.2.4 Incorrect.Authorization MEDIUM" "ultimate-post 3.0.6 Gutenberg.Post.Grid.Blocks.<.3.0.6.-.Reflected.Cross-Site.Scripting HIGH" "ultimate-post 2.9.10 Gutenberg.Blocks.for.Post.Grid.<.2.9.10.-.Reflected.Cross-Site.Scripting HIGH" "ultimate-post 2.4.10 Private.Content.Disclosure MEDIUM" "ultimate-post 2.4.10 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "ultimate-post 2.4.10 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "ultimate-post 2.4.10 Missing.Access.Controls MEDIUM" "uniconsent-cmp 1.4.4 Admin+.Stored.XSS LOW" "use-any-font 6.2.1 API.Key.Deactivation.via.CSRF MEDIUM" "use-any-font 6.2.1 Unauthenticated.Arbitrary.CSS.Appending HIGH" "user-avatar-reloaded 1.2.2 Reloaded.<.1.2.2.-.Contributor+.Stored.XSS MEDIUM" "uni-woo-custom-product-options 4.9.27 Reflected.Cross-Site.Scripting MEDIUM" "uni-woo-custom-product-options 4.9.14 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "universal-analytics 1.3.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "user-activity No.known.fix IP.Spoofing MEDIUM" "uncanny-automator-pro 5.3.0.1 Reflected.Cross-Site.Scripting MEDIUM" "uncanny-automator-pro 5.3.0.1 Missing.Authorization.to.Unauthenticated.License.Setting.Reset MEDIUM" "uncanny-automator-pro 5.3.0.1 Cross-Site.Request.Forgery.to.License.Setting.Reset MEDIUM" "ultimate-noindex-nofollow-tool No.known.fix Settings.Update.via.CSRF MEDIUM" "ultimate-elementor 1.36.32 Authenticated.(Contributor+).Privilege.Escalation HIGH" "ultimate-elementor 1.30.0 Contributor+.Stored.XSS MEDIUM" "ultimate-elementor 1.24.2 Registration.Bypass HIGH" "ultimate-elementor 1.20.1 Authentication.Bypass CRITICAL" "uipress-lite 3.4.07 Authenticated.(Administrator+).SQL.Injection CRITICAL" "upload-fields-for-wpforms No.known.fix Missing.Authorization MEDIUM" "user-magic No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ultimate-post-kit 3.11.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Social.Count.(Static).Widget MEDIUM" "ultimate-post-kit 3.6.4 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-post-kit 2.9.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ultimate-posts-widget 2.3.1 Admin+.Stored.XSS LOW" "ultimate-posts-widget 2.2.5 Plugin.Installation.via.CSRF MEDIUM" "ultimate-posts-widget 2.2.5 Subscriber+.Plugin.Installation MEDIUM" "use-your-drive 1.18.3 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-facebook-comments No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "userheat 1.1.11 Settings.Update.via.CSRF MEDIUM" "ultimatewoo No.known.fix PHP.Object.Injection MEDIUM" "ungallery No.known.fix Stored.XSS.via.CSRF HIGH" "ukuupeople-the-simple-crm No.known.fix Unauthorised.Favourite.Addition/Deletion MEDIUM" "ultimate-form-builder-lite 1.5.1 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "ultimate-form-builder-lite 1.3.8 Multiple.Vulnerabilities CRITICAL" "users-customers-import-export-for-wp-woocommerce 2.5.4 Authenticated.(Admin+).PHP.Object.Injection HIGH" "users-customers-import-export-for-wp-woocommerce 2.5.3 Authenticated.(Shop.Manager+).Path.Traversal LOW" "users-customers-import-export-for-wp-woocommerce 2.4.9 Shop.Manager+.Arbitrary.File.Upload HIGH" "users-customers-import-export-for-wp-woocommerce 2.4.2 Shop.Manager+.Privilege.Escalation HIGH" "users-customers-import-export-for-wp-woocommerce 1.3.9 Authenticated.Arbitrary.User.Creation HIGH" "users-customers-import-export-for-wp-woocommerce 1.3.2 CSV.Injection HIGH" "use-memcached No.known.fix Settings.Update.via.CSRF MEDIUM" "userpro 5.1.9 Unauthenticated.Account.Takeover.to.Privilege.Escalation CRITICAL" "userpro 5.1.7 Disabled.Membership.Registration.Bypass MEDIUM" "userpro 5.1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "userpro 5.1.5 Missing.Authorization.to.Arbitrary.Shortcode.Execution.via.userpro_shortcode_template MEDIUM" "userpro 5.1.2 Authentication.Bypass.to.Administrator CRITICAL" "userpro 5.1.5 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "userpro 5.1.2 Sensitive.Information.Disclosure.via.Shortcode MEDIUM" "userpro 5.1.1 Cross-Site.Request.Forgery.to.PHP.Object.Injection HIGH" "userpro 5.1.2 Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "userpro 5.1.1 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting.via.userpro_save_userdata MEDIUM" "userpro 5.1.2 Insecure.Password.Reset.Mechanism CRITICAL" "userpro 5.1.2 Cross-Site.Request.Forgery.to.Sensitive.Information.Exposure MEDIUM" "userpro 5.1.2 Cross-Site.Request.Forgery.via.multiple.functions MEDIUM" "userpro 5.1.2 Missing.Authorization.via.multiple.functions HIGH" "userpro 4.9.35.1 Unauthenticated.Reflected.XSS MEDIUM" "userpro 4.9.28 User.Registration.With.Administrator.Role MEDIUM" "userpro 4.9.24 Unauthenticated.Cross-Site.Scripting.(XSS) CRITICAL" "user-shortcodes-plus No.known.fix Insecure.Direct.Object.Reference.to.Authenticated.(Contributor+).Sensitive.Information.Disclosure.via.user_meta.Shortcode MEDIUM" "ultimate-410 1.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-widgets-light No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ultimate-widgets-light No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ultimate-widgets-light No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "ultimate-tables No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ultimate-under-construction 1.9.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "user-meta-shortcodes No.known.fix Contributor+.Unauthorized.Arbitrary.User.Metadata.Access HIGH" "user-verification 1.0.94 Authentication.Bypass CRITICAL" "updraft No.known.fix Reflected.XSS HIGH" "ultimate-member 2.8.4 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "ultimate-member 2.8.3 2.8.2.-.Unauthenticated.SQL.Injection MEDIUM" "ultimate-member 2.6.7 Unauthenticated.Privilege.Escalation CRITICAL" "ultimate-member 2.6.1 Form.Duplication.via.CSRF MEDIUM" "ultimate-member 2.5.1 Admin+.LFI.via.Traversal LOW" "ultimate-member 2.5.1 Subscriber+.RCE HIGH" "ultimate-member 2.5.1 Contributor+.LFI.via.Traversal MEDIUM" "ultimate-member 2.5.1 Admin+.RCE MEDIUM" "ultimate-member 2.4.0 Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "ultimate-member 2.3.2 Open.Redirect MEDIUM" "ultimate-member 2.1.20 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-member 2.1.12 Authenticated.Privilege.Escalation.via.Profile.Update CRITICAL" "ultimate-member 2.1.12 Unauthenticated.Privilege.Escalation.via.User.Roles CRITICAL" "ultimate-member 2.1.12 Unauthenticated.Privilege.Escalation.via.User.Meta CRITICAL" "ultimate-member 2.1.7 Unauthenticated.Open.Redirect MEDIUM" "ultimate-member 2.1.3 Insecure.Direct.Object.Reference.(IDOR) MEDIUM" "ultimate-member 2.0.54 Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-member 2.0.52 CSRF.and.Stored.XSS.issues MEDIUM" "ultimate-member 2.0.46 Multiple.Vulnerabilities HIGH" "ultimate-member 2.0.40 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "ultimate-member 2.0.33 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "ultimate-member 2.0.28 Multiple.XSS MEDIUM" "ultimate-member 2.0.22 Authenticated.Cross-Site.Scripting.(XSS) HIGH" "ultimate-member 2.0.22 Unauthenticated.Arbitrary.File.Upload HIGH" "ultimate-member 2.0.18 Authenticated.Cross-Site.Scripting.(XSS) HIGH" "ultimate-member 2.0.4 Multiple.Issues HIGH" "ultimate-member 2.0.7 Multiple.Cross-Site.Request.Forgery.Issues HIGH" "ultimate-member 2.0.4 Multiple.XSS MEDIUM" "ultimate-member 1.3.76 Unauthenticated.Change.Passwords HIGH" "ultimate-member 1.3.65 Local.File.Inclusion MEDIUM" "ultimate-member 1.3.40 Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-member 1.3.29 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-member 1.3.18 Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-member 1.2.995 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-member 1.0.84 Multiple.Vulnerabilities HIGH" "uploadcare 3.1.0 Cross-Site.Request.Forgery MEDIUM" "ultimeter 2.8.3 Reflected.Cross-Site.Scripting MEDIUM" "ultimeter 2.7.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ultimeter 1.9.3 Subscriber+.Arbitrary.Option.Update CRITICAL" "udraw 3.3.3 Unauthenticated.Arbitrary.File.Access HIGH" "unyson 2.7.31 Cross-Site.Request.Forgery MEDIUM" "unyson No.known.fix Missing.Authorization MEDIUM" "unyson 2.7.27 Reflected.Cross-Site.Scripting MEDIUM" "ucontext-for-amazon No.known.fix Stored.Cross-Site.Scripting.via.CSRF HIGH" "ultimate-weather-plugin No.known.fix Unauthenticated.Reflected.XSS MEDIUM" "user-role 1.6.7 Privilege.Escalation.via.CSRF HIGH" "user-role 1.5.6 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-maps-by-supsystic 1.2.17 Cross-Site.Request.Forgery MEDIUM" "ultimate-maps-by-supsystic 1.2.16 .Admin+.Stored.XSS LOW" "ultimate-maps-by-supsystic 1.2.5 Reflected.Cross-Site.scripting.(XSS) HIGH" "ultimate-maps-by-supsystic 1.1.17 Authenticated.SQL.Injections CRITICAL" "ultimate-instagram-feed No.known.fix Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "user-menus 1.3.2 Reflected.Cross-Site.Scripting MEDIUM" "user-menus 1.2.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "uncode-core 2.8.7 Reflected.Cross-Site.Scripting MEDIUM" "uncode-core 2.8.9 Privilege.Escalation HIGH" "uncode-core 2.8.9 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "ultra-companion 1.2.0 Contributor+.Stored.XSS MEDIUM" "utm-tracker No.known.fix Admin+.Stored.XSS LOW" "usc-e-shop 2.10.0 Missing.Authorization MEDIUM" "usc-e-shop 2.9.4 Authenticated(Editor+).SQL.Injection HIGH" "usc-e-shop 2.9.7 Authenticated.(Administrator+).Directory.Traversal MEDIUM" "usc-e-shop 2.9.6 Admin+.PHP.Object.Injection HIGH" "usc-e-shop 2.9.5 Cross-Site.Request.Forgery HIGH" "usc-e-shop 2.9.5 Reflected.XSS HIGH" "usc-e-shop 2.9.5 Unauthenticated.PHP.Object.Injection HIGH" "usc-e-shop 2.9.5 Subscriber+.Arbitrary.File.Upload HIGH" "usc-e-shop 2.8.22 Editor+.SQL.Injection MEDIUM" "usc-e-shop 2.8.22 Multiple.XSS MEDIUM" "usc-e-shop 2.8.22 Editor+.Arbitrary.File.Upload LOW" "usc-e-shop 2.8.22 Author+.SQL.Injection MEDIUM" "usc-e-shop 2.8.22 Author+.Path.Traversal MEDIUM" "usc-e-shop 2.8.11 Reflected.XSS HIGH" "usc-e-shop 2.8.9 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "usc-e-shop 2.8.6 Subscriber+.PHAR.Deserialisation HIGH" "usc-e-shop 2.8.5 Subscriber+.Arbitrary.File.Access HIGH" "usc-e-shop 2.8.5 Unauthenticated.Arbitrary.File.Access HIGH" "usc-e-shop 2.8.4 Multiple.Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "usc-e-shop 2.8.4 Subscriber+.Arbitrary.Shipping.Method.Creation/Update/Deletion MEDIUM" "usc-e-shop 2.7.8 Unauthenticated.Arbitrary.File.Access HIGH" "usc-e-shop 2.2.8 Authenticated.System.Information.Disclosure MEDIUM" "usc-e-shop 2.2.8 Unauthenticated.Information.Disclosure HIGH" "usc-e-shop 2.2.4 Cross-Site.Scripting.(XSS) MEDIUM" "usc-e-shop 2.1.1 Authenticated.SQL.Injection MEDIUM" "usc-e-shop 1.9.36 Authenticated.PHP.Object.Injection HIGH" "usc-e-shop 1.8.3 PHP.Object.Injection MEDIUM" "usc-e-shop 1.8.3 Session.Management MEDIUM" "usc-e-shop 1.8.3 Cross-Site.Scripting.(XSS) MEDIUM" "usc-e-shop 1.5.3 SQL.Injection MEDIUM" "usc-e-shop 1.4.18 Multiple.Vulnerabilities LOW" "usc-e-shop 1.5 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "usc-e-shop 1.5 SQL.Injection CRITICAL" "usc-e-shop 1.5 purchase_limit.Parameter.DOM-based.XSS MEDIUM" "ubigeo-peru 3.6.4 Unauthenticated.SQLi HIGH" "update-urls 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "usersnap 4.17 Admin+.Stored.XSS LOW" "userfeedback-lite 1.0.16 Unauthenticated.Stored.Cross-Site.Scripting.via.Name.Parameter HIGH" "userfeedback-lite 1.0.14 Unauthenticated.Stored.XSS MEDIUM" "userfeedback-lite 1.0.10 Unauthenticated.Stored.XSS HIGH" "userfeedback-lite 1.0.8 Unauthenticated.Stored.XSS HIGH" "unlimited-theme-addons 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "user-activity-log 2.0 Admin+.SQL.Injection MEDIUM" "user-activity-log 1.6.7 IP.Spoofing MEDIUM" "user-activity-log 1.6.6 Subscriber+.Log.Export MEDIUM" "user-activity-log 1.6.5 Unauthenticated.SQLi HIGH" "user-activity-log 1.6.3 Admin+.SQLi MEDIUM" "user-activity-log 1.6.3 Admin+.SQL.Injection MEDIUM" "user-activity-log 1.4.7 Reflected.Cross-Site.Scripting HIGH" "user-activity-log 1.4.7 Reflected.Cross.Site.Scripting.via.Query.String MEDIUM" "user-registration 3.2.1 Missing.Authorization.to.Privilege.Escalation HIGH" "user-registration 3.2.0 Missing.Authorization.to.Authenticated.(Subscriber+).Privilege.Escalation HIGH" "user-registration 3.2.0 Missing.Authorization.to.Unauthenticated.Media.Deletion MEDIUM" "user-registration 3.1.5 Unauthenticated.Stored.Self-Based.Cross-Site.Scripting MEDIUM" "user-registration 3.0.4.2 Admin+.Stored.XSS LOW" "user-registration 3.0.2.1 Subscriber+.Arbitrary.File.Upload.Leading.to.RCE CRITICAL" "user-registration 3.0.2.1 Subscriber+.Arbitrary.File.Upload CRITICAL" "user-registration 3.0.2 Subscriber+.PHP.Object.Injection HIGH" "user-registration 2.3.3 Subscriber+.PHP.Object.Injection HIGH" "user-registration 2.3.1 Admin+.Stored.XSS LOW" "user-registration 2.2.4.1 Subscriber+.Arbitrary.File.Upload CRITICAL" "user-registration 2.0.2 Low.Privilege.Stored.Cross-Site.Scripting MEDIUM" "uploading-svgwebp-and-ico-files No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "uploading-svgwebp-and-ico-files No.known.fix Admin+.Arbitrary.File.Upload MEDIUM" "uploading-svgwebp-and-ico-files No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "ultimate-noindex-nofollow-tool-ii 1.3.6 Admin+.Stored.XSS LOW" "ultimate-noindex-nofollow-tool-ii 1.3.4 Settings.Update.via.CSRF MEDIUM" "users-ultra No.known.fix Unauthenticated.SQL.Injection HIGH" "users-ultra 1.5.63 Authenticated.Stored.Cross-Site.Scripting.(XSS).&.CSRF HIGH" "users-ultra 1.5.64 Authenticated.Blind.SQL.Injection HIGH" "users-ultra 1.5.59 Unrestricted.File.Upload HIGH" "upqode-google-maps No.known.fix Contributor+.Stored.XSS MEDIUM" "userback 1.0.14 Arbitrary.Settings.Update.via.CSRF MEDIUM" "ux-flat 4.5 Contributor+.Stored.XSS MEDIUM" "upload-media-by-url 1.0.8 Stored.XSS.via.CSRF MEDIUM" "ultimate-responsive-image-slider 3.5.12 Ultimate.Responsive.Image.Slider.<.3.5.12.-.Subscriber+.Arbitrary.Post.Access MEDIUM" "userplus No.known.fix Stored.XSS.via.CSRF HIGH" "userswp 1.2.16 Missing.Authorization MEDIUM" "userswp 1.2.12 Users.Information.Disclosure MEDIUM" "userswp 1.2.11 Unauthenticated.SQL.Injection.via.'uwp_sort_by' CRITICAL" "userswp 1.2.6 Cross-Site.Request.Forgery MEDIUM" "userswp 1.2.7 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "userswp 1.2.3.23 Profile.Picture.Deletion.via.CSRF MEDIUM" "userswp 1.2.3.1 Subscriber+.User.Avatar.Override MEDIUM" "userswp 1.2.2.29 Reflected.Cross-Site.Scripting MEDIUM" "user-avatar 1.4.12 Reflected.XSS HIGH" "user-profile 2.0.21 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-carousel-for-elementor No.known.fix Contributor+.Stored.XSS MEDIUM" "ultimate-bootstrap-elements-for-elementor 1.4.5 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "ultimate-bootstrap-elements-for-elementor 1.4.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "ultimate-bootstrap-elements-for-elementor 1.3.7 Contributor+.Stored.XSS MEDIUM" "universal-email-preference-center No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "unlimited-elements-for-elementor 1.5.113 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'email' MEDIUM" "unlimited-elements-for-elementor 1.5.113 Authenticated.(Contributor+).Time-Based.SQL.Injection HIGH" "unlimited-elements-for-elementor 1.5.113 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'username' MEDIUM" "unlimited-elements-for-elementor 1.5.113 IP.Address.Spoofing.to.Antispam.Bypass MEDIUM" "unlimited-elements-for-elementor 1.5.110 Authenticated.(Contributor+).Blind.SQL.Injection.via.data[addonID].Parameter HIGH" "unlimited-elements-for-elementor 1.5.110 Authenticated.(Contributor+).Information.Exposure MEDIUM" "unlimited-elements-for-elementor 1.5.108 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Text.Field MEDIUM" "unlimited-elements-for-elementor 1.5.91 Contributor+.Remote.Code.Execution.via.template.import HIGH" "unlimited-elements-for-elementor 1.5.108 Contributor+.SQLi MEDIUM" "unlimited-elements-for-elementor 1.5.105 Contributor+.SQL.Injection HIGH" "unlimited-elements-for-elementor 1.5.103 Admin+.Command.Injection HIGH" "unlimited-elements-for-elementor 1.5.103 Reflected.Cross-Site.Scripting MEDIUM" "unlimited-elements-for-elementor 1.5.97 Contributor+.Stored.XSS MEDIUM" "unlimited-elements-for-elementor 1.5.94 Reflected.Cross-Site.Scripting HIGH" "unlimited-elements-for-elementor 1.5.75 Reflected.Cross-Site.Scripting MEDIUM" "unlimited-elements-for-elementor 1.5.67 Contributor+.Arbitrary.File.Upload HIGH" "unlimited-elements-for-elementor 1.5.49 Admin+.Stored.XSS LOW" "unlimited-elements-for-elementor 1.5.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "user-meta 3.1 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "user-meta 2.4.4 Subscriber+.Local.File.Enumeration.via.Path.Traversal LOW" "user-meta 2.4.3 Admin+.Stored.Cross-Site.Scripting LOW" "useragent-spy No.known.fix Admin+.Stored.XSS LOW" "upfiv-complete-all-in-one-seo-wizard No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "upfiv-complete-all-in-one-seo-wizard No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "uji-popup No.known.fix Contributor+.Stored.XSS MEDIUM" "username-updater 1.0.5 Arbitrary.Username.Update.via.CSRF MEDIUM" "underconstruction 1.22 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "underconstruction 1.20 Construction.Mode.Deactivation.via.CSRF MEDIUM" "underconstruction 1.21 Admin+.Stored.Cross-Site.Scripting LOW" "underconstruction 1.19 Reflected.Cross-Site.Scripting HIGH" "ultimate-wp-query-search-filter No.known.fix Contributor+.XSS MEDIUM" "ultimate-bulk-seo-noindex-nofollow No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "user-login-history 1.6 Cross-Site.Scripting.(XSS) MEDIUM" "user-ip-and-location 2.2.1 Contributor+.Stored.XSS MEDIUM" "ultimate-dashboard 3.7.12 Admin+.Stored.XSS LOW" "ultimate-dashboard 3.7.11 Login.Page.Disclosure.on.Multi-site MEDIUM" "ultimate-dashboard 3.7.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.plugin.settings MEDIUM" "ultimate-dashboard 3.7.6 Admin+.Stored.XSS LOW" "ut-shortcodes 5.0.5 Reflected.Cross-Site.Scripting MEDIUM" "update-alt-attribute No.known.fix Reflected.XSS HIGH" "update-alt-attribute No.known.fix Cross-Site.Request.Forgery MEDIUM" "ultimate-product-catalogue 5.2.16 Cross-Site.Request.Forgery.via.reset_settings() MEDIUM" "ultimate-product-catalogue 5.2.6 Admin+.Stored.XSS LOW" "ultimate-product-catalogue 5.0.26 Subscriber+.Arbitrary.Product.Creation.&.Settings.Update MEDIUM" "userlike 2.3 Admin+.Stored.Cross-Site.Scripting LOW" "unlimited-addons-for-wpbakery-page-builder No.known.fix Authenticated.(Editor+).Arbitrary.File.Upload HIGH" "ultimate-blocks 3.2.2 Contributor+.Stored.XSS MEDIUM" "ultimate-blocks 3.2.0 Contributor+.Stored.XSS MEDIUM" "ultimate-blocks 3.2.0 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Blocks MEDIUM" "ultimate-blocks 3.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.title.tag.attribute MEDIUM" "ultimate-blocks 3.1.9 Contributor+.Stored.XSS MEDIUM" "ultimate-blocks 3.1.1 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.metabox MEDIUM" "ultimate-blocks 3.1.7 Contributor+.Stored.XSS MEDIUM" "ultimate-blocks 3.0.1 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-blocks 2.4.13 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ultimate-taxonomy-manager No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "ultimate-taxonomy-manager No.known.fix Reflected.XSS HIGH" "user-spam-remover 1.1 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "visual-sound No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "visual-sound No.known.fix Settings.Update.via.CSRF MEDIUM" "visibility-logic-elementor 2.3.5 Cross-Site.Request.Forgery MEDIUM" "videojs-html5-player 1.1.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.videojs_video.Shortcode MEDIUM" "videojs-html5-player 1.1.9 Contributor+.Stored.XSS MEDIUM" "vendor 1.1.1 Unauthenticated.Information.Disclosure MEDIUM" "v-form 2.1.6 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "vikbooking 1.6.8 Insecure.Direct.Object.References LOW" "vikbooking 1.6.8 Broken.Access.Control MEDIUM" "vikbooking 1.6.8 Reflected.Cross-Site.Scripting MEDIUM" "vikbooking 1.6.0 Multiple.CSRF MEDIUM" "vikbooking 1.5.12 Admin+.Stored.XSS LOW" "vikbooking 1.5.9 Reflected.Cross-Site.Scripting MEDIUM" "vikbooking 1.5.8 Admin+.Stored.Cross-Site.Scripting LOW" "vikbooking 1.5.7 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "vikbooking 1.5.8 Admin+.PHP.File.Upload MEDIUM" "vikbooking 1.5.4 Booking.Data.Disclosure MEDIUM" "vikbooking 1.5.4 Unauthenticated.Arbitrary.File.Upload CRITICAL" "vertical-marquee-plugin 7.2 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "vertical-marquee-plugin No.known.fix Admin+.Stored.XSS LOW" "viet-nam-affiliate No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "visual-sound-widget-for-soundcloud-and-artistplugme-visualdreams No.known.fix Settings.Update.via.CSRF MEDIUM" "vdz-google-analytics 1.6.0 Authenticated.Stored.XSS LOW" "vdz-google-analytics 1.4.9 Authenticated.Stored.XSS LOW" "video-grid 1.22 Reflected.XSS HIGH" "visual-footer-credit-remover 1.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "viral-signup No.known.fix Unauthenticated.SQLi HIGH" "viral-signup No.known.fix Admin+.Stored.XSS LOW" "variation-swatches-for-woocommerce 2.1.2 Subscriber+.Stored.Cross-Site.Scripting HIGH" "visitor-info No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "visitor-info No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "video-reviews 1.3.5 Reflected.Cross-Site.Scripting MEDIUM" "video-reviews 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "visual-form-builder 3.0.8 Entries.Deletion/Restoration.via.CSRF MEDIUM" "visual-form-builder 3.0.7 Admin+.Stored.Cross-Site.Scripting LOW" "visual-form-builder 3.0.6 Unauthenticated.Information.Disclosure MEDIUM" "visual-form-builder 3.0.6 CSV.Injection LOW" "visual-form-builder 3.0.4 Admin+.Stored.Cross-Site.Scripting LOW" "verge3d 4.5.3 Subscriber+.Arbitrary.File.Upload HIGH" "vision 1.7.2 Missing.Authorization MEDIUM" "vision 1.5.4 Contributor+.Stored.XSS MEDIUM" "vision 1.5.2 Reflected.Cross-Site.Scripting HIGH" "visitors-online 1.0.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "visitors-online 0.4 SQL.Injection CRITICAL" "vk-filter-search 2.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "videowhisper-live-streaming-integration 4.27.4 Cross-Site.Scripting.(XSS) MEDIUM" "videowhisper-live-streaming-integration 4.29.5 Multiple.Vulnerabilities CRITICAL" "videowhisper-live-streaming-integration 4.29.10 videowhisper_streaming.php.Multiple.Parameter.XSS HIGH" "videowhisper-live-streaming-integration 4.67.17 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "video-thumbnails No.known.fix Admin+.Stored.XSS LOW" "vertical-scroll-recent-post No.known.fix Cross-Site.Request.Forgery.via.vsrp_admin_options MEDIUM" "vertical-scroll-recent-post No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "vertical-scroll-recent-post 14.0 Reflected.Cross-Site.Scripting MEDIUM" "visual-portfolio 3.3.3 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.title_tag.Parameter MEDIUM" "visual-portfolio 2.18.0 Unauthenticated.CSS.Injection MEDIUM" "visual-portfolio 2.19.0 Contributor+.CSS.Injection MEDIUM" "vc-tabs No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "vc-tabs 3.7.2 Admin+.Stored.Cross-Site.Scripting LOW" "vc-tabs 3.6.0 Unauthenticated.Arbitrary.Option.Update CRITICAL" "vc-tabs 3.7.0 Authenticated.Arbitrary.Options.Update MEDIUM" "vikinghammer-tweet No.known.fix Stored.XSS.via.CSRF HIGH" "vk-blocks-pro 1.54.0 Multiple.Stored.XSS MEDIUM" "vrview No.known.fix Outdated.VRView.Library.Used,.Leading.to.Reflected.XSS HIGH" "video-comments-webcam-recorder 1.92 Unauthenticated.Reflected.XSS MEDIUM" "vr-calendar-sync 2.3.4 Calendar.Deletion/Update.&.Settings.Update.via.CSRF MEDIUM" "vr-calendar-sync No.known.fix Admin+.LFI MEDIUM" "vr-calendar-sync 2.3.1 Reflected.Cross-Site.Scripting MEDIUM" "vr-calendar-sync 2.3.2 Unauthenticated.Arbitrary.Function.Call HIGH" "vitepos-lite 3.0.2 Missing.Authorization MEDIUM" "video-list-manager No.known.fix Admin+.SQL.Injection MEDIUM" "video-conferencing-with-zoom-api 4.4.5 Open.Redirect MEDIUM" "video-conferencing-with-zoom-api 4.4.6 Sensitive.Information.Exposure MEDIUM" "video-conferencing-with-zoom-api 4.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "video-conferencing-with-zoom-api 4.3.0 Sensitive.Data.Disclosure LOW" "video-conferencing-with-zoom-api 4.0.10 Contributor+.Stored.XSS MEDIUM" "video-conferencing-with-zoom-api 3.9.3 Reflected.Cross-Site.Scripting MEDIUM" "video-conferencing-with-zoom-api 3.8.17 E-mail.Address.Disclosure MEDIUM" "video-conferencing-with-zoom-api 3.8.16 Reflected.Cross-Site.Scripting HIGH" "visualizer 3.11.2 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "visualizer 3.11.0 Missing.Authorization.to.Arbitrary.SQL.Execution HIGH" "visualizer 3.10.6 Reflected.Cross-Site.Scripting MEDIUM" "visualizer 3.9.5 Contributor+.Stored.XSS MEDIUM" "visualizer 3.9.2 Contributor+.Stored.XSS MEDIUM" "visualizer 3.7.10 Contributor+.PHAR.Deserialization HIGH" "visualizer 3.7.7 Reflected.Cross-Site.Scripting MEDIUM" "visualizer 3.3.1 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "visualizer 3.3.1 Blind.Server-Side.Request.Forgery.(SSRF) CRITICAL" "vospari-forms 1.4 Cross-Site.Scripting.(XSS) MEDIUM" "very-simple-contact-form 14.8 CAPTCHA.Bypass MEDIUM" "very-simple-contact-form 14.0 Missing.Authorization MEDIUM" "very-simple-contact-form 11.6 Captcha.bypass MEDIUM" "vo-locator-the-wp-store-locator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "vo-locator-the-wp-store-locator No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "views-for-wpforms-lite 3.2.3 Missing.Authorization.via.get_form_fields MEDIUM" "views-for-wpforms-lite 3.2.3 Missing.Authorization.via.save_view MEDIUM" "views-for-wpforms-lite 3.2.3 Cross-Site.Request.Forgery.via.save_view MEDIUM" "views-for-wpforms-lite 3.2.3 Cross-Site.Request.Forgery.via.create_view MEDIUM" "views-for-wpforms-lite 3.2.3 Missing.Authorization.via.create_view MEDIUM" "variable-product-swatches No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "variable-product-swatches 1.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "void-elementor-whmcs-elements 2.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "vk-block-patterns 1.31.1.1 Missing.Authorization MEDIUM" "vk-block-patterns 1.31.2.0 Cross-Site.Request.Forgery MEDIUM" "video-analytics-for-cloudflare-stream 1.2 Reflected.Cross-Site.Scripting MEDIUM" "vdz-call-back 1.1.4.6 Authenticated.Stored.XSS MEDIUM" "video-sidebar-widgets No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "vk-blocks 1.64.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Block MEDIUM" "vk-blocks 1.57.1.0 Contributor+.Settings.Update.via.REST.API MEDIUM" "vk-blocks 1.58.0.0 Contributor+.Settings.Update.via.REST.API MEDIUM" "vk-blocks 1.54.0 Multiple.Stored.XSS MEDIUM" "video-playlist-for-youtube 6.2 CSRF MEDIUM" "vk-poster-group No.known.fix Reflected.Cross-Site.Scripting.via.vkp_repost MEDIUM" "vc-addons-by-bit14 No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "vc-addons-by-bit14 1.4.6 Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Settings.Modification MEDIUM" "video-contest No.known.fix Cross-Site.Request.Forgery MEDIUM" "video-contest No.known.fix Admin+.Stored.XSS LOW" "video-slider-with-thumbnails 1.0.11 Reflected.XSS HIGH" "visitors-app No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "visitor-analytics-io 1.3.0 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "visitors-traffic-real-time-statistics 7.3 Missing.Authorization.via.multiple.AJAX.actions MEDIUM" "visitors-traffic-real-time-statistics 3.9 Subscriber+.SQL.Injection HIGH" "visitors-traffic-real-time-statistics 2.12 Arbitrary.Plugin.Installation/Activation.via.Low.Privilege.User CRITICAL" "visitors-traffic-real-time-statistics 2.13 Arbitrary.Plugin.Installation/Activation.via.CSRF CRITICAL" "visitors-traffic-real-time-statistics 1.13 CSRF.to.Stored.XSS/SQLi HIGH" "vrm360 No.known.fix Contributor+.Arbitrary.File.Upload.Leading.to.RCE HIGH" "vrm360 No.known.fix Full.Path.Disclosure MEDIUM" "video-posts-webcam-recorder 3.2.4 Authenticated.Reflected.XSS MEDIUM" "video-posts-webcam-recorder 1.55.5 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "video-central No.known.fix Contributor+.Stored.XSS MEDIUM" "viet-affiliate-link No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "vikrentcar 1.4.1 Unauthenticated.SQL.Injection CRITICAL" "vikrentcar 1.3.2 Cross.Site.Request.Forgery MEDIUM" "vikrentcar 1.3.3 Information.Exposure MEDIUM" "vikrentcar 1.3.1 Admin+.Stored.XSS MEDIUM" "vikrentcar 1.1.10 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "vikrentcar 1.1.7 CSRF.to.Stored.XSS HIGH" "very-simple-quiz No.known.fix Multiple.Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "videowhisper-video-conference-integration No.known.fix Remote.File.Upload CRITICAL" "vm-backups No.known.fix CSRF.to.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "vm-backups No.known.fix CSRF.to.Database.Backup.Download MEDIUM" "vslider No.known.fix Cross-Site.Request.Forgery MEDIUM" "vslider No.known.fix Contributor+.Stored.XSS MEDIUM" "virim No.known.fix Unauthenticated.Object.Injection CRITICAL" "vk-all-in-one-expansion-unit 9.99.2.0 Contributor+.Stored.XSS MEDIUM" "vk-all-in-one-expansion-unit 9.96.0.0 Unauthenticated.Password.Protected.Content.Access MEDIUM" "vk-all-in-one-expansion-unit 9.97.0.0 Contributor+.Stored.XSS MEDIUM" "vk-all-in-one-expansion-unit 9.88.2 Multiple.Stored.XSS MEDIUM" "vk-all-in-one-expansion-unit 9.87.1.0 Reflected.XSS MEDIUM" "vk-all-in-one-expansion-unit 9.86.0.0 Contributor+.Stored.XSS MEDIUM" "video-synchro-pdf No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "video-synchro-pdf No.known.fix Unauthenticated.LFI MEDIUM" "video-widget No.known.fix Admin+.Stored.XSS.via.Widget LOW" "voting-record No.known.fix Settings.Update.to.Stored.XSS.via.CSRF HIGH" "voting-record No.known.fix Subscriber+.Stored.XSS HIGH" "vit-website-reviews No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "video-embed-box No.known.fix Authenticated.(subscriber+).SQL.Injection CRITICAL" "vimeography 2.4.2 Cross-Site.Request.Forgery MEDIUM" "vimeography 2.3.3 Contributor+.PHP.Object.Injection HIGH" "videojs-html5-video-player-for-wordpress No.known.fix HTML5.Video.Player.for.WordPress.<=.4.5.0.-.Contributor+.Stored.XSS.via.Shortcode MEDIUM" "visualcomposer 45.9.0 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "visualcomposer 45.7.0 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "visualcomposer 45.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "visualcomposer 45.0.1 Authenticated.Stored.XSS.via.Text.Block MEDIUM" "visualcomposer 45.0.1 Authenticated.Stored.XSS.via.Title MEDIUM" "visualcomposer 27.0 Multiple.Authenticated.Cross-Site.Scripting.Issues HIGH" "video-background 2.7.5 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "vod-infomaniak 1.5.7 Reflected.Cross-Site.Scripting HIGH" "very-simple-google-maps 2.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "very-simple-google-maps 2.9 Contributor+.Stored.XSS MEDIUM" "vimeo-video-autoplay-automute No.known.fix Contributor+.Stored.XSS MEDIUM" "vanguard No.known.fix Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "video-popup 1.1.4 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "video-playlist-and-gallery-plugin 1.160 Settings.Update.via.CSRF MEDIUM" "venture-event-manager 3.2.5 Reflected.Cross-Site.Scripting.(XSS) HIGH" "variation-swatches-and-gallery 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "video-embed-thumbnail-generator 4.8.11 Reflected.Cross-Site.Scripting MEDIUM" "video-embed-thumbnail-generator 4.7.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "vidseo 1.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "void-elementor-post-grid-addon-for-elementor-page-builder 2.4 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "vertical-news-scroller 1.17 Authenticated.Reflected.Cross-Site.Scripting.(XSS) CRITICAL" "vision-pro 1.5.2 Reflected.Cross-Site.Scripting HIGH" "very-simple-breadcrumb No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "verse-o-matic No.known.fix CSRF.to.Stored.XSS HIGH" "visual-link-preview 2.2.3 Unauthorised.AJAX.Calls MEDIUM" "vigilantor 1.3.11 Admin+.Stored.XSS LOW" "videowhisper-video-presentation No.known.fix Remote.File.Upload CRITICAL" "variable-inspector 2.4.0 Reflected.Cross-Site.Scripting MEDIUM" "vdz-verification 1.4 Authenticated.Stored.XSS MEDIUM" "white-label-branding-elementor No.known.fix Admin+.Stored.XSS LOW" "wpstream 4.5.5 Local.Event.Settings.Update.via.CSRF MEDIUM" "wpstream 4.4.10.6 Settings.Update.via.CSRF MEDIUM" "wp-accessibility-helper 0.6.2.9 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Settings.Update MEDIUM" "wp-accessibility-helper 0.6.3 Missing.Authorization MEDIUM" "wp-accessibility-helper 0.6.2.6 Missing.Authorization MEDIUM" "wp-accessibility-helper 0.6.2.5 Missing.Authorization.via.AJAX.action MEDIUM" "wp-accessibility-helper 0.6.0.7 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wpseo-local 15.0 Contributor+.Stored.XSS MEDIUM" "wpseo-local 15.0 Contributor+.Stored.XSS MEDIUM" "wpseo-local 14.9 Reflected.XSS HIGH" "wpseo-local 14.9 CSRF MEDIUM" "wp-database-backup 5.9 Admin+.Stored.Cross-Site.Scripting LOW" "wp-database-backup 5.2 Unauthenticated.OS.Command.Injection MEDIUM" "wp-database-backup 5.1.2 XSS HIGH" "wp-database-backup 4.3.6 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wp-upg No.known.fix Unauthenticated.RCE CRITICAL" "wordapp No.known.fix Authorization.Bypass.via.Insufficiently.Unique.Cryptographic.Signature CRITICAL" "wp-cafe 2.2.29 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-cafe 2.2.28 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-cafe 2.2.26 Authenticated.(Contributor+).File.inclusion.via.Shortcode HIGH" "wp-cafe 2.2.26 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Reservation.Form.Shortcode MEDIUM" "wp-cafe 2.2.24 Unauthenticated.Blind.Server-Side.Request.Forgery MEDIUM" "wp-cafe 2.2.23 Missing.Authorization MEDIUM" "wp-letsencrypt-ssl 7.1.0 Sensitive.Information.Exposure.via.insufficiently.protected.files HIGH" "wp-letsencrypt-ssl 6.3.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-letsencrypt-ssl 5.7.10 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpo365-login 28.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.pintra.Shortcode MEDIUM" "wpo365-login 15.4 Unauthenticated.Stored.Cross-Site.Scripting CRITICAL" "wpo365-login 11.7 JWT.Signature.Verification.Bypass HIGH" "wp-google-map-plugin 4.6.2 Authenticated.(Contributor+).SQL.Injection HIGH" "wp-google-map-plugin 4.4.0 Editor+.Stored.XSS LOW" "wp-google-map-plugin 4.4.3 Category/Location/Map.Deletion.via.CSRF MEDIUM" "wp-google-map-plugin 4.2.4 Marker.Category/Map.Deletion.via.CSRF MEDIUM" "wp-google-map-plugin 4.1.5 Authenticated.SQL.Injection MEDIUM" "wp-google-map-plugin 4.1.0 CSRF.to.Unauthenticated.PHP.Object.Injection HIGH" "wp-google-map-plugin 4.0.4 XSS MEDIUM" "wp-google-map-plugin 3.1.2 XSS MEDIUM" "wp-google-map-plugin 2.3.10 Multiple.CSRF MEDIUM" "wp-google-map-plugin 3.0.0 CSRF.to.Authenticated.Cross-Site.Scripting.(XSS) HIGH" "wp-google-map-plugin 2.3.7 XSS MEDIUM" "wp-post-disclaimer 1.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "watchtowerhq 3.6.16 Unauthenticated.Arbitrary.File.Access HIGH" "watchtowerhq 3.6.16 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "wp-rest-user No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-rest-user No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-signals 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-table-builder 1.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-table-builder No.known.fix Admin+.Stored.XSS LOW" "wp-table-builder 1.4.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-table-builder 1.4.10 Reflected.Cross-Site.Scripting MEDIUM" "wp-table-builder 1.4.7 Admin+.Stored.XSS MEDIUM" "wp-table-builder 1.3.16 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-table-builder 1.3.10 Reflected.Cross-Site.Scripting HIGH" "woo-custom-emails No.known.fix Reflected.XSS HIGH" "woo-custom-emails No.known.fix Reflected.XSS HIGH" "woo-custom-emails No.known.fix Unauthenticated.Email.Settings.Update MEDIUM" "wp-seopress 7.9.1 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Social.Image.URL MEDIUM" "wp-seopress 7.9 Unauthenticated.Object.Injection HIGH" "wp-seopress 7.8 Contributor+.Open.Redirect LOW" "wp-seopress 7.8 Contributor+.Stored.XSS MEDIUM" "wp-seopress 7.6 Contributor+.Stored.XSS MEDIUM" "wp-seopress 7.7 Information.Exposure MEDIUM" "wp-seopress 7.6 Author+.Stored.Cross-Site.Scripting MEDIUM" "wp-seopress 7.3 Admin+.Stored.XSS LOW" "wp-seopress 6.5.0.3 Admin+.PHP.Object.Injection MEDIUM" "wp-seopress 5.0.4 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "wp-login-security-and-history No.known.fix CSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "wp-home-page-menu 3.1 Admin+.Stored.Cross-Site.Scripting LOW" "wp-jquery-lightbox 1.5.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.title.Attribute MEDIUM" "wp-staging 3.5.0 Admin+.Arbitrary.File.Upload MEDIUM" "wp-staging 3.5.0 Admin+.SSRF MEDIUM" "wp-staging 3.5.0 Sensitive.Information.Exposure.via.Log.File MEDIUM" "wp-staging 3.4.0 Admin+.Stored.XSS LOW" "wp-staging 3.2.0 Unauthorized.Sensitive.Data.Exposure HIGH" "wp-staging 3.1.3 Unauthenticated.Backup.Download HIGH" "wp-staging 2.9.18 Admin+.Stored.Cross-Site.Scripting LOW" "wp-domain-redirect No.known.fix Authenticated.SQL.Injection MEDIUM" "wp-translate No.known.fix Missing.Authorization MEDIUM" "wp-store-locator-extenders 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-store-locator-extenders 1.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-altcoin-payment-gateway 1.7.3 Unauthenticated.SQLi HIGH" "woo-altcoin-payment-gateway 1.6.1 Reflected.Cross-Site.Scripting HIGH" "wowrestro 1.1 CSRF.Bypass MEDIUM" "woocommerce-wholesale-pricing 2.3.1 Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "woocommerce-wholesale-pricing 2.3.1 Unauthenticated.Information.Exposure MEDIUM" "wp-clean-up No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "widgets-controller No.known.fix Unauthenticated.Cross-Site.Scripting MEDIUM" "webhotelier 1.6.1 Reflected.Cross-Site.Scripting.(XSS) HIGH" "weekly-class-schedule No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-rss-by-publishers No.known.fix Admin+.SQLi MEDIUM" "wp-rss-by-publishers No.known.fix Admin+.SQLi MEDIUM" "wp-rss-by-publishers No.known.fix Admin+.SQLi MEDIUM" "woo-authorize-net-gateway-aim 6.0.4 Reflected.Cross-Site.Scripting MEDIUM" "woo-authorize-net-gateway-aim 5.1.27 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-guppy 1.3 Sensitive.Information.Disclosure HIGH" "woocommerce-product-addons 6.2.0 Cross-Site.Request.Forgery MEDIUM" "woocommerce-product-addons 6.2.0 Shop.Manager+.PHP.Object.Injection HIGH" "weblibrarian No.known.fix Reflected.XSS HIGH" "weblibrarian 3.5.5 SQL.Injection MEDIUM" "weblibrarian 3.4.8.6 XSS MEDIUM" "weblibrarian 3.4.8.7 XSS MEDIUM" "wp-vipergb 1.6.2 Cross-Site.Request.Forgery MEDIUM" "wp-vipergb 1.13.16 XSS MEDIUM" "wcp-contact-form No.known.fix Reflected.XSS HIGH" "woorocks-magic-content No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woorocks-magic-content No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "woocommerce-country-based-payments 1.4.4 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-country-based-payments 1.4.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-sendgrid-mailer No.known.fix Unauthenticated.SQL.Injection CRITICAL" "wp-estimation-form 10.1.77 Missing.Authorization MEDIUM" "wp-estimation-form 10.1.76 Reflected.Cross-Site.Scripting MEDIUM" "wp-estimation-form 10.1.76 Authenticated.(Contributor+).SQL.Injection CRITICAL" "wp-social-bookmark-menu No.known.fix Settings.Update.via.CSRF MEDIUM" "wsecure No.known.fix Admin+.Stored.XSS LOW" "wsecure 2.4 Remote.Code.Execution.(RCE) HIGH" "woocommerce-predictive-search 6.1.0 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-warranties-and-returns 5.3.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "woocommerce-jetpack 7.1.9 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "woocommerce-jetpack 7.1.8 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-jetpack 7.1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortocde MEDIUM" "woocommerce-jetpack 7.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-jetpack 7.1.3 Missing.Authorization.to.Product.Creation/Modification MEDIUM" "woocommerce-jetpack 7.1.2 Missing.Authorization.to.Authenticated.(Subscriber+).Order.Information.Disclosure MEDIUM" "woocommerce-jetpack 7.1.3 Contributor+.Stored.XSS MEDIUM" "woocommerce-jetpack 7.1.2 Authenticated.(Subscriber+).Information.Disclosure.via.Shortcode MEDIUM" "woocommerce-jetpack 7.1.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "woocommerce-jetpack 7.1.1 Subscriber+.Sensitive.Information.Disclosure MEDIUM" "woocommerce-jetpack 7.1.0 Shop.Manager+.Missing.Authorization.to.Arbitrary.Options.Update MEDIUM" "woocommerce-jetpack 6.0.1 Multiple.CSRF MEDIUM" "woocommerce-jetpack 5.6.3 Reflected.Cross-Site.Scripting HIGH" "woocommerce-jetpack 5.6.7 Custom.Role.Creation/Deletion.via.CSRF MEDIUM" "woocommerce-jetpack 5.6.7 Checkout.Files.Deletion.via.CSRF LOW" "woocommerce-jetpack 5.6.7 ShopManager+.Arbitrary.File.Download MEDIUM" "woocommerce-jetpack 5.6.7 Settings.Reset.via.CSRF MEDIUM" "woocommerce-jetpack 5.6.3 Subscriber+.Order.Status.Update MEDIUM" "woocommerce-jetpack 5.6.2 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-jetpack 5.4.9 Reflected.Cross-Site.Scripting.in.Product.XML.Feeds.Module HIGH" "woocommerce-jetpack 5.4.9 Reflected.Cross-Site.Scripting.in.General.Module HIGH" "woocommerce-jetpack 5.4.9 Reflected.Cross-Site.Scripting.in.PDF.Invoicing.Module HIGH" "woocommerce-jetpack 5.4.4 Authentication.Bypass CRITICAL" "woocommerce-jetpack 3.8.0 XSS MEDIUM" "wp-inject No.known.fix Admin+.Stored.XSS LOW" "wp-inject 1.16 Stored.XSS.&.CSRF HIGH" "website-monetization-by-magenet 1.0.29.2 Cross-Site.Request.Forgery MEDIUM" "wpsolr-search-engine 8.7 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-extra 6.5 Cross-Site.Request.Forgery.ToolImport MEDIUM" "wp-extra 6.3 Missing.Authorization.to.Arbitrary.Email.Sending MEDIUM" "wp-extra 6.3 Subscriber+..htaccess.File.Modification HIGH" "wp-extra 6.3 Missing.Authorization.to.Export.Settings MEDIUM" "woo-billingo-plus 4.4.5.4 Multiple.CSRF MEDIUM" "wp-rest-api-authentication 2.4.1 Settings.Update.via.CSRF MEDIUM" "widgets-for-aliexpress-reviews 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "woocommerce-bulk-order-form 3.6.0 Shop.Manager+.Stored.XSS MEDIUM" "woo-moneybird No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-smart-crm-invoices-free No.known.fix Authenticated.Stored.Cross-Site.Scripting MEDIUM" "woo-razorpay 4.5.7 Transfers.Manipulation.via.CSRF MEDIUM" "woo-razorpay 4.5.7 Subscriber+.Transfers.Manipulation MEDIUM" "woocommerce-google-dynamic-retargeting-tag 1.7.17 Reflected.Cross-Site.Scripting MEDIUM" "wpdirectorykit 1.3.6 Reflected.Cross-Site.Scripting MEDIUM" "wpdirectorykit 1.3.1 Authenticated.(Subscriber+).SQL.Injection HIGH" "wpdirectorykit 1.3.0 Reflected.Cross-Site.Scripting MEDIUM" "wpdirectorykit 1.2.7 Missing.Authorization MEDIUM" "wpdirectorykit 1.2.4 Missing.Authorization.for.Plugin.Settings.Update MEDIUM" "wpdirectorykit 1.2.4 Reflected.Cross-Site.Scripting.via.search.parameter MEDIUM" "wpdirectorykit 1.2.0 Unauthenticated.Local.File.Inclusion HIGH" "wpdirectorykit 1.2.3 Unauthenticated.Arbitrary.Settings.Update MEDIUM" "wpdirectorykit 1.2.2 Cross-Site.Request.Forgery.to.Plugin.Settings.Update MEDIUM" "wpdirectorykit 1.2.0 Cross-Site.Request.Forgery MEDIUM" "wpdirectorykit 1.2.0 Open.Redirect MEDIUM" "wp-private-message 1.0.6 Private.Message.Disclosure.via.IDOR MEDIUM" "wp-dashboard-notes 1.0.12 Subscriber+.Stored.XSS HIGH" "wp-dashboard-notes 1.0.11 Contributor+.Arbitrary.Private.Notes.Update.via.IDOR LOW" "wp-dashboard-notes 1.0.11 Unauthorised.Deletion.of.Private.Notes LOW" "wpbenchmark 1.3.7 Cross-Site.Request.Forgery.via.execute_plugin() MEDIUM" "web-disrupt-funnelmentals No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "web-disrupt-funnelmentals No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "web-disrupt-funnelmentals No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-paginate 2.1.9 Admin+.Stored.Cross-Site.Scripting LOW" "wp-paginate 2.1.4 Admin+.Stored.Cross-Site.Scripting LOW" "wp-calameo 2.1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-links-page 4.9.6 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Image.Update MEDIUM" "wp-links-page 4.9.5 Cross-Site.Request.Forgery.via.wplf_ajax_update_screenshots MEDIUM" "wp-links-page 4.9.4 Contributor+.Stored.XSS MEDIUM" "woocommerce-eu-vat-assistant 2.1.2.230718 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-eu-vat-assistant 2.0.28.220224 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-alidropship 1.1.1 Unauthenticated.Sensitive.Data.Exposure HIGH" "wp-social-bookmarking-light No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wp-social-bookmarking-light 1.7.10 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wpzoom-portfolio 1.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.align.Attribute MEDIUM" "wpzoom-portfolio 1.2.2 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "woomotiv 3.5.0 Review.Count.Reset.via.CSRF MEDIUM" "woomotiv 3.4.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-simple-firewall 20.0.6 Reflected.XSS HIGH" "wp-simple-firewall 19.1.11 Cross-Site.Request.Forgery MEDIUM" "wp-simple-firewall 18.5.10 Unauthenticated.Local.File.Inclusion CRITICAL" "wp-simple-firewall 18.5.8 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-simple-firewall 17.0.18 Unauthenticated.Stored.XSS HIGH" "wp-simple-firewall 17.0.18 Subscriber+.Arbitrary.Log.Entry.Creation MEDIUM" "wp-simple-firewall 13.0.6 Admin+.Stored.Cross-Site.Scripting LOW" "widgets-for-thumbtack-reviews 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "wp-import-export-lite 3.9.27 Authenticated.(Administrator+).PHP.Object.Injection HIGH" "wp-import-export-lite 3.9.16 Unauthenticated.Sensitive.Data.Disclosure HIGH" "wp-import-export-lite 3.9.5 Subscriber+.Extensions.Update MEDIUM" "wp-import-export-lite 3.9.5 Subscriber+.Arbitrary.Blog.Options.Update HIGH" "woocommerce-photo-reviews 1.3.14 Authentication.Bypass.to.Account.Takeover.and.Privilege.Escalation CRITICAL" "wp-postratings 1.91.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-postratings 1.90 Ratings.Tempering.via.Race.Condition MEDIUM" "wp-postratings 1.86.1 Admin+.Stored.Cross-Site.Scripting LOW" "wp-postratings 1.62 Authenticated.SQL.Injection CRITICAL" "woocommerce-add-to-cart-custom-redirect 1.2.14 Authenticated(Contributor+).Missing.Authorization.to.Limited.Arbitrary.Options.Update HIGH" "wp-piwik 1.0.29 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-piwik 1.0.28 Admin+.Stored.XSS LOW" "wp-piwik 1.0.27 Plugin.Settings.Reset.via.CSRF MEDIUM" "wp-piwik 1.0.10 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wpmandrill No.known.fix Missing.Authorization.via.getAjaxStats MEDIUM" "wp-page-widget 4.0 Settings.Update.via.CSRF MEDIUM" "wp-recipe-maker 9.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'group_tag' MEDIUM" "wp-recipe-maker 9.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wprm-recipe-roundup-item.Shortcode MEDIUM" "wp-recipe-maker 9.3.0 Authenticated.Stored.Cross-Site.Scripting.via.Video.Embed MEDIUM" "wp-recipe-maker 9.2.0 Missing.Authorization.to.Authenticated.(Subscriber+).SQL.Injecton HIGH" "wp-recipe-maker 9.1.1 Contributor+.Stored.Cross-Site.Scripting.via.header_tag MEDIUM" "wp-recipe-maker 9.1.1 Directory.Traversal MEDIUM" "wp-recipe-maker 9.1.1 Contributor+.Stored.Cross-Site.Scripting.via.Recipe.Notes MEDIUM" "wp-recipe-maker 9.1.1 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-recipe-maker 9.1.1 Reflected.Cross-Site.Scripting.via.Referer MEDIUM" "wp-recipe-maker 9.1.1 Contributor+.Stored.Cross-Site.Scripting.via.icon_color MEDIUM" "wp-recipe-maker 9.1.1 Contributor+.Stored.Cross-Site.Scripting.via.'tag' MEDIUM" "wp-recipe-maker 8.6.1 Contributor+.Stored.XSS MEDIUM" "wp-time-slots-booking-form 1.2.12 Missing.Authorization MEDIUM" "wp-time-slots-booking-form 1.2.11 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-time-slots-booking-form 1.2.07 Unauthenticated.Price.Manipulation MEDIUM" "wp-time-slots-booking-form 1.1.82 Admin+.Stored.XSS LOW" "wp-time-slots-booking-form 1.1.63 Admin+.Stored.Cross-Site.Scripting LOW" "woocommerce-google-adwords-conversion-tracking-tag 1.43.4 Use.of.Polyfill.io MEDIUM" "woocommerce-google-adwords-conversion-tracking-tag 1.32.3 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-google-adwords-conversion-tracking-tag 1.14.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-multi-currency 2.1.18 Authenticated.Product.Price.Change MEDIUM" "wc-thanks-redirect 3.1 Reflected.Cross-Site.Scripting MEDIUM" "wc-thanks-redirect 3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-variation-swatches 1.0.62 Reflected.XSS MEDIUM" "wp-user-manager 2.9.11 Cross-Site.Request.Forgery MEDIUM" "wp-user-manager 2.6.3 Arbitrary.User.Password.Reset.to.Account.Compromise HIGH" "wordpress-countdown-widget 3.1.9.3 Admin+.Stored.XSS LOW" "wp-dark-mode 5.0.5 Missing.Authorization MEDIUM" "wp-dark-mode 4.0.8 Subscriber+.Local.File.Inclusion MEDIUM" "wp-dark-mode 4.0.0 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "wp-seo-keyword-optimizer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-seo-keyword-optimizer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-seo-keyword-optimizer 2.1.9.8 Subscriber+.Arbitrary.Option.Update CRITICAL" "wpforms 1.8.5.4 Unauthenticated.Stored.Cross-Site.Scripting.via.Form.Submission HIGH" "wpforms 1.7.7 CSV.Injection MEDIUM" "wholesale-market-for-woocommerce 2.0.0 Admin+.Arbitrary.Log.Download MEDIUM" "wholesale-market-for-woocommerce 1.0.7 Unauthenticated.Arbitrary.File.Download HIGH" "wholesale-market-for-woocommerce 1.0.8 Admin+.Arbitrary.File.Download MEDIUM" "wp-todo No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting.via.Task.Comments MEDIUM" "wp-todo No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-todo No.known.fix Cross-Site.Request.Forgery.via.wptodo_addcomment MEDIUM" "wp-todo No.known.fix Cross-Site.Request.Forgery.via.wptodo_manage() MEDIUM" "wp-todo No.known.fix Cross-Site.Request.Forgery.via.wptodo_settings MEDIUM" "wp-todo No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting.via.Settings MEDIUM" "wp-todo 1.2.9 Contributor+.Stored.XSS MEDIUM" "wc-vendors 2.4.7.1 Authenticated.(Shop.manager+).SQL.Injection.via.search.dates HIGH" "wc-vendors 2.4.5 Contributor+.Stored.XSS MEDIUM" "wep-demo-import 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "wpify-woo 4.0.11 Reflected.Cross-Site.Scripting MEDIUM" "wpify-woo 4.0.9 Missing.Authorization MEDIUM" "wpify-woo 3.5.7 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "woopra 1.4.3.2 Unauthenticated.Arbitrary.File.Upload CRITICAL" "webpushr-web-push-notifications 4.36.0 Reflected.Cross-Site.Scripting MEDIUM" "webpushr-web-push-notifications 4.35.0 Unauthenticated.Stored.XSS HIGH" "webpushr-web-push-notifications 4.35.0 LFI.via.CSRF MEDIUM" "wp-dtree-30 No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-dtree-30 No.known.fix Reflected.XSS HIGH" "wp-dtree-30 No.known.fix Admin+.Stored.XSS LOW" "wp-photo-effects 1.2.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-photo-effects 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-photo-effects 1.2.3 Subscriber+.Arbitrary.Option.Update CRITICAL" "web-directory-free 1.7.3 Unauthenticated.LFI HIGH" "web-directory-free 1.7.2 Reflected.XSS HIGH" "web-directory-free 1.7.0 Unauthenticated.SQL.Injection HIGH" "wp-notification-bell 1.3.13 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wordpress-country-selector 1.6.6 Reflected.Cross-Site.Scripting MEDIUM" "wechat-reward No.known.fix CSRF.to.Stored.Cross-Site.Scripting HIGH" "wpmailer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-pensopay 6.3.2 Reflected.XSS HIGH" "wordpress-easy-paypal-payment-or-donation-accept-plugin 5.0 Missing.Authorization MEDIUM" "wordpress-easy-paypal-payment-or-donation-accept-plugin 4.9.10 Contributor+.Stored.XSS MEDIUM" "wp-elegant-testimonial No.known.fix Multiple.Authenticated.Stored.Cross-Site.Scripting LOW" "wappointment 2.6.1 Admin+.SSRF MEDIUM" "wappointment 2.2.5 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-floating-menu 1.4.5 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wp-floating-menu 1.4.1 Authenticated.Reflected.Cross-Site.Scripting CRITICAL" "wp-cloudy 4.4.9 Admin+.SQL.Injection MEDIUM" "wpgetapi 2.2.2 2.2.1.-.Authenticated.(Subscriber+).Arbitrary.Options.Update MEDIUM" "wp-ultimate-csv-importer 7.9.9 Author+.RCE MEDIUM" "wp-ultimate-csv-importer 7.9.9 Imported.Files.Disclosure MEDIUM" "wp-ultimate-csv-importer 7.9.9 Author+.Privilege.Escalation MEDIUM" "wp-ultimate-csv-importer 6.5.8 Admin+.SQLi MEDIUM" "wp-ultimate-csv-importer 6.5.8 Missing.Authorisation LOW" "wp-ultimate-csv-importer 6.5.3 Admin+.Blind.SSRF MEDIUM" "wp-ultimate-csv-importer 6.4.3 Admin+.Stored.Cross-Site.Scripting LOW" "wp-ultimate-csv-importer 6.4.2 Subscriber+.Arbitrary.Option.Deletion HIGH" "wp-ultimate-csv-importer 6.4.1 Subscriber+.Arbitrary.File.Upload CRITICAL" "wp-ultimate-csv-importer 5.6.1 CSRF HIGH" "wp-ultimate-csv-importer 3.8.8 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-ultimate-csv-importer 3.8.1 XSS MEDIUM" "wp-bannerize-pro 1.9.1 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "wp-bannerize-pro 1.7.0 Reflected.XSS HIGH" "wp-copysafe-web 4.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-copysafe-web 3.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-copysafe-web 3.14 Unauthenticated.Reflected.XSS HIGH" "wp-copysafe-web 2.6 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wp-multisite-content-copier-pro 2.1.2 Reflected.Cross-Site.Scripting MEDIUM" "wp-multisite-content-copier-pro 2.1.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-broken-images No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-attest No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-attest No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wf-cookie-consent 1.1.4 Authenticated.Persistent.Cross-Site.Scripting.(XSS) MEDIUM" "wp-spid-italia 2.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-spid-italia 2.3.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wordpress-backup-to-dropbox 4.1 Reflected.XSS MEDIUM" "wp-to-twitter 3.3.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-to-twitter 3.3.0 Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-hide-pages No.known.fix Settings.Update.via.CSRF MEDIUM" "wordpress-23-related-posts-plugin No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wordpress-23-related-posts-plugin 2.7.2 Cross-Site.Request.Forgery MEDIUM" "wp-testimonials No.known.fix Authenticated.SQL.Injection HIGH" "wp-custom-author-url 1.0.5 Admin+.Stored.XSS LOW" "wp-extended-search 2.1.2 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "woo-conditional-discount-rules-for-checkout 2.4.1 CSRF MEDIUM" "woo-conditional-discount-rules-for-checkout 2.3.3.1 Reflected.Cross-Site.Scripting MEDIUM" "woo-conditional-discount-rules-for-checkout 2.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "weather-in-any-city-widget 1.1.41 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-embed-facebook 3.1.2 Contributor+.Stored.XSS.via.shortcode MEDIUM" "wp-security-audit-log-premium 4.6.4.1 Authenticated.(Subscriber+).SQL.Injection HIGH" "wp-show-posts 1.1.6 Improper.Authorization.to.Information.Exposure MEDIUM" "wp-show-posts 1.1.5 Information.Exposure MEDIUM" "wp-show-posts 1.1.4 Contributor+.Stored.XSS MEDIUM" "wp-taxonomy-import No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wc-peach-payments-gateway 3.2.0 Missing.Authorization.via.peach_core_version_rollback() MEDIUM" "widgets-on-pages-and-posts No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "widgets-on-pages-and-posts No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "woo-product-filter 2.5.1 Subscriber+.Table.Data.Access MEDIUM" "wp-rss-images No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-expert-agent-xml-feed No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-tradingview No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-memory 2.46 Subscriber+.Arbitrary.Plugin.Installation HIGH" "wp-tell-a-friend-popup-form No.known.fix Admin+.Stored.XSS LOW" "wp-tell-a-friend-popup-form No.known.fix Settings.Update.via.CSRF MEDIUM" "woo-bulk-price-update 2.2.2 Reflected.XSS HIGH" "wp-forecast 9.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-forecast 7.6 Admin+.Stored.Cross-Site.Scripting LOW" "wpupper-share-buttons 3.50 Missing.Authorization MEDIUM" "wpupper-share-buttons 3.43 Admin+.Stored.XSS LOW" "wordable 3.1.2 Plugin's.Authentication.Bypass HIGH" "wp125 1.5.5 Arbitrary.Ad.Deletion.via.CSRF MEDIUM" "wp-cors 0.2.2 Admin+.Stored.XSS LOW" "wp-jitsi-shortcodes No.known.fix Admin+.Stored.XSS LOW" "wp-jitsi-shortcodes No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-conference-schedule 1.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-multi-currency 2.1.18 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce 9.2 Contributor+.Stored.XSS MEDIUM" "woocommerce 9.1.4 Stored.XSS LOW" "woocommerce 9.0.0 Shop.Manager+.Content.Injection LOW" "woocommerce 8.9.3 8.9.2.-.Reflected.XSS HIGH" "woocommerce 8.6.0 Cross-Site.Request.Forgery MEDIUM" "woocommerce 8.6 Contributor+.Private/Draft.Products.Access LOW" "woocommerce 8.4.0 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce 8.3.0 Cross-Site.Request.Forgery MEDIUM" "woocommerce 8.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Featured.Image.alt.Attribute MEDIUM" "woocommerce 7.9 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "woocommerce 7.9.0 Sensitive.Information.Exposure MEDIUM" "woocommerce 7.0.1 Authenticated(Shop.Manager+).Sensitive.Information.Exposure MEDIUM" "woocommerce 8.1.1 Shop.Manager+.User.Metadata.Disclosure MEDIUM" "woocommerce 6.6.0 Admin+.Stored.HTML.Injection LOW" "woocommerce 6.3.1 Orders.Marked.as.Paid.(via.PayPal.Standard.Gateway) LOW" "woocommerce 6.2.1 Path.Traversal.via.Importers MEDIUM" "woocommerce 6.2.1 Subscriber+.Arbitrary.Comment.Deletion MEDIUM" "woocommerce 5.7.0 Analytics.Report.Leaks MEDIUM" "woocommerce 5.5.1 Authenticated.Blind.SQL.Injection HIGH" "woocommerce 5.2.0 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "woocommerce 4.7.0 Arbitrary.Order.Status.Disclosure.via.IDOR MEDIUM" "woocommerce 4.6.2 Guest.Account.Creation MEDIUM" "woocommerce 4.2.1 Potential.Cross-Site.Scripting.(XSS).via.SelectWoo MEDIUM" "woocommerce 4.1.0 Unescaped.Metadata.when.Duplicating.Products LOW" "woocommerce 3.6.5 Cross-Site.Request.Forgery.(CSRF).&.File.Type.Check MEDIUM" "woocommerce 3.5.5 Stored.Cross-Site.Scripting.(XSS) HIGH" "woocommerce 3.5.1 Authenticated.Stored.XSS HIGH" "woocommerce 3.4.6 Authenticated.Phar.Deserialization MEDIUM" "woocommerce 3.4.6 Authenticated.Stored.XSS MEDIUM" "website-file-changes-monitor 1.8.3 Admin+.SQLi MEDIUM" "wp-academic-people No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-salesforce-plugin-crm-perks 1.5.9 Reflected.Cross-Site.Scripting HIGH" "wp-admin-style No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "wonderm00ns-simple-facebook-open-graph-tags 2.2.4.2 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "wp-auto-affiliate-links 6.4.4 Authenticated.(Editor+).SQL.Injection CRITICAL" "wp-auto-affiliate-links 6.4.3.1 Missing.Authorization.via.aalAddLink MEDIUM" "wp-auto-affiliate-links 6.4.2.8 Cross-Site.Request.Forgery MEDIUM" "wp-auto-affiliate-links 6.4.2.6 Cross-Site.Request.Forgery MEDIUM" "wp-auto-affiliate-links 6.4.2.5 Settings.Update.to.Stored.XSS.via.CSRF HIGH" "wp-auto-affiliate-links 6.3.0.3 Settings.Update.via.CSRF MEDIUM" "wp-google-fonts 3.1.5 Reflected.Cross-Site.Scripting MEDIUM" "woo-currency 1.6.6 Admin+.Stored.XSS LOW" "wordpress-twitterbot No.known.fix Settings.Update.to.Stored.XSS.via.CSRF HIGH" "woosaleskit-bar No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "widget-google-reviews 3.2 Contributor+.Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "widget-google-reviews 2.2.4 Subscriber+.SQLi HIGH" "widget-google-reviews 2.2.3 Subscriber+.Widget.Creation MEDIUM" "woo-pdf-invoice-builder 1.2.102 Cross-Site.Request.Forgery MEDIUM" "woo-pdf-invoice-builder 1.2.104 Reflected.XSS HIGH" "woo-pdf-invoice-builder 1.2.91 Admin+.Stored.XSS LOW" "woo-pdf-invoice-builder 1.2.92 Subscriber+.Arbitrary.Invoice.Access MEDIUM" "woo-pdf-invoice-builder 1.2.91 Invoice.Fields.Creation.via.CSRF MEDIUM" "woo-pdf-invoice-builder 1.2.90 Subscriber+.SQLi HIGH" "woo-pdf-invoice-builder 1.2.91 Invoice.Update.via.CSRF MEDIUM" "wp-reactions-lite 1.3.9 CSRF LOW" "wp-register-profile-with-shortcode 3.6.0 Cross-Site.Request.Forgery.to.User.Password.Reset HIGH" "wp-register-profile-with-shortcode 3.5.9 Admin+.Stored.XSS LOW" "woocommerce-product-vendors 2.2.3 Missing.Authorization MEDIUM" "woocommerce-product-vendors 2.2.2 Missing.Authorization MEDIUM" "woocommerce-product-vendors 2.1.77 Vendor.Admin+.SQLi MEDIUM" "woocommerce-product-vendors 2.1.77 Reflected.XSS HIGH" "woocommerce-product-vendors 2.1.79 ShopManager+.SQLi MEDIUM" "woocommerce-product-vendors 2.1.77 Unauthenticated.Reflected.XSS HIGH" "woocommerce-product-vendors 2.1.69 Vendor.Commission.Percentage.Update.via.IDOR MEDIUM" "woocommerce-product-vendors 2.1.66 Note.Creation.via.IDOR LOW" "woocommerce-product-vendors 2.1.66 Unauthenticated.Blind.SQLi HIGH" "wordpress-seo 22.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wordpress-seo 22.6 Reflected.Cross-Site.Scripting MEDIUM" "wordpress-seo 21.1 Authenticated.(Seo.Manager+).Stored.Cross-Site.Scripting MEDIUM" "wordpress-seo 17.3 Unauthenticated.Full.Path.Disclosure NONE" "wordpress-seo 11.6 Authenticated.Stored.XSS CRITICAL" "wordpress-seo 9.2 Authenticated.Race.Condition MEDIUM" "wordpress-seo 5.8 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "wordpress-seo 3.4.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wc-payment-gateway-per-category No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpslacksync 1.8.6 Slack.Access.Token.Disclosure HIGH" "wp-social-feed No.known.fix Reflected.XSS HIGH" "wordapp-mobile-app No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wordapp-mobile-app No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woolementor 4.5 Unauthenticated.PHP.Object.Injection CRITICAL" "woolementor 4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "woo-customers-order-history No.known.fix Missing.Authorization MEDIUM" "woo-customers-order-history 5.2.2 Reflected.Cross-Site.Scripting MEDIUM" "woo-customers-order-history 5.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-browser-update 4.5 Settings.Update.via.CSRF MEDIUM" "wp-browser-update 4.6 Admin+.Stored.XSS LOW" "wp-knowledgebase No.known.fix CSRF MEDIUM" "wp-fail2ban 5.1.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-fail2ban 4.4.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-fail2ban 4.0.5 Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-stats-manager 6.9.5 Sensitive.Information.Exposure.via.Log.File MEDIUM" "wp-stats-manager 6.9 Unauthenticated.SQLi HIGH" "wp-stats-manager 6.5 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-stats-manager 5.8 Unauthenticated.SQLi HIGH" "wp-stats-manager 5.6 .Subscriber+.SQL.Injection HIGH" "wp-stats-manager 5.5 Arbitrary.IP.Address.Exclusion.to.Stored.XSS HIGH" "wp-stats-manager 4.8 Subscriber+.SQL.Injection HIGH" "woo-easy-duplicate-product 0.3.0.8 Missing.Authorization.via.wedp_duplicate_product_action MEDIUM" "woo-easy-duplicate-product 0.3.0.1 Reflected.XSS HIGH" "wp-hide-post No.known.fix Arbitrary.Post.Hiding.via.CSRF MEDIUM" "wp-pagebuilder No.known.fix Admin+.Stored.Cross-Site LOW" "wp-pagebuilder 1.2.7 Author+.Stored.XSS MEDIUM" "wp-pagebuilder 1.2.4 Insecure.default.configuration.Allows.Subscribers.Editing.Access.to.Posts MEDIUM" "wp-pagebuilder 1.2.4 Multiple.Stored.Cross-Site.scripting.(XSS) MEDIUM" "wp-all-export 1.4.0 Admin+.RCE MEDIUM" "wp-all-export 1.4.1 Remote.Code.Execution.via.CSRF CRITICAL" "wp-all-export 1.4.1 Author+.PHAR.Deserialization.via.CSRF HIGH" "wp-all-export 1.3.6 Reflected.Cross-Site.Scripting MEDIUM" "wp-all-export 1.3.5 Admin+.SQL.Injection MEDIUM" "wp-all-export 1.3.1 Admin+.Stored.Cross-Site.Scripting LOW" "wp-multitasking No.known.fix Reflected.XSS.via.Shortcode MEDIUM" "wp-multitasking No.known.fix SMTP.Settings.Update.via.CSRF MEDIUM" "wp-multitasking No.known.fix Exit.Popup.Update.via.CSRF MEDIUM" "wp-multitasking No.known.fix Welcome.Popup.Update.via.CSRF MEDIUM" "wp-multitasking No.known.fix Settings.Update.via.CSRF MEDIUM" "wpcargo 6.9.5 Admin+.Stored.Cross.Site.Scripting LOW" "wpcargo 6.9.5 Reflected.Cross.Site.Scripting MEDIUM" "wpcargo 6.9.0 Unauthenticated.RCE CRITICAL" "wp-font-awesome-share-icons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wpcasa-mail-alert 3.3.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-reset 2.03 Missing.Authorization.to.License.Key.Modification MEDIUM" "wp-reset 2.0 Sensitive.Information.Exposure.due.to.Insufficient.Randomness MEDIUM" "wp-reset 5.99 Database.Reset.via.CSRF CRITICAL" "wp-reset 5.99 Subscriber+.Database.Reset CRITICAL" "wp-reset 1.90 Authenticated.Stored.XSS MEDIUM" "wp-optimize 3.2.13 Cross-Site.Scripting.From.Third-party.Library HIGH" "woo-coupons-bulk-editor 1.3.40 Reflected.Cross-Site.Scripting MEDIUM" "woo-coupons-bulk-editor 1.3.28 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "webp-converter-for-media 4.0.3 Unauthenticated.Open.redirect MEDIUM" "webp-converter-for-media 1.0.3 Cross-Site.Request.Forgery.(CSRF) HIGH" "widget-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-stateless 3.4.1 Missing.Authorization.to.Limited.Arbitrary.Options.Update HIGH" "wpsimpletools-log-viewer No.known.fix Cross-Site.Request.Forgery.via.wpst_lw_viewer MEDIUM" "wp-ada-compliance-check-basic 3.1.4 Cross-Site.Request.Forgery MEDIUM" "woostify-sites-library 1.4.8 Subscriber+.Arbitrary.Options.Update.to.DoS HIGH" "wp-hide No.known.fix Unauthenticated.Settings.Update MEDIUM" "wpsynchro 1.11.3 Cross-Site.Request.Forgery MEDIUM" "wpsynchro 1.10.0 Settings.Update.via.CSRF MEDIUM" "wpide 3.4.7 Reflected.Cross-Site.Scripting MEDIUM" "wpide 3.0 Admin+.Arbitrary.File.Edit.&.Upload MEDIUM" "wpide 3.0 Admin+.Arbitrary.File.Read MEDIUM" "wpide 3.0 Admin+.Local.File.Inclusion LOW" "woocommerce-gateway-nab-dp 2.1.2 NAB.Transact.<.2.1.2.-.Payment.Bypass HIGH" "wp-ical-availability No.known.fix Missing.Authorization MEDIUM" "wp-ical-availability No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-datepicker 2.1.1 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "wp-file-get-contents 2.7.1 Contributor+.SSRF MEDIUM" "wpforms-lite 1.8.8.2 Unauthenticated.Price.Manipulation MEDIUM" "wpforms-lite 1.8.1.3 Reflected.XSS MEDIUM" "wpforms-lite 1.7.5.5 Admin+.Arbitrary.File.Access MEDIUM" "wpforms-lite 1.6.0.2 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wpforms-lite 1.5.9 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "wpforms-lite 1.4.8.1 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "wpforms-lite 1.4.8 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wc-quantity-plus-minus-button 1.2.0 Quantity.Plus.Minus.Button.for.WooCommerce.by.CodeAstrology.<.1,2,0.Settings.Update.via.CSRF MEDIUM" "wp-cart-for-digital-products 8.5.6 Reflected.XSS.in.Product.Editing HIGH" "wp-cart-for-digital-products 8.5.6 Reflected.XSS.in.Customer.Search HIGH" "wp-cart-for-digital-products 8.5.6 Settings.Reset.via.CSRF MEDIUM" "wp-cart-for-digital-products 8.5.5 Reflected.XSS.in.Category.Editing HIGH" "wp-cart-for-digital-products 8.5.5 Reflected.XSS.in.Discount.Editing HIGH" "wp-cart-for-digital-products 8.5.5 Coupon.Deletion.via.CSRF MEDIUM" "wp-cart-for-digital-products 8.5.5 Reflected.XSS.via.$_SERVER['REQUEST_URI'] MEDIUM" "wp-cart-for-digital-products 8.5.5 Reflected.XSS.in.Customer.Editing HIGH" "wp-db-backup 2.5.2 Arbitrary.Schedule.Settings.Update.via.CSRF MEDIUM" "wp-db-backup 2.5.1 Admin+.SQL.Injection MEDIUM" "wp-db-backup 2.4 Authenticated.Persistent.Cross-Site.Scripting.(XSS) MEDIUM" "wp-db-backup 2.3.0 Backup.Filename.Brute.Forcing HIGH" "wc-zelle 3.1.1 Reflected.Cross-Site.Scripting MEDIUM" "wc-zelle 2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-attachment-export 0.2.4 Unauthenticated.Posts.Download HIGH" "wp-svg-images 4.3 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG MEDIUM" "wp-svg-images 3.4 Authenticated.(author+).Stored.XSS.via.SVG MEDIUM" "wishsuite 1.3.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wishsuite 1.3.5 Admin+.Stored.XSS LOW" "wishsuite 1.3.4 Cross-Site.Request.Forgery MEDIUM" "woocommerce-conversion-tracking 2.0.12 Subscriber+.Addon.Installation MEDIUM" "woocommerce-conversion-tracking 2.0.12 Subscriber+.happy-elementor-addons.Installation.&.Activation MEDIUM" "wp-books-gallery 4.5.4 Reflected.Cross-Site.Scripting MEDIUM" "wp-books-gallery 4.4.9 CSRF MEDIUM" "wp-books-gallery 3.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-retina-2x 6.4.6 Sensitive.Information.Exposure MEDIUM" "wp-retina-2x 5.2.3 Cross-Site.Scripting.(XSS) MEDIUM" "wp-debugging 2.11.7 Arbitrary.Plugin.Installation.from.Dependency.via.CSRF LOW" "wp-debugging 2.11.7 Subscriber+.Arbitrary.Plugin.Activation MEDIUM" "wp-debugging 2.11.0 Unauthenticated.Plugin's.Settings.Update MEDIUM" "wooshark-aliexpress-importer 2.2.5 Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "wooshark-aliexpress-importer 2.2.5 Unauthenticated.Settings.&.Products.Update MEDIUM" "wp-2fa 2.6.4 Unauthenticated.Information.Exposure.via.Log.File MEDIUM" "wp-2fa 2.6.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-2fa 2.6.0 Arbitrary.Email.Sending.via.CSRF MEDIUM" "wp-2fa 2.6.0 Subscriber+.Arbitrary.Email.Sending MEDIUM" "wp-2fa 2.3.0 Time-Based.Side-Channel.Attack MEDIUM" "wp-2fa 2.2.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-2fa 2.2.0 Arbitrary.2FA.Disabling.via.IDOR MEDIUM" "wp-translitera No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-not-login-hide-wpnlh No.known.fix Admin+.Stored.XSS LOW" "woo-tranzila-gateway No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "woo-document-preview 1.4.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "wadi-addons-for-elementor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-product-category-selection-widget No.known.fix Reflected.XSS HIGH" "wp-awesome-faq No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-awesome-faq 4.1.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-bitly No.known.fix Missing.Authorization MEDIUM" "wp-bitly No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-cookie-user-info 1.0.9 Admin+.SQL.Injection MEDIUM" "wp-cookie-user-info 1.0.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "woocommerce-ean-payment-gateway 6.1.0 Missing.Authorization.to.Authenticated.(Contributor+).EAN.Update MEDIUM" "woocommerce-beta-tester 2.2.4 Admin+.SQLi MEDIUM" "wp-listings No.known.fix Missing.Authorization MEDIUM" "wp-listings No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-listings 2.0.2 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-stripe-global-payments 3.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-stripe-global-payments 3.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpheka-request-for-quote 1.3 CSRF.Bypass MEDIUM" "wp-scrive 1.2.4 Reflected.Cross-Site.Scripting MEDIUM" "wp-scrive 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-total-branding 1.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.title.Parameter MEDIUM" "woo-remove-cart-and-query-button No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-remove-cart-and-query-button No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-word-count No.known.fix Missing.Authorization.via.calculate_statistics MEDIUM" "wp-word-count 3.2.4 Admin+.Stored.Cross-Site.Scripting LOW" "wip-custom-login 1.3.0 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wp-downgrade 1.2.3 Admin+.Stored.Cross-Site.Scripting LOW" "wp-blog-manager-lite 1.1.2 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wc-cashapp 5.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-product-gallery-lite 1.1.3 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wwm-social-share-on-image-hover No.known.fix Admin+.Stored.XSS LOW" "woocommerce-menu-bar-cart 2.12.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-content-copy-protector 3.5.6 Admin+.Stored.XSS LOW" "wp-content-copy-protector 3.4.5 Settings.Update.via.CSRF MEDIUM" "wp-content-copy-protector 3.4 Arbitrary.Plugin.Installation/Activation.via.CSRF CRITICAL" "wp-content-copy-protector 3.1.5 Arbitrary.Plugin.Installation/Activation.via.Low.Privilege.User CRITICAL" "wp-seo-tdk No.known.fix Unauthenticated.Setting.Update.to.Stored.XSS HIGH" "woo-ukrposhta 1.17.0 Reflected.Cross-Site.Scripting MEDIUM" "woo-ukrposhta 1.6.18 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-order-status-change-notifier No.known.fix Subscriber+.Arbitrary.Order.Status.Update MEDIUM" "wpzoom-addons-for-beaver-builder 1.3.6 Authenticated.(Editor+).Local.File.Inclusion HIGH" "wpzoom-addons-for-beaver-builder 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Heading.Widget MEDIUM" "wpzoom-addons-for-beaver-builder 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Box.Widget MEDIUM" "wpzoom-addons-for-beaver-builder 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Team.Members.Widget MEDIUM" "wpzoom-addons-for-beaver-builder 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Testimonials.Widget MEDIUM" "wpzoom-addons-for-beaver-builder 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Widget MEDIUM" "wp-multi-store-locator No.known.fix Contributor+.Stored.XSS MEDIUM" "wow-carousel-for-divi-lite 1.2.12 Reflected.Cross-Site.Scripting MEDIUM" "wpshopgermany-it-recht-kanzlei 1.8 Admin+.Stored.XSS LOW" "wp-gallery-metabox No.known.fix Settings.Update.via.CSRF MEDIUM" "wpagecontact No.known.fix Authenticated.(editor+).SQL.Injection HIGH" "wheel-of-life 1.1.8 Missing.Authorization.on.Several.AJAX.Endpoints MEDIUM" "wccp-pro 15.3 Open.Redirect MEDIUM" "wccp-pro 15.3 Admin+.Stored.XSS LOW" "wp-next-post-navi No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-404-auto-redirect-to-similar-post 1.0.5 Reflected.Cross-Site.Scripting.via.Debug.Mode.URI MEDIUM" "wp-404-auto-redirect-to-similar-post 1.0.4 Reflected.Cross-Site.Scripting.via.request MEDIUM" "wp-404-auto-redirect-to-similar-post 1.0.4 Admin+.Stored.XSS LOW" "wp-google-my-business-auto-publish 3.8 Multiple.CSRF MEDIUM" "wp-google-my-business-auto-publish 3.4 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wpmm-memory-meter 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "widget-for-eventbrite-api 5.3.1 Reflected.Cross-Site.Scripting MEDIUM" "widget-for-eventbrite-api 4.4.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-product-enquiry No.known.fix Unauthenticated.Stored.XSS HIGH" "wp-scrippets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wordfence 7.6.1 Admin+.Stored.Cross-Site.Scripting LOW" "wordfence 7.1.14 Username.Enumeration.Prevention.Bypass MEDIUM" "wordfence 5.1.5 Cross-Site.Scripting.(XSS) MEDIUM" "wps-hide-login 1.9.16.4 Hidden.Login.Page.Disclosure LOW" "wps-hide-login 1.9.16 Login.Page.Disclosure MEDIUM" "wps-hide-login 1.9.12 Hidden.Login.Page.Location.Disclosure LOW" "wps-hide-login 1.9.1 Protection.Bypass.with.Referer-Header MEDIUM" "wps-hide-login 1.5.5 Secret.Login.Page.Disclosure CRITICAL" "wps-hide-login 1.5.3 Multiples.Issues HIGH" "wc-order-limit-lite 2.0.1 Missing.Authorization MEDIUM" "wp-report-post No.known.fix Reflected.XSS HIGH" "woocommerce-aweber-newsletter-subscription 4.0.3 Missing.Authorization.to.Access.Token.Modification MEDIUM" "woo-orders-tracking 1.2.11 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "woo-orders-tracking 1.2.6 Admin+.Arbitrary.File.Access/Read MEDIUM" "woo-orders-tracking 1.1.10 Reflected.Cross-Site.Scripting HIGH" "wp-manutencao 1.0.7 IP.Spoofing.to.Maintenance.Mode.Bypass MEDIUM" "wp-concours No.known.fix Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "wemail 1.14.6 Reflected.Cross-Site.Scripting MEDIUM" "wemail 1.14.3 Missing.Authorization.to.Notice.Dismissal MEDIUM" "wp-editormd 10.0.4 Cross-Site.Scripting.(XSS) MEDIUM" "woocommerce-gateway-amazon-payments-advanced 2.0.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-whois-domain No.known.fix Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "wp-simple-booking-calendar 2.0.11 Reflected.Cross-Site.Scripting MEDIUM" "wp-simple-booking-calendar 2.0.8.5 Cross-Site.Request.Forgery MEDIUM" "wp-simple-booking-calendar 2.0.6 Authenticated.SQL.Injection MEDIUM" "woocommerce-exporter 2.7.2.1 Store.Exporter.<.2.7.2.1.-.Reflected.XSS HIGH" "woocommerce-exporter 2.7.1 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "woocommerce-exporter 2.4 Store.Exporter.<.2.4.-.CSV.Injection CRITICAL" "wppizza 3.18.14 Reflected.Cross-Site.Scripting MEDIUM" "wppizza 3.18.11 Missing.Authorization MEDIUM" "wppizza 3.18.3 Reflected.XSS HIGH" "wppizza 3.17.2 Reflected.XSS HIGH" "wc-multi-currency 1.5.6 Missing.Authorization MEDIUM" "wc-multi-currency 1.5.6 Cross-Site.Request.Forgery MEDIUM" "woocommerce-openpos 7.0.1 Unauthenticated.SQL.Injection HIGH" "woocommerce-openpos 7.0.2 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "woocommerce-openpos 7.0.1 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "wp-fastest-cache 1.2.7 Admin+.Arbitrary.File.Deletion MEDIUM" "wp-fastest-cache 1.2.2 Unauthenticated.SQL.Injection HIGH" "wp-fastest-cache 1.1.5 Blind.SSRF.via.CSRF LOW" "wp-fastest-cache 1.1.3 Multiple.CSRF LOW" "wp-fastest-cache 0.9.5 CSRF.to.Stored.Cross-Site.Scripting HIGH" "wp-fastest-cache 0.9.5 Subscriber+.SQL.Injection HIGH" "wp-fastest-cache 0.9.1.7 Authenticated.Arbitrary.File.Deletion.via.Path.Traversal LOW" "wp-fastest-cache 0.9.0.3 Cross-Site.Request.Forgery.(CSRF).Arbitrary.File.Deletion CRITICAL" "wp-fastest-cache 0.8.9.6 Directory.Traversal MEDIUM" "wp-fastest-cache 0.8.9.1 Unauthenticated.Arbitrary.File.Deletion HIGH" "wp-fastest-cache 0.8.8.6 CSRF.and.multiple.XSS CRITICAL" "wp-fastest-cache 0.8.7.5 Blind.SQL.Injection HIGH" "woo-wholesale-pricing 1.6.5 Reflected.Cross-Site.Scripting MEDIUM" "woo-wholesale-pricing 1.6.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wa-sticky-button 1.4.1 Unauthenticated.Arbitrary.Settings.Update.to.Stored.XSS HIGH" "wp-jobsearch 2.5.4 Unauthenticated.PHP.Object.Injection CRITICAL" "wp-jobsearch 2.5.6 Missing.Authorization MEDIUM" "wp-jobsearch 2.5.6 Missing.Authorization MEDIUM" "wp-jobsearch 2.5.4 Cross-Site.Request.Forgery MEDIUM" "wp-jobsearch No.known.fix Authentication.Bypass.to.Account.Takeover CRITICAL" "wp-jobsearch 2.3.4 Arbitrary.File.Upload.to.RCE CRITICAL" "wp-jobsearch 2.3.4 Authentication.Bypass CRITICAL" "wp-jobsearch 1.8.2 Unauthenticated.Plugin's.Settings.Update MEDIUM" "wp-jobsearch 1.8.2 Subscriber+.Arbitrary.Blog.Options.Update HIGH" "wp-jobsearch 1.8.2 Subscriber+.Add/Update.Schedule.Calls MEDIUM" "wp-jobsearch 1.7.4 Authenticated.Stored.XSS MEDIUM" "wp-jobsearch 1.5.6 Unauthenticated.Reflected.XSS MEDIUM" "wp-jobsearch 1.5.5 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "wp-jobsearch 1.5.3 Multiple.Cross-Site.Scripting.Issues MEDIUM" "wp-jobsearch 1.5.1 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "weblizar-pinterest-feeds 1.1.2 Authenticated.XSS.&.CSRF HIGH" "woo-product-variation-swatches 2.3.8 Reflected.Cross-Site.Scripting HIGH" "wp-customer-reviews 3.7.1 Malicious.Redirect.via.HTTP-EQUIV.Injection LOW" "wp-customer-reviews 3.6.7 Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "wp-customer-reviews 3.6.7 Admin+.Stored.XSS MEDIUM" "wp-customer-reviews 3.5.6 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-customer-reviews 3.4.3 Multiple.Unauthenticated.and.Low.Priv.Authenticated.Stored.XSS CRITICAL" "wp-customer-reviews 3.0.9 CSRF.&.XSS HIGH" "wp-js No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-facebook-feed No.known.fix Reflected.XSS HIGH" "wp-facebook-feed No.known.fix Contributor+.Stored.XSS MEDIUM" "woocommerce-customers-manager 30.1 Bulk.Action.via.CSRF MEDIUM" "woocommerce-customers-manager 30.1 User.Deletion.via.CSRF LOW" "woocommerce-customers-manager 30.2 Subscriber+.Stored.XSS HIGH" "woocommerce-customers-manager 29.8 Reflected.XSS HIGH" "woocommerce-customers-manager 29.8 Subscriber+.Email.Disclosure MEDIUM" "woocommerce-customers-manager 29.7 Subscriber+.SQL.Injection HIGH" "woocommerce-customers-manager 26.6 Arbitrary.Account.Creation/Update.via.CSRF HIGH" "woocommerce-customers-manager 26.6 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "woocommerce-customers-manager 26.5 Arbitrary.Account.Creation/Update.by.Low.Privilege.Users HIGH" "wp-jobs 1.7 XSS MEDIUM" "wp-jobs 1.5 Authenticated.SQL.Injection HIGH" "wp-intercom-slack No.known.fix Slack.Access.Token.Disclosure HIGH" "wphrm 1.1 Authenticated.SQL.Injection HIGH" "wp-powerplaygallery No.known.fix Arbitrary.File.Upload.&.SQL.Injection HIGH" "wp-edit-username 1.0.6 Admin+.Stored.XSS LOW" "wp-edit-username 1.0.6 Admin+.Stored.XSS LOW" "woo-vipps 1.14.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-product-feed-manager 2.9.0 Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.Feed.Actions MEDIUM" "wp-product-feed-manager 2.6.0 Authenticated.(Admin+).SQL.Injection.to.Reflected.Cross-Site.Scripting HIGH" "wp-product-feed-manager 2.3.0 Authenticated.(Shop.manager+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-order-barcodes 1.6.5 Cross-Site.Request.Forgery MEDIUM" "widget-detector-elementor 1.2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wti-like-post No.known.fix IP.Spoofing MEDIUM" "wti-like-post 1.4.6 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "wti-like-post 1.4.3 Unauthenticated.Blind.SQL.Injection CRITICAL" "wpgt-google-translate No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpgt-google-translate No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-simple-registration No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "wp-mail-smtp-pro 3.8.1 Unauthenticated.Email.Address.Disclosure MEDIUM" "wd-instagram-feed 1.4.29 Reflected.Cross-Site.Scripting.(XSS) HIGH" "wd-instagram-feed 1.3.1 XSS MEDIUM" "widget-post-slider 1.3.6 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "webtoffee-gdpr-cookie-consent 2.6.1 Bulk.Delete.via.CSRF MEDIUM" "webtoffee-gdpr-cookie-consent 2.6.1 Unauthenticated.Stored.XSS HIGH" "wc-sales-notification 1.2.3 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "wc-place-order-without-payment 2.5 Reflected.Cross-Site.Scripting MEDIUM" "wc-place-order-without-payment 2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-responsive-photo-gallery 1.0.14 Reflected.XSS HIGH" "wp-responsive-photo-gallery 1.0.14 Reflected.Cross-Site.Scripting MEDIUM" "wp-smushit 3.16.5 Subscriber+.Resmush.List.Deletion MEDIUM" "wp-smushit 3.9.9 Admin+.Reflected.Cross-Site.Scripting LOW" "wp-smushit 3.0.0 Authenticated.Phar.Deserialization MEDIUM" "wp-smushit 2.7.6 File.Transversal HIGH" "woo-qiwi-payment-gateway No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-simple-maintenance-mode 1.5.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-prayer No.known.fix Arbitrary.Prayer.Deletion.via.CSRF MEDIUM" "wp-prayer No.known.fix Email.Settings.Update.via.CSRF MEDIUM" "wp-prayer No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-prayer 1.9.7 Admin+.Stored.XSS LOW" "wp-prayer 1.5.5 Unauthorised.AJAX.call.via.CSRF MEDIUM" "wp-prayer 1.6.7 Arbitrary.Plugin.Settings.Update.via.CSRF MEDIUM" "wp-prayer 1.6.6 Cross-Site.Request.Forgery MEDIUM" "wp-prayer 1.6.2 Authenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "wp-backpack No.known.fix Admin+.Stored.XSS LOW" "wordpress-form-manager 1.7.3 Authenticated.Remote.Command.Execution.(RCE) CRITICAL" "wp-event-aggregator 1.8.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-event-aggregator 1.7.7 Cross-Site.Request.Forgery.via.wpea_deauthorize_user() MEDIUM" "wp-affiliate-links No.known.fix Reflected.XSS HIGH" "wc-support-system No.known.fix Unauthenticated.Ticket.Deletion/Update,.Settings.Update.etc MEDIUM" "wc-support-system 1.2.2 Admin+.SQLi MEDIUM" "wp-sendfox 1.3.1 Missing.Authorization MEDIUM" "woo-customers-spreadsheet-bulk-edit 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "woo-customers-spreadsheet-bulk-edit 1.0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wc-gallery No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-private-media No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-private-media No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-private-media No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-fb-autoconnect 4.6.2 Cross-Site.Request.Forgery MEDIUM" "woo-viet 1.5.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-voting-contest 3.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-custom-admin-interface 7.32 Missing.Authorization.via.wpcai_pro_notice_disable MEDIUM" "wp-custom-admin-interface 7.33 Missing.Authorization.to.Transients.Deletion MEDIUM" "wp-custom-admin-interface 7.29 Admin+.PHP.Object.Injection MEDIUM" "wp-media-category-management 2.3.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-media-category-management 2.1.3 Reflected.Cross-Site.Scripting MEDIUM" "wishlist-member-x No.known.fix Authenticated.(Subscriber+).Remote.Code.Execution CRITICAL" "wishlist-member-x No.known.fix Subscriber+.Privilege.Escalation HIGH" "wishlist-member-x No.known.fix Unauthenticated.Denial.of.Service MEDIUM" "wishlist-member-x No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "wishlist-member-x No.known.fix Missing.Authorization.to.Stored.Cross-Site.Scripting HIGH" "wishlist-member-x No.known.fix Missing.Authorization.to.Information.Disclosure MEDIUM" "wishlist-member-x No.known.fix Unauthenticated.Arbitrary.SQL.Execution CRITICAL" "wishlist-member-x No.known.fix Unauthenticated.Information.Exposure MEDIUM" "wpzoom-shortcodes 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-multiple-customer-addresses 21.7 Arbitrary.Address.Creation/Deletion/Access/Update.via.IDOR HIGH" "widgets-for-siteorigin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "widgets-for-siteorigin No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "widgets-for-siteorigin 1.4.3 Subscriber+.Arbitrary.Option.Update CRITICAL" "woocommerce-pre-orders 2.0.3 Unauthorised.Actions.via.CSRF MEDIUM" "woocommerce-pre-orders 2.0.3 Arbitrary.Pre-Order.Canceling.via.CSRF MEDIUM" "woocommerce-pre-orders 2.0.2 Reflected.XSS HIGH" "woocommerce-pre-orders 2.0.1 Contributor+.Stored.XSS MEDIUM" "woocommerce-pre-orders 2.0.0 Reflected.XSS HIGH" "wp-booking-system 2.0.19.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-booking-system 2.0.19.3 Missing.Authorization MEDIUM" "wp-booking-system 2.0.18.1 Admin+.Stored.XSS LOW" "wp-booking-system 2.0.15 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-booking-system 1.5.2 CSRF.to.Authenticated.SQL.Injection HIGH" "wp-booking-system 1.4 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-recaptcha-integration No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-fusion-lite 3.43.0 Information.Exposure MEDIUM" "wp-fusion-lite 3.42.10 Authenticated.(Contributor+).Remote.Code.Execution HIGH" "wp-fusion-lite 3.37.31 Reflected.Cross-Site.Scripting.(XSS) HIGH" "wp-fusion-lite 3.37.30 CSRF.to.Data.Deletion MEDIUM" "wp-fusion-lite 3.37.30 Reflected.Cross-Site.Scripting.(XSS) HIGH" "woo-ecommerce-tracking-for-google-and-facebook 3.7.2 CSRF MEDIUM" "woo-ecommerce-tracking-for-google-and-facebook 3.7.1 Reflected.Cross-Site.Scripting MEDIUM" "woo-ecommerce-tracking-for-google-and-facebook 3.6.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-mail-log 1.1.3 Contributor+.Arbitrary.File.Upload HIGH" "wp-mail-log 1.1.3 WP.Mail.Log.<.1,1,3.–.Contributor+.SQL.Injection.in.wml_logs.endpoint MEDIUM" "wp-mail-log 1.1.3 WP.Mail.Log.<.1,1,3.–.Contributor+.LFI.in.wml_logs/send_mail.endpoint MEDIUM" "wp-mail-log 1.1.3 WP.Mail.Log.<.1,1,3.–.Incorrect.Authorization.in.REST.API.Endpoints LOW" "wp-mail-log 1.1.3 WP.Mail.Log.<.1,1,3.–.Contributor+.SQL.Injection.in.wml_logs/send_mail.endpoint MEDIUM" "wp-mail-log 1.1.3 WP.Mail.Log.<.1,1,3.–.Contributor+.Arbitrary.File.Upload.to.RCE CRITICAL" "wp-mail-log 1.1.3 Editor+.SQL.Injection.via.id HIGH" "wp-mail-log 1.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-mail-log 1.1.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "woocommerce-bookings 2.0.4 Cross-Site.Request.Forgery MEDIUM" "wpgsi 3.7.9 Reflected.Cross-Site.Scripting MEDIUM" "wpgsi 3.6.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpgsi 3.6.0 CSRF.Bypass MEDIUM" "wpgsi 3.6.0 Reflected.Cross-Site.Scripting HIGH" "w3speedster-wp 7.20 Settings.Update.via.CSRF MEDIUM" "weaverx-theme-support 6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.div.Shortcode MEDIUM" "weaverx-theme-support 6.3.1 Admin+.PHP.Object.Injection LOW" "weaverx-theme-support 6.2.7 Contributor+.Stored.XSS MEDIUM" "webp-svg-support No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "widget-logic 5.10.3 CSRF.and.Lack.of.Authorisation HIGH" "widget-logic 5.10.2 CSRF.to.RCE HIGH" "woo-tools 1.2.10 Missing.Authorization.to.Authenticated.(Subscriber+)..Plugin.Module.Deactivation MEDIUM" "wpschoolpress 2.2.5 Teacher+.SQLi MEDIUM" "wpschoolpress 2.2.5 Cross-Site.Request.Forgery MEDIUM" "wpschoolpress 2.1.17 Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "wpschoolpress 2.1.10 Multiple.Authenticated.SQL.Injections HIGH" "wpschoolpress 2.1.10 Reflected.Cross-Site.Scripting HIGH" "wp-database-admin No.known.fix Unauthenticated.SQL.Injection HIGH" "wp-file-download-light No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "webriti-companion 1.9.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-security-audit-log 4.6.2 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "wp-security-audit-log 4.4.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-security-audit-log 4.5.2 Subscriber+.Information.Leak MEDIUM" "wp-security-audit-log 4.4.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-security-audit-log 4.1.5 SQL.Injection.in.External.Database.Module HIGH" "wp-security-audit-log 4.0.2 Broken.Access.Control.in.First-Time.Install.Wizard CRITICAL" "wp-security-audit-log 3.3.1.2 Subscriber+.Arbitrary.Option.Update MEDIUM" "wp-all-import 3.7.3 Admin+.Arbitrary.File.Upload.to.RCE MEDIUM" "wp-all-import 3.6.9 Admin+.Directory.traversal.via.file.upload MEDIUM" "wp-all-import 3.6.9 Admin+.Arbitrary.File.Upload.to.RCE MEDIUM" "wp-all-import 3.6.8 Admin+.Arbitrary.File.Upload MEDIUM" "wp-all-import 3.6.8 Admin+.Arbitrary.Code.Execution MEDIUM" "wp-all-import 3.6.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-all-import 3.6.3 Admin+.Stored.Cross-Site.Scripting LOW" "wp-all-import 3.4.7 Cross-Site.Scripting.(XSS) MEDIUM" "wp-all-import 3.4.6 Cross-Site.Scripting.(XSS) MEDIUM" "wp-all-import 3.4.6 Cross-Site.Scripting.(XSS) MEDIUM" "wp-all-import 3.2.5 Multiple.Vulnerabilities CRITICAL" "wp-all-import 3.2.4 RCE HIGH" "who-hit-the-page-hit-counter No.known.fix Authenticated.(Administrator+).SQL.Injection HIGH" "who-hit-the-page-hit-counter No.known.fix CSRF MEDIUM" "who-hit-the-page-hit-counter No.known.fix Hit.Counter.<=.1.4.14.3.-.Reflected.XSS HIGH" "ws-facebook-likebox No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-schema-pro 2.7.16 Contributor+.Custom.Field.Access LOW" "wp-shop-original No.known.fix Unauthenticated.Settings.Update MEDIUM" "wp-extra-file-types 0.5.1 CSRF.to.Stored.Cross-Site.Scripting HIGH" "woocommerce-upcoming-product No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-upcoming-product No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "walker-core 1.3.6 Reflected.Cross-Site.Scripting MEDIUM" "walker-core 1.1.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "web-application-firewall 2.1.3 IP.Address.Spoofing.to.Protection.Mechanism.Bypass MEDIUM" "web-application-firewall 2.1.2 Unauthenticated.Privilege.Escalation CRITICAL" "wplegalpages 2.9.3 Contributor+.Stored.XSS MEDIUM" "wplegalpages 2.7.1 Subscriber+.Arbitrary.Settings.Update.to.Stored.XSS MEDIUM" "wplegalpages 1.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-admin-logo-changer No.known.fix Plugin's.Settings.Update.via.CSRF MEDIUM" "wp2android-turn-wp-site-into-android-app No.known.fix Unauthenticated.File.Upload CRITICAL" "wp-quick-front-end-editor No.known.fix Authenticated.Content.Injection MEDIUM" "wp-quick-front-end-editor No.known.fix Authenticated.Settings.Change.leading.to.Stored.XSS CRITICAL" "wp-limit-login-attempts No.known.fix IP.Spoofing MEDIUM" "wp-maintenance-mode-site-under-construction 1.9 Arbitrary.Plugin.Installation/Activation.via.CSRF CRITICAL" "wp-maintenance-mode-site-under-construction 1.8.2 Arbitrary.Plugin.Installation/Activation.via.Low.Privilege.User CRITICAL" "wp-logo-showcase 1.3.37 Editor.Plugin's.Settings.Update LOW" "woolentor-addons 2.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.WL.Product.Horizontal.Filter.Widget MEDIUM" "woolentor-addons 2.8.9 Authenticated.Option.Update MEDIUM" "woolentor-addons 2.8.9 Contributor+.Stored.XSS.via.woolentorsearch.Shortcode MEDIUM" "woolentor-addons 2.8.8 Contributor+.Stored.XSS MEDIUM" "woolentor-addons 2.8.8 Missing.Authorization MEDIUM" "woolentor-addons 2.8.8 Contributor+.Stored.XSS MEDIUM" "woolentor-addons 2.8.2 Contributor+.Stored.XSS MEDIUM" "woolentor-addons 2.8.2 Contributor+.Template.Reset LOW" "woolentor-addons 2.8.5 Authenticated.(Contributor+).Stored.Cross-site.Scripting.via.QR.Code.Widget MEDIUM" "woolentor-addons 2.8.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.WL.Universal.Product.Layout MEDIUM" "woolentor-addons 2.8.2 Contributor+.Stored.Cross-Site.Scripting.via.Banner.Link MEDIUM" "woolentor-addons 2.6.3 Settings.Update.via.CSRF MEDIUM" "woolentor-addons 2.5.2 Settings.Update.via.CSRF MEDIUM" "woolentor-addons 2.5.4 PHP.Object.Injection MEDIUM" "woolentor-addons 2.5.4 Contributor+.Stored.XSS MEDIUM" "woolentor-addons 1.8.6 WooCommerce.Elementor.Addons.+.Builder.<.1.8.6.-.Contributor+.Stored.XSS MEDIUM" "woocommerce-payplug No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-payplug No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-logs-book No.known.fix Log.Clearing.via.CSRF MEDIUM" "wp-logs-book No.known.fix Disable.Logging.via.CSRF MEDIUM" "wp-logs-book No.known.fix Unauthenticated.Stored.XSS HIGH" "wrc-pricing-tables 2.3.8 Missing.Authorization MEDIUM" "wrc-pricing-tables 2.3.9 Admin+.Stored.XSS LOW" "wp-tools-divi-product-carousel 1.5.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-tools-divi-product-carousel 1.5.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-login-box No.known.fix Admin+.Stored.XSS LOW" "wp-power-stats No.known.fix CSRF MEDIUM" "wp-amazon-shop No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wp-masquerade No.known.fix Subscriber+.Account.Takeover HIGH" "wp-imageflow2 5.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "web3-authentication 3.0.0 Authentication.Bypass HIGH" "web3-authentication 2.7.0 Authentication.Bypass CRITICAL" "wp-meta-and-date-remover 2.3.1 Cross-Site.Request.Forgery.via.updateSettings MEDIUM" "wp-meta-and-date-remover 2.2.0 Subscriber+.Stored.XSS HIGH" "wp-meta-and-date-remover 1.9.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-shipping-dpd-baltic 1.2.57 DPD.baltic.<.1.2.57.-.Subscriber+.Arbitrary.Options.Deletion HIGH" "woo-shipping-dpd-baltic 1.2.11 DPD.baltic.<.1.2.11.-.Admin+.Stored.XSS MEDIUM" "woocommerce-products-designer No.known.fix CSRF MEDIUM" "woo-products-widgets-for-elementor No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "woo-products-widgets-for-elementor 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "woo-products-widgets-for-elementor 1.0.8 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "woo-products-widgets-for-elementor 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-checkout-field-editor-pro 1.8.0 Admin+.PHP.Object.Injection MEDIUM" "woo-advance-search No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-advance-search No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-advance-search 1.1 Multiple.XSS MEDIUM" "wp-google-maps-pro 8.1.12 Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "woocommerce-cloak-affiliate-links 1.0.34 Missing.Authorization.to.Unauthenticated.Permalink.Modification HIGH" "wp-blog-post-layouts 1.1.4 Authenticated.(Contributor+).Local.File.Inlcusion HIGH" "wp-gdpr-core No.known.fix Multiple.Unauthenticated.Issues HIGH" "wpappninja 11.49 Reflected.Cross-Site.Scripting MEDIUM" "wpappninja 11.42 Reflected.Cross-Site.Scripting MEDIUM" "wpappninja 11.21 Admin+.Stored.XSS LOW" "wpappninja 11.19 Admin+.Stored.XSS LOW" "wpappninja 11.14 Contributor+.Stored.XSS MEDIUM" "woocommerce-ninjaforms-product-addons 1.7.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "woo-stripe-payment 3.3.10 3.3.9.-.Missing.Authorization.Controls.to.Financial.Account.Hijacking MEDIUM" "wp-mail-logging 1.11.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-mail-logging 1.10.0 Outdated.Redux.Framework MEDIUM" "wp-education 1.2.7 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "wp-event-solution 4.0.6 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "wp-event-solution 4.0.5 Missing.Authorization.to.Authenticated.(Contributor+).Event.Data.Import MEDIUM" "wp-event-solution 4.0.0 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "wp-event-solution 3.3.51 Missing.Authorization.to.Unauthenticated.Events.Export MEDIUM" "wp-hr-gdpr No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-hr-gdpr 0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wordpress-gdpr 1.9.27 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "wordpress-gdpr 1.9.26 Authenticated.Reflected.Cross-Site.Scripting MEDIUM" "wp-statistics 14.5.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-statistics 14.0 Authenticated.SQLi HIGH" "wp-statistics 13.2.11 Subscriber+.SQLi HIGH" "wp-statistics 13.2.9 Authenticated.SQLi HIGH" "wp-statistics 13.2.2 Admin+.Stored.Cross-Site.Scripting LOW" "wp-statistics 13.2.2 Reflected.Cross-Site.Scripting LOW" "wp-statistics 13.1.6 Multiple.Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-statistics 13.1.6 Reflected.Cross-Site.Scripting MEDIUM" "wp-statistics 13.1.6 Unauthenticated.Blind.SQL.Injection.via.current_page_id CRITICAL" "wp-statistics 13.1.6 Unauthenticated.Blind.SQL.Injection.via.IP CRITICAL" "wp-statistics 13.1.6 Unauthenticated.Blind.SQL.Injection.via.current_page_type CRITICAL" "wp-statistics 13.1.5 Unauthenticated.Blind.SQL.Injection CRITICAL" "wp-statistics 13.1.2 Arbitrary.Plugin.Activation/Deactivation.via.CSRF MEDIUM" "wp-statistics 13.1 Reflected.Cross-Site.Scripting.(XSS) HIGH" "wp-statistics 13.0.8 Unauthenticated.SQL.Injection HIGH" "wp-statistics 12.6.7 Unauthenticated.Stored.XSS.Under.Certain.Configurations CRITICAL" "wp-statistics 12.6.7 Unauthenticated.Blind.SQL.Injection MEDIUM" "wp-statistics 12.6.6.1 Authenticated.Stored.XSS MEDIUM" "wp-statistics 12.6.4 Referer.Cross-Site.Scripting.(XSS) MEDIUM" "wp-statistics 12.0.10 Authenticated.Cross-Site.Scripting.(XSS) CRITICAL" "wp-statistics 12.0.9 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wpcs-content-scheduler No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpcs-content-scheduler 1.2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-fb-messenger-button-lite 2.0.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wp-fade-in-text-news 12.1 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "wptouch 4.3.45 Admin+.Arbitrary.File.Upload MEDIUM" "wptouch 4.3.45 Admin+.PHP.Object.Injection MEDIUM" "wptouch 4.3.44 Reflected.Cross-Site.Scripting MEDIUM" "woo-add-to-quote 1.5.0 Reflected.Cross-Site.Scripting MEDIUM" "woo-add-to-quote 1.4.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wordpress-feed-statistics No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "wordpress-feed-statistics 4.0 Open.Redirect MEDIUM" "wp-pipes 1.4.1 CSRF MEDIUM" "wp-pipes 1.4.0 Admin+.SQLi MEDIUM" "woocommerce-germanized 3.9.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-sticky-social 1.0.2 Stored.XSS.via.CSRF HIGH" "wp-olivecart No.known.fix Admin+.Stored.XSS LOW" "wordpress-meta-robots No.known.fix Authenticated.Blind.SQL.Injection HIGH" "wp-yelp-review-slider 7.1 Subscriber+.SQLi HIGH" "wonderplugin-pdf-embed 1.7 Contributor+.Stored.XSS MEDIUM" "wp-responsive-testimonials-slider-and-widget No.known.fix Contributor+.Stored.XSS MEDIUM" "wpfront-notification-bar 3.4 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "wpfront-notification-bar 3.4 Admin+.Stored.XSS MEDIUM" "wpfront-notification-bar 2.1.0.08087 Authenticated.Stored.XSS LOW" "wpfront-notification-bar 2.0.0.07176 Authenticated.Stored.XSS MEDIUM" "woo-product-bundle 7.3.2 Cross-Site.Request.Forgery MEDIUM" "wp-baidu-submit No.known.fix Admin+.Stored.XSS LOW" "woo-seo-addon 2.1.6 Reflected.Cross-Site.Scripting MEDIUM" "woo-seo-addon 2.1.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-compress-image-optimizer 6.20.02 Missing.Authorization MEDIUM" "wp-compress-image-optimizer 6.20.02 Open.Redirect.via.css MEDIUM" "wp-compress-image-optimizer 6.11.01 Cross-Site.Request.Forgery MEDIUM" "wp-compress-image-optimizer 6.11.11 Missing.Authorization.to.Unauthenticated.CDN.Modification HIGH" "wp-compress-image-optimizer 6.10.34 Unauthenticated.Arbitrary.File.Read HIGH" "wpglobus 1.9.7 Stored.XSS.&.CSRF HIGH" "wp-cleanfix 5.7.0 Subscriber+.Post/Comment/Post.Meta.Content.Replacement MEDIUM" "wp-cleanfix 3.0.2 Remote.Comm&.Execution,.CSRF.&.XSS HIGH" "wp-easy-booking 2.4.5 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "woo-edit-templates 1.1.2 Reflected.XSS HIGH" "wp-whatsapp 3.6.5 Admin+.Stored.XSS LOW" "wp-whatsapp 3.6.4 Admin+.Stored.XSS LOW" "wp-whatsapp 3.6.3 Contributor+.Stored.XSS MEDIUM" "wp-whatsapp 3.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Block.Attributes MEDIUM" "wp-whatsapp 3.4.5 Admin+.Stored.XSS LOW" "wp-live-chat-support 8.2.0 Authenticated.Stored.Cross-Site.Scripting LOW" "wp-live-chat-support 8.0.33 Missing.Permission.Checks.on.some.REST.API.Calls CRITICAL" "wp-live-chat-support 8.0.27 Unauthenticated.Stored.XSS MEDIUM" "wp-live-chat-support 8.0.18 Cross-Site.Scripting.(XSS) MEDIUM" "wp-live-chat-support 8.0.08 Cross-Site.Scripting.(XSS) MEDIUM" "wp-live-chat-support 8.0.06 Unauthenticated.Stored.XSS MEDIUM" "wp-live-chat-support 7.1.05 Cross-Site.Scripting.(XSS) MEDIUM" "wp-live-chat-support 1.7.03 XSS MEDIUM" "wp-live-chat-support 7.0.07 Cross-Site.Scripting.(XSS) MEDIUM" "wp-live-chat-support 6.2.04 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-live-chat-support 6.2.02 Stored.Cross-Site.Scripting MEDIUM" "woo-product-variation-gallery 2.3.4 Reflected.Cross-Site.Scripting HIGH" "wxsync No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-inimat No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "watermark-reloaded No.known.fix Cross-Site.Request.Forgery.via.optionsPage HIGH" "wp-team-manager 2.1.13 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-team-manager 2.0.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "woocommerce-follow-up-emails 4.9.50 Unauthenticated.Reflected.XSS HIGH" "woocommerce-follow-up-emails 4.9.50 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wp-graphql-woocommerce 0.12.4 Unauthenticated.Coupon.Codes.Disclosure MEDIUM" "wp-share-buttons-analytics-by-getsocial 4.4 Admin+.Stored.XSS LOW" "wp-stats-dashboard No.known.fix Authenticated.Blind.SQL.Injection HIGH" "widget-twitter No.known.fix Contributor+.SQLi MEDIUM" "wp-central No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-central 1.5.1 Improper.Access.Control.to.Privilege.Escalation HIGH" "wpfrom-email 1.8.9 Admin+.Stored.XSS LOW" "wp-magazine-modules-lite 1.1.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wd-google-maps No.known.fix Authenticated.(Administrator+).SQL.Injection CRITICAL" "wd-google-maps 1.0.74 Missing.Authorization.to.Notice.Dismissal MEDIUM" "wd-google-maps 1.0.74 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "wd-google-maps 1.0.73 Unauthenticated.SQLi HIGH" "wd-google-maps 1.0.72 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wd-google-maps 1.0.70 Authenticated.Stored.XSS MEDIUM" "wp-site-protector No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-native-articles 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-dynamic-keywords-injector 2.3.22 Reflected.Cross-Site.Scripting MEDIUM" "wp-dynamic-keywords-injector 2.3.16 Settings.Update.via.CSRF MEDIUM" "weixin-robot-advanced No.known.fix Reflected.XSS HIGH" "woo-checkout-regsiter-field-editor 2.1.9 Cross-Site.Request.Forgery MEDIUM" "woocommerce-catalog-enquiry 5.0.6 Cross-Site.Request.Forgery.via.REST.API MEDIUM" "woocommerce-catalog-enquiry 5.0.3 Unauthenticated.Stored.XSS.via.Arbitrary.Setting.Update HIGH" "woocommerce-catalog-enquiry 5.0.3 Unauthenticated.Inquiry.Saving.&.Sensitive.Information.Disclosure MEDIUM" "woocommerce-catalog-enquiry 3.1.0 Arbitrary.File.Upload HIGH" "wc-return-warrranty No.known.fix Reflected.Cross-Site.Scripting HIGH" "wapppress-builds-android-app-for-website 6.0.5 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wapppress-builds-android-app-for-website 6.0.5 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "wapppress-builds-android-app-for-website 6.0.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-mailster 1.5.5 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "wp-club-manager 2.2.12 Missing.Authorization MEDIUM" "wp-club-manager 2.2.12 Authenticated.(Player+).Stored.Cross-Site.Scripting MEDIUM" "wp-club-manager 2.2.11 Missing.Authorization.to.Unauthenticated.Event.Permalink.Update MEDIUM" "wassup No.known.fix Unauthenticated.Stored.XSS HIGH" "wassup 1.9.1 Cross.Site.Scripting MEDIUM" "wp-posturl No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "wp-user-control No.known.fix Unauthenticated.password.reset MEDIUM" "wp-htpasswd No.known.fix Admin+.Stored.XSS LOW" "wp-google-street-view 1.0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wiseagentleadform 3.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-planet No.known.fix Unauthenticated.Reflected.XSS MEDIUM" "wpjobboard 5.7.0 Unauthenticated.SQL.Injection CRITICAL" "wpjobboard 5.7.0 Unauthenticated.Reflected.XSS.&.XFS MEDIUM" "wpjobboard 5.6.0 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wpjobboard 4.5 Multiple.SQL.Injections HIGH" "wpjobboard 5.0 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "wp-turnstile-cloudflare-captcha No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-total-sales No.known.fix Missing.Authorization.to.Unauthenticated.Sales.Report.Retrieval MEDIUM" "woocommerce-shipping-multiple-addresses 3.8.10 Missing.Authorization MEDIUM" "woocommerce-shipping-multiple-addresses 3.8.6 Cross-Site.Request.Forgery MEDIUM" "woocommerce-shipping-multiple-addresses 3.8.6 Customer+.Shipping.Address.Update MEDIUM" "woocommerce-shipping-multiple-addresses 3.8.6 Reflected.Cross-Site.Scripting HIGH" "woocommerce-shipping-multiple-addresses 3.8.6 Billing.Address.Update.via.CSRF MEDIUM" "woocommerce-shipping-multiple-addresses 3.8.4 Subscriber+.Shipping.Address.Disclosure.via.IDOR MEDIUM" "woocommerce-shipping-multiple-addresses 3.7.2 Reflected.Cross-Site.Scripting HIGH" "woocommerce-shipping-multiple-addresses 3.7.2 Address.Creation/Update/Deletion.via.CSRF MEDIUM" "woocommerce-product-sort-and-display 2.4.2 Missing.Authorization MEDIUM" "woocommerce-extra-charges-to-payment-gateways No.known.fix Unauthorised.Arbitrary.Plugin.Settings.Change.to.Stored.XSS CRITICAL" "wp-appbox 4.4.0 Admin+.Stored.Cross-Site.Scripting LOW" "wp-appbox 4.3.18 Authenticated.Local.File.Inclusion LOW" "woo-admin-product-notes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-admin-product-notes No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-admin-product-notes No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "woocommerce-wholesale-prices 2.2.0 Missing.Authorization MEDIUM" "woocommerce-wholesale-prices 2.1.5.1 Cross-Site.Request.Forgery MEDIUM" "woocommerce-wholesale-prices 2.1.5.1 Subscriber+.Missing.Authorization.for.Plugin.Settings.Change MEDIUM" "woocommerce-wholesale-prices 2.1.5.1 Subscriber+.Stored.Cross-Site.Scripting HIGH" "wordpress-toolbar No.known.fix Open.Redirect MEDIUM" "woocommerce-gateway-stripe 7.6.2 Unauthenticated.Order.Deletion.via.IDOR LOW" "woocommerce-gateway-stripe 7.6.1 Cross-Site.Request.Forgery MEDIUM" "woocommerce-gateway-stripe 7.4.1 Subscriber+.Order.Intent.Update MEDIUM" "woocommerce-gateway-stripe 7.4.1 Unauthenticated.PII.Disclosure.via.IDOR HIGH" "wc-rest-payment No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wc-rest-payment No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-munich-blocks 0.10.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-munich-blocks 0.11.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-munich-blocks 0.7.3 Subscriber+.Arbitrary.Option.Update CRITICAL" "wc-customer-source 1.3.2 Authenticated.(Shop.Manager+).Stored.Cross-Site.Scripting MEDIUM" "wp-users-media No.known.fix Missing.Authorization.via.wpusme_save_settings MEDIUM" "wp-users-media No.known.fix Cross-Site.Request.Forgery.in.wpusme_save_settings MEDIUM" "woo-aliexpress-dropshipping 2.1.2 Unauthenticated.Arbitrary.Content.Deletion MEDIUM" "woo-aliexpress-dropshipping No.known.fix Missing.Authorization MEDIUM" "wp-news-magazine No.known.fix Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "wp-plugin-lister No.known.fix Settings.Update.to.Stored.XSS.via.CSRF HIGH" "wp-marketing-automations 2.8.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-marketing-automations 2.7.0 Authenticated(Administrator+).SQL.Injection MEDIUM" "wp-marketing-automations 2.1.2 Subscriber+.Automation.Creation MEDIUM" "wc-j-upsellator 2.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "watupro 5.5.3.7 SQL.Injection CRITICAL" "watupro 4.9.0.8 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wpfunnels 3.0.7 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wpfunnels 2.7.17 Reflected.Cross-Site.Scripting HIGH" "wpfunnels 2.6.9 Contributor+.Stored.XSS MEDIUM" "wp-photo-album-plus 8.8.02.003 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wp-photo-album-plus 8.8.00.003 Reflected.Cross-Site.Scripting MEDIUM" "wp-photo-album-plus 8.7.00.004 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "wp-photo-album-plus 8.7.01.002 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-photo-album-plus 8.6.03.005 Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "wp-photo-album-plus 8.6.01.005 IP.Spoofing MEDIUM" "wp-photo-album-plus 8.6.01.003 Insecure.Direct.Object.Reference MEDIUM" "wp-photo-album-plus 8.6.01.005 .Cross-Site.Scripting MEDIUM" "wp-photo-album-plus 8.0.10 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-structuring-markup No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wordpress-file-upload-pro 4.16.3 Contributor+.Path.Traversal.to.RCE CRITICAL" "wordpress-file-upload-pro 4.16.3 Contributor+.Stored.Cross-Site.Scripting.via.Malicious.SVG MEDIUM" "wordpress-file-upload-pro 4.16.3 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "woc-order-alert 3.2.2 Unauthenticated.SQLi HIGH" "wpcom-member 1.5.3 Unauthenticated.Privilege.Escalation.via.User.Meta CRITICAL" "wppdf No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-emoji-one No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-film-studio 1.3.5 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "waiting No.known.fix Subscriber+.Stored.XSS HIGH" "waiting No.known.fix Subscriber+.SQLi HIGH" "waiting No.known.fix Missing.Authorization MEDIUM" "waiting No.known.fix Admin+.Cross-Site.Scripting LOW" "waiting No.known.fix Cross-Site.Request.Forgery MEDIUM" "woocommerce-sendinblue-newsletter-subscription 4.0.18 Authenticated.(Editor+).Arbitrary.File.Download.and.Deletion HIGH" "woo-confirmation-email No.known.fix Reflected.XSS HIGH" "woo-confirmation-email No.known.fix Authentication.bypass.via.weak.token.generation HIGH" "woo-confirmation-email 3.4.0 CSRF.leading.to.Option.Update CRITICAL" "wp-popup-banners No.known.fix Subscriber+.SQLi HIGH" "wp-popup-banners No.known.fix Subscriber+.SQLi HIGH" "wp-popup-banners 1.2.4 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wp-child-theme-generator 1.1.2 Missing.Authorization.to.Unauthenticated.Child.Theme.Creation/Activation MEDIUM" "wp-child-theme-generator 1.1.3 Admin+.Arbitrary.File.Upload MEDIUM" "wordpress-database-reset 3.23 Cross-Site.Request.Forgery.to.WP.Reset.Plugin.Installation MEDIUM" "wordpress-database-reset 3.15 Unauthenticated.Database.Reset CRITICAL" "wordpress-database-reset 3.15 Privilege.Escalation HIGH" "woo-advanced-shipment-tracking 3.5.3 CSRF MEDIUM" "woo-advanced-shipment-tracking 3.2.7 Authenticated.Options.Change CRITICAL" "wh-testimonials No.known.fix Unauthenticated.Stored.XSS HIGH" "wpb-show-core 2.7 Reflected.XSS HIGH" "wpb-show-core 2.7 Reflected.XSS HIGH" "wpb-show-core 2.6 Reflected.XSS HIGH" "wpb-show-core No.known.fix Unauthenticated.Server.Side.Request.Forgery MEDIUM" "wpb-show-core No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "wpb-show-core No.known.fix Reflected.Cross-Site.Scripting HIGH" "wp-s3 1.6 Reflected.XSS HIGH" "wp-sheet-editor-bulk-spreadsheet-editor-for-posts-and-pages 2.25.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-sheet-editor-bulk-spreadsheet-editor-for-posts-and-pages 2.24.13 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "widget-for-contact-form-7 No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "widget-options 4.0.2 Extended.<=.5.1.0.&..Widget.Options.<=.4.0.1.-.Authenticated.(Subscriber+).Information.Disclosure MEDIUM" "woocommerce-checkout-cielo No.known.fix Insufficient.Verification.of.Data.Authenticity.to.Order.Payment.Status.Update MEDIUM" "wpkoi-templates-for-elementor 2.5.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Parameters MEDIUM" "wpkoi-templates-for-elementor 2.5.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Advanced.Heading.Widget MEDIUM" "woo-customers-manager 1.1.14 Reflected.Cross-Site.Scripting MEDIUM" "woo-customers-manager 1.1.13 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wooemailreport No.known.fix Reflected.XSS HIGH" "wp-youtube-live 1.8.3 Admin+.Stored.Cross.Site.Scripting LOW" "wp-youtube-live 1.7.22 Authenticated.Reflected.Cross-Site.Scripting MEDIUM" "winterlock 1.0.23 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "winterlock 1.0.21 Unauthenticated.Stored.Cross-Site.Scripting CRITICAL" "wp-blogs-planetarium No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-media-library-categories 2.0.1 Admin+.Stored.XSS LOW" "wp-media-library-categories 2.0.0 Admin+.Stored.XSS LOW" "wp-original-media-path 2.4.1 Admin+.Stored.XSS LOW" "wc4bp 3.4.20 Missing.Authorization MEDIUM" "wc4bp 3.4.21 Authenticated.(Subscriber+).PHP.Object.Injection.in.get_simple_request HIGH" "wc4bp 3.4.16 Reflected.Cross-Site.Scripting MEDIUM" "wc4bp 3.4.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wc4bp 3.2.6 Subscriber+.Arbitrary.Option.Update CRITICAL" "white-page-publication No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "wordpress-seo-premium 11.6 Authenticated.Stored.XSS CRITICAL" "woo-login-redirect No.known.fix Cross-Site.Request.Forgery MEDIUM" "woo-login-redirect No.known.fix CSRF MEDIUM" "woo-conditional-product-fees-for-checkout 3.9.3.2 Reflected.Cross-Site.Scripting MEDIUM" "woo-conditional-product-fees-for-checkout 3.8.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-swimteam 1.45 Local.File.Inclusion MEDIUM" "wp-pro-quiz No.known.fix Arbitrary.Quiz.Deletion.via.CSRF MEDIUM" "wp-bugbot No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-bugbot No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "webappick-product-feed-for-woocommerce 6.5.7 Shop.Manager+.Arbitrary.Options.Update HIGH" "webappick-product-feed-for-woocommerce 3.1.15 Authenticated.Reflected.XSS MEDIUM" "woocommerce-product-addon 32.0.21 Unauthenticated.Content.Injection.Vulnerability MEDIUM" "woocommerce-product-addon 32.0.19 Unauthenticated.Arbitrary.File.Upload.via.ppom_upload_file CRITICAL" "woocommerce-product-addon 32.0.7 Reflected.Cross-Site.Scripting HIGH" "woocommerce-product-addon 32.0.6 Admin+.Stored.Cross-Site.Scripting LOW" "woocommerce-product-addon 24.0 Subscriber+.Settings.Update.to.Stored.XSS MEDIUM" "woocommerce-product-addon 18.4 Authenticated.Stored.XSS MEDIUM" "wp-hijri 1.5.2 Reflected.XSS HIGH" "woo-abandoned-cart-recovery 1.0.4.1 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "woo-abandoned-cart-recovery 1.0.4.1 Cross-Site.Request.Forgery MEDIUM" "wp-inventory-manager 2.1.0.14 Inventory.Items.Deletion.via.CSRF MEDIUM" "wp-inventory-manager 2.1.0.13 Reflected.Cross-Site.Scripting HIGH" "wp-inventory-manager 2.1.0.12 Reflected.XSS HIGH" "wp-content-pilot 1.3.4 Authenticated.(Contributor+).Content.Injection MEDIUM" "wp-top-news 2.3.7 Reflected.Cross-Site.Scripting MEDIUM" "wp-top-news 2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "webriti-smtp-mail No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "wp-stats 2.52 CSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "wordpress-gallery No.known.fix "load".Remote.File.Inclusion CRITICAL" "wpb-advanced-faq No.known.fix Contributor+.Stored.XSS MEDIUM" "wpworx-faq No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpworx-faq No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "woo-product-slider 2.6.4 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "woo-product-slider 2.5.7 Subscriber+.Arbitrary.Options.Deletion HIGH" "white-label 2.9.1 Cross-Site.Request.Forgery.via.white_label_reset_wl_admins MEDIUM" "woo-thank-you-page-nextmove-lite 2.18.2 Cross-Site.Request.Forgery MEDIUM" "woo-thank-you-page-nextmove-lite 2.18.1 Missing.Authorization.to.Unauthenticated.System.Information.Disclosure MEDIUM" "woo-thank-you-page-nextmove-lite 2.18.0 Subscriber+.Arbitrary.Plugin.Installation/Activation HIGH" "wpdm-premium-packages 5.8.3 Reflected.Cross-Site.Scripting MEDIUM" "wpdm-premium-packages 5.7.5 Sell.Digital.Products.Securely.<.5.7.5.-.Subscriber+.Privilege.Escalation HIGH" "ws-form 1.9.218 Unauthenticated.CSV.Injection MEDIUM" "ws-form 1.9.171 Authenticated(Administrator+).SQL.Injection MEDIUM" "ws-form 1.8.176 Admin+.Stored.Cross-Site.Scripting LOW" "ws-form 1.8.176 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-google-tag-manager No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wp-attachments No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "wp-attachments 5.0.6 Admin+.Stored.XSS LOW" "wp-attachments 5.0.5 Admin+.Stored.Cross-Site.Scripting LOW" "wp-maintenance-mode 2.6.9 Subscriber+.Page.design.Update MEDIUM" "wp-maintenance-mode 2.4.5 Subscribed.Users.Deletion.via.CSRF MEDIUM" "wp-maintenance-mode 2.0.7 Authenticated.Multisite.Remote.Code.Execution HIGH" "wp-maintenance-mode 2.0.7 Missing.Settings.Authorization MEDIUM" "wp-maintenance-mode 2.0.7 Subscriber.Information.Disclosure MEDIUM" "wp-ecommerce-paypal 1.9.1 Unauthenticated.Open.Redirect HIGH" "wp-ecommerce-paypal 1.9 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "wp-ecommerce-paypal 1.8.2 Cross-Site.Request.Forgery MEDIUM" "wp-ecommerce-paypal 1.7.4 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "wp-ecommerce-paypal 1.7.3 CSRF.to.Stored.Cross-Site.Scripting HIGH" "wp-rss-aggregator 4.23.12 Missing.Authorization.to.Authenticated.(Subscriber+).Feed.State.Update MEDIUM" "wp-rss-aggregator 4.23.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-rss-aggregator 4.23.6 Authenticated.(Admin+).Server-Side.Request.Forgery.via.RSS.Feed.Source LOW" "wp-rss-aggregator 4.23.5 Admin+.Stored.XSS MEDIUM" "wp-rss-aggregator 4.20 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-rss-aggregator 4.19.3 Subscriber+.Stored.Cross-Site.Scripting HIGH" "wp-rss-aggregator 4.19.2 Admin+.Stored.Cross-Site.Scripting LOW" "widget4call No.known.fix Reflected.XSS HIGH" "wp-athletics No.known.fix Subscriber+.Stored.Cross-Site.Scripting HIGH" "wp-athletics No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-whatsapp-request-quote No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "wpcalc No.known.fix Authenticated.SQL.Injection MEDIUM" "wp-eMember 10.7.0 Stored.XSS.via.CSRF HIGH" "wp-eMember 10.6.7 Reflected.XSS MEDIUM" "wp-eMember 10.6.6 Admin+.Arbitrary.File.Upload MEDIUM" "wp-eMember 10.6.6 Reflected.XSS HIGH" "wp-eMember 10.6.6 Bulk.Delete.via.CSRF MEDIUM" "wp-eMember 10.6.7 Reflected.XSS.via.Member.Edit HIGH" "wp-eMember 10.6.7 Unauthenticated.Stored.XSS.via.Member.Registration HIGH" "wp-eMember 10.6.6 Reflected.XSS HIGH" "wp-eMember 10.6.6 Stored.XSS.in.Blacklist.via.CSRF HIGH" "wp-eMember 10.3.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-eMember 10.3.9 Reflected.XSS HIGH" "wp-simple-post-view 2.0.1 Post.View.Data.Reset.via.CSRF MEDIUM" "wp-default-feature-image No.known.fix Admin+.Stored.XSS LOW" "wp-etracker No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-opt-in No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "wpdtol-database-table-overview-logs 1.1.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-airbnb-review-slider 3.3 Subscriber+.SQLi HIGH" "wp-airbnb-review-slider 3.3 CSRF MEDIUM" "woocommerce-delivery-notes 4.9.0 Missing.Authorization.to.Notice.Dismissal MEDIUM" "woocommerce-delivery-notes 4.7.2 Reflected.XSS HIGH" "wp-cookie-law-info No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wpml-string-translation 3.2.6 Admin+.SQLi MEDIUM" "word-count-analysis No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wooswipe 3.0.0 Subscriber+.Settings.Update MEDIUM" "whmcs-bridge 6.4b Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "whmcs-bridge 6.3 Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "wp-heyloyalty No.known.fix Unauthenticated.RCE.via.PHPUnit CRITICAL" "wp-travel 7.8.1 Unauthenticated.AJAX.Calls MEDIUM" "wp-travel 4.2.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-travel 4.4.7 CSRF.Nonce.Bypasses MEDIUM" "wp-travel 4.4.7 Cross-Site.Request.Forgery MEDIUM" "wp-mailto-links 3.1.4 Contributor+.Stored.XSS MEDIUM" "wordpress-access-control No.known.fix Improper.Access.Control.to.Sensitive.Information.Exposure.via.REST.API MEDIUM" "wc-dynamic-pricing-and-discounts 2.4.2 Unauthenticated.Settings.Import.to.Stored.XSS HIGH" "wc-dynamic-pricing-and-discounts 2.4.2 Unauthenticated.Settings.Export MEDIUM" "wp-discourse 2.5.2 Missing.Authorization MEDIUM" "wc-cross-seller No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wc-cross-seller No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-job-portal 2.1.7 Missing.Authorization.to.Unauthenticated.Local.File.Inclusion,.Arbitrary.Settings.Update,.and.User.Creation CRITICAL" "wp-job-portal No.known.fix Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "wp-job-portal 2.1.4 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-job-portal 2.1.4 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-job-portal 2.0.7 Cross-Site.Request.Forgery MEDIUM" "wp-job-portal 2.0.6 Unauthenticated.SQLi HIGH" "wp-job-portal 2.0.2 Unauthenticated.Settings.Update MEDIUM" "wp-job-portal 2.0.6 Subscriber+.Stored.XSS HIGH" "wp-analytify 5.4.0 Cross-Site.Request.Forgery.to.Opt-out MEDIUM" "wp-analytify 5.2.4 Cross-Site.Request.Forgery MEDIUM" "wp-analytify 5.2.4 Missing.Authorization MEDIUM" "wp-analytify 5.2.4 Missing.Authorization.to.Unauthenticated.Google.Analytics.Tracking.ID.Modification MEDIUM" "wp-analytify 5.2.0 Cross-Site.Request.Forgery MEDIUM" "wp-analytify 5.1.1 Missing.Authorization.to.Opt-In MEDIUM" "wp-analytify 4.2.3 Cache.Deletion.via.CSRF MEDIUM" "wp-analytify 4.2.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-chgfontsize No.known.fix Arbitrary.Settings.Update.via.CSRF.to.Stored.XSS MEDIUM" "wp-fundraising-donation 1.7.1 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "wp-fundraising-donation 1.7.0 Missing.Authorization MEDIUM" "wp-fundraising-donation 1.5.0 Unauthenticated.SQLi HIGH" "wc-multivendor-marketplace 3.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wc-multivendor-marketplace 3.5.0 Multiple.CSRF MEDIUM" "wc-multivendor-marketplace 3.4.12 Subscriber+.Unauthorised.AJAX.Calls HIGH" "wc-multivendor-marketplace 3.4.12 WooCommerce.Multivendor.Marketplace.<.3.4.12.-.Unauthenticated.SQL.Injection HIGH" "wp-invoice No.known.fix Arbitrary.Settings.Update.via.CSRF HIGH" "wp-invoice No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "wp-invoice 4.1.1 Multiple.Vulnerabilities MEDIUM" "wp-twitter-mega-fan-box No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wpgsi-professional 3.6.0 Reflected.Cross-Site.Scripting HIGH" "wpgsi-professional 3.6.0 CSRF.Bypass MEDIUM" "wufoo-shortcode 1.52 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wordpress-tooltips 9.5.3 Cross-Site.Request.Forgery MEDIUM" "wordpress-tooltips 9.4.5 Authenticated.(Contributor+).SQL.Injection CRITICAL" "wpbricks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpbricks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-db-table-editor No.known.fix Missing.Authorization.to.Authenticated(Contributor+).Database.Access HIGH" "wp-food-manager 1.0.4 Admin+.Stored.XSS LOW" "wp-coming-soon-booster 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "woo-custom-and-sequential-order-number No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-seo-tags No.known.fix Reflected.Cross-Site.Scripting HIGH" "wp-transactions 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "woo-advanced-extra-fees-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-board No.known.fix Unauthenticated.SQL.Injection CRITICAL" "wp-ultra-simple-paypal-shopping-cart 4.5 Cross-Site.Request.Forgery.(CSRF) HIGH" "wootrello No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wootrello 2.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "web3-token-gate 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "wordprezi 0.9 Contributor+.Strored.XSS MEDIUM" "wp-config-file-editor No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wpc-composite-products 7.2.8 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wpdatatables 6.3.2 Tables.&.Table.Charts.(Premium).<.6.3.2.-.Unauthenticated.SQL.Injection CRITICAL" "wpdatatables 6.4 Tables.&.Table.Charts.(Premium).<.6.4.-.Missing.Authorization.to.DataTable.Access.&.Modification HIGH" "wpdatatables 3.4.2.14 Unauthenticated.Stored.Cross-Site.Scripting.via.CSV.Import MEDIUM" "wpdatatables 3.4.2.5 Reflected.Cross-Site.Scripting. MEDIUM" "wpdatatables 2.1.66 Admin+.PHP.Object.Injection MEDIUM" "wpdatatables 2.1.50 Contributor+.Stored.XSS MEDIUM" "wpdatatables 2.1.28 Admin+.Stored.Cross-Site.Scripting LOW" "wpdatatables 2.1.28 Admin+.Stored.Cross-Site.Scripting LOW" "wpdatatables 3.4.2 Improper.Access.Control.leading.to.Table.Permission.Takeover HIGH" "wpdatatables 3.4.2 Blind.SQL.Injection.via.start.Parameter CRITICAL" "wpdatatables 3.4.2 Improper.Access.Control.leading.to.Table.Data.Deletion MEDIUM" "wpdatatables 3.4.2 Blind.SQL.Injection.via.length.Parameter CRITICAL" "wpdatatables 3.4.1 Unauthenticated.SQL.Injection CRITICAL" "wpdatatables 2.0.12 Cross-Site.Scripting.(XSS).&.SQL.Injection HIGH" "wpdatatables 1.5.4 Unauthenticated.SQL.Injection CRITICAL" "wpdatatables 1.5.4 Unauthenticated.Shell.Upload CRITICAL" "wd-google-analytics No.known.fix Missing.Authorization.via.gawd_wd_bp_install_notice_status MEDIUM" "wd-google-analytics 1.2.9 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wp-image-carousel No.known.fix Contributor+.Stored.XSS MEDIUM" "wc-remove-tabs-and-fields 1.68 Reflected.Cross-Site.Scripting MEDIUM" "woorocks-magic-content-for-siteorigins-pagebuilder No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woorocks-magic-content-for-siteorigins-pagebuilder No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-live-chat-support-pro 8.0.32 File.Upload.Bypass CRITICAL" "wp-live-chat-support-pro 8.0.0.7 Unauthenticated.RCE CRITICAL" "wp-sort-order 1.3.2 Missing.Authorization MEDIUM" "wp-songbook No.known.fix Reflected.Cross-Site.Scripting HIGH" "wp-import-export 3.9.16 Unauthenticated.Sensitive.Data.Disclosure HIGH" "wp-popup-lite No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wptools-masonry-gallery-posts-for-divi 3.5.1 Reflected.Cross-Site.Scripting MEDIUM" "wptools-masonry-gallery-posts-for-divi 3.1.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woothemes-sensei 4.24.0.1.24.0 Unauthenticated.Rewrite.Rules.Flushing MEDIUM" "woothemes-sensei 4.24.0.1.24.0 Authenticated.(Student+).Stored.Cross-Site.Scripting MEDIUM" "wp-nested-pages 3.2.8 Cross-Site.Request.Forgery.to.Local.File.Inclusion HIGH" "wp-nested-pages 3.2.7 Admin+.Stored.XSS LOW" "wp-nested-pages 3.2.4 Editor+.Plugin.Settings.Reset LOW" "wp-nested-pages 3.1.21 Admin+.Stored.Cross.Site.Scripting LOW" "wp-nested-pages 3.1.16 Open.Redirect MEDIUM" "wp-nested-pages 3.1.16 CSRF.to.Arbitrary.Post.Deletion.and.Modification HIGH" "wp-dummy-content-generator 3.3.0 Unauthenticated.Code.Injection CRITICAL" "wp-dummy-content-generator 3.1.3 Missing.Authorization MEDIUM" "wp-dummy-content-generator 3.0.0 Cross-Site.Request.Forgery MEDIUM" "whizz 1.1.1 Cross-Site.Request.Forgery.(CSRF) HIGH" "whizz 1.0.8 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-code-highlightjs No.known.fix Undisclosed.Cross-Site.Scripting.(XSS) MEDIUM" "wp-code-highlightjs 0.6.3 CSRF.to.Stored.XSS MEDIUM" "wp-travel-engine 5.9.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-travel-engine 5.8.1 Unauthenticated.Price.Manipulation MEDIUM" "wp-travel-engine 5.8.0 Authenticated.(Administrator+).SQL.Injection CRITICAL" "wp-travel-engine 5.8.0 Unauthenticated.SQL.Injection CRITICAL" "wp-travel-engine 5.7.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-travel-engine 5.3.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-travel-engine 5.3.1 Editor+.Stored.Cross-Site.Scripting LOW" "wp-admin-notification-center 2.3.3 Settings.Update.via.CSRF MEDIUM" "wp-optin-wheel 1.4.3 Sensitive.Information.Exposure.via.Log.File MEDIUM" "wp-post-page-clone 1.2 Unauthorised.Post.Access MEDIUM" "wp-post-page-clone 1.1 SQL.Injections.due.to.Duplicated.Snippets HIGH" "wp-force-ssl 1.67 Missing.Authorization.to.Settings.Update MEDIUM" "wp-anything-slider 9.2 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "wp-social-buttons No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "wp-socializer 7.3 Admin+.Stored.Cross-Site.Scripting LOW" "wp-simple-html-sitemap 2.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-simple-html-sitemap 2.8 Missing.Authorization MEDIUM" "wp-simple-html-sitemap 2.3 Reflected.XSS HIGH" "wp-simple-html-sitemap 2.6 Contributor+.Stored.XSS MEDIUM" "wp-prayers-request No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-prayers-request No.known.fix Email.Settings.Update.via.CSRF MEDIUM" "wp-limit-failed-login-attempts 5.1 Unauthenticated.SQLi HIGH" "wp-limit-failed-login-attempts 3.1 Arbitrary.Plugin.Installation/Activation.via.CSRF CRITICAL" "wp-limit-failed-login-attempts 2.9 Arbitrary.Plugin.Installation/Activation.via.Low.Privilege.User CRITICAL" "wallet-system-for-woocommerce 2.5.14 Information.Exposure.via.Log.Files MEDIUM" "wallet-system-for-woocommerce 2.5.10 Cross-Site.Request.Forgery MEDIUM" "wp-foft-loader 2.1.29 Reflected.Cross-Site.Scripting MEDIUM" "wp-foft-loader 2.1.21 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-insert 2.5.1 Admin+.Stored.XSS MEDIUM" "wp-security-pro 4.2.1 Admin+.Stored.Cross-Site.Scripting LOW" "woocommerce-order-address-print No.known.fix Reflected.XSS HIGH" "woo-smart-wishlist 4.7.2 Add/Remove.Wishlist.Items.via.CSRF MEDIUM" "woo-smart-wishlist 2.9.9 Reflected.Cross-Site.Scripting MEDIUM" "woo-smart-wishlist 2.9.4 Reflected.Cross-Site.Scripting MEDIUM" "wp-line-notify 1.4.5 Reflected.XSS HIGH" "wbcom-designs-buddypress-ads 1.3.1 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "wordlift 3.37.2 Admin+.Stored.Cross-Site.Scripting LOW" "where-i-was-where-i-will-be No.known.fix Unauthenticated.Remote.File.Inclusion CRITICAL" "wp-remote-users-sync 1.2.13 Subscriber+.SSRF HIGH" "wp-remote-users-sync 1.2.12 Subscriber+.Log.Access MEDIUM" "wp-mpdf 3.8 Reflected.Cross-Site.Scripting MEDIUM" "wp-mpdf 3.5.2 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "woocommerce-multilingual 5.3.4 Shop.Manager+.SQL.Injection MEDIUM" "woocommerce-multilingual 5.3.4 Shop.Manager+.SQL.Injection MEDIUM" "woocommerce-multilingual 5.3.4 Shop.Manager+.SQL.Injection MEDIUM" "woocommerce-multilingual 5.3.4 Shop.Manager+.SQL.Injection MEDIUM" "woocommerce-multilingual 5.3.5 Missing.Authorization MEDIUM" "wp-remote-site-search 1.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-automatic 3.95.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.autoplay.Parameter MEDIUM" "wp-automatic 3.93.0 WordPress.Automatic.Plugin.<.3,93,0.Cross-Site.Request.Forgery MEDIUM" "wp-automatic 3.92.1 Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "wp-automatic 3.92.1 Unauthenticated.SQL.Injection CRITICAL" "wp-automatic 3.92.1 Unauthenticated.Arbitrary.File.Download.and.Server-Side.Request.Forgery CRITICAL" "wp-automatic 3.53.3 Unauthenticated.Arbitrary.Options.Update CRITICAL" "wpview No.known.fix Admin+.Stored.XSS LOW" "woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers 2.1.6 Settings.Update.via.CSRF MEDIUM" "woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers 2.1.4.1 Reflected.Cross-Site.Scripting MEDIUM" "woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers 2.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpematico 2.6.12 Admin+.Stored.Cross-Site.Scripting LOW" "wp-topbar No.known.fix CSRF MEDIUM" "wp-topbar No.known.fix Admin+.SQLi MEDIUM" "wp-pinterest-automatic 4.14.4 Unauthenticated.Arbitrary.Options.Update CRITICAL" "wp-custom-login-page No.known.fix Admin+.Stored.XSS LOW" "wens-responsive-column-layout-shortcodes No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-paytm-pay No.known.fix Donation.Plugin.<=.1.3.2.-.Authenticated.(admin+).SQL.Injection MEDIUM" "woo-seo-content-randomizer-addon 1.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-pocket-urls 1.0.3 Reflected.Cross-Site.Scripting HIGH" "wp-job-openings 3.4.3 Sensitive.Data.Exposure.via.Directory.Listing MEDIUM" "wp-stacker No.known.fix Stored.XSS.via.CSRF HIGH" "wp-abstracts-manuscripts-manager 2.6.4 Admin+.Stored.XSS LOW" "wp-abstracts-manuscripts-manager 2.6.3 Cross-Site.Request.Forgery MEDIUM" "wp-abstracts-manuscripts-manager 2.6.4 Reflected.XSS HIGH" "woocommerce-amazon-affiliates-light-version No.known.fix Lite.<=.3.1.-.CSRF MEDIUM" "wp-search-filter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-search-filter No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-payeezy-pay 2.98 Local.File.Inclusion CRITICAL" "woo-related-products-refresh-on-reload 3.3.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-smtp 1.2.7 1.2.6.-.Authenticated.(Admin+).SQL.Injection HIGH" "wha-crossword No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wha-crossword No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-cron-status-checker 1.2.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-cron-status-checker 1.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-dropshipping No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Email.Send MEDIUM" "woocommerce-dropshipping 4.4 Unauthenticated.SQLi HIGH" "wp-easy-pay 4.2.4 Missing.Authorization.to.Unauthenticated.Service.Disconnection MEDIUM" "wp-easy-pay 4.2b1 Reflected.Cross-Site.Scripting MEDIUM" "wp-easy-pay 4.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-easy-pay 4.1 CSRF MEDIUM" "wp-easy-pay 4.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-easy-pay 3.2.1 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "wp-easy-pay 3.2.3 Cross-Site.Request.Forgery MEDIUM" "wp-meteor 3.4.4 Unauthenticated.Full.Path.Disclosure MEDIUM" "wpb-elementor-addons 1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpb-elementor-addons 1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.url.Parameter MEDIUM" "wpb-elementor-addons 1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-woocommerce-quickbooks 1.1.9 Reflected.Cross-Site.Scripting HIGH" "wp-donottrack No.known.fix Authenticated.(admin+).Stored.XSS MEDIUM" "wp-custom-widget-area No.known.fix Subscriber+.Menus.Creation/Deletion/Update MEDIUM" "wp-custom-widget-area No.known.fix Missing.Authorization MEDIUM" "wc-product-table-lite 3.8.6 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "wc-product-table-lite 3.8.6 Missing.Authorization.to.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wc-product-table-lite 3.1.0 CSRF MEDIUM" "wc-product-table-lite 2.4.0 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-currency-switcher 1.4.2.2 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "woocommerce-currency-switcher 1.4.2.1 Missing.Authorization MEDIUM" "woocommerce-currency-switcher 1.4.1.9 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "woocommerce-currency-switcher 1.4.1.8 Cross-Site.Request.Forgery MEDIUM" "woocommerce-currency-switcher 1.4.1.7 Subscriber+.Stored.XSS MEDIUM" "woocommerce-currency-switcher 1.4.1.5 Cross-Site.Request.Forgery.via.delete_profiles_data MEDIUM" "woocommerce-currency-switcher 1.3.9.4 Contributor+.Stored.XSS MEDIUM" "woocommerce-currency-switcher 1.3.9.3 Contributor+.Stored.XSS MEDIUM" "woocommerce-currency-switcher 1.3.7.5 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-currency-switcher 1.3.7.3 Reflected.Cross-Site.Scripting HIGH" "woocommerce-currency-switcher 1.3.7.1 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-currency-switcher 1.3.7 Authenticated.(Low.Privilege).Local.File.Inclusion CRITICAL" "wisdm-reports-for-learndash 1.8.2.2 Reports.Free.<.1.8.2.2.-.Missing.Authorization.to.Plugin.Settings.Update MEDIUM" "woo-quick-cart-for-multiple-variations No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-quick-cart-for-multiple-variations No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-shortcode 1.4.17 CSRF MEDIUM" "wp-vertical-image-slider 1.2.17 .Reflected.XSS HIGH" "wp-vertical-image-slider 1.2.17 Reflected.Cross-Site.Scripting MEDIUM" "wp-vertical-image-slider 1.2 Cross-Site.Scripting.&.CSRF CRITICAL" "woo-gift-cards-lite 2.6.7 Missing.Authorization.to.Unauthenticated.Information.Exposure MEDIUM" "woo-gift-cards-lite 2.1.2 Cross-Site.Request.Forgery MEDIUM" "woo-gift-cards-lite 2.1.2 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "wordpress-nextgen-galleryview No.known.fix Reflected.XSS HIGH" "wordpress-nextgen-galleryview No.known.fix Cross-Site.Request.Forgery MEDIUM" "woo-shipping-display-mode 3.7.7 Reflected.Cross-Site.Scripting MEDIUM" "woo-shipping-display-mode 3.7.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-frontend-shop-manager 4.7.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "wp-stripe-donation 3.2.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-stripe-donation 3.1.6 AidWP.<.3.1.6.-.CSRF MEDIUM" "wp-stripe-donation 2.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wiser-notify 2.6 Missing.Authorization MEDIUM" "wn-flipbox-pro 2.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-politic 2.3.8 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "woocommerce-products-filter 1.3.6.2 Authenticated.(Shop.Manager+).Arbitrary.Options.Update HIGH" "woocommerce-products-filter 1.3.6.1 Products.Filter.Professional.for.WooCommerce.<.1.3.6.1.-.Unauthenticated.Time-Based.SQL.Injection CRITICAL" "woocommerce-products-filter 1.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "woocommerce-products-filter 1.3.5.3 Subscriber+..Remote.Code.Execution CRITICAL" "woocommerce-products-filter 1.3.5.3 Admin+.Local.File.Inclusion MEDIUM" "woocommerce-products-filter 1.3.5.2 Cross-Site.Request.Forgery MEDIUM" "woocommerce-products-filter 1.3.5.3 Contributor+.SQL.Injection HIGH" "woocommerce-products-filter 1.3.5.2 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "woocommerce-products-filter 1.3.4.4 Multiple.Connections/Stats.CSRF MEDIUM" "woocommerce-products-filter 1.3.4.3 Unauthenticated.SQL.Injection.via.search.terms CRITICAL" "woocommerce-products-filter 1.3.4.3 Missing.Authorization.via.woof_meta_get_keys() MEDIUM" "woocommerce-products-filter 1.3.2 Products.Filter.for.WooCommerce.<.1.3.2.-.Admin+.PHP.Object.Injection LOW" "woocommerce-products-filter 1.2.6.3 Products.Filter.for.WooCommerce.<.1.2.6.3.-.Reflected.Cross-Site.Scripting HIGH" "woocommerce-products-filter 1.2.0 Multiple.Issues CRITICAL" "wha-puzzle No.known.fix Contributor+.Stored.XSS MEDIUM" "wpextended 3.0.9 Reflected.Cross-Site.Scripting.via.selected_option MEDIUM" "wpextended 3.0.9 Reflected.Cross-Site.Scripting.via.page MEDIUM" "wpextended 3.0.9 Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "wpextended 3.0.9 Missing.Authorization.to.Admin.Username.Change MEDIUM" "wpextended 3.0.9 Directory.Traversal.to.Authenticated.(Subscriber+).Arbitrary.File.Download HIGH" "wpextended 3.0.9 Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "wpextended 3.0.9 Insecure.Direct.Object.Reference MEDIUM" "wpextended 3.0.0 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "word-balloon 4.22.0 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "word-balloon 4.20.3 Avatar.Removal.via.CSRF MEDIUM" "word-balloon 4.19.3 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-easycart 5.7.3 Authenticated.(Contributor+).SQL.Injection.via.model_number.Parameter HIGH" "wp-easycart 5.6.0 Missing.Authorization MEDIUM" "wp-easycart 5.6.5 Sensitive.Information.Exposure MEDIUM" "wp-easycart 5.6.0 Cross-Site.Request.Forgery MEDIUM" "wp-easycart 5.6.4 Contributor+.SQL.Injection MEDIUM" "wp-easycart 5.4.11 Administrator+.Time-based.SQL.Injection HIGH" "wp-easycart 5.4.9 Multiple.CSRFs MEDIUM" "wp-easycart 5.4.9 Product.Deletion.via.CSRF MEDIUM" "wp-easycart 5.4.3 Admin+.LFI MEDIUM" "wp-easycart 5.2.5 Arbitrary.Design.Settings.Update.via.CSRF MEDIUM" "wp-easycart 5.1.1 CSRF.to.Stored.Cross-Site.Scripting HIGH" "wp-easycart 3.0.21 3.0.20.-.Privilege.Escalation HIGH" "wp-humanstxt No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "wp-colorbox 1.1.5 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wp-gpx-map 1.1.23 Arbitrary.File.Upload CRITICAL" "web-invoice No.known.fix Authenticated.SQLi HIGH" "web-invoice No.known.fix Authenticated.SQLi HIGH" "webico-slider-flatsome-addons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wbc_image.Shortcode MEDIUM" "woo-recent-purchases No.known.fix Authenticated.(Admin+).Local.File.Inclusion HIGH" "wp-user-frontend 4.0.8 Authenticated.(Administrator+).SQL.Injection CRITICAL" "wp-user-frontend 4.0.8 Use.of.Polyfill.io MEDIUM" "wp-user-frontend 3.6.6 Authenticated.(Author+).Privilege.Escalation HIGH" "wp-user-frontend 3.6.9 Missing.Authorization.via.AJAX.actions MEDIUM" "wp-user-frontend 3.5.29 Obscure.Registration.as.Admin MEDIUM" "wp-user-frontend 3.5.26 SQL.Injection.to.Reflected.Cross-Site.Scripting HIGH" "wp-user-frontend 3.5.25 Admin+.SQL.Injection MEDIUM" "wats 1.0.64 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "weather-effect 1.3.4 CSRF.to.Stored.Cross-Site.Scripting HIGH" "weather-effect 1.3.6 Admin+.Stored.Cross-Site.Scripting LOW" "wpglobus-translate-options 2.2.0 Reflected.XSS HIGH" "wpgateway No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "wp-google-maps 9.0.39 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-google-maps 9.0.37 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-google-maps 9.0.30 Reflected.Cross-Site.Scripting HIGH" "wp-google-maps 9.0.35 Information.Exposure.to.Potential.Denial.of.Service MEDIUM" "wp-google-maps 9.0.33 Admin+.Stored.Cross-Site.Scripting MEDIUM" "wp-google-maps 9.0.33 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-google-maps 9.0.29 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "wp-google-maps 9.0.28 Unauthenticated.Stored.XSS HIGH" "wp-google-maps 9.0.16 Admin+.Path.Traversal LOW" "wp-google-maps 8.1.13 Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "wp-google-maps 8.1.12 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-google-maps 7.11.35 CSRF.to.Stored.XSS MEDIUM" "wp-google-maps 7.11.28 Admin.Settings.CSRF CRITICAL" "wp-google-maps 7.11.18 Unauthenticated.SQL.Injection MEDIUM" "wp-expand-tabs-free 2.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-expand-tabs-free 2.1.17 Contributor+.Stored.XSS MEDIUM" "wp-expand-tabs-free 2.1.15 Multiple.CSRF MEDIUM" "wc-multivendor-membership 2.11.0 Unauthenticated.Arbitrary.Password.Update.via.IDOR CRITICAL" "wc-multivendor-membership 2.10.1 Unauthenticated.AJAX.Calls HIGH" "wc-multivendor-membership 2.10.1 Unauthenticated.Privilege.Escalation CRITICAL" "wc-multivendor-membership 2.10.0 Multiple.CSRF MEDIUM" "woffice-core 5.4.9 Reflected.Cross-Site.Scripting MEDIUM" "woffice-core 5.4.9 Missing.Authorization MEDIUM" "wp-fountain No.known.fix Reflected.Cross-Site.Scripting HIGH" "wp-html-author-bio-by-ahmad-awais No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "woo-fiscalita-italiana No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-fiscalita-italiana 1.3.23 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-pexels-free-stock-photos No.known.fix Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "wp-pexels-free-stock-photos No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-parsidate 4.0.2 Reflected.Cross-Site.Scripting MEDIUM" "word-replacer-ultra No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Content.Update MEDIUM" "word-replacer-ultra No.known.fix Missing.Authorization MEDIUM" "wp-data-access 5.5.9 Cross-Site.Request.Forgery MEDIUM" "wp-data-access 5.3.11 Reflected.Cross-Site.Scripting MEDIUM" "wp-data-access 5.3.8 Subscriber+.Privilege.Escalation HIGH" "wp-data-access 5.1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-data-access 5.0.0 Admin+.SQL.Injection HIGH" "woo-pdf-invoices-bulk-download No.known.fix Reflected.Cross-Site.Scripting.via.PHPRelativePath.Library HIGH" "wp-affiliate-disclosure 1.2.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.$id MEDIUM" "wp-affiliate-disclosure 1.2.7 Cross-Site.Request.Forgery.via.check_capability MEDIUM" "wp-affiliate-disclosure 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-affiliate-disclosure 1.1.4 Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-payment-form 4.2.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-payment-form 4.2.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "woo-clover-gateway-by-zaytech 1.3.2 Missing.Authorization.via.callback_handler MEDIUM" "wp-video-gallery-free No.known.fix Unauthenticated.SQLi HIGH" "webinar-ignition 3.06.0 Cross-Site.Request.Forgery MEDIUM" "webinar-ignition 3.05.1 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "webinar-ignition 3.05.1 Missing.Authorization.to.Unauthenticated.Privilege.Escalation CRITICAL" "webinar-ignition 3.05.1 Unauthenticated.SQL.Injection CRITICAL" "webinar-ignition 3.1.2 Reflected.Cross-Site.Scripting MEDIUM" "webinar-ignition 2.14.3 Admin+.Stored.XSS LOW" "webinar-ignition 2.8.12 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-basic-elements 5.3.0 Settings.Update.via.CSRF MEDIUM" "wp-security-questions No.known.fix CSRF.Bypass MEDIUM" "wp-security-questions No.known.fix Cross-Site.Request.Forgery HIGH" "wp-stripe-checkout 1.2.2.42 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-stripe-checkout 1.2.2.38 Sensitive.Information.Exposure.via.Debug.Log HIGH" "wp-stripe-checkout 1.2.2.21 Contributor+.Stored.XSS MEDIUM" "wp-open-street-map 1.30 Arbitrary.Settings.Update.via.CSRF MEDIUM" "wpdm-gutenberg-blocks 2.1.9 Contributor+.XSS MEDIUM" "woo-preview-emails 2.2.2 Reflected.Cross-Site.Scripting MEDIUM" "woo-preview-emails 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "wooreviews-importer No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "wp-tripadvisor-review-slider 12.7 Authenticated.(Administrator+).SQL.Injection CRITICAL" "wp-tripadvisor-review-slider 11.9 Admin+.Stored.XSS LOW" "wp-tripadvisor-review-slider 11.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-tripadvisor-review-slider 10.8 Subscriber+.SQLi HIGH" "wp-members 3.4.9.4 Unprotected.Storage.of.Potentially.Sensitive.Files MEDIUM" "wp-members 3.4.9.3 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-members 3.4.9.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-members 3.4.9 Contributor+.Sensitive.Information.Exposure MEDIUM" "wp-members 3.4.8 Subscriber+.Unauthorized.Plugin.Settings.Update MEDIUM" "wp-members 3.2.8.1 Cross-Site.Request.Forgery.(CSRF) HIGH" "wp-members 3.1.8 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "wphelpkit 1.1 Reflected.Cross-Site.Scripting MEDIUM" "wphelpkit 1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpfavicon No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting LOW" "wp-flipclock 1.8 Contributor+.Stored.XSS MEDIUM" "woo-merchantx No.known.fix CSRF.Bypass MEDIUM" "woo-auto-coupons 3.0.15 Reflected.Cross-Site.Scripting MEDIUM" "wp-autosearch No.known.fix Unauthenticated.SQLi HIGH" "wp-useronline 2.88.3 Unauthenticated.Stored.XSS HIGH" "wp-useronline 2.88.1 Admin+.Stored.Cross-Site.Scripting LOW" "wp-useronline 2.88.0 Admin+.Stored.Cross-Site.Scripting LOW" "wp-subscribe 1.2.13 Admin+.Stored.Cross-Site.Scripting LOW" "wordpress-ping-optimizer No.known.fix Log.Clearing.via.CSRF MEDIUM" "wordpress-ping-optimizer 2.35.1.3.0 Arbitrary.Settings.Update.via.CSRF MEDIUM" "wpcf7-redirect 3.0.0 Missing.Authorization MEDIUM" "wpcf7-redirect 2.9.0 Reflected.Cross-Site.Scripting MEDIUM" "wpcf7-redirect 2.6.0 Unauthenticated.Options.Update.to.Stored.XSS HIGH" "wpcf7-redirect 2.5.0 Reflected.Cross-Site.Scripting MEDIUM" "wpcf7-redirect 2.5.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpcf7-redirect 2.3.4 Authenticated.Arbitrary.Plugin.Installation MEDIUM" "wpcf7-redirect 2.3.4 Authenticated.Arbitrary.Post.Deletion MEDIUM" "wpcf7-redirect 2.3.4 Unauthenticated.Arbitrary.Nonce.Generation MEDIUM" "wpcf7-redirect 2.3.4 Authenticated.PHP.Object.Injection HIGH" "wpcf7-redirect 2.3.4 Unprotected.AJAX.Actions MEDIUM" "whatsapp No.known.fix Contributor+.Stored.XSS MEDIUM" "wc-frontend-manager 6.7.9 Authenticated.(Shop.manager+).Stored.Cross-Site.Scripting MEDIUM" "wc-frontend-manager 6.6.1 Subscriber+.Unauthorised.AJAX.Calls MEDIUM" "wc-frontend-manager 6.6.0 Multiple.CSRF MEDIUM" "wc-frontend-manager 6.5.12 Frontend.Manager.for.WooCommerce.<.6.5.12.-.Customer/Subscriber+.SQL.Injection HIGH" "wp-phpmyadmin-extension 5.2.0.4 Admin+.Stored.Cross-Site.Scripting LOW" "wp-phpmyadmin-extension 5.2.0.4 Reflected.Cross-Site.Scripting MEDIUM" "wp-docs 2.1.4 Reflected.Cross-Site.Scripting MEDIUM" "wp-docs 2.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-docs 2.0.0 Reflected.XSS HIGH" "woocommerce-cvr-payment-gateway 6.1.0 Missing.Authorization.to.Authenticated.(Contributor+).CVR.Update MEDIUM" "wp-hubspot-woocommerce 1.0.5 Reflected.Cross-Site.Scripting HIGH" "wp-easy-contact 3.8 Admin+.Stored.Cross-Site.Scripting LOW" "wpadverts 2.1.3 Cross-Site.Request.Forgery MEDIUM" "wp-twilio-core 1.5.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-twilio-core 1.3.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "weather-atlas 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "whizzy No.known.fix Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "whizzy No.known.fix Missing.Authorization MEDIUM" "wp-eggdrop No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "wp-eggdrop No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-clone-by-wp-academy 2.4.6 Missing.Authorization MEDIUM" "wp-clone-by-wp-academy 2.4.4 Subscriber+.Unauthorised.Action.Calls MEDIUM" "wp-clone-by-wp-academy 2.4.3 Unauthenticated.Backup.Download HIGH" "wp-clone-by-wp-academy 2.3.8 Plugin.Installation.via.CSRF MEDIUM" "wp-clone-by-wp-academy 2.3.8 Subscriber+.Plugin.Installation MEDIUM" "wholesalex 1.3.3 Unauthenticated.Privilege.Escalation MEDIUM" "wholesalex 1.3.2 Sensitive.Information.Exposure.via.export_users MEDIUM" "wholesalex 1.3.3 Unauthenticated.PHP.Object.Injection CRITICAL" "wholesalex 1.3.2 Authenticated(Subscriber+).Missing.Authorization.via.multiple.AJAX.actions MEDIUM" "wp-mapit 3.0.0 Contributor+.Stored.XSS MEDIUM" "wpsection 1.3.9 Authenticated.(Contributor+).Local.File.Inlcusion HIGH" "woo-simple-frontend-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-simple-frontend-manager 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-last-modified-info 1.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.lmt-post-modified-info.Shortcode MEDIUM" "webinar-and-video-conference-with-jitsi-meet 2.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-meta-seo 4.5.13 Unauthenticated.Stored.Cross-Site.Scripting.via.Referer.header HIGH" "wp-meta-seo 4.5.13 Unauthenticated.Password.Protected.Content.Access MEDIUM" "wp-meta-seo 4.5.5 Author+.PHAR.Deserialization HIGH" "wp-meta-seo 4.5.3 Subscriber+.SQLi HIGH" "wp-meta-seo 4.5.3 Subscriber+.Improper.Authorization.causing.Arbitrary.Redirect MEDIUM" "wp-meta-seo 4.5.4 Subscriber+.Google.Analytics.Settings.Update MEDIUM" "wp-meta-seo 4.5.4 Subscriber+.SiteMap.Settings.Update MEDIUM" "wp-meta-seo 4.4.9 Social.Settings.Update.via.CSRF MEDIUM" "wp-meta-seo 4.4.7 Admin+.Stored.Cross-Site.Scripting.via.breadcrumbs LOW" "wp-file-checker No.known.fix Authenticated.(Admin+).Arbitrary.File.Deletion MEDIUM" "wpc-badge-management 2.4.1 Missing.Authorization MEDIUM" "wp-content-filter 3.1.0 Admin+.Stored.Cross.Site.Scripting LOW" "woo-address-book 1.6.0 CSRF HIGH" "wp-automedic No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-automedic 1.5.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-file-manager 7.2.8 Missing.Authorization MEDIUM" "wp-file-manager 7.2.6 Authenticated.(Administrator+).Directory.Traversal MEDIUM" "wp-file-manager 7.2.5 Cross-Site.Request.Forgery.to.Local.JS.File.Inclusion HIGH" "wp-file-manager 7.2.2 Directory.Traversal CRITICAL" "wp-file-manager 7.2.2 Sensitive.Information.Exposure.via.Backup.Filenames HIGH" "wp-file-manager 7.1 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-file-manager 6.9 Unauthenticated.Arbitrary.File.Upload.leading.to.RCE CRITICAL" "wp-file-manager 6.5 Backup.File.Directory.Listing MEDIUM" "wp-file-manager 5.2 Multiple.Vulnerabilities HIGH" "wp-file-manager 3.1 CSRF.to.Stored.Cross-Site.Scripting MEDIUM" "wp-file-manager 3.0 Authenticated.Reflected.Cross-Site.Scripting.(XSS) CRITICAL" "wcp-openweather No.known.fix Cross-Site.Request.Forgery MEDIUM" "wcp-openweather No.known.fix Reflected.XSS HIGH" "webful-simple-grocery-shop No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woc-open-close 4.9.2 Missing.Authorization MEDIUM" "wc-ciudades-y-regiones-de-chile No.known.fix Cross-Site.Request.Forgery.via.multiple.functions MEDIUM" "woo-product-attachment 2.2.0 Checkout.Attachements.Update.via.CSRF MEDIUM" "woo-product-attachment 2.1.8 Reflected.Cross-Site.Scripting MEDIUM" "woo-product-attachment 2.1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-shieldon 1.6.4 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "wp-affiliate-platform 6.5.2 Affiliate.Deletion.via.CSRF MEDIUM" "wp-affiliate-platform 6.5.1 Reflected.XSS.via.Banner.Editing HIGH" "wp-affiliate-platform 6.5.1 Reflected.XSS.via.Registration.Form HIGH" "wp-affiliate-platform 6.5.1 Stored.XSS.via.CSRF HIGH" "wp-affiliate-platform 6.5.1 POST.Reflected.XSS MEDIUM" "wp-affiliate-platform 6.5.1 Reflected.XSS.via.Affiliate.Editing HIGH" "wp-affiliate-platform 6.5.1 Reflected.XSS.via.Lead.Editing HIGH" "wp-affiliate-platform 6.5.1 Profile.Update.via.CSRF MEDIUM" "wp-affiliate-platform 6.4.0 Admin+.Stored.XSS LOW" "wp-affiliate-platform 6.4.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-affiliate-platform 6.4.0 Affiliate.Record.Deletion.via.CSRF MEDIUM" "wp-school-calendar-lite 3.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-from-email No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-bannerize No.known.fix 4.0.2.-.Authenticated.SQL.Injection HIGH" "wp-user-avatar 4.15.9 Contributor+.Stored.XSS MEDIUM" "wp-user-avatar 4.15.5 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wp-user-avatar 4.15.6 Contributor+.Stored.Cross-Site.Scripting.via.'reg-single-checkbox' MEDIUM" "wp-user-avatar 4.15.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wp-user-avatar 4.15.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.profilepress-edit-profile.Shortcode MEDIUM" "wp-user-avatar 4.15.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.[reg-select-role].Shortcode MEDIUM" "wp-user-avatar 4.15.0 Contributor+.Stored.XSS MEDIUM" "wp-user-avatar 4.15.0 Unauthenticated.Stored.XSS MEDIUM" "wp-user-avatar 4.15.0 Contributor+.Stored.XSS MEDIUM" "wp-user-avatar 4.14.4 Contributor+.Stored.XSS MEDIUM" "wp-user-avatar 4.13.3 Information.Disclosure.via.Debug.Log MEDIUM" "wp-user-avatar 4.13.2 Limited.Privilege.Escalation.via.'acceptable_defined_roles' HIGH" "wp-user-avatar 4.13.2 ProfilePress.<.4,13,2.Cross-Site.Request.Forgery.via.'admin_notice' MEDIUM" "wp-user-avatar 4.5.5 Reflected.XSS HIGH" "wp-user-avatar 4.5.5 Reflected.XSS HIGH" "wp-user-avatar 4.5.5 Contributor+.Stored.XSS MEDIUM" "wp-user-avatar 4.5.4 Admin+.Stored.XSS LOW" "wp-user-avatar 4.5.1 Admin+.Stored.Cross-Site.Scripting.via.Form.Settings LOW" "wp-user-avatar 4.5.1 Admin+.Stored.Cross-Site.Scripting LOW" "wp-user-avatar 3.2.3 Reflected.Cross-Site.Scripting HIGH" "wp-user-avatar 3.2.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-user-avatar 3.1.11 Unauthenticated.Cross-Site.Scripting.(XSS).in.tabbed.login/register.widget MEDIUM" "wp-user-avatar 3.1.11 Multiple.Vulnerabilities MEDIUM" "wp-user-avatar 3.1.8 Authenticated.Stored.XSS CRITICAL" "wp-user-avatar 3.1.4 3.1.3.-.Authenticated.Privilege.Escalation CRITICAL" "wp-user-avatar 3.1.4 3.1.3.-.Arbitrary.File.Upload.in.File.Uploader.Component CRITICAL" "wp-user-avatar 3.1.4 3.1.3.-.Unauthenticated.Privilege.Escalation CRITICAL" "wp-relevant-ads No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-relevant-ads No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-relevant-ads No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "wp2syslog No.known.fix Admin+.Stored.XSS LOW" "wordsurvey No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.sounding_title.Parameter MEDIUM" "wp-job-manager-resumes 2.2.0 Resume.Manager.<.2.2.0.-.Missing.Authorization MEDIUM" "wp-job-manager-resumes 2.2.0 Resume.Manager.<.2.2.0.-.Cross-Site.Request.Forgery MEDIUM" "wp-polls 2.76.0 IP.Validation.Bypass MEDIUM" "wp-polls 2.77.0 Subscriber+.Race.Condition MEDIUM" "wp-polls 2.73.1 Authenticated.Reflected.Cross-Site.Scripting.(XSS) CRITICAL" "wp-polls 2.72 SQL.Injection CRITICAL" "woo-inpost No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.File.Read.and.Delete CRITICAL" "woocommerce-brands 1.6.50 Cross-Site.Request.Forgery MEDIUM" "woocommerce-brands 1.6.46 Contributor+.Stored.XSS MEDIUM" "w3swoozoho 1.3.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wookit No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-2checkout-payment No.known.fix Missing.Authorization.via.sniff_ins MEDIUM" "wpoptin 1.2.7 Reflected.Cross-Site.Scripting MEDIUM" "wpoptin 1.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-opening-hours No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wpdiscuz 7.6.22 Unauthenticated.HTML.Injection MEDIUM" "wpdiscuz 7.6.19 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpdiscuz 7.6.16 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Uploaded.Image.Alternative.Text MEDIUM" "wpdiscuz 7.6.13 Admin+.Stored.XSS LOW" "wpdiscuz 7.6.12 Cross-Site.Request.Forgery MEDIUM" "wpdiscuz 7.6.12 Unauthenticated.Stored.XSS HIGH" "wpdiscuz 7.6.11 Unauthenticated.Content.Injection MEDIUM" "wpdiscuz 7.6.4 Author+.IDOR LOW" "wpdiscuz 7.6.11 Insufficient.Authorization.to.Comment.Submission.on.Deleted.Posts MEDIUM" "wpdiscuz 7.6.12 Missing.Authorization.in.AJAX.Actions MEDIUM" "wpdiscuz 7.6.6 Unauthenticated.SQL.Injection HIGH" "wpdiscuz 7.6.6 Unauthenticated.SQL.Injection HIGH" "wpdiscuz 7.6.4 Post.Rating.Increase/Decrease.iva.IDOR MEDIUM" "wpdiscuz 7.6.4 Unauthenticated.Data.Modification.via.IDOR MEDIUM" "wpdiscuz 7.5 wpDiscuz.7.4.2.-.Subscriber+.IDOR MEDIUM" "wpdiscuz 7.3.12 Sensitive.Information.Disclosure LOW" "wpdiscuz 7.3.4 Arbitrary.Comment.Addition/Edition/Deletion.via.CSRF MEDIUM" "wpdiscuz 7.3.2 wpDiscuz.<.7.3.2.-.Admin+.Stored.Cross-Site.Scripting LOW" "wpdiscuz 7.0.5 wpDiscuz.7.0.0.-.7.0.4.-.Unauthenticated.Arbitrary.File.Upload CRITICAL" "wpdiscuz 5.3.6 Unauthenticated.SQL.Injection CRITICAL" "woo-product-slider-and-carousel-with-category 2.8 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-ultimate-exporter 2.4.2 Unauthenticated.Information.Disclosure MEDIUM" "wp-ultimate-exporter 1.4.2 CSRF HIGH" "wp-ultimate-exporter 1.2 Unauthenticated.SQL.Injection CRITICAL" "wp-smart-export No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-smart-export No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "webapp-builder No.known.fix Unauthenticated.File.Upload CRITICAL" "woo-bulk-editor 1.1.4.2 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "woo-bulk-editor 1.1.4.4 Missing.Authorization MEDIUM" "woo-bulk-editor 1.1.4.3 Reflected.Cross-Site.Scripting MEDIUM" "woo-bulk-editor 1.1.4.1 Authenticated.(Shop.manager+).Stored.Cross-Site.Scripting.via.Plugin.Options MEDIUM" "woo-bulk-editor 1.1.4.1 Missing.Authorization.via.Several.Functions MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.3.2 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wp-special-textboxes 5.9.110 Admin+.Stored.Cross-Site.Scripting LOW" "wc-serial-numbers No.known.fix Missing.Authorization MEDIUM" "wc-serial-numbers 1.6.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "wpmarketplace No.known.fix Arbitrary.File.Upload HIGH" "woocommerce-pdf-invoices-packing-slips 3.8.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "woocommerce-pdf-invoices-packing-slips 3.8.1 Unauthenticated.Server-Side.Request.Forgery MEDIUM" "woocommerce-pdf-invoices-packing-slips 3.7.6 Shop.Manager+.SQL.Injection HIGH" "woocommerce-pdf-invoices-packing-slips 3.0.1 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-pdf-invoices-packing-slips 2.16.0 Reflected.Cross-Site.Scripting LOW" "woocommerce-pdf-invoices-packing-slips 2.15.0 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-pdf-invoices-packing-slips 2.10.5 Reflected.Cross-Site.Scripting HIGH" "woocommerce-pdf-invoices-packing-slips 2.0.13 XSS MEDIUM" "wp-custom-post-template No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-ulike 4.7.4 Admin+.Stored.XSS LOW" "wp-ulike 4.7.2.1 Subscriber+.Stored-XSS HIGH" "wp-ulike 4.7.1 Admin+.Stored.XSS LOW" "wp-ulike 4.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-ulike 2.7.0 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wp-ulike 4.7.0 Authenticated.(Contributor+).SQL.Injection.via.Shortcodes HIGH" "wp-ulike 4.6.9 Contributor+.Stored.Cross.Site.Scripting.via.Shortcode MEDIUM" "wp-ulike 4.6.5 Unauthenticated.Rating.Tampering.via.Race.Condition LOW" "wp-html-sitemap No.known.fix wp-html-sitemap.html.Sitemap.Deletion.CSRF MEDIUM" "wp-linkedin-auto-publish 8.12 Missing.Authorization MEDIUM" "wp-ds-blog-map No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "wp-terms-popup 2.6.1 Admin+.Stored.XSS LOW" "whatshelp-chat-button 1.8.10 Admin+.Stored.XSS LOW" "woo-billing-with-invoicexpress 3.0.3 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-contact-slider 2.4.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-contact-slider 2.4.8 Admin+.Stored.Cross-Site.Scripting LOW" "wp-contact-slider 2.4.7 Editor+.Stored.Cross-Site.Scripting LOW" "wp-contact-slider 2.4.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wadi-survey No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wadi-survey No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "widgetkit-for-elementor 2.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "widgetkit-for-elementor 2.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "widgetkit-for-elementor No.known.fix Missing.Authorization.to.Notice.Dismissal MEDIUM" "widgetkit-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Pricing.Widgets MEDIUM" "widgetkit-for-elementor 2.4.4 WidgetKit.<.2.4.4.-.Admin+.Stored.XSS LOW" "widgetkit-for-elementor 2.3.10 WidgetKit.<.2.3.10.-.Contributor+.Stored.XSS MEDIUM" "wordpress-users No.known.fix Settings.Update.via.CSRF MEDIUM" "wonderplugin-slider-lite 14.0 Reflected.Cross-Site.Scripting.via.'page' MEDIUM" "windsor-strava-athlete No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "windsor-strava-athlete No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-media-manager-lite 1.1.3 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wp-advanced-search 3.3.9 Settings.Update.via.CSRF MEDIUM" "wp-advanced-search 3.3.7 Authenticated.SQL.Injection HIGH" "wp-membership 1.5.7 Subscriber+.Privilege.Escalation CRITICAL" "wp-membership No.known.fix Multiple.Vulnerabilities MEDIUM" "woocommerce-payments 6.7.0 Unauthenticated.Order.Deletion.via.IDOR LOW" "woocommerce-payments 5.9.1 Shop.Manager+.SQLi MEDIUM" "woocommerce-payments 6.5.0 Contributor+.Cross-Site.Scripting MEDIUM" "woocommerce-payments 4.9.0 Subscription.Suspension/Activation.via.CSRF MEDIUM" "woocommerce-payments 4.5.1 Intent.Parameter.Tampering HIGH" "woocommerce-payments 5.6.2 Unauthenticated.Privilege.Escalation CRITICAL" "wp-smart-contracts 1.3.12 Author+.SQLi MEDIUM" "wp-sentry No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "woo-swatches-manager No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-ecommerce-shop-styling No.known.fix Unauthenticated.Dompdf.Local.File.Inclusion.(LFI) HIGH" "wp-sheet-editor-edd-downloads 1.0.61 Reflected.Cross-Site.Scripting MEDIUM" "wp-sheet-editor-edd-downloads 1.0.49 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-icommerce No.known.fix Authenticated.(contributor+).SQL.Injection HIGH" "wp-file-upload 4.24.9 Unauthenticated.Stored.Cross-Site.Scripting.via.SVG.File.Upload HIGH" "wp-file-upload 4.24.8 Missing.Authorization MEDIUM" "wp-file-upload 4.24.8 Unauthenticated.Stored.XSS HIGH" "wp-file-upload 4.24.8 Reflected.XSS HIGH" "wp-file-upload 4.24.8 Authenticated.(Contributor+).Directory.Traversal MEDIUM" "wp-file-upload 4.24.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-file-upload 4.24.1 Cross-Site.Request.Forgery MEDIUM" "wp-file-upload 4.23.3 Author+.Stored.Cross-Site.Scripting LOW" "wp-file-upload 4.19.2 Admin+.Stored.Cross-Site.Scripting MEDIUM" "wp-file-upload 4.19.2 Admin+.Path.Traversal MEDIUM" "wp-file-upload 4.16.3 Contributor+.Path.Traversal.to.RCE CRITICAL" "wp-file-upload 4.16.3 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-file-upload 4.16.3 Contributor+.Stored.Cross-Site.Scripting.via.Malicious.SVG MEDIUM" "wp-file-upload 4.13.0 Directory.Traversal.to.RCE CRITICAL" "wp-file-upload 4.3.4 Cross-Site.Scripting.(XSS) MEDIUM" "wp-file-upload 4.3.3 Security.Issue.in.Shortcodes MEDIUM" "wp-file-upload 3.9.0 Insufficient.File.Extension.Blacklisting HIGH" "wp-file-upload 3.4.1 Unauthenticated.Malicious.File.Upload HIGH" "wp-file-upload 3.0.0 Multiple.Vulnerabilities HIGH" "wp-file-upload 2.7.1 JS.File.Upload HIGH" "wc4bp-groups 1.1.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-users-exporter No.known.fix CSV.Injection MEDIUM" "wpfront-user-role-editor 4.1.0 Limited.Information.Exposure MEDIUM" "wpfront-user-role-editor 3.2.1.11184 Reflected.Cross-Site.Scripting MEDIUM" "wp-migration-duplicator 1.4.9 Missing.Authorization.to.Directory.Traversal MEDIUM" "wp-migration-duplicator 1.4.8 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "wp-migration-duplicator 1.4.5 Subscriber+.Stored.XSS HIGH" "wp-migration-duplicator 1.4.4 Subscriber+.Plugin.Settings.Update MEDIUM" "wp-migration-duplicator 1.4.2 Missing.Authorization.to.Settings.and.Schedule.Modification MEDIUM" "webcam-2way-videochat 5.2.8 Reflected.Cross-Site.Scripting HIGH" "webcam-2way-videochat 4.41.2 Cross-Site.Scripting.(XSS) MEDIUM" "wc-fields-factory 4.1.7 ShopManager+.SQLi MEDIUM" "wp-facebook-reviews 12.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-facebook-reviews 13.0 Admin+.Stored.XSS LOW" "wp-facebook-reviews 3.6 Reflected.Cross-Site.Scripting MEDIUM" "wp-facebook-reviews 12.2 Subscriber+.SQLi HIGH" "wp-facebook-reviews 11.0 Admin+.SQL.Injection MEDIUM" "wonderplugin-video-embed 1.8 Contributor+.Stored.XSS MEDIUM" "wp-gravity-forms-spreadsheets 1.1.1 Reflected.Cross-Site.Scripting HIGH" "wp-shamsi No.known.fix Subscriber+.Attachment.Deletion MEDIUM" "wp-shamsi 4.1.1 Unauthenticated.Arbitrary.Plugin.Deactivation MEDIUM" "wp-shamsi 4.2.0 Subscriber+.Settings.Update MEDIUM" "wp-plotly 1.0.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "webmaster-tools No.known.fix Admin+.Stored.XSS LOW" "webmaster-tools No.known.fix Settings.Update.to.Stored.XSS.via.CSRF HIGH" "wp-popup-builder 1.3.0 Subscriber+.Arbitrary.Popup.Deletion MEDIUM" "wp-popup-builder 1.2.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-githuber-md 1.16.3 Authenticated.(Author+).Arbitrary.File.Upload HIGH" "wpbits-addons-for-elementor 1.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "wpbits-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpbits-addons-for-elementor 1.3.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wcsm-search-merchandising No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wcsm-search-merchandising No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-google-places-review-slider 13.6 Admin+.Stored.XSS LOW" "wp-google-places-review-slider 12.6 Reflected.Cross-Site.Scripting MEDIUM" "wp-google-places-review-slider 11.8 Subscriber+.SQLi HIGH" "wp-google-places-review-slider 11.6 Admin+.Stored.XSS LOW" "wc-builder 1.0.19 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-page-post-widget-clone No.known.fix Missing.Authorization MEDIUM" "wordpress-simple-paypal-shopping-cart 4.7.2 Authenticated(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wordpress-simple-paypal-shopping-cart 4.6.4 Unauthenticated.PII.Disclosure MEDIUM" "wordpress-simple-paypal-shopping-cart 4.6.2 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-coder 3.5.1 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "wp-coder 2.5.6 Reflected.XSS MEDIUM" "wp-coder 2.5.4 Admin+.SQLi MEDIUM" "wp-coder 2.5.3 Code.Deletion.via.CSRF MEDIUM" "wp-coder 2.5.2 RFI.leading.to.RCE.via.CSRF HIGH" "wp-gallery-exporter No.known.fix Authenticated.(Administrator+).Arbitrary.File.Download LOW" "wholesale-market 2.2.1 Unauthenticated.Arbitrary.File.Download HIGH" "wp-donate 1.5 Unauthenticated.SQL.Injection HIGH" "woo-country-restrictions-advanced 1.14.3 Reflected.Cross-Site.Scripting MEDIUM" "woo-country-restrictions-advanced 1.13.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-extra-cost No.known.fix CSRF.Bypass MEDIUM" "wp-server-stats 1.7.8 Injected.Backdoor CRITICAL" "wp-server-stats 1.7.4 Cross-Site.Request.Forgery MEDIUM" "wp-server-stats 1.7.0 Admin+.Stored.Cross-Site.Scripting LOW" "whmpress No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "whmpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-store-toolkit 2.3.9 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-store-toolkit 2.3.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-store-toolkit 2.3.2 Reflected.Cross-Site.Scripting HIGH" "woocommerce-store-toolkit 1.5.8 Privilege.Escalation CRITICAL" "woocommerce-store-toolkit 1.5.7 Store.Toolkit.Plugin.<=.1.5.6.-.Privilege.Escalation CRITICAL" "wp-events-manager 2.2.0 Authenticated.(Subscriber+).Time-Based.SQL.Injection HIGH" "wp-mail-catcher 2.1.7 Cross-Site.Request.Forgery MEDIUM" "wp-mail-catcher 2.1.4 WP.Mail.Catcher.<.2.1.4.-.Admin+.SQLi MEDIUM" "wp-mail-catcher 2.1.3 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wordpress-popup No.known.fix Admin+.Stored.XSS LOW" "wordpress-popup 6.0.8.1 Unauthenticated.CSV.Injection HIGH" "woodiscuz-woocommerce-comments No.known.fix Cross-Site.Request.Forgery MEDIUM" "woodiscuz-woocommerce-comments No.known.fix Admin+.Stored.XSS LOW" "wp-recall 16.26.9 Insecure.Direct.Object.Reference.to.Unauthenticated.Arbitrary.Password.Update CRITICAL" "wp-recall 16.26.7 Unauthenticated.Payment.Deletion.via.delete_payment MEDIUM" "wp-recall 16.26.7 Cross-Site.Request.Forgery MEDIUM" "wp-recall 16.26.6 Authenticated.(Contributor+).SQL.Injection CRITICAL" "wp-recall 16.26.6 Unauthenticated.SQL.Injection CRITICAL" "wp-recall 16.26.6 Insecure.Direct.Object.Reference MEDIUM" "wp-recall 16.24.48 Reflected.Cross-Site.Scripting HIGH" "web-stat 1.4.1 API.Key.Disclosure HIGH" "woorewards 5.3.1 Missing.Authorization MEDIUM" "woocommerce-collections 1.7.0 Missing.Authorization.to.Unauthenticated.Arbitrary.Post/Page.Deletion MEDIUM" "woocommerce-collections 1.7.0 Unauthenticated.SQL.Injection CRITICAL" "ws-contact-form 1.3.8 Admin+.Stored.XSS LOW" "wp-crontrol 1.16.2 Remote.Code.Execution MEDIUM" "woo-product-finder 1.4.2 Reflected.Cross-Site.Scripting MEDIUM" "wp-post-block No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-ban 1.69.1 Admin+.Stored.XSS LOW" "wp-support-plus-responsive-ticket-system 9.1.2 Stored.XSS MEDIUM" "wp-support-plus-responsive-ticket-system 9.0.3 Multiple.Authenticated.SQL.Injection CRITICAL" "wp-support-plus-responsive-ticket-system 8.0.8 Remote.Code.Execution CRITICAL" "wp-support-plus-responsive-ticket-system 8.0.8 Remote.Code.Execution.(RCE) CRITICAL" "wp-support-plus-responsive-ticket-system 8.0.0 Privilege.Escalation CRITICAL" "wp-support-plus-responsive-ticket-system 8.0.0 WP.Support.Plus.Responsive.Ticket.System.<.8,0,0.–.Authenticated.SQL.Injection MEDIUM" "wpdbspringclean No.known.fix Reflected.XSS HIGH" "wp-infusionsoft-woocommerce 1.0.9 Reflected.Cross-Site.Scripting HIGH" "wptools 3.43 Subscriber+.Arbitrary.Plugin.Installation HIGH" "wp-aparat 2.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-all-import-pro 4.1.2 Multiple.Vulnerabilities CRITICAL" "wp-all-import-pro 4.1.1 RCE HIGH" "woo-product-table 3.1.2 Unauthenticated.Arbitrary.Function.Call CRITICAL" "wp-gdpr-compliance No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-gdpr-compliance 2.0.23 Subscriber+.Arbitrary.Options.Update HIGH" "wp-gdpr-compliance 2.0.8 Reflected.Cross-Site.Scripting MEDIUM" "wp-gdpr-compliance 1.5.6 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "wp-gdpr-compliance 1.4.3 Unauthenticated.Call.Any.Action.or.Update.Any.Option CRITICAL" "wordpress-social-login No.known.fix Contributor+.Stored.XSS MEDIUM" "wordpress-social-login No.known.fix Admin+.Stored.XSS LOW" "wordpress-social-login No.known.fix Reflected.XSS HIGH" "wp-gratify No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "widgets-for-sourceforge-reviews 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "wp-tools-divi-blog-carousel 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-tools-divi-blog-carousel 1.3.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-backitup No.known.fix Missing.Authorization MEDIUM" "wp-backitup No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-backitup No.known.fix Missing.Authorization MEDIUM" "wp-backitup 1.50 Unauthenticated.Sensitive.Data.Exposure HIGH" "wp-csv-exporter 1.3.7 CSV.Injection LOW" "wp-csv-exporter 1.3.7 Admin+.SQLi MEDIUM" "wp-simple-galleries No.known.fix Contributor+.PHP.Object.Injection HIGH" "wysija-newsletters 2.8.2 Spam.Vulnerability MEDIUM" "wp-better-emails No.known.fix Admin+.Stored.XSS LOW" "woo-custom-checkout-fields No.known.fix Reflected.Cross-Site.Scripting HIGH" "w3-total-cache 2.1.4 Reflected.XSS.in.Extensions.Page.(Attribute.Context) CRITICAL" "w3-total-cache 2.1.5 Reflected.XSS.in.Extensions.Page.(JS.Context) HIGH" "w3-total-cache 2.1.3 Authenticated.Stored.XSS MEDIUM" "w3-total-cache 0.9.7.4 Cryptographic.Signature.Bypass HIGH" "w3-total-cache 0.9.7.4 Blind.SSRF.and.RCE.via.phar HIGH" "w3-total-cache 0.9.7.4 Cross-Site.Scripting.(XSS) CRITICAL" "w3-total-cache 0.9.5 Information.Disclosure.Race.Condition HIGH" "woo-mailerlite 2.0.9 Missing.Authorization.via.Multiple.Functions MEDIUM" "woo-mailerlite 2.0.9 Cross-Site.Request.Forgery.via.Multiple.AJAX.Functions MEDIUM" "wp-ajax-contact-form No.known.fix Reflected.Cross-Site.Scripting HIGH" "wp-ajax-contact-form No.known.fix Arbitrary.Email.Deletion.via.CSRF MEDIUM" "woo-zoho 1.2.4 Reflected.Cross-Site.Scripting HIGH" "wp-email-capture 3.11 Unauthenticated.Email.Capture.Download MEDIUM" "wp-email-capture 3.10 Email.Captures.Update.via.CSRF MEDIUM" "wp-email-capture 3.10 Admin+.Stored.XSS LOW" "wp-change-email-sender 2.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-live-tv No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-live-tv No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wppageflip No.known.fix index.php.pageflipbook_language.Parameter.Traversal.Local.File.Inclusion CRITICAL" "woocustomizer 2.3.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-smart-preloader 1.15.1 Admin+.Stored.XSS LOW" "wp-category-posts-list No.known.fix Cross-Site.Request.Forgery.via.gen_set_page MEDIUM" "wp-category-posts-list No.known.fix Contributor+.Stored.XSS MEDIUM" "wpgform No.known.fix Admin+.Stored.XSS LOW" "wpgform 0.94 Eval.Injection HIGH" "wp-express-checkout 2.3.8 Unauthenticated.Price.Manipulation MEDIUM" "wp-express-checkout 2.2.9 Admin+.Stored.XSS LOW" "woo-smart-quick-view 4.0.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-abandoned-cart 5.16.2 Multiple.CSRF MEDIUM" "woocommerce-abandoned-cart 5.16.2 Missing.Authorization.via.multiple.AJAX.functions MEDIUM" "woocommerce-abandoned-cart 5.16.1 Improper.Authorization.via.wcal_delete_expired_used_coupon_code LOW" "woocommerce-abandoned-cart 5.16.1 Improper.Authorization.via.wcal_preview_emails LOW" "woocommerce-abandoned-cart 5.16.0 Admin+.Stored.XSS LOW" "woocommerce-abandoned-cart 5.15.0 Authentication.Bypass CRITICAL" "woocommerce-abandoned-cart 5.8.6 CSRF.Nonce.Bypasses MEDIUM" "woocommerce-abandoned-cart 5.8.3 Unauthenticated.SQL.Injection CRITICAL" "woocommerce-abandoned-cart 5.2.0 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "woocommerce-abandoned-cart 1.9 Authenticated.Blind.SQL.Injection CRITICAL" "wp-radio No.known.fix Missing.Authorization.via.multiple.AJAX.actions MEDIUM" "wp-radio No.known.fix Authenticated(Subscriber+).Stored.Cross-Site.Scripting.via.Settings MEDIUM" "wp-radio No.known.fix CSRF MEDIUM" "wp-radio No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-radio 3.1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "white-label-cms 2.7.5 Reflected.Cross-Site.Scripting MEDIUM" "white-label-cms 2.7.4 Missing.Authorization.to.Plugin.Settings.Reset MEDIUM" "white-label-cms 2.5 Admin+.PHP.Object.Injection LOW" "white-label-cms 2.2.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-gmappity-easy-google-maps No.known.fix Subscriber+.SQL.Injection HIGH" "wp-cookiechoise No.known.fix CSRF.to.Stored.Cross-Site.Scripting HIGH" "woo-variation-gallery 1.1.29 Authenticated.Stored.XSS MEDIUM" "wp-survey-plus No.known.fix Subscriber+.AJAX.Calls HIGH" "wp-full-stripe-free 7.0.18 Settings.Update.via.CSRF MEDIUM" "wp-full-stripe-free 7.0.6 Admin+.Stored.XSS LOW" "wp-full-stripe-free 7.0.6 Admin+.Stored.Cross-Site.Scripting MEDIUM" "woocommerce-shipping-gateway-per-product 2.3.3 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-shipping-gateway-per-product 2.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-warranty 2.3.0 Missing.Authorization MEDIUM" "woocommerce-warranty 2.3.0 Missing.Authorization MEDIUM" "woocommerce-warranty 2.1.7 Reflected.XSS HIGH" "wp-responsive-slider-with-lightbox 1.0.1 Arbitrary.File.Upload.via.CSRF HIGH" "wp-responsive-slider-with-lightbox No.known.fix Admin+.Stored.XSS MEDIUM" "wp-responsive-slider-with-lightbox 1.0.1 Image.Lightboxes.via.CSRF MEDIUM" "wp-custom-fields-search 1.2.35 Admin+.Stored.XSS LOW" "wp-custom-fields-search 1.0 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-dialog No.known.fix Authenticated.Stored.Cross-Site.Scripting LOW" "wpcomplete 2.9.5 Reflected.Cross-Site.Scripting HIGH" "woo-quick-reports No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-quick-reports No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-discord-invite 2.5.2 Admin+.Stored.Cross.Site.Scripting LOW" "wp-discord-invite 2.5.1 Arbitrary.Settings.Update.via.CSRF HIGH" "wp-discord-invite 2.5.1 Reflected.Cross-Site.Scripting.via.webhook MEDIUM" "wpvivid-backup-mainwp 0.9.34 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wpvivid-backup-mainwp 0.9.33 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-gateway-certification-de-facture-et-gestion-de-pdf-kiwiz No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "wp-curriculo-vitae No.known.fix Unauthenticated.Arbitrary.File.Upload.to.RCE CRITICAL" "wpvr 8.3.15 Unauthenticated.Plugin.Downgrade.leading.to.XSS HIGH" "wpvr 8.3.5 Reflected.XSS HIGH" "wpvr 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "wpvr 8.3.0 Subscriber+.Arbitrary.Tour.Update MEDIUM" "wpvr 8.2.9 Reflected.XSS HIGH" "wpvr 8.2.8 Subscriber+.Settings.Update MEDIUM" "wpvr 8.2.7 Contributor+.Stored.XSS MEDIUM" "web-stories 1.32 Author+.Auth.Bypass LOW" "web-stories 1.25.0 Subscriber+.Server.Side.Request.Forgery MEDIUM" "wp-smart-editor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-hide-security-enhancer 1.8 Reflected.Cross-Site.Scripting MEDIUM" "woo-order-export-lite 3.4.5 Shop.Manager+.Remote.Code.Execution CRITICAL" "woo-order-export-lite 3.3.3 Export.Files.via.CSRF MEDIUM" "woo-order-export-lite 3.3.2 Reflected.Cross-Site.Scripting MEDIUM" "woo-order-export-lite 3.1.8 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "woo-order-export-lite 3.1.4 Authenticated.Cross-Site.Scripting.(XSS) LOW" "woo-order-export-lite 1.5.5 CSV.Injection HIGH" "wp-private-content-plus No.known.fix Unauthenticated.Protected.Post.Access MEDIUM" "wp-private-content-plus 3.2 Cross-Site.Request.Forgery HIGH" "wp-private-content-plus 3.2 CSRF.Nonce.Bypass HIGH" "wp-private-content-plus 2.0 Unauthenticated.Options.Change HIGH" "wp-phone-message No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-phone-message No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-back-button No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-secure-maintainance 1.7 Admin+.Stored.XSS LOW" "wp-spell-check 9.18 Cross-Site.Request.Forgery MEDIUM" "wp-spell-check 9.13 Admin+.Stored.Cross-Site.Scripting LOW" "wp-spell-check 9.13 Ignored.Word.Deletion.via.CSRF MEDIUM" "wp-spell-check 9.3 Reflected.Cross-Site.Scripting HIGH" "wp-spell-check 7.1.10 Cross-Site.Request.Forgery.(CSRF) HIGH" "wc-venipak-shipping 1.19.6 Reflected.Cross-Site.Scripting.via.'venipak_labels_link' MEDIUM" "wpgenious-job-listing No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "woo-coupon-usage 5.12.8 Reflected.Cross-Site.Scripting MEDIUM" "woo-coupon-usage 5.5.1.3 Reflected.Cross-Site.Scripting MEDIUM" "woo-coupon-usage 5.4.4 Unauthenticated.Reflected.XSS HIGH" "woo-coupon-usage 5.4.6 Reflected.XSS HIGH" "woo-coupon-usage 4.16.4.5 Unauthenticated.Stored.XSS HIGH" "woo-coupon-usage 4.16.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-coupon-usage 4.11.3.4 Arbitrary.Referral.Visits.Deletion.via.CSRF MEDIUM" "woo-coupon-usage 4.11.0.2 Reflected.Cross-Site.Scripting HIGH" "wpvivid-backuprestore 0.9.106 Unauthenticated.Sensitive.Data.Exposure HIGH" "wpvivid-backuprestore 0.9.100 Admin+.PHAR.Deserialization HIGH" "wpvivid-backuprestore 0.9.69 Unauthenticated.SQLi.&.DoS HIGH" "wpvivid-backuprestore 0.9.95 Missing.Authorization MEDIUM" "wpvivid-backuprestore 0.9.92 WPvivid.<.0.9.92.-.Unauthenticated.Sensitive.Information.Exposure HIGH" "wpvivid-backuprestore 0.9.90 Admin+.Stored.XSS MEDIUM" "wpvivid-backuprestore 0.9.90 Admin+.Arbitrary.Directory.Deletion.via.Path.Traversal HIGH" "wpvivid-backuprestore 0.9.90 Admin+.Stored.XSS MEDIUM" "wpvivid-backuprestore 0.9.91 Missing.Authorization.via.'start_staging'.and.'get_staging_progress' HIGH" "wpvivid-backuprestore 0.9.77 Admin+.Arbitrary.File.Deletion MEDIUM" "wpvivid-backuprestore 0.9.76 Admin+.Arbitrary.File.Read MEDIUM" "wpvivid-backuprestore 0.9.75 Admin+.PHAR.Deserialization MEDIUM" "wpvivid-backuprestore 0.9.71 Admin+.Arbitrary.File.Download LOW" "wpvivid-backuprestore 0.9.70 Reflected.Cross-Site.Scripting MEDIUM" "wpvivid-backuprestore 0.9.69 Unauthenticated.Stored.Cross-Site.Scripting CRITICAL" "wpvivid-backuprestore 0.9.56 Reflected.Cross-Site.Scripting HIGH" "wp-responsive-video-gallery-with-lightbox 1.0.7 Authenticated.(Admin+).SQL.Injection CRITICAL" "wp-responsive-video-gallery-with-lightbox 1.0.1 Cross-Site.Request.Forgery MEDIUM" "wp-responsive-video-gallery-with-lightbox 1.0.23 Reflected.XSS HIGH" "w3s-cf7-zoho No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "w3s-cf7-zoho 2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "w3s-cf7-zoho 2.1.0 Reflected.Cross-Site.Scripting.(XSS) HIGH" "woo-wallet 1.5.5 Authenticated.(Subscriber+).SQL.Injection.via.'search[value]' HIGH" "woo-wallet 1.5.1 Authenticated.(Shop.Manager+).Stored.Cross-Site.Scripting MEDIUM" "woo-wallet 1.4.11 Missing.Authorization.to.Authenticated.(Subscriber+).User.Email.Export MEDIUM" "woo-wallet 1.4.4 For.WooCommerce.<.1.4.4.-.Subscriber+.Arbitrary.Wallet.Lock/Unlock.via.IDOR MEDIUM" "woo-wallet 1.4.0 Settings.Update.via.CSRF MEDIUM" "wechat-broadcast No.known.fix Local/Remote.File.Inclusion CRITICAL" "woo-gutenberg-products-block 11.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Featured.Image.alt.Attribute MEDIUM" "woo-gutenberg-products-block 5.5.1 Unauthenticated.SQL.Injection CRITICAL" "woo-gutenberg-products-block 3.7.1 Guest.Account.Creation MEDIUM" "wp-youtube-lyte 1.7.16 Authenticated.Stored.XSS MEDIUM" "wicked-folders 2.18.17 Subscriber+.Folder.Structure.Update MEDIUM" "wicked-folders 2.18.17 Folder.Structure.Update.via.CSRF MEDIUM" "wicked-folders 2.8.10 Subscriber+.SQL.Injection HIGH" "wp-dev-powers-display-screen-dimensions-to-admin No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "widget-extend-builtin-query 1.06 Reflected.Cross-Site.Scripting MEDIUM" "wp-plugin-manager 1.1.8 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "wp-link-bio No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-link-bio No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "website-article-monetization-by-magenet 1.0.12 Unauthenticated.Stored.XSS HIGH" "woo-product-carousel-slider-and-grid-ultimate 1.9.8 Authenticated(Contributor+).PHP.Object.Injection HIGH" "wp-hide-backed-notices 1.3.1 Missing.Authorization.to.Authenticated(Contributor+).Plugin.Settings.Modification MEDIUM" "wp-hide-backed-notices 1.3 Cross-Site.Request.Forgery MEDIUM" "woocommerce-pdf-vouchers 4.9.5 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "woocommerce-pdf-vouchers 4.9.5 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-pdf-vouchers 4.9.5 Missing.Authorization MEDIUM" "woocommerce-pdf-vouchers 4.9.4 PDF.Vouchers.<.4.9.4.-.Authentication.Bypass.to.Voucher.Vendor HIGH" "wp-post-columns No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wordpress-multisite-user-sync 2.1.2 Reflected.Cross-Site.Scripting MEDIUM" "wpeform-lite 1.6.5 Reflected.Cross-Site.Scripting MEDIUM" "wpeform-lite 1.6.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wordpress-gallery-transformation No.known.fix Blind.SQL.Injection CRITICAL" "woo-parcel-pro 1.6.12 Cross-Site.Request.Forgery MEDIUM" "woo-parcel-pro 1.6.12 Open.Redirect MEDIUM" "webp-express 0.14.8 Authenticated.Stored.XSS MEDIUM" "webp-express 0.14.11 Multiple.Issues HIGH" "wp-insurance 2.1.4 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "woocommerce-admin 2.6.4 Analytics.Report.Leaks MEDIUM" "wp-design-maps-places No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-subtitle 3.4.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wp-mail-bank 3.0.13 Reflected.Cross-Site.Scripting MEDIUM" "wp-image-zoooom 1.47 Local.File.Inclusion MEDIUM" "wp-duplicate-page 1.3 Admin+.Stored.Cross.Site.Scripting LOW" "wp-asset-clean-up 1.3.9.4 Missing.Authorization MEDIUM" "wp-asset-clean-up 1.3.5.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-asset-clean-up 1.3.8.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-asset-clean-up 1.3.8.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-asset-clean-up 1.3.8.5 Reflected.Cross-Site.Scripting.via.AJAX.Action HIGH" "wp-asset-clean-up 1.3.6.7 CSRF.&.XSS LOW" "wp-smart-import 1.1.0 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "wp-smart-import 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-smart-import 1.0.3 Reflected.Cross-Ste.Scripting MEDIUM" "wp-smart-import 1.0.1 Auhenticated.Server-side.Request.Forgery MEDIUM" "wp-showhide 1.05 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wpc-grouped-product 4.4.3 Missing.Authorization MEDIUM" "wp-google-analytics-events 2.8.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-popups-lite 2.2.0.2 Unauthenticated.Full.Path.Disclosure MEDIUM" "wp-popups-lite 2.1.5.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-popups-lite 2.1.5.1 Contributor+.Stored.XSS MEDIUM" "wp-popups-lite 2.1.4.9 Contributor+.Stored.XSS MEDIUM" "wp-popups-lite 2.1.4.8 Contributor+.Stored.XSS MEDIUM" "wp-chinese-conversion No.known.fix Reflected.XSS HIGH" "wplite No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "wp-free-ssl 1.2.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-armour-extended 1.32 Cross-Site.Request.Forgery MEDIUM" "wp-armour-extended 1.32 Reflected.Cross-Site.Scripting MEDIUM" "wpforo 2.3.5 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "wpforo 2.3.5 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "wpforo 2.3.4 Authenticated.(Contributor+).SQL.Injection CRITICAL" "wpforo 2.2.4 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wpforo 2.2.6 Subscriber+.Content.Injection MEDIUM" "wpforo 2.1.9 Reflected.Cross-Site.Scripting HIGH" "wpforo 2.1.8 Subscriber+.Arbitrary.File.Read,.Author+.PHAR.Deserialization,.and.Subscriber+.Server-Side.Request.Forgery.via.file_get_contents HIGH" "wpforo 2.0.6 Subscriber+.Forum.Post.Set.as.Private/Public.via.IDOR MEDIUM" "wpforo 2.1.0 Arbitrary.User.Deletion.via.CSRF HIGH" "wpforo 2.1.0 Subscriber+.Arbitrary.File.Upload CRITICAL" "wpforo 2.0.6 Subscriber+.Forum.Post.Set.as.Solved/Unsolved.via.IDOR MEDIUM" "wpforo 2.0.6 Topic.Deletion.via.CSRF MEDIUM" "wpforo 2.0.6 Cross-Site.Request.Forgery MEDIUM" "wpforo 1.9.7 Open.Redirect MEDIUM" "wpforo 1.7.0 Reflected.Cross-Site.Scripting.(XSS).via.s.Parameter HIGH" "wpforo 1.7.0 Reflected.Cross-Site.Scripting.(XSS).via.User.Agent MEDIUM" "wpforo 1.7.0 New.Users.Set.as.Admin.via.CSRF HIGH" "wpforo 1.7.0 Reflected.Cross-Site.Scripting.(XSS).via.langid.Parameter HIGH" "wpforo 1.5.2 Privilege.Escalation CRITICAL" "wpforo 1.4.12 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wpforo 1.4.11 Unauthenticated.SQL.Injection CRITICAL" "wp-pro-counter No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-pro-counter No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "websimon-tables No.known.fix Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "woocommerce-ajax-filters 1.5.4.7 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "wp-buddha-free-adwords No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-buddha-free-adwords No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "wpforms-user-registration 2.1.2 Missing.Authorization.to.Authenticated.(Contributor+).Privilege.Escalation HIGH" "wishlist-and-compare 1.0.5 Unauthorised.AJAX.call HIGH" "woo-checkout-for-digital-goods 3.7.1 Reflected.Cross-Site.Scripting MEDIUM" "woo-checkout-for-digital-goods 3.6.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-checkout-for-digital-goods 2.2 CSRF.to.Settings.Change MEDIUM" "wp-responsive-menu 3.1.7.1 Subscriber+.Settings.Update.to.Stored.XSS HIGH" "wp-fullcalendar 1.5 Unauthenticated.Arbitrary.Post.Access HIGH" "wps-team 2.8.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-rollback 1.2.3 Cross-Site.Scripting.(XSS).&.CSRF HIGH" "wp-counter-up 2.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-comment-fields 5.1 Missing.Authorization MEDIUM" "wp-comment-fields 5.1 Cross-Site.Request.Forgery MEDIUM" "wp-comment-fields 4.1 Admin+.Stored.Cross-Site.Scripting LOW" "wp-quicklatex 3.8.8 Admin+.Stored.XSS LOW" "wp-quicklatex 3.8.7 Admin+.Stored.XSS.in.Background.Color.field LOW" "wp-ultimate-review 2.3.0 Unauthenticated.Review.Restriction.Bypass MEDIUM" "wp-ultimate-review 2.3.0 Missing.Authorization MEDIUM" "wp-ultimate-review 2.3.0 Unauthenticated.Insecure.Direct.Object.Reference MEDIUM" "wp-ultimate-review No.known.fix IP.Spoofing MEDIUM" "wp-ultimate-review 2.3.1 Settings.Update.via.CSRF MEDIUM" "wp-ultimate-review 2.1.0 Admin+.Stored.XSS LOW" "wp-ultimate-review 2.1.0 Settings.Update.via.CSRF MEDIUM" "woo-conditional-payment-gateways 1.16.0 Reflected.Cross-Site.Scripting MEDIUM" "woo-conditional-payment-gateways 1.13.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wgauge No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wgauge No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-testimonial-widget No.known.fix Authenticated.(Admin+).SQL.Injection CRITICAL" "wp-testimonial-widget No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-testimonial-widget No.known.fix Missing.Authorization MEDIUM" "wp-worthy 1.7.0-0cde1c2 Cross-Site.Request.Forgery MEDIUM" "woo-availability-date No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "wp-experiments-free 9.0.1 Unauthenticated.SQLi HIGH" "wp-downloadmanager 1.68.7 Admin+.Stored.Cross-Site.Scripting LOW" "wp-downloadmanager 1.68.7 Reflected.Cross-Site.Scripting MEDIUM" "wp-downloadmanager 1.68.5 Server-Side.Request.Forgery.(SSRF) MEDIUM" "wp-like-button No.known.fix Missing.Authorization.via.crublabFBLBAjax LOW" "wp-like-button No.known.fix Button.Settings.Update.via.CSRF MEDIUM" "wp-like-button 1.6.4 Auth.Bypass MEDIUM" "wp-staging-pro 5.6.1 Backup.Duplicator.&.Migration.<.5.6.1.-.Cross-Site.Request.Forgery.to.Limited.Local.File.Inclusion HIGH" "wp-staging-pro 5.5.0 Sensitive.Information.Exposure.via.Log.File MEDIUM" "wp-staging-pro 5.4.0 Admin+.Stored.XSS LOW" "wp-staging-pro 5.1.3 Unauthenticated.Backup.Download HIGH" "weight-based-shipping-for-woocommerce 5.5.0 Settings.Update.via.CSRF MEDIUM" "wp-splashing-images 2.1.1 Authenticated.PHP.Object.Injection HIGH" "wp-splashing-images 2.1.1 Cross-Site.Scripting.(XSS) MEDIUM" "weekly-schedule 3.4.3 Authenticated.Stored.XSS MEDIUM" "wp-roadmap 1.0.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-ses 1.4.5 Stored.Cross-Site.Scripting.(XSS) HIGH" "wp-responsive-thumbnail-slider 1.0.1 Cross-Site.Request.Forgery.to.Mass.Slider.Deletion MEDIUM" "wp-responsive-thumbnail-slider 1.1.10 Reflected.XSS HIGH" "wp-responsive-thumbnail-slider 1.0.1 Authenticated.Shell.Upload.&.CSRF HIGH" "wp-responsive-thumbnail-slider 1.0.1 Stored.Cross-Site.Scripting.(XSS).&.CSRF HIGH" "woocommerce-pos 1.4.12 Insufficient.Verification.of.Data.Authenticity.to.Authenticated.(Customer+).Information.Disclosure MEDIUM" "wp-admin-ui-customize 1.5.13 Admin+.Stored.XSS LOW" "wp-categories-widget 2.3 Reflected.XSS HIGH" "wesecur-security No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "wp-slimstat 5.1.4 Subscriber+.Stored.XSS HIGH" "wp-slimstat 5.0.10 Contributor+.SQL.Injection MEDIUM" "wp-slimstat 5.0.9 Admin+.Stored.XSS LOW" "wp-slimstat 5.0.10 Contributor+.Stored.XSS MEDIUM" "wp-slimstat 5.0.5 Admin+.SQLi MEDIUM" "wp-slimstat 5.0.5 Reflected.XSS HIGH" "wp-slimstat 4.9.4 Subscriber+.SQL.Injection HIGH" "wp-slimstat 4.9.3.3 Subscriber+.SQL.Injection HIGH" "wp-slimstat 4.9.3 Unauthenticated.Stored.XSS HIGH" "wp-slimstat 4.8.4 CSRF.to.Stored.XSS.and.Setting.Updates MEDIUM" "wp-slimstat 4.8.1 Unauthenticated.Stored.XSS.from.Visitors MEDIUM" "wordpress-plugin-for-simple-google-adsense-insertion 2.1 Inject.ads.and.javascript.via.CSRF MEDIUM" "wp-zillow-review-slider 2.4 Admin+.Stored.Cross-Site.Scripting LOW" "wp-tools-gravity-forms-divi-module 7.1.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-tools-gravity-forms-divi-module 6.6.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "workscout-core 1.3.4 Authenticated.Stored.XSS.&.XFS HIGH" "wp-comment-designer-lite 2.0.4 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wp-reroute-email 1.4.8 Improper.Neutralization.of.Special.Elements.used.in.an.SQL.Command.('SQL.Injection') MEDIUM" "wp-reroute-email 1.4.8 Cross-Site.Request.Forgery HIGH" "woocommerce-superfaktura 1.40.4 Authenticated.(Subscriber+).Blind.Server-Side.Request.Forgery MEDIUM" "wp-advance-comment No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-advance-comment No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-advance-comment No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "woocommerce-upload-files 59.4 Unauthenticated.Arbitrary.File.Upload CRITICAL" "woo-inquiry No.known.fix Unauthenticated.SQL.Injection CRITICAL" "wp-foodbakery 2.2 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-html-mail 3.4.2 Test.Email.Sending.via.CSRF MEDIUM" "wp-html-mail 3.1.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-html-mail 3.1 Unprotected.REST-API.Endpoint MEDIUM" "wp-html-mail 3.0.8 CSRF.to.XSS MEDIUM" "woo-min-max-quantity-step-control-single 4.6 Reflected.XSS HIGH" "wp-dev-powers-element-selector-jquery-powers No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "windsor-strava-club No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wow-moodboard-lite No.known.fix Open.Redirect MEDIUM" "woo-myghpay-payment-gateway No.known.fix Reflected.Cross-Site.Scripting HIGH" "wp-lead-stream No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-lead-stream No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-sitemap-page 1.7.0 Admin+.Stored.Cross.Site.Scripting LOW" "woocommerce-checkout-manager 7.3.1 Missing.Authorization MEDIUM" "woocommerce-checkout-manager 5.5.7 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-checkout-manager 4.3 Arbitrary.File.Upload HIGH" "woocommerce-delivery-date No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "where-did-they-go-from-here 2.1.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-migrate-db-pro 2.6.11 Unauthenticated.PHP.Object.Injection CRITICAL" "wp-flybox No.known.fix CSRF MEDIUM" "wpqa 6.1.1 Contributor+.Stored.XSS MEDIUM" "wpqa 6.1.1 Arbitrary.Category.and.Tag.Follow/Unfollow.via.CSRF MEDIUM" "wpqa 5.9.3 Missing.validation.lead.to.functionality.abuse LOW" "wpqa 5.9 Follow/Unfollow.via.CSRF MEDIUM" "wpqa 5.7 Subscriber+.Private.Message.Disclosure.via.IDOR MEDIUM" "wpqa 5.5 Unauthenticated.Private.Message.Disclosure MEDIUM" "wpqa 5.4 Reflected.Cross-Site.Scripting MEDIUM" "wpqa 5.2 Subscriber+.Private.Message.Disclosure.via.IDOR MEDIUM" "wpqa 5.2 Subscriber+.Stored.Cross-Site.Scripting.via.Profile.fields MEDIUM" "wpqa 5.2 Subscriber+.Arbitrary.Profile.Picture.Deletion.via.IDOR MEDIUM" "wp-photo-text-slider-50 8.1 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "wp-simple-events No.known.fix Admin+.Cross.Site.Scripting MEDIUM" "wp-visited-countries-reloaded 3.1.1 Reflected.Cross-Site.Scripting HIGH" "woo-floating-cart-lite 2.7.4 Reflected.Cross-Site.Scripting MEDIUM" "woo-floating-cart-lite 2.6.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-cerber 9.5 IP.Protection.Bypass MEDIUM" "wp-cerber 9.2 Unauthenticated.Stored.XSS HIGH" "wp-cerber 9.3.3 User.Enumeration.Bypass.via.Rest.API LOW" "wp-cerber 9.1 Username.Enumeration.Bypass MEDIUM" "wp-cerber 8.9.6 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-cerber 8.9.3 Rest-API.Protection.Bypass MEDIUM" "wp-cerber 8.9.3 2FA.Authentication.Bypass MEDIUM" "wp-cerber 2.7 Unauthenticated.Stored.XSS MEDIUM" "wp-best-quiz No.known.fix Author+.Stored.XSS MEDIUM" "wp-font-awesome No.known.fix Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-font-awesome 1.7.9 Contributor+.Stored.XSS MEDIUM" "woocommerce-woocart-popup-lite No.known.fix Cross-Site.Request.Forgery MEDIUM" "wpgenealogy 0.1.5 Reflected.Cross-Site.Scripting MEDIUM" "wpgenealogy 0.1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-table-pixie 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "which-template-file 5.1.0 Reflected.XSS HIGH" "which-template-file 4.9 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woocommerce-es 2.1 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-es 2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-pay-per-post 3.1.11 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-pay-per-post 3.0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "welcome-email-editor 5.0.7 Cross-Site.Request.Forgery MEDIUM" "welcome-email-editor 5.0.7 Subscriber+.Email.Sending MEDIUM" "wpdeepl 2.4.1.2 Log.Pruning.via.CSRF MEDIUM" "wpdeepl 1.7.5 API.Key.Disclosure MEDIUM" "www-xml-sitemap-generator-org 2.0.4 Reflected.Cross-Site.Scripting MEDIUM" "wp-mapa-politico-spain 3.7.0 Authenticated.Stored.Cross-Site.Scripting LOW" "wpsite-follow-us-badges 3.1.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpsite_follow_us_badges.Shortcode MEDIUM" "woocommerce-menu-extension No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-megamenu 1.4.1 Subscriber+.Arbitrary.Post.Access MEDIUM" "wp-megamenu 1.4.0 Unauthenticated.Arbitrary.Post.Access HIGH" "wp-megamenu 1.4.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-user No.known.fix Unauthenticated.SQLi HIGH" "wp-user No.known.fix Admin+.Stored.XSS LOW" "wp-user 7.0 Reflected.Cross-Site.Scripting MEDIUM" "wpfront-scroll-top 2.0.6.07225 Admin+.Stored.XSS MEDIUM" "wp-sponsors No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-sponsors No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-calendar No.known.fix Contributor+.Stored.XSS MEDIUM" "wemanage-app-worker 1.2.3 Subscriber+.Arbitrary.File.Upload HIGH" "woocommerce-product-importer No.known.fix Product.Importer.<=.1.5.2.-.Reflected.Cross-Site.Scripting MEDIUM" "wp-charts No.known.fix Contributor+.Stored.XSS MEDIUM" "woocommerce-checkout-field-editor 1.7.5 Cross-Site.Request.Forgery MEDIUM" "woocommerce-checkout-field-editor 1.7.5 Checkout.Fields.Update.via.CSRF MEDIUM" "woocommerce-checkout-field-editor 1.7.5 Cross-Site.Request.Forgery.to.Checkout.Fields.Update MEDIUM" "wp2leads 3.2.8 Missing.Authorization MEDIUM" "woosms-sms-module-for-woocommerce 3.0.3 Missing.Authorization.via.Multiple.AJAX.Actions MEDIUM" "wpcal 0.9.5.9 Cross-Site.Request.Forgery MEDIUM" "wp-media-folder 5.7.3 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wp-media-folder 5.7.3 Missing.Authorization.to.Authenticated(Subscriber+).Plugin.settings.change MEDIUM" "wp-media-folder 5.7.3 Missing.Authorization.to.Authenticated(Subscriber+).Title.Modification MEDIUM" "wp-event-partners No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-event-partners No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-discounts-plus 3.4.5 Reflected.Cross-Site.Scripting HIGH" "wc-multishipping 2.3.8 Subscriber+.Arbitrary.Account.Credentials.Test MEDIUM" "wc-multishipping 2.3.6 Missing.Authorization.to.Log.Export MEDIUM" "wp-gotowebinar 15.8 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-gotowebinar 15.7 Missing.Authorization MEDIUM" "wp-gotowebinar 15.8 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wp-gotowebinar 15.1 Missing.Authorization MEDIUM" "wp-gotowebinar 14.46 Admin+.Stored.XSS LOW" "wp-visual-slidebox-builder No.known.fix Subscriber+.SQLi HIGH" "woo-advanced-product-size-chart 2.4.3.1 Reflected.Cross-Site.Scripting MEDIUM" "woo-advanced-product-size-chart 2.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-edit-menu 1.5.0 Unauthenticated.Arbitrary.Post.Deletion HIGH" "wp-edit-menu No.known.fix Arbitrary.Post.Deletion.via.CSRF MEDIUM" "whats-new-genarator No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-users-disable No.known.fix Unauthenticated.Settings.Update MEDIUM" "wd-facebook-feed 1.2.9 Reflected.XSS MEDIUM" "wd-facebook-feed 1.1.27 Authenticated.SQL.Injection MEDIUM" "wp-born-babies No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wp-cufon No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-all-export-pro 1.8.6 Remote.Code.Execution.via.CSRF CRITICAL" "wp-all-export-pro 1.8.6 Author+.PHAR.Deserialization.via.CSRF HIGH" "wp-all-export-pro 1.8.6 Admin+.RCE MEDIUM" "wp-all-export-pro 1.7.9 Authenticated.SQLi MEDIUM" "wp-all-export-pro 1.7.9 Authenticated.Code.Injection CRITICAL" "wp-security-hardening 1.2.2 Reflected.XSS.via.historyvalue HIGH" "wp-security-hardening 1.2.2 Reflected.XSS.via.URI MEDIUM" "wc-sms 2.7 Reflected.Cross-Site.Scripting MEDIUM" "woorousell 1.0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-help-scout 2.9.1 Unauthenticated.Arbitrary.File.Upload.leading.to.RCE CRITICAL" "wptf-image-gallery No.known.fix Remote.File.Download HIGH" "wp-video-lightbox 1.9.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.width.Parameter MEDIUM" "wp-video-lightbox 1.9.7 Contributor+.Stored.XSS MEDIUM" "wp-video-lightbox 1.9.6 Admin+.Stored.Cross-Site.Scripting LOW" "wp-video-lightbox 1.9.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-video-lightbox 1.9.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wp-table-manager 3.5.3 Contributor+.Stored.XSS MEDIUM" "wp-tweet-walls 1.0.4 Cross-Site.Request.Forgery MEDIUM" "wp-blog-and-widgets 2.3.1 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "woo-category-slider-grid 1.4.16 Missing.Authorization.via.notice.dismissal.functionality MEDIUM" "woo-social-login 2.7.6 Social.Login.<.2.7.6.-.Authentication.Bypass.to.Account.Takeover CRITICAL" "woo-social-login 2.7.4 Social.Login.<.2.7.4.-.Unauthenticated.Authentication.Bypass HIGH" "woo-social-login 2.7.4 Social.Login.<.2.7.4.-.Missing.Authorization.to.Unauthenticated.Privilege.Escalation CRITICAL" "woo-social-login 2.7.4 Social.Login.<.2.7.4.-.Unauthenticated.Privilege.Escalation.via.One-Time.Password HIGH" "woo-social-login 2.7.0 Unauthenticated.PHP.Object.Injection CRITICAL" "woo-social-login 2.6.3 Social.Login.<.2.6.3.-.Email.Verification.due.to.Insufficient.Randomness MEDIUM" "woo-social-login 2.6.3 Social.Login.<.2.6.3.-.Unauthenticated.PHP.Object.Injection CRITICAL" "woofunnels-aero-checkout 3.11.0 Subscriber+.Arbitrary.Plugin.Activation MEDIUM" "woofunnels-aero-checkout 3.11.0 Unauthenticated.Arbitrary.Content.Deletion MEDIUM" "woofunnels-aero-checkout 3.11.0 Subscriber+.Settings.Update MEDIUM" "wps-child-theme-generator 1.2 Path.Traversal CRITICAL" "wp-publications No.known.fix Local.File.Inclusion HIGH" "woocommerce-stock-manager 2.11.0 Cross-Site.Request.Forgery MEDIUM" "woocommerce-stock-manager 2.6.0 CSRF.to.Arbitrary.File.Upload HIGH" "wp-post-styling 1.3.1 Multiple.CSRF MEDIUM" "woo-discount-rules 2.4.2 Reflected.Cross-Site.Scripting MEDIUM" "woo-discount-rules 2.2.1 Multiple.Authorization.Bypass HIGH" "woo-discount-rules 2.1.0 Multiple.Vulnerabilities CRITICAL" "web-instant-messenger No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "widgets-for-alibaba-reviews 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "woocommerce-bulk-stock-management 2.2.34 Reflected.XSS HIGH" "wedocs 2.1.5 Missing.Authorization MEDIUM" "wpg-videos No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wc-product-author 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "wc-product-author 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-shoutbox-live-chat No.known.fix Unauthenticated.Stored.XSS HIGH" "wp-shoutbox-live-chat No.known.fix Unauthenticated.SQLi HIGH" "wp-login-and-logout-redirect 2.0 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "woo-paylate 1.5 Reflected.Cross-Site.Scripting MEDIUM" "woo-paylate 1.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-openagenda 1.9.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-fancybox 1.0.2 Authenticated.Stored.Cross-Site.Scripting LOW" "woo-product-feed-pro 13.3.2 Sensitive.Information.Exposure.via.Log.Files MEDIUM" "woo-product-feed-pro 13.2.6 Reflected.Cross-Site.Scripting MEDIUM" "woo-product-feed-pro 12.4.5 Multiple.CSRF MEDIUM" "woo-product-feed-pro 11.2.3 Reflected.Cross-Site.Scripting MEDIUM" "woo-product-feed-pro 11.0.7 Subscriber+.Settings.Update.to.Stored.XSS HIGH" "woo-thank-you-page-customizer 1.1.3 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "woo-thank-you-page-customizer 1.1.3 Missing.Authorization.to.Authenticated.(Subscriber+).Data.Export MEDIUM" "woo-thank-you-page-customizer 1.0.14 CSRF MEDIUM" "woocommerce-product-payments 3.2.8 Reflected.XSS HIGH" "woocommerce-product-payments 3.2.7 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-product-payments 3.1.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-graphql 1.14.6 Editor+.SSRF MEDIUM" "wp-graphql 1.3.6 Denial.of.Service HIGH" "wp-graphql 0.3.5 Improper.Access.Control MEDIUM" "wp-graphql 0.3.0 Multiple.Vulnerabilities CRITICAL" "wp-travel-blocks 3.6.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-repost No.known.fix Admin+.Stored.XSS LOW" "watu 3.4.1.2 Author+.Stored.XSS MEDIUM" "watu 3.4.1.1 Sensitive.Information.Disclosure MEDIUM" "watu 3.4.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "watu 3.3.9.3 Reflected.XSS HIGH" "watu 3.3.9.1 Reflected.XSS HIGH" "watu 3.3.8.1 Admin+.Stored.XSS LOW" "watu 3.3.8.2 Reflected.XSS HIGH" "watu 3.3.8.3 Admin+.Stored.XSS LOW" "watu 3.1.2.6 Reflected.XSS.via.question-form.html.php HIGH" "woo-extra-flat-rate 4.2.0 Reflected.Cross-Site.Scripting MEDIUM" "woo-extra-flat-rate 4.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-ultimate-post-grid 3.9.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpupg-text.Shortcode MEDIUM" "wp-widget-bundle No.known.fix Unauthencated.Reflected.XSS MEDIUM" "wp-widget-bundle No.known.fix Widget.Disable/Enable.via.CSRF MEDIUM" "wp-widget-bundle No.known.fix Admin+.Stored.XSS LOW" "wp-crm No.known.fix CSV.Injection LOW" "wp-super-cache 1.9 Unauthenticated.Cache.Poisoning MEDIUM" "wp-super-cache 1.7.3 Authenticated.Remote.Code.Execution HIGH" "wp-super-cache 1.7.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-super-cache 1.7.2 Authenticated.Remote.Code.Execution.(RCE) HIGH" "wp-super-cache 1.4.9 Cross-Site.Scripting.(XSS) MEDIUM" "wp-super-cache 1.4.5 PHP.Object.Injection HIGH" "wp-super-cache 1.4.3 Stored.Cross-Site.Scripting.(XSS) HIGH" "wp-super-cache 1.3.1 trunk/plugins/badbehaviour.php.URI.XSS MEDIUM" "wp-super-cache 1.3.1 trunk/plugins/domain-mapping.php.URI.XSS MEDIUM" "wp-super-cache 1.3.1 trunk/plugins/awaitingmoderation.php.URI.XSS MEDIUM" "wp-super-cache 1.3.1 trunk/wp-cache.php.wp_nonce_url.Function.URI.XSS MEDIUM" "wp-super-cache 1.3.1 trunk/plugins/searchengine.php.URI.XSS MEDIUM" "wp-super-cache 1.3.1 trunk/plugins/wptouch.php.URI.XSS MEDIUM" "wp-super-cache 1.3.2 Remote.Code.Execution HIGH" "wp-user-switch No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "wp-user-switch 1.0.3 Subscriber+.Authentication.Bypass HIGH" "wp-to-buffer 3.7.5 Reflected.Cross-Site.Scripting HIGH" "wp-display-users No.known.fix Authenticated.SQL.Injection MEDIUM" "wp-poll No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.via.form_data.Parameter HIGH" "wp-poll 3.3.78 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-poll 3.3.77 Information.Exposure MEDIUM" "woocommerce-mercadopago 7.6.2 7.6.1.-.Authenticated.(Subscriber+).Arbitrary.File.Download MEDIUM" "woocommerce-mercadopago 6.4.0 CSRF MEDIUM" "wp-upload-restriction 2.2.5 Missing.Access.Control.in.deleteCustomType MEDIUM" "wp-upload-restriction No.known.fix Authenticated.Stored.XSS MEDIUM" "wp-upload-restriction 2.2.5 Missing.Access.Control.in.getSelectedMimeTypesByRole MEDIUM" "wp-performance-score-booster 2.1 Settings.Change.via.CSRF MEDIUM" "wp-action-network 1.4.4 Admin+.SQLi MEDIUM" "wp-action-network 1.4.3 Reflected.Cross-Site.Scripting.via.'search' MEDIUM" "wp-social 3.0.1 Missing.Authorization.to.Unauthenticated.Social.Login/Share.Status.Update MEDIUM" "wpbulky-wp-bulk-edit-post-types 1.0.10 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "woo-product-category-discount 4.13 Missing.Authorization.via.wpcd_save_discount() MEDIUM" "woo-refund-and-exchange-lite 4.0.9 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-pdf-generator 1.2.3 Cross-Site.Request.Forgery MEDIUM" "woocommerce-product-recommendations 2.3.0 CSRF MEDIUM" "woocommerce-payu-paisa No.known.fix Price.Tampering MEDIUM" "wp-replicate-post 4.1 Contributor+.SQL.Injection MEDIUM" "wp-search-keyword-redirect No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-lister-for-amazon 2.6.17 Reflected.Cross-Site.Scripting MEDIUM" "wp-lister-for-amazon 2.6.12 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-lister-for-amazon 2.6.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-lister-for-amazon 2.4.4 Reflected.XSS HIGH" "wp-offers No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-offers 1.1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woosquare 4.3 Reflected.Cross-Site.Scripting MEDIUM" "woosquare 4.2.9 Reflected.Cross-Site.Scripting MEDIUM" "woosquare 4.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-disable-sitemap 1.1.6.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-disable-sitemap 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ws-bootstrap-vc No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-gpx-maps 1.7.06 Missing.Authorization MEDIUM" "wp-bing-search 2.6.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-bing-search 2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ws-form-pro 1.9.218 Unauthenticated.CSV.Injection MEDIUM" "ws-form-pro 1.8.176 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "ws-form-pro 1.8.176 Admin+.Stored.Cross-Site.Scripting LOW" "wp-instance-rename No.known.fix Arbitrary.File.Download MEDIUM" "wck-custom-fields-and-custom-post-types-creator 2.3.3 Admin+.Stored.XSS LOW" "wp-super-minify 1.6 Settings.Update.via.CSRF MEDIUM" "wordpress-mobile-pack No.known.fix Cross-Site.Request.Forgery MEDIUM" "wordpress-mobile-pack 2.1.3 Information.Disclosure HIGH" "wp-product-review 3.7.6 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "woo-add-to-cart-text-change 2.1 Add.to.cart.Text.Update.via.CSRF MEDIUM" "wp-crowdfunding 2.1.11 Missing.Authorization.to.Authenticated.(Subscriber+).to.Enable/Disable.Addons MEDIUM" "wp-crowdfunding 2.1.10 Admin+.Stored.XSS LOW" "wp-crowdfunding 2.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-crowdfunding 2.1.9 Reflected.XSS HIGH" "wp-crowdfunding 2.1.8 Admin+.Stored.XSS LOW" "wp-crowdfunding 2.1.7 Reflected.XSS HIGH" "wp-crowdfunding 2.1.6 Cross-Site.Request.Forgery MEDIUM" "wp-crowdfunding 2.1.5 Missing.Authorization.via.settings_reset MEDIUM" "wp-scraper 5.8.1 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "wp-scraper 5.8 Missing.Authorization.to.Arbitrary.Page/Post.Creation MEDIUM" "wha-wordsearch No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "wha-wordsearch No.known.fix Contributor+.Stored.XSS MEDIUM" "wpadcenter 2.5.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.ad_alignment.Attribute MEDIUM" "writersblok-ai 1.3.20 Reflected.Cross-Site.Scripting MEDIUM" "wpsimpletools-upload-limit No.known.fix Reflected.XSS HIGH" "wp-htaccess-control No.known.fix Admin+.Stored.XSS LOW" "wp-cloud-server 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-csv-to-database No.known.fix CSRF LOW" "wp-sms 6.9.4 Missing.Authorization MEDIUM" "wp-sms 6.5.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-sms 6.6.3 Cross-Site.Request.Forgery MEDIUM" "wp-sms 6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-sms 6.5.3 Reflected.Cross-Site.Scripting.via.'page' MEDIUM" "wp-sms 6.5.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wp-sms 6.5.1 Contributor+.SQLi.to.Reflected.XSS HIGH" "wp-sms 6.5.1 Cross-Site.Request.Forgery.to.Subscriber.Deletion MEDIUM" "wp-sms 6.2.0 User.Unsubscribe.via.CSRF MEDIUM" "wp-sms 6.1.5 Reflected.XSS HIGH" "wp-sms 6.0.4.1 Information.Disclosure.via.REST.API MEDIUM" "wp-sms 5.4.13 Authenticated.Stored.Cross-Site.Scripting LOW" "wp-sms 5.4.9.1 Reflected.Cross-Site.Scripting.(XSS) HIGH" "woocommerce-subscriptions 5.8.0 Missing.Authorization MEDIUM" "woocommerce-subscriptions 4.6.0 Subscription.Suspension/Activation.via.CSRF MEDIUM" "woocommerce-subscriptions 4.6.0 Cross-Site.Request.Forgery MEDIUM" "woocommerce-subscriptions 2.6.3 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "woocommerce-subscriptions 3.0.3 CSRF.to.Cancel/Re-Activate.Subscription LOW" "wise-chat 2.8.4 CSV.Injection HIGH" "wise-chat 2.7 Reverse.Tabnabbing MEDIUM" "wp-post-author 3.6.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-post-author 3.7.5 Missing.Authorization MEDIUM" "wp-post-author 3.6.5 Subscriber+.Rating.Manipulation MEDIUM" "wp-ticket 5.10.4 Admin+.Stored.Cross-Site.Scripting LOW" "wp-ticket 5.6.0 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wc-basic-slider 2.1.0 CSRF.Bypass MEDIUM" "woocommerce-gateway-gocardless 2.5.7 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "wp-facebook-review-showcase-lite 1.0.9 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wp-fevents-book No.known.fix Subscriber+.Stored.XSS HIGH" "wp-fevents-book No.known.fix Subscriber+.Arbitrary.Booking.Manipulation.via.IDOR MEDIUM" "wp-stripe-express 1.12.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-stripe-express 1.7.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-catalogue No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "web3-coin-gate No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-my-admin-bar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-my-admin-bar No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-testing No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "woo-tipdonation No.known.fix Shop.Manager+.Stored.XSS MEDIUM" "wpdevart-vertical-menu 1.5.9 Theme.Deletion.via.CSRF MEDIUM" "wpdevart-vertical-menu 1.5.9 Admin+.Stored.XSS LOW" "wp-limits No.known.fix Plugin's.Settings.Update.via.CSRF MEDIUM" "wsm-downloader No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "wsm-downloader No.known.fix Domain.Name.Restriction.Bypass LOW" "woocommerce-social-media-share-buttons No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "woocommerce-products-slider 1.13.42 Contributor+.Stored.XSS MEDIUM" "woocommerce-products-slider 1.13.22 Reflected.Cross-Site.Scripting.(XSS) HIGH" "wp-jump-menu No.known.fix Admin+.Stored.XSS LOW" "wp-database-error-manager No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-setup-wizard 1.0.8.2 Authenticated.(Subscriber+).Full.Database.Download MEDIUM" "wpaudio-mp3-player No.known.fix Contributor+.Stored.XSS MEDIUM" "wpformify No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpformify 1.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-get-personal-lite No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wc-captcha No.known.fix Admin+.Stored.XSS LOW" "wp-map-block 1.2.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "webba-booking-lite 5.0 Cross-Site.Request.Forgery MEDIUM" "webba-booking-lite 4.5.31 Reflected.Cross-Site.Scripting MEDIUM" "webba-booking-lite 4.2.22 Admin+.Stored.Cross-Site.Scripting LOW" "webba-booking-lite 4.2.18 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-scheduled-posts 5.1.4 Unauthenticated.Full.Path.Disclosure MEDIUM" "wp-scheduled-posts 5.0.9 Missing.Authorization MEDIUM" "wp-scheduled-posts 5.0.5 Contributor+.Arbitrary.Post.Update/Deletion LOW" "wp-cirrus No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "wp-custom-cursors No.known.fix Admin+.Stored.XSS LOW" "wp-custom-cursors 3.2 Admin+.SQLi MEDIUM" "wp-custom-cursors 3.2 Admin+.SQLi MEDIUM" "wp-custom-cursors 3.0.1 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "wp-custom-cursors 3.0.1 Arbitrary.Cursor.Deletion.via.CSRF MEDIUM" "wp-client-reports 1.0.23 Cross-Site.Request.Forgery MEDIUM" "wp-helper-lite 4.6.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-helper-lite 4.5.2 Cross-Site.Request.Forgery.via.whp_fields MEDIUM" "wp-helper-lite 4.3 Reflected.Cross-Site.Scripting HIGH" "wp-vk 1.3.4 Cross-Site.Request.Forgery.via.AJAX.actions MEDIUM" "wp-cloudflare-page-cache 4.7.6 Cross-Site.Request.Forgery MEDIUM" "woo-badge-designer-lite 1.1.1 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "woo-audio-preview 1.4.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "wc-gsheetconnector 1.3.12 Missing.Authorization MEDIUM" "wc-gsheetconnector 1.3.5 Reflected.Cross-Site.Scripting MEDIUM" "wc-gsheetconnector 1.3.6 Access.Code.Update.via.CSRF MEDIUM" "wc-gsheetconnector 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-webinarsystem 1.33.21 Cross-Site.Request.Forgery MEDIUM" "wp-webinarsystem 1.33.21 Cross-Site.Request.Forgery MEDIUM" "wp-webinarsystem 1.33.10 Reflected.Cross-Site.Scripting MEDIUM" "wp-total-hacks No.known.fix Subscriber+.Arbitrary.Options.Update.to.Stored.XSS HIGH" "weforms 1.6.24 Use.of.Polyfill.io MEDIUM" "weforms 1.6.21 Missing.Authorization MEDIUM" "weforms 1.6.22 Unauthenticated.Stored.Cross-Site.Scripting.via.Referer HIGH" "weforms 1.6.19 Missing.Authorization.via.export_form_entries MEDIUM" "weforms 1.6.18 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "weforms 1.6.14 Admin+.Stored.Cross-Site.Scripting LOW" "weforms 1.6.4 CSV.Injection MEDIUM" "wp-hr-manager 3.0.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-hr-manager 3.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-shipping-per-product 2.5.5 Missing.Authorization MEDIUM" "woo-vietnam-checkout 2.0.8 Authenticated.(Shop.manager+).Stored.Cross-Site.Scripting MEDIUM" "woo-vietnam-checkout 2.0.8 Admin+.Stored.Cross-Site.Scripting MEDIUM" "woo-vietnam-checkout 2.0.6 Unauthenticated.Stored.XSS HIGH" "woo-vietnam-checkout 2.0.5 Reflected.XSS HIGH" "wp-noexternallinks 4.3 Backdoored MEDIUM" "wp-championship 9.3 Multiple.CSRF MEDIUM" "wp-time-capsule 1.22.21 Authentication.Bypass.to.Account.Takeover CRITICAL" "wp-time-capsule 1.22.7 Reflected.Cross-Site.Scripting HIGH" "wp-time-capsule 1.21.16 Authentication.Bypass CRITICAL" "w-dalil No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "wp-d3 No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-d3 2.4.1 Cross-Site.Request.Forgery.(CSRF) HIGH" "wp-system-log No.known.fix Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "wp-live-chat-software-for-wordpress 4.5.16 Cross-Site.Request.Forgery MEDIUM" "woo-payment-gateway-for-piraeus-bank 1.7.0 Unauthenticated.SQL.Injection CRITICAL" "wpjam-basic 6.2.1.1 Contributor+.Stored.XSS MEDIUM" "wp-contacts-manager No.known.fix Unauthenticated.SQLi CRITICAL" "wp-business-intelligence-lite 1.6.3 SQL.Injection CRITICAL" "wp-to-hootsuite 1.3.9 Reflected.Cross-Site.Scripting HIGH" "wp-cfm 1.7.9 Cross-Site.Request.Forgery.via.multiple.AJAX.functions MEDIUM" "woowgallery 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "woowgallery 1.1.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-lister-amazon 0.9.6.36 jQueryFileTree.-.Unauthenticated.Path.Traversal MEDIUM" "webflow-pages No.known.fix Missing.Authorization MEDIUM" "wp-disable 1.5.17 Reflected.Cross-Site.Scripting MEDIUM" "wp24-domain-check 1.6.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-crm-system 3.2.9.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-front-end-profile 1.3.2 Unauthenticated.Privilege.Escalation CRITICAL" "wp-front-end-profile 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-front-end-profile 1.2.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-front-end-profile 1.2.2 CSRF.Check.Incorrectly.Implemented LOW" "wp-front-end-profile 0.2.2 Privilege.Escalation.&.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "woocommerce-abandoned-cart-pro 5.2.0 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "wp-symposium No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-e-commerce No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Creation MEDIUM" "wp-e-commerce No.known.fix Unauthenticated.SQL.Injection CRITICAL" "wordpress-notification-bar No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "woo-bookings-calendar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-csv No.known.fix Reflected.XSS.via.CSV.Import MEDIUM" "wp-email-users No.known.fix Subscriber+.SQL.Injection HIGH" "wp-event-manager 3.1.44 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'events'.Shortcode MEDIUM" "wp-event-manager 3.1.42 Reflected.Cross-Site.Scripting.via.plugin MEDIUM" "wp-event-manager 3.1.42 Editor+.Stored.XSS LOW" "wp-event-manager 3.1.43 Reflected.XSS HIGH" "wp-event-manager 3.1.38 Admin+.Stored.XSS MEDIUM" "wp-event-manager 3.1.28 Reflected.Cross-Site.Scripting MEDIUM" "wp-event-manager 3.1.23 Admin+.Stored.Cross-Site.Scripting LOW" "wp-seo-redirect-301 2.3.2 Redirect.Deletion.via.CSRF MEDIUM" "wen-responsive-columns 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-coupons-and-deals 3.1.19 Reflected.Cross-Site.Scripting MEDIUM" "wp-coupons-and-deals 3.1.12 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-reply-notify No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-tiles No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-tiles No.known.fix Contributor+.Stored.XSS HIGH" "wp-tiles No.known.fix Subscriber+.Draft/Private.Post.Title.Disclosure MEDIUM" "w4-post-list 2.4.6 Reflected.XSS HIGH" "w4-post-list 2.4.6 Contributor+.Stored.XSS MEDIUM" "w4-post-list 2.4.6 Subscriber+.Password.Protected.Post.Content.Disclosure MEDIUM" "w4-post-list 2.4.5 Contributor+.Stored.XSS MEDIUM" "wp-carousel-free 2.6.4 Authenticated.(Admin+).PHP.Object.Injection HIGH" "wp-carousel-free 2.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'sp_wp_carousel_shortcode' MEDIUM" "wp-carousel-free 2.5.3 Contributor+.Stored.XSS MEDIUM" "wpcodefactory-helper 1.7.1 .Reflected.Cross-Site.Scripting MEDIUM" "wpcodefactory-helper 1.5.3 Reflected.Cross-Site.Scripting HIGH" "widgets-reset No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-hotel-booking 2.1.1 Unauthenticated.SQL.Injection CRITICAL" "wp-hotel-booking 2.0.9.3 Missing.Authorization MEDIUM" "wp-hotel-booking 2.0.9.3 Improper.Authorization.on.Multiple.REST.API.Routes MEDIUM" "wp-hotel-booking 2.0.8 Subscriber+.Arbitrary.Post.Deletion MEDIUM" "wp-hotel-booking 2.0.8 Unauthenticated.SQLi HIGH" "wp-hotel-booking 2.0.9 Contributor+.Arbitrary.Post.Deletion MEDIUM" "wp-hotel-booking 2.0.1 Unauthenticated.Arbitrary.Settings.Update HIGH" "wp-hotel-booking 1.10.6 CSRF MEDIUM" "wp-hotel-booking 1.10.4 Unauthenticated.PHP.Object.Injection HIGH" "wp-hotel-booking 1.10.2 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "woocommerce-paypal-payments 2.0.5 Merchant.ID.Details.Update.via.CSRF MEDIUM" "wp-glossary No.known.fix Missing.Authorization MEDIUM" "wp-glossary No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-latest-posts 5.0.8 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "wp-latest-posts 3.7.5 XSS MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.3 Unauthenticated.Arbitrary.Shortcode.Execution CRITICAL" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.1 Missing.Authorization MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.2 Cross-Site.Request.Forgery MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.1 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.1 Reflected.XSS HIGH" "wp-meta-data-filter-and-taxonomy-filter 1.2.8 Arbitrary.Settings.Update.via.CSRF MEDIUM" "wp-header-images 2.0.1 Reflected.Cross-Site.Scripting HIGH" "wordpress-tabs-slides No.known.fix CSRF MEDIUM" "woocommerce-shipping-canada-post 2.8.4 Unauthenticated.Unauthorised.Action MEDIUM" "woocommerce-shipping-canada-post 2.8.4 Cross-Site.Request.Forgery MEDIUM" "wr-age-verification 2.0.0 Reflected.Cross-Site.Scripting.(XSS) HIGH" "waitlist-woocommerce 2.7.6 Reflected.Cross-Site.Scripting MEDIUM" "waitlist-woocommerce 2.6.1 Missing.Authorization MEDIUM" "waitlist-woocommerce 2.5.3 Settings.Reset.via.CSRF MEDIUM" "waitlist-woocommerce 2.5.1 Various.Versions.CSRF.to.Arbitrary.Options.Update HIGH" "wp-lister-for-ebay 3.6.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-lister-for-ebay 3.6.0 Authenticated.(Shop.Manager+).Arbitrary.File.Upload HIGH" "wp-lister-for-ebay 3.6.0 Authenticated.(Shop.Manager+).Stored.Cross-Site.Scripting MEDIUM" "wp-lister-for-ebay 3.5.8 Reflected.Cross-Site.Scripting.via.'s' MEDIUM" "wbcom-designs-buddypress-search No.known.fix Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "wp-better-permalinks 3.0.5 CSRF.allowing.Option.Update HIGH" "wp-auto-republish 1.5.6.1 Subscriber+.Settings.Update/Access MEDIUM" "wp-auto-republish 1.5.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-auto-republish 1.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpstickybar-sticky-bar-sticky-header No.known.fix Unauthenticated.SQLi HIGH" "wpstickybar-sticky-bar-sticky-header No.known.fix Reflected.XSS HIGH" "wupo-group-attributes 2.3.3 Reflected.Cross-Site.Scripting MEDIUM" "wupo-group-attributes 2.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-1-slider 1.3.0 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wpremote 4.65 Reflected.Cross-Site.Scripting MEDIUM" "wp-courses 3.2.4 Cross-Site.Request.Forgery MEDIUM" "wp-courses 3.2.4 Missing.Authorization MEDIUM" "wp-courses 3.2.4 Subscriber+.Arbitrary.Options.Update HIGH" "wp-courses 2.0.44 Authenticated.Stored.XSS.via.Video.Embed.Code LOW" "wp-courses 2.0.44 Reflected.Cross-Site.Scripting HIGH" "wp-courses 2.0.29 Broken.Access.Controls.leading.to.Courses.Content.Disclosure HIGH" "wp-t-wap No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-order-status-per-product No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-order-status-per-product No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wordlive-livecall-addon-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-user-merger 1.5.3 Admin+.SQLi.via.ID MEDIUM" "wp-user-merger 1.5.3 Admin+.SQLi.via.user_id MEDIUM" "wp-user-merger 1.5.3 Admin+.SQLi.via.wpsu_user_id MEDIUM" "wolfnet-idx-for-wordpress No.known.fix Admin+.Stored.XSS LOW" "widgets-on-pages 1.8.0 Reflected.Cross-Site.Scripting MEDIUM" "widgets-on-pages 1.8.0 Contributor+.Stored.XSS MEDIUM" "widgets-on-pages 1.6.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-product-reviews-shortcode 1.01.6 Missing.Authorization MEDIUM" "woo-product-reviews-shortcode 1.01.4 Cross-Site.Request.Forgery MEDIUM" "woo-product-reviews-shortcode 1.0.21 Reflected.Cross-Site.Scripting MEDIUM" "woo-product-reviews-shortcode 1.0.17 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-checkout-field-editor-pro 3.6.3 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "wp-mail-smtp 4.1.0 Admin+.SMTP.Password.Exposure LOW" "wp-dev-powers-acf-color-coded-field-types No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wsb-brands 1.2 Admin+.Stored.XSS LOW" "wp-post-modal No.known.fix Admin+.Stored.XSS LOW" "wp-reviews-plugin-for-google 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "wp-reviews-plugin-for-google 10.9.1 Arbitrary.Settings.Update.via.CSRF MEDIUM" "wp-reviews-plugin-for-google 9.8 Contributor+.Stored.XSS MEDIUM" "wp-client-logo-carousel No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-contact-form No.known.fix Cross-Site.Request.Forgery.via.wpcf_adminpage MEDIUM" "wp-backup-manager No.known.fix Reflected.XSS HIGH" "woo-bought-together 7.2.0 Missing.Authorization MEDIUM" "woo-bought-together 7.0.4 Missing.Authorization MEDIUM" "wpperformancetester No.known.fix Cross-Site.Request.Forgery MEDIUM" "wcc-seo-keyword-research No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wcc-seo-keyword-research No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wcfm-marketplace-rest-api 1.6.0 Subscriber+.Arbitrary.Orders.Item.And.Notes.Update MEDIUM" "wp-rest-filter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-rest-filter No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-permalink-manager 2.3.11 Unauthenticated.Local.File.Inclusion CRITICAL" "woo-permalink-manager 2.3.9 Reflected.Cross-Site.Scripting MEDIUM" "woo-permalink-manager 2.3.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-box-office 1.2.3 Missing.Authorization MEDIUM" "woocommerce-box-office 1.1.52 Unauthenticated.Ticket.Barcode.Update MEDIUM" "woocommerce-box-office 1.1.51 Contributor+.Stored.XSS MEDIUM" "wp-rocket 2.10.4 Local.File.Inclusion.(LFI) HIGH" "wp-facebook-messenger No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "woo-nmi-three-step No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-nmi-three-step No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-nmi-three-step No.known.fix CSRF.Bypass MEDIUM" "woo-product-tables 2.0.2 Unauthenticated.Remote.Code.Execution CRITICAL" "woo-product-tables 1.8.7 Cross-Site.Request.Forgery.via.saveGroup MEDIUM" "wp-image-slideshow 12.1 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "wc-product-customer-list 3.1.5 Reflected.Cross-Site.Scripting MEDIUM" "wc-product-customer-list 3.0.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-chained-products 2.12.0 Unauthenticated.Arbitrary.Options.Update.to.'no' MEDIUM" "wp-super-popup No.known.fix Admin+.Stored.XSS LOW" "wp-jobhunt 2.4 User.enumeration.&.Reset.password CRITICAL" "wp-with-spritz No.known.fix Unauthenticated.File.Inclusion CRITICAL" "wp-structured-data-schema 4.0.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-structured-data-schema 4.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-enviopack No.known.fix Reflected.Cross-Site.Scripting HIGH" "wp-soononline-page No.known.fix Cross-Site.Request.Forgery MEDIUM" "widget-settings-importexport No.known.fix Authenticated.Stored.XSS HIGH" "woo-producttables-pro 1.9.5 Unauthenticated.Arbitrary.SQL.Execution CRITICAL" "wp-copyprotect No.known.fix Settings.Update.via.CSRF MEDIUM" "world-travel-information No.known.fix Reflected.Cross-Site.Scripting HIGH" "wp-file-manager-pro 8.3.8 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wp-file-manager-pro 8.3.5 Directory.Traversal CRITICAL" "wp-file-manager-pro 8.3.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-file-manager-pro 8.3.5 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wp-emember 10.6.6 Authenticated.(Admin+).Arbitrary.File.Upload MEDIUM" "wplr-sync 6.4.1 Missing.Authorization MEDIUM" "wplr-sync 6.3.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "wpshopgermany-protectedshops 2.1 Admin+.Stored.XSS LOW" "website-testimonials 6.1.1 Reflected.Cross-Site.Scripting MEDIUM" "weebotlite No.known.fix Admin+.Stored.XSS LOW" "wp-s3-smart-upload 1.5.1 Missing.Authorization MEDIUM" "webmaster-tools-verification No.known.fix Unauthenticated.Arbitrary.Plugin.Deactivation HIGH" "wpbrutalai 2.06 Admin+.Stored.XSS LOW" "wpbrutalai 2.0.1 Admin+.Reflected.XSS HIGH" "wpbrutalai 2.0.0 SQL.Injection.via.CSRF HIGH" "woo-cart-abandonment-recovery 1.2.27 Templates/Abandoned.Orders.Deletion.via.CSRF MEDIUM" "wp-custom-field-for-gutenberg-editor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-custom-field-for-gutenberg-editor No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "weglot 4.2.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Block.Attributes MEDIUM" "weglot 1.9.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-ultimate-recipe 3.12.7 Authenticated.Stored.XSS MEDIUM" "wp-commentnavi 1.12.2 Admin+.Stored.XSS LOW" "wp-category-meta No.known.fix CSRF MEDIUM" "wp-lister-ebay 2.0.21 jQueryFileTree.-.Unauthenticated.Path.Traversal MEDIUM" "wp-editor 1.2.9.1 Authenticated.(Admin+).PHAR.Deserialization HIGH" "wp-editor 1.2.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-editor 1.2.8 Sensitive.Information.Exposure.via.log.file MEDIUM" "wp-editor 1.2.7 Authenticated.SQL.injection CRITICAL" "wp-editor 1.2.6.3 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "wp-editor 1.2.6 CSRF.&.Incorrect.Permissions CRITICAL" "woocommerce-composite-products 8.7.6 Reflected.XSS MEDIUM" "woocommerce-for-japan 2.6.5 Missing.Authorization MEDIUM" "woocommerce-for-japan 2.5.8 Reflected.XSS MEDIUM" "woocommerce-for-japan 2.5.5 Reflected.XSS HIGH" "woocommerce-anti-fraud 3.9 Unauthenticated.Order.Status.Manipulation MEDIUM" "wp-whatsapp-chat 6.0.5 Admin+.Stored.Cross-Site.Scripting LOW" "wp-email 2.69.1 Admin+.Stored.Cross-Site.Scripting LOW" "wp-email 2.69.0 Anti-Spam.Protection.Bypass.via.IP.Spoofing MEDIUM" "wp-email 2.69.0 Log.Deletion.via.CSRF MEDIUM" "wp-persistent-login 2.0.15 Reflected.Cross-Site.Scripting MEDIUM" "wp-persistent-login 2.0.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-backgrounds-lite No.known.fix CSRF.Bypass MEDIUM" "wp-social-widget 2.2.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "wp-social-widget 2.2.4 Contributor+.Stored.XSS MEDIUM" "wp-facebook-group No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-facebook-group No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-mobile-detector 3.6 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-codemirror-block 2.0.0 Contributor+.Stored.XSS MEDIUM" "woo-bulk-edit-products 1.8.3 Reflected.Cross-Site.Scripting MEDIUM" "woo-bulk-edit-products 1.7.13 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-social-sharing No.known.fix Admin+.Stored.XSS LOW" "wordpress-flash-uploader 3.1.3 Arbitrary.Comm&.Execution CRITICAL" "widgets-for-ebay-reviews 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "wp-maintenance 6.1.9.3 IP.Spoofing.to.Maintenance.Mode.Bypass MEDIUM" "wp-maintenance 6.1.7 Information.Exposure MEDIUM" "wp-maintenance 6.1.4 IP.Restriction.Bypass MEDIUM" "wp-maintenance 6.0.8 Admin+.Stored.Cross-Site.Scripting LOW" "wp-maintenance 6.0.6 Admin+.Stored.Cross-Site.Scripting LOW" "wp-maintenance 5.0.7 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting HIGH" "wp-page-duplicator No.known.fix Missing.Authorization.to.Unauthenticated.Post/Page.Duplication MEDIUM" "wp-multisite-content-copier 2.0.1 Reflected.Cross-Site.Scripting MEDIUM" "wptelegram-widget 2.1.28 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpzoom-elementor-addons 1.1.39 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Team.Members.Widget MEDIUM" "wpzoom-elementor-addons 1.1.38 Unauthenticated.Local.File.Inclusion CRITICAL" "wpzoom-elementor-addons 1.1.37 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Box.Widget MEDIUM" "wpzoom-elementor-addons 1.1.36 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "webwinkelkeur 3.25 Cross-Site.Request.Forgery MEDIUM" "wordpress-popular-posts 6.3.3 Contributor+.Stored.XSS MEDIUM" "wordpress-popular-posts 6.1.0 Unauthenticated.Views.Manipulation MEDIUM" "wordpress-popular-posts 6.0.0 Reflected.Cross-Site.Scripting MEDIUM" "wordpress-popular-posts 5.3.4 Admin+.Stored.Cross-Site.Scripting LOW" "wordpress-popular-posts 5.3.3 Authenticated.Code.Injection HIGH" "wordpress-popular-posts 5.3.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-favorite-posts No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-favorite-posts 1.6.6 Cross-Site.Scripting.(XSS) MEDIUM" "woozone No.known.fix Wordpress.Plugin.<=.14.0.10.-.Missing.Authorization MEDIUM" "woozone No.known.fix Wordpress.Plugin.<=.14.0.10.-.Unauthenticated.SQL.Injection CRITICAL" "woozone No.known.fix Missing.Authorization MEDIUM" "woozone No.known.fix Wordpress.Plugin.<=.14.0.10.-.Reflected.Cross-Site.Scripting MEDIUM" "woozone No.known.fix Wordpress.Plugin.<=.14.0.10.-.Authenticated.(Subscriber+).SQL.Injection CRITICAL" "woozone No.known.fix Wordpress.Plugin.<=.14.0.10.-.Authenticated.(Subscriber+).Privilege.Escalation HIGH" "wp-vr-view No.known.fix Outdated.VRView.Library.Used,.Leading.to.Reflected.XSS HIGH" "wrapper-link-elementor 1.0.5 Injected.Backdoor CRITICAL" "wp-mlm No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "wp-mlm No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "woo-esto 2.23.2 Settings.Update.via.CSRF MEDIUM" "wp-job-manager 2.3.0 Unauthenticated.Information.Exposure MEDIUM" "wp-job-manager 2.1.0 Cross-Site.Request.Forgery MEDIUM" "wp-job-manager 2.1.0 Unauthenticated.Job.Status.Update MEDIUM" "wp-job-manager 1.31.3 Phar.Deserialization MEDIUM" "wp-job-manager 1.29.3 Unauthenticated.Object.Injection CRITICAL" "wp-job-manager 1.26.2 Unauthenticated.Arbitrary.File.Upload HIGH" "wp-forms-puzzle-captcha No.known.fix Captcha.Bypass MEDIUM" "wp-forms-puzzle-captcha No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "wp-forms-puzzle-captcha No.known.fix CSRF MEDIUM" "wedevs-project-manager 2.6.9 Subscriber+.Stored.XSS HIGH" "wedevs-project-manager 2.6.8 Missing.Authorization MEDIUM" "wedevs-project-manager 2.6.1 Subscriber+.SQLi HIGH" "wedevs-project-manager 2.6.5 Subscriber+.Privilege.Escalation HIGH" "wedevs-project-manager 2.4.14 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "wedevs-project-manager 2.4.10 CSRF.Nonce.Bypasses MEDIUM" "wedevs-project-manager 2.4.1 Cross-Site.Request.Forgery MEDIUM" "wedevs-project-manager 2.4.1 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wp-lightbox-2 3.0.6.7 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "wp-lightbox-2 No.known.fix Admin+.Stored.XSS LOW" "wpcs-wp-custom-search No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-dbmanager 2.80.8 Admin+.Remote.Command.Execution MEDIUM" "wp-dbmanager 2.79.2 Arbitrary.File.Delete HIGH" "wptables No.known.fix Reflected.XSS HIGH" "wp-woo-commerce-sync-for-g-sheet No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-conditional-post-restrictions 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "wp-conditional-post-restrictions 1.2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wphobby-demo-import No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "widgets-for-zillow-reviews 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "woo-product-gallery-slider 2.2.9 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wp-captcha No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-captcha No.known.fix Captcha.Bypass MEDIUM" "wp-business-intelligence 1.6.3 SQL.Injection CRITICAL" "wp-table-reloaded No.known.fix Contributor+.Stored.XSS MEDIUM" "wp2speed No.known.fix Unauthenticated.Information.Exposure MEDIUM" "wp2speed No.known.fix Improper.Authorization.due.to.use.of.Hardcoded.Credentials MEDIUM" "wp-user-profile-avatar No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-user-profile-avatar 1.0.1 Author+.Avatar.Deletion/Update.via.IDOR LOW" "wp-user-profile-avatar 1.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "xt-woo-points-rewards 1.6.6 Reflected.Cross-Site.Scripting MEDIUM" "xt-woo-points-rewards 1.4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "xtremelocator No.known.fix Xtreme.Locator.Dealer.Locator.Plugin.1,5.–.Authenticated.SQL.Injection HIGH" "xml-for-google-merchant-center 3.0.2 Reflected.XSS HIGH" "xpro-elementor-addons 1.4.4.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.Grid.Widget MEDIUM" "xpro-elementor-addons 1.4.4.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "xpro-elementor-addons 1.4.3.2 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "xpro-elementor-addons 1.4.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "xpro-elementor-addons 1.4.3.1 Authenticated.(Admin+).Cross.Site.Scripting MEDIUM" "xpro-elementor-addons 1.4.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "xllentech-english-islamic-calendar 2.6.8 Authenticated.SQL.Injection MEDIUM" "xml-sitemap-feed 5.4.9 Unauthenticated.Local.File.Inclusion HIGH" "xcloner-backup-and-restore 4.7.4 Unauthenticated.Full.Path.Disclosure MEDIUM" "xcloner-backup-and-restore 4.3.6 Plugin.Settings.Reset MEDIUM" "xcloner-backup-and-restore 4.2.13 4.2.12.-.Unprotected.AJAX.Action CRITICAL" "xcloner-backup-and-restore 4.2.153 Cross-Site.Request.Forgery CRITICAL" "xcloner-backup-and-restore 3.1.5 Backup.and.Restore.<.3.1.5.-.Authenticated.Path.Traversal MEDIUM" "xcloner-backup-and-restore 3.1.3 Backup.and.Restore.3.1.2.-.XSS.&.Command.Execution MEDIUM" "xcloner-backup-and-restore 3.1.2 Backup.and.Restore.<.3.1.2.-.Multiple.Vulnerabilities.(RCE.&.LFI) HIGH" "xcloner-backup-and-restore 3.1.1 Backup.and.Restore.<.3.1.1.-.Multiple.Actions.CSRF HIGH" "xserver-migrator 1.6.2.1 Arbitrary.File.Upload.via.CSRF HIGH" "xo-liteslider 3.3.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "xorbin-digital-flash-clock No.known.fix Flash-based.XSS MEDIUM" "xserver-typesquare-webfonts 2.0.8 Missing.Authorization.via.typesquare_admin_init() MEDIUM" "x-forms-express No.known.fix Stored.Cross-Site.Scripting.(XSS) MEDIUM" "xforwoocommerce No.known.fix Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "xforwoocommerce 1.7.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "xili-tidy-tags 1.12.04 Cross-Site.Request.Forgery MEDIUM" "xo-security 1.5.3 XSS MEDIUM" "xt-woo-ajax-add-to-cart 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "xt-woo-ajax-add-to-cart 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "xo-event-calendar 2.3.7 Reflected.Cross-Site.Scripting HIGH" "xqueue-maileon 2.16.1 Admin+.Stored.XSS LOW" "xorbin-analog-flash-clock No.known.fix Flash-based.XSS MEDIUM" "xatkit-chatbot-connector 2.1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "xml-sitemaps-for-videos No.known.fix CSRF MEDIUM" "xt-woo-quick-view-lite 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "xt-woo-quick-view-lite 1.9.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "xpinner-lite No.known.fix Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "xt-woo-variation-swatches 1.8.8 Reflected.Cross-Site.Scripting MEDIUM" "xt-woo-variation-swatches 1.8.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "yith-woocommerce-stripe 2.0.2 Subscriber+.Settings.Update MEDIUM" "yuzo-related-post 5.12.94 Unauthenticated.Call.Any.Action.or.Update.Any.Option MEDIUM" "yith-woocommerce-zoom-magnifier 1.3.12 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-ajax-search 2.7.1 Contributor+.Stored.XSS MEDIUM" "yith-woocommerce-ajax-search 2.4.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "yith-woocommerce-ajax-search 1.7.1 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-recover-abandoned-cart 1.3.4 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-authorizenet-payment-gateway 1.1.13 Subscriber+.Settings.Update MEDIUM" "youtube-channel 3.23.0 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "youtube-channel 3.23.0 Admin+.Stored.XSS LOW" "youtube-embed 5.2.2 Contributor+.Stored.XSS MEDIUM" "youtube-embed 3.3.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "yawpp No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "yith-woocommerce-tab-manager 1.35.1 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "yith-custom-thank-you-page-for-woocommerce 1.1.8 Subscriber+.Settings.Update MEDIUM" "yith-infinite-scrolling 1.8.0 Cross-Site.Scripting.via.shortcode.ajax MEDIUM" "yet-another-related-posts-plugin No.known.fix Missing.Authorization MEDIUM" "yet-another-related-posts-plugin 5.30.10 Authenticated(Administrator+).Cross-Site.Scripting MEDIUM" "yet-another-related-posts-plugin 5.30.10 Admin+.Stored.XSS LOW" "yet-another-related-posts-plugin 5.30.4 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "yet-another-related-posts-plugin 5.30.3 Yet.Another.Related.Posts.Plugin.<.5.30.3.-.Subscriber+.SQLi HIGH" "yet-another-related-posts-plugin 5.30.5 Yet.Another.Related.Posts.Plugin.<.5.30.5.-.Subscriber+.LFI HIGH" "yet-another-related-posts-plugin 5.30.3 Yet.Another.Related.Posts.Plugin.<.5.30.3.-.Contributor+.Stored.XSS MEDIUM" "yith-woocommerce-badges-management 1.3.21 Subscriber+.Settings.Update MEDIUM" "youtube-widget-responsive 1.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "yith-custom-login 1.7.4 Reflected.Cross-Site.Scripting MEDIUM" "yith-custom-login 1.7.1 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "yotuwp-easy-youtube-embed 1.3.14 Unauthenticated.Local.File.Inclusion CRITICAL" "yotuwp-easy-youtube-embed 1.3.14 Authenticated.(Contributor+).Arbitrary.File.Inclusion.via.Shortcode MEDIUM" "yotuwp-easy-youtube-embed 1.3.13 Admin+.Stored.XSS LOW" "yith-woocommerce-affiliates 1.6.3 Subscriber+.Settings.Update MEDIUM" "yt-player 1.5.3 Reflected.Cross-Site.Scripting MEDIUM" "yt-player 1.5.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "yt-player 1.4 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "youtube-video-inserter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "yith-pre-order-for-woocommerce 1.2.1 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-bulk-product-editing 1.2.15 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-account-funds-premium 1.34.0 Missing.Authorization MEDIUM" "yith-woocommerce-product-add-ons 4.9.3 Unauthenticated.Content.Injection MEDIUM" "yith-woocommerce-product-add-ons 4.6.0 Unuathenticated.Cross-Site.Scripting MEDIUM" "yith-woocommerce-product-add-ons 4.3.1 Authenticated(Shop.Manager+).PHP.Object.Injection MEDIUM" "yith-woocommerce-product-add-ons 4.2.1 Missing.Authorization MEDIUM" "yith-woocommerce-product-add-ons 2.1.0 Reflected.Cross-Site.Scripting HIGH" "yith-woocommerce-product-add-ons 2.1.0 Authenticated.Local.File.Inclusion MEDIUM" "yith-woocommerce-product-add-ons 1.5.23 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-catalog-mode 2.16.1 Cross-Site.Scripting.via.shortcode.ajax MEDIUM" "yith-color-and-label-variations-for-woocommerce 1.8.13 Subscriber+.Settings.Update MEDIUM" "yaysmtp 2.4.6 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "yaysmtp 2.2.2 Admin+.Stored.Cross-Site.Scripting LOW" "yaysmtp 2.2.1 Subscriber+.Stored.Cross-Site.Scripting HIGH" "yaysmtp 2.2.1 Subscriber+.Logs.Disclosure MEDIUM" "yaysmtp 2.2.1 Subscriber+.SMTP.Credentials.Leak MEDIUM" "yith-product-size-charts-for-woocommerce 1.1.13 Subscriber+.Settings.Update MEDIUM" "yellow-yard 2.8.12 Contributor+.Stored.XSS MEDIUM" "yellow-yard 2.8.12 Reflected.Cross-Site.Scripting HIGH" "yds-support-ticket-system No.known.fix Cross-Site.Request.Forgery MEDIUM" "yatra 2.1.15 Admin+.Stored.XSS LOW" "yookassa 2.3.1 Subscriber+.Arbitrary.Settings.Update MEDIUM" "yookassa 2.3.1 Arbitrary.Settings.Update.via.CSRF MEDIUM" "yith-woocommerce-product-vendors 3.8.1 Reflected.Cross-Site.Scripting HIGH" "yith-woocommerce-product-vendors 3.4.1 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-cart-messages 1.4.5 Subscriber+.Settings.Update MEDIUM" "youtube-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "yith-woocommerce-multi-step-checkout 1.7.5 Subscriber+.Settings.Update MEDIUM" "yandexnews-feed-by-teplitsa No.known.fix Admin+.Stored.XSS LOW" "yith-maintenance-mode 1.4.0 Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "yith-maintenance-mode 1.3.8 Admin+.Stored.Cross-Site.Scripting LOW" "yith-maintenance-mode 1.2.0 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "yith-woocommerce-order-tracking 2.8.0 Cross-Site.Scripting.via.shortcode.ajax MEDIUM" "yith-woocommerce-order-tracking 1.2.11 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-product-bundles 1.1.17 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-pdf-invoice 1.2.13 Subscriber+.Settings.Update MEDIUM" "youtube-channel-gallery No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "youtube-showcase 3.4.0 Missing.Authorization.to.Arbitrary.Post/Page.Creation MEDIUM" "youtube-showcase 3.3.6 Settings.Update.via.CSRF MEDIUM" "youtube-speedload No.known.fix Cross-Site.Request.Forgery MEDIUM" "ymc-smart-filter 2.8.34 Cross-Site.Request.Forgery MEDIUM" "ymc-smart-filter 2.9.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "ymc-smart-filter 2.8.33 Unauthenticated.LFI CRITICAL" "yith-woocommerce-questions-and-answers 1.2.0 Subscriber+.Settings.Update MEDIUM" "youtube-embed-plus 11.8.2 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "youtube-playlist-player 4.6.8 Contributor+.Stored.XSS MEDIUM" "youtube-playlist-player 4.6.5 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "yith-woocommerce-ajax-navigation 5.2.0 Reflected.Cross-Site.Scripting MEDIUM" "yith-woocommerce-ajax-navigation 3.11.1 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "yml-for-yandex-market 4.2.4 Reflected.Cross-Site.Scripting MEDIUM" "yml-for-yandex-market 3.10.8 Reflected.XSS HIGH" "youzify-moderation No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "yith-woocommerce-points-and-rewards 1.3.6 Subscriber+.Settings.Update MEDIUM" "yourchannel 1.2.5 Multiple.CSRF MEDIUM" "yourchannel 1.2.6 Admin+.Stored.XSS LOW" "yourchannel 1.2.4 Unauthenticated.Settings.Reset MEDIUM" "yourchannel 1.2.2 Subscriber+.Stored.XSS HIGH" "yourchannel 1.2.3 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "yith-woocommerce-brands-add-on 1.3.7 Subscriber+.Settings.Update MEDIUM" "youzify 1.2.8 Missing.Authorization MEDIUM" "youzify 1.2.6 Authenticated.(Contributor+).SQL.Injection CRITICAL" "youzify 1.2.6 Authenticated.(Contributor+).SQL.Injection CRITICAL" "youzify 1.2.3 Insecure.Direct.Object.Reference MEDIUM" "youzify 1.2.2 Contributor+.Stored.XSS MEDIUM" "youzify 1.2.0 Unauthenticated.SQLi HIGH" "youzify 1.0.7 Stored.Cross-Site.Scripting.via.Biography HIGH" "yith-woocommerce-mailchimp 2.1.4 Subscriber+.Settings.Update MEDIUM" "yamaps No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "yamaps 0.6.26 Contributor+.Stored.XSS MEDIUM" "yellow-pencil-visual-theme-customizer 7.6.4 Reflected.Cross-Site.Scripting MEDIUM" "yellow-pencil-visual-theme-customizer 7.5.9 Admin+.Stored.XSS LOW" "yellow-pencil-visual-theme-customizer 7.5.4 Reflected.Cross-Site.Scripting HIGH" "yellow-pencil-visual-theme-customizer 7.2.1 Unauthenticated.Arbitrary.Options.Updates HIGH" "youtube-feeder No.known.fix CSRF.to.Stored.XSS HIGH" "yith-woocommerce-request-a-quote 1.6.4 Unauthorised.AJAX.call.via.CSRF MEDIUM" "yith-woocommerce-request-a-quote 1.4.9 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-added-to-cart-popup 1.3.13 Subscriber+.Settings.Update MEDIUM" "yet-another-stars-rating 3.4.4 Missing.Authorization.via.init MEDIUM" "yet-another-stars-rating 3.4.2 Reflected.Cross-Site.Scripting MEDIUM" "yet-another-stars-rating 3.1.3 Subscriber+.Stored.XSS HIGH" "yet-another-stars-rating 3.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "yet-another-stars-rating 3.0.0 Reflected.Cross-Site.Scripting MEDIUM" "yet-another-stars-rating 1.8.7 PHP.Object.Injection HIGH" "you-shang No.known.fix Authenticated.Stored.Cross-Site.Scripting LOW" "yith-desktop-notifications-for-woocommerce 1.2.8 Subscriber+.Settings.Update MEDIUM" "youforms-free-for-copecart No.known.fix Authenticated.Stored.Cross-Site.Scripting LOW" "yith-woocommerce-social-login 1.3.6 Subscriber+.Settings.Update MEDIUM" "yikes-inc-easy-custom-woocommerce-product-tabs 1.8.0 Admin+.Stored.XSS LOW" "yikes-inc-easy-custom-woocommerce-product-tabs 1.7.8 Unauthenticated.Toggle.Content.Setting.Update MEDIUM" "yikes-inc-easy-mailchimp-extender No.known.fix Missing.Authorization MEDIUM" "yikes-inc-easy-mailchimp-extender No.known.fix Sensitive.Information.Exposure.via.logfile HIGH" "yikes-inc-easy-mailchimp-extender 6.9.0 Admin+.Stored.Cross-Site.Scripting LOW" "yikes-inc-easy-mailchimp-extender 6.8.9 Reflected.XSS MEDIUM" "yikes-inc-easy-mailchimp-extender 6.8.8 Reflected.XSS HIGH" "yikes-inc-easy-mailchimp-extender 6.8.7 Contributor+.Stored.XSS MEDIUM" "yikes-inc-easy-mailchimp-extender 6.8.9 Admin+.Stored.XSS LOW" "yikes-inc-easy-mailchimp-extender 6.8.6 Reflected.Cross-Site.Scripting MEDIUM" "yikes-inc-easy-mailchimp-extender 6.6.3 Authenticated.Cross-Site.Scripting.(XSS) CRITICAL" "yatri-tools No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "yatri-tools 1.1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "yith-woocommerce-quick-view 1.21.1 Cross-Site.Scripting.via.shortcode.ajax MEDIUM" "yith-woocommerce-quick-view 1.3.15 Subscriber+.Settings.Update MEDIUM" "yummy-recipes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "youram-youtube-embed No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "yith-woocommerce-frequently-bought-together 1.2.11 Subscriber+.Settings.Update MEDIUM" "yotpo-reviews-for-woocommerce No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "yith-woocommerce-compare 2.38.0 Cross-Site.Request.Forgery MEDIUM" "yith-woocommerce-compare 2.20.1 Cross-Site.Scripting.via.shortcode.ajax MEDIUM" "yith-woocommerce-compare 2.3.15 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-best-sellers 1.1.13 Subscriber+.Settings.Update MEDIUM" "yith-essential-kit-for-woocommerce-1 2.35.0 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Plugin.Install,.Activation,.and.Deactivation MEDIUM" "yith-essential-kit-for-woocommerce-1 2.14.0 Cross-Site.Scripting.via.shortcode.ajax MEDIUM" "youtube-video-player 2.6.4 Admin+.Stored.XSS LOW" "youtube-video-player 2.3.9 Contributor+.Stored.XSS MEDIUM" "yandex-money-button No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "yandex-money-button No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "yandex-money-button 2.4.0 Reflected.Cross-Site.Scripting.(XSS) HIGH" "yop-poll 6.5.27 Unauthenticated.Vote.Manipulation.via.Race.Condition MEDIUM" "yop-poll 6.5.29 Reusable.Captcha.via.validateImage MEDIUM" "yop-poll 6.4.3 IP.Spoofing MEDIUM" "yop-poll 6.3.5 Author+.Stored.Cross-Site.Scripting MEDIUM" "yop-poll 6.3.1 Author+.Stored.Cross-Site.Scripting.via.Options.Module MEDIUM" "yop-poll 6.3.1 Author+.Stored.Cross-Site.Scripting.via.Preview.Module MEDIUM" "yop-poll 6.2.8 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "yop-poll 6.1.5 Authenticated.Stored.XSS LOW" "yop-poll 6.1.2 Reflected.Cross-Site.Scripting HIGH" "yop-poll 6.0.3 Cross-Site.Scripting.(XSS) MEDIUM" "yop-poll 5.8.1 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "yith-woocommerce-gift-cards-premium 3.20.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "yith-woocommerce-gift-cards-premium 3.3.1 RCE.via.Arbitrary.File.Upload CRITICAL" "yith-woocommerce-wishlist 3.33.0 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "yith-woocommerce-wishlist 3.15.0 Cross-Site.Scripting.via.shortcode.ajax MEDIUM" "yith-woocommerce-wishlist 2.2.14 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-subscription 1.3.6 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-gift-cards 4.13.0 Missing.Authorization.to.Unauthenticated.WooCommerce.Settings.Update MEDIUM" "yith-woocommerce-gift-cards 1.3.8 Subscriber+.Settings.Update MEDIUM" "yith-paypal-express-checkout-for-woocommerce 1.2.6 Subscriber+.Settings.Update MEDIUM" "yith-advanced-refund-system-for-woocommerce 1.0.12 Subscriber+.Settings.Update MEDIUM" "yesno 1.0.12 Authenticated.(contributor+).Blind.SQL.Injection HIGH" "yabp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "yoo-slider 2.2.0 Reflected.Cross-Site.Scripting HIGH" "yoo-slider 2.1.0 Arbitrary.Template.Import.via.CSRF MEDIUM" "yoo-slider 2.1.0 Arbitrary.Slider.Creation/Edition.via.CSRF MEDIUM" "yoo-slider 2.1.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "yoo-slider 2.1.0 Arbitrary.Slider.Duplication/Deletion.via.CSRF MEDIUM" "yayextra 1.3.8 Unauthenticated.Arbitrary.File.Upload.via.handle_upload_file.Function CRITICAL" "yada-wiki 3.4.1 Contributor+.Stored.XSS MEDIUM" "yith-woocommerce-waiting-list 1.3.11 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-advanced-reviews 1.4.0 Subscriber+.Settings.Update MEDIUM" "yumpu-epaper-publishing 3.0.0 Missing.Authorization.to.PDF.Upload,.Publishing,.and.API.Key.Modification MEDIUM" "zero-spam 5.5.7 Spam.Protection.Bypass MEDIUM" "zero-spam 5.4.5 Admin+.SQL.Injection MEDIUM" "zero-spam 5.2.11 Admin+.SQL.Injection MEDIUM" "zip-attachments 1.5 Arbitrary.File.Download HIGH" "zendesk-help-center 1.0.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "zynith-seo No.known.fix Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "zynith-seo No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Option.Deletion CRITICAL" "zynith-seo No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "zotpress 7.3.10 Authenticated.(Contributor+).Cross-Site.Scripting MEDIUM" "zotpress 7.3.8 Authenticated.(Contributor+).SQL.Injection CRITICAL" "zotpress 7.3.5 Reflected.XSS HIGH" "zotpress 7.3.4 Unauthenticated.Reflected.XSS HIGH" "zotpress 6.1.3 SQL.Injection CRITICAL" "zx-csv-upload No.known.fix ZX_CSV.Upload.1.–.Authenticated.SQL.Injection HIGH" "zip-codes-redirect 5.1.2 Reflected.Cross-Site.Scripting MEDIUM" "zip-codes-redirect 4.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "zm-ajax-login-register No.known.fix Unauthenticated.Authentication.Bypass CRITICAL" "z-url-preview 2.0.0 Cross-Site.Scripting.(XSS) MEDIUM" "zd-youtube-flv-player No.known.fix Server-Side.Request.Forgery HIGH" "zoho-campaigns 2.1.0 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "zoho-campaigns 2.0.8 Cross-Site.Request.Forgery.via.zcwc_integration_disconnect MEDIUM" "zoho-campaigns 2.0.8 Cross-Site.Request.Forgery.via.zcwc_optin_save MEDIUM" "zoho-campaigns 2.0.7 Authenticated.(Contributor+).SQL.Injection CRITICAL" "zoho-crm-forms 1.7.8.9 Reflected.Cross-Site.Scripting MEDIUM" "zoho-crm-forms 1.7.6.2 Subscriber+.Arbitrary.Options.Update HIGH" "zoho-crm-forms 1.7.2.9 Admin+.Stored.Cross-Site.Scripting LOW" "zoho-crm-forms 1.6.9.2 Authenticated.Cross.Site.Scripting.(XSS) MEDIUM" "zlick-paywall 2.2.2 CSRF.Bypasses LOW" "zoho-salesiq 1.0.9 XSS.&.CSRF HIGH" "zoho-marketinghub 1.2.8 Authenticated.(Contributor+).SQL.Injection CRITICAL" "ziteboard-online-whiteboard 3.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.ziteboard.Shortcode MEDIUM" "z-downloads 1.11.4 Authenticated.(Admin+).Arbitrary.File.Upload CRITICAL" "zita-site-library 1.6.2 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "zita-site-library 1.6.3 Missing.Authorization.to.Page.Creation.and.Options.Modification MEDIUM" "zero-bs-crm 5.5.1 Client+.XSS MEDIUM" "zero-bs-crm 5.5.1 CRM.Admin+.XSS LOW" "zero-bs-crm 5.4.0 PHAR.Deserialisation.via.CSRF HIGH" "zero-bs-crm 5.5.0 Admin+.Stored.XSS LOW" "zero-bs-crm 5.5 Contributor+.Stored.XSS MEDIUM" "zero-bs-crm 5.4.3 Admin+.Cross-Site.Scripting LOW" "zen-mobile-app-native No.known.fix Remote.File.Upload HIGH" "zephyr-project-manager 3.3.103 Missing.Authorization.to.Authenticated.(Subscriber+).Status.Updates MEDIUM" "zephyr-project-manager 3.3.103 Reflected.Cross-Site.Scripting MEDIUM" "zephyr-project-manager 3.3.101 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "zephyr-project-manager 3.3.102 Authenticated.(Subscriber+).Limited.Privilege.Escalation HIGH" "zephyr-project-manager 3.3.101 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.filename.Parameter MEDIUM" "zephyr-project-manager 3.3.100 Unauthenticated.Information.Exposure MEDIUM" "zephyr-project-manager 3.3.99 Editor+.XSS LOW" "zephyr-project-manager 3.3.99 Authenticated.(Subscriber+).Privilege.Escalation.via.User.Meta.Update HIGH" "zephyr-project-manager 3.3.94 Plugin.Data.Deletion.via.CSRF MEDIUM" "zephyr-project-manager 3.2.55 Unauthorised.AJAX.Calls.To.Stored.XSS HIGH" "zephyr-project-manager 3.2.5 Reflected.Cross-Site.Scripting MEDIUM" "zephyr-project-manager 3.2.5 Multiple.Unauthenticated.SQLi CRITICAL" "zephyr-project-manager 3.2.5 Unauthorised.REST.Calls.to.Stored.XSS HIGH" "zephyr-project-manager 3.2.41 Reflected.Cross-Site.Scripting MEDIUM" "zip-recipes No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "zip-recipes 8.1.1 Authenticated(Contributor+).SQL.Injection HIGH" "zip-recipes 8.0.8 Cross-Site.Request.Forgery MEDIUM" "zip-recipes 8.0.8 Multiple.CSRF MEDIUM" "zip-recipes 8.0.7 Reflected.XSS HIGH" "zoho-forms 3.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "zoho-forms 3.0.1 Contributor+.Stored.XSS MEDIUM" "zippy 1.6.10 Authenticated.(Editor+).Arbitrary.File.Upload HIGH" "zeno-font-resizer 1.8.0 Admin+.Stored.XSS LOW" "zionbuilder 3.6.10 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "zm-gallery No.known.fix ZM.Gallery.1,0.–.Authenticated.Blind.SQL.Injection HIGH" "zerobounce 1.0.12 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM") + releases_plugins=("012-ps-multi-languages 1.6" "1-click-close-store 1.1.0" "4ecps-webforms 0.2.18" "1-jquery-photo-gallery-slideshow-flash 1.11" "1-flash-gallery 1.9.0" "99fy-core 1.2.8" "3xsocializer 0.98.22" "1player 1.4" "5-anker-connect 1.3.1" "3dady-real-time-web-stats 1.0" "address-email-and-phone-validation 1.0.3" "a4-barcode-generator 3.4.10" "bzscore-live-score 1.6.0" "bulk-image-alt-text-with-yoast 2.0.2" "customize-login-image 3.5.3" "cryptocurrency-price-ticker-widget 2.8.2" "devbuddy-twitter-feed 4.0.0" "dpt-oauth-client 1.1.0" "easy-org-chart 3.1" "events-calendar-registration-booking-by-events-plus 1.9.2" "flattr 1.2.2" "giveaway 1.2.2" "how-to-wp 1.0.2" "images-lazyload-and-slideshow 3.4" "idbbee 1.0" "kimili-flash-embed 2.5.3" "kodo-qiniu 1.5.4" "live-news-lite 1.08" "my-tickets 2.0.4" "myeasybackup 1.0.11" "o2tweet 0.0.4" "premmerce-woocommerce-wholesale-pricing 1.1.10" "qtranslate-slug 1.1.18" "quickiebar 1.8.4" "relevanssi-live-ajax-search 2.5" "smart-cookie-kit 2.3.2" "smart-flv 1.0" "smooth-scrolling-links-ssl 1.1.0" "trustmate-io-integration-for-woocommerce 1.12.6" "topquark 2.1.3" "uploadcare 3.1.0" "ulisting 2.1.6" "vikbooking 1.7.0" "wp-custom-widget-area 1.2.5" "wpglobus-translate-options 2.2.0" "wpide 3.5.0" "xserver-migrator 1.6.5" "xcloner-backup-and-restore 4.7.5" "youtube-video-player 2.6.5" "zm-ajax-login-register 2.0.2") + vulns_plugins=("4ecps-webforms No.known.fix Admin+.Stored.XSS LOW" "99fy-core 1.2.8 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "3dady-real-time-web-stats No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "1-click-close-store No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "5-anker-connect 1.2.7 Reflected.Cross-Site.Scripting MEDIUM" "012-ps-multi-languages No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "404-to-start No.known.fix Admin+.Stored.XSS LOW" "404page 11.4.8 Reflected.Cross-Site.Scripting MEDIUM" "4k-icon-fonts-for-visual-composer No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "3xsocializer No.known.fix Subscriber+.SQLi MEDIUM" "10to8-online-booking 1.1.0 Contributor+.Stored.XSS MEDIUM" "5-stars-rating-funnel 1.3.02 Missing.Authorization MEDIUM" "5-stars-rating-funnel 1.3.02 Missing.Authorization MEDIUM" "5-stars-rating-funnel 1.2.63 Reflected.Cross-Site.Scripting MEDIUM" "5-stars-rating-funnel 1.2.53 Unauthenticated.SQLi HIGH" "5-stars-rating-funnel 1.2.54 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "3d-viewer 1.3.4 Reflected.Cross-Site.Scripting MEDIUM" "3d-viewer 1.2.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "3d-flipbook-dflip-lite 2.2.27 Contributor+.Stored.XSS MEDIUM" "3d-flipbook-dflip-lite 2.2.27 Contributor+.Stored.XSS MEDIUM" "3d-flipbook-dflip-lite 1.7.10 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "404-redirection-manager No.known.fix CSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "404-redirection-manager No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "3dprint-lite 1.9.1.6 Reflected.Cross-Site.Scripting HIGH" "3dprint-lite 1.9.1.5 Unauthenticated.Arbitrary.File.Upload CRITICAL" "59sec-lite-contact-form-7-push-notifications-on-ios-and-android No.known.fix Unauthenticated.Settings.Update MEDIUM" "404-solution 2.35.8 Admin+.SQL.Injection MEDIUM" "404-solution 2.33.1 Sensitive.Information.Exposure.via.Log.File MEDIUM" "404-solution 2.35.0 Admin+.SQLi MEDIUM" "404-solution 2.33.1 Sensitive.Information.Exposure MEDIUM" "12-step-meeting-list 3.14.34 Reflected.Cross-Site.Scripting MEDIUM" "12-step-meeting-list 3.14.29 Subscriber+.CSV.Download MEDIUM" "12-step-meeting-list 3.14.25 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "5280-bootstrap-modal-contact-form No.known.fix Cross-Site.Request.Forgery.to.Bulk.Delete.Messages MEDIUM" "2mb-autocode 1.2.5 Reflected.Cross-Site.Scripting MEDIUM" "3d-cover-carousel No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "123contactform-for-wordpress No.known.fix Unauthenticated.Arbitrary.Post.Creation HIGH" "123contactform-for-wordpress No.known.fix Validation.Bypass.via.Plugin.Verification MEDIUM" "123contactform-for-wordpress No.known.fix Unauthenticated.Arbitrary.File.Upload HIGH" "2j-slideshow No.known.fix Reflected.Cross-Site.Scripting.via.'post' MEDIUM" "2j-slideshow No.known.fix Contributor+.Stored.XSS MEDIUM" "2j-slideshow No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "123-chat-videochat No.known.fix Video.Chat.<=.1.3.1.-.Unauthenticated.Stored.Cross-Site.Scripting HIGH" "123-chat-videochat 1.3.1 Admin+.Stored.XSS LOW" "404-to-301 3.0.6 Reflected.Cross-Site.Scripting MEDIUM" "404-to-301 3.1.2 Reflected.Cross-Site.Scripting MEDIUM" "404-to-301 3.0.9 Logs.Deletion.via.CSRF MEDIUM" "404-to-301 3.0.8 Broken.Access.Control MEDIUM" "404-to-301 3.0.2 Subscriber+.Arbitrary.Option.Update CRITICAL" "404-to-301 2.3.1 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "3com-asesor-de-cookies No.known.fix Admin+.Stored.XSS LOW" "0mk-shortener No.known.fix Stored.XSS.via.CSRF HIGH" "0mk-shortener No.known.fix Admin+.Stored.XSS LOW" "99robots-header-footer-code-manager-pro 1.0.17 Reflected.Cross-Site.Scripting.via.message MEDIUM" "2kb-amazon-affiliates-store No.known.fix Reflected.XSS MEDIUM" "2kb-amazon-affiliates-store 2.1.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "1app-business-forms No.known.fix Author+.Stored.XSS MEDIUM" "360-product-rotation 1.4.8 Reflected.XSS MEDIUM" "360deg-javascript-viewer 1.7.13 Missing.Authorization.to.Plugin.Settings.Update MEDIUM" "360deg-javascript-viewer 1.7.12 Unauthenticated.Settings.Update MEDIUM" "360deg-javascript-viewer 1.5.3 Reflected.Cross-Site.Scripting MEDIUM" "3-word-address-validation-field 4.0.0 Admin+.Sensitive.Information.Disclosure LOW" "404s 3.5.1 Admin+.Stored.Cross-Site.Scripting LOW" "3dprint 3.5.6.9 Arbitrary.File.and.Directory.Deletion.via.CSRF HIGH" "3dprint 3.5.6.9 CSRF.to.arbitrary.file.downlad HIGH" "8-degree-notification-bar No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "anspress-question-answer 4.3.2 Editor+.Stored.XSS MEDIUM" "accesspress-instagram-feed 4.0.4 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "acf-to-rest-api 3.3.0 Unauthenticated.Arbitrary.wp_options.Disclosure MEDIUM" "asmember No.known.fix Admin+.Stored.XSS LOW" "advanced-coupons-for-woocommerce-free 4.5.0.1 Notice.Dismiss.via.CSRF MEDIUM" "advanced-sermons 3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-sermons 3.2 Reflected.Cross-Site.Scripting.via.s MEDIUM" "advanced-sermons 3.3 Reflected.Cross-Site.Scripting MEDIUM" "analytics-tracker 1.1.1 XSS MEDIUM" "ai-wp-writer 3.6.5.6 Missing.Authorization MEDIUM" "app-builder 4.3.4 Unauthenticated.Limited.SQL.Injection.via.app-builder-search MEDIUM" "app-builder 3.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode HIGH" "app-builder 3.8.8 Open.Redirection MEDIUM" "alpine-photo-tile-for-pinterest No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "ampedsense-adsense-split-tester 4.69 Reflected.XSS HIGH" "adsense-plugin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "adsense-plugin 1.44 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "aceide No.known.fix Authenticated.(admin+).Arbitrary.File.Access MEDIUM" "adminify 3.1.7 Authenticated(Administrator+).SQL.Injection MEDIUM" "adminify 3.1.6 Admin+.Stored.XSS LOW" "adminify 3.1.6 Admin+.Stored.XSS LOW" "adminify 3.1.4 Reflected.Cross-Site.Scripting MEDIUM" "adminify 2.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "astra-pro-sites 3.2.5 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "astra-pro-sites 3.2.6 Incorrect.Authorization MEDIUM" "allow-rel-and-html-in-author-bios No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "amp-extensions No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "accesspress-custom-css 2.0.2 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "activitypub 1.0.6 Unauthenticated.REST.API.Access MEDIUM" "activitypub 1.0.0 Subscriber+.Arbitrary.Post.Content.Disclosure MEDIUM" "activitypub 1.0.1 Contributor+.Stored.XSS MEDIUM" "activitypub 1.0.0 Subscriber+.Arbitrary.Post.Title.Disclosure MEDIUM" "activitypub 1.0.0 Contributor+.Stored.XSS MEDIUM" "app-ads-txt 1.1.7.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "animated-counters 1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "advanced-flamingo No.known.fix Cross-Site.Request.Forgery MEDIUM" "auto-install-free-ssl 3.6.0 Reflected.Cross-Site.Scripting MEDIUM" "accommodation-system No.known.fix Subscriber+.Unauthorised.Actions MEDIUM" "advanced-cf7-db 2.0.3 Missing.Authorization.to.Unauthenticated.Information.Disclosure MEDIUM" "advanced-cf7-db No.known.fix Sensitive.Information.Exposure MEDIUM" "advanced-cf7-db 1.8.8 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "advanced-cf7-db 1.8.7 Subscriber+.Arbitrary.File.Deletion HIGH" "advanced-cf7-db 1.7.1 SQL.Injection CRITICAL" "animated-svg 2.1.0 Reflected.Cross-Site.Scripting MEDIUM" "attributes-for-blocks 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.attributesForBlocks.Parameter MEDIUM" "amr-shortcode-any-widget No.known.fix Contributor+.Stored.XSS MEDIUM" "ap-mega-menu 3.0.8 Reflected.Cross-Site.Scripting MEDIUM" "ap-mega-menu 3.0.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "amazonjs No.known.fix Contributor+.Stored.XSS MEDIUM" "auto-hide-admin-bar 1.6.2 Admin+.Stored.XSS LOW" "additional-product-fields-for-woocommerce 1.2.105 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "addify-order-tracking-for-woocommerce 1.0.2 Multiple.CSRF MEDIUM" "author-avatars 2.1.22 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "author-avatars 2.1.19 Contributor+.Stored.XSS MEDIUM" "awesome-support 6.1.8 Missing.Authorization MEDIUM" "awesome-support 6.1.7 Insufficient.Authorization.via.wpas_can_delete_attachments() MEDIUM" "awesome-support 6.1.8 Missing.Authorization.via.wpas_get_users() MEDIUM" "awesome-support 6.1.8 Authenticated.(Subscriber+).SQL.Injection HIGH" "awesome-support 6.1.8 Missing.Authorization.via.editor_html() MEDIUM" "awesome-support 6.1.6 Missing.Authorization.via.wpas_load_reply_history MEDIUM" "awesome-support 6.1.6 Cross-Site.Request.Forgery MEDIUM" "awesome-support 6.1.8 Missing.Authorization MEDIUM" "awesome-support 6.1.11 Missing.Authorization MEDIUM" "awesome-support 6.1.5 Missing.Authorization.via.wpas_edit_reply_ajax() MEDIUM" "awesome-support 6.1.5 Cross-Site.Request.Forgery.via.wpas_edit_reply_ajax() MEDIUM" "awesome-support 6.1.5 Insufficient.permission.check.in.wpas_edit_reply MEDIUM" "awesome-support 6.1.5 Submitter+.Arbitrary.File.Deletion CRITICAL" "awesome-support 6.1.5 Reflected.Cross-Site.Scripting HIGH" "awesome-support 6.1.2 Subscriber+.Arbitrary.Exported.Tickets.Download MEDIUM" "awesome-support 6.0.8 Authenticated.Stored.XSS MEDIUM" "awesome-support 6.0.7 Reflected.Cross-Site.Scripting HIGH" "awesome-support 6.0.11 Reflected.Cross-Site.Scripting.(XSS) HIGH" "awesome-support 6.0.0 Stored.XSS.via.Ticket.Title MEDIUM" "awesome-support 3.1.7 XSS.&.Shortcodes.Allowed.in.Replies HIGH" "auto-translate No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Custom.Font MEDIUM" "audio-text No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "advanced-form-integration 1.89.6 Cross-Site.Request.Forgery MEDIUM" "advanced-form-integration 1.82.6 SQL.Injection.to.Reflected.Cross-Site.Scripting.via.integration_id MEDIUM" "advanced-form-integration 1.76.0 Authenticated(Administrator+).SQL.Injection MEDIUM" "advanced-form-integration 1.69.1 Reflected.Cross-Site.Scripting MEDIUM" "advanced-form-integration 1.63.0 Admin+.Stored.XSS LOW" "advanced-form-integration 1.49.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "auto-prune-posts 2.0.0 Post.Deletion.Settings.Update.via.CSRF MEDIUM" "addify-product-labels-and-stickers 1.1.0 Multiple.CSRF MEDIUM" "akismet-privacy-policies No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "alo-easymail 2.9.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "admin-bar-dashboard-control 1.2.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "auto-upload-images 3.3.1 Admin+.Stored.Cross-Site.Scripting LOW" "auto-upload-images 3.3.1 CSRF MEDIUM" "armember 6.7.1 Cross-Site.Request.Forgery.via.multiple.functions MEDIUM" "armember 5.6 Unauthenticated.Privilege.Escalation CRITICAL" "anywhere-elementor 1.2.8 Reflected.Cross-Site.Scripting MEDIUM" "anywhere-elementor 1.2.8 Freemius.API.Key.Disclosure MEDIUM" "anywhere-elementor 1.2.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "accessibility 1.0.7 Cross-Site.Request.Forgery MEDIUM" "accessibility 1.0.4 Admin+.Stored.XSS LOW" "ai-post-generator 3.4 Subscriber+.Posts.Read/Creation/Deletion MEDIUM" "animate-it 2.4.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "animate-it 2.3.6 XSS HIGH" "avenirsoft-directdownload No.known.fix Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "arkhe-blocks 2.23.0 Contributor+.Stored.XSS MEDIUM" "add-to-calendar-button 1.5.1 Contributor+.Stored.XSS MEDIUM" "automatic-post-categories No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "automatic-post-categories No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "accelerated-mobile-pages 1.0.97 Missing.Authorization MEDIUM" "accelerated-mobile-pages 1.0.97 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "accelerated-mobile-pages 1.0.93.2 Authenticated(Contributor+).Arbitrary.Post.Deletion.via.amppb_remove_saved_layout_data MEDIUM" "accelerated-mobile-pages 1.0.93 Unautenticated.Reflected.Cross-Site.Scripting MEDIUM" "accelerated-mobile-pages 1.0.92.1 Authenticated.(Contributor+).Cross-Site.Scripting.via.Shortcode MEDIUM" "accelerated-mobile-pages 1.0.89 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "accelerated-mobile-pages 1.0.77.33 Admin+.Stored.Cross-Site.Scripting LOW" "accelerated-mobile-pages 1.0.77.32 Admin+.Stored.Cross-Site.Scripting LOW" "accelerated-mobile-pages 0.9.97.21 Stored.XSS MEDIUM" "auto-featured-image-auto-generated 1.6.0 Reflected.Cross-Site.Scripting MEDIUM" "all-in-one-favicon 4.7 Multiple.Stored.Authenticated.XSS MEDIUM" "automail No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "automail 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "aco-product-labels-for-woocommerce 1.5.4 Authenticated.(Shop.manager+).Stored.Cross-Site.Scripting MEDIUM" "advanced-easy-shipping-for-wc-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "async-javascript 2.21.06.29 Authenticated.(admin+).Stored.XSS MEDIUM" "azan No.known.fix Stored.XSS.via.CSRF HIGH" "advanced-quiz No.known.fix Admin+.Stored.XSS.in.Quiz.Overview LOW" "advanced-quiz 1.0.3 Admin+.Stored.XSS LOW" "ap-contact-form 1.0.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "auto-more-tag No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "adsensei-b30 3.1.3 Reflected.Cross-Site.Scripting HIGH" "all-in-one-video-gallery 3.8.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Video.Shortcode MEDIUM" "all-in-one-video-gallery 3.7.0 Authenticated.(Contributor+).Local.File.Inclusion.via.aiovg_search_form.Shortcode HIGH" "all-in-one-video-gallery 3.6.5 Contributor+.Arbitrary.File.Upload.via.featured.image HIGH" "all-in-one-video-gallery 3.6.0 Missing.Authorization MEDIUM" "all-in-one-video-gallery 3.4.3 Reflected.Cross-Site.Scripting MEDIUM" "all-in-one-video-gallery 2.6.1 2.6.0.-.Unauthenticated.Arbitrary.File.Download.&.SSRF HIGH" "all-in-one-video-gallery 2.5.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "all-in-one-video-gallery 2.5.0 Admin+.Local.File.Inclusion LOW" "advanced-backgrounds 1.12.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.imageTag.Parameter MEDIUM" "ad-injection No.known.fix Admin+.Stored.Cross-Site.Scripting.&.RCE HIGH" "arconix-shortcodes 2.1.12 Missing.Authorization MEDIUM" "arconix-shortcodes 2.1.11 Missing.Authorization.to.Notice.Dismissal MEDIUM" "arconix-shortcodes 2.1.8 Contributor+.Stored.XSS MEDIUM" "alley-business-toolkit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "alley-business-toolkit 2.0.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advanced-product-labels-for-woocommerce 1.2.3.7 Reflected.Cross-Site.Scripting MEDIUM" "all-in-one-video-downloader No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "all-in-one-video-downloader No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advanced-most-recent-posts-mod No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "any-popup No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "any-popup No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "all-users-messenger No.known.fix Subscriber+.Message.Deletion.via.IDOR MEDIUM" "advanced-nocaptcha-recaptcha 7.0.6 Reflected.Cross-Site.Scripting MEDIUM" "advanced-nocaptcha-recaptcha 7.1.0 .Local.File.Inclusion.via.CSRF HIGH" "advanced-nocaptcha-recaptcha 7.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advanced-forms 1.9.3.3 Missing.Authorization.to.Unauthenticated.Form.Settings.Export MEDIUM" "advanced-forms 1.6.9 Subscriber+.Arbitrary.User.Email.Address.Update.via.IDOR HIGH" "awin-data-feed 1.8 Reflected.Cross-Site.Scripting MEDIUM" "awin-data-feed 1.8 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "advanced-youtube-channel-pagination No.known.fix Reflected.XSS HIGH" "amp-wp No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "ajax-add-to-cart-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ajax-add-to-cart-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "abcapp-creator No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "ajax-domain-checker No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "adstxt No.known.fix Settings.Update.via.CSRF MEDIUM" "attribute-stock-for-woocommerce 1.3.0 Reflected.Cross-Site.Scripting MEDIUM" "amazon-einzeltitellinks No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "ach-for-stripe-plaid No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "affiliate-links 2.7 Contributor+.Stored.XSS MEDIUM" "acf-engine No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "admin-word-count-column No.known.fix Unauthenticated.Arbitrary.File.Read MEDIUM" "acymailing 9.8.0 Authenticated.(Subscriber+).Arbitrary.File.Upload.via.acym_extractArchive.Function HIGH" "acymailing 8.6.3 Reflected.XSS HIGH" "acymailing 7.5.0 Open.Redirect MEDIUM" "alojapro-widget 1.1.16 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "atarim-visual-collaboration 4.0.2 Missing.Authorization.via.remove_feedbacktool_notice() MEDIUM" "atarim-visual-collaboration 4.0.3 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "atarim-visual-collaboration 4.0.1 Missing.Authorization MEDIUM" "atarim-visual-collaboration 3.32 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "atarim-visual-collaboration 3.31 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "atarim-visual-collaboration 3.30 Unauthenticated.Settings.Update,.Post.Deletion.etc HIGH" "atarim-visual-collaboration 3.13 Unauthenticated.Stored.XSS HIGH" "atarim-visual-collaboration 3.9.4 Admin+.Stored.XSS LOW" "advanced-post-list No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "addify-free-gifts-woocommerce 1.0.2 Multiple.CSRF MEDIUM" "add-local-avatar No.known.fix Cross-Site.Request.Forgery.via.manage_avatar_cache MEDIUM" "alter No.known.fix Cross-Site.Request.Forgery MEDIUM" "anywhere-flash-embed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "auto-featured-image-from-title No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ai-content-writing-assistant 1.1.7 CSRF MEDIUM" "advanced-dynamic-pricing-for-woocommerce 4.1.6 Settings.Import.via.CSRF MEDIUM" "advanced-dynamic-pricing-for-woocommerce 4.1.6 Rule.Type.Migration.via.CSRF MEDIUM" "advanced-dynamic-pricing-for-woocommerce 4.1.4 Settings.Update.via.CSRF MEDIUM" "auxin-elements 2.16.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Modern.Heading.and.Icon.Picker.Widgets MEDIUM" "auxin-elements 2.15.6 Contributor+.Stored.XSS.via.Accordion.Widget MEDIUM" "auxin-elements 2.15.8 Contributor+.Stored.XSS.via.aux_timeline.Shortcode MEDIUM" "auxin-elements 2.15.8 Contributor+.Stored.XSS.via.aux_gmaps.Shortcode MEDIUM" "auxin-elements 2.15.8 Contributor+.XSS.via.HTML.Element MEDIUM" "auxin-elements No.known.fix Subscriber+.PHP.Object.Injection HIGH" "auxin-elements 2.15.8 Contributor+.Stored.XSS.via.Custom.JS MEDIUM" "auxin-elements 2.15.8 Contributor+.Stored.XSS.via.title_tag MEDIUM" "auxin-elements 2.15.8 Subscriber+.Template.Import MEDIUM" "auxin-elements 2.15.5 Contributor+.Stored.XSS MEDIUM" "auxin-elements 2.15.0 Unauthenticated.Local.File.Inclusion CRITICAL" "auxin-elements 2.10.7 PHP.Objection.Injection MEDIUM" "auxin-elements 2.9.8 Reflected.Cross-Site-Scripting MEDIUM" "augmented-reality No.known.fix Unauthenticated.PHP.File.Upload.leading.to.RCE CRITICAL" "alphabetic-pagination 3.0.8 Unauthenticated.Arbitrary.Option.Update CRITICAL" "auto-featured-image No.known.fix Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "addify-image-watermark-for-woocommerce 1.0.1 Multiple.CSRF MEDIUM" "access-category-password No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "affiliates-manager 2.9.35 Cross-Site.Request.Forgery MEDIUM" "affiliates-manager 2.9.32 Cross-Site.Request.Forgery.via.multiple.AJAX.actions MEDIUM" "affiliates-manager 2.9.31 Sensitive.Information.Exposure.via.Log.File MEDIUM" "affiliates-manager 2.9.21 Cross-Site.Request.Forgery MEDIUM" "affiliates-manager 2.9.14 Arbitrary.Affiliates.&.Creatives.Deletion.via.CSRF MEDIUM" "affiliates-manager 2.9.14 Affiliate.CSV.Injection MEDIUM" "affiliates-manager 2.9.14 Reflected.Cross-Site.Scripting MEDIUM" "affiliates-manager 2.9.14 Admin+.Stored.Cross-Site.Scripting LOW" "affiliates-manager 2.9.0 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "affiliates-manager 2.8.7 Admin+.SQL.injection MEDIUM" "affiliates-manager 2.7.8 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "affiliates-manager 2.6.6 CRSF.Issues MEDIUM" "altos-connect No.known.fix Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "amazing-hover-effects No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "availability-calendar No.known.fix Cross-Site.Request.Forgery.via.add_availability_calendar_create_admin_page() MEDIUM" "availability-calendar 1.2.1 Authenticated.SQL.Injection HIGH" "availability-calendar 1.2.2 Authenticated.Stored.Cross-Site.Scripting LOW" "alpine-photo-tile-for-instagram No.known.fix Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "admin-columns-pro 5.5.1 Admin+.Stored.XSS.in.Label LOW" "admin-columns-pro 5.5.2 Authenticated.Stored.Cross-Site.Scripting.(XSS).in.Custom.Field MEDIUM" "ays-chatgpt-assistant 2.1.0 Unauthenticated.AJAX.Calls MEDIUM" "ays-chatgpt-assistant 2.1.0 Unauthenticated.OpenAI.Key.Disclosure HIGH" "add-from-server No.known.fix Authenticated.Path.Traversal.to.Arbitrary.File.Access HIGH" "add-from-server 3.3.2 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "auxin-shop No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "automatic-pages-for-privacy-policy-terms-about-and-contact 1.42 Reflected.Cross-Site.Scripting MEDIUM" "addify-custom-order-number 1.2.0 Multiple.CSRF MEDIUM" "automatically-hierarchic-categories-in-menu 2.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "an-gradebook No.known.fix Subscriber+.SQLi HIGH" "an-gradebook No.known.fix Admin+.XSS LOW" "auth0 4.6.1 Reflected.Cross-Site.Scripting.via.wle MEDIUM" "auth0 4.0.0 Multiple.Vulnerabilities CRITICAL" "auth0 3.11.3 Unauthenticated.Reflected.XSS.via.wle.Parameter MEDIUM" "art-direction No.known.fix Contributor+.Stored.XSS MEDIUM" "astra-import-export 1.0.4 Cross-Site.Request.Forgery MEDIUM" "astra-import-export 1.0.4 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "aforms-form-builder-for-price-calculator-cost-estimation 2.2.7 Unauthenticated.Full.Path.Disclosure MEDIUM" "all-404-redirect-to-homepage 2.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "all-404-redirect-to-homepage 1.21 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "avirato-calendar No.known.fix Subscriber+.SQLi HIGH" "auto-post-thumbnail 4.1.3 Missing.Authorization MEDIUM" "auto-post-thumbnail No.known.fix Authenticated.(Author+).Server-Side.Request.Forgery MEDIUM" "auto-post-thumbnail 4.1.4 Author+.SSRF MEDIUM" "auto-post-thumbnail 3.9.16 Author+.Arbitrary.File.Upload CRITICAL" "auto-post-thumbnail 3.9.3 Reflected.Cross-Site.Scripting HIGH" "ai-contact-us No.known.fix Admin+.Stored.XSS LOW" "admin-page-spider 3.32 Admin+.Stored.XSS LOW" "add-instagram No.known.fix Admin+.Stored.XSS LOW" "absolute-reviews 1.1.4 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.Criteria.Name MEDIUM" "absolute-reviews 1.0.9 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "addons-for-divi 4.0.0 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.Upload MEDIUM" "addons-for-divi 3.6.0 Reflected.Cross-Site.Scripting MEDIUM" "addons-for-divi 3.5.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "accesspress-social-counter 1.9.2 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "animated-number-counters No.known.fix Authenticated.(Editor+).Local.File.Inclusion HIGH" "animated-number-counters 1.7 Editor+.Stored.XSS MEDIUM" "ajax-bootmodal-login No.known.fix Captcha.Reuse MEDIUM" "activecampaign-subscription-forms 8.1.15 Authenticated.(Administrator+).Server-Side.Request.Forgery MEDIUM" "activecampaign-subscription-forms 8.1.12 Contributor+.Stored.XSS MEDIUM" "activecampaign-subscription-forms 8.0.2 Cross-Site.Request.Forgery.in.Settings HIGH" "auto-rename-media-on-upload 1.1.0 Admin+.Stored.XSS LOW" "automatorwp 2.5.1 Object.Deletion.via.CSRF MEDIUM" "automatorwp 1.7.6 Missing.Authorization.and.Privilege.Escalation MEDIUM" "automizy-gravity-forms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "automizy-gravity-forms No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "akismet 3.1.5 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "amty-thumb-recent-post No.known.fix Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "advanced-popups 1.1.2 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "ab-press-optimizer-lite No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "all-contact-form-integration-for-elementor No.known.fix Missing.Authorization MEDIUM" "all-contact-form-integration-for-elementor 2.9.9.8 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "all-contact-form-integration-for-elementor 2.9.9.8 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "ajax-load-more 7.1.3 Ajax.Load.More.<.7.1.3.-.Contributor+.Stored.XSS MEDIUM" "ajax-load-more 7.1.2 Authenticated.(Contributor+).Cross-Site.Scripting MEDIUM" "ajax-load-more 7.0.2 Administrator+.Stored.Cross-Site.Scripting MEDIUM" "ajax-load-more 7.1.0 Authenticated.(Admin+).Directory.Traversal.to.Arbitrary.File.Read MEDIUM" "ajax-load-more 6.2 Ajax.Load.More.<.6.2.-.Contributor+.Stored.XSS MEDIUM" "ajax-load-more 5.6.0.3 Ajax.Load.More.<.5.6.0.3.-.Contributor+.Stored.XSS MEDIUM" "ajax-load-more 5.5.4.1 Admin+.Arbitrary.File.Read MEDIUM" "ajax-load-more 5.5.4 Admin+.Arbitrary.File.Read MEDIUM" "ajax-load-more 5.5.4 PHAR.Deserialization.via.CSRF HIGH" "ajax-load-more 5.3.2 Authenticated.SQL.Injection CRITICAL" "article-directory-redux No.known.fix Admin+.Stored.XSS LOW" "activecampaign-for-woocommerce 1.9.8 Subscriber+.Error.Log.Cleanup MEDIUM" "admin-page-framework 3.9.0 Folders.Disclosure.via.Outdated.jQueryFileTree.Library MEDIUM" "add-actions-and-filters No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "add-actions-and-filters 2.10 Reflected.XSS HIGH" "add-actions-and-filters 2.10 Settings.Update.via.CSRF MEDIUM" "add-actions-and-filters No.known.fix Admin+.Stored.XSS MEDIUM" "addify-abandoned-cart-recovery 1.2.5 Multiple.CSRF MEDIUM" "apppresser 4.4.0 Improper.Missing.Encryption.Exception.Handling.to.Authentication.Bypass HIGH" "apppresser 4.3.1 Missing.Authorization MEDIUM" "apppresser 4.3.1 Cross-Site.Request.Forgery.via.force_logging_off() MEDIUM" "apppresser 4.3.1 Cross-Site.Request.Forgery.via.toggle_logging_callback() MEDIUM" "apppresser 4.3.0 Insecure.Password.Reset.Mechanism HIGH" "add-admin-javascript No.known.fix Unauthenticated.Full.Path.Dislcosure MEDIUM" "animated-headline No.known.fix Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "aawp 3.12.3 Unsafe.URL.Handling MEDIUM" "aawp 3.17.1 Reflected.Cross-Site.Scripting MEDIUM" "accordion-image-menu No.known.fix Stored.XSS.via.CSRF HIGH" "admin-renamer-extended No.known.fix CSRF MEDIUM" "auto-tag-creator No.known.fix Missing.Authorization.via.tag_save_settings_callback MEDIUM" "advanced-wp-table No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "advanced-wp-table 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "avif-support 1.1.1 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "avif-support 1.1.1 Author+.Stored.XSS.via.SVG.Uplaod MEDIUM" "advanced-uploader No.known.fix Subscriber+.Arbitrary.File.Upload CRITICAL" "apexchat 1.3.2 Admin+.Stored.XSS LOW" "agile-store-locator 1.4.15 Admin+.Arbitrary.File.Deletion MEDIUM" "agile-store-locator 1.4.13 Reflected.XSS HIGH" "agile-store-locator 1.4.10 Editor+.Stored.XSS LOW" "agile-store-locator 1.4.9 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "agile-store-locator 1.4.6 Stored.XSS.via.CSRF MEDIUM" "age-verification-screen-for-woocommerce 1.1.0 Reflected.Cross-Site.Scripting MEDIUM" "age-verification-screen-for-woocommerce 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ajax-search-for-woocommerce 1.25.0b3 Reflected.Cross-Site.Scripting MEDIUM" "ajax-search-for-woocommerce 1.24.0 AJAX.Search.for.WooCommerce.<.1.24.0.-.Admin+.Stored.Cross-Site.Scripting MEDIUM" "ajax-search-for-woocommerce 1.18.0 Admin+.Stored.Cross-Site.Scripting LOW" "ajax-search-for-woocommerce 1.17.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "add-twitter-pixel 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "appointment-booking-calendar 1.3.83 CSRF.appointment.scheduling MEDIUM" "appointment-booking-calendar 1.3.70 Feedback.Submission.via.CSRF MEDIUM" "appointment-booking-calendar 1.3.35 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "appointment-booking-calendar 1.3.35 CSV.Injection MEDIUM" "appointment-booking-calendar 1.3.19 Unauthenticated.Stored.XSS MEDIUM" "appointment-booking-calendar 1.1.25 Unauthenticated.SQL.Injection CRITICAL" "appointment-booking-calendar 1.1.24 Unauthenticated.SQL.Injection CRITICAL" "appointment-booking-calendar 1.1.8 Multiple.Reflected.Cross-Site.Scripting.(XSS).and.SQL.Injection HIGH" "add-pinterest-conversion-tags 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "add-pinterest-conversion-tags 1.0.2 Subscriber+.Arbitrary.Option.Update CRITICAL" "azurecurve-toggle-showhide No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ag-custom-admin 7.2.4 Admin+.SSRF MEDIUM" "ag-custom-admin 7.2.2 Admin+.Stored.XSS.via.Image.URL LOW" "ag-custom-admin 7.0 Admin+.Stored.Cross-Site.Scripting MEDIUM" "ag-custom-admin 6.9.2 AGCA.<.6.9.2.-.Admin+.Stored.Cross-Site.Scripting LOW" "ag-custom-admin 6.5.5 CSRF.&.XSS LOW" "advanced-category-template No.known.fix Cross-Site.Request.Forgery MEDIUM" "advanced-category-template No.known.fix Reflected.XSS HIGH" "all-in-one-wp-migration-dropbox-extension 3.76 Unauthenticated.Access.Token.Update MEDIUM" "acf-vc-integrator 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "azw-woocommerce-file-uploads No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "azw-woocommerce-file-uploads No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "appmysite 3.11.1 Unauthenticated.Information.Disclsoure MEDIUM" "ad-swapper No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "awsom-news-announcement No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ad-inserter 2.7.31 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "ad-inserter 2.7.31 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "ad-inserter 2.7.27 Admin+.PHP.Object.Injection LOW" "ad-inserter 2.7.12 Reflected.Cross-Site.Scripting LOW" "ad-inserter 2.7.11 Admin+.RCE./.Stored.XSS MEDIUM" "ad-inserter 2.7.10 Reflected.Cross-Site.Scripting MEDIUM" "ad-inserter 2.4.22 Authenticated.Remote.Code.Execution HIGH" "ad-inserter 2.4.20 Authenticated.Path.Traversal HIGH" "ad-inserter 1.5.6 Authenticated.Cross-Site.Scripting.(XSS) HIGH" "ap-pricing-tables-lite No.known.fix Admin+.SQLi MEDIUM" "ap-pricing-tables-lite 1.1.5 Reflected.Cross-Site.Scripting MEDIUM" "ap-pricing-tables-lite 1.1.3 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "advanced-wp-columns No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "ajax-load-more-anything 3.3.4 Subscriber+.Settings.Update MEDIUM" "art-decoration-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "anfrageformular No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "accesspress-social-share 4.5.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "affieasy 1.1.7 Cross-Site.Request.Forgery.to.Various.Actions MEDIUM" "affieasy 1.1.6 Cross-Site.Request.Forgery MEDIUM" "affieasy No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "affieasy 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ajax-filter-posts 3.4.11 Reflected.Cross-Site.Scripting MEDIUM" "ajax-filter-posts No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ajax-filter-posts 3.4.8 Missing.Authorization MEDIUM" "admin-trim-interface No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "anthologize 0.8.1 Admin+.Stored.XSS LOW" "ab-rankings-testing-tool No.known.fix Settings.Update.via.CSRF MEDIUM" "adminpad 2.2 Note.Update.via.CSRF MEDIUM" "add-comments No.known.fix Admin+.Stored.XSS LOW" "accessibility-checker 1.2.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "automatewoo 5.7.6 Cross-Site.Request.Forgery MEDIUM" "automatewoo 5.7.6 Missing.Authorization MEDIUM" "automatewoo 5.7.2 ShopManager+.SQLi MEDIUM" "automatewoo 5.7.2 Cross-Site.Request.Forgery MEDIUM" "automatic-user-roles-switcher 1.1.2 Subscriber+.Privilege.Escalation HIGH" "ajax-pagination No.known.fix wp-admin/admin-ajax.php.loop.Parameter.Local.File.Inclusion HIGH" "arconix-faq 1.9.5 Missing.Authorization MEDIUM" "arconix-faq 1.9.4 Missing.Authorization.to.Notice.Dismissal MEDIUM" "addthis 5.0.13 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "awesome-weather No.known.fix Contributor+.Stored.XSS MEDIUM" "awesome-weather No.known.fix Reflected.Cross-site.Scripting.(XSS) HIGH" "audio-video-download-buttons-for-youtube 1.04 Reflected.Cross-Site.Scripting MEDIUM" "addify-price-calculator-for-woocommerce No.known.fix Multiple.CSRF MEDIUM" "affiliate-power 2.3.0 Reflected.Cross-Site.Scripting HIGH" "ads-invalid-click-protection No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "access-demo-importer 1.0.8 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "access-demo-importer 1.0.8 Data.Reset.via.CSRF HIGH" "access-demo-importer 1.0.7 Subscriber+.Arbitrary.File.Upload HIGH" "alipay No.known.fix Authenticated.SQL.Injection MEDIUM" "astra-addon 4.3.2 Authenticated(Contributor+).Remote.Code.Execution.via.Metabox HIGH" "astra-addon 3.5.2 Unauthenticated.SQL.Injection HIGH" "ays-slider 2.5.0 Responsive.Slider.and.Carousel.<.2.5.0.-.Authenticated.Blind.SQL.Injection HIGH" "ays-slider 2.5.0 Reflected.Cross-Site.Scripting.(XSS) HIGH" "awesome-contact-form7-for-elementor 3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.AEP.Contact.Form.7.Widget MEDIUM" "autocomplete-location-field-contact-form-7-pro 2.0 Admin+.Store.Cross-Site.Scripting LOW" "a2-optimized-wp 3.0.5 Data.Collection.Toggle.via.CSRF MEDIUM" "accessally 3.5.7 $_SERVER.Superglobal.Leakage HIGH" "accessally 3.3.2 Unauthenticated.Arbitrary.PHP.Code.Execution CRITICAL" "aajoda-testimonials 2.2.2 Admin+.Stored.XSS LOW" "ajax-search-pro 4.26.2 Multiple.Reflected.Cross-Site.Scripting HIGH" "ajax-search-pro 4.26.2 Reflected.Cross-Site.Scripting HIGH" "ajax-search-pro 4.19 Subscriber+.SQL.Injection HIGH" "ajax-search-pro 4.19 Stored.XSS.via.CSRF HIGH" "api-info-themes-plugins-wp-org 1.05 Reflected.Cross-Site.Scripting MEDIUM" "accordions-wp 2.7 Authenticated.(Editor+).Stored.Cross-Site.Scripting.via.accordion.settings MEDIUM" "accordions-wp 2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "academy 2.0.5 Missing.Authorization LOW" "academy 2.0.11 Open.Redirect MEDIUM" "academy 1.9.26 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "academy 1.9.17 Missing.Authorization MEDIUM" "academy 1.9.17 Missing.Authorization MEDIUM" "academy 1.9.20 .Authenticated.(Subscriber+).Privilege.Escalation HIGH" "adsense-click-fraud-monitoring No.known.fix XSS MEDIUM" "advanced-text-widget No.known.fix Admin+.Stored.XSS LOW" "advanced-woo-labels 2.02 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-woo-labels 1.94 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "amazon-link No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "animategl 1.4.18 Reflected.Cross-Site.Scripting MEDIUM" "ari-stream-quiz 1.3.1 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "ari-stream-quiz 1.3.0 Cross-Site.Request.Forgery MEDIUM" "ari-stream-quiz 1.3.0 Cross-Site.Request.Forgery MEDIUM" "ari-stream-quiz 1.3.0 Contributor+.Stored.XSS MEDIUM" "ari-stream-quiz 1.3.3 Contributor+.Content.Injection LOW" "advanced-import 1.3.8 Arbitrary.Plugin.Installation.&.Activation.via.CSRF HIGH" "advanced-free-flat-shipping-woocommerce 1.6.4.6 Cross-Site.Request.Forgery MEDIUM" "alfred-click-collect No.known.fix Admin+.Stored.XSS LOW" "acf-for-woocommerce-product No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "acf-for-woocommerce-product No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advanced-ads 1.52.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Ad.Widget MEDIUM" "advanced-ads 1.52.2 Authenticated.(Admin+).PHP.Object.Injection HIGH" "advanced-ads 1.32.0 Admin+.Stored.XSS MEDIUM" "advanced-ads 1.17.4 Reflected.XSS.via.Admin.Dashboard MEDIUM" "admin-notices-manager 1.5.0 Missing.Authorization.to.Authenticated.(Subscriber+).User.Email.Retrieval MEDIUM" "albo-pretorio-on-line No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "albo-pretorio-on-line No.known.fix Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "albo-pretorio-on-line 4.6.4 Reflected.XSS HIGH" "albo-pretorio-on-line 4.6.2 Reflected.XSS HIGH" "albo-pretorio-on-line 4.6.1 Reflected.XSS HIGH" "acme-fix-images 2.0.0 Subscriber+.Image.Resizing MEDIUM" "addon-library No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "announcekit No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "as-create-pinterest-pinboard-pages No.known.fix Subscriber+.Settings.Update.to.Stored.XSS MEDIUM" "advanced-cron-manager 2.5.10 Missing.Authorization MEDIUM" "advanced-cron-manager 2.5.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "advanced-cron-manager 2.4.2 Subscriber+.Arbitrary.Events/Schedules.Creation/Deletion MEDIUM" "acf-extended 0.8.9.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "acf-extended 0.8.8.7 Admin+.SQL.Injection MEDIUM" "anycomment 0.0.99 Reflected.Cross-Site.Scripting MEDIUM" "anycomment 0.2.18 Comment.Rating.Increase/Decrease.via.Race.Condition LOW" "anycomment 0.2.18 Arbitrary.HyperComments.Import/Revert.via.CSRF MEDIUM" "anycomment 0.3.5 Open.Redirect MEDIUM" "anycomment 0.0.33 XSS MEDIUM" "agenteasy-properties No.known.fix Admin+.Stored.XSS LOW" "aruba-hispeed-cache 2.0.13 Missing.Authorization MEDIUM" "aruba-hispeed-cache 2.0.7 Unauthenticated.Log.File.Access MEDIUM" "auto-advance-for-gravity-forms 4.5.4 Reflected.Cross-Site.Scripting MEDIUM" "auto-advance-for-gravity-forms 4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "adl-team No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "admin-management-xtended 2.4.5 Post.Visibility/Date/Comment.Status.Update.via.CSRF MEDIUM" "admin-management-xtended 2.4.5 Multiple.CSRF MEDIUM" "admin-management-xtended 2.4.0.1 Privilege.Escalation MEDIUM" "about-me No.known.fix Subscriber+.Arbitrary.Network.Creation/Deletion MEDIUM" "article-directory No.known.fix Admin+.Stored.XSS LOW" "aws-cdn-by-wpadmin 3.0.0 Cross-Site.Request.Forgery MEDIUM" "add-to-feedly No.known.fix Admin+.Stored.XSS LOW" "all-in-one-wp-migration 7.63 Unauthenticated.Reflected.XSS MEDIUM" "all-in-one-wp-migration 7.59 Admin+.File.Deletion.on.Windows.Hosts.via.Path.Traversal MEDIUM" "all-in-one-wp-migration 7.41 Admin+.Arbitrary.File.Upload.to.RCE MEDIUM" "all-in-one-wp-migration 7.15 Arbitrary.Backup.Download HIGH" "all-in-one-wp-migration 7.0 Authenticated.Cross-Site.Scripting.(XSS) CRITICAL" "all-in-one-wp-migration 6.46 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "all-in-one-wp-migration 2.0.5 Unauthenticated.Database.Export HIGH" "accesspress-custom-post-type 1.0.9 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "another-wordpress-classifieds-plugin 4.3.2 Cross-Site.Request.Forgery MEDIUM" "another-wordpress-classifieds-plugin 4.3.2 Missing.Authorization MEDIUM" "another-wordpress-classifieds-plugin 4.3.1 Categories.Mgt.via.CSRF MEDIUM" "another-wordpress-classifieds-plugin 4.3 Unauthenticated.SQLi MEDIUM" "add-posts-to-pages No.known.fix Contributor+.Stored.XSS MEDIUM" "accesspress-anonymous-post-pro 3.2.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "addify-custom-fields-for-woocommerce 1.0.4 Multiple.CSRF MEDIUM" "all-bootstrap-blocks 1.3.20 Contributor+.Stored.XSS MEDIUM" "all-bootstrap-blocks 1.3.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "all-bootstrap-blocks 1.3.7 Cross-Site.Request.Forgery MEDIUM" "ap-custom-testimonial 1.4.8 Reflected.Cross-Site.Scripting MEDIUM" "ap-custom-testimonial 1.4.8 Admin+.SQL.Injection MEDIUM" "ap-custom-testimonial 1.4.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "auto-poster No.known.fix Authenticated.(Administrator+).Arbitrary.File.Upload CRITICAL" "ari-fancy-lightbox 1.3.18 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "ari-fancy-lightbox 1.3.9 Reflected.Cross-Site.Scripting MEDIUM" "aweber-web-form-widget 7.3.15 Authenticated.(Admin+).SQL.Injection HIGH" "aweber-web-form-widget 7.3.10 Missing.Authorization.via.AJAX.actions MEDIUM" "allow-php-in-posts-and-pages No.known.fix Authenticated.Remote.Code.Execution.(RCE) CRITICAL" "add-to-cart-direct-checkout-for-woocommerce 2.1.49 Admin+.Stored.XSS LOW" "analytics-insights 6.3 Open.Redirect MEDIUM" "anti-spam 7.3.8 Missing.Authorization MEDIUM" "anti-spam 7.3.1 Protection.Bypass.due.to.IP.Spoofing MEDIUM" "any-hostname No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "automatic-domain-changer 2.0.3 Reflected.Cross-Site.Scripting MEDIUM" "abitgone-commentsafe No.known.fix Settings.Update.to.Stored.XSS.via.CSRF HIGH" "address-email-and-phone-validation No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "aoi-tori No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "alma-gateway-for-woocommerce 5.2.1 Contributor+.Stored.XSS MEDIUM" "ak-menu-icons-lite 1.0.9 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "accesspress-twitter-auto-post 1.4.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "ajax-random-post No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "atomchat 1.1.5 Unauthenticated.Credits.Update MEDIUM" "auto-thickbox-plus No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "all-in-one-wp-migration-onedrive-extension 1.67 Unauthenticated.Access.Token.Update MEDIUM" "admin-and-client-message-after-order-for-woocommerce 12.5 Missing.Authorization.to.Arbitrary.File.Upload CRITICAL" "admin-form 1.9.1 Cross-Site.Request.Forgery MEDIUM" "admin-form 1.9.1 Reflected.Cross-Site.Scripting MEDIUM" "adapta-rgpd 1.3.3 Unauthorised.Consent.via.CSRF MEDIUM" "accordions 2.2.100 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "accordions 2.2.97 Missing.Authorization.to.Authenticated(Contributor+).Post.Duplication MEDIUM" "accordions 2.2.30 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "accordions 2.2.9 Unprotected.AJAX.Action.to.Stored/Reflected.XSS MEDIUM" "addon-elements-for-elementor-page-builder 1.13.9 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.table_saved_sections MEDIUM" "addon-elements-for-elementor-page-builder 1.13.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addon-elements-for-elementor-page-builder 1.13.7 Missing.Authorization MEDIUM" "addon-elements-for-elementor-page-builder 1.13.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "addon-elements-for-elementor-page-builder 1.13.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.and.eae_slider_animation.Parameters MEDIUM" "addon-elements-for-elementor-page-builder 1.13.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addon-elements-for-elementor-page-builder 1.13.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addon-elements-for-elementor-page-builder 1.13.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Twitter.Widget MEDIUM" "addon-elements-for-elementor-page-builder 1.13.4 Contributor+.Stored.XSS MEDIUM" "addon-elements-for-elementor-page-builder 1.13.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addon-elements-for-elementor-page-builder 1.13.3 Contributor+.DOM-Based.Stored.XSS MEDIUM" "addon-elements-for-elementor-page-builder 1.13.2 Contributor+.Stored.XSS MEDIUM" "addon-elements-for-elementor-page-builder 1.12.11 Contributor+.Stored.XSS MEDIUM" "addon-elements-for-elementor-page-builder 1.13 Contributor+.Stored.XSS MEDIUM" "addon-elements-for-elementor-page-builder 1.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Content.Switcher.Widget MEDIUM" "addon-elements-for-elementor-page-builder 1.13 Contributor+.to.LFI HIGH" "addon-elements-for-elementor-page-builder 1.13 Contributor+.Stored.XSS MEDIUM" "addon-elements-for-elementor-page-builder 1.13 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Modal.Popup.effet MEDIUM" "addon-elements-for-elementor-page-builder 1.12.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addon-elements-for-elementor-page-builder 1.12.8 Unauthenticated.Post.ID/Tile.Disclosure MEDIUM" "addon-elements-for-elementor-page-builder 1.12.8 Elementor.Addon.Element.Enabling/Disabling.via.CSRF MEDIUM" "addon-elements-for-elementor-page-builder 1.12.8 Admin+.Stored.XSS LOW" "addon-elements-for-elementor-page-builder 1.12.8 Settings.Update.via.CSRF MEDIUM" "addon-elements-for-elementor-page-builder 1.12 Reflected.Cross-Site.Scripting MEDIUM" "addon-elements-for-elementor-page-builder 1.11.14 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "addon-elements-for-elementor-page-builder 1.11.8 CSRF.Bypass LOW" "addon-elements-for-elementor-page-builder 1.11.2 Contributor+.Stored.XSS MEDIUM" "addon-elements-for-elementor-page-builder 1.6.4 CSRF.&.XSS LOW" "add-hierarchy-parent-to-post 3.13 Reflected.Cross-Site.Scripting MEDIUM" "auto-hyperlink-urls No.known.fix Tab.Nabbing MEDIUM" "avartan-slider-lite No.known.fix Reflected.XSS HIGH" "addons-for-visual-composer 3.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addons-for-visual-composer 3.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "addons-for-visual-composer 3.8.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "addons-for-visual-composer 3.6 Contributor+.Stored.XSS MEDIUM" "addons-for-visual-composer 3.3 Reflected.Cross-Site.Scripting MEDIUM" "addons-for-visual-composer 2.9.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "accessibility-widget 2.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "audio-merchant No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "audio-merchant No.known.fix Cross-Site.Request.Forgery.to.Settings.Modifcation.and.Stored.Cross-Site.Scripting MEDIUM" "access-code-feeder No.known.fix CSRF MEDIUM" "apollo13-framework-extensions 1.9.4 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "apollo13-framework-extensions 1.9.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "apollo13-framework-extensions 1.9.2 Cross-Site.Request.Forgery MEDIUM" "apollo13-framework-extensions 1.9.1 Contributor+.Stored.XSS MEDIUM" "apollo13-framework-extensions 1.9.0 Missing.Authorization MEDIUM" "add2fav No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "adfoxly No.known.fix Missing.Authorization.to.Unauthenticated.Ad.Status.Update MEDIUM" "adfoxly No.known.fix Missing.Authorization.to.Unauthenticated.Ad.Status.Update MEDIUM" "adfoxly No.known.fix Cross-Site.Request.Forgery MEDIUM" "adfoxly No.known.fix Reflected.XSS HIGH" "adfoxly 1.7.91 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advanced-booking-calendar No.known.fix Unauthenticated.SQLi HIGH" "advanced-booking-calendar No.known.fix CSRF MEDIUM" "advanced-booking-calendar 1.7.1 Admin+.SQLi MEDIUM" "advanced-booking-calendar 1.7.1 Reflected.Cross-Site.Scripting MEDIUM" "advanced-booking-calendar 1.7.0 Unauthenticated.SQL.Injection HIGH" "advanced-booking-calendar 1.6.8 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "advanced-booking-calendar 1.6.7 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "advanced-booking-calendar 1.6.2 Unauthenticated.SQL.Injection CRITICAL" "anac-xml-viewer No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "addify-checkout-fields-manager 1.0.2 Multiple.CSRF MEDIUM" "advanced-classifieds-and-directory-pro 3.2.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "advanced-classifieds-and-directory-pro 3.1.2 Missing.Authorization.to.Arbitrary.Attachment.Deletion MEDIUM" "advanced-classifieds-and-directory-pro 2.1.2 Reflected.Cross-Site.Scripting MEDIUM" "advanced-classifieds-and-directory-pro 1.8.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advanced-classifieds-and-directory-pro 1.6.3 Subscriber+.Arbitrary.Option.Update CRITICAL" "add-subtitle No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "awesome-social-icons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "awesome-social-icons No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "api-key-for-google-maps 1.2.2 Arbitrary.API.Key.Update.via.CSRF MEDIUM" "advanced-database-cleaner 3.1.4 Administrator+.PHP.Object.Injection MEDIUM" "advanced-database-cleaner 3.1.3 Authenticated.(Administrator+).SQL.Injection MEDIUM" "advanced-database-cleaner 3.1.2 Settings.Update.via.CSRF MEDIUM" "advanced-database-cleaner 3.1.1 Reflected.Cross-Site.Scripting MEDIUM" "advanced-database-cleaner 3.0.4 Reflected.Cross-Site.Scripting MEDIUM" "advanced-database-cleaner 3.0.2 Authenticated.SQL.injection MEDIUM" "acf-blocks 2.6.10 Reflected.Cross-Site.Scripting MEDIUM" "acf-blocks 2.6.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "amp-plus No.known.fix Reflected.Cross.Site.Scripting HIGH" "auto-refresh-single-page No.known.fix .Authenticated.(Contributor+).PHP.Object.Injection HIGH" "ai-twitter-feeds No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addify-gift-registry-for-woocommerce 1.1.0 Multiple.CSRF MEDIUM" "advanced-exchange-rates No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "advanced-exchange-rates No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "appexperts No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "appexperts 1.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "affiliate-advantage No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "advanced-ajax-page-loader No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "advanced-ajax-page-loader 2.7.7 Unauthenticated.Uploaded.File.Disclosure MEDIUM" "automatic-youtube-video-posts No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "all-in-one-schemaorg-rich-snippets 1.6.6 All.In.One.Schema.Rich.Snippets.<.1.6.6.-.Multiple.CSRF MEDIUM" "all-in-one-schemaorg-rich-snippets 1.5.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "accordion-shortcodes No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "asf-allow-svg-files No.known.fix Author+.Stored.Cross.Site.Scripting.via.SVG MEDIUM" "asf-allow-svg-files 1.1 Admin+.Arbitrary.File.Upload MEDIUM" "accesspress-social-icons 1.8.3 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "accesspress-social-icons 1.8.1 Authenticated.SQL.Injection HIGH" "accesspress-social-icons 1.6.8 Authenticated.SQL.Injections MEDIUM" "avectra-netforum-single-sign-on No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "avectra-netforum-single-sign-on 1.3.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "anonymous-restricted-content 1.6.3 .Protection.Mechanism.Bypass MEDIUM" "avalex 3.0.9 Missing.Authorization MEDIUM" "avalex 3.0.4 Admin+.Stored.XSS LOW" "ad-buttons 2.3.2 CSRF.&.XSS MEDIUM" "acf-front-end-editor No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Content.Update MEDIUM" "acf-frontend-display No.known.fix Arbitrary.File.Upload CRITICAL" "admin-speedo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "all-custom-fields-groups 1.05 Reflected.Cross-Site.Scripting MEDIUM" "ali2woo-lite 3.3.7 Reflected.Cross-Site.Scripting MEDIUM" "ali2woo-lite No.known.fix Stored.XSS.via.CSRF HIGH" "ali2woo-lite 3.3.7 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "ali2woo-lite 3.4.4 PHP.Object.Injection.via.CSRF HIGH" "ali2woo-lite 3.3.6 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "ali2woo-lite 3.3.7 Missing.Authorization.via.Several.Functions MEDIUM" "amministrazione-trasparente 8.0.5 Admin+.Stored.XSS LOW" "amministrazione-trasparente 7.1.1 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "amministrazione-trasparente 7.1.1 Cross-Site.Request.Forgery HIGH" "arforms-form-builder 1.6.8 Reflected.Cross-Site.Scripting MEDIUM" "arforms-form-builder 1.6.5 Missing.Authorization.to.Authenticated(Subscriber+).Arbitrary.Option.Deletion HIGH" "arforms-form-builder 1.6.2 Missing.Authorization MEDIUM" "arforms-form-builder 1.6.2 Cross-Site.Request.Forgery MEDIUM" "arforms-form-builder 1.5.9 Unauthenticated.Stored.XSS HIGH" "arforms-form-builder 1.5.7 Unauthenticated.Stored.XSS HIGH" "arforms-form-builder 1.5 Admin+.Stored.Cross.Site.Scripting LOW" "auto-post-woocommerce-products No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "assistant 1.4.9.2 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "assistant 1.4.4 Editor+.SSRF MEDIUM" "addons-for-beaver-builder 3.7 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "addons-for-beaver-builder 3.3 Reflected.Cross-Site.Scripting MEDIUM" "addons-for-beaver-builder 2.8.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "authorizenet-payment-gateway-for-woocommerce No.known.fix Insufficient.Verification.of.Data.Authenticity.to.Unauthenticated.Payment.Bypass MEDIUM" "auto-youtube-importer 1.0.4 Settings.Update.via.CSRF MEDIUM" "amazonify No.known.fix Cross-Site.Request.Forgery.to.Amazon.Tracking.ID.Update MEDIUM" "amazonify No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "attendance-manager 0.5.7 CSRF.&.XSS HIGH" "article-analytics No.known.fix Unauthenticated.SQL.injection HIGH" "alemha-watermark No.known.fix Author+.Stored.XSS MEDIUM" "aspose-doc-exporter No.known.fix Missing.Authorization MEDIUM" "aspose-doc-exporter 2.0 Unauthenticated.Arbitrary.File.Download HIGH" "avcp No.known.fix Cross-Site.Request.Forgery.via.settings.php MEDIUM" "avcp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "avcp No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "announce-from-the-dashboard 1.5.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "announce-from-the-dashboard 1.5.2 Admin+.Stored.XSS LOW" "advanced-menu-widget No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "autocomplete-location-field-contact-form-7 3.0 Admin+.Store.Cross-Site.Scripting LOW" "attire-blocks 1.9.3 Missing.Authorization MEDIUM" "artificial-intelligence-auto-content-generator 3.0.0 Reflected.Cross-Site.Scripting MEDIUM" "accesspress-twitter-feed No.known.fix Delete.cache.via.CSRF MEDIUM" "accesspress-twitter-feed 1.6.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "all-in-one-wp-security-and-firewall 5.2.7 Cross-Site.Request.Forgery.to.IP.Blocking MEDIUM" "all-in-one-wp-security-and-firewall 5.2.6 Reflected.Cross-Site.Scripting MEDIUM" "all-in-one-wp-security-and-firewall 5.2.5 Protection.Bypass.of.Renamed.Login.Page.via.URL.Encoding MEDIUM" "all-in-one-wp-security-and-firewall 5.2.0 Insecure.Storage.of.Password MEDIUM" "all-in-one-wp-security-and-firewall 5.1.5 Admin+.Stored.XSS LOW" "all-in-one-wp-security-and-firewall 5.1.5 Admin+.Arbitrary.File/Folder.Access.via.Traversal MEDIUM" "all-in-one-wp-security-and-firewall 5.1.3 Configuration.Leak MEDIUM" "all-in-one-wp-security-and-firewall 5.1.1 Bulk.Actions.via.CSRF MEDIUM" "all-in-one-wp-security-and-firewall 5.0.8 IP.Spoofing MEDIUM" "all-in-one-wp-security-and-firewall 4.4.11 Authenticated.Arbitrary.Redirect./.Reflected.XSS LOW" "all-in-one-wp-security-and-firewall 4.4.6 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "all-in-one-wp-security-and-firewall 4.4.4 CSRF.&.XSS LOW" "all-in-one-wp-security-and-firewall 4.4.2 Open.Redirect.&.Hidden.Login.Page.Exposure MEDIUM" "all-in-one-wp-security-and-firewall 4.2.2 Cross-Site.Scripting.(XSS) CRITICAL" "all-in-one-wp-security-and-firewall 4.2.0 Authenticated.Cross-Site.Scripting.(XSS) CRITICAL" "all-in-one-wp-security-and-firewall 4.1.3 Multiple.vulnerabilities.in.login.CAPTCHA MEDIUM" "all-in-one-wp-security-and-firewall 4.0.9 Multiple.SQL.Injections MEDIUM" "all-in-one-wp-security-and-firewall 4.0.7 Multiple.SQL.Injections MEDIUM" "all-in-one-wp-security-and-firewall 4.0.6 XSS MEDIUM" "all-in-one-wp-security-and-firewall 4.0.5 XSS CRITICAL" "additional-order-filters-for-woocommerce 1.12 Reflected.XSS HIGH" "advance-menu-manager 3.0.6 Reflected.Cross-Site.Scripting MEDIUM" "advance-menu-manager 3.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advance-menu-manager 3.0 Unauthorised.Menu.Edition.via.CSRF MEDIUM" "advance-menu-manager 3.0.7 Unauthorised.Menu.Creation/Deletion MEDIUM" "api2cart-bridge-connector 1.2.0 Unauthenticated.RCE CRITICAL" "api2cart-bridge-connector 1.2.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "ays-popup-box 4.5.2 Missing.Authorization MEDIUM" "ays-popup-box 4.1.3 Cross-Site.Request.Forgery MEDIUM" "ays-popup-box 4.3.7 Missing.Authorization.to.Information.Exposure MEDIUM" "ays-popup-box 20.9.0 Admin+.Stored.XSS LOW" "ays-popup-box 7.9.0 Admin+.Stored.XSS LOW" "ays-popup-box 3.8.6 Admin+.Stored.XSS.in.Popup.Settings LOW" "ays-popup-box 3.8.6 Admin+.Stored.XSS.in.Categories LOW" "ays-popup-box 3.7.9 Admin+.Stored.XSS LOW" "ays-popup-box 3.7.2 Admin+.Stored.Cross-Site.Scripting LOW" "ays-popup-box 3.4.5 Reflected.XSS HIGH" "ays-popup-box 2.3.4 Reflected.Cross-Site.Scripting.(XSS) HIGH" "ays-popup-box 2.3.4 Authenticated.Blind.SQL.Injections HIGH" "ajax-archive-calendar 2.6.8 Contributor+.Stored.XSS MEDIUM" "audio-player-with-playlist-ultimate 1.3 Contributor+.Stored.XSS MEDIUM" "adamrob-parallax-scroll 2.1 Cross-Site.Scripting.(XSS) MEDIUM" "add-link-to-facebook No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "angwp 1.5.6 Unauthenticated.Arbitrary.File.Upload/Deletion CRITICAL" "accordions-or-faqs No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "accordions-or-faqs 2.3.1 Admin+.Stored.XSS LOW" "accordions-or-faqs 2.1.0 Authenticated.Arbitrary.Options.Update MEDIUM" "accordions-or-faqs 2.1.0 Admin+.Stored.XSS LOW" "accordions-or-faqs 2.0.3 Unauthenticated.Arbitrary.Options.Update CRITICAL" "admin-quick-panel No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "admin-quick-panel 1.2.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advanced-image-sitemap No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "awesome-filterable-portfolio No.known.fix Unauthenticated.Settings.Update MEDIUM" "awesome-filterable-portfolio No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "awesome-filterable-portfolio 1.9 Authenticated.Blind.SQL.Injection HIGH" "animated-al-list No.known.fix Reflected.XSS HIGH" "amazonsimpleadmin 1.5.4 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "auyautochat-for-wp No.known.fix Unauthenticated.Stored.XSS HIGH" "all-404-pages-redirect-to-homepage 2.0 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "all-in-one-invite-codes 1.0.13 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "add-multiple-marker No.known.fix Unauthenticated.Settings.Update MEDIUM" "add-multiple-marker No.known.fix Settings.Update.via.CSRF MEDIUM" "analytics-cat 1.1.0 Admin+.Stored.Cross-Site.Scripting MEDIUM" "analytics-cat 1.1.0 Settings.Update.via.CSRF MEDIUM" "addonify-quick-view 1.2.17 Unauthenticated.Full.Path.Dislcosure MEDIUM" "accesspress-social-login-lite 3.4.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "all-in-one-wp-migration-gdrive-extension 2.80 Unauthenticated.Access.Token.Update MEDIUM" "accesspress-facebook-auto-post 2.1.4 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "auto-location-for-wp-job-manager 1.1 Admin+.Cross.Site.Scripting LOW" "aviary-image-editor-add-on-for-gravity-forms No.known.fix Unauthenticated.File.Upload CRITICAL" "add-expires-headers 2.8.0 Reflected.Cross-Site.Scripting MEDIUM" "add-expires-headers 2.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "album-and-image-gallery-plus-lightbox 2.1 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "animated-fullscreen-menu 2.2.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "amazon-auto-links 5.4.3 Reflected.Cross-Site.Scripting MEDIUM" "amazon-auto-links 5.1.2 Contributor+.Stored.XSS MEDIUM" "amazon-auto-links 5.3.2 Contributor+.Stored.XSS MEDIUM" "amazon-auto-links 4.6.20 Reflected.Cross-Site.Scripting HIGH" "amazon-product-in-a-post-plugin 3.5.3 Unauthenticated.SQL.Injection CRITICAL" "ameliabooking No.known.fix Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "ameliabooking No.known.fix Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "ameliabooking 1.2.1 Unauthenticated.Full.Path.Disclosure MEDIUM" "ameliabooking 1.1.6 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "ameliabooking 1.0.96 Cross-Site.Request.Forgery MEDIUM" "ameliabooking 1.0.99 Reflected.Cross-Site.Scripting MEDIUM" "ameliabooking 1.0.94 Contributor+.Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "ameliabooking 1.0.99 Missing.Authorization MEDIUM" "ameliabooking 1.0.86 Contributor+.Stored.XSS MEDIUM" "ameliabooking 1.0.76 Reflected.XSS HIGH" "ameliabooking 1.0.49 Customer+.Arbitrary.Appointments.Status.Update MEDIUM" "ameliabooking 1.0.48 Customer+.SMS.Service.Abuse.and.Sensitive.Data.Disclosure MEDIUM" "ameliabooking 1.0.47 Unauthenticated.Stored.XSS.via.lastName HIGH" "ameliabooking 1.0.47 Customer+.Arbitrary.Appointments.Update.and.Sensitive.Data.Disclosure HIGH" "ameliabooking 1.0.46 Manager+.RCE MEDIUM" "ameliabooking 1.0.46 Reflected.Cross-Site.Scripting MEDIUM" "ameliabooking 1.0.46 Arbitrary.Customer.Deletion.via.CSRF MEDIUM" "aramex-shipping-woocommerce No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "add-custom-css-and-js No.known.fix Stored.XSS.via.CSRF HIGH" "autocomplete-address-and-location-picker-for-woocommerce 1.1.7 Reflected.Cross-Site.Scripting MEDIUM" "autocomplete-address-and-location-picker-for-woocommerce 1.0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advanced-page-visit-counter No.known.fix Authenticated.(Administrator+).SQL.Injection CRITICAL" "advanced-page-visit-counter No.known.fix Admin+.Stored.XSS LOW" "advanced-page-visit-counter No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-page-visit-counter 8.0.1 Contributor+.SQLi MEDIUM" "advanced-page-visit-counter 7.1.1 Reflected.Cross-Site.Scripting MEDIUM" "advanced-page-visit-counter 6.1.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "advanced-page-visit-counter 6.1.6 Subscriber+.Blind.SQL.injection HIGH" "advanced-page-visit-counter 6.0.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "admin-bar 1.0.23 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "atlas-knowledge-base No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "atlas-knowledge-base No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "add-search-to-menu 5.5.7 Information.Exposure.via.AJAX.Search.Form MEDIUM" "add-search-to-menu 5.5.6 Subscriber+.Index.Creation MEDIUM" "add-search-to-menu 5.5.2 Reflected.Cross-Site.Scripting MEDIUM" "add-search-to-menu 5.4.7 Reflected.Cross-Site.Scripting MEDIUM" "add-search-to-menu 5.4.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "add-search-to-menu 5.4.1 Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "add-search-to-menu 4.8 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "add-search-to-menu 4.7 Reflected.Cross-Site.Scripting HIGH" "add-search-to-menu 4.6.1 Reflected.Cross.Site.Scripting.(XSS) MEDIUM" "add-search-to-menu 4.5.11 .Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "add-svg-support-for-media-uploader-inventivo No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "amr-users 4.59.4 Admin+.Stored.Cross-Site.Scripting LOW" "ajax-live-search No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ajax-live-search No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "admin-site-enhancements 5.8.0 Password.Protection.Mode.Security.Feature.Bypass HIGH" "a4-barcode-generator 3.4.10 Missing.Authorization MEDIUM" "a4-barcode-generator 3.4.7 Subscriber+.Settings/Profiles.Update,.Templates/Barcodes.Access/Creation/Edition/Deletion MEDIUM" "a4-barcode-generator 3.4.7 Subscriber+.Stored.XSS HIGH" "a3-portfolio 3.1.1 Author+.Stored.XSS MEDIUM" "agendapress 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "agendapress 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "all-in-one-seo-pack-pro 4.2.6 Admin+.SSRF LOW" "advanced-testimonial-carousel-for-elementor 3.0.1 Missing.Authorization MEDIUM" "ar-contactus 1.8.8 Authenticated.Stored.Cross-Site.Scripting CRITICAL" "admission-appmanager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "aparat No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "artibot No.known.fix Authenticated.(Admin+).Cross-Site.Scripting MEDIUM" "artibot No.known.fix Missing.Authorization.to.Settings.Update MEDIUM" "armember-membership-premium No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "about-rentals No.known.fix Unauthenticated.Actions HIGH" "aikit-wordpress-ai-writing-assistant-using-gpt3 No.known.fix Authenticated.(Contributor+).SQL.Injection CRITICAL" "amr-ical-events-list No.known.fix Admin+.Stored.XSS LOW" "amministrazione-aperta 3.8 Admin+.LFI LOW" "add-user-role No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "appointment-calendar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "appointment-calendar No.known.fix CSRF MEDIUM" "advanced-local-pickup-for-woocommerce 1.6.2 Missing.Authorization.to.Notice.Dismissal MEDIUM" "advanced-local-pickup-for-woocommerce 1.6.3 Missing.Authorization MEDIUM" "advanced-local-pickup-for-woocommerce 1.6.0 Authenticated.(Administrator+).SQL.Injection HIGH" "advance-wc-analytics 3.4.0 Reflected.Cross-Site.Scripting MEDIUM" "advance-wc-analytics 3.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "authldap 2.5.9 Settings.Update.via.CSRF MEDIUM" "authldap 2.6.2 Admin+.Stored.XSS LOW" "all-in-one-wp-migration-box-extension 1.54 Unauthenticated.Access.Token.Update MEDIUM" "ai-moderator-for-buddypress-and-buddyboss No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "artplacer-widget 2.21.2 Stored.XSS.via.CSRF HIGH" "artplacer-widget 2.21.2 Subscriber+.Arbitrary.Widget.Deletion MEDIUM" "artplacer-widget 2.20.7 Editor+.SQLi MEDIUM" "admin-notices-for-team No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "admin-notices-for-team No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "admin-notices-for-team No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "analogwp-templates 1.8.1 Cross-Site.Request.Forgery HIGH" "analogwp-templates 1.8.1 CSRF.Nonce.Bypasses MEDIUM" "accurate-form-data-real-time-form-validation No.known.fix Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "add-admin-css No.known.fix Unauthenticated.Full.Path.Dislcosure MEDIUM" "article2pdf No.known.fix Multiple.Vulnerabilities CRITICAL" "automatic-grid-image-listing No.known.fix Admin+.Arbitrary.File.Upload MEDIUM" "automatic-youtube-gallery 2.3.5 Missing.Authorization.via.AJAX.actions MEDIUM" "automatic-youtube-gallery 2.3.3 Reflected.Cross-Site.Scripting MEDIUM" "automatic-youtube-gallery 1.6.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "athemes-starter-sites 1.0.54 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "af-companion 1.2.0 1.1.2.-.Arbitrary.Plugin.Installation.&.Activation.via.CSRF HIGH" "ajax-press No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ads-for-wp 1.9.29 Cross-Site.Request.Forgery MEDIUM" "arscode-ninja-popups No.known.fix Unauthenticated.Open.Redirect MEDIUM" "author-bio-box 3.4.0 Admin+.Stored.Cross-Site.Scripting LOW" "attachment-file-icons No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "auto-login-when-resister No.known.fix Settings.Update.via.CSRF MEDIUM" "advance-search No.known.fix Admin+.SQL.Injection MEDIUM" "advance-search No.known.fix Shortcode.Deletion.via.CSRF MEDIUM" "advance-search 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "addons-for-elementor 8.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.piechart_settings.Parameter MEDIUM" "addons-for-elementor 8.4.1 Authenticated.(Contributor+).Limited.Local.File.Inclusion.via.Widgets HIGH" "addons-for-elementor 8.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Marquee.Text.Widget,.Testimonials.Widget,.and.Testimonial.Slider.Widgets MEDIUM" "addons-for-elementor 8.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Various.Widgets MEDIUM" "addons-for-elementor 8.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Posts.Grid MEDIUM" "addons-for-elementor 8.3.7 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.widget._id.attribute MEDIUM" "addons-for-elementor 8.3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Display.Name MEDIUM" "addons-for-elementor 8.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Posts.Slider.Widget MEDIUM" "addons-for-elementor 8.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Team.Members.Widget MEDIUM" "addons-for-elementor 8.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Posts.Multislider.Widget MEDIUM" "addons-for-elementor 8.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Posts.Carousel.Widget MEDIUM" "addons-for-elementor 8.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Animated.Text.Widget MEDIUM" "addons-for-elementor 8.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.animated_text_class MEDIUM" "addons-for-elementor 8.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addons-for-elementor 8.3.2 Contributor+.Stored.XSS MEDIUM" "addons-for-elementor 7.9 Reflected.Cross-Site.Scripting MEDIUM" "addons-for-elementor 7.2.4 Admin+.Stored.XSS LOW" "addons-for-elementor 7.1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "addons-for-elementor 6.8 Contributor+.Stored.XSS MEDIUM" "addons-for-elementor 2.6 Subscriber+.Arbitrary.Option.Update CRITICAL" "activity-log-mainwp 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "activity-log-mainwp 1.7.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "affiliate-for-woocommerce 4.8.0 Subscriber+.Paypal.Email.Update.via.IDOR MEDIUM" "affiliate-for-woocommerce 4.8.0 Subscriber+.Unauthorised.Actions MEDIUM" "ads-txt-admin No.known.fix Cross-Site.Request.Forgery MEDIUM" "advanced-usps-shipping-method 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "aa-calculator No.known.fix Reflected.Cross-Site.Scripting.via.invoice MEDIUM" "all-in-one-facebook-like-widget 2.2.8 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "addfreestats No.known.fix Admin+.Stored.XSS LOW" "apex-notification-bar-lite 2.0.5 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "aesop-story-engine No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "add-custom-body-class No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "add-any-extension-to-pages 1.5 Cross-Site.Request.Forgery.via.aaetp_options_page MEDIUM" "amcharts-charts-and-maps 1.4.5 Reflected.Cross-Site.Scripting.via.Cross-Site.Request.Forgery MEDIUM" "amcharts-charts-and-maps 1.4.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "anti-plagiarism No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "asgaros-forum 2.9.0 Cross-Site.Request.Forgery MEDIUM" "asgaros-forum 2.8.0 Unauthenticated.PHP.Object.Injection.in.prepare_unread_status CRITICAL" "asgaros-forum 2.7.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "asgaros-forum 2.2.0 Cross-Site.Request.Forgery MEDIUM" "asgaros-forum 2.0.0 Subscriber+.Blind.SQL.Injection HIGH" "asgaros-forum 1.15.15 Admin+.SQL.Injection.via.forum_id MEDIUM" "asgaros-forum 1.15.14 Admin+.Stored.Cross-Site.Scripting LOW" "asgaros-forum 1.15.13 Unauthenticated.SQL.Injection HIGH" "acf-frontend-form-element 3.19.5 Improper.Missing.Encryption.Exception.Handling.to.Form.Manipulation CRITICAL" "acf-frontend-form-element 3.18.4 Unauthenticated.Arbitrary.File.Upload CRITICAL" "acf-frontend-form-element 3.8.0 Reflected.Cross-Site.Scripting MEDIUM" "acf-frontend-form-element 3.3.33 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advanced-iframe 2024.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-iframe 2024.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "advanced-iframe 2024.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-iframe 2024.0 Contributor+.Stored.XSS MEDIUM" "advanced-iframe 2023.9 Contributor+.Stored.XSS MEDIUM" "advanced-iframe 2022 Reflected.Cross-Site.Scripting MEDIUM" "accessibility-help-button 1.1 Admin+.Stored.Cross.Site.Scripting LOW" "accessibility-help-button 1.1 Admin+.Stored.XSS LOW" "accessibility-help-button 1.2 Admin+.Stored.XSS LOW" "admin-menu No.known.fix Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "activedemand 0.2.44 Cross-Site.Request.Forgery MEDIUM" "activedemand 0.2.42 Unauthenticated.Arbitrary.File.Upload CRITICAL" "activedemand 0.2.28 Unauthenticated.Post.Creation/Update/Deletion HIGH" "advanced-custom-fields 6.3 Contributor+.Custom.Field.Access LOW" "advanced-custom-fields 6.2.5 Contributor+.Stored.Cross-Site.Scripting.via.Custom.Field MEDIUM" "advanced-custom-fields 6.1.6 Reflected.XSS HIGH" "advanced-custom-fields 6.1.0 Contributor+.PHP.Object.Injection MEDIUM" "advanced-custom-fields 5.12.5 Contributor+.PHP.Object.Injection MEDIUM" "advanced-custom-fields 5.12.3 Unauthenticated.File.Upload MEDIUM" "advanced-custom-fields 5.12.1 Contributor+.Database.Information.Access MEDIUM" "advanced-custom-fields 5.11 Subscriber+.Arbitrary.ACF.Data/Field.Groups.View.and.Fields.Move MEDIUM" "advanced-custom-fields 5.8.12 Cross-Site.Scripting.in.Select2.dropdowns MEDIUM" "advanced-custom-fields 5.7.12 Unserialize.of.user.input MEDIUM" "animated-typed-js-shortcode 2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "affiliate-ads-builder-for-clickbank-products 1.7 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "advanced-access-manager 6.9.21 Reflected.XSS HIGH" "advanced-access-manager 6.9.21 Admin+.Stored.Cross-Site.Scripting MEDIUM" "advanced-access-manager 6.9.19 Open.Redirect MEDIUM" "advanced-access-manager 6.9.19 Contributor+.Stored.XSS MEDIUM" "advanced-access-manager 6.9.16 Contributor+.Stored.XSS MEDIUM" "advanced-access-manager 6.8.0 Admin+.Stored.Cross-Site.Scripting LOW" "advanced-access-manager 6.6.2 Authenticated.Authorization.Bypass.and.Privilege.Escalation HIGH" "advanced-access-manager 6.6.2 Authenticated.Information.Disclosure MEDIUM" "advanced-access-manager 5.9.9 Unauthenticated.Local.File.Inclusion CRITICAL" "advanced-access-manager 3.2.2 Privilege.Escalation HIGH" "acf-options-importexport No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "astra-sites 4.4.1 Author+.Stored.XSS MEDIUM" "astra-sites 4.2.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "astra-sites 4.1.7 Contributor+.Server-Side.Request.Forgery MEDIUM" "astra-sites 3.2.5 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "astra-sites 3.2.6 Incorrect.Authorization MEDIUM" "astra-sites 3.1.21 Settings.Update.via.CSRF MEDIUM" "astra-sites 2.7.1 Contributor+.Block.Import.to.Stored.XSS HIGH" "armember-membership 4.0.38 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "armember-membership 4.0.31 Open.Redirect MEDIUM" "armember-membership 4.0.29 Missing.Authorization MEDIUM" "armember-membership 4.0.28 Directory.Traversal.via.X-FILENAME MEDIUM" "armember-membership 4.0.27 Authenticated.(Contributor+).PHP.Object.Injection CRITICAL" "armember-membership 4.0.27 Unauthenticated.PHP.Object.Injection CRITICAL" "armember-membership 4.0.24 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "armember-membership 4.0.25 Improper.Access.Control.to.Sensitive.Information.Exposure.via.REST.API MEDIUM" "armember-membership 4.0.23 Cross-Site.Request.Forgery MEDIUM" "armember-membership 4.0.11 Subscriber+.Privilege.Escalation HIGH" "armember-membership 4.0.5 Admin+.Stored.Cross-Site.Scripting LOW" "armember-membership 4.0.17 Membership.<.4.0.17.-.Admin+.Stored.XSS MEDIUM" "armember-membership 4.0.6 ARMember.Cross-Site.Request.Forgery MEDIUM" "armember-membership 4.0.3 Admin+.Stored.XSS LOW" "armember-membership 4.0.2 Reflected.XSS HIGH" "armember-membership 4.0 Unauthenticated.SQLi HIGH" "armember-membership 3.4.8 Unauthenticated.Admin.Account.Takeover CRITICAL" "aiify 0.1.0 Reflected.Cross-Site.Scripting MEDIUM" "auto-robot 3.3.39 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "appointment-hour-booking 1.4.57 Captcha.Bypass MEDIUM" "appointment-hour-booking 1.3.73 Unauthenticated.iFrame.Injection HIGH" "appointment-hour-booking 1.3.73 CSV.Injection MEDIUM" "appointment-hour-booking 1.3.73 CAPTCHA.Bypass MEDIUM" "appointment-hour-booking 1.3.72 Feedback.Submission.via.CSRF MEDIUM" "appointment-hour-booking 1.3.56 Admin+.Stored.Cross-Site.Scripting LOW" "appointment-hour-booking 1.3.17 Authenticated.Stored.XSS LOW" "appointment-hour-booking 1.3.16 Admin+.Stored.Cross-Site.Scripting LOW" "appointment-hour-booking 1.1.46 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "arforms 6.4.1 Reflected.XSS HIGH" "arforms 6.6 Unauthenticated.RCE CRITICAL" "arforms 6.6 Admin+.Stored.XSS LOW" "arforms 6.4.1 Reflected.Cross-Site.Scripting MEDIUM" "arforms 6.4.1 Missing.Authorization.to.Arbitrary.File.Deletion HIGH" "arforms 6.4.1 Authenticated.(Subscriber+).SQL.Injection HIGH" "arforms 6.4.1 Missing.Authorization.to.Arbitrary.Plugin.Activation/Deactivation MEDIUM" "arforms 6.4.1 Missing.Authorization.to.Arbitrary.Option.Deletion MEDIUM" "arforms 4.0 Unauthenticated.Arbitrary.File.Deletion.via.Traversal HIGH" "arforms 3.5.2 Unauthenticated.Arbitrary.File.Deletion HIGH" "affiliatebooster-blocks 3.0.6 Blocks.Enabling/Disabling.via.CSRF MEDIUM" "aggregator-advanced-settings No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "amtythumb No.known.fix Subscriber+.SQLi HIGH" "ad-inserter-pro 2.7.12 Reflected.Cross-Site.Scripting LOW" "ad-inserter-pro 2.7.10 Reflected.Cross-Site.Scripting MEDIUM" "ari-cf7-connector 1.2.3 Cross-Site.Request.Forgery MEDIUM" "ari-cf7-connector 1.2.3 Reflected.XSS HIGH" "admin-side-data-storage-for-contact-form-7 No.known.fix Missing.Authorization.to.Unauthenticated.Read.Status.Update MEDIUM" "admin-side-data-storage-for-contact-form-7 No.known.fix Cross-Site.Request.Forgery MEDIUM" "admin-side-data-storage-for-contact-form-7 No.known.fix Authenticated.(Admin+).SQL.Injection HIGH" "admin-side-data-storage-for-contact-form-7 No.known.fix Missing.Authorization.to.Unauthenticated.Bookmark.Status.Alteration MEDIUM" "admin-side-data-storage-for-contact-form-7 No.known.fix Unauthenticated.Reflected.XSS HIGH" "auto-delete-posts No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "archivist-custom-archive-templates 1.7.6 Reflected.Cross-Site.Scripting MEDIUM" "archivist-custom-archive-templates No.known.fix Reflected.XSS HIGH" "archivist-custom-archive-templates 1.7.5 Custom.Archive.Templates.<.1.7.5.-.Admin+.Stored.XSS LOW" "archivist-custom-archive-templates 1.7.5 Custom.Archive.Templates.<.1.7.5.-.Stored.XSS.via.CSRF HIGH" "aio-time-clock-lite 1.3.321 Admin+.Stored.XSS LOW" "advanced-cron-manager-pro 2.5.3 Subscriber+.Arbitrary.Events/Schedules.Creation/Deletion MEDIUM" "ap-companion 1.0.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "apply-online 2.6.3 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "apply-online 2.5.4 Missing.Authorization LOW" "apply-online 2.5.3 Reflected.XSS HIGH" "apply-online 2.5.6 Admin+.Stored.XSS LOW" "aryo-activity-log 2.8.8 IP.Spoofing MEDIUM" "aryo-activity-log 2.8.4 CSV.Injection LOW" "aryo-activity-log 2.7.0 Authenticated.SQL.Injection MEDIUM" "aryo-activity-log 2.4.1 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "aryo-activity-log 2.3.3 Cross-Site.Scripting.(XSS).in.'page' MEDIUM" "aryo-activity-log 2.3.3 Cross-Site.Scripting.(XSS) MEDIUM" "addify-order-approval-woocommerce 1.1.0 Multiple.CSRF MEDIUM" "advanced-recent-posts No.known.fix Contributor+.Stored.XSS MEDIUM" "admin-log No.known.fix CSRF MEDIUM" "about-author-box 1.0.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "autosave-net No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "autosave-net No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ad-widget No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "add-tabs-xforwc 1.5.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "admin-custom-login 3.2.8 CSRF.to.Stored.XSS HIGH" "am-hili-affiliate-manager-for-publishers No.known.fix Admin+.Stored.XSS LOW" "alkubot 3.0.0 Unauthorised.AJAX.call.via.CSRF MEDIUM" "adrotate 5.13.3 Admin+.Double.Extension.Arbitrary.File.Upload MEDIUM" "adrotate 5.9.1 Password.Change.via.CSRF MEDIUM" "adrotate 5.8.23 Admin+.XSS.via.Group.Name LOW" "adrotate 5.8.23 Admin+.XSS.via.Advert.Name LOW" "adrotate 5.8.22 Admin+.SQL.Injection MEDIUM" "adrotate 5.8.4 Authenticated.SQL.Injection MEDIUM" "adrotate 5.3 Authenticated.SQL.Injection HIGH" "auto-listings 2.6.6 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "addendio No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "addendio No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "authors-list 2.0.3 Reflected.Cross-Site.Scripting HIGH" "alt-manager 1.6.2 Missing.Authorization MEDIUM" "alt-manager 1.5.7 Reflected.Cross-Site.Scripting MEDIUM" "alt-manager 1.5.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "anyvar No.known.fix Stored.Cross-Site.Scripting.(XSS) MEDIUM" "antispam-bee 2.11.4 IP.Address.Spoofing.via.get_client_ip MEDIUM" "affiliate-solution No.known.fix Admin+.Stored.XSS LOW" "amen No.known.fix Admin+.Stored.XSS LOW" "admin-font-editor No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "ai-engine 2.4.8 Admin+.SQLi MEDIUM" "ai-engine 2.5.1 Admin+.RCE MEDIUM" "ai-engine 2.4.8 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "ai-engine 2.2.70 Authenticated.(Editor+).Arbitrary.File.Upload CRITICAL" "ai-engine 2.1.5 Authenticated.(Editor+).Server-Side.Request.Forgery MEDIUM" "ai-engine 2.2.1 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "ai-engine 2.1.5 Editor+.Arbitrary.File.Upload.via.add_image_from_url MEDIUM" "ai-engine 1.9.99 Unauthenticated.Arbitrary.File.Upload CRITICAL" "ai-engine 1.6.83 Admin+.Stored.XSS LOW" "autoptimize 3.1.7 Admin+.Stored.Cross-Site.Scripting.via.Settings.Import LOW" "autoptimize 3.1.0 Sensitive.Data.Disclosure MEDIUM" "autoptimize 3.1.1 Admin+.Stored.Cross.Site.Scripting LOW" "autoptimize 2.8.4 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "autoptimize 2.7.8 Authenticated.Stored.XSS.via.File.Upload MEDIUM" "autoptimize 2.7.8 Race.Condition.leading.to.RCE CRITICAL" "autoptimize 2.7.8 Arbitrary.File.Upload.via."Import.Settings" CRITICAL" "autoptimize 2.7.7 Authenticated.Arbitrary.File.Upload MEDIUM" "advanced-post-block 1.13.5 Unauthenticated.Arbitrary.Post.Access MEDIUM" "advanced-post-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ajax-login-and-registration-modal-popup No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "addify-custom-registration-forms-builder 1.0.2 Multiple.CSRF MEDIUM" "ai-assistant-by-10web 1.0.19 Missing.Authorization.to.Arbitrary.Plugin.Installation MEDIUM" "ad-invalid-click-protector 1.2.11 Injected.Backdoor CRITICAL" "ad-invalid-click-protector 1.2.7 Reflected.Cross-Site.Scripting MEDIUM" "ad-invalid-click-protector 1.2.7 Arbitrary.Ban.Deletion.via.CSRF MEDIUM" "ad-invalid-click-protector 1.2.6 Authenticated.SQL.Injection MEDIUM" "awsm-team 1.3.2 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "art-picture-gallery No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "advanced-visual-elements 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "advanced-floating-content-lite 1.2.6 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-floating-content-lite 1.2.2 Contributor+.XSS MEDIUM" "anchor-episodes-index 2.1.8 Admin+.Stored.XSS LOW" "add-tiktok-advertising-pixel 1.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "aiomatic-automatic-ai-content-writer 2.0.6 Automatic.AI.Content.Writer.<.2.0.6.-.Unauthenticated.Arbitrary.Email.Sending MEDIUM" "aiomatic-automatic-ai-content-writer 1.9.4 Missing.Authorization MEDIUM" "attesa-extra 1.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "admin-menu-restriction No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "autotitle-for-wordpress No.known.fix Settings.Update.to.Stored.XSS.via.CSRF HIGH" "advanced-woo-search 2.97 Reflected.Cross-Site.Scripting MEDIUM" "advanced-woo-search 2.78 Admin+.Stored.Cross-Site.Scripting MEDIUM" "advanced-woo-search 2.00 SQL.query.leak.in.ajax.search NONE" "agp-font-awesome-collection No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "agp-font-awesome-collection No.known.fix Reflected.XSS HIGH" "autolinks No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "alttext-ai 1.5.0 Authenticated.(Subscriber+).SQL.Injection HIGH" "alttext-ai 1.3.5 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "automatic-internal-links-for-seo 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "animated-typing-effect 1.3.7 Contributor+.Stored.XSS MEDIUM" "admin-post-navigation No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "antihacker 4.52 Missing.Authorization.to.Unauthenticated.IP.Address.Whitelist MEDIUM" "antihacker 4.53 Missing.Authorization.to.Authenticated.(Subscriber+).Table.Truncation MEDIUM" "antihacker 4.35 Cross-Site.Request.Forgery.via.antihacker_ajax_scan MEDIUM" "antihacker 4.20 Subscriber+.Arbitrary.Plugin.Installation HIGH" "advanced-database-replacer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "advanced-database-replacer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "auto-login-new-user-after-registration No.known.fix Stored.XSS.via.CSRF HIGH" "auto-login-new-user-after-registration No.known.fix CSRF MEDIUM" "accesspress-anonymous-post No.known.fix Contributor+.Arbitrary.Redirect LOW" "accesspress-anonymous-post 2.8.1 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "add-facebook No.known.fix Author+.Stored.XSS MEDIUM" "add-facebook No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting] MEDIUM" "auto-date-year-month 1.1.5 Reflected.Cross-Site.Scripting MEDIUM" "animate-everything No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "animate-everything No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "animate-everything No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "accredible-certificates 1.4.9 Admin+.Stored.XSS LOW" "analytics-for-wp No.known.fix Admin+.Stored.XSS LOW" "api-bearer-auth 20190908 Unauthenticated.Reflected.XSS MEDIUM" "affiliate-pro No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "azindex No.known.fix Index.Deletion.via.CSRF MEDIUM" "azindex No.known.fix Stored.XSS.via.CSRF HIGH" "auto-keyword-backlink No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "auto-terms-of-service-and-privacy-policy 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "add-to-any 1.7.48 Admin+.Stored.Cross-Site.Scripting LOW" "add-to-any 1.7.46 Admin+.Stored.XSS MEDIUM" "api-bing-map-2018 5.0 CSRF MEDIUM" "a-staff No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "a-staff No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "a-staff No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "add-fields-to-checkout-page-woocommerce 1.3.2 Missing.Authorization MEDIUM" "add-fields-to-checkout-page-woocommerce 1.3.1 Cross-Site.Request.Forgery MEDIUM" "add-fields-to-checkout-page-woocommerce 1.3.2 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "add-fields-to-checkout-page-woocommerce 1.3.0 Reflected.Cross-Site.Scripting MEDIUM" "add-fields-to-checkout-page-woocommerce 1.2.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ays-facebook-popup-likebox 3.7.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ays-facebook-popup-likebox 3.6.1 Reflected.Cross-Site.Scripting MEDIUM" "ays-facebook-popup-likebox 3.5.3 Reflected.Cross-Site.Scripting.(XSS) HIGH" "ays-facebook-popup-likebox 3.5.3 Page.Plugin.<.3.5.3.-.Authenticated.Blind.SQL.Injections HIGH" "abeta-punchout 1.0.0 Reflected.Cross-Site.Scripting MEDIUM" "abeta-punchout 1.0.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advanced-wp-reset 1.6 Reflected.Cross-Site.Scripting MEDIUM" "auto-limit-posts-reloaded No.known.fix Cross-Site.Request.Forgery MEDIUM" "apperr 0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "airpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "airpress No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "adsanity 1.8.2 Contributor.Arbitrary.File.Upload CRITICAL" "arprice-responsive-pricing-table 3.6.1 Unauthenticated.SQLi HIGH" "arprice-responsive-pricing-table 2.3 Cross-Site.Request.Forgery MEDIUM" "add-widgets-to-page No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "abwp-simple-counter No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "all-in-one-redirection No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "all-in-one-redirection No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "all-in-one-redirection 2.2.0 Admin+.SQLi MEDIUM" "advanced-facebook-twitter-widget No.known.fix Admin+.Stored.XSS LOW" "afterpay-gateway-for-woocommerce 3.5.1 Reflected.Cross-Site.Scripting MEDIUM" "afterpay-gateway-for-woocommerce 3.5.1 Reflected.Cross-Site.Scripting MEDIUM" "afterpay-gateway-for-woocommerce 3.2.1 Reflected.Cross-Site.Scripting HIGH" "advanced-custom-fields-pro 6.3.6 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "advanced-custom-fields-pro 6.3 Contributor+.Custom.Field.Access LOW" "advanced-custom-fields-pro 6.2.10 Authenticated.(Contributor+).Code.Injection CRITICAL" "advanced-custom-fields-pro 6.2.10 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "advanced-custom-fields-pro 6.2.5 Contributor+.Stored.Cross-Site.Scripting.via.Custom.Field MEDIUM" "advanced-custom-fields-pro 6.1.6 Reflected.XSS HIGH" "advanced-custom-fields-pro 6.1.0 Contributor+.PHP.Object.Injection MEDIUM" "advanced-custom-fields-pro 5.12.5 Contributor+.PHP.Object.Injection MEDIUM" "advanced-custom-fields-pro 5.12.3 Unauthenticated.File.Upload MEDIUM" "advanced-custom-fields-pro 5.12.1 Contributor+.Database.Information.Access MEDIUM" "advanced-custom-fields-pro 5.11 Subscriber+.Arbitrary.ACF.Data/Field.Groups.View.and.Fields.Move MEDIUM" "advanced-custom-fields-pro 5.9.1 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "allow-svg 1.2.0 Author+.Stored.XSS.via.SVG MEDIUM" "acf-quickedit-fields 3.2.3 Contributor+.User.Metadata.Leak.via.IDOR LOW" "ads-by-datafeedrcom No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ads-by-datafeedrcom 1.2.0 Unauthenticated.Remote.Code.Execution CRITICAL" "apptivo-business-site 3.0.14 Admin+.Stored.XSS LOW" "ait-csv-import-export No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "advanced-admin-search 1.1.6 Reflected.Cross-Site.Scripting MEDIUM" "addify-product-dynamic-pricing-and-discounts No.known.fix Multiple.CSRF MEDIUM" "advanced-forms-pro 1.6.9 Subscriber+.Arbitrary.User.Email.Address.Update.via.IDOR HIGH" "ashe-extra 1.2.92 Subscriber+.Companion.Plugin.Activation.&.Content.Import MEDIUM" "accesspress-pinterest 3.3.4 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "activitytime 1.0.9 Unauthenticated.SQL.injection HIGH" "activitytime 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "all-in-one-seo-pack 4.6.1.1 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "all-in-one-seo-pack 4.6.1.1 Contributor+.Stored.XSS MEDIUM" "all-in-one-seo-pack 4.3.0 Contributor+.Stored.XSS MEDIUM" "all-in-one-seo-pack 4.3.0 Admin+.Stored.XSS LOW" "all-in-one-seo-pack 4.2.4 Multiple.CSRF MEDIUM" "all-in-one-seo-pack 4.1.5.3 Authenticated.Privilege.Escalation CRITICAL" "all-in-one-seo-pack 4.1.5.3 Authenticated.SQL.Injection HIGH" "all-in-one-seo-pack 4.1.0.2 Admin.RCE.via.unserialize MEDIUM" "all-in-one-seo-pack 3.6.2 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "all-in-one-seo-pack 3.2.7 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "all-in-one-seo-pack 2.10 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "absolute-privacy No.known.fix User.Email/Password.Change.via.Cross-Site.Request.Forgery HIGH" "admin-block-country No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "adblock-notify-by-bweb No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "adblock-notify-by-bweb No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "adblock-notify-by-bweb No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "active-user No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "awesome-ssl No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "awesome-ssl No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "add-edit-delete-listing-for-member-module No.known.fix SQL.Injection HIGH" "acf-better-search 3.3.1 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "announcer 6.0.1 Missing.Authorization MEDIUM" "add-social-share-buttons 1.1 CSRF.to.Settings.Change MEDIUM" "anymind-widget No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "authenticator 1.3.1 Subscriber+.Denial.of.Service.via.Feed.Token.Disclosure MEDIUM" "anual-archive No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "anual-archive No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "anual-archive 1.6.0 Contributor+.Stored.XSS MEDIUM" "advanced-schedule-posts No.known.fix Reflected.XSS HIGH" "automated-editor No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "addify-product-stock-manager 1.0.5 Subscriber+.Unauthorised.AJAX.Calls HIGH" "ark-wysiwyg-comment-editor No.known.fix Iframe.Injection.via.Comment LOW" "acf-on-the-go No.known.fix .Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Content.Update MEDIUM" "ajax-search-lite 4.12.3 Admin+.Stored.XSS LOW" "ajax-search-lite 4.12.1 Admin+.Stored.XSS LOW" "ajax-search-lite 4.11.5 Reflected.Cross-Site.Scripting HIGH" "ajax-search-lite 4.11.1 Reflected.Cross-Site.Scripting HIGH" "ajax-search-lite 4.11.1 Subscriber+.Sensitive.Data.Disclosure MEDIUM" "auto-excerpt-everywhere No.known.fix Cross-Site.Request.Forgery MEDIUM" "affiliate-toolkit-starter 3.6 Unauthenticated.Full.Path.Dislcosure MEDIUM" "affiliate-toolkit-starter 3.4.5 Unauthenticated.Sensitive.Information.Exposure.via.Logs MEDIUM" "affiliate-toolkit-starter 3.4.6 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.ratings MEDIUM" "affiliate-toolkit-starter 3.5.5 Missing.Authorization.via.atkp_create_list MEDIUM" "affiliate-toolkit-starter 3.5.5 Missing.Authorization.via.atkp_import_product MEDIUM" "affiliate-toolkit-starter 3.4.3 Unauthenticated.SSRF HIGH" "affiliate-toolkit-starter 3.4.4 Reflected.Cross-Site.Scripting.via.keyword MEDIUM" "affiliate-toolkit-starter 3.4.0 Open.Redirect.via.atkpout.php LOW" "affiliate-toolkit-starter 3.3.4 Editor+.Stored.XSS LOW" "auxin-portfolio No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "auxin-portfolio 2.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'.Grid.Portfolios' MEDIUM" "auxin-portfolio No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "admin-dashboard-rss-feed No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "audio-and-video-player 1.2.0 Player.Deletion.and.Duplication.via.CSRF MEDIUM" "astra-bulk-edit 1.2.8 Missing.Authorization MEDIUM" "adaptive-images 0.6.69 Reflected.Cross-Site.Scripting MEDIUM" "adaptive-images 0.6.67 Local.File.Inclusion.&.Deletion HIGH" "adicons No.known.fix Admin+.SQL.Injection MEDIUM" "acurax-social-media-widget 3.2.6 Stored.XSS.&.CSRF HIGH" "ai-mojo 0.2.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "annasta-woocommerce-product-filters 1.6.5 Reflected.Cross-Site.Scripting MEDIUM" "annasta-woocommerce-product-filters 1.5.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "all-in-one-b2b-for-woocommerce No.known.fix Multiple.CSRF MEDIUM" "all-in-one-b2b-for-woocommerce No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "addon-sweetalert-contact-form-7 1.0.8 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "add-customer-for-woocommerce 1.7.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "archives-calendar-widget No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "adsplacer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "about-me-3000 No.known.fix Administrator.Stored.Cross-Site.Scripting MEDIUM" "about-me-3000 No.known.fix CSRF MEDIUM" "age-gate 2.17.1 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "age-gate 2.20.4 Reflected.Cross-Site.Scripting MEDIUM" "age-gate 2.17.1 Unauthenticated.Import.Settings CRITICAL" "age-gate 2.16.4 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "age-gate 2.13.5 Unauthenticated.Open.Redirect LOW" "ai-image-generator 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "appmaker-woocommerce-mobile-app-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "admin-user-search No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bookingcom-product-helper 1.0.2 Admin+.Stored.Cross-Site.Scripting LOW" "bulk-woocommerce-category-creator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bulk-woocommerce-category-creator No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buddyforms-hierarchical-posts 1.1.4 Reflected.Cross-Site.Scripting MEDIUM" "bc-menu-cart-woo No.known.fix Cross-Site.Request.Forgery MEDIUM" "build-app-online 1.0.21 Subscriber+.Privilege.Escalation HIGH" "build-app-online 1.0.22 Unauthenticated.Account.Takeover.via.Weak.Password.Reset.Mechanism CRITICAL" "build-app-online 1.0.19 Unauthenticated.SQL.Injection HIGH" "blog-posts-and-category-for-elementor 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.and.Category.Filter.Widget MEDIUM" "bbp-style-pack 5.6.8 Contributor+.Stored.XSS MEDIUM" "bbp-style-pack 5.5.6 Reflected.XSS HIGH" "backup-by-supsystic No.known.fix Authenticated.Arbitrary.File.Download.and.Deletion CRITICAL" "bft-autoresponder 2.7.2.4 Cross-Site.Request.Forgery MEDIUM" "bft-autoresponder 2.7.2.3 CSRF MEDIUM" "bft-autoresponder 2.7.1.1 Admin+.Stored.XSS LOW" "bft-autoresponder 2.7.1.1 Unauthenticated.Stored.XSS HIGH" "bft-autoresponder 2.1.7.2 Contributor+.Stored.XSS MEDIUM" "bft-autoresponder 2.1.7.2 Admin+.Stored.XSS LOW" "bft-autoresponder 2.5.2 Authenticated.Blind.SQL.Injection.&.Multiple.XSS HIGH" "blog-designer-for-post-and-widget 2.4.1 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "bbp-toolkit No.known.fix Cross-Site.Request.Forgery MEDIUM" "bbp-toolkit No.known.fix Reflected.XSS HIGH" "bulk-comment-remove No.known.fix Cross-Site.Request.Forgery.via.brc_admin() MEDIUM" "bp-better-messages 2.4.33 Missing.Authorization MEDIUM" "bp-better-messages 2.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "bp-better-messages 2.1.18 Reflected.Cross-Site.Scripting MEDIUM" "bp-better-messages 1.9.10.71 Subscriber+.Messaging.Block.Bypass MEDIUM" "bp-better-messages 1.9.10.69 Subscriber+.SSRF MEDIUM" "bp-better-messages 1.9.10.58 Subscriber+.Denial.Of.Service MEDIUM" "bp-better-messages 1.9.9.170 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bp-better-messages 1.9.9.149 File.Upload.via.CSRF LOW" "bp-better-messages 1.9.9.149 Cross-Site.Request.Forgery MEDIUM" "bp-better-messages 1.9.9.41 Multiple.CSRF MEDIUM" "bp-better-messages 1.9.9.41 Reflected.Cross-Site.Scripting HIGH" "business-profile 2.1.7 Subscriber+.Page.Creation.&.Settings.Update.to.Stored.XSS MEDIUM" "betteroptin No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "bookit 2.4.1 Price.Bypass MEDIUM" "bookit 2.4.4 Authenticated(Administrator+).SQL.Injection MEDIUM" "bookit 2.3.9 Reflected.Cross-Site.Scripting MEDIUM" "bookit 2.3.8 Authentication.Bypass CRITICAL" "bookit 2.2.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bookit 2.1.6 Authorised.AJAX.Calls MEDIUM" "bsk-contact-form-7-blacklist No.known.fix Reflected.Cross-Site.Scripting HIGH" "buddypress-global-search No.known.fix Admin+.Stored.XSS LOW" "batch-cat No.known.fix Subscriber+.Arbitrary.Categories.Add/Set/Delete.to.Posts MEDIUM" "bsi-hotel-pro No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "brute-force-login-protection No.known.fix Arbitrary.IP.Removal/Add.via.CSRF MEDIUM" "bigcontact No.known.fix Cross-Site.Request.Forgery MEDIUM" "buddypress 12.5.1 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "buddypress 12.4.1 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "buddypress 11.3.2 Contributor+.Stored.XSS MEDIUM" "buddypress 9.1.1 Activation.Key.Disclosure MEDIUM" "buddypress 9.1.1 SQL.Injections HIGH" "buddypress 7.3.0 Multiple.Authenticated.REST.API.Vulnerabilities MEDIUM" "buddypress 7.2.1 .Force.a.Friendship MEDIUM" "buddypress 7.2.1 Manage.BuddyPress.Member.Types MEDIUM" "buddypress 7.2.1 REST.API.Privilege.Escalation HIGH" "buddypress 7.2.1 Read.Private.Messages MEDIUM" "buddypress 7.2.1 Invite.Member.to.Join.Group MEDIUM" "buddypress 6.4.0 Lack.of.Capability.Check.on.Profile.Page MEDIUM" "buddypress 5.1.2 Private.Data.Exposure.via.REST.API HIGH" "buddypress 5.1.1 Denial.of.Service MEDIUM" "bdthemes-element-pack-lite 5.7.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bdthemes-element-pack-lite 5.7.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Custom.Gallery.and.Countdown.Widgets MEDIUM" "bdthemes-element-pack-lite 5.7.3 Authenticated.(Contributor+).Arbitrary.File.Read MEDIUM" "bdthemes-element-pack-lite 5.7.7 Contributor+.Stored.XSS.via.title_tag MEDIUM" "bdthemes-element-pack-lite 5.6.12 Contributor+.Stored.XSS MEDIUM" "bdthemes-element-pack-lite 5.6.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bdthemes-element-pack-lite 5.6.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bdthemes-element-pack-lite 5.6.12 Contributor+.Stored.XSS.via.onclick.events MEDIUM" "bdthemes-element-pack-lite 5.6.4 Form.Submission.Admin.Email.Bypass MEDIUM" "bdthemes-element-pack-lite 5.6.2 Contributor+.Stored.XSS MEDIUM" "bdthemes-element-pack-lite 5.6.1 Contributor+.Stored.XSS.via.Panel.Slider.Widget MEDIUM" "bdthemes-element-pack-lite 5.6.1 Contributor+.Stored.XSS.via.Price.List.Widget MEDIUM" "bdthemes-element-pack-lite 5.6.0 Sensitive.Information.Exposure.via..element_pack_ajax_search MEDIUM" "bdthemes-element-pack-lite 5.3.3 Contributor+.Stored.XSS.via.Custom.Gallery.Widget MEDIUM" "bdthemes-element-pack-lite 5.5.4 Contributor+.Stored.XSS.via.Trailer.Box.Widget MEDIUM" "bdthemes-element-pack-lite 5.5.4 Authenticated.(Contributor+).SQL.Injection MEDIUM" "bdthemes-element-pack-lite 5.5.4 Contributor+.Stored.XSS MEDIUM" "bdthemes-element-pack-lite 5.4.12 Missing.Authorization.via.bdt_duplicate_as_draft MEDIUM" "bdthemes-element-pack-lite 5.2.1 Reflected.Cross-Site.Scripting MEDIUM" "backupbuddy 8.8.3 Multiple.Reflected.Cross-Site.Scripting HIGH" "backupbuddy 8.7.5 Unauthenticated.Arbitrary.File.Access HIGH" "booqable-rental-reservations 2.4.16 Admin+.Stored.XSS LOW" "buddyforms-hook-fields 1.3.2 Reflected.Cross-Site.Scripting MEDIUM" "block-slider 2.1.7 Reflected.Cross-Site.Scripting MEDIUM" "block-slider 2.0.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "business-hours-indicator 2.3.5 Admin+.Stored.Cross-Site.Scripting LOW" "bulk-page-creator 1.1.4 Arbitrary.Page.Creation.via.CSRF MEDIUM" "booster-extension No.known.fix Basic.Information.Exposure.via.booster_extension_authorbox_shortcode_display MEDIUM" "baslider No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "baslider No.known.fix Multiple.CSRF MEDIUM" "baslider No.known.fix Arbitrary.Slide.Deletion.via.CSRF MEDIUM" "basepress 2.16.2.1 Missing.Authorization MEDIUM" "basepress 2.16.2.1 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "basepress 2.15.14 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "booking-calendar-pro-payment 21.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "bannerman No.known.fix Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "ba-plus-before-after-image-slider-free No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "backup-backup 1.4.4 Information.Exposure.via.Log.Files MEDIUM" "backup-backup 1.4.0 1.3.9.-.Remote.File.Inclusion.via.content-dir HIGH" "backup-backup 1.4.0 Unauthenticated.Path.Traversal.to.Arbitrary.File.Deletion HIGH" "backup-backup 1.4.0 Authenticated.(Admin+).OS.Command.Injection.via.url MEDIUM" "backup-backup 1.3.8 Unauthenticated.RCE CRITICAL" "backup-backup 1.3.6 Sensitive.Data.Exposure HIGH" "backup-backup 1.3.7 Unauthenticated.Arbitrary.File.Download.to.Sensitive.Information.Exposure HIGH" "backup-backup 1.3.0 Cross-Site.Request.Forgery MEDIUM" "backup-backup 1.2.8 Subscriber+.Plugin.Installation MEDIUM" "backup-backup 1.2.8 Plugin.Installation.via.CSRF MEDIUM" "backup-backup 1.1.6 Admin+.Stored.Cross-Site.Scripting MEDIUM" "bbp-voting 2.1.11.1 Admin+.Stored.XSS LOW" "baidu-tongji-generator No.known.fix Admin+.Stored.XSS LOW" "brickscore No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "blogsafe-scanner No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "blogsafe-scanner 1.1.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "burst-pro 1.5.1 Unauthenticated.SQL.Injection HIGH" "beaf-before-and-after-gallery 4.5.5 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "book-press No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "book-press 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buddypress-media 4.6.19 Subscriber+.SQL.Injection HIGH" "buddypress-media 4.6.19 Authenticated.(Contributor+).SQL.Injection.via.rtmedia_gallery.Shortcode HIGH" "buddypress-media 4.6.16 Subscriber+.RCE CRITICAL" "buddypress-media 4.6.16 Admin+.RCE MEDIUM" "buddypress-media 4.6.15 Missing.Authorization.via.export_settings MEDIUM" "buddypress-media 4.6.15 Missing.Authorization.to.Settings.Update MEDIUM" "buddypress-media 4.6.15 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "breadcrumbs-shortcode 1.45 Reflected.Cross-Site.Scripting MEDIUM" "blocks-bakery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "blocks-bakery No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bzscore-live-score 1.6.0 Contributor+.Stored.XSS MEDIUM" "button-generation 3.0 Button.Deletion.via.CSRF MEDIUM" "button-generation 2.3.9 Button.Counter.Reset.via.CSRF MEDIUM" "button-generation 2.3.9 Unauthenticated.Button.Counter.Reset MEDIUM" "button-generation 2.3.6 Cross-Site.Request.Forgery MEDIUM" "button-generation 2.3.5 Reflected.XSS MEDIUM" "button-generation 2.3.4 easily.Button.Builder.<.2.3.4.-.Admin+.Stored.XSS LOW" "button-generation 2.3.3 RFI.leading.to.RCE.via.CSRF HIGH" "buttonizer-multifunctional-button 3.3.10 Reflected.Cross-Site.Scripting MEDIUM" "buttonizer-multifunctional-button 2.6.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buttonizer-multifunctional-button 2.5.5 Smart.Floating.Action.Button.<.2.5.5.-.Admin+.Stored.Cross-Site.Scripting LOW" "buddybadges No.known.fix Admin+.SQLi MEDIUM" "booking-calendar 3.2.12 Admin+.SQLi MEDIUM" "booking-calendar 3.2.9 Multiple.Authenticated(Editor+).SQL.Injection HIGH" "booking-calendar 3.2.8 Admin+.SQLi MEDIUM" "booking-calendar 3.2.4 Form.Creation/Update/Deletion/Duplication.via.CSRF MEDIUM" "booking-calendar 3.2.4 Editor+.Stored.XSS LOW" "booking-calendar 3.2.2 Unauthenticated.Arbitrary.File.Upload CRITICAL" "booking-calendar 2.2.3 Parameters.Tampering.Allowing.Arbitrary.Prices.Change HIGH" "booking-calendar 2.1.8 Authenticated.Stored.XSS.&.CSRF HIGH" "booking-calendar-contact-form 1.2.41 Unauthenticated.Reflected.Cross-Site.Scripting HIGH" "booking-calendar-contact-form 1.0.24 XSS.&.SQL.Injection CRITICAL" "booking-calendar-contact-form 1.0.3 Multiple.Authenticated.Vulnerabilities MEDIUM" "bigcommerce No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "blocksy-companion 2.0.43 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "blocksy-companion 2.0.46 Contributor+.Stored.Cross-Site.Scripting.via.SVG.Uploads MEDIUM" "blocksy-companion 2.0.29 Cross-Site.Request.Forgery MEDIUM" "blocksy-companion 2.0.32 Contributor+.Stored.XSS MEDIUM" "blocksy-companion 1.8.47 Reflected.Cross-Site.Scripting MEDIUM" "blocksy-companion 1.8.82 Subscriber+.Draft.Post.Access MEDIUM" "blocksy-companion 1.8.68 Contributor+.Stored.XSS MEDIUM" "blocksy-companion 1.8.20 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buddypress-docs No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "buddypress-docs 1.9.3 Authenticated.Lack.of.Authorisation MEDIUM" "button-contact-vr 4.7.8 Admin+.Stored.XSS LOW" "button-contact-vr 4.7.7 Admin+.Stored.XSS LOW" "bank-mellat 2.0.1 Reflected.Cross-Site.Scripting HIGH" "browser-shots 1.7.6 Contributor+.Stored.XSS MEDIUM" "bdthemes-prime-slider-lite 3.14.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Pacific.Widget MEDIUM" "bdthemes-prime-slider-lite 3.14.2 Contributor+.Stored.XSS.via.Pagepiling.Widget MEDIUM" "bdthemes-prime-slider-lite 3.14.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bdthemes-prime-slider-lite 3.14.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "bdthemes-prime-slider-lite 3.13.3 Contributor+.Stored.Cross-Site.Scripting.via.Rubix.Widget MEDIUM" "bdthemes-prime-slider-lite 3.13.3 Contributor+.Stored.Cross-Site.Scripting.via.Mercury.Widget MEDIUM" "bdthemes-prime-slider-lite 3.13.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Fiestar.Widget MEDIUM" "bdthemes-prime-slider-lite 3.11.11 Incorrect.Authorization.via.bdt_duplicate_as_draft MEDIUM" "bdthemes-prime-slider-lite 3.8.3 Reflected.Cross-Site.Scripting MEDIUM" "bdthemes-prime-slider-lite 2.7.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buddypress-hashtags 2.7.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "blogintroduction-wordpress-plugin No.known.fix Settings.Update.via.CSRF MEDIUM" "bizcalendar-web 1.1.0.26 Reflected.XSS HIGH" "better-font-awesome 2.0.4 Contributor+.Stored.XSS MEDIUM" "better-font-awesome 2.0.2 Settings.Update.via.CSRF MEDIUM" "bp-activity-social-share 3.2.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "buddyforms-review 1.4.8 Reflected.Cross-Site.Scripting MEDIUM" "book-appointment-online 1.39 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "bridge-core 3.3.1 Missing.Authorization.to.Authenticated.(Subscriber+).Demo.Import MEDIUM" "bridge-core 3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "bridge-core 3.1.0 Reflected.XSS HIGH" "bulk-edit-posts-on-frontend 2.4.27 Reflected.Cross-Site.Scripting MEDIUM" "bulk-edit-posts-on-frontend 2.4.15 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "baw-login-logout-menu No.known.fix Contributor+.Stored.XSS.in.Shortcode MEDIUM" "bricksforge 2.1.1 Missing.Authorization.to.Unauthenticated.Arbitrary.Email.Sending MEDIUM" "bricksforge 2.1.1 Missing.Authorization.to.Unauthenticated.WordPress.Settings.Deletion MEDIUM" "bricksforge 2.1.1 Missing.Authorization.to.Unauthenticated.WordPress.Settings.Update MEDIUM" "blog-in-blog No.known.fix Editor+.Local.File.Inclusion.via.Shortcode HIGH" "blog-in-blog No.known.fix Editor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "benchmark-email-lite 4.2 Cross-Site.Request.Forgery.via.page_settings() MEDIUM" "bp-job-manager 2.6.1 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "blaze-widget 2.5.4 Injected.Backdoor CRITICAL" "best-restaurant-menu-by-pricelisto 1.4.2 Authenticated.(Contributor+).SQL.Injection HIGH" "best-restaurant-menu-by-pricelisto 1.4.0 Settings.Update.via.CSRF MEDIUM" "bp-profile-shortcodes-extra 2.5.3 Contributor+.Stored.XSS MEDIUM" "bbpress 2.6.5 Unauthenticated.Privilege.Escalation.when.New.User.Registration.enabled CRITICAL" "bbpress 2.6.5 Authenticated.Stored.Cross-Site.Scripting.via.the.forums.list.table MEDIUM" "bbpress 2.6.5 Authenticated.Privilege.Escalation.via.the.Super.Moderator.feature HIGH" "bbpress 2.6.0 Subscriber+.Stored.Cross-Site.Scripting.via.Post.Slug MEDIUM" "boostify-header-footer-builder 1.3.6 Missing.Authorization.to.Page/Post.Creation MEDIUM" "boostify-header-footer-builder 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.size.Parameter MEDIUM" "bookshelf No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "bp-social-connect 1.6.2 Authentication.Bypass CRITICAL" "bulk-edit-user-profiles-in-spreadsheet 1.5.25 Reflected.Cross-Site.Scripting MEDIUM" "bulk-edit-user-profiles-in-spreadsheet 1.5.14 Admin+.Stored.Cross-Site.Scripting LOW" "bulk-edit-user-profiles-in-spreadsheet 1.5.13 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bws-google-maps 1.3.6 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "be-popia-compliant 1.1.6 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "bs-shortcode-ultimate No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bp-user-profile-reviews 2.7.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "bws-testimonials 0.1.9 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "block-options 1.40.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "block-options 1.40.4 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "block-options 1.17 Reflected.Cross-Site.Scripting MEDIUM" "block-options 1.31.6 Contributor+.Arbitrary.PHP.Code.Execution CRITICAL" "bunnycdn 2.0.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "backup-bolt 1.4.0 Sensitive.Data.Exposure MEDIUM" "backup-bolt 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "bcs-bertline-book-importer 1.5.8 Unauthenticated.Product.Import HIGH" "bravo-translate No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "browser-theme-color No.known.fix Cross-Site.Request.Forgery.via.btc_settings_page MEDIUM" "blox-page-builder No.known.fix Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "breeze 2.1.4 Admin+.Stored.XSS LOW" "breeze 2.0.3 Subscriber+.Arbitrary.Settings.Update.to.Stored.XSS HIGH" "bulk-edit-categories-tags 1.7.5 Reflected.Cross-Site.Scripting MEDIUM" "bulk-edit-categories-tags 1.5.23 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bws-latest-posts 0.3 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "buddyforms-members 1.4.12 Reflected.Cross-Site.Scripting MEDIUM" "blue-triad-ezanalytics No.known.fix Reflected.Cross-Site.Scripting.via.'bt_webid' MEDIUM" "bsk-pdf-manager 3.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bsk-pdf-manager 3.4.2 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "bsk-pdf-manager 3.1.2 Admin+.SQL.Injection MEDIUM" "bsk-pdf-manager 2.9.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "bsk-pdf-manager 1.5 Multiple.Authenticated.SQL.Injections CRITICAL" "bws-featured-posts 1.0.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "better-search-tmc No.known.fix Folders.Disclosure.via.Outdated.jQueryFileTree.Library MEDIUM" "bbresolutions No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bbresolutions No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "beam-me-up-scotty 1.0.22 Reflected.Cross-Site.Scripting MEDIUM" "booster-elite-for-woocommerce 7.1.8 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "booster-elite-for-woocommerce 7.1.2 .Missing.Authorization.to.Order.Information.Disclosure MEDIUM" "booster-elite-for-woocommerce 7.1.3 Subscriber+.Content.Injection MEDIUM" "booster-elite-for-woocommerce 6.0.1 Multiple.CSRF MEDIUM" "booster-elite-for-woocommerce 6.0.0 Reflected.Cross-Site.Scripting HIGH" "booster-elite-for-woocommerce 1.1.8 Custom.Role.Creation/Deletion.via.CSRF MEDIUM" "booster-elite-for-woocommerce 1.1.7 Checkout.Files.Deletion.via.CSRF LOW" "booster-elite-for-woocommerce 1.1.7 ShopManager+.Arbitrary.File.Download MEDIUM" "booster-elite-for-woocommerce 1.1.3 Subscriber+.Order.Status.Update MEDIUM" "billingo 3.4.0 ShopManager+.Stored.XSS MEDIUM" "blockmeister 3.1.11 Reflected.Cross-Site.Scripting MEDIUM" "blockmeister 3.1.10 Reflected.Cross-Site.Scripting MEDIUM" "blockmeister 3.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "better-follow-button-for-jetpack No.known.fix Admin+.Stored.XSS LOW" "backup-wd No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "bloglentor-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bubble-menu 3.0.5 Admin+.Stored.XSS LOW" "bubble-menu 3.0.4 Reflected.XSS MEDIUM" "bubble-menu 3.0.2 Circle.Floating.Menu.<.3.0.2.-.Form.Deletion.via.CSRF MEDIUM" "bulk-block-converter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "blockington No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "betterlinks 1.6.1 Improper.Authorization.to.Data.Import.and.Export MEDIUM" "betterlinks 1.2.6 Admin+.Stored.Cross-Site.Scripting LOW" "blockspare 3.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blockspare 3.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blockspare 3.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blockspare 2.6.5 Reflected.Cross-Site.Scripting MEDIUM" "blockspare 2.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buddyforms-anonymous-author 1.1 Reflected.Cross-Site.Scripting MEDIUM" "bitformpro No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update HIGH" "bitformpro No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "bitformpro No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "bitformpro No.known.fix Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "buddyvendor 1.2.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "branda-white-labeling 3.4.19 Unauthenticated.Full.Path.Disclosure MEDIUM" "branda-white-labeling 3.4.18 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "branda-white-labeling 3.4.18 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.Upload MEDIUM" "branda-white-labeling 3.4.15 IP.Spoofing MEDIUM" "bmi-adultkid-calculator 1.2.2 Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "bulk-datetime-change 1.12 Missing.Authorisation MEDIUM" "buzzsprout-podcasting 1.8.5 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "bookly-responsive-appointment-booking-tool 23.3 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.Color.Profile.Parameter MEDIUM" "bookly-responsive-appointment-booking-tool 22.5 Admin+.Stored.XSS LOW" "bookly-responsive-appointment-booking-tool 22.4 Admin+.SQLi MEDIUM" "bookly-responsive-appointment-booking-tool 21.8 Admin+.Stored.Cross-Site.Scripting.via.service.titles MEDIUM" "bookly-responsive-appointment-booking-tool 21.6 Unauthenticated.Stored.XSS HIGH" "bookly-responsive-appointment-booking-tool 20.3.1 Staff.Member.Stored.Cross-Site.Scripting MEDIUM" "bookly-responsive-appointment-booking-tool 14.5 Bookly.#1.WordPress.Booking.Plugin.(Lite).<.14,5.–.Unauthenticated.Blind.Stored.XSS MEDIUM" "bsuite No.known.fix Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "bulletproof-security 6.1 Admin+.Stored.Cross-Site.Scripting LOW" "bulletproof-security 5.8 Admin+.Stored.Cross-Site.Scripting.(XSS) LOW" "bulletproof-security 5.2 Sensitive.Information.Disclosure MEDIUM" "bulletproof-security .53.4 Multiple.XSS.Vulnerabilities MEDIUM" "blogpost-widgets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "borderless 1.5.4 Widgets,.Elements,.Templates.and.Toolkit.for.Elementor.&.Gutenberg.<.1.5.4.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "borderless 1.5.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "borderless 1.4.9 Admin+.Stored.XSS LOW" "backup 2.0.9.9 Directory.Listing.Exposing.Backups HIGH" "backup 1.6.9.1 Admin+.Stored.XSS LOW" "backup 1.6.0 Authenticated.Arbitrary.File.Upload CRITICAL" "backup 1.4.1 Subscriber+.Arbitrary.Backup.Location.Update MEDIUM" "backup 1.4.1 Subscriber+.Sensitive.Information.Disclosure MEDIUM" "backup 1.4.0 Arbitrary.File.Upload.via.CSRF HIGH" "backup 1.1.47 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "backup 1.0.3 Authenticated.Arbitrary.File.Upload CRITICAL" "bdthemes-element-pack 7.9.1 Addon.for.Elementor.Page.Builder.WordPress.Plugin.<.7.9.1.-.Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Wrapper.Link.URL MEDIUM" "bdthemes-element-pack No.known.fix Authenticated.(Contributor+).Arbitrary.File.Read.and.PHAR.Deserialization CRITICAL" "burst-statistics 1.5.7 Contributor+.Stored.Cross-Site.Scripting.via.burst_total_pageviews_count MEDIUM" "burst-statistics 1.5.4 Editor+.SQL.Injection HIGH" "burst-statistics 1.5.0 Unauthenticated.SQL.Injection HIGH" "broken-link-manager No.known.fix Authenticated.(admin+).SQL.Injection MEDIUM" "broken-link-manager 0.6.0 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "broken-link-manager 0.5.0 Unauthenticated.SQL.Injection.&.XSS CRITICAL" "block-referer-spam 1.1.9.5 Admin+.Stored.XSS LOW" "before-after-image-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "bbpowerpack 2.37.4 Reflected.Cross-Site.Scripting MEDIUM" "bbpowerpack 2.33.1 Contributor+.Privilege.Escalation HIGH" "bertha-ai-free 1.11.10.8 Unauthenticated.Arbitrary.File.Upload CRITICAL" "buddyforms-easypin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "buddyforms-easypin No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buddyforms-easypin No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "business-manager 1.4.6 Admin+.Stored.Cross-Site.Scripting LOW" "banner-cycler No.known.fix Stored.Cross-Site.Scripting.via.CSRF HIGH" "blocks No.known.fix Admin+.Stored.XSS LOW" "blackhole-bad-bots 3.3.2 Arbitrary.IP.Address.Blocking.via.IP.Spoofing HIGH" "bbp-move-topics 1.1.6 Code.Injection.&.CSRF CRITICAL" "booking-weir No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "booking-weir 1.0.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bws-popular-posts 1.0.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "brave-popup-builder 0.7.1 Cross-Site.Request.Forgery MEDIUM" "brave-popup-builder 0.7.0 Admin+.Stored.XSS LOW" "brave-popup-builder 0.6.6 Unauthenticated.Server-Side.Request.Forgery HIGH" "brave-popup-builder 0.6.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "breadcrumbs-by-menu 1.0.3 Multiple.Issues HIGH" "blobinator 2.3 Unauthorised.AJAX.call.via.CSRF MEDIUM" "buddymeet 2.3.0 Contributor+.Stored.XSS MEDIUM" "bulgarisation-for-woocommerce 3.0.15 Cross-Site.Request.Forgery HIGH" "bulgarisation-for-woocommerce 3.0.15 Missing.Authorization HIGH" "blog-sidebar-widget 1.0.6 Reflected.Cross-Site.Scripting MEDIUM" "blog-sidebar-widget No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buddypress-profile-pro 2.0.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "bo-wc-customer-review-watson No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "back-to-the-top-button 2.1.7 Admin+.Stored.XSS LOW" "byconsole-woo-order-delivery-time 2.4.7 Missing.Authorization.to.Arbitrary.Options.Update HIGH" "byconsole-woo-order-delivery-time 2.4.8 Reflected.XSS HIGH" "basic-interactive-world-map 2.7 Admin+.Stored.XSS LOW" "booking-and-rental-manager-for-woocommerce 1.2.2 Admin+.Stored.XSS LOW" "black-widgets 1.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "black-widgets 1.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bookingcom-banner-creator 1.4.3 Admin+.Stored.Cross-Site.Scripting LOW" "buddyforms-attach-posts-to-groups-extension 1.2.4 Reflected.Cross-Site.Scripting MEDIUM" "broken-link-finder 2.5.0 Missing.Authorization.via.moblc_auth_save_settings MEDIUM" "b2bking 4.6.20 Subscriber+.Arbitrary.Products.Price.Update MEDIUM" "back-button-widget 1.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "better-captcha-gravity-forms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "better-captcha-gravity-forms 0.5.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bug-library 2.1.2 Admin+.Stored.XSS LOW" "bug-library 2.1.1 Unauthenticated.RCE CRITICAL" "bug-library 2.0.4 Reflected.Cross-Site.Scripting MEDIUM" "bwp-google-xml-sitemaps No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "biometric-login-for-woocommerce 1.0.4 Unauthenticated.Privilege.Escalation CRITICAL" "browser-and-operating-system-finder No.known.fix Unauthenticated.Settings.Reset MEDIUM" "browser-and-operating-system-finder No.known.fix Unauthenticated.Arbitrary.Settings.Update.to.Stored.XSS HIGH" "blockons 1.0.8 Reflected.Cross-Site.Scripting MEDIUM" "blogmentor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.pagination_style.Parameter MEDIUM" "buddyforms 2.8.13 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "buddyforms 2.8.12 Authenticated.(Contributor+).Privilege.Escalation HIGH" "buddyforms 2.8.10 Email.Verification.Bypass.due.to.Insufficient.Randomness MEDIUM" "buddyforms 2.8.9 Unauthenticated.Arbitrary.File.Read.and.Server-Side.Request.Forgery CRITICAL" "buddyforms 2.8.6 Reflected.Cross-Site.Scripting.via.page MEDIUM" "buddyforms 2.8.8 Missing.Authorization MEDIUM" "buddyforms 2.8.8 Missing.Authorization.to.Unauthenticated.Media.Upload HIGH" "buddyforms 2.8.8 Missing.Authorization.to.Unauthenticated.Media.Deletion HIGH" "buddyforms 2.8.3 Reflected.Cross-Site.Scripting MEDIUM" "buddyforms 2.8.2 Contributor+.Stored.XSS MEDIUM" "buddyforms 2.7.8 Unauthenticated.PHAR.Deserialization HIGH" "buddyforms 2.7.6 Contributor+.Stored.XSS MEDIUM" "buddyforms 2.6.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buddyforms 2.3.2 Subscriber+.Arbitrary.Option.Update CRITICAL" "buddyforms 2.2.8 SQL.Injection CRITICAL" "booking 10.6.1 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "booking 10.5.1 Reflected.Cross-Site.Scripting MEDIUM" "booking 10.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.bookingform.Shortcode MEDIUM" "booking 9.9.1 Unauthenticated.SQL.Injection CRITICAL" "booking 9.7.4 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "booking 9.7.3.1 Unauthenticated.Stored.XSS HIGH" "booking 9.2.2 Arbitrary.Translation.Update.via.CSRF MEDIUM" "booking 9.1.1 PHP.Object.Injection HIGH" "booking 8.9.2 Reflected.Cross-Site.Scripting HIGH" "booking 8.4.5.15 SQL.Injection HIGH" "booking-activities 1.15.20 Reflected.Cross-Site.Scripting MEDIUM" "bemax-elementor No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "baw-post-views-count No.known.fix Contributor+.Stored.XSS.in.Shortcode MEDIUM" "blog-filter 1.5.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "better-comments 1.5.6 Admin+.Stored.XSS LOW" "better-comments 1.5.6 Subscriber+.Stored.XSS HIGH" "better-comments 1.5.4 Reflected.Cross-Site.Scripting MEDIUM" "better-comments 1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "blog-designer-pack 3.4.2 Unauthenticated.Remote.Code.Execution.via.Local.File.Inclusion HIGH" "blog-designer-pack 3.4.1 Reflected.Cross-Site.Scripting MEDIUM" "blog-designer-pack 3.3 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "blog-designer-pack 2.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "blocks-product-editor-for-woocommerce 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "broken-link-checker-for-youtube No.known.fix Cross-Site.Request.Forgery.via.plugin_settings_page() MEDIUM" "barclaycart No.known.fix Unauthenticated.Shell.Upload CRITICAL" "backup-scheduler No.known.fix Cross-Site.Request.Forgery MEDIUM" "blockonomics-bitcoin-payments 3.5.8 Reflected.Cross-Site.Scripting HIGH" "blockonomics-bitcoin-payments 3.3 Blockonomics.<.3.3.-.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "backup-and-restore-for-wp No.known.fix Admin+.Arbitrary.File.Deletion MEDIUM" "bellows-accordion-menu 1.4.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "block-for-font-awesome 1.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "block-for-font-awesome 1.4.1 Block.for.Font.Awesome.<.1,4,1.-Settings.Update.via.CSRF MEDIUM" "buddyforms-ultimate-member 1.3.8 Reflected.Cross-Site.Scripting MEDIUM" "blue-admin No.known.fix CSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "bck-tu-dong-xac-nhan-thanh-toan-chuyen-khoan-ngan-hang No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "bus-booking-manager No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "becustom 1.0.5.3 Settings.Update.via.CSRF MEDIUM" "buddypress-sticky-post 1.9.9 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "bxslider-wp No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "better-anchor-links No.known.fix Cross-Site.Request.Forgery.via.admin/options.php MEDIUM" "bb-ultimate-addon 1.35.15 Contributor+.Privilege.Escalation HIGH" "bb-ultimate-addon 1.35.14 Contributor+.Arbitrary.File.Download MEDIUM" "buddyboss-media No.known.fix Stored.XSS MEDIUM" "booking-ultra-pro 1.1.14 Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Settings.Updates MEDIUM" "booking-ultra-pro 1.1.14 Unauthenticated.Local.File.Inclusion CRITICAL" "booking-ultra-pro 1.1.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "booking-ultra-pro 1.1.13 Authenticated.(Contributor+).Privilege.Escalation HIGH" "booking-ultra-pro 1.1.7 Cross-Site.Request.Forgery MEDIUM" "booking-ultra-pro 1.1.7 Subscriber+.Settings.Update MEDIUM" "booking-ultra-pro 1.1.9 Reflected.XSS HIGH" "booking-ultra-pro 1.1.9 Reflected.XSS HIGH" "booking-ultra-pro 1.1.7 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "booking-ultra-pro 1.1.7 Multiple.CSRF MEDIUM" "backwpup 4.0.2 Admin+.Directory.Traversal MEDIUM" "backwpup 4.0.4 Unauthenticated.Backup.Download HIGH" "backwpup 4.0.2 Authenticated.(Administrator+).Directory.Traversal HIGH" "backwpup 3.4.2 Backup.File.Download HIGH" "blog-manager-light No.known.fix Settings.Update.via.CSRF MEDIUM" "backup-database No.known.fix Admin+.Stored.XSS LOW" "buttons-x No.known.fix Buttons.X.<=.0.8.6.-.Contributor+.Stored.XSS MEDIUM" "bacola-core No.known.fix Reflected.Cross-Site.Scripting HIGH" "bws-linkedin 1.0.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "bloom 1.1.1 Privilege.Escalation HIGH" "brozzme-scroll-top No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "better-messages-wcfm-integration 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buddyboss-platform 2.6.0 Insecure.Direct.Object.Reference.on.Like.Comment MEDIUM" "buddyboss-platform 1.7.9 Subscriber+.SQL.Injection MEDIUM" "bit-assist 1.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "bit-assist 1.1.9 Admin+.Stored.Cross-Site.Scripting LOW" "britetechs-companion 2.2.8 Injected.Backdoor CRITICAL" "better-search 3.3.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "better-search 2.5.3 Cross-Site.Request.Forgery MEDIUM" "better-search 2.5.3 CSRF.Nonce.Bypass.in.Import/Export MEDIUM" "better-search 2.2.3 Unauthenticated.SQL.Injection CRITICAL" "better-search 1.3.5 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "better-search 1.3 admin.inc.php.Setting.Manipulation.CSRF MEDIUM" "bp-activity-filter 2.8.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "bulk-edit-events 1.1.21 Reflected.Cross-Site.Scripting MEDIUM" "bulk-edit-events 1.1.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "better-wp-security 9.3.2 IP.Address.Spoofing.to.Denial.of.Service MEDIUM" "better-wp-security 9.0.1 Unauthenticated.Login.Page.Disclosure MEDIUM" "better-wp-security 7.9.1 Hide.Backend.Bypass MEDIUM" "better-wp-security 7.0.3 Authenticated.SQL.Injection HIGH" "better-wp-security 6.9.1 Cross-Site.Scripting.(XSS) HIGH" "bp-check-in 1.9.4 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "bulk-attachment-download 1.3.7 Reflected.Cross-Site.Scripting MEDIUM" "bulk-attachment-download 1.3.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bold-timeline-lite 1.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bold-timeline-lite 1.2.0 Missing.Authorization.to.Admin.Notice.Dismissal MEDIUM" "bold-timeline-lite 1.1.5 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "backupwordpress 3.14 Admin+.Directory.Traversal LOW" "backupwordpress 3.13 Subscriber+.Backup.Disclosure MEDIUM" "buymeacoffee 3.7 Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "buymeacoffee 3.8 Cross-Site.Request.Forgery HIGH" "buymeacoffee 3.8 Subscriber+.Unauthorized.Data.Modification HIGH" "buymeacoffee 3.7 Admin+.Stored.XSS LOW" "boldgrid-easy-seo 1.6.15 Information.Exposure MEDIUM" "boldgrid-easy-seo 1.6.14 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Meta.Description MEDIUM" "brizy 2.5.2 Cross-Site.Request.Forgery MEDIUM" "brizy 2.4.45 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "brizy 2.4.45 Missing.Authorization.to.Authenticated.(Contributor+).Post.Modification HIGH" "brizy 2.4.44 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Form.Functionality MEDIUM" "brizy 2.4.44 Unauthenticated.Stored.Cross-Site.Scripting.via.Form HIGH" "brizy 2.4.44 Authenticated.(Contributor+).Store.Cross-Site.Scripting.via.Widget.Link.To.URL HIGH" "brizy 2.4.44 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Custom.Attributes MEDIUM" "brizy 2.4.44 Missing.Authorization MEDIUM" "brizy 2.4.42 Authenticated(Contributor+).Stored.Cross-Site.Scripting HIGH" "brizy 2.4.41 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "brizy 2.4.41 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "brizy 2.4.41 Authenticated.(Contributor+).Directory.Traversal MEDIUM" "brizy 2.4.41 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "brizy 2.4.41 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "brizy 2.4.30 Contributor+.Stored.XSS MEDIUM" "brizy 2.4.2 Contributor+.Stored.Cross-Site.Scripting.via.Element.URL MEDIUM" "brizy 2.4.2 Contributor+.Stored.Cross-Site.Scripting.via.Element.Content MEDIUM" "brizy 2.3.12 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "brizy 2.3.12 2.3.11.-.Incorrect.Authorization.to.Post.Modification HIGH" "brizy 2.3.12 Authenticated.File.Upload.and.Path.Traversal HIGH" "brizy 1.0.126 Page.Builder.<.1.0.126.-.Improper.Access.Controls.on.AJAX.Calls HIGH" "buddypress-giphy 1.5.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "bulk-edit-post-titles No.known.fix Missing.Authorization.via.bulkUpdatePostTitles MEDIUM" "bulk-edit-post-titles No.known.fix Missing.Authorization MEDIUM" "beds24-online-booking 2.0.24 Authenticated(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "beds24-online-booking No.known.fix Contributor+.Stored.XSS MEDIUM" "bulk-image-alt-text-with-yoast 1.4.5.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "babelz No.known.fix CSRF.to.Stored.XSS HIGH" "buddyforms-woocommerce-form-elements 1.4.4 Reflected.Cross-Site.Scripting MEDIUM" "bulk-resize-media No.known.fix CSRF MEDIUM" "bb-bootstrap-cards 1.1.5 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "bb-bootstrap-cards 1.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Cards.Widget MEDIUM" "bb-bootstrap-cards 1.1.3 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.bootstrapcard.link MEDIUM" "bulk-editor 1.0.8.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "bulk-editor 1.0.8.2 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "bulk-editor 1.0.8.2 Missing.Authorization MEDIUM" "bulk-editor 1.0.8.2 Cross-Site.Request.Forgery MEDIUM" "bulk-editor 1.0.8.1 Unauthenticated.Stored.Cross-Site.Scripting.via.profile_title MEDIUM" "bulk-editor 1.0.7.2 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "bulk-editor 1.0.7.2 Admin+.Stored.XSS LOW" "bulk-editor 1.0.7.1 Profile.Creation.via.CSRF MEDIUM" "bulk-editor 1.0.7.1 Profile.Creation.via.CSRF MEDIUM" "bulk-editor 1.0.7 Subscriber+.Stored.XSS HIGH" "booster-plus-for-woocommerce 7.1.2 Missing.Authorization.to.Order.Information.Disclosure MEDIUM" "booster-plus-for-woocommerce 7.1.2 Missing.Authorization.to.Arbitrary.Page/Post.Deletion MEDIUM" "booster-plus-for-woocommerce 7.1.3 Missing.Authorization.to.Arbitrary.Options.Disclosure MEDIUM" "booster-plus-for-woocommerce 6.0.1 Multiple.CSRF MEDIUM" "booster-plus-for-woocommerce 6.0.0 Reflected.Cross-Site.Scripting HIGH" "booster-plus-for-woocommerce 5.6.6 Custom.Role.Creation/Deletion.via.CSRF MEDIUM" "booster-plus-for-woocommerce 5.6.5 ShopManager+.Arbitrary.File.Download MEDIUM" "booster-plus-for-woocommerce 5.6.5 Checkout.Files.Deletion.via.CSRF LOW" "booster-plus-for-woocommerce 5.6.1 Subscriber+.Order.Status.Update MEDIUM" "bus-ticket-booking-with-seat-reservation 5.3.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "bus-ticket-booking-with-seat-reservation 5.2.6 Unauthenticated.Cross-Site.Scripting HIGH" "bus-ticket-booking-with-seat-reservation 5.2.4 Reflected.XSS HIGH" "block-styler-for-gravity-forms 6.3.0 Reflected.Cross-Site.Scripting MEDIUM" "block-styler-for-gravity-forms 6.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "better-search-replace 1.4.5 Unauthenticated.PHP.Object.Injection CRITICAL" "better-search-replace 1.4.1 Admin+.SQLi MEDIUM" "better-sharing 2.0.7 Reflected.Cross-Site.Scripting MEDIUM" "better-sharing 1.7.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "boldgrid-backup 1.15.9 Improper.Authorization.to.Unauthenticated.Arbitrary.File.Download HIGH" "boldgrid-backup 1.14.14 Subscriber+.Backup.Disclosure MEDIUM" "boldgrid-backup 1.14.10 Unauthenticated.Backup.Download HIGH" "boldgrid-backup 1.14.10 Sensitive.Data.Disclosure.(Server.IP.Address,.UID.etc) MEDIUM" "bitpay-checkout-for-woocommerce 5.0.0 Missing.Authorization MEDIUM" "buddyforms-acf 1.3.5 Reflected.Cross-Site.Scripting MEDIUM" "bulletin-announcements 3.9.0 Authenticated.(Administrator+).SQL.Injection HIGH" "bulletin-announcements 3.8.0 Reflected.Cross-Site.Scripting MEDIUM" "bulletin-announcements 3.7.1 Cross-Site.Request.Forgery MEDIUM" "bulletin-announcements 3.7.0 Subscriber+.Unauthorized.Access.and.Modification MEDIUM" "bulletin-announcements 3.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bpcustomerio No.known.fix Arbitrary.Plugin.Settings.Update.via.CSRF MEDIUM" "bit-form 2.15.3 Admin+.Arbitrary.File.Read LOW" "bit-form 2.13.12 Authenticated.(Administrator+).SQL.Injection MEDIUM" "bit-form 2.13.11 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "bit-form 2.13.11 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "bit-form 2.13.10 2.13.9.-.Authenticated.(Administrator+).SQL.Injection.via.getLogHistory.Function HIGH" "bit-form 2.13.10 2.13.9.-.Authenticated.(Administrator+).Arbitrary.JavaScript.File.Uploads MEDIUM" "bit-form 2.13.10 2.13.9.-.Authenticated.(Administrator+).Arbitrary.File.Read.And.Deletion CRITICAL" "bit-form 2.13.10 2.13.9.-.Authenticated.(Administrator+).SQL.Injection HIGH" "bit-form 2.13.5 2.13.4.-.Authenticater.(Administrator+).Arbitrary.File.Deletion HIGH" "bit-form 2.13.4 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "bit-form 2.10.2 Unauthenticated.Insecure.Direct.Object.Reference.to.Form.Submission.Alteration MEDIUM" "bit-form 2.2.0 Admin+.Stored.XSS LOW" "bit-form 1.9 RCE.via.Unauthenticated.Arbitrary.File.Upload CRITICAL" "bradmax-player 1.1.28 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "buddyforms-remote 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "bosa-elementor-for-woocommerce 1.0.13 Missing.Authorization MEDIUM" "blockypage No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "blockypage No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "banner-management-for-woocommerce 2.4.3 Shop.Banner.Settings.Update.via.CSRF MEDIUM" "banner-management-for-woocommerce 2.4.1 Reflected.Cross-Site.Scripting MEDIUM" "banner-management-for-woocommerce 2.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "banner-management-for-woocommerce 1.1.1 Unauthenticated.Settings.Change MEDIUM" "biteship 2.2.25 Reflected.Cross-Site.Scripting.via.biteship_error.and.biteship_message MEDIUM" "biteship 2.2.28 Shop.manager+.Stored.XSS MEDIUM" "biteship 2.2.25 Reflected.Cross-Site.Scripting HIGH" "bookster 1.2.0 Unauthenticated.Appointment.Status.Update MEDIUM" "bible-text No.known.fix Contributor+.Stored.XSS MEDIUM" "bmi-bmr-calculator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "builderall-cheetah-for-wp 2.0.2 Unauthenticated.Server-Side.Request.Forgery HIGH" "beaver-themer 1.4.9.1 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "beaver-themer 1.4.9.1 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.shortcode MEDIUM" "border-loading-bar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "border-loading-bar No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "bookingpress-appointment-booking 1.1.8 1.1.7.-.Authentication.Bypass.to.Account.Takeover CRITICAL" "bookingpress-appointment-booking 1.1.6 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update.and.Arbitrary.File.Upload HIGH" "bookingpress-appointment-booking 1.1.6 Authenticated.(Subscriber+).Arbitrary.File.Read.to.Arbitrary.File.Creation HIGH" "bookingpress-appointment-booking 1.0.83 Missing.Authorization.to.Appointment.Time.Alteration MEDIUM" "bookingpress-appointment-booking 1.0.82 Authenticated.(Customer+).Insecure.Direct.Object.Reference MEDIUM" "bookingpress-appointment-booking 1.0.88 Authenticated.(Admin+).Arbitrary.File.Upload HIGH" "bookingpress-appointment-booking 1.0.75 Unauthenticated.Booking.Price.Manipulation HIGH" "bookingpress-appointment-booking 1.0.73 Authenticated.(Contributor+).SQL.Injection HIGH" "bookingpress-appointment-booking 1.0.77 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "bookingpress-appointment-booking 1.0.31 Unauthenticated.IDOR.in.appointment_id HIGH" "bookingpress-appointment-booking 1.0.11 Unauthenticated.SQL.Injection HIGH" "bitcoin-faucet No.known.fix Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "bp-profile-search 5.8 Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "bp-profile-search 5.6 Reflected.Cross-Site.Scripting.via.BPS_FORM MEDIUM" "book-buyback-prices No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "book-buyback-prices No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ban-users No.known.fix Subscriber+.Settings.Update.&.Privilege.Escalation.via.Missing.Authorization HIGH" "bnfw 1.7 Reflected.Cross-Site.Scripting MEDIUM" "bnfw 1.9.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "bnfw 1.8.7 Email.Address.Disclosure MEDIUM" "beaver-builder-lite-version 2.8.3.7 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.Button.Group.Module MEDIUM" "beaver-builder-lite-version 2.8.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.type.Parameter MEDIUM" "beaver-builder-lite-version 2.8.3.4 Reflected.Cross-Site.Scripting MEDIUM" "beaver-builder-lite-version 2.8.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "beaver-builder-lite-version 2.8.1.3 Contributor+.Stored.Cross-Site.Scripting.via.photo.widget.crop.attribute MEDIUM" "beaver-builder-lite-version 2.8.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "beaver-builder-lite-version 2.8.0.7 Contributor+.Stored.XSS MEDIUM" "beaver-builder-lite-version 2.7.4.5 Contributor+.Stored.Cross-Site.Scripting.via.heading.tag MEDIUM" "beaver-builder-lite-version 2.7.4.3 Contributor+.Stored.XSS MEDIUM" "beaver-builder-lite-version 2.7.4.3 Contributor+.Stored.XSS MEDIUM" "beaver-builder-lite-version 2.7.4.3 Reflected.XSS HIGH" "beaver-builder-lite-version 2.7.4.3 Contributor+.Stored.XSS MEDIUM" "beaver-builder-lite-version 2.7.4.3 Contributor+.Stored.XSS.via.Icon.Widget MEDIUM" "beaver-builder-lite-version 2.7.2.1 Contributor+.Stored.XSS MEDIUM" "beaver-builder-lite-version 2.5.5.3 .Authenticated.Stored.XSS.via.Caption MEDIUM" "beaver-builder-lite-version 2.5.5.3 .Authenticated.Stored.XSS.via.Caption.On.Hover MEDIUM" "beaver-builder-lite-version 2.5.5.3 Authenticated.Stored.XSS.via.Image.URL MEDIUM" "beaver-builder-lite-version 2.5.5.3 Authenticated.Stored.XSS.via.Text.Editor MEDIUM" "beaver-builder-lite-version 2.5.4.4 Subscriber+.Arbitrary.Post.Builder.Layout.Disabling MEDIUM" "birthdays-widget No.known.fix Admin+.Stored.Cross.Site.Scripting LOW" "before-and-after No.known.fix Cross-Site.Request.Forgery MEDIUM" "bne-testimonials 2.0.8 Contributor+.Stored.XSS MEDIUM" "business-profile-reviews No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bng-gateway-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bng-gateway-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bng-gateway-for-woocommerce No.known.fix CSRF.Bypass MEDIUM" "better-rss-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "background-takeover 4.1.5 Directory.Traversal HIGH" "breadcrumb 1.5.33 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "backuply 1.3.5 Authenticated.(Admin+).SQL.Injection CRITICAL" "backuply 1.2.8 Admin+.Directory.Traversal MEDIUM" "backuply 1.2.6 Backup,.Restore,.Migrate.and.Clone.<.1.2.6.-..Unauthenticated.Denial.of.Service HIGH" "backuply 1.2.4 Admin+.Directory.Traversal MEDIUM" "blocked-in-china 1.0.6 Reflected.Cross-Site.Scripting MEDIUM" "blocked-in-china 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "better-messages-wc-vendors-integration 1.0.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bbspoiler 2.02 Contributor+.Stored.XSS MEDIUM" "breakdance 2.0.0 Missing.Authorization MEDIUM" "breakdance 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "breakdance 1.7.2 Authenticated.(Contributor+).Remote.Code.Execution HIGH" "breakdance 1.7.1 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.custom.postmeta MEDIUM" "bulk-image-title-attribute 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "before-and-after-product-images-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "before-and-after-product-images-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "before-and-after-product-images-for-woocommerce No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "bp-cover No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.6.2 Authenticated.(Subscriber+).SQL.Injection HIGH" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.5 Unauthenticated.Information.Exposure MEDIUM" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.5 Cross-Site.Request.Forgery MEDIUM" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.5 Authenticated.(Subscriber+).SQL.Injection HIGH" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.4 Missing.Authorization MEDIUM" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.4 Unauthenticated.Privilege.Escalation CRITICAL" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.4 Missing.Authorization MEDIUM" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.4 Reflected.Cross-Site.Scripting MEDIUM" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.2 Unauthenticated.Arbitrary.File.Upload.via.uploadFile CRITICAL" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.2 Unauthenticated.SQL.Injection.via.userToken CRITICAL" "broken-link-checker 2.4.1 Reflected.XSS HIGH" "broken-link-checker 2.2.4 Admin+.Stored.Cross-Site.Scripting LOW" "broken-link-checker 1.11.20 Admin+.Cross-Site.Scripting LOW" "broken-link-checker 1.11.17 Admin+.PHAR.Deserialization MEDIUM" "broken-link-checker 1.11.9 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "broken-link-checker 1.10.9 Unauthenticated.Stored.XSS MEDIUM" "beautiful-and-responsive-cookie-consent 2.10.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "beautiful-and-responsive-cookie-consent 2.10.2 Unauthenticated.Stored.XSS HIGH" "beautiful-and-responsive-cookie-consent 2.9.1 Admin+.Stored.XSS LOW" "blossom-recipe-maker 1.0.8 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "blossomthemes-email-newsletter 2.2.7 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "blossomthemes-email-newsletter 2.2.5 Missing.Authorization MEDIUM" "bp-create-group-type No.known.fix Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "bws-google-analytics 1.7.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "bws-smtp 1.1.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "bbpress-notify-nospam 2.18.4 Reflected.Cross-Site.Scripting MEDIUM" "bestbooks No.known.fix Unauthenticated.SQLi HIGH" "booking-system 2.9.9.5.1 Authenticated.(Subscriber+).SQL.Injection HIGH" "booking-system 2.9.9.4.8 Admin+.Stored.XSS LOW" "booking-system 2.9.9.4.1 Arbitrary.Settings.Update.via.CSRF MEDIUM" "booking-system 2.9.9.2.9 Admin+.Stored.XSS LOW" "booking-system 2.9.9.2.9 Subscriber+.SQLi HIGH" "booking-system 2.1 Authenticated.Blind.SQL.Injection HIGH" "booking-sms 1.1.0 Cross-Site.Scripting.(XSS) MEDIUM" "bp-user-to-do-list 3.0.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "business-directory-plugin 6.4.4 Authenticated.(Author+).CSV.Injection HIGH" "business-directory-plugin 6.4.3 Unauthenticated.SQL.Injection.via.listingfields.Parameter CRITICAL" "business-directory-plugin 6.3.10 Contributor+.Arbitrary.Listing.Deletion LOW" "business-directory-plugin 6.3.11 Cross-Site.Request.Forgery MEDIUM" "business-directory-plugin 5.11.2 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "business-directory-plugin 5.11.2 Arbitrary.Payment.History.Update MEDIUM" "business-directory-plugin 5.11.2 Arbitrary.Listing.Export HIGH" "business-directory-plugin 5.11.1 Arbitrary.Add/Edit/Delete.Form.Field.to.Stored.XSS HIGH" "business-directory-plugin 5.11 Arbitrary.File.Upload.to.RCE HIGH" "business-directory-plugin 5.11.1 Authenticated.PHP4.Upload.to.RCE MEDIUM" "booking-manager 2.1.6 Authenticated(Contributor+).SQL.Injection.via.Shortcode HIGH" "booking-manager 2.0.29 Subscriber+.SSRF MEDIUM" "badgeos No.known.fix Missing.Authorization MEDIUM" "badgeos No.known.fix Subscriber+.IDOR MEDIUM" "badgeos No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "badgeos No.known.fix Missing.Authorization.in.delete_badgeos_log_entries MEDIUM" "badgeos No.known.fix CSRF MEDIUM" "badgeos 3.7.1.3 Subscriber+.SQLi HIGH" "badgeos 3.7.1 Unauthenticated.SQLi HIGH" "buddypress-members-only 3.4.9 Improper.Access.Control.to.Sensitive.Information.Exposure.via.REST.API MEDIUM" "buddypress-activity-plus 1.6.2 Cross-Site.Request.Forgery.(CSRF) HIGH" "buttons-shortcode-and-widget No.known.fix Stored.XSS.via.shortcode MEDIUM" "buttons-shortcode-and-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "better-click-to-tweet 5.10.4 Settings.Update.via.CSRF MEDIUM" "bsd-woo-stripe-connect-split-pay 3.2.10 Reflected.Cross-Site.Scripting MEDIUM" "bsd-woo-stripe-connect-split-pay 3.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ba-book-everything 1.6.21 Reflected.Cross-Site.Scripting MEDIUM" "ba-book-everything 1.6.21 Unauthenticated.Arbitrary.User.Password.Reset MEDIUM" "ba-book-everything 1.6.21 Cross-Site.Request.Forgery.to.Email.Address.Update/Account.Takeover HIGH" "ba-book-everything 1.6.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ba-book-everything 1.6.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "ba-book-everything 1.6.5 Authenticated.(Contributor+).SQL.Injection CRITICAL" "ba-book-everything 1.3.25 Unauthenticated.Reflected.XSS.&.XFS MEDIUM" "breadcrumb-simple No.known.fix Admin+.Stored.XSS LOW" "bonus-for-woo 5.8.3 Reflected.Cross-Site.Scripting HIGH" "bookmarkify No.known.fix Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "bp-toolkit 3.6.1 Reflected.Cross-Site.Scripting MEDIUM" "bp-toolkit 3.3.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "builder-style-manager 0.7.7 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "bulk-delete-users-by-email No.known.fix User.Deletion.via.CSRF HIGH" "bulk-delete-users-by-email No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "buddypress-check-ins-pro 1.4.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "brands-for-woocommerce 3.8.2.3 Cross-Site.Request.Forgery MEDIUM" "brands-for-woocommerce 3.8.2.3 Missing.Authorization.to.Unauthenticated.Order.Manipulation.and.Information.Retrieval MEDIUM" "brands-for-woocommerce 3.8.2 Contributor+.Stored.XSS MEDIUM" "brutebank 1.9 WP.Security.&.Firewall.<.1.9.-.Settings.Update.via.CSRF MEDIUM" "booking-package 1.6.29 Unauthenticated.Price.Manipulation MEDIUM" "booking-package 1.6.02 Reflected.XSS HIGH" "booking-package 1.5.29 Unauthenticated.Sensitive.Data.Disclosure HIGH" "booking-package 1.5.11 Reflected.Cross-Site.Scripting MEDIUM" "bulk-change No.known.fix Authenticated.Reflected.Cross-Site.Scripting CRITICAL" "bold-page-builder 5.1.1 -.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bold-page-builder 5.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bold-page-builder 5.0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.bt_bb_button.Shortcode MEDIUM" "bold-page-builder 4.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.HTML.Tags MEDIUM" "bold-page-builder 4.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Separator.Element MEDIUM" "bold-page-builder 4.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via."Price.List".Element MEDIUM" "bold-page-builder 4.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.AI.Features MEDIUM" "bold-page-builder 4.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Widget.URL.Attribute MEDIUM" "bold-page-builder 4.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.bt_bb_price_list.Shortcode MEDIUM" "bold-page-builder 4.7.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.class MEDIUM" "bold-page-builder 4.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Icon.Link MEDIUM" "bold-page-builder 4.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Raw.Content MEDIUM" "bold-page-builder 4.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.URL MEDIUM" "bold-page-builder 4.7.0 Contributor+.Stored.XSS MEDIUM" "bold-page-builder 4.3.3 Admin+.Stored.Cross-Site.Scripting MEDIUM" "bold-page-builder 3.1.6 PHP.Object.Injection MEDIUM" "bold-page-builder 2.3.2 Missing.Access.Controls HIGH" "bcorp-shortcodes No.known.fix .Unauthenticated.PHP.Object.Injection CRITICAL" "buddyforms-posts-to-posts-integration 1.1.4 Reflected.Cross-Site.Scripting MEDIUM" "bc-woo-custom-thank-you-pages 1.4.14 Missing.Authorization MEDIUM" "buffer-my-post No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "buffer-my-post No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "back-in-stock-notifier-for-woocommerce 5.3.2 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "bmi-calculator-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "beepress No.known.fix Cross-Site.Request.Forgery.via.beepress-pro.php MEDIUM" "business-card-by-esterox-100 No.known.fix Admin+.File.Upload MEDIUM" "business-card-by-esterox-100 No.known.fix Arbitrary.Card.Deletion.via.CSRF MEDIUM" "business-card-by-esterox-100 No.known.fix Category.Edit.via.CSRF MEDIUM" "business-card-by-esterox-100 No.known.fix Card.Edit.via.CSRF MEDIUM" "business-card-by-esterox-100 No.known.fix Category.Deletion.via.CSRF MEDIUM" "buddydrive 2.1.2 Reflected.Cross-Site.Scripting MEDIUM" "bricksbuilder 1.9.9 Insecure.Direct.Object.Reference MEDIUM" "base64-encoderdecoder No.known.fix Reflected.XSS HIGH" "base64-encoderdecoder No.known.fix Settings.Reset.via.CSRF MEDIUM" "base64-encoderdecoder No.known.fix Stored.XSS.via.CSRF HIGH" "bg-biblie-references No.known.fix Reflected.XSS HIGH" "books-papers No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "bp-wc-vendors No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bp-wc-vendors No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "better-elementor-addons 1.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "better-elementor-addons 1.4.2 Authenticated(Contributor+).Local.File.Inclusion HIGH" "better-elementor-addons 1.4.2 Contributor+.Stored.XSS MEDIUM" "better-elementor-addons 1.3.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "better-elementor-addons 1.3.9 Subscriber+.Settings.Update./.Reset MEDIUM" "better-elementor-addons 1.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "blockart-blocks 2.1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bulk-creator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "best-woocommerce-feed 7.3.16 Authenticated.(Admin+).Directory.Traversal LOW" "best-woocommerce-feed 3.0 Reflected.Cross-Site.Scripting MEDIUM" "best-woocommerce-feed 2.2.3.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "backend-designer 1.4 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "bws-pinterest 1.0.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "b-slider 1.1.13 Slider.for.your.block.editor.<.1.1.13.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bigbluebutton No.known.fix Reflected.XSS HIGH" "bigbluebutton 2.2.4 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "bootstrap-shortcodes No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "bwl-advanced-faq-manager 2.0.4 Authenticated.(Administrator+).SQL.Injection CRITICAL" "button 1.1.28 Contributor+.PHP.Object.Injection.in.button_shortcode MEDIUM" "button 1.1.24 Admin+.Stored.XSS LOW" "betterdocs 3.5.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "betterdocs 3.5.9 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "betterdocs 3.3.4 Unauthenticated.PHP.Object.Injection CRITICAL" "betterdocs 3.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "betterdocs 2.5.3 Missing.Authorization.via.AJAX.actions MEDIUM" "betterdocs 1.9.2 Reflected.Cross-Site.Scripting HIGH" "betterdocs 1.9.0 Reflected.Cross-Site.Scripting HIGH" "bamboo-columns No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "booking-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "booking-for-woocommerce 4.2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bbs-e-popup No.known.fix Reflected.XSS HIGH" "better-robots-txt 1.4.6 Cross-Site.Request.Forgery MEDIUM" "better-robots-txt 1.4.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "better-robots-txt 1.2.6 Subscriber+.Arbitrary.Option.Update CRITICAL" "bj-lazy-load 1.0 Remote.File.Inclusion.(Timthumb) HIGH" "blog2social 7.5.5 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.File.Upload MEDIUM" "blog2social 7.4.2 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "blog2social 7.5.0 Information.Exposure MEDIUM" "blog2social 7.2.1 Reflected.XSS HIGH" "blog2social 6.9.12 Subscriber+.Settings.Update MEDIUM" "blog2social 6.9.10 Subscriber+.SQLi HIGH" "blog2social 6.9.10 Subscriber+.SSRF MEDIUM" "blog2social 6.8.7 Reflected.Cross-Site.Scripting HIGH" "blog2social 6.3.1 Authenticated.SQL.Injection CRITICAL" "blog2social 5.9.0 Cross-Site.Scripting.Issue MEDIUM" "blog2social 5.6.0 SQL.Injection CRITICAL" "blog2social 5.0.3 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "bizlibrary No.known.fix Admin+.Stored.XSS LOW" "bing-site-verification-using-meta-tag No.known.fix Admin+.Stored.XSS LOW" "bulk-add-to-cart-xforwc 1.3.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "block-specific-plugin-updates 3.3.2 Arbitrary.Plugin.Update.Blocking.via.CSRF MEDIUM" "bannerlid No.known.fix Reflected.XSS HIGH" "bulk-noindex-nofollow-toolkit-by-mad-fish 2.16 Reflected.Cross-Site.Scripting MEDIUM" "bulk-noindex-nofollow-toolkit-by-mad-fish 2.10 Reflected.Cross-Site.Scripting.via.tab,.order,.and.orderby MEDIUM" "bulk-noindex-nofollow-toolkit-by-mad-fish 1.5 Reflected.XSS HIGH" "bulk-noindex-nofollow-toolkit-by-mad-fish 1.51 Missing.Authorization MEDIUM" "bsk-gravityforms-blacklist 3.9 Reflected.Cross-Site.Scripting MEDIUM" "bsk-gravityforms-blacklist 3.8.1 Reflected.Cross-Site.Scripting MEDIUM" "bsk-gravityforms-blacklist 3.7 Admin+.Stored.Cross-Site.Scripting LOW" "csv-import-export No.known.fix Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "comment-blacklist-updater 1.2.0 Cross-Site.Request.Forgery.via.update_blacklist_manual MEDIUM" "cbxwpbookmark 1.7.22 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cbxwpbookmark 1.7.21 Admin+.SQLi MEDIUM" "cbxwpbookmark 1.7.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cbxwpbookmark 1.6.9 Reflected.Cross-Site.Scripting HIGH" "contexture-page-security No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "cryptocurrency-widgets-pack 2.0 Unauthenticated.SQLi HIGH" "copy-me No.known.fix Copy.Posts.Cross-Site.Request.Forgery.(CSRF) MEDIUM" "content-egg 5.5.0 Multiple.CSRF MEDIUM" "content-egg 5.3.1 Reflected.Cross-Site.Scripting MEDIUM" "content-egg 5.3.0 Reflected.Cross-Site.Scripting MEDIUM" "cf7-file-download No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "content-hubs No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "content-hubs 1.0.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "classyfrieds No.known.fix Authenticated.Arbitrary.File.Upload.to.RCE CRITICAL" "coming-soon-wp 2.1.3 Maintenance.Mode.Bypass MEDIUM" "coming-soon-wp 1.6.7 Admin+.Stored.Cross-Site.Scripting MEDIUM" "coupons 1.4.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "connected-sermons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "connected-sermons No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "contact-form-to-email 1.3.45 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "contact-form-to-email 1.3.42 Captcha.Bypass MEDIUM" "contact-form-to-email 1.3.44 Editor+.Stored.Cross-Site.Scripting LOW" "contact-form-to-email 1.3.38 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "contact-form-to-email 1.3.25 Admin+.Stored.Cross-Site.Scripting LOW" "contact-form-to-email 1.2.66 Multiple.Cross-Site.Scripting.(XSS).&.CSRF HIGH" "cashtomer No.known.fix Authenticated.SQL.Injection MEDIUM" "cm-video-lesson-manager-pro 3.5.9 Admin+.Stored.Cross-Site.Scripting LOW" "content-aware-sidebars 3.19.1 Reflected.Cross-Site.Scripting MEDIUM" "content-aware-sidebars 3.17.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "content-aware-sidebars 3.8.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "copyscape-premium No.known.fix Cross-Site.Request.Forgery MEDIUM" "classic-editor-addon 2.6.4 Arbitrary.Plugin.Installation.from.Dependency.via.CSRF LOW" "classic-editor-addon 2.6.4 Subscriber+.Arbitrary.Plugin.Activation MEDIUM" "colibri-page-builder 1.0.277 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.colibri_video_player.Shortcode MEDIUM" "colibri-page-builder 1.0.277 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "colibri-page-builder 1.0.274 Contributor+.Stored.Cross-Site.Scripting.via.the.plugin's.'colibri_breadcrumb_element'.shortcode MEDIUM" "colibri-page-builder 1.0.264 Author+.Stored.Cross-Site.Scripting MEDIUM" "colibri-page-builder 1.0.274 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "colibri-page-builder 1.0.270 Contributor+.Stored.XSS MEDIUM" "colibri-page-builder 1.0.249 Missing.Authorization MEDIUM" "colibri-page-builder 1.0.260 Import.Images,.Delete.Post,.Save.Theme.Data.via.CSRF MEDIUM" "colibri-page-builder 1.0.260 Arbitrary.Shortcode.Call.via.CSRF MEDIUM" "colibri-page-builder 1.0.240 Contributor+.Stored.XSS MEDIUM" "colibri-page-builder 1.0.248 Contributor+.Stored.XSS MEDIUM" "colibri-page-builder 1.0.229 Admin+.SQL.Injection MEDIUM" "choice-payment-gateway-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "choice-payment-gateway-for-woocommerce 2.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "change-login-logo 1.1.5 Authenticated.Stored.Cross-Site.Scripting LOW" "convoworks-wp 0.22.15 Reflected.Cross-Site.Scripting MEDIUM" "convoworks-wp 0.22.14 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cardealer 4.16 Admin+.Content.Injection LOW" "cardealer 3.05 Subscriber+.Arbitrary.Plugin.Installation HIGH" "content-excel-importer 4.3 Reflected.Cross-Site.Scripting MEDIUM" "coupon-zen 1.0.6 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "cardinity-free-payment-gateway-for-woocommerce 3.0.7 Reflected.Cross-Site.Scripting HIGH" "custom-product-list-table No.known.fix Cross-Site.Request.Forgery MEDIUM" "co-marquage-service-public 0.5.72 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "co-marquage-service-public 0.5.73 Reflected.Cross-Site.Scripting.via.search_term MEDIUM" "customize-login No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "cookies-by-jm No.known.fix Admin+.Stored.XSS LOW" "custom-tinymce-shortcode-button No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "custom-add-to-cart-button-for-woocommerce No.known.fix Missing.Authorization MEDIUM" "company-updates-for-linkedin No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "conditional-marketing-mailer 1.5.2 Arbitrary.Plugin.Installation/Activation.via.Low.Privilege.User CRITICAL" "conditional-marketing-mailer 1.6 Arbitrary.Plugin.Installation/Activation.via.CSRF CRITICAL" "cf7-database 3.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-search-plugin 1.36 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "carousel-ck No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "custom-sidebars 3.1.0 CSRF HIGH" "custom-sidebars 3.0.8.1 CSRF HIGH" "cab-fare-calculator No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "cab-fare-calculator 1.0.4 Unauthenticated.LFI MEDIUM" "csprite No.known.fix Cross-Site.Request.Forgery MEDIUM" "cookiehub 1.1.1 Missing.Authorization MEDIUM" "carrrot No.known.fix Admin+.Stored.XSS LOW" "coreactivity 2.1 Unauthenticated.IP.Spoofing MEDIUM" "coreactivity 1.8.1 Unauthenticated.Stored.XSS HIGH" "custom-post-type-generator No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "collapsing-archives 3.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "counter-yandex-metrica No.known.fix Admin+.Stored.XSS LOW" "custom-post-view-generator No.known.fix Reflected.Cross-Site.Scripting HIGH" "copy-delete-posts 1.4.0 Subscriber+.Plugin.Installation MEDIUM" "copy-delete-posts 1.4.0 Plugin.Installation.via.CSRF MEDIUM" "copy-delete-posts 1.2.0 Authenticated.SQL.Injection MEDIUM" "circle-image-slider-with-lightbox 1.0.1 Image.Data.Update.via.CSRF MEDIUM" "circle-image-slider-with-lightbox 1.0.18 Reflected.Cross-Site.Scripting MEDIUM" "circle-image-slider-with-lightbox 1.0.16 Reflected.Cross-Site.Scripting MEDIUM" "cart-tracking-for-woocommerce 1.0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "captchinoo-captcha-for-login-form-protection 2.5 Arbitrary.Plugin.Installation/Activation.via.CSRF CRITICAL" "captchinoo-captcha-for-login-form-protection 2.4 Arbitrary.Plugin.Installation/Activation.via.Low.Privilege.User CRITICAL" "conditional-menus 1.2.1 Reflected.XSS HIGH" "click-to-call-or-chat-buttons 1.5.0 Admin+.Stored.XSS LOW" "commons-booking No.known.fix Code/Timeframe/Booking.Deletion.via.CSRF MEDIUM" "commons-booking No.known.fix Admin+.Stored.XSS LOW" "category-seo-meta-tags No.known.fix Cross-Site.Request.Forgery.via.csmt_admin_options MEDIUM" "category-seo-meta-tags No.known.fix Admin+.Stored.XSS LOW" "comment-press 2.7.2 Unauthenticated.Cross-Frame.Scripting HIGH" "calculator-builder 1.5.1 Reflected.XSS MEDIUM" "custom-add-user No.known.fix Reflected.Cross-Site.Scripting HIGH" "custom-fields-shortcode No.known.fix Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "cf7-invisible-recaptcha 1.3.4 CSRF MEDIUM" "cf7-invisible-recaptcha 1.3.2 XSS MEDIUM" "cartflows-pro 1.11.13 CSRF MEDIUM" "cartflows-pro 1.11.12 Reflected.Cross-Site.Scripting HIGH" "catablog No.known.fix Authenticated.(Editor+).Arbitrary.File.Upload HIGH" "catablog No.known.fix Authenticated.(Editor+).Arbitrary.File.Deletion MEDIUM" "codeflavors-vimeo-video-post-lite 2.2.2 Reflected.XSS HIGH" "clean-social-icons No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "co2ok-for-woocommerce 2.0.4 Reflected.Cross-Site.Scripting MEDIUM" "co2ok-for-woocommerce 1.0.9.22 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "co2ok-for-woocommerce 1.0.9.22 Subscriber+.Arbitrary.Option.Update CRITICAL" "contact-form-advanced-database No.known.fix Unauthorised.AJAX.Calls MEDIUM" "contact-form-to-any-api 1.2.5 Unauthenticated.Stored.Cross-Site.Scripting.via.Contact.Form HIGH" "contact-form-to-any-api 1.1.9 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "contact-form-to-any-api 1.1.7 Subscriber+.API.Entry.Record.Deletion MEDIUM" "contact-form-to-any-api 1.1.3 Admin+.SQLi MEDIUM" "custom-registration-form-builder-with-submission-manager 6.0.1.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "custom-registration-form-builder-with-submission-manager 6.0.0.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "custom-registration-form-builder-with-submission-manager 5.3.2.1 Reflected.Cross-Site.Scripting MEDIUM" "custom-registration-form-builder-with-submission-manager 5.3.2.0 Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "custom-registration-form-builder-with-submission-manager 5.3.1.0 Cross-Site.Request.Forgery MEDIUM" "custom-registration-form-builder-with-submission-manager 5.2.6.0 Reflected.Cross-Site.Scripting MEDIUM" "custom-registration-form-builder-with-submission-manager 5.3.1.0 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "custom-registration-form-builder-with-submission-manager 5.2.6.0 Cross-Site.Request.Forgery MEDIUM" "custom-registration-form-builder-with-submission-manager 5.2.5.1 IP.Spoofing MEDIUM" "custom-registration-form-builder-with-submission-manager 5.2.5.1 Form.Submission.Limit.Bypass MEDIUM" "custom-registration-form-builder-with-submission-manager 5.2.4.6 Authenticated(Administrator+).SQL.Injection MEDIUM" "custom-registration-form-builder-with-submission-manager 5.2.3.1 Missing.Authorization MEDIUM" "custom-registration-form-builder-with-submission-manager 5.2.3.0 Cross-Site.Request.Forgery MEDIUM" "custom-registration-form-builder-with-submission-manager 5.2.4.2 Reflected.Cross-Site.Scripting.via.section_id MEDIUM" "custom-registration-form-builder-with-submission-manager 5.2.1.1 Unauthenticated.Authentication.Bypass CRITICAL" "custom-registration-form-builder-with-submission-manager 5.2.1.0 Admin+.Arbitrary.Password.Update.via.IDOR MEDIUM" "custom-registration-form-builder-with-submission-manager 5.1.9.3 Form.Deletion.via.CSRF MEDIUM" "custom-registration-form-builder-with-submission-manager 5.0.2.2 Admin+.SQL.Injection MEDIUM" "custom-registration-form-builder-with-submission-manager 5.0.1.9 Reflected.Cross-Site.Scripting HIGH" "custom-registration-form-builder-with-submission-manager 5.0.1.9 Reflected.Cross-Site.Scripting HIGH" "custom-registration-form-builder-with-submission-manager 5.0.1.6 Admin+.SQL.Injection MEDIUM" "custom-registration-form-builder-with-submission-manager 5.0.1.8 Authentication.Bypass CRITICAL" "custom-registration-form-builder-with-submission-manager 4.6.0.4 Multiple.Critical.Issues HIGH" "custom-registration-form-builder-with-submission-manager 4.6.0.3 Authenticated.SQL.Injection.via.Form_id MEDIUM" "custom-registration-form-builder-with-submission-manager 4.6.0.3 Multiple.Cross-Site.Scripting.(XSS) HIGH" "cpt-bootstrap-carousel No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cpt-bootstrap-carousel No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "cookie-law-info 1.8.3 Improper.Access.Controls CRITICAL" "comment-guestbook No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "convertbox-auto-embed 1.0.20 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "circles-gallery No.known.fix Admin+.Stored.XSS LOW" "contact-form-maker No.known.fix Admin+.SQLi MEDIUM" "contact-form-maker 1.13.5 Cross-Site.Request.Forgery.to.LFI HIGH" "cmb2 2.11.0 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "code-manager 1.0.26 Reflected.Cross-Site.Scripting MEDIUM" "code-manager 1.0.14 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cleanup-action-scheduler 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "coming-soon-maintenance-mode 1.0.6 Information.Exposure MEDIUM" "crelly-slider No.known.fix Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "crelly-slider No.known.fix Admin+.Stored.XSS LOW" "crelly-slider 1.3.5 Arbitrary.File.Upload HIGH" "coming-soon-page 3.7.4 IP.Address.Spoofing.via.get_real_ip MEDIUM" "coming-soon-page 3.6.8 Arbitrary.Email.Sending.to.Subscribed.Users.via.CSRF LOW" "coming-soon-page 3.6.7 Subscriber+.Arbitrary.Email.Sending.to.Subscribed.Users MEDIUM" "coming-soon-page 3.5.3 Authenticated.Stored.XSS LOW" "clinicalwp-core No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "clinicalwp-core No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "clinicalwp-core No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "cab-grid 1.6 Admin+.Stored.XSS LOW" "continuous-announcement-scroller No.known.fix Admin+.Stored.XSS LOW" "coinbase-commerce-for-contact-form-7 1.1.2 Reflected.Cross-Site.Scripting MEDIUM" "campaign-monitor-wp 2.5.6 Subscriber+.Arbitrary.Options.Update MEDIUM" "cm-on-demand-search-and-replace 1.3.9 Plugin.Reset.via.CSRF MEDIUM" "cm-on-demand-search-and-replace 1.3.1 Multiple.CSRF MEDIUM" "cm-on-demand-search-and-replace 1.3.1 Admin+.Stored.XSS LOW" "community-events 1.5.1 Admin+.Stored.XSS LOW" "community-events 1.5 Event.Deletion.via.CSRF MEDIUM" "community-events 1.4.9 Admin+.Stored.XSS LOW" "community-events 1.4.8 Reflected.Cross-Site.Scripting.(XSS) HIGH" "community-events 1.4 SQL.Injection CRITICAL" "cozy-addons 2.0.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cozy-addons 1.2.4 Reflected.Cross-Site.Scripting MEDIUM" "clever-fox 25.2.1 Missing.Authorization.to.arbitrary.theme.activation.via.clever-fox-activate-theme MEDIUM" "clever-fox 25.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cm-email-blacklist 1.4.9 Add/Delete.Emails.via.CSRF.Add.and.delete.any.item.from.blacklist/whitelist MEDIUM" "caddy 1.9.8 Cross-Site.Request.Forgery MEDIUM" "cryptocurrency-prices No.known.fix Contributor+.Stored.XSS MEDIUM" "customize-my-account-for-woocommerce 1.8.4 Cross-Site.Request.Forgery.via.restore_my_account_tabs MEDIUM" "ct-ultimate-gdpr 2.5 Unauthenticated.Plugin.Settings.Export.and.Import CRITICAL" "contact-form-generator No.known.fix Contributor+.SQLi MEDIUM" "contact-form-generator 2.6.0 Reflected.XSS HIGH" "contact-form-generator 2.5.5 Multiple.Cross-Site.Request.Forgery.(CSRF) HIGH" "configure-smtp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7-multi-step-module 4.3.1 Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7-multi-step-module 4.1.91 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "contact-form-7-multi-step-module 3.0.9 Subscriber+.Arbitrary.Option.Update CRITICAL" "cheetaho-image-optimizer 1.4.3.2 Reflected.Cross-Site.Scripting MEDIUM" "checklist 1.1.9 Unauthenticated.Reflected.XSS MEDIUM" "cc-child-pages 1.43 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "check-email 1.0.10 Unauthenticated.Hook.Injection HIGH" "check-email 1.0.6 Reflected.Cross-Site.Scripting MEDIUM" "check-email 1.0.4 Reflected.Cross-Site.Scripting HIGH" "check-email 1.0.3 Admin+.SQL.Injections MEDIUM" "check-email 0.5.2 Cross-Site.Scripting.(XSS) MEDIUM" "cf7-store-to-db-lite 1.1.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "cf7-store-to-db-lite 1.1.0 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "current-book No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "child-support-calculator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "child-support-calculator 1.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "culqi-checkout 3.0.15 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "content-collector No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "content-collector No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "cbxpetition No.known.fix Unauthenticated.SQLi HIGH" "cp-easy-form-builder 1.2.32 Admin+.Stored.Cross-Site.Scripting LOW" "categories-gallery-woocommerce No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "credit-tracker No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "contact-form-submissions 1.7.3 Unauthenticated.Stored.XSS HIGH" "contact-form-submissions 1.7.1 Authenticated.Double.Query.SQL.injection MEDIUM" "contact-form-submissions 1.7.1 Authenticated.SQL.Injection MEDIUM" "custom-sub-menus No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "column-matic No.known.fix Contributor+.Stored.XSS MEDIUM" "cart-lift 3.1.6 Reflected.XSS HIGH" "canecto No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "convertkit 2.4.9.1 Missing.Authorization MEDIUM" "convertkit 2.4.6 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "convertkit 2.2.1 Reflected.XSS HIGH" "convertkit 2.0.5 Contributor+.Stored.XSS MEDIUM" "cleantalk-spam-protect 6.21 Counters.Reset/Creation.via.CSRF MEDIUM" "cleantalk-spam-protect 6.21 Email.Update.via.CSRF MEDIUM" "cleantalk-spam-protect 5.185.1 Admin+.SQLi MEDIUM" "cleantalk-spam-protect 5.174.1 Reflected.Cross-Site.Scripting MEDIUM" "cleantalk-spam-protect 5.153.4 Unauthenticated.Blind.SQL.Injection HIGH" "cleantalk-spam-protect 5.149 Multiple.Authenticated.SQL.Injections MEDIUM" "cleantalk-spam-protect 5.127.4 Cross-Site.Scripting.Issue MEDIUM" "cleantalk-spam-protect 5.22 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "cf7-google-sheets-connector-pro 2.3.7 Reflected.XSS HIGH" "commentluv No.known.fix Unauthenticated.SSRF MEDIUM" "cartflows 2.0.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cartflows 2.0.2 Editor+.Stored.XSS LOW" "cartflows 1.6.13 Authenticated.Stored.XSS.via.FB.Pixel.ID.and.Google.Analytics.ID MEDIUM" "cartflows 1.5.16 Cross-Site.Request.Forgery MEDIUM" "cartflows 1.5.16 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "comments-import-export-woocommerce 2.3.9 Authenticated.(Author+).Arbitrary.File.Read.via.Directory.Traversal MEDIUM" "comments-import-export-woocommerce 2.3.6 Cross-Site.Request.Forgery MEDIUM" "comments-import-export-woocommerce 2.1.11 Cross-Site.Request.Forgery.(CSRF).Issue HIGH" "custom-css-js 3.4 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "cm-download-manager 2.9.0 Download.Unpublish.via.CSRF MEDIUM" "cm-download-manager 2.9.0 Download.Deletion.via.CSRF MEDIUM" "cm-download-manager 2.9.1 Download.Edit.via.CSRF MEDIUM" "cm-download-manager 2.8.6 Admin+.Arbitrary.File.Upload MEDIUM" "cm-download-manager 2.8.0 Authenticated.Arbitrary.File.Deletion MEDIUM" "cm-download-manager 2.8.0 Unauthenticated.Reflected.Cross.Site.Scripting.(XSS) MEDIUM" "cm-download-manager 2.8.0 Authenticated.Cross-Site.Scripting MEDIUM" "cm-download-manager 2.0.7 CSRF.to.Cross-Site.Scripting HIGH" "cm-download-manager 2.0.4 Unauthenticated.Code.Injection CRITICAL" "complete-open-graph No.known.fix Admin+.Stored.XSS LOW" "clotya-core No.known.fix Reflected.Cross-Site.Scripting HIGH" "coschedule-by-todaymade 3.3.9 CSRF MEDIUM" "cf7-redirect-thank-you-page 1.0.4 Cross-Site.Request.Forgery MEDIUM" "cbxgooglemap 1.1.12 Contributor+.Stored.XSS MEDIUM" "cbxgooglemap 1.1.12 Contributor+.Stored.XSS.via.shortcode MEDIUM" "cf7-field-validation No.known.fix Unauthenticated.SQLi HIGH" "cardoza-wordpress-poll No.known.fix Authenticated.SQL.Injection HIGH" "cardoza-wordpress-poll 34.06 Multiple.External.Function.Remote.Poll.Manipulation CRITICAL" "cardoza-wordpress-poll 33.6 Multiple.SQL.Injection.Vulnerabilities CRITICAL" "ct-commerce No.known.fix Admin+.Stored.XSS LOW" "change-wc-price-title 2.4 Reflected.Cross-Site.Scripting MEDIUM" "change-wc-price-title 2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "contact-form-lite 1.1.25 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "coming-soon-maintenance-mode-from-acurax No.known.fix Unauthenticated.IP.Spoofing MEDIUM" "coming-soon-maintenance-mode-from-acurax No.known.fix Information.Exposure MEDIUM" "coming-soon-maintenance-mode-from-acurax No.known.fix Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "coming-soon-maintenance-mode-from-acurax No.known.fix Unauthenticated.Stored.XSS HIGH" "custom-contact-forms 5.1.0.4 Unauthenticated.Database.Import/Export CRITICAL" "custom-contact-forms 5.1.0.3 Authenticated.Cross.Site.Scripting CRITICAL" "continuous-image-carousel-with-lightbox 1.0.16 Reflected.XSS HIGH" "customize-login-image 3.5.3 Admin+.Stored.Cross-Site.Scripting LOW" "click-to-chat-for-whatsapp 4.0 Contributor+.LFI HIGH" "click-to-chat-for-whatsapp 3.18.1 Contributor+.Stored.XSS MEDIUM" "capa No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "customizer-export-import 0.9.7.1 Authenticated.(Admin+).Arbitrary.File.Upload.via.Customization.Settings.Import MEDIUM" "customizer-export-import 0.9.6 Admin+.PHP.Object.Injection LOW" "customizer-export-import 0.9.5 Admin+.PHP.Objection.Injection MEDIUM" "customizer-export-import 0.9.5 Admin+.PHP.Object.Injection MEDIUM" "club-management-software No.known.fix Authenticated.SQL.Injection MEDIUM" "contentstudio 1.2.6 Nonce.Disclosure HIGH" "contentstudio 1.2.6 Authorisation.Bypass HIGH" "contentstudio 1.2.6 Unauthorised.Function.Calls HIGH" "captcha-code-authentication 3.0 Captcha.Bypass MEDIUM" "captcha-code-authentication 2.8 Settings.Update.via.CSRF MEDIUM" "customer-area 8.2.3 .Reflected.Cross-Site.Scripting MEDIUM" "customer-area 8.2.1 Subscriber+.Account.Address.Update MEDIUM" "customer-area 8.2.1 Subscriber+.Account.Address.Leak MEDIUM" "customer-area 8.1.4 Unauthorised.Actions.via.CSRF MEDIUM" "customer-area 7.4.3 XSS MEDIUM" "cancel-order-request-woocommerce 1.3.3 Admin+.Stored.XSS LOW" "cf7-customizer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cf7-customizer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cf7-customizer No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "contact-form-x 2.4.1 Reflected.Cross-Site.Scripting MEDIUM" "custom-order-numbers-for-woocommerce 1.4.1 CSRF MEDIUM" "clio-grow-form No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "clio-grow-form 1.0.1 Admin+.Stored.XSS LOW" "content-repeater No.known.fix Admin+.Stored.XSS LOW" "codepress-admin-columns 4.3.2 Authenticated.Stored.Cross-Site.Scripting.(XSS).in.Custom.Field MEDIUM" "codepress-admin-columns 4.3 Admin+.Stored.XSS.in.Label LOW" "contact-bank No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "cloudnet-sync No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "calendarista 15.5.9 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "currency-switcher 1.2.0.4 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "currency-switcher 1.2.0.2 Cross-Site.Request.Forgery MEDIUM" "currency-switcher 1.2.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "currency-switcher 1.2.0 Subscriber+.Missing.Authorization.Checks MEDIUM" "currency-switcher 1.2.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "currency-switcher 1.1.7 Arbitrary.Plugin's.Settings.Change.via.CSRF MEDIUM" "charitable 1.8.1.15 Insecure.Direct.Object.Reference.to.Account.Takeover.and.Privilege.Escalation CRITICAL" "charitable 1.8.1.8 Missing.Authorization.via.ajax_license_check() MEDIUM" "charitable 1.8.1.8 Missing.Authorization.to.Unauthorized.Donation MEDIUM" "charitable 1.7.0.14 Authenticated(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "charitable 1.7.0.13 Unauthenticated.Privilege.Escalation CRITICAL" "charitable 1.7.0.11 Reflected.XSS HIGH" "charitable 1.6.51 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "charitable 1.6.51 Donation.Plugin.<.1.6.51.-.Unauthenticated.Stored.Cross-Site.Scripting HIGH" "charitable 1.5.14 Unauthorised.Access HIGH" "cf7-constant-contact-fields-mapping No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cf7-constant-contact-fields-mapping No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "colorlib-coming-soon-maintenance No.known.fix Information.Exposure MEDIUM" "colorlib-coming-soon-maintenance 1.0.99 Admin+.Stored.Cross.Site.Scripting LOW" "clipr No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "clicksold-wordpress-plugin No.known.fix Admin+.XSS LOW" "cpa-offerwall No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cities-shipping-zones-for-woocommerce 1.2.8 Authenticated.(Shop.Manager+).Local.File.Inclusion HIGH" "control-block-patterns No.known.fix Missing.Authorization MEDIUM" "contact-form-multi 1.2.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "customer-reviews-collector-for-woocommerce 4.0 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "content-restrictor-for-divi 1.4.3 Reflected.Cross-Site.Scripting MEDIUM" "content-restrictor-for-divi 1.4.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cm-registration-pro 3.2.1 PHP.Object.Injection MEDIUM" "contact-form-check-tester No.known.fix Broken.Access.Control.to.Cross-Site.Scripting.(XSS) HIGH" "configure-login-timeout No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "crazy-bone No.known.fix Unauthenticated.Stored.XSS HIGH" "crazy-bone 0.6.0 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "captainform No.known.fix Reflected.Cross-Site.Scripting.via.REQUEST_URI MEDIUM" "captainform No.known.fix CSRF MEDIUM" "custom-welcome-guide 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "custom-welcome-guide 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "civicrm 5.24.3 Authenticated.Phar.Deserialization MEDIUM" "civicrm 5.28.1 CSRF.to.Stored.XSS MEDIUM" "cookie-notice-and-consent-banner 1.7.2 Admin+.Stored.XSS LOW" "cooked 1.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "cooked 1.8.0 Cooked.–.Recipe.Management.<=.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cooked 1.7.15.1 Contributor+.Stored.XSS MEDIUM" "cooked 1.1.13 Reflected.Cross-Site.Scripting MEDIUM" "cooked 1.7.9.1 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "cooked 1.7.5.6 Unauthenticated.Reflected.Cross.Site.Scripting.(XSS) MEDIUM" "connections 10.4.37 Contributor+.Stored.XSS MEDIUM" "connections 10.4.3 Admin+.Stored.Cross-Site.Scripting LOW" "connections 9.7 Admin+.CSV.Injection MEDIUM" "connections 8.5.9 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "checkout-files-upload-woocommerce 2.1.3 Reflected.Cross-Site.Scripting MEDIUM" "coming-soon 6.18.4 Editor+.Stored.XSS MEDIUM" "coming-soon 6.15.22 Unauthenticated.Plugin.Page.Content.Update MEDIUM" "coming-soon 6.15.15.3 Arbitrary.Settings.Update.via.CSRF MEDIUM" "coming-soon 5.1.2 Authenticated.Stored.Cross.Site.Scripting.(XSS) LOW" "cc-coming-soon No.known.fix Reflected.XSS HIGH" "canto 3.0.9 Unauthenticated.Remote.File.Inclusion CRITICAL" "canto 3.0.7 Unauthenticated.RCE CRITICAL" "canto 3.0.5 Unauthenticated.Remote.File.Inclusion CRITICAL" "canto No.known.fix Unauthenticated.Blind.SSRF MEDIUM" "contact-form-7-paypal-add-on 2.1 Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7-paypal-add-on 2.2 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "contact-form-7-paypal-add-on 1.9.4 Cross-Site.Request.Forgery MEDIUM" "content-text-slider-on-post 6.9 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "cookie-law-bar No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "catchers-helpdesk No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "comment-engine-pro No.known.fix Editor+.Stored.Cross-Site.Scripting LOW" "camptix 1.5.1 CSV.Injection.Bypasses.and.XSS HIGH" "checkout-freemius-rewamped 2.0.1 Reflected.Cross-Site.Scripting MEDIUM" "checkout-plugins-stripe-woo 1.9.2 Unauthenticated.Insecure.Direct.Object.Reference MEDIUM" "checkout-plugins-stripe-woo 1.9.2 Cross-Site.Request.Forgery MEDIUM" "checkout-plugins-stripe-woo 1.4.11 Settings.Update.via.CSRF MEDIUM" "chatbot-chatgpt 1.9.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "chatbot-chatgpt 2.0.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "chatbot-chatgpt 2.0.0 Unauthenticated.Arbitrary.File.Upload.via.chatbot_chatgpt_upload_file_to_assistant.Function CRITICAL" "credova-financial 1.4.9 Sensitive.Information.Disclosure MEDIUM" "constant-contact-forms 2.4.3 Information.Disclosure.via.Log.Files MEDIUM" "constant-contact-forms 1.8.8 Multiple.Authenticated.Stored.XSS MEDIUM" "custom-user-css No.known.fix Settings.Update.via.CSRF MEDIUM" "clickbank-ads-clickbank-widget 1.35 Admin+.Stored.Cross-Site.Scripting LOW" "clickbank-ads-clickbank-widget 1.35 CSRF.to.Stored.Cross-Site.Scripting HIGH" "contact-form-ready 2.0.12 Form.Styling.Update.via.CSRF MEDIUM" "callrail-phone-call-tracking 0.5.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "callrail-phone-call-tracking 0.4.10 Stored.XSS.via.CSRF MEDIUM" "cost-calculator-builder 3.2.29 Admin+.SQL.Injection MEDIUM" "cost-calculator-builder 3.2.16 Unauthenticated.SQL.Injection CRITICAL" "cost-calculator-builder 3.2.13 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Content.Creation MEDIUM" "cost-calculator-builder 3.2.13 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "cost-calculator-builder 2.3.3 Reflected.Cross-Site.Scripting MEDIUM" "current-template-name 1.1.10 Reflected.Cross-Site.Scripting MEDIUM" "configurable-tag-cloud-widget 5.3 Cross-Site.Request.Forgery MEDIUM" "cost-calculator-builder-pro No.known.fix .Unauthenticated.Price.Manipulation MEDIUM" "cost-calculator-builder-pro 3.1.76 Unauthenticated.Arbitrary.Email.Sending MEDIUM" "cost-calculator-builder-pro 3.1.73 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "cost-calculator-builder-pro 3.1.68 Unauthenticated.Cross-Site.Scripting.via.SVG.Upload HIGH" "complianz-gdpr 7.0.0 Cross-Site.Request.Forgery.to.Data.Request.Deletion MEDIUM" "complianz-gdpr 6.5.6 Admin+.Stored.XSS LOW" "complianz-gdpr 6.4.2 GDPR/CCPA.Cookie.Consent.<.6.4.2.-.Contributor+.Stored.XSS MEDIUM" "complianz-gdpr 6.3.4 Translator.SQLi MEDIUM" "complianz-gdpr 6.0.0 GDPR/CCPA.Cookie.Consent.<.6.0.0.-.Reflected.Cross-Site.Scripting MEDIUM" "custom-settings No.known.fix Admin+.Stored XSS LOW" "cache-images 3.2.1 Image.Upload./.Import.via.CSRF MEDIUM" "cool-timeline 2.4 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "cool-timeline 2.0.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "cool-timeline 2.0.3 Cross-Site.Request.Forgery MEDIUM" "contest-code-checker 1.9.8 Reflected.Cross-Site.Scripting MEDIUM" "contest-code-checker 1.9.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cc-custom-taxonmy No.known.fix Admin+.Stored.XSS LOW" "calendar-event 1.4.7 Reflected.Cross-Site.Scripting MEDIUM" "calendar-event 1.4.7 Unauthenticated.Arbitrary.Event.Deletion MEDIUM" "cf7-live-preview No.known.fix Missing.Authorization.via.update_option MEDIUM" "contact-forms No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "contact-forms 1.8.0 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "contact-forms 1.6.1 CSRF MEDIUM" "contact-forms 1.5.8 Cross-Site.Request.Forgery MEDIUM" "contact-forms 1.5.5 Reflected.XSS HIGH" "contact-forms 1.5.5 Unauthenticated.Stored.XSS HIGH" "contact-forms 1.4.12 Admin+.Stored.Cross-Site.Scripting LOW" "cysteme-finder 1.4 Unauthenticated.LFI.and.Unauthenticated.File.Upload CRITICAL" "custom-text-selection-colors No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "cpt-onomies No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "contact-form-7-mailchimp-extension No.known.fix Cross-Site.Request.Forgery MEDIUM" "contact-form-7-mailchimp-extension No.known.fix Subscriber+.Server-Side.Request.Forgery MEDIUM" "codelights-shortcodes-and-widgets No.known.fix Contributor+.Stored.XSS MEDIUM" "codelights-shortcodes-and-widgets No.known.fix Admin+.Stored.Cross.Site.Scripting MEDIUM" "cf7-conditional-fields 2.4.14 Cross-Site.Request.Forgery.to.Plugin.Setting.Reset MEDIUM" "cf7-conditional-fields 2.4.2 Missing.Authorization MEDIUM" "check-zipcode No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "check-zipcode No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "chatbot-support-ai No.known.fix Admin+.Stored.XSS LOW" "catch-import-export 1.9 Unauthorised.Plugin's.Setting.Change MEDIUM" "conditional-payments 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "cryout-serious-slider 1.2.5 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "cryout-serious-slider 1.2.5 Cross-Site.Request.Forgery MEDIUM" "custom-author-base No.known.fix Settings.Update.via.CSRF MEDIUM" "change-default-login-logo-url-and-title No.known.fix Cross-Site.Request.Forgery MEDIUM" "contact-form-with-a-meeting-scheduler-by-vcita No.known.fix Settings.Update.Via.CSRF MEDIUM" "contact-form-with-a-meeting-scheduler-by-vcita 4.10.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "cf7-antispam 0.6.1 Reflected.Cross-Site.Scripting MEDIUM" "cf7-insightly 1.0.9 Reflected.Cross-Site.Scripting HIGH" "checkout-for-paypal 1.0.14 Contributor+.Stored.XSS MEDIUM" "cpo-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "cpo-shortcodes No.known.fix Admin+.Stored.XSS LOW" "cube-slider No.known.fix Admin+.SQLi MEDIUM" "copify No.known.fix Stored.Cross-Site.Scripting.via.CSRF HIGH" "comment-reply-email 1.5 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "comment-reply-email 1.0.4 Admin+.Stored.XSS LOW" "crafty-social-buttons 1.5.8 XSS MEDIUM" "contests-from-rewards-fuel 2.0.65 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.update_rewards_fuel_api_key MEDIUM" "contests-from-rewards-fuel 2.0.63 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "content-sidebars No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "content-sidebars 1.6.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "custom-field-suite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.cfs[post_title] MEDIUM" "custom-field-suite No.known.fix Authenticated.(Contributor+).SQL.Injection.via.Term.Custom.Field HIGH" "custom-field-suite No.known.fix Contributor+.PHP.Code.Injection.via.Loop.Custom.Field HIGH" "custom-field-suite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.cfs[post_content] MEDIUM" "custom-field-suite 2.6.6 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "custom-field-suite 2.6.5 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "custom-field-suite 2.6.3 Admin+.Stored.XSS LOW" "custom-field-suite 2.5.15 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "comparison-slider No.known.fix Cross-Site.Request.Forgery MEDIUM" "comparison-slider No.known.fix Missing.Authorization MEDIUM" "comparison-slider No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "citadela-directory No.known.fix Cross-Site.Request.Forgery MEDIUM" "citadela-directory No.known.fix Unauthenticated.Sensitive.Information.Exposure HIGH" "caldera-forms-pro 1.8.2 Unauthenticated.Arbitrary.File.Read HIGH" "custom-header-images No.known.fix Cross-Site.Request.Forgery MEDIUM" "court-reservation No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "court-reservation 1.6.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "custom-post-type-pdf-attachment 3.4.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.pdf_attachment.Shortcode MEDIUM" "catch-duplicate-switcher 1.6 Unauthorised.Plugin's.Setting.Change MEDIUM" "cardoza-3d-tag-cloud No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "cardoza-3d-tag-cloud No.known.fix Stored.XSS.via.CSRF MEDIUM" "country-state-city-auto-dropdown 2.7.3 Unauthenticated.SQL.Injection CRITICAL" "country-state-city-auto-dropdown 2.7.2 Missing.Authorization MEDIUM" "cm-video-lesson-manager 1.7.2 Admin+.Stored.Cross-Site.Scripting LOW" "cyberus-key 1.1 Admin+.Stored.XSS LOW" "contact-forms-builder No.known.fix Authentication.Request.Bypass MEDIUM" "contact-forms-builder No.known.fix Reflected.XSS HIGH" "common-tools-for-site No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "custom-admin-login-styler-wpzest No.known.fix Admin+.Stored.XSS LOW" "comments-like-dislike 1.2.0 Subscriber+.Settings.Reset MEDIUM" "comments-like-dislike 1.1.4 Add.Like/Dislike.Bypass MEDIUM" "comment-reply-notification No.known.fix Cross-Site.Request.Forgery MEDIUM" "custom-admin-page 0.1.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "customily-v2 No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "current-menu-item-for-custom-post-types 1.6 Cross-Site.Request.Forgery MEDIUM" "coupon-reveal-button 1.2.6 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "countdown-builder 2.7.8.1 Missing.Authorization.to.Authenticated.(Subscriber+).PHP.Object.Injection MEDIUM" "countdown-builder 2.3.3 Reflected.Cross-Site.Scripting MEDIUM" "countdown-builder No.known.fix Pro.Features.Lock.Bypass LOW" "countdown-builder No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "countdown-builder 2.2.9 Reflected.Cross-Site.Scripting MEDIUM" "convert-post-types No.known.fix Cross-Site.Request.Forgery MEDIUM" "convert-post-types No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "clock-in-portal No.known.fix Designation.Deletion.via.CSRF MEDIUM" "clock-in-portal No.known.fix Holidays.Deletion.via.CSRF MEDIUM" "clock-in-portal No.known.fix Staff.Deletion.via.CSRF MEDIUM" "classified-listing-pro 2.0.20 Reflected.Cross-Site.Scripting MEDIUM" "classified-listing-pro 2.0.20 Reflected.Cross-Site.Scripting MEDIUM" "custom-tabs-for-products-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "category-post-list-widget No.known.fix Settings.Update.to.Stored.XSS.via.CSRF HIGH" "cloak-front-end-email 1.9.2 Contributor+.Stored.XSS MEDIUM" "custom-login 4.1.1 Subscriber+.Unauthorised.Action MEDIUM" "contact-form-7-to-database-extension 2.10.36 CSV.Injection CRITICAL" "comments-disable-accesspress 1.0.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "constant-contact-forms-by-mailmunch 2.1.0 Contributor+.Stored.XSS MEDIUM" "constant-contact-forms-by-mailmunch 2.0.11 Arbitrary.Settings.Update.via.CSRF MEDIUM" "client-dash No.known.fix Missing.Authorization MEDIUM" "client-dash No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "chamber-dashboard-business-directory 3.3.2 Reflected.Cross-Site.Scripting MEDIUM" "chamber-dashboard-business-directory 3.3.1 Authenticated.Stored.Cross-Site.Scripting HIGH" "contact-form-7-simple-recaptcha 0.1.2 Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7-simple-recaptcha 0.0.9 CSRF.to.Stored.XSS HIGH" "camera-slideshow No.known.fix Reflected.Cross-Site.Scripting HIGH" "cryptocurrency-product-for-woocommerce 3.16.10 Reflected.Cross-Site.Scripting MEDIUM" "cryptocurrency-product-for-woocommerce 3.14.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "catch-themes-demo-import 2.1.1 Admin+.Remote.Code.Execution MEDIUM" "catch-themes-demo-import 1.8 Admin+.Arbitrary.File.Upload CRITICAL" "catch-themes-demo-import 1.6 Unauthorised.Plugin's.Setting.Change MEDIUM" "call-now-icon-animate No.known.fix Admin+.Stored.XSS LOW" "chaty 3.2.3 Admin+.Stored.XSS LOW" "chaty 3.1.9 Editor+.Stored.XSS LOW" "chaty 3.1.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "chaty 3.1.2 Admin+.Stored.Cross-Site.Scripting LOW" "chaty 3.1 Admin+.Stored.Cross-Site.Scripting LOW" "chaty 3.1 Reflected.XSS HIGH" "chaty 3.0.3 Admin+.SQLi MEDIUM" "chaty 2.8.4 Admin+.Stored.Cross-Site.Scripting MEDIUM" "chaty 2.8.3 Reflected.Cross-Site.Scripting HIGH" "category-specific-rss-feed-menu 2.3 Admin+.Stored.XSS LOW" "category-specific-rss-feed-menu 2.2 Settings.Update.via.CSRF MEDIUM" "caldera-forms 1.7.5.1 Reflected.Cross-Site.Scripting MEDIUM" "caldera-forms 1.9.7 Reflected.Cross-Site.Scripting MEDIUM" "caldera-forms 1.9.5 Admin+.Stored.Cross-Site.Scripting LOW" "caldera-forms 1.6.0 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "custom-font-uploader 2.4.0 Custom.Font.Uploader.<.2.4.0.-.Missing.Authorization.to.Font.Deletion MEDIUM" "custom-font-uploader 2.2.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "college-publisher-import No.known.fix Arbitrary.File.Upload.to.RCE CRITICAL" "cf7-grid-and-styler-for-divi 1.5.2 Reflected.Cross-Site.Scripting MEDIUM" "cf7-grid-and-styler-for-divi 1.4.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "customer-reviews-woocommerce 5.48.0 Reflected.Cross-Site.Scripting.via.'s' MEDIUM" "customer-reviews-woocommerce 5.47.0 Missing.Authorization.to.Authenticated.(Subscriber+).Coupon.Search MEDIUM" "customer-reviews-woocommerce 5.47.0 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Email.Sending MEDIUM" "customer-reviews-woocommerce 5.39.0 Improper.Authorization.via.submit_review MEDIUM" "customer-reviews-woocommerce 5.38.10 Author+.Arbitrary.File.Upload HIGH" "customer-reviews-woocommerce 5.38.2 Missing.Authorization.via.manual.review.reminders MEDIUM" "customer-reviews-woocommerce 5.38.2 Cross-Site.Request.Forgery.via.manual.review.reminders MEDIUM" "customer-reviews-woocommerce 5.36.1 Missing.Authorization.in.Reviews.Exporter MEDIUM" "customer-reviews-woocommerce 5.36.1 Missing.Authorization MEDIUM" "customer-reviews-woocommerce 5.17.0 Contributor+.Stored.XSS MEDIUM" "customer-reviews-woocommerce 5.16.0 Contributor+.LFI CRITICAL" "customer-reviews-woocommerce 5.3.6 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "customer-reviews-woocommerce 5.3.6 Broken.Access.Control MEDIUM" "customer-reviews-woocommerce 5.3.6 Cross-Site.Request.Forgery MEDIUM" "campaign-url-builder 1.8.2 Contributor+.Stored.XSS MEDIUM" "cf7-mailchimp 1.1.1 Reflected.Cross-Site.Scripting HIGH" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5.1 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Admin+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5.1 Unauthenticated.SQL.Injection HIGH" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Admin+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Unauthenticated.SQL.Injection HIGH" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5.1 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Admin+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Admin+.SQL.Injection MEDIUM" "car No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "campation-postoffice No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "campation-postoffice 1.1.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "comments-not-replied-to 1.5.8 Reflected.Cross-Site.Scripting MEDIUM" "comments-not-replied-to 1.5.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "css3-rotating-words 5.7 Cross-Site.Request.Forgery MEDIUM" "css3-rotating-words 5.5 Cross-Site.Request.Forgery.via.save_admin_options MEDIUM" "coolclock 4.3.5 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "cookie-bar 2.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "cookie-bar 1.8.9 Admin+.Stored.Cross-Site.Scripting LOW" "cliengo No.known.fix Cross-Site.Request.Forgery MEDIUM" "cliengo 3.0.3 Chatbot.<.3.0.3.-.Missing.Authorization.to.Unauthenticated.Chatbot.Settings.Update MEDIUM" "cliengo 3.0.3 Chatbot.<.3.0.3.-.Missing.Authorization.to.Authorized.(Subscriber+).Chatbot.Settings.Update MEDIUM" "custom-fonts 2.1.5 Author+.Stored.XSS MEDIUM" "clickcease-click-fraud-protection 3.2.5 Improper.Authorization.to.sensitive.information.exposure.via.get_settings MEDIUM" "clickcease-click-fraud-protection 3.2.8 Cross-Site.Request.Forgery MEDIUM" "colorful-categories 2.0.15 Arbitrary.Colors.Update.via.CSRF MEDIUM" "comic-easel No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "crm-perks-forms 1.1.4 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "crm-perks-forms 1.1.6 Missing.Authorization.to.Unauthenticated.Form.Submission MEDIUM" "crm-perks-forms 1.1.5 Unauthenticated.SQL.Injection CRITICAL" "crm-perks-forms 1.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "crm-perks-forms 1.1.5 Authenticated.(Contributor+).SQL.Injection CRITICAL" "crm-perks-forms 1.1.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "crm-perks-forms 1.1.2 Admin+.Stored.Cross-Site.Scripting MEDIUM" "crm-perks-forms 1.1.1 Reflected.XSS HIGH" "cforms No.known.fix Unauthenticated.HTML.Injection.&.CSRF HIGH" "cforms No.known.fix Multiple.XSS MEDIUM" "cforms No.known.fix SQL.Injection CRITICAL" "cforms No.known.fix SQL.Injection CRITICAL" "cforms No.known.fix Remote.Code.Execution.via.Unauthorised.File.Upload MEDIUM" "cforms 13.2 XSS MEDIUM" "cforms 10.5 XSS MEDIUM" "car-rental No.known.fix Admin+.Stored.XSS LOW" "car-rental 1.0.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "conveythis-translate 235 Missing.Authorization.to.Limited.Option.Update MEDIUM" "conveythis-translate 224 Unauthenticated.Stored.Cross-Site.Scripting.via.api_key HIGH" "cp-image-store 1.0.68 Unauthenticated.SQLi HIGH" "conversion-de-moneda No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "christmasify 1.5.6 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "code-snippets-extended No.known.fix Arbitrary.Snippet.Deletion/Disabling.via.CSRF MEDIUM" "code-snippets-extended No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "code-snippets-extended No.known.fix RCE.via.CSRF HIGH" "cardgate 3.1.16 Unauthorised.Payments.Hijacking.and.Order.Status.Spoofing HIGH" "cartoon-url No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "custom-email-options No.known.fix Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "chained-quiz 1.3.2.9 Missing.Authorization MEDIUM" "chained-quiz 1.3.2.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "chained-quiz 1.3.2.6 Admin+.Stored.XSS LOW" "chained-quiz 1.3.2.4 Multiple.Reflected.Cross-Site.Scripting MEDIUM" "chained-quiz 1.3.2.3 Admin+.Stored.XSS LOW" "chained-quiz 1.3.2.5 Arbitrary.Quiz.Deletion.&.Copying.via.CSRF MEDIUM" "chained-quiz 1.3.2.5 Arbitrary.Question.Deletion.via.CSRF MEDIUM" "chained-quiz 1.3.2.3 Reflected.Cross-Site.Scripting MEDIUM" "chained-quiz 1.3.2.1 Multiple.Reflected.Cross-Site.Scripting MEDIUM" "chained-quiz 1.3.2.5 Submitted.Quiz.Response.Deletion.via.CSRF MEDIUM" "chained-quiz 1.2.7.2 Authenticated.Stored.Cross.Site.Scripting LOW" "chained-quiz 1.1.9.1 Authenticated.Stored.XSS MEDIUM" "chained-quiz 1.1.8.2 Unauthenticated.Reflected.XSS CRITICAL" "chained-quiz 1.0.9 Unauthenticated.SQL.Injection MEDIUM" "custom-registration-and-login-forms-with-new-recaptcha No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "custom-registration-and-login-forms-with-new-recaptcha No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "cf7-widget-elementor 2.4.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "cf7-widget-elementor 2.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.cf7_redirect_page.Attribute MEDIUM" "cf7-widget-elementor 2.4 Missing.Authorization MEDIUM" "click-to-top 1.2.8 Authenticated.Stored.Cross-Site.Scripting LOW" "convertplug 3.5.26.1 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "convertplug 3.5.26 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "convertplug 3.5.26 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Arbitrary.Options.Update MEDIUM" "convertplug 3.4.5 Multiple.Issues HIGH" "coneblog-widgets 1.4.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "coneblog-widgets 1.4.8 Reflected.Cross-Site.Scripting MEDIUM" "coneblog-widgets 1.4.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "child-theme-generator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cryptocurrency-donation-box 1.8 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "custom-order-statuses-for-woocommerce No.known.fix Missing.Authorization MEDIUM" "custom-order-statuses-for-woocommerce No.known.fix Cross-Site.Request.Forgery MEDIUM" "currency-switcher-woocommerce 2.11.2 Security.Restrictions.Bypass MEDIUM" "cpo-content-types No.known.fix Admin+.Stored.XSS LOW" "contact-us-page-contact-people 3.7.1 Contact.people.LITE.<.3.7.1.-.Contact.Update/Deletion/Creation.via.CSRF MEDIUM" "customer-chat-facebook No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "customer-chat-facebook No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "customer-chat-facebook No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "cybersoldier 1.7.0 Admin+.Stored.Cross-Site.Scripting LOW" "contact-form-with-captcha No.known.fix Cross-Site.Request.Forgery MEDIUM" "contact-form-with-captcha 1.6.8 CSRF.to.Stored.Cross-Site.Scripting HIGH" "chameleon 1.4.4 Admin+.Stored.XSS LOW" "conversation-watson 0.8.21 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "cf7-summary-and-print No.known.fix Cross-Site.Request.Forgery MEDIUM" "customizely No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "customizely 1.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "contact-form-add No.known.fix CSRF HIGH" "contact-form-add 1.9.8.4 Authenticated.Stored.Cross-Site.Scripting LOW" "contact-form-add 1.9.8.5 Reflected.Cross-Site.Scripting.(XSS) HIGH" "contact-form-manager 1.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cc-bmi-calculator 2.1.0 Contributor+.Stored.XSS MEDIUM" "calculatorpro-calculators No.known.fix Reflected.Cross-Site.Scripting.via.CP_preview_calc MEDIUM" "cleverwise-daily-quotes No.known.fix Stored.XSS.via.CSRF HIGH" "cryptocurrency-price-ticker-widget 2.8.1 Reflected.Cross-Site.Scripting MEDIUM" "cryptocurrency-price-ticker-widget 2.6.9 Missing.Authorization MEDIUM" "cryptocurrency-price-ticker-widget 2.6.6 2.6.5.-.Unauthenticated.SQL.Injection CRITICAL" "cryptocurrency-price-ticker-widget 2.5 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "commonsbooking 2.6.8 Unauthenticated.SQL.Injection HIGH" "cubewp-forms 1.1.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "contact-form-entries 1.3.9 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "contact-form-entries 1.3.4 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "contact-form-entries 1.3.3 Admin+.Arbitrary.File.Upload MEDIUM" "contact-form-entries 1.3.1 SQL.Injection MEDIUM" "contact-form-entries 1.3.1 Contributor+.Stored.XSS MEDIUM" "contact-form-entries 1.3.0 CSV.Injection MEDIUM" "contact-form-entries 1.2.4 Reflected.Cross-Site.Scripting HIGH" "contact-form-entries 1.2.2 Reflected.Cross-Site.Scripting HIGH" "contact-form-entries 1.2.1 Reflected.Cross-Site.Scripting HIGH" "contact-form-entries 1.1.7 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "callbook-mobile-bar No.known.fix Admin+.Stored.Cross.Site.Scripting LOW" "click-to-tweet No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "click-to-tweet No.known.fix Reflected.XSS HIGH" "click-to-tweet No.known.fix Missing.Authorization MEDIUM" "count-per-day 3.5.5 Stored.Cross-Site.Scripting.(XSS) HIGH" "count-per-day 3.5.5 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "count-per-day 3.4.1 SQL.Injection MEDIUM" "cloudflare 4.12.3 Missing.Authorization.via.initProxy MEDIUM" "cloudflare 1.1.12 Unauthenticated.RCE.via.PHPUnit CRITICAL" "custom-banners No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "custom-banners 3.3 CSRF.Nonce.Bypass.in.saveCustomFields MEDIUM" "custom-banners 2.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "currency-converter-calculator 1.3.2 Contributor+.Stored.XSS MEDIUM" "comicbookmanagementsystemweeklypicks 2.2.0 Admin+.SQLi MEDIUM" "compute-links No.known.fix Unauthenticated.Remote.File.Inclusion CRITICAL" "custom-map No.known.fix Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "catch-under-construction 1.4 Unauthorised.Plugin's.Setting.Change MEDIUM" "crayon-syntax-highlighter No.known.fix Contributor+.Server.Side.Request.Forgery MEDIUM" "crayon-syntax-highlighter No.known.fix Cross-Site.Request.Forgery MEDIUM" "crayon-syntax-highlighter 2.8.4 Multiple.XSS MEDIUM" "checkout-mestres-wp 8.6.1 Authenticated.(Admin+).Local.File.Inclusion HIGH" "checkout-mestres-wp 7.1.9.8 Unauthenticated.SQL.Injection CRITICAL" "checkout-mestres-wp 7.1.9.8 Missing.Authorization.to.Unauthenticated.Arbitrary.Options.Update CRITICAL" "checkout-mestres-wp 7.1.9.8 Authentication.Bypass.via.Password.Reset CRITICAL" "custom-global-variables 1.1.1 Stored.Cross-Site.Scripting.(XSS) HIGH" "contentlock No.known.fix Settings.Update.via.CSRF MEDIUM" "contentlock No.known.fix Email.Adding.via.CSRF MEDIUM" "contentlock No.known.fix Groups/Emails.Deletion.via.CSRF MEDIUM" "coming-soons No.known.fix Under.Construction.<=.1.2.0.-.Admin+.Stored.Cross-Site.Scripting LOW" "consensu-io No.known.fix Missing.Authorization.via.update_config_db() MEDIUM" "clover-online-orders 1.5.7 Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Data.Update MEDIUM" "clover-online-orders 1.5.7 Missing.Authorization.to.Plugin.Deactivation.and.Data.Deletion MEDIUM" "clover-online-orders 1.5.7 Missing.Authorization MEDIUM" "clover-online-orders 1.5.7 Missing.Authorization MEDIUM" "clover-online-orders 1.5.5 Cross-Site.Request.Forgery MEDIUM" "clover-online-orders 1.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "clover-online-orders 1.5.5 Reflected.XSS HIGH" "cta 2.5.1 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "change-memory-limit No.known.fix Missing.Authorization.via.admin_logic() MEDIUM" "chatbot 5.5.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "chatbot 5.3.6 Missing.Authorization.via.openai_file_list_callback MEDIUM" "chatbot 5.3.6 Missing.Authorization.via.openai_file_delete_callback MEDIUM" "chatbot 5.3.6 Missing.Authorization.via.openai_file_upload_callback MEDIUM" "chatbot 5.1.1 Unauthenticated.PHP.Object.Injection CRITICAL" "chatbot 4.7.9 Authenticated.(Administrator+).SQL.Injection HIGH" "chatbot 4.9.7 4.9.6.-.Authenticated.(Administrator+).Stored.Cross-Site.Scripting.in.FAQ.Builder MEDIUM" "chatbot 4.9.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "chatbot 4.9.3 Subscriber+.Arbitrary.File.Deletion CRITICAL" "chatbot 4.9.3 Missing.authorization.in.AJAX.calls MEDIUM" "chatbot 4.9.1 Subscriber+.Arbitrary.File.Deletion CRITICAL" "chatbot 4.9.1 Missing.authorization.in.AJAX.calls MEDIUM" "chatbot 4.9.1 Unauthenticated.Sensitive.Data.Disclosure MEDIUM" "chatbot 4.9.1 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "chatbot 4.9.1 Authenticated.(Subscriber+).Directory.Traversal.to.Arbitrary.File.Write.via.qcld_openai_upload_pagetraining_file CRITICAL" "chatbot 4.9.1 Unauthenticated.Blind.SQL.Injection CRITICAL" "chatbot 4.7.9 CSRF MEDIUM" "chatbot 4.7.8 Admin+.Stored.XSS.in.Language.Settings LOW" "chatbot 4.7.8 Admin+.Stored.XSS.in.FAQ.Builder LOW" "chatbot 4.6.1 Admin+.Stored.Cross-Site.Scripting LOW" "chatbot 4.5.6 Admin+.Stored.Cross-Site.Scripting LOW" "chatbot 4.5.5 Admin+.Stored.Cross-Site.Scripting LOW" "chatbot 4.5.1 Admin+.Stored.XSS LOW" "chatbot 4.4.9 Unauthenticated.Stored.XSS HIGH" "chatbot 4.4.5 Stored.XSS.via.CSRF HIGH" "chatbot 4.4.9 Subscriber+.OpenAI.Settings.Update.to.Stored.XSS HIGH" "chatbot 4.4.7 Unauthenticated.PHP.Object.Injection HIGH" "chatbot 4.3.0 Settings.Reset.via.CSRF MEDIUM" "chatbot 4.3.1 Admin+.Stored.XSS LOW" "chatbot 4.2.9 Unauthenticated.Settings.Reset MEDIUM" "cpo-companion No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cpo-companion 1.1.0 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "cpo-companion 1.1.0 Admin+.Stored.XSS LOW" "contact-form-7-style No.known.fix Cross-Site.Request.Forgery MEDIUM" "contact-form-7-style No.known.fix CSRF.Bypass.in.Multiple.Plugins MEDIUM" "contact-form-7-style No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting HIGH" "cf7-message-filter 1.6.2 Reflected.Cross-Site.Scripting MEDIUM" "cf7-message-filter 1.4.3 Reflected.Cross-Site.Scripting MEDIUM" "cf7-easy-math-captcha No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cost-of-goods-for-woocommerce 3.2.9 Reflected.Cross-Site.Scripting MEDIUM" "collectchat 2.4.4 Admin+.XSS LOW" "collectchat 2.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "collectchat 2.4.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "crafthemes-demo-import No.known.fix Missing.Authorization.to.Arbitrary.Plugin.Installation HIGH" "coditor No.known.fix Arbitrary.File.Edition,.Deletion.and.Internal.Directory.Listing.in.wp-content CRITICAL" "custom-post-type-cpt-cusom-taxonomy-ct-manager No.known.fix Stored.XSS.via.CSRF HIGH" "catch-gallery 1.7 Unauthorised.Plugin's.Setting.Change MEDIUM" "copy-the-code 2.6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "copy-the-code 2.6.4 Reflected.Cross-Site.Scripting MEDIUM" "candidate-application-form No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "chaty-pro 2.8.2 Reflected.Cross-Site.Scripting HIGH" "contest-gallery 23.1.3 Unauthenticated.Information.Exposure MEDIUM" "contest-gallery 23.1.3 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "contest-gallery 21.3.5 Authenticated.(Author+).Arbitrary.File.Deletion MEDIUM" "contest-gallery 21.3.6 Reflected.Cross-Site.Scripting MEDIUM" "contest-gallery 21.3.5 Authenticated.(Contributor+).SQL.Injection CRITICAL" "contest-gallery 21.3.2.1 Authenticated.(Contributor+).SQL.Injection CRITICAL" "contest-gallery 21.3.1 Author+.Stored.Cross.Site.Scripting MEDIUM" "contest-gallery 21.2.9 Cross-Site.Request.Forgery MEDIUM" "contest-gallery 21.2.8.1 Unauthenticated.Stored.XSS.via.HTTP.Headers HIGH" "contest-gallery 21.1.2.1 Reflected.XSS HIGH" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Admin+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Admin+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5.1 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Unauthenticated.SQL.Injection HIGH" "contest-gallery 19.1.5 Admin+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5.1 Unauthenticated.SQL.Injection HIGH" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5.1 Author+.SQL.Injection MEDIUM" "contest-gallery 14.0.0 Unauthenticated.Stored.XSS MEDIUM" "contest-gallery 17.0.5 Author+.SQLi HIGH" "contest-gallery 14.0.0 Author+.Stored.Cross-Site.Scripting MEDIUM" "contest-gallery 13.1.0.6 Missing.Access.Controls.to.Unauthenticated.SQL.injection./.Email.Address.Disclosure HIGH" "contest-gallery 13.1.0.7 Subscriber+.Email.Address.Disclosure MEDIUM" "contest-gallery 10.4.5 Cross-Site.Request.Forgery.(CSRF) HIGH" "cf7-styler-for-divi 1.3.3 Reflected.Cross-Site.Scripting MEDIUM" "cf7-styler-for-divi 1.3.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "contact-form-db-divi 1.2 Reflected.Cross-Site.Scripting MEDIUM" "change-prices-with-time-for-woocommerce 1.9.2 Reflected.Cross-Site.Scripting MEDIUM" "change-prices-with-time-for-woocommerce 1.8.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cf7-constant-contact No.known.fix Cross-Site.Request.Forgery MEDIUM" "cf7-constant-contact 1.1.5 Open.Redirect MEDIUM" "cf7-constant-contact 1.1.0 Reflected.Cross-Site.Scripting HIGH" "cornerstone 0.8.1 Reflected.Cross-Site.Scripting MEDIUM" "cornerstone 0.8.1 Reflected.Cross-Site.Scripting.via.PHP_SELF MEDIUM" "custom-tiktok-video-feed No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "catch-breadcrumb 1.7 Unauthorised.Plugin's.Setting.Change MEDIUM" "catch-breadcrumb 1.5.7 Unauthenticated.Reflected.XSS MEDIUM" "cp-contact-form-with-paypal 1.3.02 Multiple.XSS MEDIUM" "cp-contact-form-with-paypal 1.1.6 Multiple.Vulnerabilities HIGH" "cloud-manager No.known.fix Reflected.XSS CRITICAL" "contact-form-integrated-with-google-maps 2.5 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "crypto-converter-widget 1.9.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "crypto-converter-widget 1.8.4 Contributor+.Stored.XSS MEDIUM" "currency-converter-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "church-admin 4.4.7 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "church-admin 4.4.5 Missing.Authorization MEDIUM" "church-admin 4.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "church-admin 4.4.0 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "church-admin 4.2.0 Cross-Site.Request.Forgery MEDIUM" "church-admin 4.0.28 Cross-Site.Request.Forgery MEDIUM" "church-admin 4.1.7 Missing.Authorization MEDIUM" "church-admin 4.1.6 .Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "church-admin 4.1.8 Cross-Site.Request.Forgery MEDIUM" "church-admin 4.1.19 Missing.Authorization MEDIUM" "church-admin 4.0.28 Authenticated.(Contributor+).SQL.Injection HIGH" "church-admin 4.0.27 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "church-admin 4.1.18 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.meta-text MEDIUM" "church-admin 3.8.0 Server-Side.Request.Forgery.(SSRF) MEDIUM" "church-admin 3.7.6 Reflected.XSS HIGH" "church-admin 3.7.30 Reflected.XSS HIGH" "church-admin 3.4.135 Unauthenticated.Plugin's.Backup.Disclosure HIGH" "church-admin 1.2550 CSRF HIGH" "contact-form-to-db 1.7.3 Authenticated.(Author+).SQL.Injection CRITICAL" "contact-form-to-db 1.7.2 Improper.Neutralization.of.Special.Elements.used.in.an.SQL.Command.('SQL.Injection') MEDIUM" "cart66-lite 1.5.5 XSS MEDIUM" "creative-addons-for-elementor 1.6.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "crm-memberships No.known.fix Admin+.Stored.XSS LOW" "cf7-styler 1.6.5 Missing.Authorization.via.Several.AJAX.Action MEDIUM" "cf7-styler 1.5.4 Reflected.Cross-Site.Scripting MEDIUM" "cf7-styler 1.4.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "custom-facebook-feed 4.2.2 Facebook.Token.Reset/Update.via.CSRF MEDIUM" "custom-facebook-feed 4.1.6 Contributor+.Stored.XSS MEDIUM" "custom-facebook-feed 4.1.1 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "custom-facebook-feed 4.0.1 Subscriber+.Arbitrary.Plugin.Settings.Update.to.Stored.XSS HIGH" "custom-facebook-feed 2.19.2 Unauthenticated.Stored.XSS CRITICAL" "custom-facebook-feed 2.19.2 Reflected.Cross-Site.Scripting MEDIUM" "contact-forms-anti-spam 2.1.3 Advanced.Spam.protection.<.2.1.3.-.Admin+.Stored.XSS LOW" "contact-forms-anti-spam 0.10.7 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "contact-forms-anti-spam 0.10.4 IP.Validation.Bypass MEDIUM" "contact-forms-anti-spam 0.9.3 Unauthenticated.Stored.Cross-Site.Scripting.via.efas_add_to_log MEDIUM" "contact-forms-anti-spam 0.7.9 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "companion-sitemap-generator 4.5.3 Reflected.XSS HIGH" "companion-sitemap-generator 4.5.3 Contributor+.Stored.XSS MEDIUM" "companion-sitemap-generator 3.7.0 CSRF HIGH" "chameleon-css No.known.fix Subscriber+.SQL.Injection CRITICAL" "calendar-plugin No.known.fix Reflected.Cross-Site.Scripting HIGH" "code-snippets 3.6.0 Arbitrary.settings.change.via.CSRF MEDIUM" "code-snippets 2.14.4 Reflected.Cross-Site.Scripting MEDIUM" "code-snippets 2.14.3 Reflected.Cross-Site.Scripting HIGH" "code-snippets 2.14.0 CSRF.to.RCE HIGH" "captain-slider No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "contact-form-by-supsystic 1.7.28 CSRF MEDIUM" "contact-form-by-supsystic 1.7.25 CSRF MEDIUM" "contact-form-by-supsystic 1.7.20 Admin+.Stored.Cross-Site.Scripting LOW" "contact-form-by-supsystic 1.7.15 Reflected.Cross-Site.scripting.(XSS) HIGH" "contact-form-by-supsystic 1.7.11 Authenticated.SQL.Injections CRITICAL" "contact-form-by-supsystic 1.7.7 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "coming-soon-blocks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "coming-soon-blocks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cssable-countdown No.known.fix Admin+.Stored.XSS LOW" "copy-or-move-comments No.known.fix Reflected.XSS HIGH" "copy-or-move-comments No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "codoc 0.9.52 Reflected.Cross-Site.Scripting MEDIUM" "content-staging No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "controlled-admin-access 1.5.6 Improper.Access.Control.to.Privilege.Escalation HIGH" "controlled-admin-access 1.5.2 Improper.Access.Control.&.Privilege.Escalation HIGH" "custom-post-type-ui 1.13.5 Debug.Info.Sending.via.CSRF LOW" "content-cards No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "content-cards 0.9.7 Cross-Site.Scripting.(XSS) MEDIUM" "commenting-feature 3.2 Reflected.Cross-Site.Scripting MEDIUM" "commenting-feature 2.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "captcha-them-all 1.4 Admin+.Stored.XSS LOW" "compare-affiliated-products No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "compare-affiliated-products No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "conditional-shipping-for-woocommerce 2.3.2 Ruleset.Toggle.via.CSRF MEDIUM" "content-blocks-builder 2.3.17 Reflected.Cross-Site.Scripting MEDIUM" "copymatic 2.0 Missing.Authorization MEDIUM" "copymatic 1.7 Unauthenticated.Arbitrary.File.Upload CRITICAL" "change-wp-admin-login 1.1.4 Secret.Login.Page.Disclosure MEDIUM" "change-wp-admin-login 1.1.0 Unauthenticated.Arbitrary.Settings.Update MEDIUM" "collect-and-deliver-interface-for-woocommerce 5.1.9 Reflected.Cross-Site-Scripting MEDIUM" "calderawp-license-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "canva No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cyr3lat 3.7 Editor+.SQL.Injection MEDIUM" "cf7-multi-step 2.7.8 Unauthenticated.SQL.Injection HIGH" "clerkio 4.0.0 Authentication.Bypass.and.API.Keys.Disclosure LOW" "contact-form-7-dynamic-text-extension 4.2.0 Insecure.Direct.Object.Reference MEDIUM" "custom-post-type-relations No.known.fix Reflected.Cross-Site.Scripting HIGH" "cimy-header-image-rotator No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "contact-form-7-designer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "correosoficial No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "comments-from-facebook 2.5.0 Admin+.Stored.Cross-Site.Scripting LOW" "css-js-files 1.5.1 Authenticated.(Admin+).Arbitrary.File.Read MEDIUM" "clean-contact No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "contact-form-7-newsletter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "chat-bee No.known.fix Admin+.Stored.XSS LOW" "connect-daily-web-calendar 1.4.5 Multiple.Reflected.XSS HIGH" "clockwork-two-factor-authentication 1.1.0 Cross-Site.Scripting.(XSS) MEDIUM" "cp-polls 1.0.75 Reflected.Cross-Site.Scripting MEDIUM" "cp-polls 1.0.77 Admin+.Stored.XSS.via.Custom.Styles LOW" "cp-polls 1.0.77 Admin+.Stored.Cross-Site.Scripting LOW" "cp-polls 1.0.72 Unauthenticated.Content.Injection MEDIUM" "cp-polls 1.0.72 Unauthenticated.Poll.Limit.Bypass MEDIUM" "cp-polls 1.0.9 Multiple.XSS.Vulnerabilities MEDIUM" "cp-polls 1.0.9 Multiple.CSRF.Vulnerabilities MEDIUM" "custom-css-pro 1.0.4 CSRF.&.XSS HIGH" "cp-simple-newsletter No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cp-simple-newsletter No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "conversador No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "checkout-fees-for-woocommerce 2.12.2 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "content-control 2.2.0 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "content-control 1.1.10 Contributor+.Stored.XSS MEDIUM" "capability-manager-enhanced 2.5.2 Admin+.PHP.Objection.Injection MEDIUM" "capability-manager-enhanced 2.3.3 Reflected.Cross-Site.Scripting MEDIUM" "capability-manager-enhanced 2.3.1 Unauthenticated.Arbitrary.Options.Update.to.Blog.Compromise CRITICAL" "cars-seller-auto-classifieds-script No.known.fix Auto.Classifieds.Script.<=.2.1.0.-.Unauthenticated.SQL.Injection CRITICAL" "countdown-wpdevart-extended No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.plugin.settings MEDIUM" "countdown-wpdevart-extended 1.5.8 CSRF.to.Stored.Cross-Site.Scripting HIGH" "curtain No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "curtain 1.0.2 Unauthenticated.Maintenance.Mode.Switch HIGH" "carts-guru 1.4.6 Unauthenticated.Object.Injection CRITICAL" "click-datos-lopd No.known.fix Reflected.XSS HIGH" "coupon-referral-program No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "coupon-referral-program No.known.fix Sensitive.Information.Disclosure MEDIUM" "convert-classic-editor-to-blocks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "convert-classic-editor-to-blocks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "custom-css-js-php No.known.fix CSRF.Bypass.in.Multiple.Plugins MEDIUM" "custom-css-js-php No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "contact-form-7-sms-addon 2.4.0 Cross-Site.Scripting.(XSS) MEDIUM" "cool-tag-cloud 2.26 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "custom-codes 2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "catalog No.known.fix Admin+.SQL.Injection MEDIUM" "custom-login-redirect No.known.fix CSRF.to.Stored.XSS HIGH" "cits-support-svg-webp-media-upload 3.0 Author+.Stored.XSS.via.SVG MEDIUM" "chart-builder 2.7.7 Reflected.Cross-Site.Scripting MEDIUM" "chart-builder 2.0.7 Authenticated(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "chart-builder 1.9.7 Admin+.Stored.XSS LOW" "custom-searchable-data-entry-system No.known.fix Unauthenticated.Data.Modification.and.Deletion CRITICAL" "countdown-for-the-events-calendar 1.4 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "content-protector 4.2.6.5 Contributor+.Stored.XSS.via.content_protector.Shortcode MEDIUM" "content-protector 4.2.6.3 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "content-protector 4.2.2 Reflected.Cross-Site.Scripting MEDIUM" "content-protector 3.5.5.8 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "content-protector 3.5.5.9 Protection.Bypass.&.Arbitrary.Post.Access HIGH" "content-protector 3.5.5.5.2 Insecure.Storage.of.Password MEDIUM" "content-protector 3.5.5.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "crisp 0.45 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "crisp 0.32 CSRF.to.Stored.Cross-Site.Scripting HIGH" "complianz-gdpr-premium 6.4.2 GDPR/CCPA.Cookie.Consent.<.6.4.2.-.Contributor+.Stored.XSS MEDIUM" "complianz-gdpr-premium 6.3.6 Translator.SQLi MEDIUM" "coming-soon-master 1.1 Reflected.Cross-Site.Scripting MEDIUM" "colorway No.known.fix Cross-Site.Request.Forgery MEDIUM" "custom-post-type-list-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "custom-permalinks 2.7.0 Authenticated(Editor+).Stored.Cross-Site.Scripting MEDIUM" "cloud-sso-single-sign-on 1.0.14 Reflected.Cross-Site.Scripting MEDIUM" "canvasio3d-light No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "canvasio3d-light No.known.fix Subscriber+.Entries.Update/Deletion MEDIUM" "canvasio3d-light No.known.fix Reflected.XSS HIGH" "calendarista-basic-edition 3.0.3 Cross-Site.Request.Forgery MEDIUM" "calendarista-basic-edition 3.0.6 Missing.Authorization MEDIUM" "calendarista-basic-edition 3.0.3 Unauthenticated.Cross-Site.Scripting MEDIUM" "capabilities-pro 2.5.2 Admin+.PHP.Objection.Injection MEDIUM" "capabilities-pro 2.3.1 Unauthenticated.Arbitrary.Options.Update.to.Blog.Compromise CRITICAL" "ctt-expresso-para-woocommerce 3.2.13 Information.Exposure.via.Unprotected.Directory MEDIUM" "ctt-expresso-para-woocommerce 3.2.13 Admin+.Stored.XSS LOW" "ctt-expresso-para-woocommerce 3.2.12 Admin+.Stored.XSS LOW" "cf7-infusionsoft 1.1.4 Reflected.Cross-Site.Scripting HIGH" "categories-gallery No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "classic-addons-wpbakery-page-builder-addons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "category-page-icons No.known.fix Arbitrary.File.Upload/Deletion.via.Path.Traversal CRITICAL" "customify-sites No.known.fix Unauthenticated.Remote.Code.Execution CRITICAL" "cwicly 1.4.0.3 Authenticated.(Contributor+).Remote.Code.Execution HIGH" "cp-blocks 1.0.21 CSRF MEDIUM" "cp-blocks 1.0.15 Admin+.Stored.Cross-Site.Scripting LOW" "comment-license 1.4.0 Arbitrary.Settings.Update.via.CSRF MEDIUM" "cforms2 15.0.7 Unauthenticated.Stored.XSS HIGH" "cforms2 15.0.7 Admin+.Stored.XSS LOW" "cforms2 15.0.5 Settings.Update.via.CSRF MEDIUM" "cforms2 15.0.2 Unauthenticated.HTML.Injection.&.CSRF HIGH" "cforms2 14.13.3 Multiple.XSS MEDIUM" "cforms2 14.13 SQL.Injection CRITICAL" "cforms2 14.6.10 SQL.Injection CRITICAL" "cf-geoplugin 8.7.4 Missing.Authorization.to.Authenticated.(Subscriber+).Menu.Creation/Deletion MEDIUM" "cf-geoplugin 8.7.0 Missing.Authorization.to.Unauthenticated.Shortcode.Execution MEDIUM" "cf-geoplugin 8.6.5 PHP.Object.Injection CRITICAL" "cf-geoplugin 8.6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cf-geoplugin 8.5.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "cf-geoplugin 7.13.12 Reflected.Cross-Site.Scripting HIGH" "custom-field-template 2.6.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-field-template 2.6.2 Authenticated(Constibutor+).Stored.Cross-Site.Scripting.via.Custom.Field.Name MEDIUM" "custom-field-template 2.6.2 Authenticated.(Admin+).Stored.Cross-Site.Scritping MEDIUM" "custom-field-template 2.6.2 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "custom-field-template 2.6.2 Authenticated(Contributor+).Information.Exposure MEDIUM" "custom-field-template 2.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.$search_label MEDIUM" "custom-field-template 2.6 Reflected.Cross-Site.Scripting HIGH" "custom-field-template 2.5.9 Cross-Site.Request.Forgery MEDIUM" "custom-field-template 2.5.8 Admin+.PHP.Object.Injection LOW" "custom-field-template 2.5.2 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "custom-field-template 2.5.2 Cross-Site.Request.Forgery MEDIUM" "calendar-booking No.known.fix Missing.Authorization.to.Unauthenticated.Service.Disconnection MEDIUM" "calendar-booking No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cookie-consent-box 1.1.7 Admin+.Stored.XSS LOW" "csv2wpec-coupon No.known.fix Unauthenticated.Remote.File.Upload HIGH" "cafe-lite 2.2.1 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "cafe-lite 2.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.CAFE.Widgets MEDIUM" "cafe-lite 2.1.0 Contributor+.Stored.XSS MEDIUM" "chopslider No.known.fix Unauthenticated.Blind.SQL.Injection CRITICAL" "cf7-zoho 1.2.4 Admin+.SQLi MEDIUM" "cf7-zoho 1.2.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "cf7-zoho 1.1.9 Reflected.Cross-Site.Scripting HIGH" "cf7-zoho 1.1.8 Reflected.Cross-Site.Scripting HIGH" "core-control No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "cms-commander-client 2.288 Unauthenticated.Authorisation.Bypass HIGH" "chp-ads-block-detector 3.9.8 Plugin.Settings.Update.via.CSRF MEDIUM" "chp-ads-block-detector 3.9.8 Subscriber+.Stored.Cross-Site.Scripting HIGH" "chp-ads-block-detector 3.9.8 Subscriber+.Plugin.Settings.Update MEDIUM" "coupon-creator 3.1.1 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "coupon-creator 3.1.1 Arbitrary.Settings.Update.via.CSRF MEDIUM" "captcha-bank No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cf7-recaptcha-mine 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "cowidgets-elementor-addons 1.2.0 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "cowidgets-elementor-addons 1.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.heading_tag.Parameter MEDIUM" "coblocks 3.1.13 Editor+.Stored.XSS LOW" "coblocks 3.1.12 Contributor+.SSRF LOW" "coblocks 3.1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Social.Profiles MEDIUM" "coblocks 3.1.7 Contributor+.Stored.XSS MEDIUM" "coblocks 3.1.7 Contributor+.Stored.XSS MEDIUM" "cc-bcc-for-woocommerce-order-emails No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "contractor-contact-form-website-to-workflow-tool 4.1.0 Reflected.XSS HIGH" "corner-ad 1.0.57 Ads.Deletion.via.CSRF MEDIUM" "corner-ad 1.0.8 Admin+.Stored.XSS LOW" "cpt-speakers No.known.fix Speakers.<=.1.1.-.Admin+.Stored.XSS LOW" "conference-scheduler 2.4.3 Reflected.Cross-Site.Scripting MEDIUM" "cms-press No.known.fix Admin+.Stored.XSS LOW" "compact-wp-audio-player 1.9.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.fileurl MEDIUM" "compact-wp-audio-player 1.9.8 Contributor+.Stored.XSS MEDIUM" "compact-wp-audio-player 1.9.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "compact-wp-audio-player 1.9.7 Setting.Change.via.CSRF MEDIUM" "cf7-google-sheets-connector 5.0.10 Missing.Authorization.to.Limited.Site.Configuration.Update MEDIUM" "cf7-google-sheets-connector 5.0.6 Unauthenticated.Sensitive.Information.Exposure.via.Debug.Log HIGH" "cf7-google-sheets-connector 5.0.2 Reflected.XSS HIGH" "content-mask 1.8.4.1 Subscriber+.Arbitrary.Options.Update HIGH" "contact-form-7-campaign-monitor-extension No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.File.Deletion CRITICAL" "catch-sticky-menu 1.7 Unauthorised.Plugin's.Setting.Change MEDIUM" "cf7-active-campaign 1.0.4 Reflected.Cross-Site.Scripting HIGH" "custom-simple-rss 2.0.7 CSRF MEDIUM" "card-elements-for-elementor 1.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cartpops 1.4.28 Reflected.Cross-Site.Scripting MEDIUM" "cartpops 1.4.17 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cz-loan-management No.known.fix Unauthenticated.SQLi HIGH" "craw-data No.known.fix Server.Side.Request.Forgery MEDIUM" "co-authors-plus 3.5.2 Guest.Authors.Email.Address.Disclosure MEDIUM" "contact-form-7-multi-step-addon 1.0.7 Injected.Backdoor CRITICAL" "custom-user-guide 1.1.1 Reflected.Cross-Site.Scripting MEDIUM" "custom-user-guide 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "carousel-slider 2.0.0 Cross-Site.Request.Forgery MEDIUM" "carousel-slider 2.2.4 Cross-Site.Request.Forgery MEDIUM" "carousel-slider 2.2.4 Editor+.Stored.XSS LOW" "carousel-slider 2.2.11 Editor+.Stored.XSS LOW" "carousel-slider 2.2.10 Editor+.Stored.XSS MEDIUM" "carousel-slider 2.2.7 Editor+.Stored.XSS LOW" "carousel-slider 2.2.3 Missing.Authorization MEDIUM" "coming-soon-by-supsystic 1.7.11 Cross-Site.Request.Forgery MEDIUM" "coming-soon-by-supsystic 1.7.6 Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7-datepicker No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "content-views-query-and-display-post-page 3.7.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.pagingType.Parameter MEDIUM" "content-views-query-and-display-post-page 3.7.1 Contributor+.Stored.Cross-Site.Scripting.via.Widget.Post.Overlay MEDIUM" "content-views-query-and-display-post-page 3.6.3 Admin+.Stored.XSS MEDIUM" "classic-editor-and-classic-widgets 1.4.2 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "classic-editor-and-classic-widgets 1.2.6 Settings.Update.via.CSRF MEDIUM" "captcha-bws 5.2.1 Captcha.Bypass MEDIUM" "custom-post-type-page-template No.known.fix Cross-Site.Request.Forgery MEDIUM" "custom-post-widget 3.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-post-widget 3.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.content_block.Shortcode MEDIUM" "custom-post-widget 3.3.1 Authenticated.(Contributor+).Local.File.Inclusion.via.Shortcode HIGH" "custom-post-widget 3.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cool-facebook-page-feed-timeline No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "corona-virus-covid-19-banner No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "corona-virus-covid-19-banner 1.8.0 CSRF MEDIUM" "cookiemonster No.known.fix Admin+.Stored.XSS LOW" "css-javascript-toolbox 11.9 Contributor+.Stored.XSS MEDIUM" "clickervolt No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "conditional-extra-fees-for-woocommerce 1.0.97 Admin+.Stored.XSS MEDIUM" "cookiebot 3.6.1 CSRF.&.XSS LOW" "cww-companion 1.2.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-page-templates-by-vegacorp 1.1.14 Reflected.Cross-Site.Scripting MEDIUM" "custom-page-templates-by-vegacorp 1.1.13 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "card-oracle 1.1.6 Reflected.Cross-Site.Scripting MEDIUM" "card-oracle 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "catch-web-tools 2.7.1 Subscriber+.Arbitrary.Catch.IDs.Activation/Deactivation MEDIUM" "catch-web-tools 2.7 Unauthorised.Plugin's.Setting.Change MEDIUM" "commenttweets No.known.fix Settings.Update.via.CSRF MEDIUM" "catch-instagram-feed-gallery-widget 2.3 Unauthorised.Plugin's.Setting.Change MEDIUM" "custom-post-types 5.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-post-types 5.0.0 Admin+.Stored.Cross-Site.Scripting MEDIUM" "custom-post-types 5.0.3 Admin+.Stored.XSS LOW" "comment-images-reloaded No.known.fix Authenticated.(Subscriber+).Arbitrary.Media.Deletion MEDIUM" "custom-layouts 1.4.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cp-multi-view-calendar 1.4.07 Unauthenticated.Arbitrary.Event.Deletion MEDIUM" "cp-multi-view-calendar 1.4.07 Unauthenticated.Arbitrary.Event.Creation.to.Stored.XSS HIGH" "cp-multi-view-calendar 1.4.01 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "coru-lfmember No.known.fix Arbitrary.Game.Deletion/Activation.via.CSRF MEDIUM" "coru-lfmember No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "checkbox 0.8.4 Reflected.Cross-Site.Scripting MEDIUM" "checkbox 0.8.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "clearfy 2.2.5 Missing.Authorization MEDIUM" "clearfy No.known.fix Cross-Site.Request.Forgery MEDIUM" "clearfy 2.0.5 Reflected.Cross-Site.Scripting MEDIUM" "carousels-slider-for-divi No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cf7-zendesk 1.0.8 Reflected.Cross-Site.Scripting HIGH" "countdown-block 1.1.2 Missing.Authorisation.in.AJAX.action MEDIUM" "cooked-pro 1.8.0 Cross-Site.Request.Forgery.to.Template.Apply MEDIUM" "cooked-pro 1.8.0 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "cooked-pro 1.8.0 Cross-Site.Request.Forgery.to.Template.Reset MEDIUM" "cooked-pro 1.8.0 Authenticated.(Contributor+).HTML.Injection MEDIUM" "cooked-pro 1.8.0 Cross-Site.Request.Forgery.via.cooked_get_recipe_ids MEDIUM" "cooked-pro 1.7.5.7 Unauthenticated.PHP.Object.Injection HIGH" "cooked-pro 1.7.5.6 Unauthenticated.Reflected.Cross.Site.Scripting.(XSS) MEDIUM" "correos-express No.known.fix Sensitive.Information.Disclosure HIGH" "custom-field-finder 0.4 Authenticated.(Author+).PHP.Object.Injection HIGH" "custom-scroll-bar-designer No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "classified-listing-store 1.4.20 Reflected.Cross-Site.Scripting MEDIUM" "cosmetsy-core No.known.fix Reflected.Cross-Site.Scripting HIGH" "contact-form-plugin 4.2.9 Reflected.Cross-Site.Scripting.via.cntctfrm_contact_address MEDIUM" "contact-form-plugin 4.2.9 Reflected.Cross-Site.Scripting.via.cntctfrm_contact_subject MEDIUM" "contact-form-plugin 4.0.6 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "contact-form-plugin 4.0.2 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "contact-form-plugin 3.96 XSS MEDIUM" "contact-form-plugin 3.82 Unauthorized.Language.Manipulation MEDIUM" "contact-form-plugin 3.82 contact_form.php.cntctfrm_contact_email.Parameter.XSS MEDIUM" "card-games No.known.fix CSRF.Bypass NONE" "caxton No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "caxton 1.30.1 Reflected.Cross-Site.Scripting MEDIUM" "caxton 1.30.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "clictracker No.known.fix Admin+.Stored.XSS LOW" "content-grabber No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "cf7-salesforce 1.4.0 Cross-Site.Request.Forgery MEDIUM" "cf7-salesforce 1.2.6 Reflected.Cross-Site.Scripting HIGH" "cryptocurrency-widgets-for-elementor 1.3 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "cart-rest-api-for-woocommerce 3.12.0 Missing.Authorization MEDIUM" "chartjs No.known.fix Editor+.Stored.Cross-Site.Scripting.in.New.Chart LOW" "chartjs No.known.fix Editor+.Stored.Cross-Site.Scripting LOW" "clickfunnels No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "clickfunnels No.known.fix Settings.Update.via.CSRF MEDIUM" "cgc-maintenance-mode No.known.fix Sensitive.Information.Exposure MEDIUM" "cgc-maintenance-mode No.known.fix IP.Spoofing MEDIUM" "conditional-logic-for-woo-product-add-ons 1.2.1 Reflected.Cross-Site.Scripting MEDIUM" "cmp-coming-soon-maintenance 4.1.11 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "cmp-coming-soon-maintenance 4.1.8 Maintenance.Mode.Bypass MEDIUM" "cmp-coming-soon-maintenance 4.1.7 Unauthenticated.Post/Page.Access.in.Maintenance.Mode MEDIUM" "cmp-coming-soon-maintenance 4.0.19 Unauthenticated.Arbitrary.CSS.Update HIGH" "cmp-coming-soon-maintenance 3.8.2 Coming.Soon.&.Maintenance.<.3.8.2.-.Improper.Access.Controls.on.AJAX.Calls HIGH" "crony No.known.fix Cross-Site.Request.Forgery MEDIUM" "crony 0.4.7 Cross-Site.Scripting.(XSS).&.CSRF HIGH" "chat-bubble No.known.fix Admin+.Stored.XSS LOW" "chat-bubble No.known.fix Settings.Update.via.CSRF MEDIUM" "chat-bubble 2.3 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "checkfront-wp-booking 3.7 Settings.Update.via.CSRF MEDIUM" "cross-linker No.known.fix Arbitrary.Cross-Link.Creation.via.CSRF MEDIUM" "contact-form-cfdb7 1.2.7 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "contact-form-cfdb7 1.2.6.5 CSV.Injection LOW" "contact-form-cfdb7 1.2.6.2 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "contact-form-cfdb7 1.2.6.1 Arbitrary.Form.Deletion..via.CSRF MEDIUM" "contact-form-cfdb7 1.2.5.6 CSV.Injection MEDIUM" "contact-form-cfdb7 1.2.5.4 Authenticated.SQL.Injections CRITICAL" "codestyling-localization No.known.fix Multiple.CSRF HIGH" "comment-form 1.2.1 Admin+.Authenticated.Stored.XSS LOW" "cryptocurrency-pricing-list No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "chatpressai 1.0.1 Reflected.Cross-Site.Scripting MEDIUM" "cardoza-facebook-like-box 4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "comments-ratings No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "comments-ratings No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "comments-ratings 1.1.7 Cross-Site.Request.Forgery MEDIUM" "comment-highlighter No.known.fix Authenticated.SQL.Injection MEDIUM" "confetti-fall-animation No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "confetti-fall-animation No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.confetti-fall-animation.Shortcode MEDIUM" "copyrightpro No.known.fix Settings.Update.via.CSRF MEDIUM" "custom-dash No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "cms-tree-page-view 1.6.8 Reflected.XSS HIGH" "cm-answers 3.2.0 Admin+.Stored.XSS LOW" "cherry-plugin 1.2.7 Unauthenticated.Arbitrary.File.Upload.and.Download CRITICAL" "custom-my-account-for-woocommerce No.known.fix Stored.XSS.via.CSRF HIGH" "cryptocurrency No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cryptocurrency No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cryptocurrency No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "custom-dashboard-widgets No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting.via.cdw_DashboardWidgets HIGH" "chauffeur-booking-system 7.0 Authentication.Bypass CRITICAL" "chauffeur-booking-system 7.3 Unauthenticated.Arbitrary.File.Upload CRITICAL" "custom-share-buttons-with-floating-sidebar 4.2 Admin+.Stored.XSS LOW" "crm-customer-relationship-management-by-vcita No.known.fix Settings.Update.Via.CSRF MEDIUM" "crm-customer-relationship-management-by-vcita 2.7.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "custom-base-terms 1.0.3 Admin+.Stored.XSS LOW" "custom-field-bulk-editor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ceceppa-multilingua No.known.fix Authenticated.Reflected.Cross-Site.Scripting CRITICAL" "carousel-anything No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "conversational-forms 1.3.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "conversational-forms 1.2.0 Unauthenticated.Arbitrary.File.Download HIGH" "conversational-forms 1.17 Admin+.Stored.XSS LOW" "chilexpress-oficial No.known.fix Reflected.XSS HIGH" "custom-content-shortcode No.known.fix Contributor+.LFI CRITICAL" "custom-content-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "custom-content-shortcode 4.0.2 Authenticated.Arbitrary.File.Access./.LFI HIGH" "custom-content-shortcode 4.0.2 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "custom-content-shortcode 4.0.1 Unauthorised.Arbitrary.Post.Metadata.Access MEDIUM" "contact-form-builder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "contact-form-builder 1.0.69 CSRF.to.LFI HIGH" "custom-404-pro 3.11.2 Reflected.Cross-Site.Scripting MEDIUM" "custom-404-pro 3.10.1 Unauthenticated.Stored.Cross-Site.Scripting.via.logging HIGH" "custom-404-pro 3.8.1 Multiple.SQL.Injection HIGH" "custom-404-pro 3.8.2 Reflected.XSS HIGH" "custom-404-pro 3.7.3 Reflected.Cross-Site.Scripting HIGH" "custom-404-pro 3.7.2 Logs.Deletion.via.CSRF MEDIUM" "custom-404-pro 3.7.1 Admin+.SQLi MEDIUM" "custom-404-pro 3.2.8 XSS MEDIUM" "custom-404-pro 3.2.9 Authenticated.Reflected.XSS MEDIUM" "cds-simple-seo 2.0.26 Arbitrary.Settings.Update.via.CSRF MEDIUM" "cds-simple-seo 1.8.13 Sitemap.Creation/Deletion.via.CSRF MEDIUM" "cds-simple-seo 1.8.13 Subscriber+.Sitemap.Creation/Deletion MEDIUM" "cds-simple-seo 1.7.92 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "client-portal-suitedash-login 1.8.0 Admin+.Stored.XSS LOW" "contact-list 2.9.88 Missing.Authorization.to.Notice.Dismissal MEDIUM" "contact-list 2.9.72 Reflected.Cross-Site.Scripting MEDIUM" "contact-list 2.9.50 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "contact-list 2.9.42 Reflected.Cross-Site.Scripting HIGH" "consulting-elementor-widgets 1.3.1 Authenticated.(Contributor+).SQL.Injection CRITICAL" "consulting-elementor-widgets 1.3.1 Unauthenticated.Local.File.Inclusion CRITICAL" "consulting-elementor-widgets 1.3.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "consulting-elementor-widgets 1.3.1 Authenticated.(Contributor+).Remote.Code.Execution HIGH" "comment-link-remove 2.1.6 Arbitrary.Comment.Deletion.via.CSRF MEDIUM" "custom-product-builder-for-woocommerce 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "church-theme-content 2.6.1 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "cookie-notice No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "cookie-notice 2.4.7 Contributor+.Stored.XSS MEDIUM" "cookie-notice 2.4.7 Contributor+.XSS MEDIUM" "cookie-notice 2.1.2 Admin+.Stored.Cross-Site.Scripting LOW" "create-block-theme 1.2.2 Unauthenticated.Arbitrary.File.Upload CRITICAL" "cluevo-lms 1.11.0 Settings.Update.via.CSRF MEDIUM" "cluevo-lms 1.8.1 Admin+.Stored.Cross.Site.Scripting LOW" "companion-auto-update 3.3.6 Authenticated.SQL.Injection CRITICAL" "codepen-embedded-pen-shortcode 1.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "csv-importer 0.3.9 Cross-Site.Request.Forgery MEDIUM" "caret-country-access-limit 1.0.3 Arbitrary.Settings.Update.via.CSRF MEDIUM" "custom-product-type-for-woocommerce 1.2.3 Reflected.Cross-Site.Scripting MEDIUM" "custom-product-type-for-woocommerce 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "codepile No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "codepile 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cmyee-momentopress 1.0.2 Contributor+.Stored.XSS MEDIUM" "custom-fields-search 1.3.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "custom-twitter-feeds 2.2.3 Admin+.Stored.XSS LOW" "custom-twitter-feeds 2.2.2 Cross-Site.Request.Forgery.to.Plugin.Options.Update MEDIUM" "custom-twitter-feeds 2.2 Cross-Site.Request.Forgery MEDIUM" "custom-twitter-feeds 2.0 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "custom-twitter-feeds 1.8.2 Reflected.Cross-Site.Scripting MEDIUM" "category-posts 4.9.17 Admin+.Stored.XSS LOW" "custom-more-link-complete No.known.fix Admin+.Stored.XSS LOW" "cart-weight-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cart-weight-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cookie-notice-consent 1.6.1 Admin+.Stored.XSS LOW" "christmas-greetings No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "catch-ids 2.4 Unauthorised.Plugin's.Setting.Change MEDIUM" "charity-addon-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "creative-image-slider 2.5.0 Reflected.Cross-Site.Scripting MEDIUM" "chronoforms No.known.fix CSRF MEDIUM" "catalyst-connect-client-portal 2.1.0 Admin+.Stored.XSS LOW" "catalyst-connect-client-portal 2.1.0 Reflected.XSS HIGH" "cpt-shortcode No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "cpt-shortcode No.known.fix Admin+.Stored.XSS LOW" "catch-infinite-scroll 1.9 Unauthorised.Plugin's.Setting.Change MEDIUM" "contact-form-7-skins 2.1.1 Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7-skins 2.5.1 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "codecolorer 0.10.1 CodeColorer.<.0,10,1.–.Admin+.Stored.Cross-Site.Scripting LOW" "counter-box 1.2.4 Counter.Deletion.via.CSRF MEDIUM" "counter-box 1.2.2 Reflected.XSS MEDIUM" "counter-box 1.2.1 Arbitrary.Counter.Activation/Deactivation.via.CSRF MEDIUM" "counter-box 1.2 Admin+.LFI MEDIUM" "cm-pop-up-banners 1.7.3 Contributor+.Stored.XSS MEDIUM" "cm-pop-up-banners 1.6.6 Contributor+.Stored.XSS MEDIUM" "commerce-coinbase-for-woocommerce 1.5.0 Reflected.Cross-Site.Scripting MEDIUM" "commerce-coinbase-for-woocommerce 1.4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "contextual-related-posts 3.3.1 Contributor+.Stored.XSS MEDIUM" "contextual-related-posts 2.9.4 CSRF.Nonce.Validation.Bypass MEDIUM" "contextual-related-posts 1.8.7 Cross-Site.Request.Forgery MEDIUM" "contextual-related-posts 1.8.10.2 Multiple.Parameter.SQL.Injection HIGH" "css-hero 4.07 Authenticated.Reflected.XSS MEDIUM" "cp-image-gallery No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cp-image-gallery No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "calculated-fields-form 1.2.55 Reflected.Cross-Site.Scripting MEDIUM" "calculated-fields-form 5.1.57 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "calculated-fields-form 1.2.53 Contributor+.Stored.XSS MEDIUM" "calculated-fields-form 1.2.29 Contributor+.Open.Redirect MEDIUM" "calculated-fields-form 1.2.41 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "calculated-fields-form 1.1.151 Admin+.Stored.Cross-Site.Scripting.via.Dropdown.Fields LOW" "calculated-fields-form 1.0.354 Authenticated.Stored.XSS MEDIUM" "contact-form-7 5.9.5 Unauthenticated.Open.Redirect MEDIUM" "contact-form-7 5.9.2 Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7 5.8.4 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "contact-form-7 5.3.2 Unrestricted.File.Upload HIGH" "contact-form-7 5.0.4 register_post_type().Privilege.Escalation CRITICAL" "custom-post-limits No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "classima-core 1.10 Reflected.Cross-Site.Scripting MEDIUM" "collage-for-divi No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "collage-for-divi 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cf7-hubspot 1.3.2 Cross-Site.Request.Forgery MEDIUM" "cf7-hubspot 1.2.0 Reflected.Cross-Site.Scripting HIGH" "conditional-payments-for-woocommerce 2.3.2 Plugin.RuleSets.Activation/Deactivation.via.CSRF MEDIUM" "captcha 4.4.5 Backdoored MEDIUM" "conditional-payment-methods-for-woocommerce No.known.fix Admin+.SQLi MEDIUM" "clean-login 1.14.6 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "clean-login 1.13.7 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "clean-login 1.12.6.4 Reflected.Cross-Site.Scripting MEDIUM" "clean-login 1.8 Change.Redirect.URL.CSRF MEDIUM" "clean-login 1.5.1 Reflected.XSS MEDIUM" "catch-scroll-progress-bar 1.6 Unauthorised.Plugin's.Setting.Change MEDIUM" "captcha-for-contact-form-7 1.11.4 Captcha.Bypass MEDIUM" "custom-landing-pages-leadmagic No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "custom-order-statuses-woocommerce 2.4.0 Cross-Site.Request.Forgery MEDIUM" "contact-widgets-for-elementor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "contact-widgets-for-elementor 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "change-table-prefix No.known.fix Cross-Site.Request.Forgery.via.change_prefix_form HIGH" "call-now-button 1.4.7 Admin+.Stored.XSS LOW" "call-now-button 1.1.2 Reflected.Cross-Site.Scripting LOW" "ckeditor-for-wordpress 4.5.3.1 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "calendar No.known.fix Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "calendar 1.3.11 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "change-uploaded-file-permissions No.known.fix File.Permission.Update.via.CSRF MEDIUM" "cyklodev-wp-notify 1.3.0 Admin+.Stored.XSS LOW" "cubewp-framework 1.1.13 Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "culture-object 4.1.1 Admin+.Stored.Cross-Site.Scripting LOW" "css-js-manager 2.4.49.1 Multiple.CSRF MEDIUM" "currency-per-product-for-woocommerce 1.7.0 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "content-warning-v2 4.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "creative-mail-by-constant-contact 1.6.0 Settings.Reset.via.CSRF MEDIUM" "creative-mail-by-constant-contact 1.6.0 Multiple.CSRF MEDIUM" "creative-mail-by-constant-contact 1.6.0 CSRF MEDIUM" "classified-listing 3.1.8 Missing.Authorization MEDIUM" "classified-listing 3.0.11 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Attachment.Deletion MEDIUM" "classified-listing 3.0.5 Cross-Site.Request.Forgery.to.Account.Takeover.via.rtcl_update_user_account HIGH" "classified-listing 3.0.5 Missing.Authorization MEDIUM" "classified-listing 2.4.6 Cross-Site.Request.Forgery MEDIUM" "classified-listing 2.2.14 Reflected.Cross-Site.Scripting MEDIUM" "categorify 1.0.7.5 Cross-Site.Request.Forgery.via.categorifyAjaxRenameCategory MEDIUM" "categorify 1.0.7.5 Cross-Site.Request.Forgery.via.categorifyAjaxAddCategory MEDIUM" "categorify 1.0.7.5 Cross-Site.Request.Forgery.via.categorifyAjaxClearCategory MEDIUM" "categorify 1.0.7.5 Cross-Site.Request.Forgery.via.categorifyAjaxDeleteCategory MEDIUM" "categorify 1.0.7.5 Missing.Authorization.in.categorifyAjaxRenameCategory MEDIUM" "categorify 1.0.7.5 Missing.Authorization.in.categorifyAjaxUpdateFolderPosition MEDIUM" "categorify 1.0.7.5 Cross-Site.Request.Forgery.via.categorifyAjaxUpdateFolderPosition MEDIUM" "categorify 1.0.7.5 Missing.Authorization.in.categorifyAjaxClearCategory MEDIUM" "categorify 1.0.7.5 Missing.Authorization.in.categorifyAjaxDeleteCategory MEDIUM" "categorify 1.0.7.5 Missing.Authorization.in.categorifyAjaxAddCategory MEDIUM" "categorify 1.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "convertful 2.6 Missing.Authorization.via.add_woo_coupon MEDIUM" "content-audit 1.9.2 Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "custom-field-for-wp-job-manager 1.3 .Insecure.Direct.Object.Reference.to.Sensitive.Information.Exposure.via.Shortcode MEDIUM" "custom-field-for-wp-job-manager 1.2 Admin+.Stored.XSS LOW" "custom-field-for-wp-job-manager 1.2 Admin+.Stored.XSS LOW" "devbuddy-twitter-feed No.known.fix Admin+.Stored.XSS LOW" "donate-button 2.1.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "donorbox-donation-form 7.1.7 Admin+.Stored.Cross-Site.Scripting LOW" "delete-old-posts-programmatically 3.4.3 Reflected.Cross-Site.Scripting MEDIUM" "delete-old-posts-programmatically 2.1.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "dropdown-and-scrollable-text 2.1 Reflected.Cross-Site.Scripting MEDIUM" "denk-internet-solutions 6.0.0 Admin+.Stored.XSS LOW" "disable-image-right-click No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "default-thumbnail-plus No.known.fix Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "dsgvo-youtube 1.4.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "device-wrapper 1.1.1 Reflected.Cross-Site.Scripting MEDIUM" "draw-attention 2.0.16 Improper.Access.Control.via.register_cpt MEDIUM" "draw-attention 2.0.12 Subscriber+.Unauthorized.Featured.Image.Modification MEDIUM" "disqus-conditional-load 11.1.2 Admin+.Stored.Cross-Site.Scripting LOW" "drip-feed-content-extended-for-learndash No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "download-from-files No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "dynamic-widgets 1.6 Reflected.Cross-Site.Scripting MEDIUM" "dynamic-widgets 1.5.11 Authenticated.Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "down-as-pdf No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "disable-user-login 1.3.9 User.Login.Toggle.via.CSRF MEDIUM" "double-opt-in-for-download 2.1.0 Authenticated.SQL.Injection CRITICAL" "droip No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Settings.Change MEDIUM" "droip No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "display-post-metadata 1.5.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "dracula-dark-mode 1.0.9 The.Revolutionary.Dark.Mode.Plugin.For.WordPress.<.1.0.9.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "dracula-dark-mode 1.0.1 Reflected.Cross-Site.Scripting MEDIUM" "dologin 3.8 Missing.Authorization.via.REST.Endpoints MEDIUM" "dologin 3.7.1 Subscriber+.IP.Address.leak MEDIUM" "dologin 3.7 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "dologin 3.7 IP.Spoofing MEDIUM" "donations-for-woocommerce 1.1.10 Cross-Site.Request.Forgery MEDIUM" "dropdown-multisite-selector 0.9.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "demomentsomtres-categories No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "demomentsomtres-categories No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "demomentsomtres-categories No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "display-admin-page-on-frontend 1.21.1 Reflected.Cross-Site.Scripting MEDIUM" "display-admin-page-on-frontend 1.17.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "directorist 7.9.0 Missing.Authorization MEDIUM" "directorist 7.8.5 Missing.Authorization.to.Unauthenticated.Settings.Change MEDIUM" "directorist 7.5.5 Subscriber+.Arbitrary.User.Password.Reset.to.Privilege.Escalation HIGH" "directorist 7.5.5 Subscriber+.Insecure.Direct.Object.Reference.to.Arbitrary.Post.Deletion MEDIUM" "directorist 7.5.4 Admin+.LFI MEDIUM" "directorist 7.4.4 Subscriber+.Sensitive.Information.Disclosure MEDIUM" "directorist 7.4.2.2 Subscriber+.Arbitrary.User.Password.Update.via.IDOR HIGH" "directorist 7.3.1 Unauthenticated.Email.Address.Disclosure MEDIUM" "directorist 7.3.0 Subscriber+.Arbitrary.E-mail.Sending MEDIUM" "directorist 7.2.3 Business.Directory.Plugin.<.7.2.3.-.Admin+.Arbitrary.File.Upload MEDIUM" "directorist 7.0.6.2 CSRF.to.Remote.File.Upload CRITICAL" "donation-button No.known.fix Contributor+.Stored.XSS MEDIUM" "donation-button No.known.fix Subscriber+.Broken.Access.Control.leading.to.SMS.Spam MEDIUM" "dl-yandex-metrika No.known.fix Admin+.Stored.XSS LOW" "download-plugin 2.0.5 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "download-plugin 2.0.0 Subscriber+.Website.Download HIGH" "download-plugin 1.6.1 Subscriber+.Arbitrary.Plugin.Activation MEDIUM" "dynamic-qr-code-generator No.known.fix Reflected.XSS HIGH" "dev-land 3.0.5 Reflected.Cross-Site.Scripting MEDIUM" "dse-divi-section-enhancer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "droit-dark-mode No.known.fix Cross-Site.Request.Forgery MEDIUM" "dashboard-widgets-suite 3.4.4 Reflected.Cross-Site.Scripting MEDIUM" "dashboard-widgets-suite 3.4.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "dashboard-widgets-suite 3.2.2 Admin+.Stored.XSS LOW" "duplicator 1.5.10 Full.Path.Disclosure MEDIUM" "duplicator 1.5.7.1 Settings.Removal.via.CSRF MEDIUM" "duplicator 1.3.0 Unauthenticated.RCE CRITICAL" "duplicator 1.5.7.1 Unauthenticated.Sensitive.Data.Exposure HIGH" "duplicator 1.4.7.1 Unauthenticated.System.Information.Disclosure MEDIUM" "duplicator 1.4.7 Unauthenticated.Backup.Download HIGH" "duplicator 1.3.28 Unauthenticated.Arbitrary.File.Download HIGH" "duplicator 1.2.42 Unauthenticated.Arbitrary.Code.Execution MEDIUM" "duplicator 1.2.33 Cross-Site.Scripting.(XSS) MEDIUM" "duplicator 1.2.29 Duplicator.<=.1,2,28.–.Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "disabler 4.0.0 CSRF MEDIUM" "disable-comments-wpz No.known.fix Authenticated.(Administrator+).SQL.Injection CRITICAL" "dk-pricr-responsive-pricing-table 5.1.11 Author+.Stored.XSS MEDIUM" "dk-pricr-responsive-pricing-table 5.1.8 Admin+.Stored.Cross-Site.Scriping LOW" "dk-pricr-responsive-pricing-table 5.1.7 Contributor+.Stored.XSS MEDIUM" "daext-autolinks-manager 1.10.05 CSRF MEDIUM" "download-zip-attachments No.known.fix Arbitrary.File.Download HIGH" "dbox-slider-lite No.known.fix Multiple.Authenticated.SQL.injection HIGH" "donate-extra No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "delete-post-revisions-on-single-click No.known.fix Cross-Site.Request.Forgery MEDIUM" "document-emberdder 1.7.9 Subscriber+.Arbitrary.Private/Draft.Post.Title.Disclosure MEDIUM" "document-emberdder 1.7.5 Unauthenticated.Arbitrary.Private/Draft.Post.Title.Disclosure MEDIUM" "device-theme-switcher No.known.fix Cross-Site.Request.Forgery MEDIUM" "doctor-listing 1.3.6 Subscriber+.Privilege.Escalation CRITICAL" "dj-email-publish No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "docollipics-faustball-de 2.1.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "doneren-met-mollie 2.10.3 Unauthenticated.Reflected.Cross-Site.Scripting.via.search MEDIUM" "doneren-met-mollie 2.8.5 Unauthorised.CSV.Export.leading.to.Sensitive.Data.Disclosure MEDIUM" "diary-availability-calendar No.known.fix Authenticated.(subscriber+).SQL.Injection HIGH" "different-menus-in-different-pages 2.4.0 Subscriber+.Menu.Duplication MEDIUM" "documentor-lite No.known.fix Unauthenticated.SQLi HIGH" "dropdown-menu-widget No.known.fix Subscriber+.Arbitrary.Settings.Update.to.Stored.XSS MEDIUM" "da-reactions 4.0.4 Reflected.Cross-Site.Scripting MEDIUM" "da-reactions 3.20.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "dx-auto-save-images No.known.fix CSRF MEDIUM" "divi-builder 4.25.1 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "divi-builder 4.5.3 4.5.2,.Extra.2.0.-.4.5.2,.Divi.Builder.2.0.-.4.5.2).-.Authenticated.Arbitrary.File.Upload MEDIUM" "divi-builder 4.0.10 Authenticated.Code.Injection MEDIUM" "divi-builder 2.17.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "divi-builder 1.2.4 Privilege.Escalation HIGH" "delightful-downloads No.known.fix Unauthenticated.Path.Traversal MEDIUM" "disable-update-notifications 2.4.2 Settings.Update.via.CSRF MEDIUM" "debug-log-manager 2.3.2 Missing.Authorization MEDIUM" "debug-log-manager 2.3.2 Missing.Authorization.via.toggle_debugging MEDIUM" "debug-log-manager 2.3.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "debug-log-manager 2.3.0 Sensitive.Logs.Exposure MEDIUM" "debug-log-manager 2.2.2 Debug.Log.Clearing.via.CSRF MEDIUM" "debug-log-manager 2.2.2 Subscriber+.Debug.Log.Clearing MEDIUM" "directories 1.3.46 Authenticated.Reflected.Cross-Site.Scripting CRITICAL" "directories 1.3.46 Authenticated.Self-Reflected.Cross-Site.Scripting LOW" "drag-and-drop-form-builder-for-contact-form-7 1.2.6 Reflected.Cross-Site.Scripting MEDIUM" "drag-and-drop-form-builder-for-contact-form-7 1.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "dop-shortcodes No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "domain-replace No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dextaz-ping No.known.fix Admin+.RCE MEDIUM" "dtabs No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "drug-search No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "debug-info No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "duplicate-post 3.2.4 Authenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "different-home-for-logged-in-logged-out 1.3.4 Reflected.Cross-Site.Scripting MEDIUM" "ds-cf7-math-captcha No.known.fix Reflected.XSS HIGH" "dc-woocommerce-multi-vendor 4.2.1 Missing.Authorization.to.Limited.Vendor.Privilege.Escalation/Account.Takeover CRITICAL" "dc-woocommerce-multi-vendor 4.2.0 Reflected.Cross-Site.Scripting HIGH" "dc-woocommerce-multi-vendor 4.1.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.hover_animation.Parameter MEDIUM" "dc-woocommerce-multi-vendor 4.1.4 Missing.Authorization MEDIUM" "dc-woocommerce-multi-vendor 4.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dc-woocommerce-multi-vendor 4.0.26 Missing.Authorization HIGH" "dc-woocommerce-multi-vendor 4.0.24 Missing.Authorization.via.mvx_save_dashpages HIGH" "dc-woocommerce-multi-vendor 4.0.26 Improper.Authorization.on.REST.Routes.via.'save_settings_permission' HIGH" "dc-woocommerce-multi-vendor 3.8.12 Multiple.Reflected.Cross-Site.Scripting MEDIUM" "dc-woocommerce-multi-vendor 3.8.12 Unauthorised.AJAX.Calls HIGH" "dc-woocommerce-multi-vendor 3.8.12 Unauthenticated.LFI MEDIUM" "dc-woocommerce-multi-vendor 3.8.4 Reflected.Cross-Site.Scripting HIGH" "dc-woocommerce-multi-vendor 3.7.4 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "dc-woocommerce-multi-vendor 3.7.4 Unauthenticated.Arbitrary.Product.Comment MEDIUM" "dc-woocommerce-multi-vendor 3.5.8 Cross-Site.Request.Forgery MEDIUM" "dc-woocommerce-multi-vendor 3.5.8 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "dokan-lite 3.7.6 Unauthenticated.SQLi HIGH" "dokan-lite 3.6.4 Vendor.Stored.Cross-Site.Scripting MEDIUM" "dokan-lite 3.2.1 CSRF.Nonce.Bypasses MEDIUM" "dokan-lite 3.0.9 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "dokan-lite 3.0.9 Cross-Site.Request.Forgery MEDIUM" "deal-of-the-day No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "dethemekit-for-elementor 2.1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dethemekit-for-elementor 2.1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.URL.Parameter.of.the.De.Gallery.Widget MEDIUM" "dethemekit-for-elementor 2.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.slitems.Attribute MEDIUM" "dethemekit-for-elementor 2.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "dethemekit-for-elementor 2.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dethemekit-for-elementor 2.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dethemekit-for-elementor 1.5.5.5 Contributor+.Stored.XSS MEDIUM" "daggerhart-openid-connect-generic 3.8.2 Reflected.Cross.Site.Scripting.(XSS).via.Login.Error MEDIUM" "duplicator-pro 4.5.14.2 Unauthenticated.Sensitive.Data.Exposure HIGH" "duplicator-pro 4.5.11.1 Unauthenticated.Reflected.XSS HIGH" "duplicator-pro 3.8.7.1 Unauthenticated.Arbitrary.File.Download HIGH" "democracy-poll No.known.fix Missing.Authorization MEDIUM" "democracy-poll 5.4 CSRF.&.XSS HIGH" "database-for-cf7 1.2.5 Subscriber+.CF7.DB.Entries.Deletion MEDIUM" "dancepress-trwa 3.1.1 Reflected.Cross-Site.Scripting MEDIUM" "dancepress-trwa 2.4.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "download-plugins-dashboard 1.9.2 Reflected.Cross-Site.Scripting MEDIUM" "download-plugins-dashboard 1.8.8 Cross-Site.Request.Forgery MEDIUM" "download-plugins-dashboard 1.8.6 Authenticated.(Admin+).Arbitrary.File.Download MEDIUM" "download-plugins-dashboard 1.6.0 Unauthenticated.Stored.XSS MEDIUM" "doko-box-builder 1.0.1 Reflected.Cross-Site.Scripting MEDIUM" "duplicate-post-page-menu-custom-post-type 2.4.0 Subscriber+.Post.Duplication MEDIUM" "duplicate-variations-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "duplicate-variations-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "divebook No.known.fix Unauthenticated.Reflected.XSS LOW" "divebook No.known.fix Improper.Authorisation.Check MEDIUM" "divebook No.known.fix Unauthenticated.SQL.Injection CRITICAL" "dynamically-register-sidebars No.known.fix Admin+.Stored.XSS LOW" "donate-with-qrcode No.known.fix Plugin's.Setting.Update.via.CSRF MEDIUM" "donate-with-qrcode 1.4.5 Stored.Cross-Site.Scripting MEDIUM" "dd-rating No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "dark-mode-for-wp-dashboard 1.2.4 Cross-Site.Request.Forgery MEDIUM" "debug-functions-time 1.41 Reflected.Cross-Site.Scripting MEDIUM" "dx-share-selection 1.5 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "dwnldr 1.01 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "disable-dashboard-for-woocommerce 3.2.9 Reflected.Cross-Site.Scripting MEDIUM" "dashboard-to-do-list 1.3.0 Missing.Authorization.via.ardtdw_widgetsetup() MEDIUM" "dashboard-to-do-list 1.3.2 Cross-Site.Request.Forgery.via.ardtdw_widgetupdate() MEDIUM" "downloader-tiktok 1.4 Server.Side.Request.Forgery.(SSRF).&.Local.File.Inclusion.(LFI) MEDIUM" "dazzlersoft-teams No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ds-site-message No.known.fix Cross-Site.Request.Forgery MEDIUM" "directory-pro 1.9.5 Subscriber+.Privilege.Escalation CRITICAL" "dirtysuds-embed-pdf No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "defender-security 4.7.3 Missing.Authorization MEDIUM" "defender-security 4.4.2 IP.Address.Spoofing MEDIUM" "defender-security 4.2.0 Sensitive.Information.Exposure.via.Log.File MEDIUM" "defender-security 4.2.1 Masked.Login.Area.Security.Feature.Bypass MEDIUM" "defender-security 4.1.0 Protection.Bypass.(Hidden.Login.Page) MEDIUM" "defender-security 2.4.6.1 CSRF.Nonce.Bypasses MEDIUM" "devices No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "devices No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "devices No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "dragfy-addons-for-elementor No.known.fix Missing.Authorization.via.save_settings MEDIUM" "donation-thermometer 2.1.3 Admin+.Stored.Cross-Site.Scripting LOW" "duplicate-theme No.known.fix CSRF MEDIUM" "doofinder-for-woocommerce 2.1.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "doofinder-for-woocommerce 2.1.1 Missing.Authorization.via.multiple.AJAX.actions MEDIUM" "doofinder-for-woocommerce 2.1.8 Reflected.Cross-Site.Scripting HIGH" "ditty-news-ticker 3.1.46 Author+.Stored.XSS MEDIUM" "ditty-news-ticker 3.1.45 Author+.Stored.XSS MEDIUM" "ditty-news-ticker 3.1.43 Author+.Stored.XSS MEDIUM" "ditty-news-ticker 3.1.39 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "ditty-news-ticker 3.1.36 Author+.Stored.XSS MEDIUM" "ditty-news-ticker 3.1.32 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "ditty-news-ticker 3.1.25 Missing.Authorization.via.save_ditty_permissions_check MEDIUM" "ditty-news-ticker 3.1.25 Reflected.XSS HIGH" "ditty-news-ticker 3.0.33 Contributor+.Stored.XSS MEDIUM" "ditty-news-ticker 3.0.15 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "dts-simple-share No.known.fix Admin+.XSS LOW" "d-bargain 4.0.0 Admin+.Stored.XSS LOW" "dzs-zoomsounds 6.50 Unauthenticated.Arbitrary.File.Download HIGH" "dzs-zoomsounds 6.05 Unauthenticated.Arbitrary.File.Upload CRITICAL" "dzs-zoomsounds 3.0 Remote.File.Upload CRITICAL" "dk-pdf 1.9.7 Reflected.Cross-Site.Scripting MEDIUM" "devvn-image-hotspot 1.2.6 Authenticated.(Author+).PHP.Object.Injection HIGH" "decorator-woocommerce-email-customizer 1.2.8 WooCommerce.Email.Customizer.<.1.2.8.-.Cross-Site.Request.Forgery MEDIUM" "digirisk 6.1.0.0 Reflected.Cross-Site.Scripting MEDIUM" "demomentsomtres-address No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "demomentsomtres-address No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "duitku-social-payment-gateway 2.11.7 Missing.Authorization.via.check_duitku_response MEDIUM" "display-metadata No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "demomentsomtres-grid-archive No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "demomentsomtres-grid-archive No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "download-now-for-woocommerce 3.5.8.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "downloadmanager 3.2.83 Unauthenticated.Password.Protected.File.Bypass MEDIUM" "database-cleaner 1.0.6 Authenticated.(Admin+).Arbitrary.File.Read MEDIUM" "database-cleaner 0.9.9 Sensitive.Information.Exposure.via.Log.File MEDIUM" "delivery-and-pickup-scheduling-for-woocommerce 1.0.12 Reflected.Cross-Site.Scripting MEDIUM" "duracelltomi-google-tag-manager 1.15.2 Admin+.Stored.Cross-Site.Scripting LOW" "duracelltomi-google-tag-manager 1.15.1 Reflected.Cross-Site.Scripting MEDIUM" "download-manager 3.3.00 Contributor+.Stored.XSS LOW" "download-manager 3.2.99 Admin+.Stored.XSS LOW" "download-manager 3.2.98 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "download-manager 3.2.90 Improper.Authorization.via.protectMediaLibrary HIGH" "download-manager 3.2.94 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Multiple.Shortcodes MEDIUM" "download-manager 3.2.87 Authenticated.(Subscriber+).Stored.Self-Based.Cross-Site.Scripting MEDIUM" "download-manager 3.2.94 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpdm_modal_login_form.Shortcode MEDIUM" "download-manager 3.2.91 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpdm-all-packages.Shortcode MEDIUM" "download-manager 3.2.85 Contributor+.Stored.XSS MEDIUM" "download-manager 3.2.85 Unauthenticated.File.Download MEDIUM" "download-manager 3.2.86 Contributor+.Stored.XSS MEDIUM" "download-manager 3.2.83 Unauthenticated.Protected.File.Download.Password.Leak MEDIUM" "download-manager 3.2.71 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "download-manager 3.2.71 Broken.Access.Controls MEDIUM" "download-manager 6.3.0 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "download-manager 3.2.62 Contributor+.Stored.XSS MEDIUM" "download-manager 3.2.60 Reflected.XSS HIGH" "download-manager 3.2.55 Admin+.Arbitrary.File/Folder.Access.via.Path.Traversal MEDIUM" "download-manager 3.2.50 Contributor+.PHAR.Deserialization HIGH" "download-manager 3.2.53 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "download-manager 3.2.51 Contributor+.Arbitrary.File.Deletion HIGH" "download-manager 3.2.49 Clear.Stats.&.Cache.via.CSRF MEDIUM" "download-manager 3.2.49 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "download-manager 3.2.50 Bypass.IP.Address.Blocking.Restriction MEDIUM" "download-manager 3.2.49 Multiple.CSRF MEDIUM" "download-manager 3.2.44 Reflected.Cross-Site.Scripting MEDIUM" "download-manager 3.2.44 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "download-manager 3.2.48 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "download-manager 3.2.43 Reflected.Cross-Site.Scripting MEDIUM" "download-manager 3.2.39 Unauthenticated.brute.force.of.files.master.key MEDIUM" "download-manager 3.2.35 Sensitive.Information.Disclosure HIGH" "download-manager 3.2.34 Authenticated.SQL.Injection.to.Reflected.XSS MEDIUM" "download-manager 3.2.22 Subscriber+.Stored.Cross-Site.Scripting HIGH" "download-manager 3.2.16 Admin+.Stored.Cross-Site.Scripting LOW" "download-manager 3.2.13 Email.Template.Setting.Update.via.CSRF MEDIUM" "download-manager 3.1.25 .Authenticated.Directory.Traversal MEDIUM" "download-manager 3.1.25 Authenticated.File.Upload MEDIUM" "download-manager 3.1.23 Unauthorised.Asset.Manager.Usage HIGH" "download-manager 3.1.19 Authenticated.(author+).PHP4.File.Upload.to.RCE CRITICAL" "download-manager 3.1.22 Plugin.Settings.Change.via.CSRF MEDIUM" "download-manager 3.1.18 Unauthorised.Download.Duplication MEDIUM" "download-manager 2.9.97 Various.Sanitisation.Issues MEDIUM" "download-manager 2.9.94 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "download-manager 2.9.61 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "download-manager 2.9.50 Cross-Site.Scripting.(XSS) MEDIUM" "download-manager 2.9.51 Open.Redirect HIGH" "dx-watermark No.known.fix Cross-Site.Request.Forgery MEDIUM" "download-button-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dynamic-content-for-elementor 2.12.5 Cross-Site.Request.Forgery MEDIUM" "dynamic-content-for-elementor 1.9.6 Authenticated.RCE CRITICAL" "dx-delete-attached-media 2.0.6 Settings.Update.via.CSRF MEDIUM" "duplicate-page-or-post 1.5.1 Arbitrary.Settings.Update.to.Stored.XSS HIGH" "docket-cache 21.08.02 Reflected.Cross-Site.Scripting HIGH" "download-theme 1.1.0 Cross-Site.Request.Forgery MEDIUM" "duofaq-responsive-flat-simple-faq No.known.fix Reflected.Cross-Site.Scripting HIGH" "dokan-pro 3.11.0 Unauthenticated.SQL.Injection CRITICAL" "dw-promobar No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "don8 No.known.fix Admin+.Stored.XSS LOW" "delete-all-comments-of-website 4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "drawblog No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "demo-importer-plus 2.0.2 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "database-backups No.known.fix CSRF.to.Backup.Download HIGH" "decalog 3.9.1 Authenticated.(Admin+).SQL.injection CRITICAL" "droit-elementor-addons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "droit-elementor-addons No.known.fix Cross-Site.Request.Forgery MEDIUM" "delete-me 3.1 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "dofollow-case-by-case 3.5.0 Email&URLs.Adding.to.Allowlist.via.CSRF MEDIUM" "demo-awesome 1.0.3 Missing.Authorization MEDIUM" "demo-awesome 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "drawit No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "deeper-comments No.known.fix Subscriber+.Arbitrary.Options.Update HIGH" "dtracker No.known.fix Unauthorised.Contract.Creation HIGH" "dtracker No.known.fix Multiple.Unauthenticated.Blind.SQL.Injections HIGH" "debug-assistant 1.5 Admin+.Stored.XSS LOW" "debug-assistant 1.5 Administrator.Account.Creation.via.CSRF HIGH" "dl-robotstxt No.known.fix Admin+.Stored.XSS LOW" "dpt-oauth-client No.known.fix CSRF MEDIUM" "dpt-oauth-client No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "delete-usermetas 1.2.0 Cross-Site.Request.Forgery MEDIUM" "demomentsomtres-mailchimp-immediate-send 3.201704281627 Reflected.Cross-Site.Scripting MEDIUM" "daily-prayer-time-for-mosques 2024.09.14 Authenticated.(Contributor+).SQL.Injection CRITICAL" "daily-prayer-time-for-mosques 2023.10.21 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "daily-prayer-time-for-mosques 2023.05.05 Contributor+.Stored.XSS MEDIUM" "daily-prayer-time-for-mosques 2023.03.18 Settings.Update.via.CSRF MEDIUM" "daily-prayer-time-for-mosques 2022.03.01 Unauthenticated.SQLi HIGH" "daily-prayer-time-for-mosques 2021.08.10 Admin+.Stored.XSS LOW" "database-peek No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "directorypress No.known.fix Authenticated.(Contributor+).SQL.Injection CRITICAL" "directorypress 3.6.8 Reflected.Cross-Site.Scripting HIGH" "dreamgrow-scroll-triggered-box No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "demomentsomtres-wp-export No.known.fix Subscriber+.unauthorized.data.export MEDIUM" "demomentsomtres-wp-export 20200610 Reflected.Cross-Site.Scripting MEDIUM" "digital-river-global-commerce No.known.fix Use.of.Polyfill.io MEDIUM" "digital-publications-by-supsystic 1.7.8 Missing.Authorization MEDIUM" "digital-publications-by-supsystic 1.7.8 Cross-Site.Request.Forgery MEDIUM" "digital-publications-by-supsystic 1.7.7 Cross-Site.Request.Forgery.via.AJAX.action MEDIUM" "digital-publications-by-supsystic 1.7.4 Admin+.Stored.Cross-Site.Scripting LOW" "digital-publications-by-supsystic 1.6.12 Authenticated.Path.Traversal LOW" "digital-publications-by-supsystic 1.7.0 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "download-monitor 5.0.10 Missing.Authorization.to.Authenticated.(Subscriber+).Shop.Enable MEDIUM" "download-monitor 4.9.14 Missing.Authorization MEDIUM" "download-monitor 4.9.5 Authenticated.(Admin+).SQL.Injection HIGH" "download-monitor 4.8.2 Admin+.SSRF MEDIUM" "download-monitor 4.5.98 Admin+.Arbitrary.File.Download MEDIUM" "download-monitor 4.5.91 Admin+.Arbitrary.File.Download MEDIUM" "download-monitor 4.4.7 Reflected.Cross-Site.Scripting MEDIUM" "download-monitor 4.4.7 Admin+.Arbitrary.File.Download MEDIUM" "download-monitor 4.4.7 Admin+.Stored.Cross-Site.Scripting LOW" "download-monitor 4.4.5 Admin+.SQL.Injection MEDIUM" "download-monitor 1.9.7 Unauthenticated.Downloading.of.Logs MEDIUM" "download-monitor 1.7.1 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "download-monitor 1.6.4 Authenticated.Directory.Listing MEDIUM" "download-monitor 3.3.6.2 Multiple.Reflected.Cross-Site.Scripting MEDIUM" "ds-suit No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "debug 1.11 CSRF MEDIUM" "daves-wordpress-live-search No.known.fix Admin+.Stored.XSS LOW" "delete-all-comments-easily No.known.fix All.Comments.Deletion.via.CSRF MEDIUM" "dark-mode 1.7 Stored.XSS MEDIUM" "distancr 1.1.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "dd-post-carousel 1.4.7 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "digital-climate-strike-wp No.known.fix Redirect.to.Malicious.Website.due.to.Compromised.JS.Asset HIGH" "digiproveblog No.known.fix Reflected.Cross-Site-Scripting MEDIUM" "demomentsomtres-mailchimp-subscribe 3.201706150908 Reflected.Cross-Site.Scripting MEDIUM" "disable-comments 1.0.4 disable_comments_settings.php.Comment.Status.Manipulation.CSRF HIGH" "download-attachments 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "download-attachments 1.3 Contributor+.Stored.XSS MEDIUM" "dans-gcal 1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "delete-old-orders No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dont-muck-my-markup No.known.fix Cross-Site.Request.Forgery MEDIUM" "drop-shadow-boxes 1.7.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "drop-shadow-boxes 1.7.12 Reflected.Cross-Site.Scripting MEDIUM" "drop-shadow-boxes 1.7.11 Contributor+.Cross-Site.Scripting MEDIUM" "drop-shadow-boxes 1.7.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "drop-shadow-boxes 1.7.2 Subscriber+.Arbitrary.Option.Update CRITICAL" "dukapress 2.5.9.1 Unauthenticated.Blind.SQL.Injection CRITICAL" "drag-n-drop-upload-cf7-pro 2.11.1 Contact.Form.7.Standard.<.2.11.1.-.Reflected.Cross-Site.Scripting HIGH" "drag-n-drop-upload-cf7-pro 5.0.6.4 Contact.Form.7.with.Remote.Storage.Integrations.<.5.0.6.4.-.Reflected.Cross-Site.Scripting HIGH" "drag-n-drop-upload-cf7-pro 5.0.6.3 Contact.Form.7.with.Remote.Storage.Integrations.<.5.0.6.3.-.Path.Traversal MEDIUM" "drag-n-drop-upload-cf7-pro 2.11.0 Contact.Form.7.Standard.<.2.11.0.-.Path.Traversal MEDIUM" "display-a-meta-field-as-block 1.2.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dl-verification No.known.fix Admin+.Stored.XSS LOW" "download-info-page No.known.fix Admin+.Stored.XSS LOW" "display-custom-post No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "delete-duplicate-posts 4.9 Missing.Authorization.via.AJAX.Actions MEDIUM" "delete-duplicate-posts 4.8.9 Reflected.Cross-Site.Scripting MEDIUM" "delete-duplicate-posts 4.7.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "delete-duplicate-posts 4.1.9.5 Subscriber+.Arbitrary.Option.Update CRITICAL" "dynamic-featured-image No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.dfiFeatured.Parameter MEDIUM" "dn-popup No.known.fix Settings.Update.via.CSRF MEDIUM" "dupeoff No.known.fix Admin+.Stored.XSS LOW" "dearpdf-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "duplica 0.7 Authenticated.(Subscriber+).Missing.Authorization.to.Users/Posts.Duplicates.Creation MEDIUM" "date-time-picker-field 2.3 Reflected.Cross-Site.Scripting MEDIUM" "date-time-picker-field 2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "decon-wp-sms No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "data-tables-generator-by-supsystic 1.10.32 Missing.Authorization MEDIUM" "data-tables-generator-by-supsystic 1.10.20 Admin+.Stored.Cross-Site.Scripting LOW" "data-tables-generator-by-supsystic 1.10.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "data-tables-generator-by-supsystic 1.10.0 Authenticated.SQL.Injection CRITICAL" "data-tables-generator-by-supsystic 1.9.92 Authenticated.Stored.XSS MEDIUM" "data-tables-generator-by-supsystic 1.9.92 Insecure.Permissions.on.AJAX.Actions MEDIUM" "data-tables-generator-by-supsystic 1.9.92 CSRF.to.Stored.XSS,.Data.Table.Creations,.Settings.Modification CRITICAL" "delivery-drivers-for-vendors 1.1.1 Reflected.Cross-Site.Scripting MEDIUM" "delivery-drivers-for-vendors 1.0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "delivery-woo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "delivery-woo No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "duplicate-wp-page-post 2.8 Admin+.Stored.Cross-Site.Scripting LOW" "duplicate-wp-page-post 2.5.7 SQL.Injections.due.to.Duplicated.Snippets HIGH" "dw-question-answer-pro 1.3.7 Multiple.CSRF MEDIUM" "dw-question-answer-pro 1.3.7 Arbitrary.Comment.Edition.via.IDOR MEDIUM" "dw-question-answer No.known.fix CSRF.Bypass.in.Multiple.Plugins MEDIUM" "database-collation-fix 1.2.8 Cross-Site.Request.Forgery MEDIUM" "dropbox-folder-share No.known.fix Unauthenticated.Server-Side.Request.Forgery.via.'link' HIGH" "dropbox-folder-share No.known.fix Unauthenticated.Remote.Code.Execution.via.LFI CRITICAL" "delete-custom-fields No.known.fix Cross-Site.Request.Forgery.to.Post.Meta.Deletion MEDIUM" "delucks-seo 2.5.5 Missing.Authorization MEDIUM" "dn-footer-contacts 1.6.3 Admin+.Stored.XSS LOW" "display-medium-posts No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.display_medium_posts.Shortcode MEDIUM" "demomentsomtres-gravity-forms-improvements 201704251008 Reflected.Cross-Site.Scripting MEDIUM" "demo-my-wordpress 1.1.0 Unauthenticated.Privilege.Escalation CRITICAL" "domain-check 1.0.17 Reflected.Cross-Site.Scripting MEDIUM" "display-widgets 2.7 Backdoored MEDIUM" "drag-and-drop-multiple-file-upload-for-woocommerce 1.1.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "dh-anti-adblocker 37 Anti.AdBlocker.<.37.-.Settings.Update.via.CSRF MEDIUM" "demomentsomtres-media-tools-auto No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "demomentsomtres-media-tools-auto No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "download-media No.known.fix Missing.Authorization.via.generate_link_for_media MEDIUM" "dyslexiefont No.known.fix CSRF MEDIUM" "dyslexiefont 1.0.0 Authenticated.Cross-Site.Scripting MEDIUM" "domain-mapping-system 1.9.3 Reflected.Cross-Site.Scripting MEDIUM" "domain-mapping-system 1.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "dsgvo-all-in-one-for-wp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dsgvo-all-in-one-for-wp 4.4 Cross-Site.Request.Forgery MEDIUM" "dsgvo-all-in-one-for-wp 4.2 Admin+.Stored.Cross-Site.Scripting LOW" "dsgvo-all-in-one-for-wp 4.0 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.7.8 Sensitive.Information.Exposure MEDIUM" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.7.4 Contact.Form.7.<.1.3.7.4.-.Unauthenticated.Arbitrary.File.Upload HIGH" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.6.6 File.Upload.and.File.deletion.via.CSRF MEDIUM" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.6.5 File.Upload.Size.Limit.Bypass MEDIUM" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.6.3 Contact.Form.7.<.1.3.6.3.-.Unauthenticated.Stored.XSS MEDIUM" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.5.5 Unauthenticated.Remote.Code.Execution CRITICAL" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.3.3 Unauthenticated.File.Upload.Bypass CRITICAL" "debug-log-config-tool 1.5 Unauthenticated.Information.Exposure.via.Logs MEDIUM" "dnui-delete-not-used-image-wordpress No.known.fix Deletion.of.images.through.CSRF MEDIUM" "defa-online-image-protector No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "disable-right-click-for-wp No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "digits 8.4.2 Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "delivery-drivers-manager 1.1.9 Reflected.Cross-Site.Scripting MEDIUM" "delivery-drivers-manager 1.1.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "dovetail No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "donations-block No.known.fix Unauthenticated.Stored.XSS HIGH" "donations-block 2.1.0 Contributor+.Stored.XSS MEDIUM" "delhivery-logistics-courier No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "dashylite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dashylite No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "duplicate-page 4.4.3 Admin+.Stored.Cross-Site.Scripting LOW" "duplicate-page 3.4 Authenticated.SQL.Injection HIGH" "demomentsomtres-classify-on-publish No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "demomentsomtres-classify-on-publish No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "demomentsomtres-classify-on-publish No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "download-magnet 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "delicious-recipes 1.7.0 Improper.Path.Validation.to.Authenticated.(Subscriber+).Arbitrary.File.Move.and.Read HIGH" "delicious-recipes 1.6.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "delicious-recipes 1.5.3 Reflected.Cross-Site.Scripting MEDIUM" "delicious-recipes 1.3.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "dimage-360 No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "deny-all-firewall 1.1.7 CSRF HIGH" "demon-image-annotation 4.8 Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "depicter 3.5.0 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "depicter 3.5.0 Missing.Authorization MEDIUM" "depicter 3.1.2 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "depicter 3.2.0 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "depicter 3.1.0 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "depicter 3.1.0 Authenticated.(Contributor+).Arbitrary.Nonce.Generation MEDIUM" "depicter 2.0.7 Settings.Update.via.CSRF MEDIUM" "easy-login-styler No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "easy-maintenance-mode-coming-soon No.known.fix Information.Exposure MEDIUM" "expert-invoice No.known.fix Expert.Invoice.<=.1,0,2.-Admin+.Stored.XSS LOW" "easy-custom-code 1.0.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "everest-backup 2.2.5 Admin+.Arbitrary.File.Upload MEDIUM" "everest-backup 2.2.0 Sensitive.Information.Exposure.via.Log.File HIGH" "elex-woocommerce-google-product-feed-plugin-basic 1.2.4 Reflected.Cross-Site.Scripting.(XSS) HIGH" "email-customizer-woocommerce 1.7.2 Multiple.Author+.SQLi MEDIUM" "edd-venmo No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-wp-smtp 2.3.1 Exposure.of.Sensitive.Information.via.the.UI LOW" "easy-wp-smtp 1.5.2 Admin+.Arbitrary.File.Deletion MEDIUM" "easy-wp-smtp 1.5.2 Admin+.RCE MEDIUM" "easy-wp-smtp 1.5.2 Admin+.Arbitrary.File.Access MEDIUM" "easy-wp-smtp 1.5.0 Admin+.PHP.Objection.Injection MEDIUM" "easy-wp-smtp 1.4.3 Debug.Log.Disclosure HIGH" "easy-wp-smtp 1.3.9.1 Unauthenticated.Arbitrary.wp_options.Import MEDIUM" "external-media 1.0.36 Admin+.Stored.XSS LOW" "external-media 1.0.34 Authenticated.Arbitrary.File.Upload CRITICAL" "eprolo-dropshipping 1.7.2 Missing.Authorization MEDIUM" "exclusive-addons-for-elementor 2.6.9.9 Authenticated.(Contibutor+).Stored.Cross-Site.Scripting.via.Card.Widget MEDIUM" "exclusive-addons-for-elementor 2.6.9.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Team.Member.Widget MEDIUM" "exclusive-addons-for-elementor 2.6.9.2 Missing.Authorization.to.Post.Duplication MEDIUM" "exclusive-addons-for-elementor 2.6.9.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Call.to.Action MEDIUM" "exclusive-addons-for-elementor 2.6.9.4 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "exclusive-addons-for-elementor 2.6.9.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Expired.Title MEDIUM" "exclusive-addons-for-elementor 2.6.9.3 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Post.Grid MEDIUM" "exclusive-addons-for-elementor 2.6.9.3 Contributor+.Stored.XSS MEDIUM" "exclusive-addons-for-elementor 2.6.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "exclusive-addons-for-elementor 2.6.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "exclusive-addons-for-elementor 2.6.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Call.To.Action.Widget MEDIUM" "exclusive-addons-for-elementor 2.6.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Timer.Widget MEDIUM" "exclusive-addons-for-elementor 2.6.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "exclusive-addons-for-elementor 2.6.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Covid-19.Stats.Widget MEDIUM" "exclusive-addons-for-elementor 2.6.9 Contributor+.Stored.XSS MEDIUM" "exclusive-addons-for-elementor 2.6.9 Contributor+.Stored.XSS MEDIUM" "exclusive-addons-for-elementor 2.6.2 Arbitrary.Uninstall.Reason.Feedback.via.CSRF MEDIUM" "easy-contact-form-pro 1.1.1.9 Authenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "ecommerce-product-catalog 3.3.33 Reflected.Cross-Site.Scripting MEDIUM" "ecommerce-product-catalog 3.3.29 Cross-Site.Request.Forgery MEDIUM" "ecommerce-product-catalog 3.3.27 Sensitive.Information.Exposure.via.CSV.Files MEDIUM" "ecommerce-product-catalog 3.3.27 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "ecommerce-product-catalog 3.3.26 Products.Deletion.via.CSRF MEDIUM" "ecommerce-product-catalog 3.3.9 Admin+.Stored.XSS LOW" "ecommerce-product-catalog 3.3.5 Admin+.Stored.XSS LOW" "ecommerce-product-catalog 3.0.72 Reflected.XSS MEDIUM" "ecommerce-product-catalog 3.0.72 Reflected.XSS.via.AJAX MEDIUM" "ecommerce-product-catalog 3.0.71 Reflected.XSS MEDIUM" "ecommerce-product-catalog 3.0.39 Reflected.Cross-Site.Scripting HIGH" "ecommerce-product-catalog 3.0.18 Cross-Site.Request.Forgery MEDIUM" "ecommerce-product-catalog 3.0.18 CSRF.Nonce.Bypass MEDIUM" "ecommerce-product-catalog 2.9.44 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "event-calendars No.known.fix Unauthenticated.Arbitrary.Calendar.Deletion MEDIUM" "easyazon No.known.fix Reflected.Cross-Site.Scripting.via.easyazon-cloaking-locale MEDIUM" "easyazon 5.1.1 Missing.Authorization.on.AJAX.actions MEDIUM" "eyes-only-user-access-shortcode No.known.fix Admin+.Stored.XSS LOW" "easy-table-of-contents 2.0.68 Editor+.Stored.XSS LOW" "easy-table-of-contents 2.0.67.1 Editor+.Stored.XSS LOW" "easy-table-of-contents 2.0.66 Admin+.Stored.XSS LOW" "elegant-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-facebook-likebox 6.5.7 Cross-Site.Request.Forgery MEDIUM" "easy-facebook-likebox 6.5.6 Contributor+.Stored.XSS MEDIUM" "easy-facebook-likebox 6.5.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.fb_appid MEDIUM" "easy-facebook-likebox 6.5.5 Cross-Site.Request.Forgery MEDIUM" "easy-facebook-likebox 6.5.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "easy-facebook-likebox 6.5.5 Cross-Site.Request.Forgery MEDIUM" "easy-facebook-likebox 6.5.3 Subscriber+.Settings.Update MEDIUM" "easy-facebook-likebox 6.5.0 Reflected.Cross-Site.Scripting MEDIUM" "easy-facebook-likebox 6.4.0 Contributor+.Stored.XSS MEDIUM" "easy-facebook-likebox 6.3.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-facebook-likebox 6.2.7 Reflected.Cross-Site.Scripting.(XSS) HIGH" "easy-facebook-likebox 6.2.7 Reflected.Cross-Site.Scripting HIGH" "essential-widgets 1.9 Unauthorised.Plugin's.Setting.Change MEDIUM" "everlightbox 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "everlightbox 1.1.18 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "event-list 0.8.8 Admin+.Stored.Cross-Site.Scripting LOW" "event-list 0.7.10 XSS MEDIUM" "event-list 0.7.9 Authenticated.SQL.Injection HIGH" "envo-elementor-for-woocommerce 1.4.17 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "envo-elementor-for-woocommerce 1.4.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "envo-elementor-for-woocommerce 1.4.5 Subscriber+.Template.Creation MEDIUM" "envo-elementor-for-woocommerce 1.4.5 Arbitrary.Theme.Activation.via.CSRF MEDIUM" "envo-elementor-for-woocommerce 1.4.5 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "enable-svg-uploads No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "easy-coming-soon No.known.fix Admin+.Stored.XSS LOW" "elegant-themes-icons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-video-player 1.2.2.11 Contributor+.Stored.XSS MEDIUM" "easy-video-player 1.2.2.3 Contributor+.Stored.XSS MEDIUM" "express-shop 4.0.3 CSRF.Bypass MEDIUM" "easy-code-snippets 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-code-snippets 1.0.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "exchange-addon-2checkout 1.1.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "enweby-variation-swatches-for-woocommerce 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "expire-tags No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "expire-tags No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "easy-testimonials No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "easy-testimonials 3.9.3 Contributor+.Stored.XSS MEDIUM" "easy-testimonials 3.9 Reflected.Cross-Site.Scripting MEDIUM" "easy-testimonials 3.7 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "easy-testimonials 3.7 Cross-Site.Request.Forgery MEDIUM" "easy-testimonials 3.6 Authenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "easy-testimonials 1.37 Authenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "estatik-mortgage-calculator No.known.fix Reflected.XSS HIGH" "estatik-mortgage-calculator No.known.fix Reflected.XSS HIGH" "eventon-lite 2.2.17 Admin+.Stored.XSS LOW" "eventon-lite 2.2.16 Missing.Authorization.to.Unauthenticated.Stored.Cross-Site.Scripting.and.Plugin.Settings.Updates HIGH" "eventon-lite 2.2.15 Admin+.Stored.Cross-Site.Scripting.via.event.subtitle LOW" "eventon-lite 2.2.15 Admin+.Stored.XSS LOW" "eventon-lite 2.2.8 Unauthenticated.Arbitrary.Post.Metadata.Update HIGH" "eventon-lite 2.2.8 Reflected.XSS HIGH" "eventon-lite 2.2.8 Unauthenticated.Virtual.Event.Password.Disclosure MEDIUM" "eventon-lite 2.2.9 Unauthenticated.Virtual.Event.Settings.Update MEDIUM" "eventon-lite 2.2.8 Unauthenticated.Email.Address.Disclosure MEDIUM" "eventon-lite 2.2.7 Admin+.Stored.Cross-Site.Scripting LOW" "eventon-lite 2.2 Admin.+.Stored.HTML.Injection LOW" "eventon-lite 2.2.3 Reflected.Cross.Site.Scripting HIGH" "eventon-lite 2.2 Admin+.Stored.XSS LOW" "eventon-lite 2.1.2 Unauthenticated.Post.Access.via.IDOR HIGH" "eventon-lite 2.1.2 Unauthenticated.Event.Access HIGH" "essential-grid 3.1.2 Unauthenticated.Private.Post.Disclosure MEDIUM" "essential-grid 3.0.19 Missing.Authorization HIGH" "essential-grid 3.1.1 Reflected.XSS HIGH" "exchange-addon-custom-url-tracking 1.1.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "easy-team-manager No.known.fix Authenticated.Blind.SQL.Injection CRITICAL" "easy-media-gallery-pro 1.3.0 CSRF.&.Cross-Site.Scripting.(XSS) MEDIUM" "email-obfuscate-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-custom-auto-excerpt 2.5.0 Sensitive.Information.Exposure MEDIUM" "easy-custom-auto-excerpt 2.4.7 XSS MEDIUM" "emag-marketplace-connector 1.0.1 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "exchange-rates-widget 1.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "eu-cookie-law No.known.fix Admin+.Stored.XSS LOW" "eu-cookie-law 3.1.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "extensions-leaflet-map 3.4.2 Reflected.XSS HIGH" "e2pdf 1.25.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "e2pdf 1.23.00 Missing.Authorization MEDIUM" "e2pdf 1.23.00 Cross-Site.Request.Forgery MEDIUM" "e2pdf 1.20.24 Authenticated(Administrator+).SQL.Injection MEDIUM" "e2pdf 1.20.26 Admin+.Arbitrary.File.Upload HIGH" "e2pdf 1.20.19 Authenticated.(Administrator+).PHP.Object.Injection HIGH" "e2pdf 1.20.20 Admin+.Stored.Cross-Site.Scriping LOW" "e2pdf 1.16.45 Admin+.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "eg-attachments No.known.fix Reflected.XSS HIGH" "easy-slider-revolution 1.1.0 Author+.Stored.XSS MEDIUM" "examapp No.known.fix Authenticated.SQL.Injection./.Cross-Site.Scripting HIGH" "enable-svg-webp-ico-upload No.known.fix Author+.Stored.XSS MEDIUM" "enable-svg-webp-ico-upload No.known.fix Author+.Arbitrary.File.Upload HIGH" "enable-svg-webp-ico-upload No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "easyappointments 1.3.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "evergreen-content-poster 1.4.3 Missing.Authorization MEDIUM" "evergreen-content-poster 1.4.2 Reflected.Cross-Site.Scripting MEDIUM" "evergreen-content-poster 1.4.1 Admin+.Stored.XSS LOW" "envialosimple-email-marketing-y-newsletters-gratis 2.3 Reflected.Cross-Site.Scripting MEDIUM" "envialosimple-email-marketing-y-newsletters-gratis No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "envialosimple-email-marketing-y-newsletters-gratis No.known.fix Cross-Site.Request.Forgery MEDIUM" "envialosimple-email-marketing-y-newsletters-gratis 2.2 EnvíaloSimple.<.2,2.Unauthenticated.PHP.Object.Injection MEDIUM" "easy-embed-for-youtube-wall 1.2.3 Reflected.Cross-Site.Scripting MEDIUM" "extend-filter-products-by-price-widget No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "elespare 3.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Horizontal.Nav.Menu.Widge MEDIUM" "elespare 2.1.3 Missing.Authorization.to.Subscriber+.Arbitrary.Post.Creation MEDIUM" "easy-set-favicon No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "everest-comment-rating-lite 2.0.5 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "eventprime-event-calendar-management 4.0.4.6 Open.Redirect MEDIUM" "eventprime-event-calendar-management 4.0.4.4 Missing.Authorization.to.Unauthenticated.Private.or.Password-Protected.Events.Disclosure MEDIUM" "eventprime-event-calendar-management 4.0.4.0 Missing.Authorization.via.calendar_event_create() MEDIUM" "eventprime-event-calendar-management 3.3.5 Unauthenticated.Booking.Price.Manipulation MEDIUM" "eventprime-event-calendar-management 3.4.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "eventprime-event-calendar-management 3.4.4 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Deletion MEDIUM" "eventprime-event-calendar-management 3.4.3 Missing.Authorization.to.Arbitrary.Post.Overwrite MEDIUM" "eventprime-event-calendar-management 3.4.4 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "eventprime-event-calendar-management 3.4.4 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Email.Sending MEDIUM" "eventprime-event-calendar-management 3.4.3 Unauthenticated.Booking.Payment.Bypass MEDIUM" "eventprime-event-calendar-management 3.4.1 Missing.Authorization.to.Authenticated.(Subscriber+).Attendee.List.Retrieval MEDIUM" "eventprime-event-calendar-management 3.4.2 Missing.Authorization.to.Authenticated.(Subscriber+).Event.Export MEDIUM" "eventprime-event-calendar-management 3.4.0 Improper.Input.Validation.via.save_event_booking MEDIUM" "eventprime-event-calendar-management 3.3.6 Unauthenticated.Event.Access MEDIUM" "eventprime-event-calendar-management 3.3.3 Contributor+.Stored.XSS MEDIUM" "eventprime-event-calendar-management 3.3.6 Booking.Pricing.Bypass MEDIUM" "eventprime-event-calendar-management 3.1.6 Reflected.XSS HIGH" "eventprime-event-calendar-management 3.2.0 Reflected.HTML.Injection.on.keyword.parameter MEDIUM" "eventprime-event-calendar-management 3.2.0 Booking.Creation.via.CSRF MEDIUM" "eventprime-event-calendar-management 3.2.0 Reflected.XSS HIGH" "eventprime-event-calendar-management 3.0.6 Reflected.Cross-Site.Scripting HIGH" "eventprime-event-calendar-management 3.0.0 Unauthenticated.Reflected.XSS HIGH" "easy-custom-js-and-css-pro No.known.fix Reflected.Cross-Site.Scripting HIGH" "event-tickets 5.11.0.5 Cross-Site.Request.Forgery MEDIUM" "event-tickets 5.8.3 Improper.Authorization.to.Information.Disclosure MEDIUM" "event-tickets 5.8.2 Missing.Authorization MEDIUM" "event-tickets 5.8.1 Contributor+.Arbitrary.Events.Access LOW" "event-tickets 5.6.0 Reflected.Cross-Site.Scripting MEDIUM" "event-tickets 5.3.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "event-tickets 5.2.2 Open.Redirect MEDIUM" "event-tickets 4.10.7.2 CSV.Injection HIGH" "eroom-zoom-meetings-webinar 1.4.19 Missing.Authorization.to.Information.Exposure MEDIUM" "eroom-zoom-meetings-webinar 1.3.4 Reflected.Cross-Site.Scripting MEDIUM" "eroom-zoom-meetings-webinar 1.3.8 Sync.Meetings.via.CSRF MEDIUM" "eroom-zoom-meetings-webinar 1.3.9 Cache.Deletion.via.CSRF MEDIUM" "eid-easy-qualified-electonic-signature 3.3.1 Use.of.Polyfill.io MEDIUM" "easy2map 1.3.0 Local.File.Inclusion CRITICAL" "easy2map 1.3.0 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "electric-studio-client-login No.known.fix Admin+.Stored.XSS LOW" "embed-office-viewer 2.2.7 Reflected.Cross-Site.Scripting MEDIUM" "embed-office-viewer 2.2.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ele-blog No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "envo-extra 1.8.25 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Widget MEDIUM" "envo-extra 1.8.17 Authenticated.(Contributor+).Cross-Site.Scripting MEDIUM" "envo-extra 1.8.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "envo-extra 1.8.4 Cross-Site.Request.Forgery MEDIUM" "export-import-menus 1.9.0 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "easy-age-verify 1.8.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "easy-age-verify 1.8.2 Reflected.Cross-Site.Scripting MEDIUM" "easy-age-verify 1.6.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "email-header-footer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "email-header-footer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "essential-real-estate 4.4.5 Insecure.Direct.Object.Reference.to.Arbitrary.Attachment.Deletion MEDIUM" "essential-real-estate 4.4.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "essential-real-estate 4.4.0 Subscriber+.Stored.XSS HIGH" "essential-real-estate 4.4.0 Subscriber+.Denial.of.Service.via.Arbitrary.Option.Update HIGH" "essential-real-estate 4.4.0 Subscriber+.Arbitrary.File.Upload CRITICAL" "essential-real-estate 4.4.0 Subscriber+.Arbitrary.File.Upload HIGH" "essential-real-estate 3.9.6 Reflected.Cross-Site-Scripting MEDIUM" "embed-google-photos-album-easily 2.2.1 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "eps-301-redirects 2.51 Easy.Redirect.Manager.<.2.51.-.Authenticated.SQL.Injection CRITICAL" "eps-301-redirects 2.45 Easy.Redirect.Manager.<.2.45.-.Authenticated.Arbitrary.Redirect.Injection.and.Modification,.XSS,.and.CSRF CRITICAL" "elementinvader-addons-for-elementor 1.2.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementinvader-addons-for-elementor 1.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementinvader-addons-for-elementor 1.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-watermark 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "easy-watermark 0.7.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "event-monster No.known.fix Unauthenticated.Information.Exposure MEDIUM" "event-monster No.known.fix Contributor+.PHP.Object.Injection.via.Custom.Meta MEDIUM" "event-monster No.known.fix Admin+.Stored.XSS LOW" "event-monster 1.2.0 Visitors.Deletion.via.CSRF MEDIUM" "event-monster 1.2.1 Admin+.SQLi MEDIUM" "email-templates 1.4.3 Email.Sending.via.CSRF MEDIUM" "export-all-urls 4.6 Reflected.XSS HIGH" "export-all-urls 4.2 Editor+.Stored.XSS MEDIUM" "export-all-urls 4.4 Admin+.Arbitrary.System.File.Removal MEDIUM" "export-all-urls 4.2 Editor+.Stored.Cross-Site.Scripting LOW" "export-all-urls 4.2 Reflected.Cross-Site.Scripting MEDIUM" "export-all-urls 4.3 Private/Draft.Post/Page.Title.Disclosure.via.CSRF MEDIUM" "editable-table No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "embed-docs 3.0.0 Reflected.Cross-Site.Scripting MEDIUM" "enjoy-instagram-instagram-responsive-images-gallery-and-carousel No.known.fix Unauthenticated.Arbitrary.Instagram.Account.Unlinking MEDIUM" "enjoy-instagram-instagram-responsive-images-gallery-and-carousel No.known.fix Subscriber+.Plugin.Database.Reset MEDIUM" "enjoy-instagram-instagram-responsive-images-gallery-and-carousel 6.2.1 Reflected.Cross-Site.Scripting MEDIUM" "eventon-rsvp 2.9.5 Reflected.XSS HIGH" "easy-facebook-likebox-premium 6.2.7 Reflected.Cross-Site.Scripting HIGH" "extended-widget-options 5.1.3 Extended.<=.5.1.0.&..Widget.Options.<=.4.0.1.-.Authenticated.(Subscriber+).Information.Disclosure MEDIUM" "ezoic-integration 2.8.9 Unauthenticated.Settings.Update.to.Stored.XSS MEDIUM" "ezoic-integration 2.8.9 Admin+.Stored.XSS LOW" "easy-career-openings No.known.fix jobid.Parameter.SQL.Injection MEDIUM" "easyjobs 2.4.15 Reflected.Cross-Site.Scripting MEDIUM" "easyjobs 2.4.7 Subscriber+.Arbitrary.Settings.Update MEDIUM" "easyjobs 1.4.8 Reflected.Cross-Site.Scripting MEDIUM" "embed-peertube-playlist 1.10 Editor+.Stored.XSS LOW" "everest-timeline-lite 1.1.2 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "events-calendar-for-google No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "email-tracker 5.3.9 Reflected.Cross-Site.Scripting MEDIUM" "email-tracker 5.3.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "email-tracker 5.2.6 Reflected.Cross-Site.Scripting HIGH" "email-tracker 5.2.7 Arbitrary.Email.Entry.Deletion.via.CSRF MEDIUM" "easy-justified-gallery 1.1.1 Reflected.Cross-Site.Scripting.(XSS) HIGH" "event-tickets-with-ticket-scanner 2.3.2 Reflected.Cross-Site.Scripting MEDIUM" "event-tickets-with-ticket-scanner 2.3.8 Admin+.Stored.XSS LOW" "easy-social-share-buttons3 9.5 Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "easy-social-share-buttons3 9.5 Missing.Authorization MEDIUM" "easy-social-share-buttons3 9.5 Reflected.Cross-Site.Scripting MEDIUM" "email-subscribers 5.7.35 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "email-subscribers 5.7.35 Missing.Authorization.to.Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "email-subscribers 5.7.27 Email.Subscribers,.Newsletters.and.Marketing.Automation.Plugin.<.5.7.27.-.Missing.Authorization MEDIUM" "email-subscribers 5.7.26 Unauthenticated.SQL.Injection.via.unsubscribe CRITICAL" "email-subscribers 5.7.24 Email.Subscribers,.Newsletters.and.Marketing.Automation.Plugin.<.5.7.24.-.Unauthenticated.SQL.Injection.via.optin CRITICAL" "email-subscribers 5.7.23 Authenticated.(Subscriber+).SQL.Injection.Vulnerability.via.options[list_id] HIGH" "email-subscribers 5.7.21 Unauthenticated.SQL.Injection.via.hash CRITICAL" "email-subscribers 5.7.18 Missing.Authorization MEDIUM" "email-subscribers 5.7.20 Missing.Authorization.in.handle_ajax_request HIGH" "email-subscribers 5.7.15 Email.Subscribers,.Newsletters.and.Marketing.Automation.Plugin.<.5.7.15.-.Unauthenticated.SQL.Injection CRITICAL" "email-subscribers 5.7.16 Authenticated.(Administrator+).Cross-Site.Scripting.via.CSV.import MEDIUM" "email-subscribers 5.7.14 Missing.Authorization MEDIUM" "email-subscribers 5.7.12 Reflected.Cross-Site.Scripting.via.campaign_id MEDIUM" "email-subscribers 5.6.24 .Admin+.Directory.Traversal CRITICAL" "email-subscribers 5.5.3 Improper.Neutralization.of.Formula.Elements.in.a.CSV.File MEDIUM" "email-subscribers 5.5.1 Subscriber+.SQLi HIGH" "email-subscribers 5.3.2 Unauthenticated.arbitrary.option.update HIGH" "email-subscribers 5.3.2 Subscriber+.Blind.SQL.injection HIGH" "email-subscribers 4.5.6 Unauthenticated.email.forgery/spoofing HIGH" "email-subscribers 4.5.1 Cross-site.Request.Forgery.in.send_test_email() LOW" "email-subscribers 4.5.1 Authenticated.SQL.injection.in.es_newsletters_settings_callback() MEDIUM" "email-subscribers 4.2.3 Multiple.Issues HIGH" "email-subscribers 4.3.1 Unauthenticated.Blind.SQL.Injection CRITICAL" "email-subscribers 4.1.8 SQL.Injection HIGH" "email-subscribers 4.1.7 Cross-Site.Scripting.(XSS) CRITICAL" "email-subscribers 3.5.0 Cross-Site.Scripting.(XSS) MEDIUM" "email-subscribers 3.4.8 Unauthenticated.Subscriber.Download HIGH" "email-subscribers 2.9.1 Multiple.XSS.&.SQLi MEDIUM" "events-made-easy No.known.fix Subscriber+.SQLi HIGH" "events-made-easy 2.3.17 Subscriber+.Unauthorised.AJAX.Calls MEDIUM" "events-made-easy 2.2.81 Unauthenticated.SQLi HIGH" "events-made-easy 2.2.36 Subscriber+.SQL.Injection HIGH" "events-made-easy 2.2.24 Admin+.Stored.Cross-Site.Scripting LOW" "events-made-easy 1.6.21 CSRF.to.Cross-Site.Scripting.(XSS) HIGH" "events-made-easy 1.5.50 Multi.CSRF.to.Stored.Cross-Site.Scripting.&.Event.Deletion HIGH" "easy-marijuana-age-verify 1.5.2 Reflected.Cross-Site.Scripting MEDIUM" "easy-marijuana-age-verify 1.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "exquisite-paypal-donation No.known.fix Admin+.Stored.XSS LOW" "exportfeed-list-woocommerce-products-on-ebay-store No.known.fix Admin+.SQL.Injection MEDIUM" "exchange-addon-easy-ue-vat-taxes 1.2.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "event-page-templates-addon-for-the-events-calendar 1.6 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "envira-gallery-lite 1.8.15 Missing.Authorization MEDIUM" "envira-gallery-lite 1.8.15 Author+.Stored.XSS MEDIUM" "envira-gallery-lite 1.8.8 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "envira-gallery-lite 1.8.7.3 Missing.Authorization.to.Gallery.Modification.via.envira_gallery_insert_images MEDIUM" "envira-gallery-lite 1.8.4.7 Reflected.Cross-Site.Scripting MEDIUM" "envira-gallery-lite 1.8.3.3 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "envira-gallery-lite 1.7.7 Authenticated.Stored.Cross-Site.Scripting.(XSS).Issue MEDIUM" "easy-faq-with-expanding-text No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "epoll-wp-voting No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "epoll-wp-voting 3.4 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "epoll-wp-voting 3.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "easy-cookies-policy No.known.fix Broken.Access.Control.to.Stored.Cross-Site.Scripting HIGH" "embedder-for-google-reviews 1.5.11 Reflected.Cross-Site.Scripting MEDIUM" "email-encoder-bundle 2.2.2 Admin+.Stored.XSS LOW" "email-encoder-bundle 2.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "email-encoder-bundle 2.1.10 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "email-encoder-bundle 2.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "email-encoder-bundle 2.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "email-encoder-bundle 2.1.2 Reflected.Cross.Site.Scripting MEDIUM" "easy-notify-lite 1.1.33 Contributor+.Stored.XSS MEDIUM" "easy-notify-lite 1.1.30 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "expandable-paywall 2.0.17 Reflected.Cross-Site.Scripting MEDIUM" "expandable-paywall 2.0.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ere-recently-viewed 2.0 Unauthenticated.PHP.Object.Injection MEDIUM" "easy-custom-js-and-css No.known.fix Reflected.Cross-Site.Scripting HIGH" "easyrecipe No.known.fix Cross-Site.Request.Forgery MEDIUM" "easy-call-now-button No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-call-now-button No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "elements-for-lifterlms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "elements-for-lifterlms No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "edubin No.known.fix Unauthenticated.Server-Side.Request.Forgery HIGH" "ecommerce-two-factor-authentication 1.0.5 Two.Factor.Authentication.<.1.0.5.-.Reflected.Cross-Site.Scripting HIGH" "easy-prayer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-prayer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "edd-courses 0.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "edd-courses 0.1.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "ecwid-shopping-cart 6.12.11 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "ecwid-shopping-cart 6.12.5 Cross-Site.Request.Forgery MEDIUM" "ecwid-shopping-cart 6.12.5 Arbitrary.Plugin.Settings.Change.via.CSRF MEDIUM" "ecwid-shopping-cart 6.12.4 Missing.Authorization.on.multiple.functions MEDIUM" "ecwid-shopping-cart 6.11.5 Contributor+.Stored.Cross-Site.Scriping MEDIUM" "ecwid-shopping-cart 6.11.4 Import.via.CSRF MEDIUM" "ecwid-shopping-cart 6.10.24 Settings.Update.via.CSRF MEDIUM" "ecwid-shopping-cart 6.10.23 Insufficient.Access.Control MEDIUM" "external-url-as-post-featured-image-thumbnail 2.03 Reflected.Cross-Site.Scripting MEDIUM" "emergency-password-reset 9.0 Cross-Site.Request.Forgery MEDIUM" "exchange-addon-invoices 1.4.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "events-addon-for-elementor 2.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "events-addon-for-elementor 2.1.3 Missing.Authorization MEDIUM" "events-addon-for-elementor 2.1.3 Cross-Site.Request.Forgery MEDIUM" "events-addon-for-elementor 2.0.3 Reflected.Cross-Site.Scripting MEDIUM" "events-addon-for-elementor 1.9.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "extensions-for-cf7 3.0.7 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "extensions-for-cf7 2.0.9 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "eelv-newsletter 4.6.1 CSRF.&.XSS HIGH" "exchange-addon-paypal-pro 1.1.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "ecpay-logistics-for-woocommerce 1.3.1910240 Unauthenticated.Reflected.XSS MEDIUM" "erident-custom-login-and-dashboard 3.5.9 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "erident-custom-login-and-dashboard 3.5 Stored.Cross-Site.Scripting.(XSS) HIGH" "easy-event-calendar No.known.fix Admin+.Stored.XSS LOW" "easy-login-woocommerce 2.7.3 2.7.2.-.Missing.Authorization.to.Arbitrary.Options.Exposure MEDIUM" "easy-login-woocommerce 2.7.3 Missing.Authorization.to.Arbitrary.Options.Update HIGH" "easy-login-woocommerce 2.4 Settings.Reset.via.CSRF MEDIUM" "easy-login-woocommerce 2.3 Various.Versions.CSRF.to.Arbitrary.Options.Update HIGH" "easy-login-woocommerce 2.2 Reflected.Cross-Site.Scripting HIGH" "easy-login-woocommerce 1.5 Authenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "easy-form-builder 3.7.5 Authenticated.(Contributor+).SQL.Injection CRITICAL" "easy-form-builder 3.4.0 Admin+.Stored.XSS LOW" "extreme-blocks 0.8.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-table-booking No.known.fix Cross-Site.Request.Forgery MEDIUM" "event-registration-calendar-by-vcita No.known.fix CSRF.to.Stored.XSS.in.settings.page MEDIUM" "event-registration-calendar-by-vcita 1.4.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "enhanced-e-commerce-for-woocommerce-store 7.1.1 All-in-one.Google.Analytics,.Pixels.and.Product.Feed.Manager.for.WooCommerce.<.7.1.1.-.Reflected.Cross-Site.Scripting MEDIUM" "enhanced-e-commerce-for-woocommerce-store 7.0.0 Reflected.Cross-Site.Scripting MEDIUM" "enhanced-e-commerce-for-woocommerce-store 7.0.8 Subscriber+.SQL.Injection.via.ee_syncProductCategory HIGH" "enhanced-e-commerce-for-woocommerce-store 7.0.8 Subscriber+.SQL.Injection HIGH" "enhanced-e-commerce-for-woocommerce-store 6.5.4 Reflected.XSS HIGH" "enhanced-e-commerce-for-woocommerce-store 5.2.4 Settings.Update.via.CSRF MEDIUM" "enhanced-e-commerce-for-woocommerce-store 4.6.2 Subscriber+.SQL.Injection HIGH" "ether-and-erc20-tokens-woocommerce-payment-gateway 4.12.13 Reflected.Cross-Site.Scripting MEDIUM" "ether-and-erc20-tokens-woocommerce-payment-gateway 4.12.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "exportfeed-for-woocommerce-product-to-etsy 5.2.0 Reflected.Cross-Site.Scripting MEDIUM" "exportfeed-for-woocommerce-product-to-etsy 3.3.2 Cross-Site.Request.Forgery MEDIUM" "exportfeed-for-woocommerce-product-to-etsy 3.3.2 CSRF.Bypass MEDIUM" "easy-ad-manager No.known.fix Admin+.Stored.XSS LOW" "embed-video-thumbnail 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "export-woocommerce 2.1.0 Reflected.Cross-Site.Scripting MEDIUM" "export-woocommerce 2.0.12 Reflected.Cross-Site.Scripting MEDIUM" "export-woocommerce 2.0.9 Missing.Authorization MEDIUM" "export-woocommerce 2.0.11 Reflected.XSS HIGH" "everest-review-lite No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "eazydocs 2.5.1 Missing.Authorization MEDIUM" "eazydocs 2.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "eazydocs 2.5.0 Admin+.Stored.XSS LOW" "eazydocs 2.4.0 Subscriber+.Arbitrary.Posts.Deletion.and.Document.Management MEDIUM" "eazydocs 2.3.6 Subscriber+.Arbitrary.Posts.Deletion.and.Document.Management MEDIUM" "eazydocs 2.3.4 Subscriber.+.SQLi HIGH" "eazydocs 2.3.6 Reflected.XSS MEDIUM" "eazydocs 2.3.6 Unauthenticated.OnePage.Document.Update/Publish MEDIUM" "eazydocs 2.2.1 Reflected.Cross-Site.Scripting MEDIUM" "easy-wp-cleaner 2.0 Data.Deletion.via.CSRF MEDIUM" "events-search-addon-for-the-events-calendar 1.2 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "extensive-vc-addon 1.9.1 Unauthenticated.RCE CRITICAL" "easy-affiliate-links 3.7.4 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Reset MEDIUM" "easy-affiliate-links 3.7.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-affiliate-links 3.7.1 Contributor+.Stored.XSS MEDIUM" "error-log-monitor 1.7.7 Reflected.Cross-Site.Scripting MEDIUM" "error-log-monitor 1.7.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "error-log-monitor 1.6.5 Subscriber+.Arbitrary.Option.Update CRITICAL" "easy-fancybox 1.8.18 Authenticated.Stored.XSS MEDIUM" "elex-woocommerce-dynamic-pricing-and-discounts 2.1.3 Cross-Site.Request.Forgery MEDIUM" "elex-woocommerce-dynamic-pricing-and-discounts 2.1.3 Cross-Site.Request.Forgery MEDIUM" "elex-woocommerce-dynamic-pricing-and-discounts 2.1.3 Reflected.Cross-Site.Scripting MEDIUM" "error-log-viewer 1.1.3 Directory.Listing.to.Sensitive.Data.Exposure LOW" "error-log-viewer 1.1.2 Arbitrary.Text.File.Deletion.via.CSRF LOW" "error-log-viewer 1.1.2 Admin+.Arbitrary.File.Clearing MEDIUM" "error-log-viewer 1.0.6 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "educare 1.4.7 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "educare 1.4.4 Students.&.Result.Management.System.<.1.4.4.-.Cross-Site.Request.Forgery.(CSRF) MEDIUM" "edd-recent-purchases No.known.fix Unauthenticated.Remote.File.Inclusion CRITICAL" "external-media-without-import No.known.fix Subscriber+.Blind.SSRF LOW" "external-media-without-import 1.0.1 Reflected.XSS HIGH" "email-artillery No.known.fix Multiple.Reflected.Cross-Site.Scripting HIGH" "email-artillery No.known.fix Arbitrary.File.Upload MEDIUM" "email-artillery No.known.fix CSRF.to.Stored.XSS HIGH" "email-artillery No.known.fix Multiple.Authenticated.SQL.Injections MEDIUM" "elegant-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Switcher,.Slider,.and.Iconbox.Widgets MEDIUM" "elegant-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.HTML.tags MEDIUM" "edwiser-bridge 3.0.6 Authentication.Bypass.due.to.Missing.Empty.Value.Check CRITICAL" "edwiser-bridge 3.0.4 Authenticated.(Administrator+).SQL.Injection CRITICAL" "edwiser-bridge 2.0.7 Cross-Site.Request.Forgery MEDIUM" "edwiser-bridge 2.0.7 CSRF.Nonce.Bypass MEDIUM" "easy-property-listings 3.5.4 Arbitrary.Contact.Deletion.via.CSRF MEDIUM" "easy-property-listings 3.5.4 Missing.Authorization.via.epl_update_listing_coordinates() MEDIUM" "easy-property-listings 3.5.3 Authenticated(Contributor+).SQL.Injection.via.Shortcode HIGH" "easy-property-listings 3.4 Cross-Site.Request.Forgery.(CSRF) HIGH" "easy-property-listings 3.4 Cross-Site.Scripting.(XSS) MEDIUM" "everse-starter-sites 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "everse-starter-sites 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "email-my-posts No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "edge-gallery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "edge-gallery No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "emails-verification-for-woocommerce 2.7.5 Authentication.Bypass HIGH" "emails-verification-for-woocommerce 1.8.2 Loose.Comparison.to.Authentication.Bypass CRITICAL" "everest-forms 3.0.3.1 Admin+.Stored.XSS LOW" "everest-forms 2.0.8 Unauthenticated.Server-Side.Request.Forgery.via.font_url HIGH" "everest-forms 2.0.5 Admin+.Stored.XSS LOW" "everest-forms 1.8.0 Reflected.Cross-Site.Scripting MEDIUM" "everest-forms 1.5.0 SQL.Injection CRITICAL" "evaluate No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "everest-gallery-lite 1.0.9 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "elegant-calendar-lite 1.5.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-wp-cookie-popup No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-wp-cookie-popup No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ecommerce-addon 1.4 Reflected.Cross-Site.Scripting MEDIUM" "ecommerce-addon 1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "embedalbum-pro 1.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "embedalbum-pro 1.1.28 Contributor+.Stored.XSS MEDIUM" "ebecas No.known.fix Admin+.Stored.XSS LOW" "enhanced-catalog-images-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "enhanced-catalog-images-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "enhanced-catalog-images-for-woocommerce No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "easy-form 1.2.1 Admin+.Stored.XSS LOW" "easy-paypal-events-tickets 1.2.2 Cross-Site.Request.Forgery.to.Arbitrary.Post.Deletion MEDIUM" "easy-paypal-events-tickets 1.1.2 Reflected.Cross-Site.Scripting.via.page.Parameter HIGH" "external-media-upload 0.5 Reflected.Cross-Site.Scripting MEDIUM" "elements-plus 2.16.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elements-plus 2.16.3 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.widget.links MEDIUM" "easy2map-photos 1.1.0 SQL.Injection CRITICAL" "empty-cart-button-for-woocommerce No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ewww-image-optimizer 7.3.0 Cross-Site.Request.Forgery MEDIUM" "ewww-image-optimizer 7.2.1 Unauthenticated.Sensitive.Information.Exposure.via.Debug.Log MEDIUM" "ewww-image-optimizer 7.2.1 Sensitive.Information.Exposure MEDIUM" "ewww-image-optimizer 5.9 Cross-Site.Request.Forgery MEDIUM" "easy-appointments 3.11.19 Insufficient.Authorization MEDIUM" "easy-appointments 3.11.19 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-appointments 3.11.10 Cross-Site.Request.Forgery MEDIUM" "easy-appointments 3.11.2 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "easy-appointments 1.12.0 Cross-Site.Scripting.(XSS) MEDIUM" "enable-svg 1.4.0 Author+.Stored.Cross.Site.Scripting.via.SVG MEDIUM" "easy-org-chart No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "etsy-shop 3.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "easy-load-more No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-facebook-like-box 4.1.3 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "estatik 4.1.1 Unauthenticated.PHP.Object.Injection HIGH" "estatik 4.1.1 Subscriber+.Arbitrary.Option.Update HIGH" "estatik 4.1.1 Reflected.XSS HIGH" "estatik 2.3.1 Arbitrary.File.Upload HIGH" "easy-social-icons 3.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "easy-social-icons 3.2.5 Missing.Authorization.via.cnss_save_ajax_order MEDIUM" "easy-social-icons 3.2.1 Admin+.Stored.Cross-Site.Scripting.in.add.icon LOW" "easy-social-icons 3.2.1 Unauthenticated.Arbitrary.Icon.Deletion MEDIUM" "easy-social-icons 3.2.0 Admin+.Stored.Cross-Site.Scripting LOW" "easy-social-icons 3.1.4 Admin+.SQL.Injection MEDIUM" "easy-social-icons 3.1.3 Reflected.Cross-Site.Scripting HIGH" "easy-social-icons 3.0.9 Reflected.Cross-Site.Scripting HIGH" "event-feed-for-eventbrite 1.1.2 Reflected.Cross-Site.Scripting MEDIUM" "event-feed-for-eventbrite 1.0.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-cookie-law No.known.fix Settings.Update.via.CSRF MEDIUM" "easy-under-construction No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-under-construction 4.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "enhanced-text-widget 1.6.6 Admin+.Stored.XSS LOW" "enhanced-text-widget 1.5.8 Plugin.Installation.via.CSRF MEDIUM" "enhanced-text-widget 1.5.8 Subscriber+.Plugin.Installation MEDIUM" "easily-generate-rest-api-url No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "easy-twitter-feeds 1.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "easy-accordion-free 2.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-accordion-free 2.2.0 Contributor+.Stored.XSS MEDIUM" "easy-accordion-free 2.0.22 Admin+.Stored.Cross-Site.Scripting LOW" "enable-accessibility 1.4.1 CSRF MEDIUM" "email-before-download No.known.fix Cross-Site.Request.Forgery MEDIUM" "email-before-download 6.8 Admin+.SQL.Injection MEDIUM" "email-before-download 4.0 SMTP.Header.Injection MEDIUM" "eonet-manual-user-approve No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "easyrotator-for-wordpress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "ebay-feeds-for-wordpress 3.4 Admin+.Stored.XSS LOW" "ebay-feeds-for-wordpress 1.2 Cross-Site.Scripting.via.rss_url.Parameter MEDIUM" "ever-compare 1.2.4 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "edd-cashapp No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "enquiry-quotation-for-woocommerce 2.2.33.34 Authenticated.(Author+).PHP.Object.Injection.in.enquiry_detail.php HIGH" "enquiry-quotation-for-woocommerce 2.2.13 Admin+.Stored.XSS LOW" "easy-pie-maintenance-mode No.known.fix Admin+.Stored.XSS LOW" "email-subscribe 1.2.21 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "email-subscribe 1.2.20 Reflected.XSS HIGH" "email-subscribe 1.2.19 .Reflected.Cross-Site.Scripting MEDIUM" "email-subscribe 1.2.17 Reflected.XSS HIGH" "export-wp-page-to-static-html 2.2.3 Open.Redirect HIGH" "export-wp-page-to-static-html 2.2.0 Missing.Authorization.via.Multiple.AJAX.Actions MEDIUM" "export-wp-page-to-static-html 2.2.0 Cross-Site.Request.Forgery.via.Multiple.AJAX.Actions MEDIUM" "embed-youtube-video No.known.fix Authenticated.SQL.Injection MEDIUM" "echosign 1.2 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "easy-registration-forms No.known.fix Subscriber+.Information.Disclosure.via.Shortcode MEDIUM" "easy-registration-forms No.known.fix CSRF.to.Stored.Cross-Site.Scripting HIGH" "easy-registration-forms No.known.fix CSV.Injection MEDIUM" "ean-for-woocommerce 4.9.0 Authenticated.(Shop.Manager+).Arbitrary.Options.Update MEDIUM" "ean-for-woocommerce 4.9.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.alg_wc_ean_product_meta.Shortcode MEDIUM" "ean-for-woocommerce 4.9.3 Insecure.Direct.Object.Reference.to.Sensitve.Information.Exposure.via.Shortcode MEDIUM" "ean-for-woocommerce 4.4.3 Contributor+.Stored.XSS MEDIUM" "easy-settings-for-learndash No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-settings-for-learndash No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-panorama 1.1.5 Admin+.Stored.XSS LOW" "essential-blocks 4.9.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "essential-blocks 4.7.0 Contributor+.Stored.XSS MEDIUM" "essential-blocks 4.5.13 Contributor+.Stored.XSS MEDIUM" "essential-blocks 4.5.10 Contributor+.DOM-Based.XSS.via.Social.Icons.Block MEDIUM" "essential-blocks 4.5.4 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "essential-blocks 4.4.10 Missing.Authorization MEDIUM" "essential-blocks 4.5.4 Contributor+.Stored.XSS MEDIUM" "essential-blocks 4.5.2 Contributor+.Stored.XSS MEDIUM" "essential-blocks 4.4.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "essential-blocks 4.2.1 Subscriber+.Unauthorised.Actions MEDIUM" "essential-blocks 4.2.1 Contributor+.Unauthorised.Actions LOW" "essential-blocks 4.4.3 Unauthenticated.Local.File.Inclusion CRITICAL" "essential-blocks 4.2.1 Missing.Authorization.via.AJAX.actions MEDIUM" "essential-blocks 4.2.1 Unauthenticated.Object.Injection HIGH" "essential-blocks 4.2.1 Unauthenticated.PHP.Object.Injection.via.queries HIGH" "essential-blocks 4.2.1 Unauthenticated.PHP.Object.Injection.via.products HIGH" "essential-blocks 4.0.7 Multiple.Functions.Missing.Authorization.Checks MEDIUM" "easy-courses No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "elastic-email-sender 1.2.7 Admin+.Stored.XSS LOW" "ebook-store No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "ebook-store 5.8002 Admin+.Stored.XSS LOW" "ebook-store 5.785 Reflected.XSS HIGH" "ebook-store 5.78 Admin+.Stored.XSS LOW" "ebook-store 5.78 Unauthenticated.Sensitive.Data.Disclose MEDIUM" "exs-widgets 0.3.2 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "easy-svg 3.3.0 Author+.Stored.Cross.Site.Scripting.via.SVG MEDIUM" "easy-modal 2.1.0 Authenticated.SQL.Injection HIGH" "enable-wp-debug-from-admin-dashboard 1.86 Reflected.Cross-Site.Scripting MEDIUM" "extra-user-details 0.5.1 Admin+.Stored.XSS LOW" "extra-user-details 0.5.1 Settings.Update.to.Stored.XSS.via.CSRF HIGH" "event-espresso-decaf 5.0.22.decaf Authenticated.(Subscriber+).Missing.Authorization.to.Limited.Plugin.Settings.Modification MEDIUM" "event-espresso-decaf 4.10.12 Cross-Site.Request.Forgery MEDIUM" "event-espresso-decaf 4.10.14 CSRF.Bypass MEDIUM" "embed-any-document 2.7.2 Author+.Stored.XSS LOW" "email-address-encoder 1.0.24 Cross-Site.Request.Forgery.via.eae_clear_caches() MEDIUM" "email-address-encoder 1.0.23 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-media-download 1.1.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "easy-media-download 1.1.5 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "event-tickets-plus 5.9.1 Contributor+.Arbitrary.Events.Access LOW" "event-tickets-plus 5.9.1 Contributor+.Attendees.Lists.Disclosure LOW" "elfsight-pricing-table No.known.fix Cross-Site.Request.Forgery.via.ajax() MEDIUM" "elfsight-pricing-table No.known.fix Missing.Authorization MEDIUM" "easy-paypal-shopping-cart 1.1.11 Contributor+.Stored.XSS MEDIUM" "eu-vat-for-woocommerce 2.12.14 Missing.Authorization MEDIUM" "eu-vat-for-woocommerce 2.12.14 Reflected.Cross-Site.Scripting MEDIUM" "eu-vat-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting HIGH" "easy-post-views-count 1.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-gallery-slideshow No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "elasticpress 5.1.2 Data.Sync.via.CSRF MEDIUM" "elasticpress 3.5.4 Cross-Site.Request.Forgery MEDIUM" "easy-sign-up No.known.fix Contributor+.Stored.XSS MEDIUM" "event-notifier 1.2.1 XSS MEDIUM" "exit-intent-popups-by-optimonk 2.0.5 Account.ID.Update.via.CSRF MEDIUM" "elementskit-lite 3.2.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Video.Widget MEDIUM" "elementskit-lite 3.2.1 Unauthenticated.Information.Exposure.via.ekit_widgetarea_content.Function MEDIUM" "elementskit-lite 3.2.0 Missing.Authorization MEDIUM" "elementskit-lite 3.1.3 3.1.2.-.Contributor+.Stored.XSS MEDIUM" "elementskit-lite 3.1.1 Contributor+.Local.File.Inclusion.via.Onepage.Scroll.Module HIGH" "elementskit-lite 3.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Widget MEDIUM" "elementskit-lite 3.0.7 Contributor+.Local.File.Inclusion HIGH" "elementskit-lite 3.0.7 Contributor+.Stored.XSS MEDIUM" "elementskit-lite 3.0.4 Contributor+.Stored.XSS MEDIUM" "elementskit-lite 3.0.6 Contributor+.Stored.XSS MEDIUM" "elementskit-lite 3.0.5 Contributor+.Stored.XSS MEDIUM" "elementskit-lite 3.0.4 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "elementskit-lite 2.9.2 Missing.Authorization MEDIUM" "elementskit-lite 2.2.0 Contributor+.Stored.XSS MEDIUM" "extended-search-plugin No.known.fix Settings.Update.via.CSRF MEDIUM" "export-media-urls 2.0 Cross-Site.Request.Forgery MEDIUM" "easy-tiktok-feed No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-tiktok-feed 1.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "exxp-wp No.known.fix Subscriber+.Stored.Cross-Site.Scripting HIGH" "eshop No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "eshop No.known.fix Authenticated.Blind.SQL.Injection HIGH" "eshop No.known.fix Reflected.Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "eshop 6.3.12 Remote.Code.Execution MEDIUM" "elementor 3.24.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.in.the.URL.Parameter.in.Multiple.Widgets MEDIUM" "elementor 3.22.2 Contributor+.Arbitrary.SVG.Download MEDIUM" "elementor 3.21.6 Contributor+.DOM.Stored.XSS MEDIUM" "elementor 3.20.3 Contributor+.DOM.Stored.XSS MEDIUM" "elementor 3.19.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.get_image_alt MEDIUM" "elementor 3.19.1 Authenticated(Contributor+).Arbitrary.File.Deletion.and.PHAR.Deserialization HIGH" "elementor 3.18.2 Contributor+.Arbitrary.File.Upload.to.RCE.via.Template.Import HIGH" "elementor 3.16.5 Missing.Authorization.to.Arbitrary.Attachment.Read MEDIUM" "elementor 3.16.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.get_inline_svg() MEDIUM" "elementor 3.5.5 Iframe.Injection MEDIUM" "elementor 3.13.2 Missing.Authorization MEDIUM" "elementor 3.12.2 Admin+.SQLi MEDIUM" "elementor 3.5.6 DOM.Reflected.Cross-Site.Scripting MEDIUM" "elementor 3.6.3 Subscriber+.Arbitrary.File.Upload CRITICAL" "elementor 3.4.8 DOM.Cross-Site-Scripting MEDIUM" "elementor 3.1.4 Authenticated.Stored.Cross-Site.Scripting.(XSS).in.Column.Element MEDIUM" "elementor 3.1.4 Authenticated.Stored.Cross-Site.Scripting.(XSS).in.Divider.Widget MEDIUM" "elementor 3.1.4 Authenticated.Stored.Cross-Site.Scripting.(XSS).in.Icon.Box.Widget MEDIUM" "elementor 3.1.4 Authenticated.Stored.Cross-Site.Scripting.(XSS).in.Heading.Widget MEDIUM" "elementor 3.1.4 Authenticated.Stored.Cross-Site.Scripting.(XSS).in.Accordion.Widget MEDIUM" "elementor 3.1.4 Authenticated.Stored.Cross-Site.Scripting.(XSS).in.Image.Box.Widget MEDIUM" "elementor 3.0.14 SVG.Upload.Allowed.by.Default MEDIUM" "elementor 2.9.14 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "elementor 2.9.10 Authenticated.Stored.XSS HIGH" "elementor 2.9.8 SVG.Sanitizer.Bypass.leading.to.Authenticated.Stored.XSS MEDIUM" "elementor 2.9.6 Authenticated.Safe.Mode.Privilege.Escalation MEDIUM" "elementor 2.8.5 Authenticated.Reflected.XSS MEDIUM" "elementor 2.7.7 Authenticated.Stored.XSS MEDIUM" "elementor 2.8.4 Cross-Site.Scripting.(XSS) MEDIUM" "elementor 2.7.5 Authenticated.Arbitrary.File.Upload CRITICAL" "elementor 1.8.0 Authenticated.Unrestricted.Editing HIGH" "easy-newsletter-signups No.known.fix Admin+.SQLi MEDIUM" "easy-newsletter-signups No.known.fix Missing.Authorization MEDIUM" "easy-newsletter-signups 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-order-view No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "events-widgets-for-elementor-and-the-events-calendar 1.5 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "envato-elements 2.0.11 Contributor+.Arbitrary.File.Upload HIGH" "easy-student-results No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-student-results No.known.fix Sensitive.Information.Disclosure.via.REST.API LOW" "easy-textillate No.known.fix Authenticated(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-textillate 2.02 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "exit-notifier No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "edit-comments-xt No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "enable-media-replace 4.1.5 Reflected.Cross-Site.Scripting MEDIUM" "enable-media-replace 4.1.3 Author+.PHP.Object.Injection MEDIUM" "enable-media-replace 4.0.2 Author+.Arbitrary.File.Upload CRITICAL" "enable-media-replace 4.0.0 Admin+.Path.Traversal LOW" "email-log 2.4.9 Unauthenticated.Hook.Injection HIGH" "email-log 2.4.8 Reflected.Cross-Site.Scripting HIGH" "email-log 2.4.7 Admin+.SQL.Injection MEDIUM" "e-unlocked-student-result No.known.fix Student.Result.<=.1.0.4.-.Arbitrary.File.Upload.via.CSRF HIGH" "essential-addons-elementor 5.8.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Lightbox.and.Modal.Widget MEDIUM" "essential-addons-elementor 5.8.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Team.Member.Carousel.Widget MEDIUM" "essential-addons-elementor 5.8.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'title_html_tag' MEDIUM" "essential-addons-elementor 5.4.9 Unauthenticated.SSRF MEDIUM" "essential-addons-elementor 5.4.9 Reflected.XSS HIGH" "easy-caller-with-moceanapi No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "export-post-info 1.2.1 Author+.CSV.Injection MEDIUM" "export-post-info 1.2.0 Admin+.Stored.Cross-Site.Scripting LOW" "easy-testimonial-manager No.known.fix Authenticated.SQL.Injection MEDIUM" "easy-paypal-donation 1.3.4 Arbitrary.Post.Deletion.via.CSRF HIGH" "easy-paypal-donation 1.3.2 Admin+.Stored.Cross-Site.Scripting LOW" "easy-paypal-donation 1.3.1 Reflected.Cross-Site.Scripting.via.page.Parameter HIGH" "easy-paypal-donation 1.3.1 CSRF.to.Stored.Cross-Site.Scripting HIGH" "easy-paypal-donation 1.3.1 CSRF.to.Arbitrary.Post.Deletion MEDIUM" "exchange-addon-manual-purchases 1.1.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "elementor-pro 3.21.3 Reflected.Cross-Site.Scripting MEDIUM" "elementor-pro 3.21.2 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "elementor-pro 3.20.2 Authententicated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementor-pro 3.20.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementor-pro 3.20.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Form.Widget.SVGZ.File.Upload MEDIUM" "elementor-pro 3.20.2 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.video_html_tag MEDIUM" "elementor-pro 3.20.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.Navigation MEDIUM" "elementor-pro 3.19.3 Authenticated.(Contributor+).Information.Exposure MEDIUM" "elementor-pro 3.11.7 Subscriber+.Arbitrary.Options.Update HIGH" "elementor-pro 2.9.4 Authenticated.Arbitrary.File.Upload CRITICAL" "elementor-pro 2.0.10 XSS MEDIUM" "emails-blacklist-everest-forms 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "emails-blacklist-everest-forms 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "embed-google-fonts No.known.fix Missing.Authorization MEDIUM" "easy-zillow-reviews 1.6.2 Reflected.Cross-Site.Scripting MEDIUM" "easy-zillow-reviews 1.4.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "expand-maker 3.2.7 Admin+.PHP.Object.Injection LOW" "exchange-addon-authorize-net 1.1.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "exchange-addon-easy-canadian-sales-taxes 1.1.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "enl-newsletter No.known.fix Stored.XSS.via.CSRF HIGH" "enl-newsletter No.known.fix Admin+.SQL.Injection MEDIUM" "enl-newsletter No.known.fix Campaign.Deletion.via.CSRF MEDIUM" "everest-counter-lite 2.0.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "easy-redirect-manager No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "embed-privacy 1.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-image-collage 1.13.6 Missing.Authorization.to.Authenticated.(Contributor+).Data.Clearance MEDIUM" "email-posts-to-subscribers No.known.fix Admin+.Stored.XSS LOW" "email-posts-to-subscribers No.known.fix Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "email-posts-to-subscribers No.known.fix Unauthenticated.SQLi HIGH" "education-addon No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "education-addon 1.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-pie-coming-soon 1.0.7.4 Admin+.Stored.XSS LOW" "essential-addons-for-elementor-lite 6.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Filterable.Gallery.Widget MEDIUM" "essential-addons-for-elementor-lite 6.0.4 Best.Elementor.Templates,.Widgets,.Kits.&.WooCommerce.Builders.<.6.0.4.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Fancy.Text.Widget MEDIUM" "essential-addons-for-elementor-lite 6.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.no_more_items_text.Parameter MEDIUM" "essential-addons-for-elementor-lite 5.9.27 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.9.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.9.23 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.9.22 Contributor+.Stored.Cross-Site.Scripting.via.Twitter.Feed MEDIUM" "essential-addons-for-elementor-lite 5.9.16 Contributor+.Stored.XSS MEDIUM" "essential-addons-for-elementor-lite 5.9.21 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.9.20 Contributor+.DOM-Based.Stored.Cross-Site.Scripting.via.Several.Widgets MEDIUM" "essential-addons-for-elementor-lite 5.9.20 Contributor+.Stored.Cross-Site.Scripting.via.'Dual.Color.Header',.'Event.Calendar',.&.'Advanced.Data.Table' MEDIUM" "essential-addons-for-elementor-lite 5.9.20 Contributor+.Stored.Cross-Site.Scripting.via.'Interactive.Circles' MEDIUM" "essential-addons-for-elementor-lite 5.9.18 Contributor+.Stored.XSS MEDIUM" "essential-addons-for-elementor-lite 5.9.16 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.9.16 Information.Exposure MEDIUM" "essential-addons-for-elementor-lite 5.9.16 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.9.15 Contributor+.Store.XSS.via.Widget.URL MEDIUM" "essential-addons-for-elementor-lite 5.9.14 Unauthenticated.Private/Draft.Posts.Access MEDIUM" "essential-addons-for-elementor-lite 5.9.14 Author+.PHP.Object.Injection MEDIUM" "essential-addons-for-elementor-lite 5.9.12 Contributor+.Stored.XSS MEDIUM" "essential-addons-for-elementor-lite 5.9.12 Contributor+.Stored.XSS MEDIUM" "essential-addons-for-elementor-lite 5.9.10 Contributor+.Stored.Cross-Site.Scripting.via.Data.Table MEDIUM" "essential-addons-for-elementor-lite 5.9.10 Contributor+.Stored.Cross-Site.Scripting.via.Event.Calendar HIGH" "essential-addons-for-elementor-lite 5.9.9 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.9.9 Contributor+.Stored.Cross-Site.Scripting.via.Accordion MEDIUM" "essential-addons-for-elementor-lite 5.9.9 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.9.9 Contributor+.Stored.Cross-Site.Scripting.via.Filterable.Gallery MEDIUM" "essential-addons-for-elementor-lite 5.9.8 Contributor+.Stored.XSS MEDIUM" "essential-addons-for-elementor-lite 5.9.5 Contributor+.Stored.Cross-Site.Scripting.via.Image.URl MEDIUM" "essential-addons-for-elementor-lite 5.9.5 Contributor+.Stored.Cross-Site.Scritping MEDIUM" "essential-addons-for-elementor-lite 5.9.3 Contributor+.Stored.XSS MEDIUM" "essential-addons-for-elementor-lite 5.8.9 Authenticated.(Contributor+).Privilege.Escalation HIGH" "essential-addons-for-elementor-lite 5.8.2 Unauthenticated.MailChimp.API.Key.Disclosure MEDIUM" "essential-addons-for-elementor-lite 5.7.2 Unauthenticated.Privilege.Escalation CRITICAL" "essential-addons-for-elementor-lite 5.0.9 Reflected.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.0.5 Unauthenticated.LFI CRITICAL" "essential-addons-for-elementor-lite 4.5.4 Contributor+.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "elementskit 3.6.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementskit 3.6.7 Authenticated.(Contributor+).Sensitive.Information.Exposure MEDIUM" "elementskit 3.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Motion.Text.and.Table.Widgets MEDIUM" "elementskit 3.6.3 Authenticated.(Contributor+).Server-Side.Request.Forgery HIGH" "elementskit 3.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementskit 3.6.1 Authenticated.(Contributor+).Local.File.Inclusion.via.Price.Menu,.Hotspot,.and.Advanced.Toggle.Widgets HIGH" "elementskit 3.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'ekit_btn_id' MEDIUM" "elementskit 2.2.0 Contributor+.Stored.XSS MEDIUM" "email-users No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "email-users 4.8.4 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "email-users 4.8.3 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "email-users 4.7.6 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "easy-digital-downloads 3.3.4 Authenticated.(Admin+).PHAR.Deserialization HIGH" "easy-digital-downloads 3.3.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting.via.Agreement.Text LOW" "easy-digital-downloads 3.3.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting.via.Currency.Settings MEDIUM" "easy-digital-downloads 3.3.1 Missing.Authorization MEDIUM" "easy-digital-downloads 3.3.1 Unauthenticated.SQL.Injection CRITICAL" "easy-digital-downloads 3.2.12 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "easy-digital-downloads 3.2.12 Cross-Site.Request.Forgery MEDIUM" "easy-digital-downloads 3.2.7 Cross-Site.Request.Forgery MEDIUM" "easy-digital-downloads 3.2.10 Sensitive.Information.Exposure MEDIUM" "easy-digital-downloads 3.2.7 Shop.Manager+.Stored.XSS MEDIUM" "easy-digital-downloads 3.2.6 Contributor+.Stored.XSS MEDIUM" "easy-digital-downloads 3.2.0 Missing.Authorization MEDIUM" "easy-digital-downloads 3.1.1.4.2 Unauthenticated.Privilege.Escalation CRITICAL" "easy-digital-downloads 3.1.0.5 Contributor+.Stored.XSS MEDIUM" "easy-digital-downloads 3.1.0.4 Unauthenticated.SQLi HIGH" "easy-digital-downloads 3.0 Arbitrary.Post.Deletion.via.CSRF MEDIUM" "easy-digital-downloads 3.1.0.2 Unauthenticated.CSV.Injection MEDIUM" "easy-digital-downloads 3.0.2 Admin+.PHP.Object.Injection MEDIUM" "easy-digital-downloads 2.11.6 Admin+.Stored.Cross-Site.Scripting LOW" "easy-digital-downloads 2.11.6 Arbitrary.Payment.Note.Insertion.via.CSRF LOW" "easy-digital-downloads 2.11.2.1 Reflected.Cross-Site.Scripting HIGH" "easy-digital-downloads 2.10.3 Unauthorised.Stripe.Disconnect.via.CSRF MEDIUM" "easy-digital-downloads 2.9.16 Stored.XSS MEDIUM" "easy-digital-downloads 2.5.8 PHP.Object.Injection MEDIUM" "easy-digital-downloads 2.3.7 Cross-Site.Scripting.Issue MEDIUM" "easy-digital-downloads 2.3.3 SQL.Injection CRITICAL" "easy-preloader No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "ebook-download 1.2 Directory.Traversal HIGH" "event-espresso-core-reg 4.10.7.p Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "easy-contact-form-solution 1.7 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "email-newsletter No.known.fix SQL.Injection CRITICAL" "event-post 5.9.6 Unauthenticated.Local.File.Inclusion CRITICAL" "event-post No.known.fix Cross-Site.Request.Forgery MEDIUM" "event-post 5.9.5 Missing.Authorization MEDIUM" "event-post 5.9.1 Contributor+.Stored.XSS MEDIUM" "exportfeed-for-woocommerce-google-product-feed No.known.fix Admin+.SQLi MEDIUM" "enqueue-anything No.known.fix Subscriber+.Arbitrary.Asset/Post.Deletion MEDIUM" "easyevent No.known.fix Admin+.Stored.XSS LOW" "email-queue 1.1.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "e-signature 1.5.6.8 Unauthenticated.Arbitrary.File.Upload.leading.to.RCE CRITICAL" "easy-admin-menu No.known.fix Admin+.Stored.XSS LOW" "event-espresso-free 3.1.37.12.L Authenticated.Blind.SQL.Injection HIGH" "embedpress 4.0.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "embedpress 4.0.10 Unauthenticated.Local.File.Inclusion CRITICAL" "embedpress 4.0.5 Missing.Authorization MEDIUM" "embedpress 3.9.11 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.PDF.Widget.URL MEDIUM" "embedpress 4.0.2 .Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.EmbedPress.PDF.Widget MEDIUM" "embedpress 3.9.13 Contributor+.PDF.Block.Embedding LOW" "embedpress 3.9.17 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "embedpress 3.9.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Youtube.Block MEDIUM" "embedpress 3.9.9 Missing.Authorization.via.handle_calendly_data MEDIUM" "embedpress 3.9.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "embedpress 3.9.12 Missing.Authorization MEDIUM" "embedpress 3.9.13 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Widget.Attribute MEDIUM" "embedpress 3.9.13 Authenticated.(Contributor+).Stored.Cross-site.Scripting.via.'embedpress_doc_custom_color' MEDIUM" "embedpress 3.9.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Wistia.Block MEDIUM" "embedpress 3.9.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.EmbedPress.PDF.Widget MEDIUM" "embedpress 3.9.9 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Google.Calendar.Widget.Link MEDIUM" "embedpress 3.9.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "embedpress 3.9.6 Contributor+.Stored.XSS MEDIUM" "embedpress 3.9.5 Missing.Authorization MEDIUM" "embedpress 3.9.2 Reflected.XSS HIGH" "embedpress 3.9.2 Reflected.XSS MEDIUM" "embedpress 3.8.4 Cross-Site.Request.Forgery MEDIUM" "embedpress 3.8.3 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "embedpress 3.8.3 Subscriber+.Plugin.Settings.Delete MEDIUM" "embedpress 2.0.3 Reflected.Cross-Site.Scripting MEDIUM" "embedpress 3.8.0 Sensitive.Data.Disclosure MEDIUM" "export-users-to-csv No.known.fix CSV.Injection HIGH" "easy-slideshow No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-slideshow No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-sticky-sidebar 1.5.9 Unauthenticated.AJAX.Actions.Call MEDIUM" "essential-content-types 1.9 Unauthorised.Plugin's.Setting.Change MEDIUM" "easy-call-now No.known.fix Cross-Site.Request.Forgery.via.settings_page MEDIUM" "easy-testimonial-rotator 1.0.19 Admin+.Stored.XSS LOW" "easy-testimonial-rotator 1.0.16 Reflected.Cross-Site.Scripting HIGH" "exit-popup-show No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "embed-comment-images 0.6 Unauthenticated.Stored.XSS MEDIUM" "exports-and-reports 0.9.2 Contributor+.CSV.Injection LOW" "everest-faq-manager-lite 1.0.9 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "eventr No.known.fix Blind.SQL.Injection CRITICAL" "easy-schema-structured-data-rich-snippets 2.3.0 Reflected.Cross-Site.Scripting MEDIUM" "ethereumico 2.4.4 Reflected.Cross-Site.Scripting MEDIUM" "ethereumico 2.3.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easync-booking 1.3.12 Reflected.Cross-Site.Scripting HIGH" "easync-booking 1.3.7 Reflected.Cross-Site.Scripting MEDIUM" "easync-booking 1.1.16 Unauthenticated.Arbitrary.File.Upload CRITICAL" "easync-booking 1.1.10 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "export-users No.known.fix CSV.Injection MEDIUM" "element-ready-lite 6.4.3 .Open.Redirect MEDIUM" "element-ready-lite 6.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "element-ready-lite 6.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "element-ready-lite 5.9.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "eupago-gateway-for-woocommerce 3.1.10 CSRF MEDIUM" "easy-google-map No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "editorial-calendar 3.8.3 Contributor+.Stored.XSS MEDIUM" "echo-knowledge-base 11.31.0 Unauthenticated.PHP.Object.Injection.in.is_article_recently_viewed CRITICAL" "email-customizer-for-woocommerce 2.6.1 Information.Exposure MEDIUM" "exchange-addon-stripe 1.2.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "ecab-taxi-booking-manager 1.1.0 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "erocket 1.2.5 Admin+.Stored.XSS LOW" "embed-form 1.3.2 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "easy-demo-importer 1.1.3 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "essential-blocks-pro 1.1.1 Unauthenticated.Object.Injection HIGH" "essential-blocks-pro 1.1.1 Unauthenticated.PHP.Object.Injection.via.products HIGH" "essential-blocks-pro 1.1.1 Unauthenticated.PHP.Object.Injection.via.queries HIGH" "embed-power-bi No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "edit-comments No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "edit-comments No.known.fix Unauthenticated.SQL.Injection HIGH" "easy-popup-show No.known.fix Cross-Site.Request.Forgery MEDIUM" "external-videos No.known.fix Admin+.Stored.XSS LOW" "ezpz-one-click-backup No.known.fix Cross-Site.Scripting.(XSS) CRITICAL" "exchange-addon-membership 1.3.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "ethereum-wallet 4.10.6 Reflected.Cross-Site.Scripting MEDIUM" "ethereum-wallet 4.0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "eexamhall No.known.fix CSRF MEDIUM" "easy-smooth-scroll-links No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-smooth-scroll-links 2.23.1 Admin+.Stored.Cross-Site.Scripting LOW" "easy-smooth-scroll-links 2.23.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "enhanced-plugin-admin 1.17 CSRF MEDIUM" "easy-pricing-tables 3.2.3 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "easy-pricing-tables 3.2.1 Reflected.Cross-Site-Scripting MEDIUM" "easy-pricing-tables 3.1.3 Author+.Stored.Cross-Site.Scripting MEDIUM" "easy-pricing-tables 3.1.3 Arbitrary.Post.Removal.via.CSRF MEDIUM" "edoc-employee-application No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "enhanced-wordpress-contactform 2.3 Admin+.Stored.XSS LOW" "easy-media-replace 0.2.0 Author+.File.Deletion MEDIUM" "extra-product-options-for-woocommerce 3.0.7 Missing.Authorization MEDIUM" "extra-product-options-for-woocommerce No.known.fix Authenticated.(Shop.manager+).Stored.Cross-Site.Scripting.via.plugin.settings MEDIUM" "enhanced-media-library 2.8.10 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "events-manager 6.4.9 Reflected.Cross-Site.Scripting MEDIUM" "events-manager 6.4.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.event,.location,.and.event_category.Shortcodes MEDIUM" "events-manager 6.4.7.2 Cross-Site.Request.Forgery MEDIUM" "events-manager 6.4.7 Missing.Authorization MEDIUM" "events-manager 6.4.7.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "events-manager 6.4.7.2 Cross-Site.Request.Forgery MEDIUM" "events-manager 6.4.7 Authenticated(Administator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "events-manager 6.4.6 Reflected.Cross-Site.Scripting MEDIUM" "events-manager 5.9.8 Admin+.SQL.Injection MEDIUM" "events-manager 5.9.8 Cross-Site.Scripting.(XSS) LOW" "events-manager 5.9.7.2 CSV.Injection MEDIUM" "events-manager 5.9.6 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "events-manager 5.9 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "events-manager 5.8.1.2 Unauthenticated.Stored.XSS CRITICAL" "events-manager 5.6 Cross-Site.Scripting.(XSS).&.Code.Injection MEDIUM" "events-manager 5.5.7.1 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "events-manager 5.5.7 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "events-manager 5.3.4 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "events-manager 5.3.9 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "events-manager 5.5.2 Multiple.Unspecified.XSS.Vulnerabilities MEDIUM" "events-manager 5.5 Cross-Site.Scripting.(XSS) MEDIUM" "export-woocommerce-customer-list 2.0.69 CSV.Injection LOW" "extensions-for-elementor 2.0.32 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "extensions-for-elementor 2.0.33 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.EE.Events.and.EE.Flipbox.Widget MEDIUM" "extensions-for-elementor 2.0.31 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.url.Parameter MEDIUM" "erp 1.13.1 Authenticated.(Accounting.Manager+).SQL.Injection.via.vendor_id HIGH" "erp 1.13.2 Authenticated.(AccountingManager+).SQL.Injection HIGH" "erp No.known.fix Authenticated.(Accounting.Manager+).SQL.Injection HIGH" "erp No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "erp 1.30.0 Authenticated.(Accounting.Manager+).SQL.Injection.via.id HIGH" "erp No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "erp No.known.fix Authenticated.(AccountingManager+).SQL.Injection HIGH" "erp 1.12.9 Authenticated.(Accounting.manager+).SQL.Injection HIGH" "erp 1.12.7 Missing.Authorization.via.admin.notice.dismissal MEDIUM" "erp 1.12.4 Reflected.Cross-Site.Scripting HIGH" "erp 1.12.4 Admin+.SQL.Injection MEDIUM" "erp 1.7.5 CSRF.Nonce.Bypasses MEDIUM" "erp 1.6.4 Cross-Site.Request.Forgery MEDIUM" "erp 1.6.4 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "easy-countdowner No.known.fix Cross-Site.Request.Forgery MEDIUM" "everest-admin-theme-lite 1.0.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "easy-form-builder-by-bitware No.known.fix Unauthorised.AJAX.calls HIGH" "easy-form-builder-by-bitware No.known.fix Authenticated.Arbitrary.File.Upload CRITICAL" "embedstories 0.7.5 Contributor+.Stored.XSS MEDIUM" "e-search No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "edd-tab-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "edd-tab-manager 1.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "edd-tab-manager 1.3.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "embed-calendly-scheduling 3.7 Embed.Calendly.<.3,7.Contributor+.Stored.XSS MEDIUM" "everest-google-places-reviews-lite 2.0.0 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "email-verification-for-woocommerce-pro 1.8.2 Loose.Comparison.to.Authentication.Bypass CRITICAL" "ethpress 2.1.1 Reflected.Cross-Site.Scripting MEDIUM" "ethpress 1.5.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "eventify No.known.fix Admin+.Stored.XSS LOW" "easylogo No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "enteraddons 2.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "enteraddons 2.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Events.Card.Widget MEDIUM" "enteraddons No.known.fix Contributor+.Stored.XSS MEDIUM" "enteraddons 2.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "enteraddons 2.1.6 Contributor+.Stored.XSS.via.Heading.widget MEDIUM" "enteraddons 2.1.6 Contributor+.Stored.XSS.via.Animation.Title.widget MEDIUM" "event-geek No.known.fix Stored.Cross-site.Scripting.(XSS) MEDIUM" "exmage-wp-image-links 1.0.7 Admin+.Blind.SSRF LOW" "enhanced-tooltipglossary 4.3.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "enhanced-tooltipglossary 4.3.0 Settings.Update.via.CSRF MEDIUM" "enhanced-tooltipglossary 3.9.21 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "enhanced-tooltipglossary 3.3.5 XSS MEDIUM" "easy-svg-image-allow No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "events-calendar-pro 7.0.2.1 Authenticated.(Administrator+).PHP.Object.Injection.to.Remote.Code.Execution CRITICAL" "events-calendar-pro 6.4.0.1 Contributor+.Arbitrary.Events.Access LOW" "easy-pixels-by-jevnet No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "events-calendar No.known.fix Admin+.Stored.XSS LOW" "easy-bootstrap-shortcodes No.known.fix Contributor+.Stored.XSS MEDIUM" "eventON 4.4.1 Reflected.Cross-Site.Scripting MEDIUM" "eventON 4.5.9 Unauthenticated.Virtual.Event.Settings.Update MEDIUM" "eventON 4.5.5 Unauthenticated.Email.Address.Disclosure MEDIUM" "eventON 4.5.5 Admin+.Stored.Cross-Site.Scripting LOW" "eventON 4.5.6 Unauthenticated.Arbitrary.Post.Metadata.Update HIGH" "eventON 4.5.5 Reflected.XSS HIGH" "eventON 4.5.5 Unauthenticated.Virtual.Event.Password.Disclosure MEDIUM" "eventON 4.4.1 Reflected.Cross-Site.Scripting HIGH" "eventON 4.4 Unauthenticated.Event.Access HIGH" "eventON 4.4 Unauthenticated.Post.Access.via.IDOR HIGH" "exchange-addon-table-rate-shipping 1.1.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "everest-coming-soon-lite 1.1.1 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "everest-tab-lite 2.0.4 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "easy-captcha No.known.fix Missing.Authorization MEDIUM" "easy-captcha No.known.fix Reflected.Cross-Site.Scripting HIGH" "elastik-page-builder No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "email-subscriber No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "ez-form-calculator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-side-tab-cta 1.0.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "embed-swagger No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-pdf-restaurant-menu-upload 1.2 XSS MEDIUM" "exchange-addon-easy-us-sales-taxes 1.1.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "event-calendar-wd 1.1.51 Reflected.Cross-Site.Scripting HIGH" "event-calendar-wd 1.1.51 Subscriber+.Event.Creation MEDIUM" "event-calendar-wd 1.1.46 Cross-Site.Scripting.(XSS) MEDIUM" "event-calendar-wd 1.1.45 Cross-Site.Scripting.(XSS) MEDIUM" "event-calendar-wd 1.1.22 Cross-Site.Scripting.(XSS) MEDIUM" "event-calendar-wd 1.0.94 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "easy-table 1.7 Admin+.Stored.Cross-Site.Scripting LOW" "easy-table 1.5.3 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "easy-hide-login 1.0.8 Admin+.Stored.XSS LOW" "easy-hide-login 1.0.9 Arbitrary.settings.update.via.CSRF MEDIUM" "et-core-plugin No.known.fix Unauthenticated.SQL.Injection CRITICAL" "et-core-plugin No.known.fix Missing.Authorization MEDIUM" "et-core-plugin No.known.fix Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "et-core-plugin No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "et-core-plugin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "et-core-plugin No.known.fix Authenticated.(Subscriber+).Limited.Arbitrary.File.Upload CRITICAL" "et-core-plugin No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "et-core-plugin No.known.fix Authenticated.(Subscriber+).Limited.Arbitrary.File.Download MEDIUM" "events-calendar-registration-booking-by-events-plus No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "file-away No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "favicon-by-realfavicongenerator 1.3.23 Reflected.Cross-Site.Scripting MEDIUM" "favicon-by-realfavicongenerator 1.3.22 Reflected.Cross-Site.Scripting.(XSS) HIGH" "free-comments-for-wordpress-vuukle 4.0 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "food-recipes 2.6.1 Reflected.Cross-Site.Scripting MEDIUM" "food-recipes 2.1.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fish-and-ships 1.6 Reflected.Cross-Site.Scripting MEDIUM" "facebook-like-send-button 1.2 Admin+.Stored.XSS LOW" "furikake No.known.fix Unauthenticated.Open.Redirect MEDIUM" "filter-portfolio-gallery No.known.fix Arbitrary.Gallery.Deletion.via.CSRF MEDIUM" "float-menu 6.0.1 Menu.Deletion.via.CSRF MEDIUM" "float-menu 5.0.3 Admin+.Stored.Cross-Site.Scripting LOW" "float-menu 5.0.2 Reflected.XSS MEDIUM" "float-menu 4.3.1 Arbitrary.Menu.Deletion.via.CSRF MEDIUM" "fluentforms-pdf 1.1.8 Cross-Site.Scripting MEDIUM" "floating-contact 2.8 Admin+.Stored.XSS LOW" "free-facebook-reviews-and-recommendations-widgets 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "feed-them-social 4.2.1 Cross-Site.Request.Forgery.via.review_nag_check LOW" "feed-them-social 4.0.0 Settings.Update.via.CSRF MEDIUM" "feed-them-social 3.0.1 Settings.Update.via.CSRF MEDIUM" "feed-them-social 3.0.1 Subscriber+.Stored.XSS MEDIUM" "feed-them-social 3.0.1 Reflected.Cross-Site.Scripting MEDIUM" "feed-them-social 3.0.1 Reflected.Cross-Site.Scripting MEDIUM" "feed-them-social 2.9.8.6 Unauthenticated.PHAR.Deserialisation MEDIUM" "feed-them-social 2.8.7 Cross-Site.Request.Forgery MEDIUM" "feed-them-social 2.8.7 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "feed-them-social 1.7.0 XSS.&.Arbitrary.Shortcode.Execution CRITICAL" "forym No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "flying-press 3.9.7 Arbitrary.Settings.Update.to.Stored.XSS HIGH" "floating-social-buttons No.known.fix Cross-Site.Request.Forgery MEDIUM" "fs-product-inquiry No.known.fix Unauthenticated.Stored.XSS HIGH" "fs-product-inquiry No.known.fix Reflected.XSS HIGH" "fudou 5.7.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "font-awesome-4-menus No.known.fix Contributor+.Stored.XSS MEDIUM" "font-awesome-4-menus No.known.fix Admin+.Stored.XSS LOW" "fileorganizer 1.0.8 Sensitive.Information.Exposure.via.Directory.Listing HIGH" "fileorganizer 1.0.7 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "fileorganizer 1.0.3 Admin+.Arbitrary.File.Access MEDIUM" "fx-toc No.known.fix Contributor+.Stored.XSS MEDIUM" "formcraft No.known.fix Arbitrary.File.Deletion CRITICAL" "fetch-jft 1.8.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "finale-woocommerce-sales-countdown-timer-discount 2.18.1 Cross-Site.Request.Forgery MEDIUM" "finale-woocommerce-sales-countdown-timer-discount 2.18.1 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Plugin.Installation.and.Activation MEDIUM" "finale-woocommerce-sales-countdown-timer-discount 2.18.0 Missing.Authorization.to.Unauthenticated.System.Information.Disclosure MEDIUM" "finale-woocommerce-sales-countdown-timer-discount 2.17.0 Unauthenticated.Arbitrary.File.Deletion HIGH" "flo-forms No.known.fix Missing.Authorization MEDIUM" "flo-forms 1.0.42 Subscriber+.Test.Email.Sending MEDIUM" "flo-forms 1.0.41 Admin+.Stored.XSS LOW" "flo-forms 1.0.36 Authenticated.Options.Change.to.Stored.XSS CRITICAL" "foobox-image-lightbox 2.7.32 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.HTML.Data.Attributes MEDIUM" "foobox-image-lightbox 2.7.28 Admin+.Stored.XSS LOW" "foobox-image-lightbox 2.7.27 Reflected.Cross-Site.Scripting MEDIUM" "foobox-image-lightbox 2.7.17 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "foobox-image-lightbox 2.6.4 Subscriber+.Arbitrary.Option.Update CRITICAL" "forms-for-campaign-monitor 2.8.16 Unauthenticated.Full.Path.Disclosure MEDIUM" "forms-for-campaign-monitor 2.8.14 Reflected.Cross-Site.Scripting HIGH" "fluid-notification-bar No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "follow-me No.known.fix Stored.XSS.via.CSRF MEDIUM" "faculty-weekly-schedule 1.2.0 Folders.Disclosure.via.Outdated.jQueryFileTree.Library MEDIUM" "fast-search-powered-by-solr No.known.fix Admin+.Stored.XSS LOW" "fast-search-powered-by-solr No.known.fix Settings.Update.via.CSRF MEDIUM" "forcefield 1.2.9 Reflected.Cross-Site.Scripting MEDIUM" "forcefield 1.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "favicon-switcher No.known.fix Arbitrary.Settings.Change.via.CSRF MEDIUM" "formzu-wp 1.6.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "formzu-wp 1.6.7 Contributor+.Stored.XSS.via.id MEDIUM" "forminator 1.34.1 Reflected.Cross-Site.Scripting MEDIUM" "forminator 1.29.2 HubSpot.Developer.API.Key.Sensitive.Information.Exposure HIGH" "forminator 1.15.4 Reflected.Cross-Site.Scripting MEDIUM" "forminator 1.29.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "forminator 1.29.3 Admin+.SQL.Injection MEDIUM" "forminator 1.29.3 Contributor+.Stored.Cross-Site.Scripting.via.forminator_form.Shortcode MEDIUM" "forminator 1.29.1 Unauthenticated.Stored.XSS HIGH" "forminator 1.29.1 Reflected.Cross-Site.Scripting HIGH" "forminator 1.28.0 Admin+.Arbitrary.File.Upload MEDIUM" "forminator 1.27.0 Admin+.Stored.Cross-Site.Scripting LOW" "forminator 1.25.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "forminator 1.24.4 Reflected.XSS HIGH" "forminator 1.24.1 Unauthenticated.Race.Condition.on.poll.vote MEDIUM" "forminator 1.15.4 Admin+.Stored.Cross-Site.Scripting LOW" "forminator 1.14.12 Unauthenticated.Stored.XSS HIGH" "forminator 1.14.8.1 CSRF.Nonce.Bypasses MEDIUM" "forminator 1.13.5 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "forminator 1.6 Authenticated.Multiple.Vulnerabilities MEDIUM" "favorites 2.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "favorites 2.3.3 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "form-to-chat 1.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "five-star-ratings-shortcode 1.2.48 Reflected.Cross-Site.Scripting MEDIUM" "five-star-ratings-shortcode 1.2.39 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "furnob-core No.known.fix Reflected.Cross-Site.Scripting HIGH" "fitness-trainer 1.4.1 Subscriber+.Privilege.Escalation CRITICAL" "full-page-blog-designer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ftp-access No.known.fix Subscriber+.Stored.XSS HIGH" "floating-action-button 1.2.2 Cross-Site.Request.Forgery MEDIUM" "flexible-checkout-fields 4.1.3 Missing.Authorization MEDIUM" "floating-div No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "favicon-generator 2.1 Arbitrary.File.Deletion.via.CSRF HIGH" "favicon-generator 2.1 Arbitrary.File.Upload.via.CSRF HIGH" "favicon-generator 2.1 Cross-Site.Request.Forgery.to.Arbitrary.File.Deletion CRITICAL" "forty-four No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "float-to-top-button No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "forms-gutenberg No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "forms-gutenberg 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "formbuilder No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "formbuilder 1.08 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "formbuilder 1.0.8 Multiple.Authenticated.SQL.Injection MEDIUM" "formassembly-web-forms 2.0.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "feather-login-page 1.1.6 Cross-Site.Request.Forgery.via.saveData() MEDIUM" "feather-login-page 1.1.4 CSRF HIGH" "feather-login-page 1.1.2 Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "feather-login-page 1.1.2 Missing.Authorization.to.Authentication.Bypass.and.Privilege.Escalation MEDIUM" "final-user-wp-frontend-user-profiles 1.2.2 Subscriber+.Privilege.Escalation CRITICAL" "foyer No.known.fix Content.Injection.via.Improper.Access.Control MEDIUM" "folders 3.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "folders 3.0.1 Directory.Traversal.via.handle_folders_file_upload MEDIUM" "folders 3.0.3 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.User.First.Name.and.Last.Name MEDIUM" "folders 2.9.3 Authenticated.(Author+).Arbitrary.File.Upload.in.handle_folders_file_upload HIGH" "folders 2.9.3 Authenticated.(Author+).Arbitrary.File.Upload HIGH" "fathom-analytics 3.1.0 Admin+.Stored.XSS LOW" "fathom-analytics 3.0.5 Admin+.Stored.Cross-Site.Scripting LOW" "fluent-security 1.0.2 Bypass.blocks.by.IP.Spoofing MEDIUM" "freshmail-newsletter 1.6 shortcode.php.SQL.Injection HIGH" "feed-instagram-lite 1.0.0.29 Arbitrary.Post.Duplication.via.CSRF MEDIUM" "fixed-ip-logins 1.0 Reflected.Cross-Site.Scripting MEDIUM" "facebook-page-feed-graph-api 1.9.0 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "font-awesome-more-icons No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "flowplayer6-video-player 1.0.5 Contributor+.Stored.XSS MEDIUM" "foobar-notifications-lite 2.1.32 Reflected.Cross-Site.Scripting MEDIUM" "foobar-notifications-lite 2.1.15 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fin-accounting-for-woocommerce 4.4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "flaming-forms No.known.fix Reflected.XSS HIGH" "flaming-forms No.known.fix Unauthenticated.Stored.XSS HIGH" "fs-shopping-cart No.known.fix Authenticated.SQL.Injection HIGH" "for-the-visually-impaired No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "flatpm-wp 3.1.05 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "flatpm-wp 3.0.13 Reflected.Cross-Site.Scripting HIGH" "fluentform 5.1.20 Form.Manager+.Stored.XSS LOW" "fluentform 5.1.19 .Missing.Authorization.to.Authenticated.(Subscriber+).Mailchimp.Integration.Modification MEDIUM" "fluentform 5.1.20 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "fluentform 5.1.20 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "fluentform 5.1.20 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "fluentform 5.1.20 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.Welcome.Screen.Fields MEDIUM" "fluentform 5.1.16 Contributor+.PHP.Object.Injection MEDIUM" "fluentform 5.1.17 Unauthenticated.Limited.Privilege.Escalation MEDIUM" "fluentform 5.1.14 Subscriber+.Stored.XSS MEDIUM" "fluentform 5.1.17 Unauthenticated.Settings.Update MEDIUM" "fluentform 5.1.17 Contributor+.Stored.XSS MEDIUM" "fluentform 5.1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fluentform 5.1.7 Admin+.Stored.Cross-Site.Scripting.via.imported.form.title MEDIUM" "fluentform 5.0.9 Insecure.Direct.Object.Reference MEDIUM" "fluentform 5.0.0 SQL.Injection MEDIUM" "fluentform 4.3.25 Contributor+.Stored.XSS.via.Custom.HTML.Form.Field MEDIUM" "fluentform 4.3.13 CSV.Injection LOW" "fluentform 3.6.67 Cross-Site.Request.Forgery.(CSRF) HIGH" "floating-button 6.0.1 Cross-Site.Request.Forgery.via.process_bulk_action MEDIUM" "floating-button 5.3.1 Reflected.XSS MEDIUM" "front-end-pm 11.4.3 Sensitive.Data.Exposure.via.Directory.Listing MEDIUM" "front-end-pm 11.3.8 Reflected.Cross-Site.Scripting MEDIUM" "front-end-pm 11.3.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "f4-tree 1.1.15 Reflected.Cross-Site.Scripting MEDIUM" "f4-tree 1.1.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "freshdesk-support 2.4.0 Open.Redirect MEDIUM" "freshdesk-support 1.8 Open.Redirect MEDIUM" "fma-additional-registration-attributes No.known.fix Arbitrary.Field.Deletion.and.Form.Modification.via.CSRF HIGH" "frontend-group-restriction-for-learndash No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "frontend-group-restriction-for-learndash No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "forget-about-shortcode-buttons 2.1.3 CSRF MEDIUM" "forget-about-shortcode-buttons 1.1.2 XSS MEDIUM" "fancy-facebook-comments 1.2.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "fancy-facebook-comments 1.2.15 Contributor+.Stored.XSS MEDIUM" "fancy-facebook-comments 1.2.11 Contributor+.Stored.XSS MEDIUM" "fatal-error-notify 1.5.3 Subscriber+.Test.Error.Email.Sending MEDIUM" "form-forms No.known.fix Contact.Form.<=.1.2.4.-.Admin+.Stored.Cross-Site.Scripting LOW" "formscrm 3.6 Reflected.Cross-Site.Scripting MEDIUM" "filedownload No.known.fix Multiple.Issues CRITICAL" "far-future-expiry-header 1.5 Plugin's.Settings.Update.via.CSRF MEDIUM" "feedzy-rss-feeds 4.4.8 Authenticated(Contributor+).Blind.Server-Side.Request.Forgery.(SSRF) MEDIUM" "feedzy-rss-feeds 4.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode.Error.Message MEDIUM" "feedzy-rss-feeds 4.4.3 Missing.Authorization.to.Arbitrary.Page.Creation.and.Publication MEDIUM" "feedzy-rss-feeds 4.4.3 Authenticated(Contributor+).SQL.Injection HIGH" "feedzy-rss-feeds 4.4.2 Missing.Authorization MEDIUM" "feedzy-rss-feeds 4.3.3 Missing.Authorization MEDIUM" "feedzy-rss-feeds 4.3.3 Author+.Stored.Cross-Site.Scripting MEDIUM" "feedzy-rss-feeds 4.1.1 Contributor+.Stored.XSS MEDIUM" "feedzy-rss-feeds 3.4.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "feedzy-rss-feeds 3.4.3 Arbitrary.Settings.Update.via.CSRF MEDIUM" "fontmeister No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "frontend-dashboard 2.2.5 Authenticated.(Subscriber+).Arbitrary.Function.Call HIGH" "frontend-dashboard 2.2.4 Frontend.Dashboard.<.2,2,4.- MEDIUM" "frontend-dashboard 2.2.2 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "fontsampler 0.14.3 CSRF.to.Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "flowpaper-lite-pdf-flipbook 2.0.4 Contributor+.Stored.XSS MEDIUM" "flowpaper-lite-pdf-flipbook 2.0.0 Contributor+.Stored.XSS MEDIUM" "flamix-bitrix24-and-contact-forms-7-integrations 3.2.0 Unauthenticated.Full.Path.Disclosure MEDIUM" "feed-changer 0.3 Admin+.Stored.XSS LOW" "fancy-product-designer 6.1.81 Admin+.Cross.Site.Scripting LOW" "fancy-product-designer 6.1.8 Reflected.Cross.Site.Scripting HIGH" "fancy-product-designer 6.1.81 Admin+.Cross.Site.Scripting.via.Product.Title LOW" "fancy-product-designer 6.1.5 Admin+.SQL.Injection MEDIUM" "fancy-product-designer 4.7.0 Subscriber+.Unauthorized.Access.and.Modification MEDIUM" "fancy-product-designer 4.7.0 Subscriber+.Unauthorized.Site.Options.Modification HIGH" "fancy-product-designer 4.7.6 Arbitrary.File.Upload.via.CSRF HIGH" "fancy-product-designer 4.7.5 Admin+.SQL.Injection MEDIUM" "fancy-product-designer 4.6.9 Unauthenticated.Arbitrary.File.Upload.and.RCE CRITICAL" "fancy-product-designer 4.5.1 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "featured-image-toolkit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "featured-image-toolkit No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "featured-image-toolkit No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "formcraft3 3.8.28 Unauthenticated.SSRF MEDIUM" "formcraft3 3.4 Premium.WordPress.Form.Builder.<.3.4.-.Authenticated.Stored.XSS MEDIUM" "fitness-calculators 2.0.9 Admin+.Stored.XSS LOW" "fitness-calculators 1.9.6 Cross-Site.Request.Forgery.to.Cross-Site.Scripting.(XSS) HIGH" "form-block 1.0.2 Form.Submission.via.CSRF MEDIUM" "font-farsi No.known.fix Administrator+.Stored.Cross-Site.Scripting MEDIUM" "font-farsi No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "font-farsi No.known.fix Admin+.Stored.XSS.in.Settings LOW" "final-tiles-grid-gallery-lite 3.6.0 Contributor+.Stored.XSS MEDIUM" "final-tiles-grid-gallery-lite 3.5.8 Reflected.Cross-Site.Scripting MEDIUM" "final-tiles-grid-gallery-lite 3.5.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "final-tiles-grid-gallery-lite 3.5.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "final-tiles-grid-gallery-lite 3.4.19 Authenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "final-tiles-grid-gallery-lite 3.3.57 Subscriber+.Arbitrary.Option.Update CRITICAL" "feedpress-generator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "feedpress-generator 1.2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fusion 1.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "foobox-image-lightbox-premium 2.7.28 Admin+.Stored.XSS LOW" "fancybox-for-wordpress 3.3.4 3.3.3.-.Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "foxyshop 4.8.2 Reflected.Cross-Site.Scripting MEDIUM" "funnel-builder-pro 3.5.0 Funnel.Kit.Funnel.Builder.PRO.<.3,5,0.Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.allow_iframe_tag_in_post MEDIUM" "feedfocal 1.3.0 Unauthenticated.Tracking.Code.Update MEDIUM" "fotobook No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "flexible-captcha No.known.fix Contributor+.Stored.XSS MEDIUM" "fullscreen-galleria 1.6.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "flipbox-builder No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "flower-delivery-by-florist-one No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "food-and-drink-menu 2.4.17 Missing.Authorization.to.Menu.Creation MEDIUM" "food-and-drink-menu 2.4.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "food-and-drink-menu 2.4.11 Unauthenticated.PHP.Object.Injection HIGH" "food-and-drink-menu 2.4.7 .Cross-Site.Request.Forgery MEDIUM" "food-and-drink-menu 2.2.1 Unauthenticated.PHP.Object.Injection HIGH" "facebook-wall-and-social-integration 1.11 Admin+.Stored.Cross-Site.Scripting LOW" "formello 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "file-renaming-on-upload 2.5.2 Admin+.Stored.Cross-Site.Scripting LOW" "footer-putter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "flexible-shipping 4.24.16 Missing.Authorization MEDIUM" "flexible-shipping 4.11.9 Reflected.Cross-Site.Scripting MEDIUM" "fv-wordpress-flowplayer 7.5.47.7212 Authenticated.(Subscriber+).SQL.Injection.via.exclude.Parameter HIGH" "fv-wordpress-flowplayer 7.5.46.7212 Reflected.Cross-Site.Scripting MEDIUM" "fv-wordpress-flowplayer 7.5.45.7212 Authenticated.(Subscriber+).Server-side.Request.Forgery MEDIUM" "fv-wordpress-flowplayer 7.5.45.7212 Authenticated.(Contributor+).Arbitrary.Redirect MEDIUM" "fv-wordpress-flowplayer 7.5.44.7212 Reflected.Cross-Site.Scripting MEDIUM" "fv-wordpress-flowplayer 7.5.44.7212 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fv-wordpress-flowplayer 7.5.39.7212 Insufficient.Input.Validation.to.Unauthenticated.Stored.Cross-Site.Scripting.and.Arbitrary.Usermeta.Update MEDIUM" "fv-wordpress-flowplayer 7.5.35.7212 Reflected.XSS HIGH" "fv-wordpress-flowplayer 7.5.31.7212 Settings.Toggle.via.CSRF MEDIUM" "fv-wordpress-flowplayer 7.5.19.727 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "fv-wordpress-flowplayer 7.5.18.727 Author+.SQLi HIGH" "fv-wordpress-flowplayer 7.5.3.727 Reflected.Cross-Site.Scripting HIGH" "fv-wordpress-flowplayer 7.4.38.727 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "fv-wordpress-flowplayer 7.3.19.727 SQL.Injection CRITICAL" "fv-wordpress-flowplayer 7.3.15.727 SQL.Injection CRITICAL" "fv-wordpress-flowplayer 7.3.14.727 Unauthenticated.Stored.XSS MEDIUM" "fv-wordpress-flowplayer 7.3.15.727 CSV.Export MEDIUM" "formlift 7.5.18 Unauthenticated.SQL.Injection CRITICAL" "freemind-wp-browser No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "famethemes-demo-importer 1.1.6 Cross-Site.Request.Forgery MEDIUM" "formforall No.known.fix Contributor+.Stored.XSS MEDIUM" "flexible-woocommerce-checkout-field-editor No.known.fix Missing.Authorization MEDIUM" "fx-private-site No.known.fix Sensitive.Information.Exposure MEDIUM" "free-shipping-label 2.6.11 Reflected.Cross-Site.Scripting MEDIUM" "floating-social-media-icon No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "first-order-discount-woocommerce 1.22 Discount.Update.via.CSRF MEDIUM" "feedbackscout No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "feedbackscout No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "focus-on-reviews-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "football-leagues-by-anwppro 0.16.8 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "facebook-conversion-pixel 3.0.6 Reflected.Cross-Site.Scripting MEDIUM" "facebook-conversion-pixel 2.6.4 Reflected.Cross-Site.Scripting MEDIUM" "facebook-conversion-pixel 2.6.2 CSRF.to.Stored.Cross-Site.Scripting HIGH" "facebook-conversion-pixel 2.6.3 Admin+.Stored.Cross-Site.Scripting LOW" "fullworks-slack No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fullworks-slack No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "floating-social-media-links No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "fast-flow-dashboard 1.2.12 Reflected.Cross-Site.Scripting MEDIUM" "fast-flow-dashboard 1.2.13 Admin+.Stored.Cross-Site.Scripting LOW" "fast-flow-dashboard 1.2.12 Reflected.Cross-Site.Scripting MEDIUM" "flo-launch 2.4.1 Missing.Authentication.Allow.Full.Site.Takeover CRITICAL" "fooevents 1.19.21 Improper.Authorization.to.(Contributor+).Arbitrary.File.Upload HIGH" "flipping-cards 1.31 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "formget-contact-form No.known.fix Contributor+.Stored.XSS MEDIUM" "fast-wp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fast-wp No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fast-wp No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "frontend-post-submission-manager-lite 1.2.3 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "flat-preloader 1.5.4 CSRF.to.Stored.Cross-Site.Scripting HIGH" "flat-preloader 1.5.5 Admin+.Stored.Cross-Site.Scripting MEDIUM" "filebird 5.6.4 Author+.Stored.XSS MEDIUM" "filebird 5.6.4 Author+.Users.Folder.Deletion LOW" "filebird 5.6.1 Admin+.Stored.XSS MEDIUM" "filebird 4.7.4 Unauthenticated.SQL.Injection HIGH" "freemage No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "freemage No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "freemage No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "f4-improvements 1.8.1 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "fontsy No.known.fix Multiple.Unauthenticated.SQLi HIGH" "first-graders-toolbox 1.0.2 Plugins.Deactivation.via.CSRF MEDIUM" "fg-prestashop-to-woocommerce 4.47.0 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "filester 1.8.3 Authenticated.Plugin.Settings.Update HIGH" "filester 1.8.1 Admin+.Remote.Code.Execution MEDIUM" "filester 1.8.1 Admin+.Stored.Cross-Site.Scripting LOW" "filester 1.8 Remote.Code.Execution.via.CSRF CRITICAL" "fs-poster No.known.fix Cross-Site.Request.Forgery MEDIUM" "formidable 6.11.2 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "formidable 6.8 CSRF.to.Stored.Cross-Site.Scripting MEDIUM" "formidable 6.7.1 Admin+.Stored.Cross-Site.Scripting MEDIUM" "formidable 6.7.1 HTML.Injection MEDIUM" "formidable 6.3.1 Subscriber+.Remote.Code.Execution CRITICAL" "formidable 6.2 Unauthenticated.PHP.Object.Injection HIGH" "formidable 6.1 IP.Spoofing MEDIUM" "formidable 5.5.7 Arbitrary.Entry.Deletion.via.CSRF MEDIUM" "formidable 5.0.07 Admin+.Stored.Cross-Site.Scripting LOW" "formidable 4.09.05 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "formidable 4.02.01 Unsafe.Deserialisation CRITICAL" "formidable 2.05.03 Multiple.Vulnerabilities HIGH" "formidable 2.0 Authenticated.Blind.SQL.Injection MEDIUM" "formidable 1.06.03 Arbitrary.File.Upload.via.ofc_upload_image.php CRITICAL" "funnel-builder 3.4.7 Missing.Authorization.to.Authenticated.(Contributor+).Settings.Update MEDIUM" "funnel-builder 3.4.0 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.Upload MEDIUM" "funnel-builder 2.14.4 Authenticated(Administrator+).SQL.Injection MEDIUM" "forms-for-divi 8.1.3 Reflected.Cross-Site.Scripting MEDIUM" "footer-text No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "fullworks-pricing-tables No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fullworks-pricing-tables No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "faq-for-woocommerce 1.7.1 Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "faq-for-woocommerce 1.7.1 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "faq-for-woocommerce 1.6.4 WooCommerce.Product.FAQ.<.1.6.4.-.Reflected.Cross-Site.Scripting MEDIUM" "faq-for-woocommerce 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "find-duplicates No.known.fix Authenticated.(Subscriber+).SQL.Injection CRITICAL" "formidable-sms 1.1.0 Cross-Site.Scripting.(XSS) MEDIUM" "flowfact-wp-connector 2.1.8 Reflected.XSS HIGH" "free-product-sample 1.2.1 Reflected.Cross-Site.Scripting MEDIUM" "free-product-sample 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "facebook-by-weblizar 2.8.5 CSRF.&.XSS HIGH" "fontific No.known.fix Cross-Site.Request.Forgery.via.ajax_fontific_save_all HIGH" "filr-protection 1.2.5 Editor+.Stored.XSS LOW" "filr-protection 1.2.3.6 Author+.RCE.via.file.upload.with.phar.ext CRITICAL" "filr-protection 1.2.3 Reflected.Cross-Site.Scripting MEDIUM" "filr-protection 1.2.2.1 Secure.Document.Library.<.1.2.2.1.-.Subscriber+.AJAX.Calls CRITICAL" "filr-protection 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fusion-slider No.known.fix Authenticated.(Contributor+).PHP.Object.Injection MEDIUM" "facebook-pagelike-widget 6.4 Admin+.Stored.XSS LOW" "fsflex-local-fonts No.known.fix Admin+.Stored.Cross-Site-Scripting LOW" "fscf-sms 2.4.0 Cross-Site.Scripting.(XSS) MEDIUM" "fluent-smtp 2.2.5 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "fluent-smtp 2.2.3 Stored.XSS.via.Email.Logs HIGH" "fluent-smtp 2.0.1 Authenticated.Stored.XSS LOW" "flexi 4.20 Guest.Submit.<.4.20.-.Reflected.Cross-Site.Scripting MEDIUM" "fast-custom-social-share-by-codebard No.known.fix Cross-Site.Request.Forgery MEDIUM" "fast-custom-social-share-by-codebard No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "fast-custom-social-share-by-codebard 1.1.0 Reflected.Cross-Site.Scripting MEDIUM" "fetch-tweets No.known.fix Reflected.Cross-Site.Scripting HIGH" "freshing No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "freshing No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "facebook-comment-by-vivacity No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "folders-pro 3.0.3 Directory.Traversal.via.handle_folders_file_upload MEDIUM" "folders-pro 3.0.3 Authenticated(Author+).Arbitrary.File.Upload.via.handle_folders_file_upload HIGH" "futurio-extra 2.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Advanced.Text.Block.Widget MEDIUM" "futurio-extra 1.9.1 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "futurio-extra 1.6.3 Subscriber+.User.Email.Address.Disclosure MEDIUM" "futurio-extra 1.6.3 Authenticated.SQL.Injection MEDIUM" "fix-my-feed-rss-repair No.known.fix Cross-Site.Request.Forgery MEDIUM" "forms-to-klaviyo No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "flickr-justified-gallery No.known.fix Cross-Site.Request.Forgery MEDIUM" "flickr-justified-gallery 3.4.0 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "forumwp 2.1.0 Insecure.Direct.Object.Reference.to.Authenticated.(Subscriber+).Privilege.Escalation.via.Account.Takeover HIGH" "formidablepro-2-pdf 3.11 Subscriber+.SQLi HIGH" "flyzoo No.known.fix Admin+.Stored.XSS LOW" "freesoul-deactivate-plugins 2.1.4 Cross-Site.Request.Forgery.via.eos_dp_pro_delete_transient MEDIUM" "forms-ada-form-builder No.known.fix Unauthenticated.Reflected.XSS HIGH" "fluid-responsive-slideshow 2.2.7 CSRF.&.XSS HIGH" "find-my-blocks 3.4.0 Private.Post.Titles.Disclosure MEDIUM" "filebird-document-library 2.0.8 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "fast-wp-speed No.known.fix Reflected.XSS HIGH" "formcraft-form-builder 1.2.11 Missing.Authorization MEDIUM" "formcraft-form-builder 1.2.8 Missing.Authorization.via.formcraft_nag_update MEDIUM" "formcraft-form-builder 1.2.7 Admin+.Stored.XSS LOW" "formcraft-form-builder 3.9.7 Admin+.SQLi MEDIUM" "formcraft-form-builder 1.2.10 Contributor+.Stored.XSS MEDIUM" "formcraft-form-builder 1.2.6 Admin+.Stored.Cross.Site.Scripting LOW" "formcraft-form-builder 1.2.2 Cross-Site.Request.Forgery.(CSRF) HIGH" "fareharbor 3.6.8 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "fareharbor 3.6.7 Admin+.Stored.XSS LOW" "front-end-only-users 3.2.29 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "front-end-only-users 3.2.29 Authenticated.(Contributor+).Time-Based.SQL.Injection HIGH" "front-end-only-users 3.2.25 Cross-Site.Request.Forgery MEDIUM" "faq-manager-with-structured-data 5.4.4 Reflected.Cross-Site.Scripting MEDIUM" "faq-manager-with-structured-data 5.4.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "freshmail-integration No.known.fix Cross-Site.Request.Forgery MEDIUM" "freshmail-integration No.known.fix Reflected.XSS HIGH" "flog No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "frontend-admin 3.8.0 Reflected.Cross-Site.Scripting MEDIUM" "frontend-admin 3.3.33 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fancier-author-box No.known.fix Admin+.Stored.XSS LOW" "five-minute-webshop No.known.fix Admin+.SQLi.via.orderby MEDIUM" "five-minute-webshop No.known.fix Admin+.SQLi.via.id MEDIUM" "formsite 1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "free-event-banner No.known.fix Arbitrary.File.Upload.to.RCE CRITICAL" "fullworks-anti-spam 1.3.10 Reflected.Cross-Site.Scripting MEDIUM" "fullworks-anti-spam 1.3.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "full-customer 3.1.23 Reflected.Cross-Site.Scripting MEDIUM" "full-customer 3.1.13 Unauthenticated.Stored.Cross-Site.Scripting.via.License.Plan.Parameter HIGH" "full-customer 2.3 Customer.<.2.3.-.Subscriber+.Arbitrary.Plugin.Installation HIGH" "full-customer 2.3 Customer.<.2.3.-.Subscriber+.Health.Check.Disclosure MEDIUM" "font-awesome 4.3.2 Contributor+.Stored.XSS MEDIUM" "floating-cart-xforwc 1.3.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "floating-awesome-button 1.7.0 Reflected.Cross-Site.Scripting MEDIUM" "floating-awesome-button 1.5.14 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "flash-album-gallery No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "flash-album-gallery 4.25 Full.Path.Disclosure MEDIUM" "flash-album-gallery 2.56 "gid".SQL.Injection HIGH" "flash-album-gallery No.known.fix admin/news.php.want2Read.Parameter.Traversal.Arbitrary.File.Access HIGH" "file-gallery No.known.fix Reflected.Cross-Site.Scripting.via.post_id MEDIUM" "file-gallery 1.8.5.4 Contributor+.Stored.XSS MEDIUM" "feature-comments 1.2.5 wp-admin/admin-ajax.php.Comment.Status.Manipulation.CSRF MEDIUM" "featured-products-first-for-woocommerce 1.9.6 Reflected.Cross-Site.Scripting MEDIUM" "featured-products-first-for-woocommerce 1.9.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "filter-gallery 0.1.6 Admin+.Stored.XSS LOW" "filter-gallery 0.0.7 Unauthorised.AJAX.Calls HIGH" "feedwordpress 2024.0428 Unauthenticated.Draft.Access MEDIUM" "feedwordpress 2022.0123 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "feedwordpress 2015.0514 XSS.&.SQL-Injection MEDIUM" "featured-image-from-url 4.8.3 Missing.Authorization MEDIUM" "featured-image-from-url 4.8.2 Missing.Authorization MEDIUM" "featured-image-from-url 4.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.fifu_input_url MEDIUM" "featured-image-from-url 4.5.4 Contributor+.Stored.XSS MEDIUM" "featured-image-from-url 4.0.0 Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "featured-image-from-url 4.0.1 Admin+.Stored.Cross-Site.Scripting LOW" "forms-to-zapier No.known.fix Authenticated.(Administrator+).SQL.Injection CRITICAL" "forms-to-zapier 1.1.10 Reflected.Cross-Site.Scripting MEDIUM" "forms-to-zapier 1.1.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fg-drupal-to-wp 3.71.0 Sensitive.Information.Exposure MEDIUM" "fg-drupal-to-wp 3.68.0 Cross-Site.Request.Forgery.via.ajax_importer MEDIUM" "formidable-registration 2.12 Contributor+.Arbitrary.User.Password.Reset.To.Account.Takeover HIGH" "featured-image-pro 5.15 Reflected.XSS HIGH" "fossura-tag-miner 1.1.5 Cross-Site.Request.Forgery.(CSRF).&.XSS HIGH" "funnelforms-free 3.7.4.1 Missing.Authorization.to.Unauthenticated.Arbitrary.Media.Deletion MEDIUM" "funnelforms-free 3.7.4.1 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "funnelforms-free 3.7.4.1 Authenticated.(Administrator+).Arbitrary.File.Deletion MEDIUM" "funnelforms-free 3.7.4.1 Missing.Authorization.to.Unauthenticated.Arbitrary.Media.Upload MEDIUM" "funnelforms-free 3.4.2 Form.Deletion/Duplication.via.CSRF MEDIUM" "funnelforms-free 3.4.2 Missing.Authorization.to.Post.Modification MEDIUM" "funnelforms-free 3.4.2 Missing.Authorization.to.Enable/Disable.Dark.Mode MEDIUM" "funnelforms-free 3.4.2 Missing.Authorization.to.Category.Update MEDIUM" "funnelforms-free 3.4.2 Missing.Authorization.to.Arbitrary.Post.Duplication MEDIUM" "funnelforms-free 3.4.2 Missing.Authorization.to.Test.Email.Sending MEDIUM" "funnelforms-free 3.4.2 Cross-Site.Request.Forgery.to.Arbitrary.Post.Deletion MEDIUM" "funnelforms-free 3.4.2 Missing.Authorization.to.Category.Deletion MEDIUM" "funnelforms-free 3.4.2 Cross-Site.Request.Forgery.to.Arbitrary.Post.Duplication MEDIUM" "funnelforms-free 3.4.2 Missing.Authorization.to.Arbitrary.Post.Deletion MEDIUM" "funnelforms-free 3.4.2 Missing.Authorization.to.New.Category.Creation MEDIUM" "funnelforms-free 3.4 Funnelforms.Free.<.3,4.Unauthenticated.Stored.Cross-Site.Scripting CRITICAL" "funnelforms-free 3.3.8.5 Reflected.Cross-Site.Scripting MEDIUM" "foogallery 2.4.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Gallery.Custom.URL MEDIUM" "foogallery 2.4.15 Author+.Stored.XSS MEDIUM" "foogallery 2.4.15 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Image.Attachment.Fields MEDIUM" "foogallery 2.4.15 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "foogallery 2.4.9 Best.WordPress.Gallery.Plugin.–.FooGallery.<.2,4,9.-Admin+.Stored.Cross-Site.Scripting LOW" "foogallery 2.3.2 Reflected.XSS HIGH" "foogallery 2.3.2 Extensions.Mgt.via.CSRF MEDIUM" "foogallery 2.2.44 Reflected.Cross-Site.Scripting MEDIUM" "foogallery 2.2.41 Reflected.XSS HIGH" "foogallery 2.1.34 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "foogallery 2.0.35 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "foogallery 1.9.25 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "foogallery 1.6.17 Subscriber+.Arbitrary.Option.Update CRITICAL" "fast-image-adder No.known.fix Unauthenticated.Remote.File.Upload CRITICAL" "friends 2.8.6 Authenticated.(Admin+).Blind.Server-Side.Request.Forgery MEDIUM" "full-site-editing 3.79150 Contributor+.Stored.XSS MEDIUM" "feeds-for-youtube 2.2.2 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "feeds-for-youtube 2.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "feeds-for-youtube 1.4.2 Reflected.Cross-Site.Scripting MEDIUM" "forms-by-made-it 1.12.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "football-pool 2.11.10 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "football-pool 2.12.1 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "football-pool 2.11.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "football-pool 2.6.5 Multiple.XSS MEDIUM" "fullworks-firewall No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fullworks-firewall No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fullworks-directory No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fullworks-directory No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fd-elementor-imagebox No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "facebook-for-woocommerce 1.9.15 CSRF.allowing.Option.Update HIGH" "facebook-button-plugin 2.74 Unauthenticated.Password.Protected.Post.Read MEDIUM" "facebook-button-plugin 2.54 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "feedburner-alternative-and-rss-redirect 3.8 Plugin.Installation.via.CSRF MEDIUM" "feedburner-alternative-and-rss-redirect 3.8 Subscriber+.Plugin.Installation MEDIUM" "frontier-post No.known.fix Cross-Site.Request.Forgery MEDIUM" "featured-images-for-rss-feeds 1.6.2 Reflected.Cross-Site.Scripting MEDIUM" "featured-images-for-rss-feeds 1.5.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fastly 1.2.26 Missing.Authorization MEDIUM" "fastly 1.2.26 Missing.Authorization.via.AJAX.actions MEDIUM" "fast-velocity-minify 2.7.7 Full.Path.Disclosure MEDIUM" "fast-index 1.10 Reflected.Cross-Site.Scripting MEDIUM" "falang 1.3.53 Missing.Authorization.to.Translation.Update.and.Information.Exposure MEDIUM" "falang 1.3.52 Cross-Site.Request.Forgery MEDIUM" "falang 1.3.50 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "falang 1.3.48 Authenticated.(Administrator+).SQL.Injection HIGH" "falang 1.3.40 Cross-Site.Request.Forgery MEDIUM" "falang 1.3.18 Reflected.Cross-Site.Scripting HIGH" "fluent-crm 2.8.45 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "fluent-crm 2.8.0 Marketing.Automation.For.WordPress..<.2.8.0.-.Unauthenticated.Subscriptions.Update MEDIUM" "faq-builder-ays 1.3.6 Authenticated.Blind.SQL.Injections HIGH" "full-width-responsive-slider-wp 1.1.8 Reflected.XSS HIGH" "fb-account-kit-login No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fb-account-kit-login No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fl3r-feelbox No.known.fix Unauthenticated.SQLi HIGH" "fl3r-feelbox No.known.fix Moods.Reset.via.CSRF MEDIUM" "fl3r-feelbox No.known.fix Settings.Update.via.CSRF.to.Stored.XSS HIGH" "fileviewer No.known.fix Arbitrary.File.Upload/Deletion.via.CSRF CRITICAL" "formfacade 1.3.3 Reflected.Cross-Site.Scripting MEDIUM" "formfacade 1.2.2 Contributor+.Stored.XSS MEDIUM" "filter-custom-fields-taxonomies-light No.known.fix Missing.Authorization MEDIUM" "filter-custom-fields-taxonomies-light No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "fastdup 2.2 Directory.Listing.to.Account.Takeover.and.Sensitive.Data.Exposure HIGH" "fastdup 2.1.8 Sensitive.Information.Exposure.via.Log.File MEDIUM" "flexible-shipping-usps 1.10.0 Sensitive.Information.Exposure MEDIUM" "flexible-shipping-usps 1.9.3 Cross-Site.Request.Forgery MEDIUM" "florapress 1.0.8 Reflected.Cross-Site.Scripting MEDIUM" "florapress 1.0.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "floating-links 3.6.2 Reflected.Cross-Site.Scripting MEDIUM" "floating-links 3.6.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "foogallery-premium 2.4.15 Author+.Stored.XSS MEDIUM" "foogallery-premium 2.4.6 Contributor+.Stored.XSS MEDIUM" "full-picture-analytics-cookie-notice 5.0.0 Reflected.Cross-Site.Scripting MEDIUM" "full-picture-analytics-cookie-notice 3.2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fg-joomla-to-wordpress 4.21.0 Sensitive.Information.Exposure MEDIUM" "foopeople No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "foopeople No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "file-manager-advanced 5.2.9 Authenticated.(Subscriber+).Limited.File.Upload MEDIUM" "file-manager-advanced 5.2.9 Authenticated.(Administrator+).Local.JavaScript.File.Inclusion.via.fma_locale MEDIUM" "file-manager-advanced 5.2.9 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "file-manager-advanced 5.2.5 Sensitive.Information.Exposure.via.Directory.Listing MEDIUM" "file-manager-advanced 5.1.1 Admin+.Arbitrary.File/Folder.Access MEDIUM" "flexi-quote-rotator No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "flight-search-widget-blocks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "flight-search-widget-blocks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "flight-search-widget-blocks No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "files-download-delay 1.0.8 Reflected.Cross-Site.Scripting MEDIUM" "files-download-delay 1.0.7 Subscriber+.Settings.Reset MEDIUM" "files-download-delay 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fusion-builder 3.11.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.fusion_button.Shortcode MEDIUM" "fusion-builder 3.11.2 Cross.Site.Scripting.(XSS).vulnerability.in.the.User.Register.element HIGH" "fusion-builder 3.6.2 Unauthenticated.SSRF HIGH" "floating-tiktok-button 1.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "flash-video-player No.known.fix Cross-Site.Request.Forgery MEDIUM" "fullworks-ice-ide-integration No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fullworks-ice-ide-integration No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "font-organizer No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "file-manager-advanced-shortcode 2.4.1 Authenticated.(Contributor+).Directory.Traversal HIGH" "file-manager-advanced-shortcode 2.5.4 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "file-manager-advanced-shortcode No.known.fix Unauthenticated.Remote.Code.Execution.through.shortcode CRITICAL" "flynsarmy-iframe-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "fulltext-search 1.69.234 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "fulltext-search 1.70.236 Cross-Site.Request.Forgery MEDIUM" "fulltext-search 1.69.234 Missing.Authorization MEDIUM" "fulltext-search 1.60.213 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.WPFTS.Live.Search.Widget MEDIUM" "flattr No.known.fix Admin+.Stored.XSS LOW" "fixed-html-toolbar 1.0.8 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "form-maker 1.15.28 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "form-maker 1.15.27 Reflected.Cross-Site.Scripting HIGH" "form-maker 1.15.26 Admin+.Stored.XSS MEDIUM" "form-maker 1.15.25 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "form-maker 1.15.25 Authenticated.(Subscriber+).Stored.Self-Based.Cross-Site.Scripting MEDIUM" "form-maker 1.15.24 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "form-maker 1.15.23 Sensitive.Information.Exposure MEDIUM" "form-maker 1.15.22 CSRF.to.limited.RCE MEDIUM" "form-maker 1.15.21 Captcha.Bypass HIGH" "form-maker 1.15.19 Reflected.XSS HIGH" "form-maker 1.15.19 Unauthenticated.Stored.XSS CRITICAL" "form-maker 1.15.20 Unauthenticated.Arbitrary.File.Upload MEDIUM" "form-maker 1.15.6 Admin+.SQLI LOW" "form-maker 1.14.12 Admin+.Stored.Cross-Site.Scripting MEDIUM" "form-maker 1.13.60 Authenticated.Stored.XSS HIGH" "form-maker 1.13.40 Authenticated.Reflected.XSS HIGH" "form-maker 1.13.36 Authenticated.SQL.Injection HIGH" "form-maker 1.13.3 Authenticated.SQL.Injection HIGH" "form-maker 1.13.5 Cross-Site.Request.Forgery.(CSRF).to.LFI MEDIUM" "form-maker 1.12.24 CSV.Injection MEDIUM" "fluent-support 1.8.1 Insufficient.Authorization.on.Email.Verification MEDIUM" "fluent-support 1.8.1 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "fluent-support 1.7.7 Authenticated(Administrator+).SQL.Injection MEDIUM" "fluent-support 1.5.8 Admin+.SQLi MEDIUM" "fancy-elementor-flipbox No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Fancy.Elementor.Flipbox.Widget MEDIUM" "frontend-uploader No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "file-manager 6.5.8 Authenticated.(Subscriber+).Limited.JavaScript.File.Upload MEDIUM" "file-manager 6.5.6 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "file-manager 6.5.6 6.5.5.-.Unauthenticated.Remote.Code.Execution.via.Race.Condition HIGH" "file-manager 6.3 Admin+.Arbitrary.OS.File/Folder.Access.+.Path.Traversal MEDIUM" "file-manager 5.2.3 Subscriber+.Arbitrary.File.Creation/Upload/Deletion CRITICAL" "file-manager 5.0.2 Information.Disclosure HIGH" "fma-products-tabs-pro No.known.fix Arbitrary.Tab.Deletion/Edition.via.CSRF HIGH" "featured-image-caption 0.8.11 Contributor+.Stored.XSS MEDIUM" "food-store 1.4.7.5 Reflected.Cross-Site.Scripting MEDIUM" "food-store 1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "food-store 1.3.7 Unauthorised.AJAX.call.via.CSRF MEDIUM" "floating-social-bar 1.1.7 Cross-Site.Scripting.(XSS) MEDIUM" "form-vibes 1.4.13 Missing.Authorization.in.Multiple.Functions MEDIUM" "form-vibes 1.4.11 Authenticated.(Subscriber+).SQL.Injection.via.fv_export_data HIGH" "form-vibes 1.4.9 Reflected.Cross-Site.Scripting MEDIUM" "form-vibes 1.4.6 Admin+.SQLi MEDIUM" "form-vibes 1.4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "featured-image-generator 1.3.3 Missing.Authorization.to.Authenticated.(Subscriber+).Images.Upload MEDIUM" "finpose No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "facebook-messenger-customer-chat 1.6 Authenticated.Options.Change.to.Chat.Takeover HIGH" "facebook-messenger-customer-chat 1.3 CSRF HIGH" "flickr-picture-backup No.known.fix Unauthenticated.File.Upload CRITICAL" "form-to-sheet No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "form-to-sheet No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "formilla-live-chat 1.3.1 Admin+.Stored.XSS LOW" "frontend-checklist No.known.fix Admin+.Stored.XSS LOW" "frontend-checklist No.known.fix Admin+.Stored.XSS.via.Items LOW" "forms-to-sendinblue No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "font-awesome-integration No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "find-and-replace-all 1.3 Reflected.Cross.Site.Scripting MEDIUM" "find-and-replace-all No.known.fix Arbitrary.Replacement.via.CSRF HIGH" "favicon-rotator 1.2.11 Reflected.Cross-Site.Scripting MEDIUM" "featured-content-gallery No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "feedback-suite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "feedback-suite No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "feedback-suite No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "free-sales-funnel-squeeze-pages-landing-page-builder-templates-make 0.99 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "free-sales-funnel-squeeze-pages-landing-page-builder-templates-make 0.99 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "flexible-shipping-ups 2.2.5 Cross-Site.Request.Forgery MEDIUM" "flexible-faqs No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "flexible-faqs 0.5.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fusionspan-impexium-single-sign-on No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fusionspan-impexium-single-sign-on No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "flightlog No.known.fix Authenticated.(editor+).SQL.Injection HIGH" "facebook-likebox-widget-and-shortcode 1.2.1 Admin+.Stored.XSS LOW" "find-any-think No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "flickr-rss No.known.fix XSS.and.CSRF HIGH" "facebook-fan-page-widget 2.1 Admin+.Stored.XSS LOW" "fattura24 6.2.8 Reflected.Cross-Site.Scripting HIGH" "free-google-fonts 3.0.1 Reflected.XSS HIGH" "frontend-registration-contact-form-7 No.known.fix Authenticated.(Editor+).Privilege.Escalation HIGH" "front-editor No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "front-editor No.known.fix Admin+.Stored.XSS LOW" "front-editor 4.0.4 Reflected.Cross-Site.Scripting MEDIUM" "front-editor 3.4.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fuse-social-floating-sidebar 5.4.11 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.File.Upload MEDIUM" "fuse-social-floating-sidebar 5.4.9 Reflected.Cross-Site.Scripting MEDIUM" "fuse-social-floating-sidebar 5.4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fast-checkout-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fast-checkout-for-woocommerce 1.1.17 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "frontpage-manager No.known.fix Cross-Site.Request.Forgery.via.admin_page MEDIUM" "fotomoto No.known.fix Reflected.XSS HIGH" "gregs-high-performance-seo 1.6.2 Reflected.XSS MEDIUM" "gsheetconnector-wpforms 3.4.6 Reflected.XSS HIGH" "gsheetconnector-for-elementor-forms-pro 1.0.5 Reflected.XSS HIGH" "gwolle-gb 4.2.0 Reflected.Cross-Site.Scripting MEDIUM" "gwolle-gb 2.5.4 Cross-Site.Scripting.(XSS) MEDIUM" "gwolle-gb 2.1.1 Cross-Site.Request.Forgery.(CSRF) CRITICAL" "gtm-server-side 2.1.20 Reflected.Cross-Site.Scripting MEDIUM" "google-maps-easy 1.11.16 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "google-maps-easy 1.11.12 Cross-Site.Request.Forgery MEDIUM" "google-maps-easy 1.11.8 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "google-maps-easy 1.10.1 Admin+.Stored.Cross-Site.Scripting LOW" "google-maps-easy 1.9.32 Reflected.Cross-Site.Scripting MEDIUM" "gn-publisher 1.5.6 Reflected.XSS HIGH" "gs-team-members 2.2.4 Contributor+.Stored.XSS MEDIUM" "gs-team-members 2.2.2 Reflected.Cross-Site.Scripting MEDIUM" "gs-team-members 1.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gsheetconnector-caldera-forms 1.3 Access.Code.Update.via.CSRF MEDIUM" "giveaway No.known.fix Authenticated.SQL.Injection HIGH" "genesis-simple-love No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "gd-mail-queue 4.0 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "gt3-photo-video-gallery 2.7.7.22 GT3.Image.Gallery.&.Gutenberg.Block.Gallery.<.2.7.7.22.-.Authenticated.(Author+).Cross-Site.Scripting MEDIUM" "ghost 1.5.0 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "ghost 0.5.6 Unrestricted.Export.Download MEDIUM" "gum-elementor-addon 1.3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gum-elementor-addon 1.3.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gum-elementor-addon 1.3.6 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "gum-elementor-addon 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Price.Table.and.Post.Slider.Widgets MEDIUM" "gum-elementor-addon 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.Meta.Widget MEDIUM" "guest-author-name 4.35 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "generatepress-premium 2.4.0 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Custom.Meta MEDIUM" "groundhogg 3.4.3 Reflected.Cross-Site.Scripting MEDIUM" "groundhogg 3.4.3 Cross-Site.Request.Forgery MEDIUM" "groundhogg 2.7.11.11 Admin+.Stored.XSS LOW" "groundhogg 2.7.11.1 CSRF MEDIUM" "groundhogg 2.7.11.1 Admin+.SQLi MEDIUM" "groundhogg 2.7.10 Disable.All.Plugins.via.CSRF MEDIUM" "groundhogg 2.7.10 Ticket.Creation.via.CSRF MEDIUM" "groundhogg 2.7.10 Lack.of.Authorization.for.Non-Arbitrary.File.upload MEDIUM" "groundhogg 2.7.10 Contributor+.Stored.XSS MEDIUM" "groundhogg 2.7.10 Privilege.Escalation.via.CSRF HIGH" "groundhogg 2.7.9.4 Admin+.SQLi MEDIUM" "groundhogg 1.3.11.8 Authenticated.SQL.Injection HIGH" "google-maps-v3-shortcode No.known.fix Contributor+.XSS MEDIUM" "gold-addons-for-elementor 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "google-places-reviews 2.0.0 Admin+.Stored.Cross.Site.Scripting LOW" "google-analytics-for-wordpress 8.22.0 Missing.Authorization MEDIUM" "google-analytics-for-wordpress 8.14.1 Contributor+.Stored.XSS MEDIUM" "google-analytics-for-wordpress 8.12.1 Contributor+.Stored.XSS MEDIUM" "google-analytics-for-wordpress 8.9.1 Stored.Cross-Site.Scripting.via.Google.Analytics MEDIUM" "google-website-translator 1.4.12 Google.Website.Translator.<.1.4.12.-.Authenticated.(Admin+).PHP.Object.Injection CRITICAL" "gallery-image-gallery-photo 1.1.6 Grid.Gallery.<.1.1.6.-.Admin+.Stored.Cross-Site.Scripting LOW" "gf-hubspot 1.0.9 Reflected.Cross-Site.Scripting HIGH" "gotowp No.known.fix Contributor+.Stored.XSS MEDIUM" "geo-mashup 1.13.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.geo_mashup_visible_posts_list.Shortcode MEDIUM" "geo-mashup 1.13.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "geo-mashup 1.13.12 Reflected.Cross-Site.Scripting MEDIUM" "geo-mashup 1.13.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "geo-mashup 1.10.4 Unspecified.Cross-Site.Scripting.(XSS) CRITICAL" "gutenify 1.4.1 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "gdpr-data-request-form 1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "google-calendar-events 3.4.3 Reflected.Cross-Site.Scripting MEDIUM" "google-calendar-events 3.2.8 Contributor+.Stored.XSS.via.shortcode MEDIUM" "google-calendar-events 3.2.5 Cross-Site.Request.Forgery.via.duplicate_feed MEDIUM" "google-calendar-events 3.2.6 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "gsearch-plus No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "gigpress No.known.fix Admin+.Stored.Cross.Site.Scripting LOW" "gigpress No.known.fix Subscriber+.SQLi HIGH" "gigpress 2.3.28 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "gigpress 2.3.11 Authenticated.XSS.&.Blind.SQLi HIGH" "get-directions 2.16.2 Reflected.Cross-Site.Scripting MEDIUM" "get-directions 2.15.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gallery-photo-gallery 5.7.1 Administrator+.HTML.Injection MEDIUM" "gallery-photo-gallery 5.5.3 Reflected.Cross-Site.Scripting MEDIUM" "gallery-photo-gallery 5.2.7 CSRF MEDIUM" "gallery-photo-gallery 5.1.4 Reflected.XSS HIGH" "gallery-photo-gallery 5.1.7 Reflected.XSS MEDIUM" "gallery-photo-gallery 4.4.4 Responsive.Image.Gallery.<.4.4.4.-.Authenticated.Blind.SQL.Injections HIGH" "gallery-photo-gallery 4.4.4 Reflected.Cross-Site.Scripting.(XSS) HIGH" "gallery-photo-gallery 1.0.1 SQL.Injection CRITICAL" "get-custom-field-values 4.1 Admin+.Stored.XSS LOW" "get-custom-field-values 4.0.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "get-custom-field-values 4.0 Contributors+.Arbitrary.Post.Metadata.Access MEDIUM" "generate-pdf-using-contact-form-7 4.1.3 Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "generate-pdf-using-contact-form-7 4.1.3 Cross-Site.Request.Forgery.to.Arbitrary.File.Deletion HIGH" "generate-pdf-using-contact-form-7 3.6 Admin+.Stored.Cross-Site.Scripting LOW" "gixaw-chat No.known.fix Stored.XSS.via.CSRF HIGH" "gallery-images 2.0.6 Stored.Cross-Site.Scripting.(XSS) CRITICAL" "gtmetrix-for-wordpress 0.4.8 Arbitrary.Post.Deletion.via.CSRF MEDIUM" "gtmetrix-for-wordpress 0.4.6 Reflected.Cross-Site.Scripting HIGH" "gtmetrix-for-wordpress 0.4.6 Reflected.XSS HIGH" "gwa-autoresponder No.known.fix Unauthenticated.SQL.Injection HIGH" "genesis-blocks 3.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Sharing.Block.Attributes MEDIUM" "genesis-blocks 3.1.4 Contributor+.Stored.XSS MEDIUM" "genesis-blocks 3.1.3 Contributor+.Stored.XSS MEDIUM" "genesis-blocks 3.1.3 Contributor+.Stored.XSS MEDIUM" "gold-price-chart-widget No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.plugin.settings MEDIUM" "gs-logo-slider 3.7.1 Settings.Update.via.Cross-Site.Request.Forgery MEDIUM" "gs-logo-slider 3.6.9 Admin+.Stored.XSS LOW" "gs-logo-slider 3.5.2 Cross-Site.Request.Forgery MEDIUM" "gs-logo-slider 3.3.8 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "gs-behance-portfolio 3.0.2 Reflected.Cross-Site.Scripting MEDIUM" "gd-rating-system 3.6.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "gd-rating-system 3.5.1 Unauthenticated.Stored.Cross-Site.Scripting.via.IP MEDIUM" "gd-rating-system 2.3.1 Multiple.Vulnerabilities HIGH" "gd-rating-system 2.1 XSS MEDIUM" "g-business-reviews-rating 5.3 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "gamipress-link 1.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gallery-slideshow No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gallery-lightbox-slider 1.0.0.41 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "glossary-by-codeat 2.2.27 Unauthenticated.Full.Path.Disclosure MEDIUM" "glossary-by-codeat 2.2.3 Reflected.Cross-Site.Scripting MEDIUM" "glossary-by-codeat 2.1.28 Contributor+.Stored.XSS MEDIUM" "glossary-by-codeat 2.1.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "getresponse-integration No.known.fix Contributor+.Stored.XSS MEDIUM" "getresponse-integration 5.5.32 Contributor+.Stored.XSS MEDIUM" "getresponse-integration 5.5.21 API.Key.Update.via.CSRF MEDIUM" "giphypress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gianism No.known.fix Admin+.Stored.XSS LOW" "gsheetconnector-wpforms-pro 2.5.7 Reflected.XSS HIGH" "gf-dynamics-crm 1.0.8 Reflected.Cross-Site.Scripting HIGH" "gf-custom-style No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "goodbarber 1.0.24 Settings.Update.via.CSRF MEDIUM" "google-apps-login 3.4.5 Admin+.Stored.XSS LOW" "graphcomment-comment-system 2.3.5 Reflected.Cross-Site.Scripting MEDIUM" "gps-plotter No.known.fix Admin+.Stored.XSS LOW" "guestofy-restaurant-reservations No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "guestofy-restaurant-reservations No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gf-salesforce-crmperks 1.2.6 Reflected.Cross-Site.Scripting HIGH" "game-server-status No.known.fix Contributor+.SQL.Injection HIGH" "game-server-status No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "game-server-status No.known.fix Admin+.SQL.Injection MEDIUM" "gutenberg 18.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Template.Part.Block MEDIUM" "gutenberg 18.01 18.0.0.-.Unauthenticated.&.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Avatar.Block MEDIUM" "gutenberg 16.8.1 Contributor+.Stored.XSS MEDIUM" "gutenberg 16.8.1 Contributor+.Stored.XSS.via.Navigation.Links.Block MEDIUM" "gutenberg 14.3.1 Multiple.Stored.XSS LOW" "gutenberg 12.7.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "gutenberg 12.7.2 Prototype.Pollution.via.Gutenberg’s.wordpress/url.package MEDIUM" "gdpr-compliance No.known.fix Authenticated.(Subscriber+).Information.Exposure MEDIUM" "google-captcha 1.28 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "guest-author-affiliate 1.1.6 Reflected.Cross-Site.Scripting MEDIUM" "guest-author-affiliate 1.1.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "guardgiant 2.2.6 Admin+.SQLi MEDIUM" "graphina-elementor-charts-and-graphs 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "graphina-elementor-charts-and-graphs 1.8.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "guest-author 2.4 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "guest-author 2.4 Contributor+.Stored.XSS MEDIUM" "generate-dummy-posts No.known.fix Missing.Authorization MEDIUM" "gmace No.known.fix Arbitrary.File.Creation/Deletion/Update.via.CSRF HIGH" "gmace No.known.fix Admin+.Path.Traversal MEDIUM" "gsheetconnector-gravityforms-pro 4.3.6 Access.Code.Update.via.CSRF MEDIUM" "give 3.16.2 Unauthenticated.PHP.Object.Injection CRITICAL" "give 3.16.2 Authenticated.(GiveWP.Manager+).SQL.Injection.via.order.Parameter MEDIUM" "give 3.16.0 Cross-Site.Request.Forgery MEDIUM" "give 3.16.0 Unauthenticated.Full.Path.Disclosure MEDIUM" "give 3.14.0 Missing.Authorization.to.Limited.Information.Exposure MEDIUM" "give 3.14.2 Unauthenticated.PHP.Object.Injection.to.RCE CRITICAL" "give 3.14.2 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.File.Deletion MEDIUM" "give 3.14.0 Missing.Authorization.to.Unauthenticated.Event.Settings.Update MEDIUM" "give 3.14.0 Insecure.Direct.Object.Reference.to.Authenticated.(GiveWP.Worker+).Arbitrary.Post.Actions MEDIUM" "give 3.12.1 Reflected.Cross-Site.Scripting MEDIUM" "give 3.11.0 Contributor+.Stored.XSS MEDIUM" "give 3.5.0 Authenticated.(GiveWP.Manager+).PHP.Object.Injection HIGH" "give 3.7.0 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "give 3.6.0 Contributor+.Stored.XSS MEDIUM" "give 3.4.0 Reflected.Cross-Site.Scripting HIGH" "give 3.3.0 Contributor+.Stored.XSS MEDIUM" "give 2.33.2 Missing.Authorization.via.handleBeforeGateway MEDIUM" "give 2.33.4 Cross-Site.Request.Forgery.to.plugin.deactivation MEDIUM" "give 2.33.4 Cross-Site.Request.Forgery.to.plugin.installation MEDIUM" "give 2.33.4 Cross-Site.Request.Forgery.to.Stripe.Integration.Deletion MEDIUM" "give 2.33.1 Donation.Plugin.<.2.33.1.-.Authenticated(Give.Manager+).Privilege.Escalation HIGH" "give 2.25.3 Cross-Site.Request.Forgery MEDIUM" "give 2.25.2 Cross-Site.Request.Forgery MEDIUM" "give 2.25.2 Author+.Stored.Cross-Site.Scripting MEDIUM" "give 2.25.2 Contributor+.Arbitrary.Content.Deletion MEDIUM" "give 2.25.2 Contributor+.Stored.XSS MEDIUM" "give 2.25.2 Admin+.Server-Side.Request.Forgery MEDIUM" "give 2.24.0 Contributor+.Stored.XSS MEDIUM" "give 2.24.1 Unauthenticated.SQLi HIGH" "give 2.21.0 Manager+.Arbitrary.File.Creation.via.Export HIGH" "give 2.21.0 Manager+.Arbitrary.File.Access.via.Export MEDIUM" "give 2.21.3 Admin+.Stored.Cross-Site.Scripting LOW" "give 2.21.3 DoS.via.CSRF LOW" "give 2.21.0 Reflected.Cross-Site.Scripting MEDIUM" "give 2.21.0 Donor.Information.Disclosure MEDIUM" "give 2.17.3 Reflected.Cross-Site.Scripting.via.Import.Tool MEDIUM" "give 2.17.3 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "give 2.17.3 Reflected.Cross-Site.Scripting.via.Donation.Forms.Dashboard HIGH" "give 2.12.0 Admin+.Stored.XSS MEDIUM" "give 2.10.4 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "give 2.10.0 Reflected.Cross.Site.Scripting.(XSS) HIGH" "give 2.5.10 Multiple.Issues HIGH" "give 2.5.5 Authentication.Bypass HIGH" "give 2.5.1 SQL.Injection CRITICAL" "give 2.4.7 Stored.XSS MEDIUM" "give 2.3.1 Cross-Site.Scripting.(XSS) MEDIUM" "gift-certificate-creator 1.1 Stored.XSS MEDIUM" "getyourguide-ticketing 1.0.4 Admin+.Stored.XSS LOW" "glass No.known.fix CSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "goodlms 2.1.5 Unauthenticated.SQL.Injection CRITICAL" "go-fetch-jobs-jobengine No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "go-fetch-jobs-jobengine No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "google-adsense-and-hotel-booking No.known.fix Open.Proxy CRITICAL" "gs-woo-variation-swatches 1.6.0 Reflected.Cross-Site.Scripting MEDIUM" "gplus-comments No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "gallery-metabox No.known.fix Subscriber+.Unauthorized.Data.Access MEDIUM" "gallery-metabox No.known.fix Gallery.Removal.via.CSRF MEDIUM" "get-cash 3.2 Reflected.Cross-Site.Scripting MEDIUM" "google-typography No.known.fix Missing.Authorization MEDIUM" "get-your-number No.known.fix Admin+.Stored.XSS LOW" "greenwallet-gateway 1.0.2 Reflected.Cross.Site.Scripting.in.checkout.page MEDIUM" "gnu-mailman-integration No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "googmonify No.known.fix CSRF.&.XSS MEDIUM" "gestion-pymes No.known.fix Admin+.Stored.XSS LOW" "gallery-videos 2.2.6 Admin+.SQLi MEDIUM" "gallery-videos 1.7.7 Admin+.Stored.XSS LOW" "gpt3-ai-content-generator 1.8.67 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gpt3-ai-content-generator 1.8.3 Missing.Authorization.to.Sensitive.Data.Exposure MEDIUM" "gpt3-ai-content-generator 1.8.13 Cross-Site.Request.Forgery MEDIUM" "gpt3-ai-content-generator 1.7.38 Reflected.Cross-Site.Scripting MEDIUM" "gpt3-ai-content-generator 1.4.38 Subscriber+.Arbitrary.Post.Content.Update MEDIUM" "geodirectory 2.3.71 Missing.Authorization.via.geodirectory_rated() MEDIUM" "geodirectory 2.3.62 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "geodirectory 2.3.49 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'gd_single_tabs'.Shortcode MEDIUM" "geodirectory 2.3.29 Authenticated(Administrator+).SQL.Injection MEDIUM" "geodirectory 2.3.29 Authenticated.(Administrator+).SQL.Injection.via.orderby HIGH" "geodirectory 2.2.24 Admin+.SQLi MEDIUM" "geodirectory 2.2.22 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "geodirectory 2.1.1.3 Authenticated.(admin+).Stored.Cross-Site.Scripting.(XSS) MEDIUM" "gf-constant-contact 1.0.6 Reflected.Cross-Site.Scripting HIGH" "grid-kit-premium 2.2.0 Multiple.Reflected.Cross-Site.Scripting HIGH" "grid-kit-premium 2.1.2 Reflected.Cross-Site.Scripting HIGH" "grid-kit-premium 2.1.2 Reflected.Cross-Site.Scripting HIGH" "gallery-bank 4.0.19 Reflected.Cross-Site.Scripting MEDIUM" "gallery-bank No.known.fix Author+.Stored.XSS.via.Gallery.Description MEDIUM" "gallery-bank No.known.fix Author+.Stored.XSS.via.Media.Upload.Module MEDIUM" "gallery-bank 3.0.330 Authenticated.Blind.SQL.Injection MEDIUM" "gutentor 3.3.6 Gutenberg.Blocks.-.Page.Builder.for.Gutenberg.Editor.<.3.3.6.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gutentor 3.3.6 Contributor+.Stored.XSS MEDIUM" "gutentor 1.0.3 Reflected.Cross-Site.Scripting MEDIUM" "gf-infusionsoft 1.1.5 Reflected.Cross-Site.Scripting HIGH" "gotmls 4.23.56 Unauthenticated.Remote.Code.Execution CRITICAL" "gotmls 4.21.83 Reflected.Cross-Site.Scripting MEDIUM" "gotmls 4.20.96 Reflected.Cross-Site.Scripting LOW" "gotmls 4.20.94 Admin+.Reflected.Cross-Site.Scripting LOW" "gs-woocommerce-products-slider 1.5.9 Contributor+.Stored.XSS MEDIUM" "great-quotes No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "gravity-forms-multiple-form-instances 1.1.2 Unauthenticated.Full.Path.Disclosure MEDIUM" "gsheetconnector-for-elementor-forms 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "gsheetconnector-for-elementor-forms 1.0.7 Reflected.XSS HIGH" "gallery-by-supsystic 1.15.17 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "gallery-by-supsystic 1.15.6 Arbitrary.Settings.Update.via.CSRF MEDIUM" "gallery-by-supsystic 1.8.6 Arbitrary.Image.Adding.via.CSRF MEDIUM" "gallery-by-supsystic 1.8.6 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "generate-child-theme 2.0.1 Cross-Site.Request.Forgery.via.process_create_form() MEDIUM" "generate-child-theme 1.6 Unauthorised.Plugin's.Setting.Change MEDIUM" "global-income-stats-from-freemius No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "global-income-stats-from-freemius No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "global-income-stats-from-freemius No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "genie-wp-favicon No.known.fix Arbitrary.Favicon.Change.via.CSRF MEDIUM" "gistpress 3.0.2 Authenticated.Stored.XSS MEDIUM" "gravity-forms-pdf-extended 6.3.1 Reflected.Cross-Site.Scripting MEDIUM" "google-mobile-sitemap No.known.fix Cross-Site.Request.Forgery MEDIUM" "go-fetch-jobs-wp-job-manager 1.8.4.5 Reflected.Cross-Site.Scripting MEDIUM" "go-fetch-jobs-wp-job-manager 1.7.3.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gratisfaction-all-in-one-loyalty-contests-referral-program-for-woocommerce 4.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gmb-manager No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gg-woo-feed 1.2.7 Missing.Authorization MEDIUM" "gg-woo-feed No.known.fix Unauthenticated.Settings.Update MEDIUM" "google-map-shortcode No.known.fix Settings.Update.via.CSRF MEDIUM" "google-map-shortcode No.known.fix Reflected.XSS HIGH" "google-map-shortcode No.known.fix Contributor+.Stored.XSS HIGH" "google-analytics-dashboard-for-wp 7.14.2 Contributor+.Stored.XSS MEDIUM" "google-analytics-dashboard-for-wp 7.12.1 Contributor+.Stored.XSS MEDIUM" "geo-my-wp 4.5.0.4 Reflected.Cross-Site.Scripting MEDIUM" "geo-my-wp 4.5.0.2 Unauthenticated.LFI.to.RCE/PHAR.Deserialization CRITICAL" "geo-my-wp 4.2 Cross-Site.Request.Forgery MEDIUM" "geo-my-wp 4.0.3 Authenticated(Administrator+).SQL.Injection MEDIUM" "geo-my-wp 4.0.1 Contributor+.Stored.XSS MEDIUM" "google-analyticator 6.5.6 Admin+.PHP.Object.Injection LOW" "google-analyticator 6.5.6 Admin+.PHP.Object.Injection MEDIUM" "google-analyticator 6.4.9.6 Multiple.Cross-Site.Scripting.(XSS) HIGH" "google-analyticator 6.4.9.4 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "google-language-translator 6.0.12 Google.Language.Translator.<.6.0.12.-.Admin+.Stored.Cross-Site.Scripting LOW" "google-language-translator 6.0.10 Authenticated.(author+).Cross-Site.Scripting.(XSS) MEDIUM" "google-language-translator 6.0.10 Authenticated.Cross-Site.Scripting.(XSS) LOW" "google-language-translator 5.0.06 XSS MEDIUM" "guruwalk-affiliates No.known.fix Admin+.Stored.XSS LOW" "google-image-sitemap No.known.fix Map.generation.through.CSRF MEDIUM" "graphicsly No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "gf-insightly 1.0.7 Reflected.Cross-Site.Scripting HIGH" "giveasap 2.46.1 CSRF MEDIUM" "giveasap 2.46.1 Reflected.Cross-Site.Scripting LOW" "giveasap 2.45.1 Admin+.Stored.Cross-Site.Scripting LOW" "giveasap 2.45.1 Admin+.Stored.XSS LOW" "giveasap 2.45.1 Editor+.Stored.Cross-Site.Scripting MEDIUM" "giveasap 2.42.1 Unauthorised.AJAX.Calls.via.Freemius HIGH" "giveasap 2.36.2 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) CRITICAL" "googleanalytics 2.5.2 Reflected.Cross-Site.Scripting.(XSS) HIGH" "gracemedia-media-player No.known.fix Local.File.Inclusion.(LFI) CRITICAL" "google-maps-widget 4.25 Admin+.Stored.XSS LOW" "gravity-file-ajax-upload-free No.known.fix Arbitrary.File.Upload CRITICAL" "gfirem-action-after No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gfirem-action-after No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "gsheetconnector-gravity-forms 1.3.5 Access.Code.Update.via.CSRF MEDIUM" "gallery-factory-lite No.known.fix Contributor+.Stored.XSS MEDIUM" "google-pagespeed-insights 4.0.7 Multiple.CSRF MEDIUM" "google-pagespeed-insights 4.0.4 Reflected.Cross-Site.Scripting MEDIUM" "google-site-kit 1.8.0 Privilege.Escalation.to.gain.Search.Console.Access CRITICAL" "gseor No.known.fix Authenticated.SQL.Injection MEDIUM" "gp-premium 2.4.1 Reflected.Cross-Site.Scripting MEDIUM" "gift-up 2.22 Settings.Update.via.CSRF MEDIUM" "gift-up 2.20.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "gwyns-imagemap-selector No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gallery-categories 1.0.9 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "gp-unique-id 1.5.6 Unauthenticated.Form.Submission.Unique.ID.Modification LOW" "gecka-terms-thumbnails No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "goal-tracker-ga 1.0.11 Reflected.Cross-Site.Scripting MEDIUM" "gamipress-vimeo-integration 1.0.9 Contributor+.Stored.XSS MEDIUM" "gdpr-cookie-compliance 4.12.5 License.Update/Deactivation.via.CSRF MEDIUM" "gAppointments No.known.fix Admin+.Stored.XSS LOW" "gAppointments 1.10.0 Reflected.Cross-Site.Scripting HIGH" "greenshiftwoo 1.9.8 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "google-picasa-albums-viewer 4.0.3 Reflected.Cross-Site.Scripting MEDIUM" "get-site-to-phone-by-qr-code No.known.fix Stored.XSS.via.CSRF MEDIUM" "gradient-text-widget-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "genesis-columns-advanced 2.0.4 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "garden-gnome-package 2.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "garden-gnome-package 2.2.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "gallery-from-files No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "gallery-from-files No.known.fix Unauthenticated.RCE CRITICAL" "gdpr-cookie-consent 3.3.0 Unauthenticated.Stored.Cross-Site.Scripting.via.Client-IP.header HIGH" "gdpr-cookie-consent 3.1.0 Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "gf-zendesk 1.0.8 Reflected.Cross-Site.Scripting HIGH" "global-elementor-buttons No.known.fix Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.button.link MEDIUM" "gnucommerce 1.4.2 XSS MEDIUM" "gnucommerce 0.5.7-beta XSS MEDIUM" "grid-shortcodes 1.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "grid-shortcodes 1.1.1 Contributor+.Stored.XSS MEDIUM" "gs-instagram-portfolio 1.4.5 Contributor+.Stored.XSS MEDIUM" "goftino 1.7 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "gamepress No.known.fix Reflected.Cross-Site.Scripting HIGH" "gfirem-fields No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gfirem-fields No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gfirem-fields No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "gettext-override-translations 2.0.0 Admin+.Stored.Cross-Site.Scripting LOW" "grid-plus 1.3.3 Subscriber+.Grid.Layout.Creation/Deletion/Update MEDIUM" "grid-plus 1.3.4 Subscriber+.Local.File.Inclusion MEDIUM" "grid-plus 1.3.5 Reflected.XSS HIGH" "greenshift-animation-and-page-builder-blocks 9.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "greenshift-animation-and-page-builder-blocks 8.9.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "greenshift-animation-and-page-builder-blocks 7.6.3 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "greenshift-animation-and-page-builder-blocks 4.3 Reflected.Cross-Site.Scripting MEDIUM" "greenshift-animation-and-page-builder-blocks 5.0.0 Author+.Stored.XSS MEDIUM" "greenshift-animation-and-page-builder-blocks 5.0 Contributor+.Stored.XSS MEDIUM" "greenshift-animation-and-page-builder-blocks 4.8.9 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "greenshift-animation-and-page-builder-blocks 1.1.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "good-reviews-wp 2.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Review.URL MEDIUM" "goon-plugin-control 1.2.9.2 Reflected.Cross-Site.Scripting MEDIUM" "goon-plugin-control 1.2.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gift-message-for-woocommerce 1.7.5 Reflected.Cross-Site.Scripting MEDIUM" "gift-message-for-woocommerce 1.6.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gallery-plugin 4.7.0 Author+.SQL.Injection MEDIUM" "gallery-plugin 4.7.0 Author+.Stored.Cross-Site.Scripting MEDIUM" "gallery-plugin 4.5.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "gourl-bitcoin-payment-gateway-paid-downloads-membership 1.4.14 Shell.Upload HIGH" "gutenslider 5.10.2 Reflected.Cross-Site.Scripting MEDIUM" "gutenslider 5.7.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gutenslider 5.2.0 Contributor+.Stored.XSS MEDIUM" "gs-facebook-comments 1.7.4 Missing.Authorization.via.wpfc_allow_comments() MEDIUM" "gm-woo-product-list-widget No.known.fix Reflected.XSS HIGH" "gyta-buyback 1.2.9 Reflected.Cross-Site.Scripting MEDIUM" "gyta-buyback 1.1.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "getwid 2.0.11 Missing.Authentication.to.MailChimp.API.key.update MEDIUM" "getwid 2.0.11 Missing.Authorization.to.Google.API.key.update MEDIUM" "getwid 2.0.8 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.'Countdown' MEDIUM" "getwid 2.0.6 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Block.Content MEDIUM" "getwid 2.0.5 Missing.Authorization.to.Recaptcha.API.Key.Modification MEDIUM" "getwid 2.0.5 Captcha.Bypass MEDIUM" "getwid 2.0.3 Unauthenticated.Arbitrary.Email.Sending.to.Admin MEDIUM" "getwid 1.8.4 Subscriber+.SSRF MEDIUM" "gestpay-for-woocommerce 20240307 Cross-Site.Request.Forgery.(CSRF).via.ajax_unset_default_card MEDIUM" "gestpay-for-woocommerce 20240307 Cross-Site.Request.Forgery.(CSRF).via.ajax_delete_card MEDIUM" "gestpay-for-woocommerce 20240307 Cross-Site.Request.Forgery.(CSRF).via.ajax_set_default_card MEDIUM" "goods-catalog No.known.fix Contributor+.Stored.XSS MEDIUM" "gs-testimonial 3.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gs-testimonial 1.9.7 Contributor+.Stored.XSS MEDIUM" "gs-testimonial 1.9.7 Author+.Stored.Cross-Site.Scripting MEDIUM" "global-multisite-search No.known.fix CSRF.Bypass MEDIUM" "gutenverse 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gutenverse 1.9.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gutenverse 1.9.1 Contributor+.Stored.XSS MEDIUM" "greenshiftquery 3.9.2 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "go-viral No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "go-viral 1.8.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "grand-media 1.20.0 Admin+.Stored.Cross-Site.Scripting LOW" "grand-media 1.18.5 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "gtg-advanced-blocks No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "gtranslate 3.0.4 Admin+.Stored.XSS LOW" "gtranslate 2.9.9 CSRF.to.Account.Takeover HIGH" "gtranslate 2.9.7 Reflected.Cross-Site.Scripting LOW" "gtranslate 2.8.65 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "gtranslate 2.8.52 Unauthenticated.Reflected.Cross.Site.Scripting.(XSS) MEDIUM" "go-dash No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gamipress-reset-user 1.0.1 Reset.User.<=.1.0.0.-.GamiPress.User.Data.Removal.via.CSRF MEDIUM" "gravity-forms-sms-notifications 2.4.0 Cross-Site.Scripting.(XSS) MEDIUM" "giveaways-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "giveaways-for-woocommerce No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "gdpr-compliance-cookie-consent 1.3 CSRF MEDIUM" "google-document-embedder No.known.fix Authenticated.(Contributor+).Blind.Server.Side.Request.Forgery MEDIUM" "google-document-embedder 2.6.2 CSRF.&.XSS MEDIUM" "google-document-embedder 2.6.1 XSS MEDIUM" "google-news-sitemap No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "godaddy-email-marketing-sign-up-forms 1.1.4 Cross-Site.Request.Forgery.(CSRF) HIGH" "gravitate-qa-tracker No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "gallery-with-thumbnail-slider 6.1 Contributor+.Stored.XSS MEDIUM" "guten-post-layout No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.align.Attribute MEDIUM" "google-one 1.3.4 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "google-sitemap-generator 4.1.3 Admin+.Stored.Cross-Site.Scripting LOW" "google-sitemap-generator 4.1.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "gd-bbpress-attachments 4.4 Admin+.Stored.XSS LOW" "geo-request No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "geo-request No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "google-sitemap-plugin 3.0.8 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "gd-security-headers 1.7.1 Admin+.SQLi MEDIUM" "gd-security-headers 1.7 Reflected.XSS HIGH" "greeklish-permalink 3.5 Unauthenticated.Post.Slug.Update MEDIUM" "gallery-album No.known.fix Authenticated.(Contributor+).SQL.Injection CRITICAL" "gallery-album No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gallery-album No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gallery-album No.known.fix Unauthenticated.Stored.XSS HIGH" "gallery-album No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "gallery-album No.known.fix Missing.Authorization.via.Multiple.AJAX.Actions MEDIUM" "gallery-album 2.0.2 Reflected.XSS HIGH" "gallery-album 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "gallery-album 1.2.1 Admin+.SQLi MEDIUM" "gs-portfolio 1.6.1 Contributor+.Stored.XSS MEDIUM" "gamipress-button 1.0.8 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "global-notification-bar No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "google-analytics-top-posts-widget 1.5.7 Reflected.XSS MEDIUM" "gumroad No.known.fix Contributor+.Stored.XSS MEDIUM" "gravity-forms-sticky-list No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gravity-forms-sticky-list No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gravity-forms-sticky-list No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "glorious-services-support 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "glorious-services-support 2.0.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gm-woocommerce-quote-popup 3.2 Reflected.XSS HIGH" "gm-woocommerce-quote-popup 3.1 Arbitrary.Enquiry.Deletion.via.CSRF MEDIUM" "gm-woocommerce-quote-popup 3.1 Admin+.Stored.XSS LOW" "gm-woocommerce-quote-popup 3.1 Cross-Site.Request.Forgery MEDIUM" "gm-woocommerce-quote-popup 3.2 Reflected.XSS HIGH" "gm-woocommerce-quote-popup 3.1 Unauthenticated.Stored.XSS HIGH" "gs-envato-portfolio 1.4.0 Contributor+.Stored.XSS MEDIUM" "g-auto-hyperlink No.known.fix Admin+.SQL.Injection MEDIUM" "google-maps-anywhere No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "google-shortlink 1.5.3 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "google-analytics-opt-out 2.3.5 Admin+.Stored.XSS LOW" "gsheetconnector-easy-digital-downloads 1.6.6 Reflected.Cross-Site.Scripting MEDIUM" "gsheetconnector-easy-digital-downloads 1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gfirem-advance-search No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gfirem-advance-search No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gfirem-advance-search No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "gc-testimonials No.known.fix Contributor+.Stored.XSS MEDIUM" "gd-mylist No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "gift-voucher 4.4.1 Cross-Site.Request.Forgery MEDIUM" "gift-voucher 4.3.3 Subscriber+.SQLi HIGH" "gift-voucher 4.1.8 Unauthenticated.Blind.SQL.Injection HIGH" "gs-books-showcase 1.3.1 Contributor+.Stored.XSS MEDIUM" "gravity-forms-toolbar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "glorious-sites-installer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "glorious-sites-installer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "goauth No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "goauth 2.20 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gocodes No.known.fix Authenticated.XSS.&.Blind.SQL.Injection HIGH" "gsheetconnector-ninja-forms 1.2.8 Reflected.Cross-Site.Scripting MEDIUM" "gsheetconnector-ninja-forms 1.2.7 Reflected.XSS HIGH" "gsheetconnector-ninja-forms 1.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "genki-pre-publish-reminder No.known.fix Stored.XSS.&.RCE.via.CSRF HIGH" "ga-for-wp 2.2.0 Reflected.Cross-Site.Scripting MEDIUM" "ga-for-wp 1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gravityforms 2.7.5 Reflected.XSS HIGH" "gravityforms 2.7.4 Unauthenticated.PHP.Object.Injection HIGH" "gravityforms 2.4.9 Hashed.Password.Leakage LOW" "gf-block-ips 1.0.2 Cross-Site.Request.Forgery MEDIUM" "gf-freshdesk 1.2.9 Reflected.Cross-Site.Scripting HIGH" "good-bad-comments No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "gwp-histats No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ghactivity No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "get-post-custom-taxonomy-term-shortcode No.known.fix CSRF.Bypass NONE" "geounit-maps 0.0.7 Reflected.Cross-Site.Scripting MEDIUM" "google-maps-advanced No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "gallery-images-ape No.known.fix Contributor+.Stored.XSS MEDIUM" "goolytics-simple-google-analytics 1.1.2 Simple.Google.Analytics.<.1.1.2.-.Admin+.Stored.Cross-Site.Scripting LOW" "gf-zoho 1.1.6 Reflected.Cross-Site.Scripting HIGH" "gmap-embed 1.8.4 Arbitrary.Post.Deletion.and.Plugin's.Settings.Update.via.CSRF MEDIUM" "gmap-embed 1.8.1 Subscriber+.Map.Creation/Update/Deletion MEDIUM" "gmap-embed 1.8.1 Subscriber+.Arbitrary.Post.Deletion.and.Plugin's.Settings.Update MEDIUM" "gmap-embed 1.7.7 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "google-cse No.known.fix Admin+.Stored.XSS LOW" "google-cse No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "gdpr-compliance-by-supsystic No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "genealogical-tree 2.2.1 Reflected.Cross-Site.Scripting MEDIUM" "genealogical-tree 2.1.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "galleria No.known.fix Cross-Site.Request.Forgery MEDIUM" "gsheetconnector-ninja-forms-pro 1.5.2 Reflected.XSS HIGH" "gamipress 6.8.9 Broken.Access.Control LOW" "gamipress 6.8.6 Cross-Site.Request.Forgery MEDIUM" "gamipress 6.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "gamipress 6.8.7 Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "gamipress 2.5.7.1 Unauthenticated.SQLi HIGH" "gs-pinterest-portfolio 1.8.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shorcode MEDIUM" "gs-pinterest-portfolio 1.8.1 Missing.Authorization.via._update_shortcode MEDIUM" "generateblocks 1.8.3 Contributor+.Arbitrary.Draft/Private.Post.Access LOW" "generateblocks 1.4.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "helpie-faq 1.28 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "helpie-faq 1.9.13 Reflected.Cross-Site.Scripting MEDIUM" "helpie-faq 1.9.9 Reflected.XSS MEDIUM" "helpie-faq 1.7.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "helpie-faq 0.7.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "header-footer-elementor 1.6.36 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "header-footer-elementor 1.6.36 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Site.Title.Widget MEDIUM" "header-footer-elementor 1.6.26.1 Contributor+.Stored.XSS MEDIUM" "header-footer-elementor 1.6.27 Authenticated.(Author+).HTML.Injection MEDIUM" "header-footer-elementor 1.6.29 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "header-footer-elementor 1.6.25 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "header-footer-elementor 1.5.8 Header,.Footer.&.Blocks.Template.<.1.5.8.-.Contributor+.Stored.XSS MEDIUM" "helpdeskwp No.known.fix Editor+.Stored.XSS LOW" "htaccess-redirect No.known.fix Reflected.Cross-Site.Scripting HIGH" "hotel-listing 1.3.7 Subscriber+.Privilege.Escalation CRITICAL" "hotel-listing 1.3.3 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "html5-mp3-player-with-playlist No.known.fix Authenticated.(Author+).PHP.Object.Injecton HIGH" "html5-mp3-player-with-playlist 2.8.0 Full.Path.Disclosure.(FPD) MEDIUM" "hot-random-image 1.8.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "how-to-wp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "happy-scss-compiler No.known.fix Compile.SCSS.to.CSS.automatically.<=.1.3.10.-.Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "helloprint 1.4.7 Reflected.Cross-Site.Scripting MEDIUM" "htaccess 1.8.2 CSRF.to.edit..htaccess HIGH" "htaccess 1.7.6 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "hypercomments No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "hostel 1.1.5.3 Reflected.XSS HIGH" "hostel 1.1.5.4 Cross-Site.Request.Forgery MEDIUM" "hostel 1.1.5.2 Admin+.Stored.XSS LOW" "hostel 1.1.4 Unauthenticated.Stored.XSS MEDIUM" "hl-twitter No.known.fix Admin+.Stored.XSS.via.Widget LOW" "hl-twitter No.known.fix Settings.Update.via.CSRF MEDIUM" "hl-twitter No.known.fix Unlink.Twitter.Account.via.CSRF MEDIUM" "ht-menu-lite 1.2.2 Cross-Site.Request.Forgery MEDIUM" "hermit No.known.fix Subscriber+.SQLi HIGH" "hermit No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "hermit No.known.fix Unauthenticated.SQLi HIGH" "hermit No.known.fix Arbitrary.Cache/Source.Deletion.&.Source.Creation.via.CSRF MEDIUM" "host-analyticsjs-local 4.7.15 Unauthenticated.Settings.Update MEDIUM" "host-analyticsjs-local 4.1.9 Admin+.Arbitrary.Folder.Deletion.via.Path.Traversal MEDIUM" "hcaptcha-for-forms-and-more 4.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.cf7-hcaptcha.Shortcode MEDIUM" "http-headers 1.19.0 Admin+.SSRF MEDIUM" "http-headers 1.19.0 Admin+.Stored.XSS LOW" "http-headers 1.18.11 Admin+.Remote.Code.Execution MEDIUM" "http-headers 1.18.8 Admin+.SQL.Injection MEDIUM" "html5-soundcloud-player-with-playlist No.known.fix Authenticated.(Author+).PHP.Object.Injection HIGH" "hero-maps-pro No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "horizontal-scrolling-announcement No.known.fix Horizontal.scrolling.announcement.for.WordPress.<=.9,2.Contributor+.Stored.XSS MEDIUM" "horizontal-scrolling-announcement No.known.fix Authenticated.(subscriber+).Blind.SQL.Injection HIGH" "header-image-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hm-logo-showcase 2.0.4 Reflected.Cross-Site.Scripting MEDIUM" "hm-logo-showcase 1.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "horizontal-scrolling-announcements 2.5 .Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "homepage-product-organizer-for-woocommerce No.known.fix Subscriber+.SQLi HIGH" "hungarian-pickup-points-for-woocommerce 1.9.0.3 Multiple.CSRF MEDIUM" "hmapsprem 2.2.3 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "hr-management 1.1.2 Unauthenticated.PHP.Object.Injection HIGH" "houzez-theme-functionality 3.2.3 Functionality.<.3.2.3.-.Authenticated.(Seller+).SQL.Injection HIGH" "health-check 1.6.0 CSRF MEDIUM" "health-check 1.2.4 Missing.Authorization.Checks MEDIUM" "handl-utm-grabber 2.6.5 Authenticated.Option.Change.via.CSRF HIGH" "html5-mp3-player-with-mp3-folder-feedburner-playlist No.known.fix Authenticated.(Author+).PHP.Object.Injection HIGH" "ht-instagram 1.2.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ht-instagram 1.2.8 Cross-Site.Request.Forgery MEDIUM" "houzez-login-register 3.3.0 Subscriber+.Privilege.Escalation.via.Account.Takeover HIGH" "hurrytimer 2.10.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "heart-this No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hello-world 2.2.0 Authenticated.(Subscriber+).Arbitrary.File.Read MEDIUM" "hash-elements 1.3.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.url.Parameter.in.Multiple.Widgets MEDIUM" "hash-elements 1.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hc-custom-wp-admin-url No.known.fix Unauthenticated.Secret.URL.Disclosure MEDIUM" "hc-custom-wp-admin-url No.known.fix Unauthenticated.Arbitrary.Settings.Update.via.CSRF MEDIUM" "hdw-tube No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "history-collection No.known.fix Arbitraty.File.Download HIGH" "hana-flv-player No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "happy-elementor-addons-pro 2.10.0 Reflected.Cross-Site.Scripting HIGH" "happy-elementor-addons-pro 2.8.1 Reflected.XSS HIGH" "happy-elementor-addons-pro 1.17.0 Contributor+.Stored.XSS MEDIUM" "highlight-search-terms-results 1.04 Reflected.Cross-Site.Scripting MEDIUM" "ht-slider-for-elementor 1.4.0 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "history-log-by-click5 1.0.13 Admin+.Time-Based.Blind.SQL.Injection MEDIUM" "h5p 1.15.8 Contributor+.Stored.XSS MEDIUM" "hm-multiple-roles 1.9 Reflected.Cross-Site.Scripting MEDIUM" "hm-multiple-roles 1.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "hm-multiple-roles 1.3 Arbitrary.Role.Change CRITICAL" "ht-contactform 1.1.6 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "hpbtool No.known.fix Admin+.Stored.Cross.Site.Scripting LOW" "happy-elementor-addons 3.12.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "happy-elementor-addons 3.12.3 Authenticated.(Contributor+).Sensitive.Information.Exposure MEDIUM" "happy-elementor-addons 3.11.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.PDF.View.Widget MEDIUM" "happy-elementor-addons 3.11.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Gradient.Heading.Widget MEDIUM" "happy-elementor-addons 3.11.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.Navigation.Widget MEDIUM" "happy-elementor-addons 3.11.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Accordion MEDIUM" "happy-elementor-addons 3.10.9 Contributor+.Stored.XSS MEDIUM" "happy-elementor-addons 3.10.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Event.Calendar.Widget MEDIUM" "happy-elementor-addons 3.10.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Stack.Group.Widget MEDIUM" "happy-elementor-addons 3.10.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "happy-elementor-addons 3.10.5 Contributor+.Stored.XSS MEDIUM" "happy-elementor-addons 3.10.6 Contributor+.Stored.XSS.via.HTML.Tags MEDIUM" "happy-elementor-addons 3.10.4 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.title_tag MEDIUM" "happy-elementor-addons 3.10.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Calendy MEDIUM" "happy-elementor-addons 3.10.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.Title.HTML.Tag MEDIUM" "happy-elementor-addons 3.10.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Photo.Stack.Widget MEDIUM" "happy-elementor-addons 3.10.5 Incorrect.Authorization.to.Information.Exposure MEDIUM" "happy-elementor-addons 3.10.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Page.Title.HTML.Tag MEDIUM" "happy-elementor-addons 3.10.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Archive.Title.Widget MEDIUM" "happy-elementor-addons 3.10.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Author.Meta.Widget MEDIUM" "happy-elementor-addons 3.10.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "happy-elementor-addons 3.10.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "happy-elementor-addons 3.10.2 Missing.Authorization.via.add_row_actions MEDIUM" "happy-elementor-addons 3.10.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "happy-elementor-addons 3.10.0 Reflected.Cross-Site.Scripting HIGH" "happy-elementor-addons 3.10.0 Contributor+.SSRF LOW" "happy-elementor-addons 3.8.3 Cross-Site.Request.Forgery MEDIUM" "happy-elementor-addons 2.24.0 Contributor+.Stored.XSS MEDIUM" "hire-me-widget 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "hire-me-widget 1.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "hreflang-manager-lite 1.07 Cross-Site.Request.Forgery MEDIUM" "ht-portfolio 1.1.6 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "hub2word No.known.fix Subscriber+.Arbitrary.Options.Update CRITICAL" "hiweb-migration-simple No.known.fix hiWeb.Migration.Simple.<=.2,0,0,1.Reflected.Cross-Site.Scripting HIGH" "hero-banner-ultimate 1.4 Contributor+.Stored.XSS MEDIUM" "hitpay-payment-gateway No.known.fix Information.Exposure.via.Log.Files MEDIUM" "hotjar-connecticator No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "hotjar-connecticator No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "hm-cool-author-box-widget 2.9.5 Reflected.Cross-Site.Scripting MEDIUM" "html5-responsive-faq No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "helloasso 1.1.11 Missing.Authorization.to.Authenticated.(Contributor+).Limited.Options.Update MEDIUM" "helloasso 1.1.11 Missing.Authorization MEDIUM" "helloasso 1.1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "helloasso 1.1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hover-effects 2.1.1 Admin+.LFI MEDIUM" "house-manager No.known.fix Reflected.XSS HIGH" "haxcan No.known.fix Arbitrary.File.Access MEDIUM" "haxcan No.known.fix CSRF.Bypass MEDIUM" "hk-filter-and-search 2.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "hk-filter-and-search No.known.fix Contributor+.Local.File.Inclusion HIGH" "header-enhancement 1.5 Unauthorised.Plugin's.Setting.Change MEDIUM" "header-footer-code-manager 1.1.35 Snippets.Activation/Deactivation/Deletion.via.CSRF MEDIUM" "header-footer-code-manager 1.1.24 Reflected.Cross-Site.Scripting MEDIUM" "header-footer-code-manager 1.1.17 Reflected.Cross-Site.Scripting MEDIUM" "header-footer-code-manager 1.1.14 Admin+.SQL.Injections MEDIUM" "hooked-editable-content No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hooked-editable-content No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "host-webfonts-local 5.7.10 Unauthenticated.Directory.Deletion.&.Stored.XSS HIGH" "host-webfonts-local 4.5.12 Admin+.Arbitrary.Folder.Deletion.via.Path.Traversal MEDIUM" "host-webfonts-local 4.5.4 Unauthenticated.Path.Traversal.in.REST.API MEDIUM" "host-webfonts-local 4.5.4 Subscriber+.Arbitrary.File/Folder.Deletion CRITICAL" "hummingbird-performance 3.9.2 Cross-Site.Request.Forgery MEDIUM" "hummingbird-performance 3.9.2 Missing.Authorization MEDIUM" "hummingbird-performance 3.7.4 Missing.Authorization MEDIUM" "hummingbird-performance 3.4.2 Unauthenticated.Path.Traversal HIGH" "hummingbird-performance 3.3.2 Admin+.Stored.Cross-Site.Scripting LOW" "ht-event 1.4.6 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "html5-video-player 2.5.35 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Options.Update MEDIUM" "html5-video-player 2.5.33 Missing.Authorization.in.multiple.functions.via.h5vp_ajax_handler MEDIUM" "html5-video-player 2.5.32 Authenticated.(Subscriber+).Information.Exposure MEDIUM" "html5-video-player 2.5.31 Missing.Authorization MEDIUM" "html5-video-player 2.5.27 Unauthenticated.SQLi HIGH" "html5-video-player 2.5.25 Unauthenticated.SQLi HIGH" "html5-video-player 2.5.19 Subscriber+.Stored.XSS HIGH" "h5p-css-editor No.known.fix Reflected.Cross-Site.Scripting HIGH" "hide-admin-bar-based-on-user-roles 3.5.0 Reflected.Cross-Site.Scripting MEDIUM" "hide-admin-bar-based-on-user-roles 3.1.0 Settings.Update.via.CSRF MEDIUM" "hide-admin-bar-based-on-user-roles 3.0.0 Subscriber+.Settings.Update MEDIUM" "header-footer-code 1.2 Admin+.Stored.XSS LOW" "header-footer-code 1.2 Admin+.Stored.XSS.via.CSS.Styles LOW" "heateor-social-login 1.1.33 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "heateor-social-login 1.1.33 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "heateor-social-login 1.1.32 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "heateor-social-login 1.1.31 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "hide-my-site No.known.fix Unauthenticated.Information.Exposure MEDIUM" "highlight 0.9.3 Authenticated.Stored.Cross-Site.Scripting LOW" "headline-analyzer 1.3.4 Cross-Site.Request.Forgery MEDIUM" "headline-analyzer 1.3.2 Missing.Authorization.via.REST.APIs MEDIUM" "hrm 2.2.6 Multiple.Issues HIGH" "holler-box 2.3.3 Admin+.Stored.XSS LOW" "holler-box 2.1.4 Admin+.SQL.Injection MEDIUM" "hide-my-wp 5.2.02 Hidden.Login.Page.Disclosure MEDIUM" "hide-my-wp 5.0.20 IP.Address.Spoofing MEDIUM" "hitsteps-visitor-manager 5.87 Admin+.Stored.XSS LOW" "hitsteps-visitor-manager 5.87 Arbitrary.Settings.Update.via.CSRF MEDIUM" "html5-maps 1.7.1.5 Arbitrary.Settings.Update.via.CSRF MEDIUM" "html5-maps 1.6.5.7 CSRF.&.XSS HIGH" "html-forms 1.3.34 Bulk.Delete.via.CSRF MEDIUM" "html-forms 1.3.33 Admin+.Stored.XSS LOW" "html-forms 1.3.30 Admin+.Stored.XSS LOW" "html-forms 1.3.25 Admin+.SQLi MEDIUM" "hide-shipping-method-for-woocommerce 1.3.3 Reflected.Cross-Site.Scripting MEDIUM" "hide-shipping-method-for-woocommerce 1.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "hqtheme-extra No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hqtheme-extra No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "hms-testimonials 2.0.11 CSRF MEDIUM" "hm-testimonial No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hm-testimonial 1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "hdw-player-video-player-video-gallery No.known.fix Cross-Site.Scripting MEDIUM" "happyforms 1.26.1 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "happyforms 1.25.11 Missing.Authorization MEDIUM" "happyforms 1.25.10 Reflected.Cross-Site.Scripting MEDIUM" "happyforms 1.22.0 Contributor+.Stored.XSS MEDIUM" "hd-quiz 1.8.12 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.plugin.settings MEDIUM" "hd-quiz 1.8.4 Authenticated.Stored.XSS MEDIUM" "ht-easy-google-analytics 1.1.8 Reflected.Cross-Site.Scripting MEDIUM" "ht-easy-google-analytics 1.2.0 Missing.Authorization.to.Unauthenticated.GA4.Email.Update MEDIUM" "ht-easy-google-analytics 1.0.7 Plugin.Activation.via.CSRF MEDIUM" "handsome-testimonials 2.1.1 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "hotjar 1.0.16 Admin+.Stored.XSS MEDIUM" "hueman-addons No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "hs-brand-logo-slider No.known.fix Authenticated.Arbitrary.File.Upload CRITICAL" "heateor-social-comments 1.6.2 Contributor+.Stored.XSS MEDIUM" "hotscot-contact-form 1.3 Admin+.SQL.Injection MEDIUM" "hkdev-maintenance-mode 3.0.2 Unauthenticated.IP.Spoofing MEDIUM" "hkdev-maintenance-mode 3.0.2 Unauthenticated.Post/Page.Content.Disclosure MEDIUM" "hover-image No.known.fix CSRF MEDIUM" "hashbar-wp-notification-bar 1.4.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "hashbar-wp-notification-bar 1.3.6 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "hashthemes-demo-importer 1.1.2 Improper.Access.Control.to.Blog.Reset HIGH" "honeypot 2.1.14 Reflected.XSS HIGH" "honeypot 1.5.7 Authenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "hercules-core 6.7 Missing.Authorization.to.Settings.Update MEDIUM" "hercules-core 6.5 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "hostinger 1.9.8 Unauthenticated.Maintenance.Mode.Toggle MEDIUM" "houzez-crm 1.4.3 Authenticated.(Seller+).SQL.Injection HIGH" "hot-linked-image-cacher No.known.fix Image.upload/cache.abuse.via.CSRF LOW" "honeypot-for-wp-comment No.known.fix Reflected.Cross-Site.Scripting.via.page MEDIUM" "honeypot-for-wp-comment No.known.fix Directory.Traversal.to.Unauthenticated.Arbitrary.File.Deletion CRITICAL" "homepage-pop-up No.known.fix CSRF MEDIUM" "homepage-pop-up No.known.fix Admin+.Stored.XSS LOW" "heureka 1.1.0 Cross-Site.Request.Forgery MEDIUM" "hash-form 1.2.0 Drag.&.Drop.Form.Builder.<.1.2.0.-.Unauthenticated.Limited.File.Upload MEDIUM" "hash-form 1.1.1 Unauthenticated.PHP.Object.Injection HIGH" "hash-form 1.1.1 Unauthenticated.Arbitrary.File.Upload.to.Remote.Code.Execution CRITICAL" "html5-audio-player 2.2.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "html5-audio-player 2.2.22 Best.WordPress.Audio.Player.Plugin.<.2.2.22.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "html5-audio-player 2.1.12 Contributor+.Stored.XSS MEDIUM" "html5-audio-player 2.1.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "ht-mega-for-elementor 2.6.6 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.template_id MEDIUM" "ht-mega-for-elementor 2.5.8 Authenticated.(Contributor+).JSON.File.Directory.Traversal MEDIUM" "ht-mega-for-elementor 2.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "ht-mega-for-elementor 2.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Video.Player.Widget.Settings MEDIUM" "ht-mega-for-elementor 2.5.3 Contributor+.Stored.XSS MEDIUM" "ht-mega-for-elementor 2.5.3 Subscriber+.Options.Update HIGH" "ht-mega-for-elementor 2.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Gallery.Justify MEDIUM" "ht-mega-for-elementor 2.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Tooltip.&.Popover.Widget MEDIUM" "ht-mega-for-elementor 2.4.8 Missing.Authorization.to.Information.Exposure MEDIUM" "ht-mega-for-elementor 2.5.0 Contributor+.Stored.XSS.via.Countdown.Widget MEDIUM" "ht-mega-for-elementor 2.4.9 Contributor+.Stored.XSS.via.Accordion/FAQ MEDIUM" "ht-mega-for-elementor 2.4.7 Unauthenticated.Order.Data.Disclosure HIGH" "ht-mega-for-elementor 2.5.0 Contributor+.Stored.XSS.via.Image.Grid.Widget MEDIUM" "ht-mega-for-elementor 2.4.7 Contributor+.Stored.XSS.via.size MEDIUM" "ht-mega-for-elementor 2.4.7 Contributor+.Stored.XSS.via.Lightbox.Widget MEDIUM" "ht-mega-for-elementor 2.4.4 Contributor+.Stored.XSS MEDIUM" "ht-mega-for-elementor 2.4.7 Contributor+.Directory.Traversal HIGH" "ht-mega-for-elementor 2.4.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.titleTag MEDIUM" "ht-mega-for-elementor 2.4.5 Contributor+.Stored.Cross-Site.Scripting.via.Post.Carousel.Widget MEDIUM" "ht-mega-for-elementor 2.3.4 Arbitrary.Plugin/Theme.Activation.via.CSRF MEDIUM" "ht-mega-for-elementor 2.3.9 Reflected.Cross-Site.Scripting HIGH" "ht-mega-for-elementor 1.5.7 Absolute.Addons.for.Elementor.Page.Builder.<.1.5.7.-.Contributor+.Stored.XSS MEDIUM" "hal 2.2 Admin+.Stored.Cross-Site.Scripting LOW" "http-auth 1.0.0 Settings.Update.via.CSRF MEDIUM" "http-https-remover 3.2.4 Plugin.Installation.via.CSRF MEDIUM" "http-https-remover 3.2.4 Subscriber+.Plugin.Installation MEDIUM" "html5-virtual-classroom No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "html2wp No.known.fix Subscriber+.Arbitrary.File.Deletion HIGH" "html2wp No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "html2wp No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "highlight-focus No.known.fix Admin+.Stored.Cross.Site.Scripting LOW" "helpful 4.5.26 Information.Disclosure MEDIUM" "helpful 4.5.15 Votes.Tampering MEDIUM" "helpful 4.4.59 Admin+.Stored.Cross-Site.Scripting LOW" "heat-trackr 1.01 XSS MEDIUM" "image-hover-effects-ultimate-visual-composer 2.6.1 Authenticated.Arbitrary.Options.Update HIGH" "image-hover-effects 5.6 Caption.Settings.Update.via.CSRF MEDIUM" "image-hover-effects 5.5 Admin+.Stored.XSS LOW" "image-map-pro 5.6.9 Cross-Site.Scripting HIGH" "image-map-pro 5.6.9 Cross-Site.Request.Forgery MEDIUM" "instant-css 1.2.2 Theme/CSS/Minify/Preprocessor.Data.Update.via.CSRF MEDIUM" "instant-css 1.1.5 Subscriber+.Unauthorised.AJAX.Calls MEDIUM" "insta-gallery 4.4.0 Missing.Authorization MEDIUM" "insta-gallery 2.4.8 CSRF.&.Missing.Authorisation.Checks HIGH" "ithemes-exchange 1.12.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "include-me 1.2.2 Authenticated.Remote.Code.Execution.(RCE).via.LFI.log.poisoning HIGH" "infolinks-ad-wrap No.known.fix Settings.Update.via.CSRF MEDIUM" "integration-for-szamlazzhu-woocommerce 5.6.3.3 Multiple.CSRF MEDIUM" "imageseo 3.1.2 Unauthenticated.Full.Path.Disclosure MEDIUM" "imageseo 2.0.8 Settings.Update.via.CSRF LOW" "ipages-flipbook 1.5.2 Missing.Authorization MEDIUM" "ipages-flipbook 1.5.0 Authenticated.(Administrator+).SQL.Injection HIGH" "ipages-flipbook 1.4.7 Contributor+.Stored.XSS MEDIUM" "ipages-flipbook 1.4.3 Reflected.Cross-Site.Scripting HIGH" "integrate-google-drive 1.3.94 Missing.Authorization MEDIUM" "integrate-google-drive 1.3.91 Missing.Authorization MEDIUM" "integrate-google-drive 1.3.91 Missing.Authorization MEDIUM" "integrate-google-drive 1.3.9 Missing.Authorization.to.Unauthenticated.Settings.Modification.and.Export CRITICAL" "integrate-google-drive 1.3.4 Subscriber+.Settings.Update MEDIUM" "integrate-google-drive 1.3.5 Cross-Site.Request.Forgery MEDIUM" "integrate-google-drive 1.3.3 Open.Redirect.via.state MEDIUM" "integrate-google-drive 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "integrate-google-drive 1.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "improved-include-page No.known.fix Contributor+.Arbitrary.Posts/Pages.Access MEDIUM" "idonate 2.0.0 Admin+.Stored.XSS LOW" "ilab-media-tools 4.5.25 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "ilab-media-tools 4.5.21 Reflected.Cross-Site.Scripting MEDIUM" "ilab-media-tools 4.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "invitation-code-content-access 1.5.5 Reflected.Cross-Site.Scripting MEDIUM" "integrar-getnet-con-woo 0.0.5 Unauthenticated.Authorization.Bypass HIGH" "iconize No.known.fix Authenticated.(Admin+).Remote.Code.Execution HIGH" "image-hover-effects-addon-for-elementor 1.4.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.eihe_link.Parameter MEDIUM" "image-hover-effects-addon-for-elementor 1.4.2 Elementor.Addon.<.1.4.2.-.Authenticated(Contributor+).DOM-based.Stored.Cross-Site.Scripting.via.Image.Hover.Effects.Widget MEDIUM" "image-hover-effects-addon-for-elementor 1.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'eihe_align' MEDIUM" "image-hover-effects-addon-for-elementor 1.3.4 Elementor.Addon.<.1.3.4.-.Contributor+.Stored.XSS MEDIUM" "iubenda-cookie-law-solution 3.3.3 Subscriber+.Privileges.Escalation.to.Admin HIGH" "image-carousel-for-divi 1.6.1 Reflected.Cross-Site.Scripting MEDIUM" "image-carousel-for-divi 1.5.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "iq-testimonials No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "insert-php-code-snippet 1.3.7 Cross-Site.Request.Forgery.to.Code.Snippet.Activate/Deactivate/Deletion MEDIUM" "insert-php-code-snippet 1.3.5 Admin+.Stored.XSS LOW" "icons-font-loader 1.1.5 Authenticated(Administrator+).Arbitrary.File.Upload MEDIUM" "icons-font-loader 1.1.2.1 Improper.Neutralization.of.Special.Elements.used.in.an.SQL.Command.('SQL.Injection') HIGH" "inavii-social-feed-for-elementor 2.1.3 Reflected.Cross-Site.Scripting MEDIUM" "iq-block-country 1.2.20 Protection.Bypass.due.to.IP.Spoofing MEDIUM" "iq-block-country 1.2.13 Admin+.Arbitrary.File.Deletion.via.Zip.Slip MEDIUM" "iq-block-country 1.2.12 Admin+.Stored.Cross-Site.Scripting LOW" "iq-block-country 1.1.20 Reflected.Cross-Site.Scripting.(XSS) CRITICAL" "ithemes-security-pro 6.8.4 Hide.Backend.Bypass MEDIUM" "imageboss 3.0.6 Admin+.Stored.Cross-Site.Scripting LOW" "imagemapper No.known.fix Contributor+.Stored.XSS MEDIUM" "imagemapper No.known.fix Settings.Update.via.CSRF MEDIUM" "imagemapper No.known.fix Subscriber+.Arbitrary.Post.Deletion MEDIUM" "imagemapper No.known.fix Stored.XSS.via.CSRF HIGH" "integration-dynamics 1.3.18 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "issues-tracker 1.2.3 Reflected.Cross-Site.Scripting MEDIUM" "issues-tracker 1.0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "institutions-directory 1.3.1 Subscriber+.Privilege.Escalation CRITICAL" "iloveimg 1.0.6 iLoveIMG.<.1.0.6.-.Admin+.PHP.Object.Injection HIGH" "ipushpull 2.3.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "integration-for-gravity-forms-and-pipedrive 1.0.7 Reflected.Cross-Site.Scripting HIGH" "innovs-hr-manager No.known.fix Employee.Creation.via.CSRF MEDIUM" "innovs-hr-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "imgspider 2.3.11 Authenticated.(Contributor+).Arbitrary.File.Upload.via.'upload_img_file' HIGH" "imgspider 2.3.11 Authenticated.(Contributor+).Arbitrary.File.Upload.via.'upload' HIGH" "iksweb 3.8 Admin+.Stored.XSS LOW" "insert-pages 3.7.5 Contributor+.Stored.XSS MEDIUM" "insert-pages 3.7.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "insert-pages 3.7.0 Contributor+.Arbitrary.Posts/Pages.Access MEDIUM" "insert-pages 3.2.4 Directory.Traversal CRITICAL" "import-legacy-media No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "internal-comments No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "internal-comments 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "i2-pro-cons No.known.fix Contributor+.Stored.XSS MEDIUM" "inspirational-quote-rotator No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "indeed-job-importer No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "idpay-contact-form-7 No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "itempropwp No.known.fix Admin+.Stored.XSS LOW" "information-for-help 0.0.3 Reflected.Cross-Site.Scripting MEDIUM" "iwp-client 1.12.3.1 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "iwp-client 1.12.1 Unauthenticated.Sensitive.Information.Exposure HIGH" "iwp-client 1.9.4.5 Authentication.Bypass CRITICAL" "internal-link-flow-topical-authority-topical-map No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "i-recommend-this 3.9.0 Admin+.Stored.XSS LOW" "i-recommend-this No.known.fix CSRF MEDIUM" "i-recommend-this 3.8.2 Authenticated.SQL.Injection HIGH" "ignitiondeck 1.10.0 Missing.Authorization MEDIUM" "import-shopify-to-woocommerce 1.1.13 Import.Shopify.to.WooCommerce.<.1.1.13.-.Admin+.Arbitrary.File.Access MEDIUM" "instant-images 6.1.1 Author+.Arbitrary.Options.Update HIGH" "instant-images 5.2.0 Author+.SSRF LOW" "instant-images 4.4.0.1 Authenticated.Stored.XSS.&.XFS MEDIUM" "image-slider-widget 1.1.127 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "image-slider-widget 1.1.123 Arbitrary.Post.Duplication.via.CSRF MEDIUM" "image-tag-manager No.known.fix Reflected.Cross-Site.Scripting.via.default_class MEDIUM" "incoming-links 0.9.10b referrers.php.XSS MEDIUM" "integration-for-contact-form-7-and-pipedrive 1.2.1 Cross-Site.Request.Forgery MEDIUM" "integration-for-contact-form-7-and-pipedrive 1.1.1 Reflected.Cross-Site.Scripting HIGH" "image-hover-effects-ultimate 9.8.5 Admin+.Stored.XSS LOW" "image-hover-effects-ultimate 9.7.2 Authenticated.Arbitrary.Options.Change HIGH" "image-hover-effects-ultimate 9.8.0 Authenticated.Stored.XSS MEDIUM" "image-hover-effects-ultimate 9.7.2 Reflected.Cross-Site.Scripting MEDIUM" "image-hover-effects-ultimate 9.7.1 Reflected.Cross-Site.Scripting HIGH" "image-hover-effects-ultimate 9.7.0 Unauthenticated.Arbitrary.Option.Update CRITICAL" "image-upload-for-bbpress 1.1.19 Cross-Site.Request.Forgery.via.hm_bbpui_admin_page MEDIUM" "ithemeland-bulk-posts-editing-lite 4.2.4 Cross-Site.Request.Forgery MEDIUM" "ithemeland-bulk-posts-editing-lite 4.2.4 Authenticated.(Subscriber+).Missing.Authorization MEDIUM" "instant-chat-wp No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "interactive-image-map-builder 1.1 Admin+.Stored.XSS LOW" "iflychat No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "iflychat 4.7.0 Admin+.Stored.Cross-Site.Scripting.(XSS) LOW" "indieweb-post-kinds 1.3.1.1 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "inpost-for-woocommerce 1.4.5 Missing.Authorization.to.Unauthenticated.Arbitrary.File.Read.and.Delete CRITICAL" "icon 1.0.0.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "icon 1.0.0.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "import-holded-products-woocommerce 2.0 Reflected.Cross-Site.Scripting MEDIUM" "import-holded-products-woocommerce 2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ithemes-mobile 1.2.8 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "instagrate-to-wordpress 1.3.8 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "interactive-world-map 3.4.4 Reflected.Cross-Site.Scripting HIGH" "interactive-world-map 3.4.4 CSRF MEDIUM" "imagements No.known.fix Unauthenticated.Arbitrary.File.Upload.to.RCE CRITICAL" "image-hover-effects-css3 No.known.fix Admin+.Stored.XSS LOW" "icon-widget 1.4.0 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "icon-widget 1.3.0 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "integrate-automate No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "integrate-automate 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "instagram-slider-widget 2.2.5 Missing.Authorization MEDIUM" "instagram-slider-widget 2.0.7 Admin+.Stored.XSS.via.Feeds LOW" "instagram-slider-widget 2.0.6 Admin+.Stored.XSS.via.API.Key LOW" "instagram-slider-widget 2.0.5 Reflected.Cross-Site.Scripting MEDIUM" "instagram-slider-widget 2.0.5 Subscriber+.Stored.XSS.via.Feeds HIGH" "instagram-slider-widget 2.0.5 Subscriber+.Arbitrary.API.Key.Update.to.Stored.XSS HIGH" "instagram-slider-widget 2.0.5 Subscriber+.Arbitrary.Feed.Deletion MEDIUM" "instagram-slider-widget 1.8.5 Authenticated.Reflected.Cross-Site.Scripting.(XSS) CRITICAL" "independent-analytics 1.25.1 Reflected.Cross-Site.Scripting MEDIUM" "if-so 1.8.0.4 Reflected.XSS MEDIUM" "if-so 1.8.0.4 Admin+.Stored.XSS LOW" "if-so 1.7.1.1 Missing.Authorization MEDIUM" "if-so 1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "iframe-forms No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "ipages-flipbook-pro 1.4.3 Reflected.Cross-Site.Scripting HIGH" "index-wp-mysql-for-speed 1.4.18 Admin+.Reflected.XSS HIGH" "image-over-image-vc-extension 3.0 Contributor+.Stored.XSS MEDIUM" "invite-anyone 1.4.8 Reflected.Cross-Site.Scripting MEDIUM" "invite-anyone 1.3.19 Unauthenticated.PHP.Object.Injection CRITICAL" "invite-anyone 1.3.16 Multiple.Issues MEDIUM" "inventorypress No.known.fix Author+.Stored.XSS MEDIUM" "iws-geo-form-fields No.known.fix Geo.Form.Fields.<=.1.0.-.Unauthenticated.SQLi HIGH" "idbbee No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "interact-quiz-embed 3.1 Contributor+.Stored.XSS MEDIUM" "iks-menu 1.11.2 Reflected.Cross-Site.Scripting MEDIUM" "iks-menu 1.9.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "indeed-membership-pro 12.8 Reflected.Cross-Site.Scripting HIGH" "indeed-membership-pro 12.8 Unauthenticated.PHP.Object.Injection HIGH" "indeed-membership-pro 12.8 Unauthenticated.Privilege.Escalation CRITICAL" "idcrm-contacts-companies 1.0.3 Reflected.Cross-Site.Scripting MEDIUM" "image-hover-effects-visual-composer-extension 5.0 Contributor+.Stored.XSS MEDIUM" "infogram No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "indeed-affiliate-pro 4.0 Authenticated.Stored.XSS MEDIUM" "instagram-feed 2.9.2 Reflected.Cross-Site.Scripting MEDIUM" "instagram-widget-by-wpzoom 2.1.14 Missing.Authorization.to.Authenticated.(Subscriber+).Instagram.Image.Deletion MEDIUM" "insert-php 2.5.1 Woody.code.snippets.–.Insert.Header.Footer.Code,.AdSense.Ads.<.2,5,1.-Authenticated.(Contributor+).Remote.Code.Execution CRITICAL" "insert-php No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "insert-php 2.4.6 Reflected.Cross-Site.Scripting MEDIUM" "insert-php 2.3.10 Arbitrary.Settings.Update.via.CSRF MEDIUM" "insert-php 2.3.10 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "insert-php 2.2.9 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "insert-php 2.2.6 Arbitrary.Post.Deletion MEDIUM" "insert-php 2.2.5 Multiple.issues.leading.to.RCE HIGH" "integration-for-szamlazz-hu-gravity-forms 1.2.7 Multiple.CSRF MEDIUM" "import-xml-feed 2.1.6 Authenticated.(Administrator+).Arbitrary.File.Upload CRITICAL" "import-xml-feed 2.1.5 Unauthenticated.RCE CRITICAL" "import-xml-feed 2.1.4 Admin+.Arbitrary.File.Upload MEDIUM" "import-xml-feed 2.0.3 Authenticated.Server-side.Request.Forgery.(SSRF) MEDIUM" "ithemelandco-woo-report 1.5.0 Reflected.Cross-Site.Scripting MEDIUM" "iframe 5.1 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "iframe 5.1 Contributor+.Stored.XSS MEDIUM" "iframe 4.9 Contributor+.Stored.XSS LOW" "iframe 4.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'iframe'.Shortcode MEDIUM" "iframe 4.5 Authenticated.Stored.Cross.Site.Scripting.(XSS) MEDIUM" "ipanorama-pro 1.6.22 Reflected.Cross-Site.Scripting HIGH" "integration-for-billingo-gravity-forms 1.0.4 Multiple.CSRF MEDIUM" "ipanorama-360-virtual-tour-builder-lite 1.8.4 Missing.Authorization MEDIUM" "ipanorama-360-virtual-tour-builder-lite 1.8.2 Missing.Authorization MEDIUM" "ipanorama-360-virtual-tour-builder-lite 1.8.1 .Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "ipanorama-360-virtual-tour-builder-lite 1.8.0 Authenticated.(Admin+).SQL.injection HIGH" "ipanorama-360-virtual-tour-builder-lite 1.6.30 Contributor+.Stored.XSS MEDIUM" "ipanorama-360-virtual-tour-builder-lite 1.6.22 Reflected.Cross-Site.Scripting HIGH" "interactive-3d-flipbook-powered-physics-engine 1.15.7 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "interactive-3d-flipbook-powered-physics-engine 1.15.5 Authenticated.(Author+).Stored.Cross-Site.Scritping.via.Bookmark.URL MEDIUM" "interactive-3d-flipbook-powered-physics-engine 1.15.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Bookmarks MEDIUM" "interactive-3d-flipbook-powered-physics-engine 1.15.3 Contributor+.Stored.XSS MEDIUM" "interactive-3d-flipbook-powered-physics-engine 1.13.3 Contributor+.Stored.XSS MEDIUM" "interactive-3d-flipbook-powered-physics-engine 1.12.1 Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "insert-or-embed-articulate-content-into-wordpress 4.3000000024 Author+.Arbitrary.File.Upload CRITICAL" "insert-or-embed-articulate-content-into-wordpress No.known.fix Author+.Upload.to.RCE CRITICAL" "insert-or-embed-articulate-content-into-wordpress No.known.fix Iframe.Injection LOW" "insert-or-embed-articulate-content-into-wordpress 4.3000000023 Contributor+.Stored.XSS MEDIUM" "insert-or-embed-articulate-content-into-wordpress 4.3000000021 Reflected.Cross-Site.Scripting MEDIUM" "insert-or-embed-articulate-content-into-wordpress 4.3000000016 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "insert-or-embed-articulate-content-into-wordpress 4.29991 Authenticated.Arbitrary.Folder.Deletion.and.Rename MEDIUM" "insert-or-embed-articulate-content-into-wordpress 4.2999 Unauthenticated.RCE CRITICAL" "insert-or-embed-articulate-content-into-wordpress 4.2997 Subscriber+.Arbitrary.Option.Update CRITICAL" "import-csv-files No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "images-to-webp 1.9 Authenticated.Local.File.Inclusion LOW" "images-to-webp 1.9 Multiple.Cross.Site.Request.Forgery.(CSRF) MEDIUM" "invitation-based-registrations No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "indexisto No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "infusionsoft-landing-pages No.known.fix Settings.Update.via.CSRF MEDIUM" "impreza 8.18 Reflected.Cross-Site.Scripting MEDIUM" "igniteup No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "igniteup 3.4.1 Multiple.Issues HIGH" "iframe-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "image-vertical-reel-scroll-slideshow 9.1 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "image-vertical-reel-scroll-slideshow No.known.fix Admin+.Stored.XSS LOW" "indigitall-web-push-notifications 3.2.3 Admin+.Stored.XSS LOW" "improved-sale-badges 4.4.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "image-watermark 1.7.4 Missing.Authorization.to.Authenticated.(Subscriber+).Watermark.Modification MEDIUM" "interactive-polish-map 1.2.1 Admin+.Stored.XSS LOW" "imdb-info-box No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "ibtana-ecommerce-product-addons 0.2.4 Ecommerce.Product.Addons.<.0.2.4.-.Reflected.Cross-Site.Scripting HIGH" "image-horizontal-reel-scroll-slideshow 13.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "image-horizontal-reel-scroll-slideshow 13.3 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "ifolders 1.5.1 Admin+.XSS MEDIUM" "icegram-rainmaker 1.3.15 Missing.Authorization MEDIUM" "icegram-rainmaker 1.3.9 Contributor+.Stored.XSS MEDIUM" "ip2location-country-blocker 2.34.3 Cross-Site.Request.Forgery MEDIUM" "ip2location-country-blocker 2.33.4 Unauthenticated.Sensitive.Information.Exposure.via.Debug.Log.File MEDIUM" "ip2location-country-blocker 2.26.9 Admin+.Stored.Cross-Site.Scripting LOW" "ip2location-country-blocker 2.26.6 Arbitrary.Country.Ban.via.CSRF MEDIUM" "ip2location-country-blocker 2.26.5 Ban.Bypass MEDIUM" "ip2location-country-blocker 2.26.5 Subscriber+.Arbitrary.Country.Ban MEDIUM" "infusionsoft 1.5.12 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "infusionsoft 1.5.10 1.5.10.Arbitrary.File.Upload MEDIUM" "internallink-audit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "inline-google-spreadsheet-viewer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "interactive-world-maps 2.5 Reflected.Cross-Site.Scripting MEDIUM" "interactive-geo-maps 1.6.1 Reflected.Cross-Site.Scripting MEDIUM" "interactive-geo-maps 1.5.11 Editor+.Stored.XSS LOW" "interactive-geo-maps 1.5.9 Contributor+.Stored.XSS MEDIUM" "interactive-geo-maps 1.5.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "import-spreadsheets-from-microsoft-excel 10.1.5 Authenticated.(Editor+).Arbitrary.File.Upload CRITICAL" "import-spreadsheets-from-microsoft-excel 10.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "icegram 3.1.26 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "icegram 3.1.25 Missing.Authorization MEDIUM" "icegram 3.1.25 Missing.Authorization.to.Unauthenticated.Message.Duplication MEDIUM" "icegram 3.1.22 Contributor+.Campaign.Status.Toggle./.Duplication LOW" "icegram 3.1.19 Cross-Site.Request.Forgery.via.save_campaign_preview MEDIUM" "icegram 3.1.20 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Campaign.Message MEDIUM" "icegram 3.1.12 Reflected.XSS HIGH" "icegram 2.1.8 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "icegram 2.0.5 Reflected.Cross-Site.Scripting MEDIUM" "icegram 2.0.3 Admin+.Stored.Cross-Site.Scripting LOW" "icegram 1.10.29 CSRF.to.Stored.XSS MEDIUM" "icegram 1.9.19 Cross-Site.Request.Forgery.(CSRF).&.XSS MEDIUM" "intimate-io-cryptocurrency-payments No.known.fix CSRF.Bypass MEDIUM" "image-protector No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "ideal-interactive-map No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "information-reel 10.1 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "iconic-woothumbs 5.5.4 Reflected.Cross-Site.Scripting MEDIUM" "ics-calendar 10.12.0.2 Authenticated(Contributor+).Directory.Traversal.via._url_get_contents MEDIUM" "intelligence No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "import-external-images No.known.fix CSRF MEDIUM" "imagemagick-engine 1.7.11 Administrator+.OS.Command.Injection MEDIUM" "imagemagick-engine 1.7.6 PHAR.Deserialization.via.CSRF HIGH" "imagemagick-engine 1.7.6 Command.Injection.via.CSRF HIGH" "ilc-thickbox No.known.fix Settings.update.via.CSRF MEDIUM" "import-users-from-csv 1.3 Authenticated.(Admin+).PHP.Object.Injection HIGH" "instagram-for-wordpress No.known.fix Contributor+.Stored.XSS MEDIUM" "instalinker 1.1.2 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "idx-broker-platinum No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "idx-broker-platinum 3.0.6 Reflected.Cross-Site.Scripting HIGH" "idx-broker-platinum 2.6.2 Authenticated.Stored.Cross-Site.Scripting.(XSS).via.unprotected.'idx_update_recaptcha_key'.AJAX MEDIUM" "idx-broker-platinum 2.6.2 Authenticated.Post.Creation,.Modification,.and.Deletion MEDIUM" "images-optimize-and-upload-cf7 No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "ip-vault-wp-firewall 2.1 IP.Address.Spoofing.to.Protection.Mechanism.Bypass MEDIUM" "ip-vault-wp-firewall 2.1 WP.Firewall.<.2.1.-.Admin+.Stored.XSS LOW" "include-lottie-animation-for-elementor 1.10.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "intergeo-maps No.known.fix Contributor+.Stored.XSS MEDIUM" "intergeo-maps 1.1.6 Reflected.Cross-Site.Scripting MEDIUM" "imagelinks-pro 1.5.3 Reflected.Cross-Site.Scripting HIGH" "iva-business-hours-pro No.known.fix Unauthenticated.Arbitrary.File.Upload.to.RCE CRITICAL" "ithemes-sync 3.0.1 Stored.Cross-Site.Scripting.via.packages MEDIUM" "ithemes-sync 2.1.14 Cross-Site.Request.Forgery.and.Missing.Authorization.via.'hide_authenticate_notice' MEDIUM" "invoicing 2.8.12 Missing.Authorization.via.column_subscription() MEDIUM" "invoicing 2.3.4 Authenticated.Stored.XSS HIGH" "ithemes No.known.fix New-Password.Requirements.Not.Enforced.Until.second.Login HIGH" "internal-link-building-plugin No.known.fix Admin+.Stored.XSS LOW" "internal-link-building-plugin No.known.fix CSRF MEDIUM" "ip-metaboxes No.known.fix Admin+.Stored.XSS LOW" "ip-metaboxes No.known.fix Unauthenticated.Reflected.XSS HIGH" "insert-headers-and-footers 2.0.13.1 Reflected.XSS HIGH" "insert-headers-and-footers 2.0.9 Arbitrary.Log.File.Deletion.via.CSRF MEDIUM" "insert-headers-and-footers 2.0.7 Contributor+.WPCode.Library.Auth.Key.Update/Deletion LOW" "infusionsoft-official-opt-in-forms No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "infusionsoft-official-opt-in-forms No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "infusionsoft-official-opt-in-forms No.known.fix Admin+.Stored.XSS LOW" "ip-address-blocker No.known.fix IP.Spoofing MEDIUM" "ip-address-blocker No.known.fix Cross-Site.Request.Forgery MEDIUM" "integration-of-capsule-crm-for-contact-form-7 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "integration-of-capsule-crm-for-contact-form-7 No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "insert-estimated-reading-time No.known.fix Admin+.Stored.XSS LOW" "internal-links 2.24.4 Cross-Site.Request.Forgery MEDIUM" "internal-links 2.23.5 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "internal-links 2.23.3 Reflected.Cross-Site.Scripting MEDIUM" "internal-links 1.3.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "inline-call-to-action-builder-lite 1.1.1 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "ideapush 8.69 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ideapush 8.66 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "ideapush 8.61 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "ideapush 8.58 Subscriber+.Memory.Tab/Routine/Taxonomy.Creation MEDIUM" "ideapush 8.53 Admin+.Stored.XSS LOW" "import-users-from-csv-with-meta 1.26.9 Unauthenticated.Information.Exposure MEDIUM" "import-users-from-csv-with-meta 1.26.7 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "import-users-from-csv-with-meta 1.26.7 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "import-users-from-csv-with-meta 1.26.6 Missing.Authorization MEDIUM" "import-users-from-csv-with-meta 1.26.3 Authenticated.(Admin+).PHP.Object.Injection HIGH" "import-users-from-csv-with-meta 1.24.7 Missing.Authorization.via.fire_cron.REST.endpoint MEDIUM" "import-users-from-csv-with-meta 1.24.4 Contributor+.Stored.XSS MEDIUM" "import-users-from-csv-with-meta 1.24.3 Admin+.Arbitrary.File.Read/Deletion MEDIUM" "import-users-from-csv-with-meta 1.20.5 Subscriber+.CSV.Injection MEDIUM" "import-users-from-csv-with-meta 1.19.2.1 Admin+.Stored.Cross-Site.Scripting LOW" "import-users-from-csv-with-meta 1.16.3.6 CSV.Injection MEDIUM" "import-users-from-csv-with-meta 1.15.0.1 Unauthorised.Authenticated.Users.Export LOW" "import-users-from-csv-with-meta 1.14.2.2 CSRF.leading.to.attachment.deletion.&.Path.Traversal HIGH" "import-users-from-csv-with-meta 1.14.1.3 XSS MEDIUM" "import-users-from-csv-with-meta 1.14.0.3 XSS.and.CSRF HIGH" "import-users-from-csv-with-meta 1.12.1 Import.Cross-Site.Scripting.(XSS) MEDIUM" "integracao-rd-station 5.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "integracao-rd-station 5.2.1 Multiple.CSRF MEDIUM" "imagemagick-sharpen-resized-images No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "instantio 1.2.6 CSRF.Bypass MEDIUM" "image-map-pro-lite No.known.fix Subscriber+.Stored.XSS MEDIUM" "image-map-pro-lite No.known.fix CSRF.to.Stored.XSS MEDIUM" "ip-blacklist-cloud No.known.fix Admin+.SQLi MEDIUM" "ip-blacklist-cloud No.known.fix Admin+.Stored.XSS LOW" "ip-blacklist-cloud 3.43 Admin+.Arbitrary.File.Disclosure MEDIUM" "iframe-popup No.known.fix Admin+.Stored.XSS LOW" "image-hover-effects-with-carousel No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via._id,.oxi_addons_f_title_tag,.and.content_description_tag.Parameters MEDIUM" "image-hover-effects-with-carousel 3.0 Reflected.XSS HIGH" "image-source-control-isc 2.17.1 Sensitive.Information.Exposure.via.Log.File MEDIUM" "image-source-control-isc 2.3.1 Contributor+.Arbitrary.Post.Meta.Value.Change MEDIUM" "image-regenerate-select-crop 7.3.1 Sensitive.Information.Exposure MEDIUM" "improved-variable-product-attributes 5.3.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "intelly-related-posts 3.8.0 Admin+.Stored.XSS LOW" "intelly-related-posts 3.7.0 Reflected.XSS HIGH" "intelly-related-posts 3.4.0 Tracking.Toggle.via.CSRF MEDIUM" "intelly-related-posts 3.6.0 Subscriber+.Password.Protected.Post.Read MEDIUM" "intelly-related-posts 3.5.0 Admin+.Stored.XSS LOW" "intelly-related-posts 3.0.5 Admin+.Cross-Site.Scripting LOW" "inactive-logout 3.2.3 Missing.Authorization MEDIUM" "inactive-logout 3.2.3 Cross-Site.Request.Forgery MEDIUM" "inline-tweet-sharer 2.6 Admin+.Stored.XSS LOW" "icalendrier 1.81 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "imagelinks-interactive-image-builder-lite 1.6.0 Admin+.SQLi MEDIUM" "imagelinks-interactive-image-builder-lite 1.5.4 Contributor+.Stored.XSS MEDIUM" "imagelinks-interactive-image-builder-lite 1.5.3 Reflected.Cross-Site.Scripting HIGH" "imagerecycle-pdf-image-compression 3.1.15 Missing.Authorization.in.Several.AJAX.Actions MEDIUM" "imagerecycle-pdf-image-compression 3.1.15 Cross-Site.Request.in.Several.AJAX.Actions MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Cross-Site.Request.Forgery.to.Settings.Update.in.disableOptimization MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Cross-Site.Request.Forgery.to.Plugin.Data.Removal.in.reinitialize MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Cross-Site.Request.Forgery.to.Settings.Update.in.stopOptimizeAll MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Cross-Site.Request.Forgery.to.Settings.Update.in.optimizeAllOn MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Missing.Authorization.to.Settings.Update.in.enableOptimization MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Missing.Authorization.to.Settings.Update.in.disableOptimization MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Missing.Authorization.to.Plugin.Data.Removal.in.reinitialize MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Missing.Authorization.to.Settings.Update.in.optimizeAllOn MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Cross-Site.Request.Forgery.to.Settings.Update.in.enableOptimization MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Missing.Authorization.to.Settings.Update.in.stopOptimizeAll MEDIUM" "imagerecycle-pdf-image-compression 3.1.11 Reflected.XSS HIGH" "imagerecycle-pdf-image-compression 3.1.12 Reflected.XSS HIGH" "insight-core No.known.fix Subscriber+.PHP.Object.Injection.&.Stored.XSS MEDIUM" "inpost-gallery 2.1.4.2 Reflected.XSS HIGH" "inpost-gallery 2.1.4.1 Unauthenticated.LFI.to.RCE CRITICAL" "inactive-user-deleter 1.60 Cross-Site.Request.Forgery MEDIUM" "ipblocklist No.known.fix CSRF MEDIUM" "imdb-widget 1.0.9 Local.File.Inclusion.(LFI) HIGH" "import-social-statistics 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "import-social-statistics No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "import-social-statistics No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "ifeature-slider No.known.fix Contributor+.Stored.XSS MEDIUM" "intuitive-custom-post-order 3.1.5 Admin+.SQLi LOW" "intuitive-custom-post-order 3.1.4 Arbitrary.Menu.Order.Update.via.CSRF MEDIUM" "intuitive-custom-post-order 3.1.4 Subscriber+.Arbitrary.Menu.Order.Update MEDIUM" "iworks-pwa 1.6.4 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "instawp-connect 0.1.0.45 Authentication.Bypass.to.Admin CRITICAL" "instawp-connect 0.1.0.39 Unauthenticated.Arbitrary.File.Upload CRITICAL" "instawp-connect 0.1.0.39 Missing.Authorization.to.Unauthenticated.API.setup/Arbitrary.Options.Update/Administrative.User.Creation CRITICAL" "instawp-connect 0.1.0.25 Missing.Authorization MEDIUM" "instawp-connect 0.1.0.23 Unauthenticated.Arbitrary.File.Upload CRITICAL" "instawp-connect 0.1.0.9 Authenticated.(Subscriber+).Remote.Code.Execution HIGH" "instawp-connect 0.1.0.10 Missing.Authorization.to.Sensitive.Information.Dislcosure MEDIUM" "instawp-connect 0.1.0.10 Authenticated.(Subscriber+).SQL.Injection HIGH" "instawp-connect 0.1.0.9 Missing.Authorization.to.Arbitrary.Options.Update HIGH" "instawp-connect 0.1.0.9 Cross-Site.Request.Forgery.via.create_file_db_manager MEDIUM" "instawp-connect 0.0.9.19 Unauthenticated.Data.Modification CRITICAL" "image-optimizer-wd 1.0.27 Admin+.Path.Traversal MEDIUM" "image-optimizer-wd 1.0.27 Reflected.Cross-Site.Scripting HIGH" "infographic-and-list-builder-ilist 4.7.5 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Title.Update MEDIUM" "infographic-and-list-builder-ilist 4.6.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "infographic-and-list-builder-ilist 4.3.8 iList.<.4.3.8.-.Unauthenticated.SQL.Injection HIGH" "images-asynchronous-load 1.06 Reflected.Cross-Site.Scripting MEDIUM" "ibtana-visual-editor 1.2.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.align.Attribute MEDIUM" "ibtana-visual-editor 1.2.3.4 WordPress.Website.Builder.<.1.2.3.4.-.Unauthenticated.reCAPTCHA.Settings.Update MEDIUM" "ibtana-visual-editor 1.2.2.1 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "ibtana-visual-editor 1.1.8.8 Contributor+.Stored.XSS.via.Shortcode HIGH" "ibtana-visual-editor 1.1.4.9 Subscriber+.Settings.Update.to.Stored.XSS MEDIUM" "interactive-medical-drawing-of-human-body 2.6 Admin+.Stored.XSS LOW" "image-gallery-with-slideshow No.known.fix Multiple.XSS.and.SQL.Injection CRITICAL" "inquiry-cart No.known.fix Stored.XSS.via.CSRF HIGH" "include-fussball-de-widgets No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "image-export No.known.fix Directory.Traversal CRITICAL" "inbound-brew No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "inbound-brew No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "inbound-brew No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "insert-post-ads No.known.fix Missing.Authorization MEDIUM" "icustomizer 1.5.0 Reflected.Cross-Site.Scripting.(XSS) HIGH" "icons-with-links-widget No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "importify 1.0.5 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "jw-player-7-for-wp No.known.fix Missing.Authorization MEDIUM" "jet-engine 3.2.5 Authenticated.(Contributor+).Privilege.Escalation HIGH" "jet-engine 3.2.5 Missing.Authorization HIGH" "jet-engine 3.1.3.1 Author+.Remote.Code.Execution HIGH" "just-writing-statistics 4.6 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "jetpack 13.4 Contributor+.Stored.Cross-Site.Scripting.via.wpvideo.Shortcode MEDIUM" "jetpack 13.2.1 Contributor+.Stored.XSS MEDIUM" "jetpack 12.8-a.3 Contributor+.Stored.XSS.via.block.attribute MEDIUM" "jetpack 12.7 Authenticated(Contributor+).Clickjacking.via.Iframe.Injection MEDIUM" "jetpack 12.7 Improper.Authorization.via.WPCom.External.Media.REST.endpoints MEDIUM" "jetpack 12.1.1 Author+.Arbitrary.File.Manipulation.via.API HIGH" "jetpack 9.8 Carousel.Module.Non-Published.Page/Post.Attachment.Comment.Leak MEDIUM" "jetpack 7.9.1 Vulnerability.in.Shortcode.Embed.Code MEDIUM" "jetpack 6.5 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "jetpack 4.0.4 Multiple.Vulnerabilities MEDIUM" "job-board-manager 2.1.59 Subscriber+.Stored.XSS HIGH" "js-support-ticket 2.8.7 Unauthenticated.PHP.Code.Injection.to.Remote.Code.Execution CRITICAL" "js-support-ticket 2.8.4 Missing.Authorization MEDIUM" "js-support-ticket 2.8.2 Unauthenticated.SQL.Injection.via.email.and.trackingid CRITICAL" "js-support-ticket 2.7.8 Best.Help.Desk.&.Support.<.2.7.8.-.Subscriber+.Ticket.Manipulation.via.IDOR MEDIUM" "js-support-ticket 2.7.2 CSRF MEDIUM" "js-support-ticket 2.0.6 CSRF HIGH" "joli-clear-lightbox No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "joli-clear-lightbox 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "jquery-reply-to-comment No.known.fix CSRF.to.Stored.Cross-Site.Scripting HIGH" "jayj-quicktag 1.3.2 CSRF HIGH" "jsmol2wp No.known.fix Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "jsmol2wp No.known.fix Unauthenticated.Server.Side.Request.Forgery.(SSRF) HIGH" "jeg-elementor-kit 2.6.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jeg-elementor-kit 2.6.8 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File MEDIUM" "jeg-elementor-kit 2.6.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.JKit.-.Tabs.and.JKit.-.Accordion.Widgets MEDIUM" "jeg-elementor-kit 2.6.5 Contributor+.Stored.XSS.via.Elementor.Widget.URL.Custom.Attributes MEDIUM" "jeg-elementor-kit 2.6.5 Contributor+.Stored.XSS.via.Countdown.Widget MEDIUM" "jeg-elementor-kit 2.6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.JKit.-.Banner MEDIUM" "jeg-elementor-kit 2.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Testimonial MEDIUM" "jeg-elementor-kit 2.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Box MEDIUM" "jeg-elementor-kit 2.6.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "jeg-elementor-kit 2.5.7 Unauthenticated.Settings.Update MEDIUM" "jeg-elementor-kit 2.5.7 Subscriber+.Authorization.Bypass MEDIUM" "jetformbuilder 3.3.4.2 Authenticated.(Administrator+).Privilege.Escalation HIGH" "jetformbuilder 3.1.5 Unauthenticated.Content.Injection MEDIUM" "jetformbuilder 3.0.7 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "jh-404-logger No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "jquery-news-ticker 3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "jquery-news-ticker 3.1 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "joomsport-sports-league-results-management 5.6.4 Missing.Authorization MEDIUM" "joomsport-sports-league-results-management 5.5.7 Missing.Authorization MEDIUM" "joomsport-sports-league-results-management 5.2.8 Unauthenticated.SQLi HIGH" "joomsport-sports-league-results-management 5.2.6 Admin+.SQLi MEDIUM" "joomsport-sports-league-results-management 5.1.8 Unauthenticated.PHP.Object.Injection MEDIUM" "joomsport-sports-league-results-management 3.4 SQL.Injection CRITICAL" "jch-optimize 4.2.1 Authenticated.(Subscriber+).Directory.Traversal MEDIUM" "jch-optimize 3.2.3 Admin+.Stored.XSS LOW" "json-api-user 3.9.4 Unauthenticated.Privilege.Escalation CRITICAL" "justified-gallery 1.8.0b1 Reflected.Cross-Site.Scripting MEDIUM" "justified-gallery 1.7.1 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "justified-gallery 1.5.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "json-content-importer 1.6.0 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "json-content-importer 1.5.4 Reflected.XSS HIGH" "json-content-importer 1.3.16 Admin+.Stored.XSS LOW" "jobboardwp 1.2.2 Unauthenticated.Arbitrary.File.Upload CRITICAL" "jobboardwp 1.1.0 Admin+.Stored.Cross-Site.Scripting LOW" "jivochat 1.3.5.4 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "jtrt-responsive-tables No.known.fix Cross-Site.Request.Forgery MEDIUM" "jtrt-responsive-tables 4.1.2 JTRT.Responsive.Tables.<.4,1,2.–.Authenticated.SQL.Injection HIGH" "juicer 1.11 Contributor+.Stored.XSS MEDIUM" "joli-faq-seo 1.3.3 Cross-Site.Request.Forgery MEDIUM" "joli-faq-seo 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "joli-faq-seo 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "jm-twitter-cards 14.1.0 Password.Protected.Post.Access MEDIUM" "joy-of-text No.known.fix Missing.Authorization MEDIUM" "joy-of-text No.known.fix Settings.Update.via.CSRF MEDIUM" "joy-of-text 2.3.1 Unauthenticated.SQLi HIGH" "jonradio-private-site 3.1.0 Improper.Access.Control.to.Sensitive.Information.Exposure.via.REST.API MEDIUM" "jonradio-private-site 3.0.8 Arbitrary.Settings.Update.via.CSRF MEDIUM" "jet-theme-core 2.2.1 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "jet-blocks 1.3.12.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jet-blocks 1.3.8.1 Reflected.Cross.Site.Scripting MEDIUM" "job-portal No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "javascript-logic No.known.fix CSRF.to.Stored.XSS HIGH" "jc-ajax-search-for-woocommerce 1.0.3 Reflected.Cross-Site.Scripting MEDIUM" "just-custom-fields No.known.fix Cross-Site.Request.Forgery.via.AJAX.actions MEDIUM" "just-custom-fields No.known.fix Missing.Authorization.via.AJAX.actions MEDIUM" "just-custom-fields No.known.fix Cross-Site.Request.Forgery.on.AJAX.Actions MEDIUM" "just-custom-fields No.known.fix Missing.Authorization.on.AJAX.Actions MEDIUM" "jibu-pro No.known.fix Stored.XSS MEDIUM" "jobwp 2.2 Sensitive.Information.Exposure HIGH" "jobwp 2.0 Reflected.Cross-Site.Scripting MEDIUM" "jds-portfolio No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "jquery-accordion-slideshow 8.2 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "job-board-vanilla No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "jetwoo-widgets-for-elementor 1.1.8 Authenticated.(Contributor+).Limited.Local.File.Inclusion HIGH" "jetgridbuilder 1.1.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "jquery-tagline-rotator No.known.fix Reflected.Cross-Site.Scripting HIGH" "jekyll-exporter 2.2.1 Unauthenticated.RCE.via.PHPUnit CRITICAL" "joomdev-wp-pros-cons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jupiterx-core 4.7.8 Limited.Unauthenticated.Authentication.Bypass.to.Account.Takeover HIGH" "jupiterx-core 4.6.6 Unauthenticated.Arbitrary.File.Upload CRITICAL" "jupiterx-core 3.4.3 Unauthenticated.Privilege.Escalation CRITICAL" "jupiterx-core 3.3.8 Unauthenticated.Arbitrary.File.Upload CRITICAL" "jupiterx-core 4.6.9 Unauthenticated.Arbitrary.File.Download HIGH" "jupiterx-core 2.0.8 Subscriber+.Privilege.Escalation.and.Post.Deletion CRITICAL" "jupiterx-core 2.0.7 Information.Disclosure,.Modification,.and.Denial.of.Service MEDIUM" "jupiterx-core 2.0.7 Subscriber+.Arbitrary.Plugin.Deactivation.and.Settings.Update MEDIUM" "js-css-script-optimizer No.known.fix Cross-Site.Request.Forgery MEDIUM" "jreviews No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "jquery-vertical-accordion-menu No.known.fix Contributor+.Stored.XSS MEDIUM" "jquery-validation-for-contact-form-7 5.3 Arbitrary.Options.Update.via.CSRF HIGH" "job-board 1.1.4 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "job-board 1.0.1 Admin+.Stored.XSS LOW" "justified-image-grid No.known.fix Unauthenticated.Server-Side.Request.Forgery MEDIUM" "jeeng-push-notifications 2.0.4 Admin+.Stored.Cross-Site.Scripting LOW" "jetpack-boost 3.4.7 Admin+.SSRF MEDIUM" "jetwidgets-for-elementor 1.0.18 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.layout_type.and.id.Parameters MEDIUM" "jetwidgets-for-elementor 1.0.17 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Widget.Button.URL MEDIUM" "jetwidgets-for-elementor 1.0.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Animated.Box.Widget MEDIUM" "jetwidgets-for-elementor 1.0.13 Settings.Update.via.CSRF MEDIUM" "jetwidgets-for-elementor 1.0.14 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "jetwidgets-for-elementor 1.0.9 Contributor+.Stored.XSS MEDIUM" "jp-staticpagex No.known.fix Arbitrary.Settings.Update.via.CSRF.to.Stored.XSS MEDIUM" "job-manager-career 1.4.5 Cross-Site.Request.Forgery.to.PHP.Object.Injection HIGH" "job-manager-career 1.4.4 Directory.listing.to.Sensitive.Data.Exposure HIGH" "jc-importer 2.13.1 Admin+.Server-side.Request.Forgery MEDIUM" "jc-importer 2.4.6 Admin+.Arbitrary.File.Upload.to.RCE MEDIUM" "jet-elements 2.6.20.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jet-elements 2.6.20.1 Authenticated.(Contributor+).Arbitrary.Local.File.Inclusion HIGH" "jet-elements 2.6.13.1 Missing.Authorization.to.Unauthenticated.Arbitrary.Attachment.Download MEDIUM" "jquery-collapse-o-matic No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "jquery-collapse-o-matic 1.8.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "jquery-collapse-o-matic No.known.fix Contributor+.Stored.XSS MEDIUM" "jquery-collapse-o-matic 1.8.3 Contributor+.Stored.XSS MEDIUM" "joan 5.6.2 Arbitrary.Plugin's.Settings.Update.via.CSRF MEDIUM" "joan 5.6.3 Authenticated.Stored.Cross-Site.Scripting LOW" "joan 5.6.2 Reflected.Cross-Site.Scripting HIGH" "job-postings 2.7.6 Reflected.Cross-Site.Scripting.via.job-search MEDIUM" "job-postings 2.7.6 Reflected.Cross-Site.Scripting MEDIUM" "job-postings 2.7.4 Contributor+.Stored.XSS MEDIUM" "job-postings 2.5.11 Admin+.Stored.XSS LOW" "job-postings 2.6.0 Author+.Stored.XSS MEDIUM" "jvm-rich-text-icons 1.2.4 Subscriber+.Arbitrary.File.Upload HIGH" "jvm-rich-text-icons 1.2.7 Subscriber+.Arbitrary.File.Deletion HIGH" "js-jobs 2.0.1 Multiple.CSRF MEDIUM" "js-jobs 2.0.1 Missing.Authorization MEDIUM" "js-jobs 2.0.1 Subscriber+.Stored.XSS HIGH" "js-jobs 1.1.9 Unauthenticated.Arbitrary.Plugin.Installation/Activation CRITICAL" "js-jobs 1.0.7 CSRF HIGH" "joli-table-of-contents 2.0.10 Reflected.Cross-Site.Scripting MEDIUM" "joli-table-of-contents 1.3.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "jazz-popups No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting HIGH" "jet-tabs 2.2.3.1 Authenticated.(Contributor+).Arbitrary.Local.File.Inclusion HIGH" "journey-analytics 1.0.13 Unauthorised.AJAX.call.via.CSRF MEDIUM" "jet-search 3.5.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jf3-maintenance-mode 2.1.0 IP.Spoofing.to.Maintenance.Mode.Bypass MEDIUM" "jungbillig-portfolio-gallery No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "judgeme-product-reviews-woocommerce 1.3.21 Contributor+.Stored.XSS MEDIUM" "job-manager No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "job-manager No.known.fix .Insecure.Direct.Object.Reference.(IDOR) MEDIUM" "job-manager 0.7.25 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "jquery-t-countdown-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.tminus.Shortcode MEDIUM" "jquery-t-countdown-widget 2.3.24 Contributor+.Stored.XSS MEDIUM" "jazzcash-woocommerce-gateway No.known.fix Reflected.Cross-Site.Scripting HIGH" "just-tables 1.5.0 Cross-Site.Request.Forgery MEDIUM" "jiangqie-official-website-mini-program 1.1.1 Authenticated.SQL.Injection CRITICAL" "kimili-flash-embed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kimili-flash-embed No.known.fix Cross-Site.Request.Forgery MEDIUM" "ketchup-restaurant-reservations No.known.fix Unauthenticated.Blind.SQLi HIGH" "ketchup-restaurant-reservations No.known.fix Unauthenticated.Stored.XSS HIGH" "kangu 2.2.10 Reflected.XSS HIGH" "king-ie No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "kadence-woocommerce-email-designer 1.5.12 CSRF MEDIUM" "kadence-woocommerce-email-designer 1.5.7 Admin+.PHP.Objection.Injection MEDIUM" "konnichiwa No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kudos-donations 3.1.2 Arbitrary.Items.Deletion.via.CSRF HIGH" "kwayy-html-sitemap 4.0 Admin+.Stored.XSS LOW" "kenta-companion 1.1.9 Reflected.Cross-Site.Scripting MEDIUM" "kento-post-view-counter No.known.fix CSRF.&.multiple.XSS HIGH" "knight-lab-timelinejs No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "knight-lab-timelinejs 3.9.3.4 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "knight-lab-timelinejs 3.7.0.0 Outdated.TimelineJS.library.could.Lead.to.Stored.XSS MEDIUM" "kaya-qr-code-generator 1.5.3 Contributor+.Stored.XSS MEDIUM" "kanzu-support-desk No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kanzu-support-desk No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "kanzu-support-desk No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "kopatheme No.known.fix Cross-Site.Request.Forgery MEDIUM" "kontxt-semantic-engine No.known.fix CSRF.Bypass MEDIUM" "kitestudio-core 2.3.1 Reflected.Cross-Site-Scripting MEDIUM" "kiwi-logo-carousel 1.7.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "kattene 1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kvoucher No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kvoucher No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "keep-backup-daily 2.0.3 Reflected.Cross-Site.Scripting MEDIUM" "kp-fastest-tawk-to-chat No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "krsp-frontend-file-upload No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "krsp-frontend-file-upload No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "kbucket 4.1.6 Admin+.Stored.XSS LOW" "kbucket 4.1.5 Reflected.XSS MEDIUM" "kubio 2.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kd-coming-soon No.known.fix Unauthenticated.PHP.Object.Injection.via.cetitle HIGH" "knr-author-list-widget 3.0.0 Unauthenticated.SQL.Injection CRITICAL" "korea-sns 1.6.5 Settings.Update.via.CSRF MEDIUM" "kb-support No.known.fix Missing.Authorization.to.Unauthenticated.Ticket.Reply.Exposure MEDIUM" "kb-support No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Multiple.Administrator.Actions HIGH" "kb-support 1.6.1 Missing.Authorization MEDIUM" "kb-support 1.5.6 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "kodo-qiniu 1.5.1 Cross-Site.Request.Forgery MEDIUM" "ko-fi-button 1.3.3 Admin+.Stored.XSS LOW" "kunze-law 2.1 Admin+.Stored.Cross-Site.Scripting LOW" "kn-fix-your No.known.fix Authenticated.Stored.XSS LOW" "kv-tinymce-editor-fonts No.known.fix Font.List.Update.via.CSRF MEDIUM" "kioken-blocks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "kadence-blocks-pro 2.3.8 Contributor+.Arbitrary.Option.Access MEDIUM" "kali-forms 2.3.42 Missing.Authorization.to.Arbitrary.Plugin.Deactivation HIGH" "kali-forms 2.3.42 Missing.Authorization MEDIUM" "kali-forms 2.3.37 Kali.Forms.<.2.3.37.-.Insecure.Direct.Object.Reference MEDIUM" "kali-forms 2.3.28 Kali.Forms.<.2.3.28.-.Missing.Authorization.via.Contact.Form MEDIUM" "kali-forms 2.3.29 Kali.Forms.<.2.3.29.-.Missing.Authorization.via.get_log MEDIUM" "kali-forms 2.1.2 Form.builder.by.Kali.Forms.<.2.1.2.-.Authenticated.Plugin's.Settings.Change HIGH" "kali-forms 2.1.2 Form.builder.by.Kali.Forms.<.2.1.2.-.Unauthenticated.Arbitrary.Post.Deletion HIGH" "kali-forms 2.1.2 Form.builder.by.Kali.Forms.<.2.1.2.-.Multiple.CSRF.Bypass.Issues MEDIUM" "keydatas 2.6.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "klarna-payments-for-woocommerce 3.3.0 Missing.Authorization MEDIUM" "klaviyo 3.0.10 Admin+.Stored.XSS LOW" "klaviyo 3.0.8 Admin+.Stored.XSS LOW" "kadence-starter-templates 1.2.17 Admin+.PHP.Object.Injection MEDIUM" "kiwi-social-share 2.1.8 Information.Disclosure MEDIUM" "kiwi-social-share 2.1.3 Kiwi.2.1.0.-.Unauthenticated.Arbitrary.WordPress.Options.Update.and.Read CRITICAL" "kiwi-social-share 2.0.11 Kiwi.<.2.0.11.-.Arbitrary.WordPress.Options.Update CRITICAL" "kau-boys-backend-localization No.known.fix Settings.Update.via.CSRF MEDIUM" "kraken-image-optimizer 2.6.6 Settings.Update.via.CSRF MEDIUM" "kingcomposer No.known.fix Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "kingcomposer No.known.fix Open.Redirect MEDIUM" "kingcomposer 2.9.5 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "kingcomposer 2.9.4 Multiple.Critical.Issues CRITICAL" "kingcomposer 2.8.2 Authenticated.Stored.XSS HIGH" "kingcomposer 2.8.1 Reflected.Cross-Site.Scripting MEDIUM" "kama-clic-counter 3.5.0 XSS MEDIUM" "kama-clic-counter 3.5.0 Authenticated.Blind.SQL.Injection HIGH" "koko-analytics 1.3.13 Reflected.Cross-Site.Scripting MEDIUM" "kk-star-ratings 5.4.6 Rating.Tampering.via.Race.Condition LOW" "kk-star-ratings 5.4.6 Missing.Authorization MEDIUM" "kk-star-ratings 5.4.5 Reflected.Cross-Site.Scripting MEDIUM" "kk-star-ratings 5.2.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "kadence-blocks 3.2.53 Contributor+.Stored.XSS MEDIUM" "kadence-blocks 3.2.46 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.HTML.Data.Attributes MEDIUM" "kadence-blocks 3.2.43 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.in.Google.Maps.Widget MEDIUM" "kadence-blocks 3.2.39 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.titleFont.Parameter MEDIUM" "kadence-blocks 3.2.38 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "kadence-blocks 3.2.37 Contributor+.Stored.XSS MEDIUM" "kadence-blocks 3.2.38 Contributor+.Stored.Cross-Site.Scripting.via.Typer.Effect MEDIUM" "kadence-blocks 3.2.37 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Timer MEDIUM" "kadence-blocks 3.2.37 Contributor+.Stored.Cross-Site.Scripting.via.Block.Link MEDIUM" "kadence-blocks 3.2.35 Contributor+.Stored.XSS MEDIUM" "kadence-blocks 3.2.12 Contributor+.Server-Side.Request.Forgery HIGH" "kadence-blocks 3.2.32 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.and.CountUp.Widget MEDIUM" "kadence-blocks 3.2.18 Authenticated(Editor+).Stored.Cross-Site.Scripting.via.Contact.Form.Message.Settings MEDIUM" "kadence-blocks 3.2.26 Authenticated.(Author+).Server-Side.Request.Forgery MEDIUM" "kadence-blocks 3.2.20 Contributor+.Server-Side.Request.Forgery MEDIUM" "kadence-blocks 3.2.26 Contributor+.Stored.XSS MEDIUM" "kadence-blocks 3.2.26 Contributor+.Stored.XSS MEDIUM" "kadence-blocks 3.2.26 Contributor+.Stored.XSS MEDIUM" "kadence-blocks 3.2.24 Contributor+.Stored.XSS MEDIUM" "kaswara No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "kanban No.known.fix Missing.Authorization MEDIUM" "kanban No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kanban 2.5.21 Admin+.Stored.XSS LOW" "kanban 2.5.21 Admin+.Stored.XSS LOW" "kanban No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "kivicare-clinic-management-system No.known.fix Authenticated.(Patient+).Insecure.Direct.Object.Reference MEDIUM" "kivicare-clinic-management-system 3.2.1 Multiple.CSRF HIGH" "kivicare-clinic-management-system 3.2.1 Subscriber+.Sensitive.Information.Disclosure MEDIUM" "kivicare-clinic-management-system 3.2.1 Subscriber+.Unauthorised.AJAX.Calls HIGH" "kivicare-clinic-management-system 3.2.1 Reflected.Cross-Site.Scripting HIGH" "kivicare-clinic-management-system 2.3.9 Unauthenticated.SQLi HIGH" "kodex-posts-likes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kodex-posts-likes No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "kodex-posts-likes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kodex-posts-likes 2.5.0 Settings.Update.via.CSRF MEDIUM" "klarna-checkout-for-woocommerce 2.0.10 Authenticated.Arbitrary.Plugin.Deactivation,.Activation.and.Installation CRITICAL" "kkprogressbar No.known.fix Progress.Bar.Deletion.via.CSRF MEDIUM" "kkprogressbar No.known.fix Admin+.SQL.Injection MEDIUM" "kkprogressbar No.known.fix Stored.XSS.via.CSRF HIGH" "kenta-blocks 1.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kenta-blocks 1.3.4 Reflected.Cross-Site.Scripting MEDIUM" "keyword-meta No.known.fix CSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "kalender-digital 1.0.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kjm-admin-notices No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "listingpro-plugin No.known.fix Unauthenticated.SQL.Injection CRITICAL" "listingpro-plugin No.known.fix Authenticated.(Author+).Local.File.Inclusion HIGH" "listingpro-plugin No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "listingpro-plugin No.known.fix Authenticated.(Subscriber+).SQL.Injection CRITICAL" "link-to-bible 2.5.10 Administrator+.Stored.XSS LOW" "logo-scheduler-great-for-holidays-events-and-more 1.2.2 Admin+.Stored.XSS LOW" "learnpress 4.2.7.1 Unauthenticated.SQL.Injection.via.'c_only_fields' CRITICAL" "learnpress 4.2.7.1 Unauthenticated.SQL.Injection.via.'c_fields' CRITICAL" "learnpress 4.2.6.9.4 Authenticated.(Contributor+).SQL.Injection.via.order.Parameter HIGH" "learnpress 4.2.6.9 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "learnpress 4.2.6.9 Cross-Site.Request.Forgery MEDIUM" "learnpress 4.2.6.9 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "learnpress 4.2.6.8.2 Missing.Authorization.to.Unauthenticated.User.Registration.Bypass MEDIUM" "learnpress 4.2.6.8.2 Unauthenticated.Bypass.to.User.Registration MEDIUM" "learnpress 4.2.6.8.1 Basic.Information.Disclosure.via.JSON.API MEDIUM" "learnpress 4.2.6.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "learnpress 4.2.6.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.layout_html.Parameter MEDIUM" "learnpress 4.2.6.6 Authenticated.(Instructor+).Arbitrary.File.Upload HIGH" "learnpress 4.2.6.6 Unauthenticated.Bypass.to.User.Registration MEDIUM" "learnpress 4.2.6.6 Unauthenticated.Time-Based.SQL.Injection CRITICAL" "learnpress 4.2.6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "learnpress 4.0.1 Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "learnpress 4.2.6.4 Insecure.Direct.Object.Reference MEDIUM" "learnpress 4.2.6.4 Authenticated(LP.Instructor+).Stored.Cross-Site.Scripting MEDIUM" "learnpress 4.2.5.8 Unauthenticated.Command.Injection HIGH" "learnpress 4.2.5.8 Unauthenticated.SQLi HIGH" "learnpress 4.2.5.8 Subscriber+.Arbitrary.Course.Progress.Disclosure MEDIUM" "learnpress 4.2.5.5 Reflected.Cross-Site.Scripting HIGH" "learnpress 4.2.0 Unauthenticated.LFI CRITICAL" "learnpress 4.2.0 Subscriber+.SQLi HIGH" "learnpress 4.2.0 Unauthenticated.SQLi HIGH" "learnpress 4.1.7.2 Unauthenticated.PHP.Object.Injection.via.REST.API MEDIUM" "learnpress 4.1.6.7 Reflected.Cross-Site.Scripting MEDIUM" "learnpress 4.1.6 Reflected.Cross-Site.Scripting MEDIUM" "learnpress 4.1.5 Arbitrary.Image.Renaming MEDIUM" "learnpress 4.1.4 Admin+.SQL.Injection MEDIUM" "learnpress 4.1.3.2 Admin+.Stored.Cross-Site.Scripting LOW" "learnpress 4.1.3.1 Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "learnpress 3.2.7.3 CSRF.&.XSS LOW" "learnpress 3.2.6.8 Authenticated.Time.Based.Blind.SQL.Injection HIGH" "learnpress 3.2.6.9 Privilege.Escalation.to."LP.Instructor" HIGH" "learnpress 3.2.6.9 Authenticated.Post.Creation.and.Status.Modification HIGH" "learnpress 3.2.6.7 Privilege.Escalation MEDIUM" "lana-email-logger 1.1.0 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "login-with-yourmembership 1.1.4 Admin+.Stored.XSS LOW" "loginpress-pro 3.0.0 Unauthenticated.License.Activation/Deactivation MEDIUM" "loginpress-pro 3.0.0 Captcha.Bypass MEDIUM" "login-logout-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.class.Parameter MEDIUM" "link-optimizer-lite No.known.fix Stored.Cross-Site.Scripting.via.CSRF HIGH" "launcher No.known.fix Admin+.Stored.XSS MEDIUM" "launcher 1.0.11 Multiple.Stored.XSS MEDIUM" "lgx-owl-carousel No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "landing-page-cat 1.7.3 Unauthenticated.Information.Exposure MEDIUM" "lite-wp-logger No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "login-lockdown 2.09 Subscriber+.Options.Leak MEDIUM" "login-lockdown 2.07 Admin+.SQLi MEDIUM" "login-lockdown 2.07 Administrator+.SQL.Injection HIGH" "logdash-activity-log 1.1.4 Unauthenticated.SQLi HIGH" "lazy-load-for-videos 2.18.3 Arbitrary.Settings.Update.via.CSRF MEDIUM" "locateandfilter No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "libsyn-podcasting No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "libsyn-podcasting No.known.fix Cross-Site.Request.Forgery MEDIUM" "libsyn-podcasting No.known.fix Sensitive.Information.Exposure MEDIUM" "libsyn-podcasting No.known.fix Reflected.XSS HIGH" "login-or-logout-menu-item 1.2.0 Unauthenticated.Options.Change MEDIUM" "lana-downloads-manager 1.8.0 Contributor+.Arbitrary.File.Download HIGH" "linkify-text No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "loggedin 1.3.2 Reflected.Cross-Site.Scripting MEDIUM" "loco-translate 2.6.10 Cross-Site.Request.Forgery MEDIUM" "loco-translate 2.6.1 Authenticated.Stored.Cross-Site.Scripting HIGH" "loco-translate 2.5.4 Authenticated.PHP.Code.Injection HIGH" "loco-translate 2.2.2 Authenticated.LFI MEDIUM" "launchpad-by-obox No.known.fix Admin+.Stored.XSS LOW" "launchpad-by-obox No.known.fix CSRF MEDIUM" "league-table-lite 1.14 Tables.Cloning/Update/Deletion.via.CSRF MEDIUM" "lazy-facebook-comments 2.0.5 Admin+.Stored.Cross-Site.Scripting LOW" "loan-comparison 1.5.3 Contributor+.Stored.XSS.via.shortcode MEDIUM" "loan-comparison 1.5.3 Reflected.XSS.via.shortcode MEDIUM" "lws-tools 2.4.2 Cross-Site.Request.Forgery MEDIUM" "luckywp-scripts-control No.known.fix Missing.Authorization MEDIUM" "luckywp-scripts-control No.known.fix Missing.Authorization.via.multiple.AJAX.actions MEDIUM" "lawyer-directory 1.2.9 Subscriber+.Privilege.Escalation CRITICAL" "layouts-importer 1.0.3 Reflected.Cross-Site.Scripting MEDIUM" "logwpmail No.known.fix Email.Logs.Publicly.Accessible HIGH" "logo-showcase-ultimate 1.4.2 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "logo-showcase-ultimate 1.3.9 Authenticated(Contributor+).PHP.Object.Injection HIGH" "localseomap-for-elementor No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "login-attempts-limit-wp No.known.fix IP.Address.Spoofing.to.Protection.Mechanism.Bypass MEDIUM" "login-attempts-limit-wp No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "limit-attempts 1.3.0 Reflected.Cross-Site.Scripting MEDIUM" "limit-attempts 1.1.8 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "limit-attempts 1.1.1 SQL.Injection CRITICAL" "livechat-elementor 1.0.14 Cross-Site.Request.Forgery MEDIUM" "login-and-logout-redirect No.known.fix .Open.Redirect MEDIUM" "live-chat-facebook-fanpage No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "logo-showcase-with-slick-slider 3.2.1 Reflected.Cross-Site.Scripting MEDIUM" "logo-showcase-with-slick-slider 2.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "logo-showcase-with-slick-slider 2.0.1 Arbitrary.Media.Title/Description/Alt.Text/URL.Update.via.CSRF MEDIUM" "logo-showcase-with-slick-slider 1.2.5 Subscriber+.Arbitrary.Media.Title/Description/Alt.Text/URL.Update MEDIUM" "logo-showcase-with-slick-slider 1.2.4 Author+.Stored.Cross.Site.Scripting MEDIUM" "latex No.known.fix Arbitrary.Settings.Update.via.CSRF.to.Stored.XSS MEDIUM" "leads-5050-visitor-insights 1.1.0 Unauthorised.License.Change HIGH" "leads-5050-visitor-insights 1.0.4 Unauthenticated.License.Change HIGH" "littlebot-invoices No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "littlebot-invoices No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "link-library 7.7.2 Reflected.Cross-Site.Scripting MEDIUM" "link-library 7.6.4 Reflected.Cross-Site.Scripting MEDIUM" "link-library 7.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.link-library.Shortcode MEDIUM" "link-library 7.6.1 Reflected.Cross-Site.Scripting MEDIUM" "link-library 7.6.7 Reflected.Cross-Site.Scripting MEDIUM" "link-library 7.6.1 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "link-library 7.6 Reflected.Cross-Site.Scripting.via.'link_price'.and.'link_tags' MEDIUM" "link-library 7.6 Cross-Site.Request.Forgery.via.action_admin_init MEDIUM" "link-library 7.4.1 Admin+.Stored.XSS LOW" "link-library 7.2.9 Reflected.Cross-Site.Scripting MEDIUM" "link-library 7.2.8 Unauthenticated.Arbitrary.Links.Deletion MEDIUM" "link-library 7.2.8 Library.Settings.Reset.via.CSRF MEDIUM" "lh-add-media-from-url 1.30 Reflected.Cross-Site.Scripting MEDIUM" "lh-add-media-from-url 1.23 Reflected.Cross-Site.Scripting MEDIUM" "local-delivery-drivers-for-woocommerce 1.9.1 Missing.Authorization.to.Driver.Account.Takeover HIGH" "local-delivery-drivers-for-woocommerce 1.9.0 Reflected.Cross-Site.Scripting MEDIUM" "local-delivery-drivers-for-woocommerce 1.8.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "lws-hide-login 2.1.9 Protection.Mechanism.Bypass MEDIUM" "lws-hide-login 2.1.7 Plugin.Settings.Page.Creation.via.CSRF MEDIUM" "lw-all-in-one 1.6.5 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "litespeed-cache 6.5.1 Author+.Path.Traversal MEDIUM" "litespeed-cache 6.5.1 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "litespeed-cache 6.5.1 Contributor+.Stored.XSS MEDIUM" "litespeed-cache 6.5 Authenticated.(Administrator+).Stored.Cross-Site.Scripting LOW" "litespeed-cache 6.5.0.1 Unauthenticated.Sensitive.Information.Exposure.via.Log.Files HIGH" "litespeed-cache 6.4 Unauthenticated.Privilege.Escalation HIGH" "litespeed-cache 6.3 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "litespeed-cache 5.7.0.1 Unauthenticated.CDN.Status.Update MEDIUM" "litespeed-cache 5.7.0.1 Unauthenticated.Stored.XSS HIGH" "litespeed-cache 5.7 Contributor+.Stored.XSS MEDIUM" "litespeed-cache 5.3.1 CSRF MEDIUM" "litespeed-cache 4.4.4 Admin+.Reflected.Cross-Site.Scripting LOW" "litespeed-cache 4.4.4 IP.Check.Bypass.to.Unauthenticated.Stored.XSS HIGH" "litespeed-cache 3.6.1 Authenticated.Stored.Cross-Site.Scripting LOW" "locatoraid 3.9.31 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "locatoraid 3.9.24 Reflected.XSS HIGH" "locatoraid 3.9.19 Subscriber+.Stored.XSS HIGH" "locatoraid 3.9.15 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "locatoraid 3.9.12 CSRF MEDIUM" "lifterlms 7.7.6 Authenticated.(Admin+).SQL.Injection HIGH" "lifterlms 7.6.3 Authenticated.(Contributor+).SQL.Injection.via.Shortcode CRITICAL" "lifterlms 7.5.1 Cross-Site.Request.Forgery MEDIUM" "lifterlms 7.5.2 Missing.Authorization.via.process_review MEDIUM" "lifterlms 7.5.0 Authenticated(Administrator+).Directory.Traversal.to.Arbitrary.CSV.File.Deletion LOW" "lifterlms 4.21.2 Access.Other.Student.Grades/Answers.via.IDOR MEDIUM" "lifterlms 4.21.1 Reflected.Cross-Site.Scripting.(XSS).via.Coupon.Code.in.Checkout MEDIUM" "lifterlms 4.21.1 Authenticated.Stored.XSS.in.Edit.Profile HIGH" "lifterlms 3.37.15 Arbitrary.File.Writing CRITICAL" "lifterlms 3.35.1 Unauthenticated.Options.Import CRITICAL" "livestream-notice 1.3.0 Admin+.Stored.XSS LOW" "lpagery 1.2.6 Reflected.Cross-Site.Scripting MEDIUM" "language-bar-flags No.known.fix CSRF.to.Stored.XSS HIGH" "link-list-manager No.known.fix Reflected.Cross-Site.Scripting HIGH" "latepoint 5.0.13 Authentication.Bypass HIGH" "latepoint 5.0.12 Unauthenticated.Arbitrary.User.Password.Change.via.SQL.Injection CRITICAL" "latepoint 4.9.9.1 Missing.Authorization.and.Sensitive.Information.Exposure.via.IDOR CRITICAL" "landing-pages 2.2.5 Reflected.Cross-Site.Scripting.(XSS) HIGH" "landing-pages 1.9.2 Unauthenticated.Remote.Command.Execution MEDIUM" "locked-payment-methods-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "locked-payment-methods-for-woocommerce 1.3.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "login-customizer 2.2.3 Reflected.Cross-Site.Scripting MEDIUM" "login-customizer 2.1.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "leaflet-map 3.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "leaflet-map 3.0.0 Contributor+.Stored.XSS MEDIUM" "leaflet-map 3.0.0 Arbitrary.Settings.Update.via.CSRF.Leading.to.Stored.XSS MEDIUM" "lana-text-to-image 1.1.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "lastunes No.known.fix Settings.Update.via.CSRF HIGH" "lightbox-popup 2.1.6 Admin+.Stored.XSS LOW" "login-designer 1.6.2 Reflected.Cross-Site.Scripting MEDIUM" "luckywp-table-of-contents 2.1.6 Admin+.Stored.XSS LOW" "luckywp-table-of-contents 2.1.5 Authenticated(Administrator+).Cross-Site.Scripting MEDIUM" "luckywp-table-of-contents 2.1.5 Reflected.Cross-Site.Scripting MEDIUM" "luckywp-table-of-contents 2.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "livemesh-siteorigin-widgets 3.3 Reflected.Cross-Site.Scripting MEDIUM" "livemesh-siteorigin-widgets 2.8.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "livemesh-siteorigin-widgets 2.5.2 Subscriber+.Arbitrary.Option.Update CRITICAL" "lead-capturing-call-to-actions-by-vcita No.known.fix Settings.Update.Via.CSRF MEDIUM" "lead-capturing-call-to-actions-by-vcita 2.7.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "lightweight-accordion 1.5.17 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "lightweight-accordion 1.5.15 Contributor+.Stored.XSS MEDIUM" "limit-login-attempts-plus No.known.fix IP.Address.Spoofing.to.Protection.Mechanism.Bypass MEDIUM" "livemesh-table-rate-shipping 1.2 Reflected.Cross-Site.Scripting MEDIUM" "lightbox-plus 2.8 CSRF.to.XSS MEDIUM" "left-right-image-slideshow-gallery 12.1 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "lifeline-donation No.known.fix Authentication.Bypass CRITICAL" "livechat-woocommerce 2.2.17 Cross-Site.Request.Forgery MEDIUM" "live-scores-for-sportspress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "live-scores-for-sportspress 1.9.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "live-scores-for-sportspress 1.9.1 Authenticated.Local.File.Inclusion MEDIUM" "live-scores-for-sportspress 1.9.1 Reflected.Cross-Site.Scripting HIGH" "legal-pages 1.4.3 Cross-Site.Request.Forgery MEDIUM" "legal-pages 1.3.9 Cross-Site.Request.Forgery.via.moveToTrash.and.fetch_and_insert_template_data MEDIUM" "legal-pages 1.3.9 Missing.Authorization MEDIUM" "legal-pages 1.3.8 Missing.Authorization.on.'deleteLegalTemplate' MEDIUM" "linked-orders-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "linked-orders-for-woocommerce 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "login-with-azure 1.4.5 Reflected.Cross-Site.Scripting.via.appId HIGH" "live-composer-page-builder 1.5.43 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "live-composer-page-builder 1.5.43 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "live-composer-page-builder No.known.fix Author+.Stored.XSS MEDIUM" "live-composer-page-builder 1.5.39 Missing.Authorization MEDIUM" "live-composer-page-builder 1.5.36 Cross-Site.Request.Forgery MEDIUM" "live-composer-page-builder 1.5.29 .Author+.PHP.Object.Injection MEDIUM" "live-composer-page-builder 1.5.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "live-composer-page-builder 1.5.23 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "ladipage No.known.fix Missing.Authorization.via.init_endpoint MEDIUM" "ladipage No.known.fix Missing.Authorization.on.publish_lp() MEDIUM" "ladipage No.known.fix Cross-Site.Request.Forgery.via.publish_lp() MEDIUM" "ladipage No.known.fix Cross-Site.Request.Forgery.via.ladiflow_save_hook() MEDIUM" "ladipage No.known.fix Missing.Authorization.via.ladiflow_save_hook() MEDIUM" "ladipage No.known.fix Missing.Authorization.via.save_config() MEDIUM" "ladipage No.known.fix Cross-Site.Request.Forgery.via.save_config() MEDIUM" "ladipage No.known.fix Cross-Site.Request.Forgery.via.init_endpoint MEDIUM" "ladipage No.known.fix Missing.Authorization MEDIUM" "login-with-cognito 1.4.9 Admin+.Stored.XSS LOW" "login-with-cognito 1.4.4 Reflected.Cross-Site.Scripting.via.appId HIGH" "limit-login-attempts-reloaded 2.25.27 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "limit-login-attempts-reloaded 2.25.26 Admin+.Missing.Authorization.to.Toggle.Plugin.Auto-Update LOW" "limit-login-attempts-reloaded 2.17.4 Login.Rate.Limiting.Bypass LOW" "limit-login-attempts-reloaded 2.16.0 Authenticated.Reflected.Cross-Site.Scripting HIGH" "letsrecover-woocommerce-abandoned-cart 1.2.0 Unauthenticated.SQLi HIGH" "letsrecover-woocommerce-abandoned-cart 1.2.0 Admin+.SQLi MEDIUM" "letsrecover-woocommerce-abandoned-cart 1.2.0 Admin+.SQLi MEDIUM" "ldap-ad-staff-employee-directory-search 1.3 Admin.LDAP.Credentials.Retrieval LOW" "ldap-ad-staff-employee-directory-search 1.2.3 Improper.escaping.of.LDAP.entries HIGH" "leira-roles 1.1.10 Reflected.Cross-Site.Scripting MEDIUM" "leadsquared-suite No.known.fix Admin+.Stored.XSS LOW" "leadsquared-suite No.known.fix CSRF MEDIUM" "livemesh-dynamic-pricing 1.2 Reflected.Cross-Site.Scripting MEDIUM" "loading-page 1.0.83 Admin+.Stored.Cross-Site.Scripting LOW" "locations No.known.fix Contributor+.Stored.XSS MEDIUM" "locations 4.0 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "locations 4.0 Cross-Site.Request.Forgery HIGH" "location-weather 1.3.4 Contributor+.Stored.XSS MEDIUM" "lastudio-element-kit 1.3.9.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lastudio-element-kit 1.3.9.2 Contributor+.Stored.XSS MEDIUM" "lastudio-element-kit 1.3.9 Authenticated.(Contributor+).Local.File.Inclusion.via.'progress_type' MEDIUM" "lastudio-element-kit 1.3.9 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "lastudio-element-kit 1.3.7.4 Missing.Authorization MEDIUM" "lastudio-element-kit 1.3.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "lastudio-element-kit 1.3.7.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.LaStudioKit.Post.Author.Widget MEDIUM" "lastudio-element-kit 1.3.7.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lastudio-element-kit 1.1.6 Missing.Authorization MEDIUM" "lws-cleaner 2.3.1 Cross-Site.Request.Forgery MEDIUM" "login-logout-menu 1.4.0 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "live-news-lite 1.07 Settings.Update.via.CSRF MEDIUM" "last-viewed-posts 1.0.1 Unauthenticated.PHP.Object.Injection CRITICAL" "livemesh-weight-based-shipping 1.4 Reflected.Cross-Site.Scripting MEDIUM" "like-box 0.8.41 Contributor+.Stored.XSS MEDIUM" "like-box 0.8.40 Admin+.Stored.XSS LOW" "linker 1.2.2 Contributor+.Stored.XSS MEDIUM" "leopard-wordpress-offload-media No.known.fix WordPress.offload.media.<=.2.0.36.-.Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "leopard-wordpress-offload-media No.known.fix WordPress.offload.media.<=.2.0.36.-.Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "live-search-xforwc 2.1.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "live-weather-station 3.8.13 Mode.Switch.via.CSRF MEDIUM" "lh-copy-media-file 1.09 Reflected.Cross-Site.Scripting MEDIUM" "liquid-speech-balloon 1.2 Settings.Update.via.CSRF MEDIUM" "linkedin-login 1.1 Reflected.Cross-Site.Scripting MEDIUM" "loginizer 1.7.9 Reflected.XSS HIGH" "loginizer 1.7.6 Reflected.XSS HIGH" "loginizer 1.7.6 Cross-Site.Request.Forgery MEDIUM" "loginizer 1.6.4 Unauthenticated.SQL.Injection CRITICAL" "loginizer 1.4.0 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "loginizer 1.3.6 Blind.SQL.Injection CRITICAL" "loginizer 1.3.6 Cross-Site.Request.Forgery.(CSRF) HIGH" "leadster-marketing-conversacional 1.1.3 Cross-Site.Request.Forgery.via.leadster_script_code_action MEDIUM" "leadster-marketing-conversacional 1.1.3 Settings.Update.via.CSRF MEDIUM" "link-juice-keeper 2.0.3 Admin+.Stored.XSS LOW" "lock-my-bp 1.7.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "ldap-login-for-intranet-sites 4.1.10 Unauthenticated.Log.Disclosure MEDIUM" "ldap-login-for-intranet-sites 4.2 Admin.LDAP.Passback LOW" "ldap-login-for-intranet-sites 4.1.6 Sensitive.Information.Disclosure HIGH" "ldap-login-for-intranet-sites 4.1.5 SQL.Injection.via.CSRF LOW" "ldap-login-for-intranet-sites 4.1.1 Unauthenticated.Data.Disclosure MEDIUM" "ldap-login-for-intranet-sites 3.6.95 Reflected.Cross-Site.Scripting HIGH" "list-pages-shortcode 1.7.6 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "lbstopattack 1.1.3 Arbitrary.Settings.Update.via.CSRF MEDIUM" "libreform 2.0.9 Unauthenticated.Arbitrary.Submissions.Listing.&.Deletion HIGH" "login-with-ajax 4.2 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "login-with-ajax 4.2 Missing.Authorization MEDIUM" "login-rebuilder 2.8.1 Admin+.Stored.XSS LOW" "leaky-paywall 4.21.3 Cross-Site.Request.Forgery MEDIUM" "leaky-paywall 4.20.9 Missing.Authorization.to.Price.Manipulation MEDIUM" "leaky-paywall 4.16.7 Admin+.Stored.Cross-Site.Scripting LOW" "lordicon-interactive-icons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "layouts-for-elementor 1.8 Missing.Authorization.to.Unauthenticated.Arbitrary.File.Upload CRITICAL" "leadinfo 1.1 Settings.Update.via.CSRF MEDIUM" "login-recaptcha 1.7 IP.Check.Bypass LOW" "lws-affiliation 2.3.5 Missing.Authorization MEDIUM" "lets-box 1.13.3 Reflected.Cross-Site.Scripting MEDIUM" "login-as-customer-or-user No.known.fix Admin.Account.Takeover HIGH" "login-as-customer-or-user No.known.fix Authentication.Bypass CRITICAL" "login-as-customer-or-user 3.3 Unauthenticated.Privilege.Escalation.to.Admin CRITICAL" "login-as-customer-or-user 2.1 Arbitrary.Plugin.Installation/Activation.via.CSRF CRITICAL" "login-as-customer-or-user 1.8 Arbitrary.Plugin.Installation/Activation.via.Low.Privilege.User CRITICAL" "lock-user-account 1.0.4 Arbitrary.Account.Lock/Unlock.via.CSRF MEDIUM" "leadin 11.1.34 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.HubSpot.Meeting.Widget MEDIUM" "leadin 8.8.15 Contributor+.Blind.SSRF MEDIUM" "leyka 3.31.2 Missing.Authorization MEDIUM" "leyka 3.30.7.1 Subscriber+.Sensitive.Information.Disclosure MEDIUM" "leyka 3.30.4 Admin+.Stored.XSS LOW" "leyka 3.30.3 Reflected.XSS HIGH" "leyka 3.30.3 Subscriber+.Privilege.Escalation HIGH" "leyka 3.30.2 Reflected.XSS HIGH" "leyka 3.30 Unauthenticated.Stored.XSS HIGH" "leira-cron-jobs 1.2.10 Reflected.Cross-Site.Scripting MEDIUM" "light-poll No.known.fix Poll.Answers.Deletion.via.CSRF MEDIUM" "light-poll No.known.fix Polls.Deletion.via.CSRF MEDIUM" "listplus No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "language-switcher-for-transposh 1.6.0 Reflected.Cross-Site.Scripting MEDIUM" "login-screen-manager No.known.fix Stored.XSS.via.CSRF HIGH" "login-screen-manager No.known.fix Admin+.Stored.XSS LOW" "link-party No.known.fix Settings.Update.via.CSRF MEDIUM" "link-party No.known.fix Unauthenticated.Stored.XSS HIGH" "link-party No.known.fix Unauthenticated.Arbitrary.Link.Deletion MEDIUM" "link-party No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "lightbox-gallery 0.9.5 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "lifterlms-gateway-paypal 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "laposta No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "list-custom-taxonomy-widget 4.2 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "link-log No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "link-log No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "link-log 2.1 SQL.Injection CRITICAL" "link-log 2.0 HTTP.Response.Splitting HIGH" "link-whisper 0.7.0 Link.Whisper.Free.<.0,7,0 MEDIUM" "link-whisper 0.7.2 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "link-whisper 0.6.9 Reflected.Cross-Site.Scripting MEDIUM" "link-whisper 0.6.6 Authenticated.(Contributor+).SQL.Injection HIGH" "learn-manager 1.1.5 Unauthenticated.Arbitrary.User.Field.Edition/Creation MEDIUM" "learn-manager 1.1.3 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "lana-shortcodes 1.2.0 Contributor+.Stored.XSS MEDIUM" "lean-wp No.known.fix Subscriber+.Arbitrary.Plugin.Activation MEDIUM" "lean-wp No.known.fix Arbitrary.Plugin.Installation.from.Dependency.via.CSRF LOW" "likebtn-like-button No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "likebtn-like-button 2.6.45 Arbitrary.e-mail.Sending MEDIUM" "likebtn-like-button 2.6.38 Unauthorised.Vote.Export.to.Email.&.IP.Addresses.Disclosure HIGH" "likebtn-like-button 2.6.32 Unauthenticated.Full-Read.SSRF HIGH" "likebtn-like-button 2.5.4 Unauthenticated.Arbitrary.Blog.Settings.Change HIGH" "lava-directory-manager No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "lava-directory-manager No.known.fix Unauthenticated.Stored.XSS HIGH" "learnpress-import-export 4.0.4 Reflected.Cross-Site.Scripting MEDIUM" "learnpress-import-export 4.0.4 Authenticated.(Administrator+).SQL.Injection CRITICAL" "learnpress-import-export 4.0.3 Reflected.XSS HIGH" "localize-remote-images No.known.fix Settings.Update.via.CSRF MEDIUM" "lastform No.known.fix Drag.&.Drop.Contact.Form.Builder.<=.1.0.5.-.Admin+.Arbitrary.System.File.Read MEDIUM" "leaflet-maps-marker 3.12.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "leaflet-maps-marker 3.12.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "leaflet-maps-marker 3.12.7 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "leaflet-maps-marker 3.12.5 Admin+.SQLi MEDIUM" "llama-redirect No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "logo-slider-wp 4.1.0 Contributor+.Stored.XSS MEDIUM" "logo-slider-wp 4.0.0 Contributor+.Stored.XSS MEDIUM" "logo-slider-wp 3.6.0 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "list-categories 0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "landingi-landing-pages 3.1.2 Cross-Site.Request.Forgery MEDIUM" "leadconnector 1.8 Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "livesync No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "laybuy-gateway-for-woocommerce No.known.fix Missing.Authorization MEDIUM" "laybuy-gateway-for-woocommerce No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "logo-manager-for-enamad No.known.fix Admin+.Stored.XSS.via.Widget LOW" "logo-manager-for-enamad No.known.fix Stored.XSS.via.CSRF HIGH" "login-logo-editor-by-oizuled No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "lawpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "lawpress 1.4.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "limb-gallery 1.5.6 Reflected.Cross-Site.Scripting MEDIUM" "limb-gallery 1.5.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "limb-gallery 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "layerslider 7.11.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.ls_search_form.Shortcode MEDIUM" "layerslider 7.10.1 7.10.0.-.Unauthenticated.SQL.Injection CRITICAL" "layerslider 7.7.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "layerslider 7.7.10 Cross-Site.Request.Forgery MEDIUM" "list-all-posts-by-authors-nested-categories-and-titles 2.8.3 CSRF MEDIUM" "larsens-calender No.known.fix Stored.Cross-Site.Scripting.(XSS) HIGH" "login-logout-register-menu No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'llrmloginlogout'.Shortcode MEDIUM" "login-logout-register-menu No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "letterpress No.known.fix Subscriber.Deletion.via.CSRF MEDIUM" "letterpress No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "labtools No.known.fix Subscriber+.Arbitrary.Publication.Deletion MEDIUM" "list-category-posts 0.89.7 Contributor+.Stored.XSS MEDIUM" "list-category-posts 0.89.4 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "lws-optimize 2.0 Cross-Site.Request.Forgery MEDIUM" "library-viewer 2.0.6.1 Contributor+.Stored.XSS MEDIUM" "light-messages No.known.fix CSRF.to.Stored.XSS HIGH" "login-page-styler 6.2.5 Admin+.Stored.XSS LOW" "lara-google-analytics 2.0.5 Authenticated.Stored.XSS HIGH" "lktags-linkedin-insight-tags 1.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "locations-and-areas 1.7.2 Reflected.Cross-Site.Scripting MEDIUM" "locations-and-areas 1.7.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "linkworth-wp-plugin 3.3.4 Arbitrary.Setting.Update.via.CSRF MEDIUM" "localize-my-post No.known.fix Unauthenticated.Local.File.Inclusion.(LFI) HIGH" "learning-management-system 1.11.5 LMS.<.1.11.5.-.Authenticated.(Student+).Insecure.Direct.Object.Reference MEDIUM" "learning-management-system 1.12.0 LMS.<.1.12.0.-.Missing.Authorization MEDIUM" "learning-management-system 1.11.5 LMS.<.1.11.5.-.Missing.Authorization MEDIUM" "learning-management-system 1.7.4 LMS.<.1.7.4.-.Insecure.Direct.Object.Reference MEDIUM" "learning-management-system 1.7.3 LMS.<.1.7.3.-.Unauthenticated.Privilege.Escalation CRITICAL" "learning-management-system 1.6.8 Information.Exposure MEDIUM" "log-http-requests 1.3.2 Stored.Cross-Site.Scripting MEDIUM" "login-as-users 1.4.4 Missing.Authorization.to.Privielge.Escalation.via.Account.Takeover HIGH" "login-as-users 1.4.3 Authentication.Bypass CRITICAL" "logo-carousel-free 3.4.2 Unauthorised.Private.Post.Access MEDIUM" "logo-carousel-free 3.4.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "loginpress 1.6.3 Unauthenticated.Settings.Update MEDIUM" "loginpress 1.5.12 Reflected.Cross-Site.Scripting MEDIUM" "loginpress 1.1.14 Unauthorized.Blind.SQL.Injection CRITICAL" "logo-slider No.known.fix Admin+.SQLi MEDIUM" "login-configurator No.known.fix Reflected.Cross-Site.Scripting HIGH" "login-configurator No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "login-configurator No.known.fix Reflected.XSS HIGH" "ldap-wp-login-integration-with-active-directory 3.0.2 Reflected.Cross-Site.Scripting MEDIUM" "ldap-wp-login-integration-with-active-directory 3.0.2 Unauthenticated.Settings.Update.to.Auth.Bypass CRITICAL" "lucas-string-replace No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "laposta-signup-basic 1.4.2 CSRF MEDIUM" "laposta-signup-basic 1.4.2 Missing.Authorization MEDIUM" "limit-login-attempts No.known.fix Subscriber+.Stored.XSS HIGH" "limit-login-attempts 1.7.2 Unauthenticated.Stored.XSS HIGH" "limit-login-attempts 1.7.1 Auth.Cookies.Brute.Force.Bypass LOW" "livesupporti No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "license-manager-for-woocommerce 3.0.7 Improper.Authorization.to.Authenticated(Contributor+).Sensitive.Information.Exposure MEDIUM" "license-manager-for-woocommerce 2.2.11 Authenticated.(Administrator+).SQL.Injection HIGH" "license-manager-for-woocommerce 2.3b1 Reflected.Cross-Site.Scripting MEDIUM" "license-manager-for-woocommerce 2.2.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "logaster-logo-generator No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "login-block-ips No.known.fix IP.Spoofing.Bypass LOW" "login-block-ips No.known.fix Arbitrary.Setting.Update.via.CSRF MEDIUM" "livejournal-shortcode No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "login-with-phone-number 1.7.50 Authenticated.(Subscriber+).Authorization.Bypass.to.Privilege.Escalation HIGH" "login-with-phone-number 1.7.36 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "login-with-phone-number 1.7.35 Insecure.Password.Reset.Mechanism HIGH" "login-with-phone-number 1.7.27 Authentication.Bypass.due.to.Missing.Empty.Value.Check CRITICAL" "login-with-phone-number 1.7.20 Missing.Authorization MEDIUM" "login-with-phone-number 1.6.94 Missing.Authorization MEDIUM" "login-with-phone-number 1.7.17 Unauthorized.Account.Password.Change.to.Privilege.Escalation HIGH" "login-with-phone-number 1.6.94 Cross-Site.Request.Forgery MEDIUM" "login-with-phone-number 1.5.7 User.Password.Change.via.CSRF HIGH" "login-with-phone-number 1.4.2 Reflected.Cross-Site.Scripting HIGH" "login-with-phone-number 1.3.8 Multiple.Admin+.Stored.XSS LOW" "login-with-phone-number 1.3.7 Unauthenticated.remote.plugin.deletion MEDIUM" "login-form-recaptcha No.known.fix Admin+.Stored.XSS LOW" "leenkme 2.6.0 XSS.&.CSRF MEDIUM" "latest-tweets-widget No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "lead-form-builder 1.9.2 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "lead-form-builder No.known.fix Admin+.Stored.XSS LOW" "lead-form-builder 1.9.0 Cross-Site.Request.Forgery MEDIUM" "lead-form-builder 1.9.0 Missing.Authorization MEDIUM" "lead-form-builder 1.7.4 Multiple.Subscriber+.Settings.Update MEDIUM" "lead-form-builder 1.7.0 Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "lead-form-builder 1.6.8 Subscriber+.Arbitrary.Lead.Deletion MEDIUM" "lead-form-builder 1.6.4 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "liveforms 3.4.0 XSS MEDIUM" "liveforms 3.2.0 Visual.Form.Builder.3.0.1.-.Blind.SQL.Injection CRITICAL" "megamenu 3.3.1 Missing.Authorization MEDIUM" "megamenu 2.4 Authenticated.XSS MEDIUM" "mautic-integration-for-woocommerce 1.0.3 Arbitrary.Options.Update.via.CSRF HIGH" "modern-designs-for-gravity-forms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "modern-designs-for-gravity-forms No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "meks-easy-social-share 1.2.8 Admin+.Stored.Cross-Site.Scripting LOW" "mail-boxes-etc 2.2.1 Information.Exposure MEDIUM" "mail-boxes-etc 2.2.1 Cross-Site.Request.Forgery MEDIUM" "mail-boxes-etc No.known.fix Reflected.Cross-Site.Scripting HIGH" "my-wpdb 2.5 Arbitrary.SQL.Query.via.CSRF MEDIUM" "marketing-performance No.known.fix Reflected.XSS HIGH" "motopress-hotel-booking-lite 4.11.2 Unauthenticated.PHP.Object.Injection CRITICAL" "motopress-hotel-booking-lite 4.8.5 Unauthenticated.Arbitrary.File.Download.&.Deletion CRITICAL" "motopress-hotel-booking-lite 4.7.0 Settings.Update.via.CSRF MEDIUM" "manage-notification-emails 1.8.6 Missing.Authorization MEDIUM" "manage-notification-emails 1.8.3 Settings.Reset.via.CSRF MEDIUM" "manage-notification-emails 1.8.3 Settings.Reset.via.CSRF MEDIUM" "menu-swapper 1.1.1 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "menu-swapper 1.1.1 Cross-Site.Request.Forgery MEDIUM" "mediavine-create 1.9.9 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "mediavine-create 1.9.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mediavine-create 1.9.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Schema.Meta.Shortcode MEDIUM" "mediavine-create 1.9.5 Unauthenticated.SQLi HIGH" "mailpoet 3.23.2 Reflected.Cross-Site.Scripting.Issue HIGH" "medibazar-core No.known.fix Reflected.Cross-Site.Scripting HIGH" "my-favorites No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mobile-browser-color-select No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "magicform No.known.fix Reflected.Cross-Site.Scripting HIGH" "mycurator 3.77 Reflected.Cross-Site.Scripting MEDIUM" "mycurator 3.75 Cross-Site.Request.Forgery MEDIUM" "markdown-on-save-improved 2.5.1 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "melapress-login-security 1.3.1 Authenticated.(Admin+).Remote.File.Inclusion MEDIUM" "my-account-page-editor 1.3.2 Subscriber+.Arbitrary.File.Upload CRITICAL" "multiplayer-plugin No.known.fix Reflected.Cross-Site.Scripting HIGH" "mesmerize-companion 1.6.149 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.mesmerize_contact_form.Shortcode MEDIUM" "mesmerize-companion 1.6.135 Contributor+.Stored.XSS MEDIUM" "music-player-for-elementor 1.5.9.9 Reflected.Cross-Site.Scripting MEDIUM" "music-player-for-elementor 1.5.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "miniorange-saml-20-single-sign-on 5.0.5 Missing.Authorization.to.notice.dismissal MEDIUM" "miniorange-saml-20-single-sign-on 16.0.8 Open.Redirect.in.SSO.login MEDIUM" "miniorange-saml-20-single-sign-on 20.0.7 Open.Redirect.in.SSO.login MEDIUM" "miniorange-saml-20-single-sign-on 12.1.0 Open.Redirect.in.SSO.login MEDIUM" "miniorange-saml-20-single-sign-on 4.8.84 Cross-Site.Scripting.(XSS).via.Crafted.SAML.XML.Response MEDIUM" "miniorange-saml-20-single-sign-on 4.8.73 Cross-Site.Scripting.(XSS) MEDIUM" "media-from-ftp 11.17 Author+.Arbitrary.File.Access CRITICAL" "media-from-ftp 9.85 Authenticated.Directory.Traversal MEDIUM" "memberpress 1.11.30 Reflected.Cross-Site.Scripting.via.mepr_screenname.and.mepr_key.Parameters MEDIUM" "memberpress 1.11.35 Missing.Authorization MEDIUM" "memberpress 1.11.30 Authenticated.(Contributor+).Blind.Server-Side.Request.Forgery.via.mepr-user-file.Shortcode HIGH" "memberpress 1.11.30 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.arglist.Parameter MEDIUM" "memberpress 1.11.27 Reflected.Cross-Site.Scripting.via.message.and.error MEDIUM" "mwb-point-of-sale-pos-for-woocommerce 1.0.1 CSRF.Bypass./.Unauthorised.AJAX.Call MEDIUM" "miniorange-openid-connect-client 2.1.5 Reflected.Cross-Site.Scripting.via.appId HIGH" "mantenimiento-web 0.14 Stored.XSS.via.CSRF MEDIUM" "mantenimiento-web 0.14 Admin+.Stored.XSS LOW" "maintenance-switch No.known.fix Theme.Files.Creation/Deletion.via.CSRF MEDIUM" "maintenance-switch No.known.fix Reflected.XSS HIGH" "mwp-skype 4.0.4 Button.Deletion.via.CSRF MEDIUM" "mwp-skype 4.0.2 Reflected.XSS MEDIUM" "multiple-domain 1.0.3 XSS.in.Canonical/Alternate.Tags LOW" "mapsvg-lite-interactive-vector-maps 3.3.0 Cross-Site.Request.Forgery.(CSRF) HIGH" "mailchimp-for-woocommerce 2.7.2 Admin+.SSRF LOW" "mailchimp-for-woocommerce 2.7.1 Subscriber+.SSRF MEDIUM" "mailchimp-top-bar 1.6.1 Reflected.Cross-Site.Scripting MEDIUM" "manage-gravity-forms-stripe-subscriptions 4.1.6 Reflected.Cross-Site.Scripting MEDIUM" "manage-gravity-forms-stripe-subscriptions 4.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "memberlite-shortcodes 1.3.9 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "modal-popup-box 1.5.3 Authenticated.(Contributor+).PHP.Object.Injection.in.awl_modal_popup_box_shortcode HIGH" "membership-by-supsystic No.known.fix Authenticated.SQL.Injection CRITICAL" "mooberry-book-manager 4.15.13 Unauthenticated.Information.Exposure.via.Export.Files MEDIUM" "most-and-least-read-posts-widget 2.5.17 Authenticated(Contributor+).SQL.Injection.via.Widget.settings HIGH" "miniorange-limit-login-attempts 4.0.72 Admin+.Stored.Cross-Site.Scripting LOW" "miniorange-limit-login-attempts 4.0.50 Unauthenticated.Stored.Cross-Site.Scripting CRITICAL" "modal-dialog 3.5.15 Reflected.XSS HIGH" "modal-dialog 3.5.10 Admin+.Stored.XSS LOW" "mailarchiver 2.11.0 Unauthenticated.Stored.XSS HIGH" "minify-html-markup 2.1.8 Settings.Update.via.CSRF MEDIUM" "mybb-cross-poster No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "mail-subscribe-list 2.1.10 Contributor+.Stored.XSS MEDIUM" "mail-subscribe-list 2.1.4 Arbitrary.Subscribed.User.Deletion.via.CSRF MEDIUM" "mail-subscribe-list 2.1 Stored.XSS MEDIUM" "mz-mindbody-api 2.8.3 Unauthorised.AJAX.Calls HIGH" "material-design-for-contact-form-7 No.known.fix Subscriber+.Arbitrary.Settings.Update.leading.to.DoS MEDIUM" "material-design-for-contact-form-7 No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "m-chart 1.10 Contributor+.Stored.XSS MEDIUM" "multiple-roles 1.3.2 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "multiple-roles 1.3.2 Cross-Site.Request.Forgery MEDIUM" "missing-widgets-for-elementor 1.3.5 Reflected.Cross-Site.Scripting MEDIUM" "missing-widgets-for-elementor 1.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mobile-booster No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mobile-booster 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mmm-file-list No.known.fix Contributor+.Stored.XSS MEDIUM" "mmm-file-list No.known.fix Subscriber+.Arbitrary.Directory.Listing MEDIUM" "media-usage No.known.fix Reflected.Cross-Site.Scripting HIGH" "media-mirror No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "magazine-blocks 1.3.15 Reflected.Cross-Site.Scripting MEDIUM" "magazine-blocks 1.3.7 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "mailoptin 1.2.70.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mailoptin 1.2.54.1 Admin+.Stored.XSS LOW" "mailoptin 1.2.50.0 Unauthenticated.Campaign.Cache.Deletion MEDIUM" "mailoptin 1.2.35.2 Unauthorised.AJAX.Call MEDIUM" "mailchimp-subscribe-sm No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "mailchimp-subscribe-sm 4.0.9.2 Admin+.Stored.XSS LOW" "meta-tags-for-seo 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "medical-addon-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "moolamojo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mihdan-no-external-links 5.0.2 Admin+.Stored.Cross-Site.Scripting LOW" "multilevel-referral-plugin-for-woocommerce 2.23 Reflected.Cross-Site.Scripting MEDIUM" "mycss No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "mashsharer 3.8.7 Contributor+.Stored.XSS MEDIUM" "mashsharer 3.8.5 Admin+.Stored.Cross-Site.Scripting LOW" "makestories-helper 3.0.4 Authenticated.(Subscriber+).Arbitrary.File.Download.and.Server-Side.Request.Forgery MEDIUM" "makestories-helper 3.0.3 Settings.Update.via.CSRF MEDIUM" "maz-loader 1.4.1 Arbitrary.Loader.Deletion.via.CSRF MEDIUM" "maz-loader 1.3.3 Contributor+.SQL.Injection HIGH" "menu-shortcode No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "mainwp 5.0 Cross-Site.Request.Forgery.via.posting_bulk MEDIUM" "mainwp 4.4.3.4 Authenticated.(Administrator+).SQL.Injection HIGH" "mainwp 4.5.1.3 Authenticated(Administrator+).CSS.Injection LOW" "mime-types-extended No.known.fix Author+.Stored.XSS.via.SVG.Upload MEDIUM" "miguras-divi-enhancer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "miguras-divi-enhancer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "membership-simplified-for-oap-members-only No.known.fix Unauthenticated.Arbitrary.File.Download CRITICAL" "magical-addons-for-elementor 1.1.42 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "magical-addons-for-elementor 1.1.42 Contributor+.Stored.XSS MEDIUM" "magical-addons-for-elementor 1.1.40 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "magical-addons-for-elementor 1.1.35 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "magical-addons-for-elementor 1.1.38 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Text.Effect.Widget MEDIUM" "mycred 2.7.4 Missing.Authorization.to.Unauthenticated.Database.Upgrade MEDIUM" "mycred 2.7.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mycred 2.7.3 Unauthenticated.PHP.Object.Injection HIGH" "mycred 2.7.3 Unauthenticated.Information.Exposure MEDIUM" "mycred 2.6.4 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "mycred 2.6.2 Contributor+.Stored.XSS MEDIUM" "mycred 2.5.3 Reflected.Cross-Site.Scripting MEDIUM" "mycred 2.5.1 Cross-Site.Request.Forgery MEDIUM" "mycred 2.4.4.1 Subscriber+.User.E-mail.Addresses.Disclosure MEDIUM" "mycred 2.4.4 Subscriber+.Arbitrary.Post.Creation MEDIUM" "mycred 2.4.4 Subscriber+.Import/Export.to.Email.Address.Disclosure MEDIUM" "mycred 2.4.4 Reflected.Cross-Site.Scripting MEDIUM" "mycred 2.4.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mycred 2.4 Reflected.Cross-Site.Scripting HIGH" "mycred 2.3 Subscriber+.SQL.Injection HIGH" "mycred 1.7.8 Reflected.Cross-Site.Scripting HIGH" "my-wp-health-check No.known.fix Cross-Site.Request.Forgery MEDIUM" "media-download No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "media-download 1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mail-control 0.3.0 Reflected.Cross-Site.Scripting MEDIUM" "mail-control 0.3.2 Unauthenticated.Stored.XSS.via.Email.Subject HIGH" "mega-elements-addons-for-elementor 1.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mega-elements-addons-for-elementor 1.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mega-elements-addons-for-elementor 1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Widget MEDIUM" "mega-elements-addons-for-elementor 1.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mailrelay 2.1.2 Arbitrary.Settings.Update.via.CSRF MEDIUM" "mobile-pages No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mobile-pages 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mas-static-content 1.0.9 Authenticated.(Contributor+).Private.Static.Content.Page.Disclosure MEDIUM" "multiple-pages-generator-by-porthas 3.4.8 Authenticated.(Contributor+).SQL.Injection MEDIUM" "multiple-pages-generator-by-porthas 3.4.1 Cross-Site.Request.Forgery MEDIUM" "multiple-pages-generator-by-porthas 3.4.1 Missing.Authorization.via.mpg_get_log_by_project_id MEDIUM" "multiple-pages-generator-by-porthas 3.4.1 Authenticated.(Editor+).Remote.Code.Execution HIGH" "multiple-pages-generator-by-porthas 3.0.0 Reflected.Cross-Site.Scripting MEDIUM" "multiple-pages-generator-by-porthas 3.3.20 SQL.Injection MEDIUM" "multiple-pages-generator-by-porthas 3.3.18 SQLi.via.CSRF LOW" "multiple-pages-generator-by-porthas 3.3.18 Admin+.SQLi MEDIUM" "multiple-pages-generator-by-porthas 3.3.10 MPG.<.3.3.10.-.Multiple.CSRF MEDIUM" "mark-posts 2.0.1 Admin+.Stored.Cross-Site.Scripting LOW" "mendeleyplugin No.known.fix Admin+.Stored.XSS LOW" "miniorange-login-security 1.0.8 Reflected.Cross-Site.Scripting HIGH" "mollie-payments-for-woocommerce 7.8.0 .Unauthenticated.Full.Path.Disclosure MEDIUM" "mollie-payments-for-woocommerce 7.3.12 Authenticated.(Shop.Manager+).Arbitrary.File.Upload HIGH" "mainwp-child-reports 2.2.1 Cross-Site.Request.Forgery.to.Arbitrary.Options.Update HIGH" "mainwp-child-reports 2.2 Cross-Site.Request.Forgery MEDIUM" "mainwp-child-reports 2.0.8 Admin+.SQL.Injection MEDIUM" "maxslider 1.2.4 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "miniorange-malware-protection 4.7.3 Unauthenticated.Privilege.Escalation CRITICAL" "miniorange-malware-protection 4.7.3 Admin+.SQLi MEDIUM" "miniorange-malware-protection 4.7.2 IP.Spoofing MEDIUM" "miniorange-malware-protection 4.5.2 Admin+.Stored.Cross-Site.Scripting LOW" "mp3-music-player-by-sonaar 5.7.1 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Deletion CRITICAL" "mp3-music-player-by-sonaar 5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sonaar_audioplayer.Shortcode MEDIUM" "mp3-music-player-by-sonaar 5.0 Unauthenticated.Arbitrary.File.Download MEDIUM" "mp3-music-player-by-sonaar 5.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mp3-music-player-by-sonaar 5.1.1 Missing.Authorization MEDIUM" "mp3-music-player-by-sonaar 4.10.1 Missing.Authorization.to.Template.Import MEDIUM" "mp3-music-player-by-sonaar 2.4.2 Multiple.Admin+.Cross.Site.Scripting LOW" "multilanguage 1.2.3 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "mobile-app-builder-by-wappress No.known.fix Unauthenticated.File.Upload CRITICAL" "mailchimp-wp No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting.via.Form.Color.Parameters MEDIUM" "mailchimp-wp 2.5.5 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "member-database No.known.fix Reflected.XSS HIGH" "morpheus-slider No.known.fix Authenticated.SQL.Injection MEDIUM" "message-ticker 9.3 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "multilist-subscribe-for-sendy No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "multilist-subscribe-for-sendy No.known.fix Subscriber+.Arbitrary.Options.Update HIGH" "multilist-subscribe-for-sendy No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "multilist-subscribe-for-sendy No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "multiple-image-uploads-with-preview-for-wpforms No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mapplic-lite No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "mapplic-lite 1.0.1 SSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "media-net-ads-manager No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "masterstudy-elementor-widgets 1.2.3 Missing.Authorization MEDIUM" "matomo 5.1.1 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "matomo 5.0.1 Reflected.Cross-Site.Scripting.via.idsite MEDIUM" "mappress-google-maps-for-wordpress 2.93 Admin+.Stored.XSS.via.Map.Settings LOW" "mappress-google-maps-for-wordpress 2.88.17 Contributor+.Stored.XSS.via.Map.Settings MEDIUM" "mappress-google-maps-for-wordpress 2.88.16 Unauthenticated.Arbitrary.Private/Draft.Post.Disclosure MEDIUM" "mappress-google-maps-for-wordpress 2.88.15 Contributor+.Stored.XSS MEDIUM" "mappress-google-maps-for-wordpress 2.88.14 Contributor+.Stored.XSS MEDIUM" "mappress-google-maps-for-wordpress 2.88.5 Contributor+.Stored.XSS MEDIUM" "mappress-google-maps-for-wordpress 2.85.5 Contributor+.SQL.Injection MEDIUM" "mappress-google-maps-for-wordpress 2.73.13 Admin+.File.Upload.to.Remote.Code.Execution MEDIUM" "mappress-google-maps-for-wordpress 2.73.4 Reflected.Cross-Site.scripting MEDIUM" "mappress-google-maps-for-wordpress 2.54.6 Improper.Capability.Checks.in.AJAX.Calls CRITICAL" "mappress-google-maps-for-wordpress 2.53.9 Authenticated.Map.Creation/Deletion.Leading.to.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "mappress-google-maps-for-wordpress 2.53.9 Remote.Code.Execution.(RCE).due.to.Incorrect.Access.Control.in.AJAX.Actions CRITICAL" "masterstudy-lms-learning-management-system 3.3.24 Privilege.Escalation.to.Instructor MEDIUM" "masterstudy-lms-learning-management-system 3.2.13 Missing.Authorization MEDIUM" "masterstudy-lms-learning-management-system 3.2.2 Cross-Site.Request.Forgery MEDIUM" "masterstudy-lms-learning-management-system 3.3.9 Missing.Authorization MEDIUM" "masterstudy-lms-learning-management-system 3.3.4 Unauthenticated.Local.File.Inclusion.via.template CRITICAL" "masterstudy-lms-learning-management-system 3.3.2 Unauthenticated.Privilege.Escalation HIGH" "masterstudy-lms-learning-management-system 3.3.1 Unauthenticated.Local.File.Inclusion.via.modal CRITICAL" "masterstudy-lms-learning-management-system 3.3.0 Missing.Authorization.to.Sensitive.Information.Exposure.in.search_posts MEDIUM" "masterstudy-lms-learning-management-system 3.2.11 Basic.Information.Exposure.via.REST.route MEDIUM" "masterstudy-lms-learning-management-system 3.2.6 Unauthenticated.SQL.Injection CRITICAL" "masterstudy-lms-learning-management-system 3.0.18 Unauthenticated.Instructor.Account.Creation MEDIUM" "masterstudy-lms-learning-management-system 2.8.0 Reflected.Cross-Site.Scripting MEDIUM" "masterstudy-lms-learning-management-system 3.0.9 Subscriber+.Course.Category.Creation MEDIUM" "masterstudy-lms-learning-management-system 3.0.9 Contributor+.Stored.XSS MEDIUM" "masterstudy-lms-learning-management-system 2.7.6 Unauthenticated.Admin.Account.Creation CRITICAL" "mass-pagesposts-creator 2.1.7 Reflected.Cross-Site.Scripting MEDIUM" "mass-pagesposts-creator 2.1.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mass-pagesposts-creator 1.2.5 DoS MEDIUM" "mailchimp-forms-by-mailmunch 3.2.2 Cross-Site.Request.Forgery MEDIUM" "mailchimp-forms-by-mailmunch 3.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "mailchimp-forms-by-mailmunch 3.1.5 Arbitrary.Actions.via.CSRF MEDIUM" "marketing-optimizer No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "my-waze No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "mihdan-yandex-turbo-feed 1.6.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "mpoperationlogs No.known.fix Unauthenticated.Stored.XSS HIGH" "misiek-photo-album No.known.fix Album.Deletion.via.CSRF MEDIUM" "misiek-photo-album No.known.fix Stored.XSS.via.CSRF HIGH" "ms-reviews No.known.fix Subscriber+.Stored.XSS HIGH" "moova-for-woocommerce 3.8 Reflected.Cross-Site.Scripting HIGH" "mailchimp-for-wp 4.9.17 Authenticated.(Administrator+).Stored.Cross-Site.Scripting LOW" "mailchimp-for-wp 4.9.17 4.9.16.-.Reflected.Cross-Site.Scripting HIGH" "mailchimp-for-wp 4.9.10 Unauthenticated.Unpublished.Form.Preview MEDIUM" "mailchimp-for-wp 4.8.7 Admin+.Stored.Cross-Site.Scripting LOW" "mailchimp-for-wp 4.8.7 Admin+.Stored.Cross-Site.Scripting LOW" "mailchimp-for-wp 4.8.5 Authenticated.Arbitrary.Redirect MEDIUM" "mailchimp-for-wp 4.8.5 Unauthorised.Actions.via.CSRF MEDIUM" "mailchimp-for-wp 4.1.7 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "mailchimp-for-wp 4.1.8 XSS MEDIUM" "media-library-plus 8.2.4 Missing.Authorization.on.Various.Functions MEDIUM" "media-library-plus 8.2.3 Authenticated.(Subscriber+).Second-Order.SQL.Injection CRITICAL" "media-library-plus 8.2.1 Reflected.Cross-Site.Scripting.via.'s' MEDIUM" "media-library-plus 8.1.9 Authenticated.(Author+).Directory.Traversal MEDIUM" "media-library-plus 8.1.8 Authenticated.(Author+).SQL.Injection CRITICAL" "media-library-plus 7.1.2 Plugin.Reset.via.CSRF MEDIUM" "mega-forms 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "mega-forms 1.2.5 Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "mousewheel-smooth-scroll 5.7 Plugin's.Setting.Update.via.CSRF MEDIUM" "meta-tag-manager 3.1 Subscriber+.PHP.Object.Injection HIGH" "meta-tag-manager 2.1 Reflected.Cross-Site.Scripting MEDIUM" "manage-shipyaari-shipping No.known.fix Admin+.Stored.XSS LOW" "menu-manager-ultra 1.0.8 Reflected.Cross-Site.Scripting MEDIUM" "miniorange-login-openid 7.6.7 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "miniorange-login-openid 7.6.5 Authentication.Bypass CRITICAL" "miniorange-login-openid 7.6.0 Admin+.Stored.XSS LOW" "miniorange-login-openid 7.5.15 Multiple.CSRF MEDIUM" "miniorange-login-openid 7.6.1 Unauthenticated.Arbitrary.Content.Deletion MEDIUM" "mobile-menu 2.8.5 Missing.Authorization.to._mobmenu_icon.Post.Meta.Modification MEDIUM" "mobile-menu 2.8.4.4 Cross-Site.Request.Forgery MEDIUM" "mobile-menu 2.8.4.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Alt MEDIUM" "mobile-menu 2.8.4 Reflected.Cross-Site.Scripting MEDIUM" "mobile-menu 2.8.2.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mobile-menu 2.8.2.3 Reflected.Cross-Site.Scripting.(XSS) HIGH" "mobile-menu 2.7.3 Subscriber+.Arbitrary.Option.Update CRITICAL" "more-from-google No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "metricool 1.18 Admin+.Stored.XSS LOW" "market-exporter 2.0.20 Missing.Authorization.to.Arbitrary.File.Deletion HIGH" "market-exporter 2.0.19 Reflected.Cross-Site.Scripting MEDIUM" "market-exporter 2.0.14 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mobile-login-woocommerce 2.3 Unauthenticated.Privilege.Escalation HIGH" "meta-slider-and-carousel-with-lightbox 2.0.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "my-wp-translate 1.0.4 CSRF.&.XSS HIGH" "moceanapi-abandoned-carts No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "multi-rating No.known.fix Unauthenticated.Ratings.Update MEDIUM" "multi-rating No.known.fix Admin+.Stored.XSS LOW" "multi-rating 5.0.6 Reflected.XSS HIGH" "multi-rating 5.0.6 Ratings.Deletion.via.CSRF MEDIUM" "maxgalleria 6.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.maxgallery_thumb.Shortcode MEDIUM" "maxgalleria 6.4.3 Missing.Authorization MEDIUM" "maxgalleria 6.2.7 Author+.Stored.Cross-Site.Scripting MEDIUM" "mediamatic No.known.fix Cross-Site.Request.Forgery MEDIUM" "mediamatic 2.8.1 Subscriber+.SQL.Injection HIGH" "modify-profile-fields-dashboard-menu-buttons 1.04 Reflected.Cross-Site.Scripting MEDIUM" "ml-slider 3.70.1 Contributor+.Stored.Cross-Site.Scripting.via.metaslider.Shortcode MEDIUM" "ml-slider 3.29.1 Reflected.XSS HIGH" "ml-slider 3.27.9 Admin+.Stored.Cross.Site.Scripting LOW" "ml-slider 3.17.2 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "media-library-helper 1.3.0 Cross-Site.Request.Forgery MEDIUM" "mapfig-studio No.known.fix Stored.XSS.via.CSRF HIGH" "microkids-related-posts No.known.fix Cross-Site.Request.Forgery MEDIUM" "machic-core No.known.fix Reflected.Cross-Site.Scripting HIGH" "momoyoga-integration 2.8.0 Contributor+.Stored.XSS MEDIUM" "mobile-blocks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mobile-blocks 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mihanpanel-lite 12.7 Cross-Site.Request.Forgery MEDIUM" "map-block-gutenberg 1.32 Unauthorised.Google.API.Key.change MEDIUM" "multifox-plus 1.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mediaburst-ecommerce-sms-notifications 2.4.2 Cross-Site.Scripting.(XSS) MEDIUM" "magic-fields 1.7.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "mybooktable 3.5.0 Stored.XSS.via.CSRF MEDIUM" "mybooktable 3.3.8 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "mybooktable 3.3.5 API.Key.Update.via.CSRF MEDIUM" "metronet-profile-picture 2.6.2 Authenticated.(Author+).Insecure.Direct.Object.Reference.to.Profile.Picture.Update MEDIUM" "metronet-profile-picture 2.6.0 Arbitrary.User.Picture.Change/Deletion.via.IDOR MEDIUM" "metronet-profile-picture 2.5.0 Sensitive.Information.Disclosure MEDIUM" "mtouch-quiz No.known.fix Admin+.Stored.Cross.Site.Scripting LOW" "mtouch-quiz 3.1.3 Multiple.Vulnerabilities.XSS.&.CSRF MEDIUM" "msync No.known.fix Authenticated.(Administrator+).SQL.Injection HIGH" "menu-items-visibility-control No.known.fix Admin+.Arbitrary.PHP.Code.Execution MEDIUM" "maxbuttons 9.8.0 Full.Path.Disclosure MEDIUM" "maxbuttons 9.7.8 Editor+.Stored.XSS LOW" "maxbuttons 9.7.7 Contributor+.Stored.XSS MEDIUM" "maxbuttons 9.7.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "maxbuttons 9.6 Contributor+.Stored.XSS MEDIUM" "maxbuttons 9.3 Arbitrary.Settings.Update.via.CSRF MEDIUM" "maxbuttons 9.3 Admin+.Stored.Cross-Site.Scripting LOW" "maxbuttons 6.19 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "miniorange-oauth-20-server 4.0.1 Authentication.Bypass CRITICAL" "modula-best-grid-gallery 2.7.5 Incomplete.Authorization.via.'save_image'.and.'save_images' LOW" "modula-best-grid-gallery 2.6.91 Unauthenticated.Troubleshooting.Settings.Update MEDIUM" "modula-best-grid-gallery 2.6.7 Reflected.Cross-Site.Scripting MEDIUM" "modula-best-grid-gallery 2.2.5 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "mts-url-shortener No.known.fix Admin+.Stored.XSS LOW" "mts-url-shortener No.known.fix Reflected.XSS HIGH" "my-content-management 1.7.7 Admin+.Stored.XSS LOW" "media-library-assistant 3.19 Authenticated.(Author+).Arbitrary.File.Upload.via.mla-inline-edit-upload-scripts.AJAX.Action HIGH" "media-library-assistant 3.18 Reflected.Cross-Site.Scripting MEDIUM" "media-library-assistant 3.17 Authenticated.(Contributor+).SQL.Injection.via.order.Parameter HIGH" "media-library-assistant 3.16 Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "media-library-assistant 3.16 Reflected.Cross-Site.Scripting HIGH" "media-library-assistant 3.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.mla_gallery.Shortcode MEDIUM" "media-library-assistant 3.14 Authenticated.(Contributor+).SQL.Injection.via.Shortcode MEDIUM" "media-library-assistant 3.12 Author+.Stored.XSS MEDIUM" "media-library-assistant 3.11 Contributor+.Stored.XSS MEDIUM" "media-library-assistant 3.10 Unauthenticated.Local/Remote.File.Inclusion.&.Remote.Code.Execution HIGH" "media-library-assistant 3.08 Reflected.Cross-Site.Scripting MEDIUM" "media-library-assistant 3.06 Admin+.SQLi MEDIUM" "media-library-assistant 3.01 Unauthenticated.Error.Log.Access LOW" "media-library-assistant 2.90 Authenticated.Blind.SQL.Injection MEDIUM" "media-library-assistant 2.82 Authenticated.RCE CRITICAL" "media-library-assistant 2.82 Unauthenticated.Limited.Local.File.Inclusion HIGH" "media-library-assistant 2.82 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "media-library-assistant 2.7.4 Cross-Site.Scripting.(XSS) MEDIUM" "matrix-pre-loader No.known.fix Cross-Site.Request.Forgery MEDIUM" "mapwiz No.known.fix Admin+.SQLi MEDIUM" "my-tickets 1.9.11 Bulk.Emailing.via.CSRF MEDIUM" "my-tickets 1.8.31 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "mapifylite 4.0.0 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "marmoset-viewer 1.9.3 Reflected.Cross.Site.Scripting HIGH" "materialis-companion 1.3.42 Authenticated.(Contributor+).Store.Cross-Site.Scripting.via.materialis_contact_form.Shortcode MEDIUM" "materialis-companion 1.3.40 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "mortgage-calculators-wp 1.60 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mortgage-calculators-wp 1.56 Admin+.Stored.Cross-Site.Scripting LOW" "mailpress No.known.fix Arbitrary.Settings.Update.&.Log.Files.Purge.via.CSRF MEDIUM" "mm-email2image No.known.fix Stored.XSS.via.CSRF HIGH" "mm-email2image No.known.fix Contributor+.Stored.XSS MEDIUM" "mobile-address-bar-changer No.known.fix Settings.Update.via.CSRF MEDIUM" "media-cleaner 6.7.3 Unauthenticated.Information.Exposure MEDIUM" "master-slider No.known.fix CSRF.to.slider.deletion MEDIUM" "master-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "master-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.ms_layer.Shortcode MEDIUM" "master-slider 3.9.10 Responsive.Touch.Slider.<.3.9.10.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "master-slider 3.9.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "master-slider 3.9.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "master-slider 3.9.7 Unauthenticated.PHP.Object.Injection CRITICAL" "master-slider No.known.fix Contributor+.Stored.XSS MEDIUM" "master-slider No.known.fix Editor+.Stored.XSS.via.slider.callback MEDIUM" "master-slider No.known.fix Sliders.Deletion.via.CSRF MEDIUM" "master-slider 3.7.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "master-slider 2.8.0 Reflected.Cross-Site.Scripting.(XSS) HIGH" "master-slider 2.5.2 Authenticated.Blind.SQL.Injection CRITICAL" "mstore-api 4.15.4 Authenticated.(Subscriber+).Limited.Arbitrary.File.Upload MEDIUM" "mstore-api 4.15.4 Unauthorized.User.Registration HIGH" "mstore-api 4.15.3 Authentication.Bypass.to.Account.Takeover HIGH" "mstore-api 4.15.0 Authentication.Bypass CRITICAL" "mstore-api 4.10.2 Cross-Site.Request.Forgery MEDIUM" "mstore-api 4.0.7 Subscriber+.SQLi HIGH" "mstore-api 4.0.2 Unauthenticated.SQL.Injection CRITICAL" "mstore-api 3.9.8 Unauthenticated.SQL.Injection HIGH" "mstore-api 3.9.8 Unauthenticated.Blind.SQLi HIGH" "mstore-api 3.9.7 Subscriber+.Unauthorized.Settings.Update MEDIUM" "mstore-api 4.10.8 Unauthenticated.Privilege.Escalation CRITICAL" "mstore-api 3.9.9 Unauthenticated.Privilege.Escalation CRITICAL" "mstore-api 3.9.7 Multiple.CSRF MEDIUM" "mstore-api 3.9.3 Authentication.Bypass CRITICAL" "mstore-api 3.9.2 Authentication.Bypass CRITICAL" "mstore-api 3.9.1 Authentication.Bypass CRITICAL" "mstore-api 3.4.5 Unauthenticated.PHP.File.Upload CRITICAL" "mstore-api 3.2.0 Authentication.Bypass.With.Sign.In.With.Apple HIGH" "mstore-api 2.1.6 Unauthenticated.Arbitrary.Account.Creation/Edition HIGH" "mastercurrency-wp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Currency.Converter.Form.Shortcode MEDIUM" "my-wish-list 1.4.2 Multiple.Parameter.XSS MEDIUM" "multi-feed-reader 2.2.4 SQL.Injection HIGH" "miniorange-login-with-eve-online-google-facebook 6.23.4 Improper.Authentication HIGH" "miniorange-login-with-eve-online-google-facebook 6.24.2 SSO.(OAuth.Client).Free.<.6.24.2.-.IdP.Deletion.via.CSRF MEDIUM" "miniorange-login-with-eve-online-google-facebook 6.24.2 SSO.(OAuth.Client).<.6.24.2.-.IdP.Discard.via.CSRF MEDIUM" "miniorange-login-with-eve-online-google-facebook 6.22.6 Authentication.Bypass CRITICAL" "miniorange-login-with-eve-online-google-facebook 6.20.3 Reflected.Cross-Site.Scripting.via.appId HIGH" "media-element-html5-video-and-audio-player No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "mw-wp-form 5.1.0 Editor+.Stored.XSS MEDIUM" "mw-wp-form 5.0.4 Improper.Limitation.of.File.Name.to.Unauthenticated.Arbitrary.File.Deletion HIGH" "mw-wp-form 5.0.2 Unauthenticated.Arbitrary.File.Upload HIGH" "mw-wp-form 5.0.0 Missing.Authorization MEDIUM" "mw-wp-form 4.4.3 Unauthenticated.Path.Traversal MEDIUM" "moose-elementor-kit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "multiparcels-shipping-for-woocommerce 1.16.9 Cross-Site.Request.Forgery MEDIUM" "multiparcels-shipping-for-woocommerce 1.15.4 Reflected.XSS HIGH" "multiparcels-shipping-for-woocommerce 1.15.2 Arbitrary.Shipment.Deletion.via.CSRF MEDIUM" "multiparcels-shipping-for-woocommerce 1.14.14 Subscriber+.Arbitrary.Shipment.Deletion MEDIUM" "multiparcels-shipping-for-woocommerce 1.15.4 Reflected.XSS HIGH" "multiparcels-shipping-for-woocommerce 1.14.15 Subscriber+.SQLi HIGH" "motopress-hotel-booking 4.8.5 Unauthenticated.Arbitrary.File.Download.&.Deletion CRITICAL" "myshopkit-popup-smartbar-slidein No.known.fix .Unauthenticated.Sensitive.Information.Exposure MEDIUM" "magee-shortcodes No.known.fix Contributor+.Stored.XSS.via.shortcode MEDIUM" "magee-shortcodes 2.0.9 Reflected.Cross-Site.Scripting MEDIUM" "mighty-addons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mww-disclaimer-buttons 3.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "modern-events-calendar 7.13.0 Subscriber+.Server.Side.Request.Forgery HIGH" "modern-events-calendar 7.12.0 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "mihdan-index-now 2.6.4 Cross-Site.Request.Forgery.via.reset_form HIGH" "mypixs No.known.fix Unauthenticated.Local.File.Inclusion.(LFI) HIGH" "mega-addons-for-visual-composer 4.3.0 Contributor+.Stored.XSS MEDIUM" "mega-addons-for-visual-composer No.known.fix Subscriber+.Settings.Update MEDIUM" "mega-addons-for-visual-composer No.known.fix Settings.Update.via.CSRF MEDIUM" "multi-step-form 1.7.19 Form.Deletion.via.CSRF MEDIUM" "multi-step-form 1.7.17 Admin+.Stored.XSS LOW" "multi-step-form 1.7.13 Form.Update/Deletion.via.CSRF MEDIUM" "multi-step-form 1.7.8 Admin+.Stored.XSS LOW" "multi-step-form 1.2.6 Cross-Site.Scripting.(XSS) MEDIUM" "multi-step-form 1.2.6 Multiple.Unauthenticated.Reflected.XSS MEDIUM" "mojoplug-slide-panel No.known.fix Admin+.Stored.XSS LOW" "mystickyelements 2.1.4 Unauthenticated.Unauthorised.Action MEDIUM" "mystickyelements 2.1.2 Admin+.Stored.Cross-Site.Scripting LOW" "mystickyelements 2.0.9 Admin+.SQLi MEDIUM" "mystickyelements 2.0.4 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "mainwp-google-analytics-extension 4.0.5 Subscriber+.Settings.Update MEDIUM" "mainwp-google-analytics-extension 4.0.5 Subscriber+.SQLi HIGH" "microcopy No.known.fix Authenticated.SQL.Injection MEDIUM" "master-addons 2.0.6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.data-jltma-wrapper-link.Element MEDIUM" "master-addons 2.0.6.3 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "master-addons 2.0.6.2 Missing.Authorization.to.MA.Template.Creation.or.Modification MEDIUM" "master-addons 2.0.6.2 Missing.Authorization.to.Unauthenticated.Stored.Cross-Site.Scripting.via.Navigation.Menu.Widget HIGH" "master-addons 2.0.5.6 Missing.Authorization.via.get_jltma_save_menuitem_settings() MEDIUM" "master-addons 2.0.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "master-addons 2.0.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "master-addons 2.0.6.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "master-addons 2.0.5.6 Missing.Authorization.on.Duplicate.Post MEDIUM" "master-addons 2.0.5.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Pricing.Table.Widget MEDIUM" "master-addons 2.0.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "master-addons 2.0.4 Contributor+.Stored.XSS MEDIUM" "master-addons 2.0.3 Reflected.Cross-Site.Scripting MEDIUM" "master-addons 1.8.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "master-addons 1.8.2 Reflected.Cross-Site.Scripting MEDIUM" "my-calendar 3.4.24 Authenticated.Stored.XSS MEDIUM" "my-calendar 3.4.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "my-calendar 3.4.22 Unauthenticated.SQL.Injection CRITICAL" "my-calendar 3.4.4 Cross-Site.Request.Forgery MEDIUM" "my-calendar 3.3.25 Event/Location.Deletion.via.CSRF MEDIUM" "my-calendar 3.2.18 Subscriber+.Reflected.Cross-Site.Scripting MEDIUM" "my-calendar 3.1.10 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "my-chatbot No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "my-chatbot No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "menukaart 1.4 Reflected.Cross-Site.Scripting MEDIUM" "mygallery No.known.fix Unauthenticated.File.Inclusion CRITICAL" "mytube No.known.fix Reflected.Cross-Site.Scripting.via.addplaylistid MEDIUM" "mpl-publisher 1.30.4 Self-publish.your.book.&.ebook.<.1.30.4.-.Admin+.Stored.Cross-Site.Scripting LOW" "mpl-publisher 1.29.2 Reflected.Cross-Site.Scripting.via.PHPRelativePath.Library HIGH" "meks-easy-instagram-widget 1.2.4 Subscriber+.Settings.Update.to.Stored.XSS MEDIUM" "minimal-coming-soon-maintenance-mode 2.39 Missing.Authorization.to.Limited.Settings.Change MEDIUM" "minimal-coming-soon-maintenance-mode 2.38 Unauthenticated.Maintenance.Mode.Bypass LOW" "minimal-coming-soon-maintenance-mode 2.35 Multiple.Authenticated.Stored.XSS LOW" "minimal-coming-soon-maintenance-mode 2.15 CSRF.to.Stored.XSS.and.Setting.Changes HIGH" "minimal-coming-soon-maintenance-mode 2.17 Insecure.permissions:.Export.Settings/Theme.Change MEDIUM" "minimal-coming-soon-maintenance-mode 2.15 Insecure.Permissions:.Enable.and.Disable.Maintenance.Mode HIGH" "mailin 3.1.88 Cross-Site.Request.Forgery MEDIUM" "mailin 3.1.83 Cross-Site.Request.Forgery MEDIUM" "mailin 3.1.78 Reflected.Cross-Site.Scripting MEDIUM" "mailin 3.1.78 Reflected.XSS HIGH" "mailin 3.1.61 Reflected.XSS HIGH" "mailin 3.1.31 Reflected.Cross-Site.Scripting MEDIUM" "mailin 3.1.25 Reflected.XSS HIGH" "max-addons-pro-bricks 1.6.2 Missing.Authorization MEDIUM" "max-addons-pro-bricks 1.6.2 Reflected.Cross-Site.Scripting MEDIUM" "menu-ordering-reservations 2.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "menu-ordering-reservations 2.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "menu-ordering-reservations 2.3.7 Reflected.XSS HIGH" "menu-ordering-reservations 2.3.6 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "menu-ordering-reservations 2.3.2 Multiple.CSRF MEDIUM" "menu-ordering-reservations 2.3.1 Unauthorised.AJAX.Calls MEDIUM" "m-vslider No.known.fix Authenticated.(admin+).SQL.Injection HIGH" "modern-addons-elementor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "modern-addons-elementor 1.2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mp-timetable 2.4.14 Admin+.PHP.Object.Injection MEDIUM" "mp-timetable 2.4.12 Authenticated.(Contributor+).SQL.Injection CRITICAL" "mp-timetable 2.4.2 Unauthorised.Event.TimeSlot.Deletion MEDIUM" "mp-timetable 2.4.0 Arbitrary.User's.Hashed.Password/Email/Username.Disclosure MEDIUM" "mp-timetable 2.4.2 Unauthorised.Event.TimeSlot.Update MEDIUM" "mp-timetable 2.3.19 Author+.Stored.Cross-Site.Scripting MEDIUM" "mx-time-zone-clocks 3.4.1 Contributor+.Cross-Site.Scripting MEDIUM" "moceansms-order-sms-notification-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mapsvg 6.2.20 Unauthenticated.SQLi HIGH" "meks-smart-author-widget 1.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "membersonic-lite 1.302 Authentication.Bypass CRITICAL" "memberful-wp 1.73.8 Authenticated.(contributor+).Stored.Cross-Site.Scripting MEDIUM" "microsoft-clarity 0.9.4 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "microsoft-clarity 0.4 Admin+.Stored.Cross-Site.Scripting LOW" "mp3-jplayer No.known.fix Multiple.CSRF MEDIUM" "mp3-jplayer 2.5 Full.Path.Disclosure MEDIUM" "miniorange-2-factor-authentication 5.6.6 Missing.Authorization.to.Plugin.Settings.Change HIGH" "miniorange-2-factor-authentication 5.6.2 Subscriber+.Settings.Update MEDIUM" "miniorange-2-factor-authentication 5.5.75 Reflected.Cross-Site.Scripting MEDIUM" "miniorange-2-factor-authentication 5.5.6 Admin+.Stored.Cross-Site.Scripting LOW" "miniorange-2-factor-authentication 5.5 Unauthenticated.Arbitrary.Options.Deletion CRITICAL" "miniorange-2-factor-authentication 5.4.40 Reflected.Cross-Site.Scripting HIGH" "marker-io 1.1.9 Cross-Site.Request.Forgery MEDIUM" "marker-io 1.1.7 Cross-Site.Request.Forgery MEDIUM" "master-blocks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "master-blocks No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "modern-footnotes 1.4.17 Contributor+.Stored.XSS MEDIUM" "modern-footnotes 1.4.16 Admin+.Stored.XSS LOW" "mobile-friendly-app-builder-by-easytouch No.known.fix Unauthenticated.File.Upload CRITICAL" "memberpress-downloads 1.2.6 Subscriber+.Arbitrary.File.Upload CRITICAL" "maintenance-page 1.0.9 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "maintenance-page 1.0.9 Security.Mechanism.Bypass.via.REST.API MEDIUM" "moloni 4.8.0 Reflected.Cross-Site.Scripting MEDIUM" "mrkwp-footer-for-divi No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mrkwp-footer-for-divi No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "modify-comment-fields 1.04 Reflected.Cross-Site.Scripting MEDIUM" "multisafepay 4.16.0 Unauthenticated.Arbitrary.File.Access HIGH" "multisite-post-duplicator 1.1.3 Cross-Site.Request.Forgery.(CSRF) HIGH" "magic-post-voice No.known.fix Reflected.Cross-Site.Scripting HIGH" "motors-car-dealership-classified-listings 1.4.11 Missing.Authorization MEDIUM" "motors-car-dealership-classified-listings 1.4.7 Unauthenticated.SSRF MEDIUM" "motors-car-dealership-classified-listings 1.4.7 Reflected.XSS HIGH" "motors-car-dealership-classified-listings 1.4.5 CSRF MEDIUM" "motors-car-dealership-classified-listings 1.4.4 Car.Dealer,.Classifieds.&.Listing.<.1.4.4.-.Arbitrary.File.Upload CRITICAL" "motors-car-dealership-classified-listings 1.4.1 Multiple.Issues MEDIUM" "master-elements No.known.fix Unauthenticated.SQLi CRITICAL" "mapster-wp-maps 1.2.39 Contributor+.Stored.XSS MEDIUM" "mapster-wp-maps 1.2.36 Reflected.Cross-Site.Scripting MEDIUM" "mobile-events-manager 1.4.8 Admin+.CSV.Injection LOW" "mobile-events-manager 1.4.4 Admin+.Stored.Cross-Site.Scripting LOW" "my-instagram-feed 3.1.2 Reflected.Cross-Site.Scripting MEDIUM" "my-instagram-feed 3.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "magic-action-box No.known.fix Contributor+.Stored.XSS MEDIUM" "multi-scheduler No.known.fix Arbitrary.Record.Deletion.via.CSRF HIGH" "mortgage-loan-calculator 1.5.17 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "mage-eventpress 4.2.2 Authenticated.(Contributor+).Local.File.Inclusion CRITICAL" "mage-eventpress 4.1.2 Authenticated.(Contributor+).PHP.Object.Injection.in.mep_event_meta_save HIGH" "mage-eventpress 3.9.6 Editor+.Stored.Cross-Site.Scripting MEDIUM" "mage-eventpress 3.8.7 Admin+.Stored.XSS LOW" "mage-eventpress 3.7.8 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "mage-eventpress 3.8.0 Contributor+.Stored.XSS MEDIUM" "mage-eventpress 3.5.8 Contributor+.SQL.Injection HIGH" "mage-eventpress 3.5.3 Unauthenticated.Arbitrary.Elementor.Template.Import MEDIUM" "mage-eventpress 3.5.3 Unauthenticated.Arbitrary.Options.Reset HIGH" "mainwp-maintenance-extension 4.1.2 Subscriber+.SQL.Injection.(SQLi) HIGH" "mailcwp 1.110 Unauthenticated.Arbitrary.File.Upload CRITICAL" "mainwp-piwik-extension 4.0.5 CSRF MEDIUM" "my-shortcodes No.known.fix Missing.Authorization.via.Multiple.AJAX.Actions MEDIUM" "mediavine-control-panel 2.10.5 Contributor+.Stored.XSS MEDIUM" "multimedial-images No.known.fix Admin+.SQLi MEDIUM" "media-alt-renamer No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via._wp_attachment_image_alt.postmeta MEDIUM" "mwp-forms No.known.fix Admin+.SQL.Injection HIGH" "miniorange-google-authenticator 1.0.8 Admin+.Stored.Cross-Site.Scripting LOW" "miniorange-google-authenticator 1.0.5 CSRF.to.Stored.Cross-Site.Scripting MEDIUM" "mabel-shoppable-images-lite 1.2.4 Arbitrary.Post.Deletion.via.CSRF MEDIUM" "magical-posts-display 1.2.39 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "meet-my-team No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "meks-themeforest-smart-widget No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "molie-instructure-canvas-linking-tool No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "molie-instructure-canvas-linking-tool No.known.fix Authenticated.SQL.Injection HIGH" "modal-window 6.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "modal-window 5.3.10 Modal.Deletion.via.CSRF MEDIUM" "modal-window 5.3.9 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "modal-window 5.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "modal-window 5.2.2 RFI.leading.to.RCE.via.CSRF HIGH" "mindbody-access-management 2.0.9 Unauthorised.AJAX.call MEDIUM" "myagileprivacy 2.1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.vis.Shortcode MEDIUM" "miniorange-otp-verification 4.2.2 Missing.Authorization.via.dismiss_notice MEDIUM" "martins-link-network 1.2.30 Reflected.XSS HIGH" "mediaburst-email-to-sms No.known.fix Authenticated(Administrator+).SQL.Injection MEDIUM" "mediaburst-email-to-sms 3.0.0 Cross-Site.Scripting.(XSS) MEDIUM" "modern-events-calendar-lite 7.13.0 Subscriber+.Server.Side.Request.Forgery HIGH" "modern-events-calendar-lite 7.12.0 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "modern-events-calendar-lite 7.1.0 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "modern-events-calendar-lite 6.5.2 Admin+.Stored.XSS LOW" "modern-events-calendar-lite 6.3.0 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "modern-events-calendar-lite 6.5.2 Admin+.Stored.Cross-Site.Scripting LOW" "modern-events-calendar-lite 6.4.7 Reflected.Cross-Site.Scripting MEDIUM" "modern-events-calendar-lite 6.4.0 Contributor+.Stored.Cross.Site.Scripting MEDIUM" "modern-events-calendar-lite 6.2.0 Subscriber+.Category.Add.Leading.to.Stored.XSS MEDIUM" "modern-events-calendar-lite 6.1.5 Reflected.Cross-Site.Scripting HIGH" "modern-events-calendar-lite 6.1.5 Unauthenticated.Blind.SQL.Injection HIGH" "modern-events-calendar-lite 5.22.3 Authenticated.Stored.Cross.Site.Scripting LOW" "modern-events-calendar-lite 5.22.2 Admin+.Stored.Cross-Site.Scripting LOW" "modern-events-calendar-lite 5.16.5 Unauthenticated.Events.Export MEDIUM" "modern-events-calendar-lite 5.16.6 Authenticated.SQL.Injection CRITICAL" "modern-events-calendar-lite 5.16.5 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "modern-events-calendar-lite 5.16.5 Authenticated.Arbitrary.File.Upload.leading.to.RCE CRITICAL" "modern-events-calendar-lite 5.1.7 Multiple.Subscriber+.Stored.XSS MEDIUM" "mwp-herd-effect 5.2.7 Effect.Deletion.via.CSRF MEDIUM" "mwp-herd-effect 5.2.4 Effect.Deletion.via.CSRF MEDIUM" "mwp-herd-effect 5.2.3 Admin+.Stored.XSS LOW" "mwp-herd-effect 5.2.2 Reflected.XSS MEDIUM" "mwp-herd-effect 5.2.1 Admin+.LFI MEDIUM" "master-popups-lite No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "multicons 3.0 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "miniorange-oauth-oidc-single-sign-on 38.4.9 SSO.(OAuth.Client).Premium.<.38.4.9.-.IdP.Deletion.via.CSRF MEDIUM" "miniorange-oauth-oidc-single-sign-on 48.4.9 SSO.(OAuth.Client).Enterprise.<.48.4.9.-.IdP.Deletion.via.CSRF MEDIUM" "miniorange-oauth-oidc-single-sign-on 28.4.9 SSO.(OAuth.Client).Standard.<.28.4.9.-.IdP.Deletion.via.CSRF MEDIUM" "meta-data-filter 2.2.8 Arbitrary.Settings.Update.via.CSRF MEDIUM" "mail-masta No.known.fix Multiple.SQL.Injection CRITICAL" "mail-masta No.known.fix Unauthenticated.Local.File.Inclusion.(LFI) HIGH" "music-request-manager No.known.fix Reflected.XSS MEDIUM" "music-request-manager No.known.fix Unauthenticated.Stored.XSS MEDIUM" "music-request-manager No.known.fix Stored.XSS.via.CSRF HIGH" "motor-racing-league No.known.fix Admin+.XSS LOW" "media-file-renamer 5.7.8 Admin+.Remote.Code.Execution MEDIUM" "media-file-renamer 5.7.0 Sensitive.Information.Exposure.via.Log.File MEDIUM" "media-file-renamer 5.2.7 Auto.&.Manual.Rename.<.5.2.7.-.Media.Title/Filename/Locking.State.Update.via.CSRF MEDIUM" "menubar 5.9 Cross-Site.Request.Forgery MEDIUM" "menubar 5.8 Reflected.Cross-Site.Scripting MEDIUM" "material-design-icons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.mdi-icon.Shortcode MEDIUM" "move-addons 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "move-addons 1.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "move-addons 1.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "move-addons 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "move-addons 1.3.0 Missing.Authorization MEDIUM" "move-addons 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "menu-item-scheduler No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "marketo-forms-and-tracking No.known.fix CSRF.to.XSS HIGH" "m-wp-popup No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "m-wp-popup 1.3.1 Unauthenticated.Denial.of.Service HIGH" "moceanapi-sendsms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "miguras-divi-maker No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "map-location-picker-at-checkout-for-woocommerce 1.9.0 Missing.Authorization.via.checkout_map_rules_order_ajax_handler MEDIUM" "map-location-picker-at-checkout-for-woocommerce 1.8.5 Reflected.Cross-Site.Scripting MEDIUM" "map-location-picker-at-checkout-for-woocommerce 1.4.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "migrate-users No.known.fix CSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "media-file-organizer No.known.fix Directory.Traversal MEDIUM" "misiek-paypal No.known.fix Stored.XSS.via.CSRF HIGH" "members-import No.known.fix XSS.via.Imported.CSV MEDIUM" "member-hero No.known.fix Unauthenticated.RCE CRITICAL" "multiple-shipping-address-woocommerce 2.0 Unauthenticated.SQLi HIGH" "magic-post-thumbnail 5.2.10 Reflected.Cross-Site.Scripting MEDIUM" "magic-post-thumbnail 5.2.8 Admin+.Stored.XSS LOW" "magic-post-thumbnail 4.1.13 Reflected.Cross-Site.Scripting MEDIUM" "magic-post-thumbnail 4.1.11 Reflected.XSS HIGH" "magic-post-thumbnail 3.3.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "magic-post-thumbnail 3.3.7 Reflected.Cross-Site.Scripting.(XSS) HIGH" "mq-woocommerce-products-price-bulk-edit No.known.fix XSS MEDIUM" "meta-box 5.9.11 Missing.Authorization.to.Information.Exposure MEDIUM" "meta-box 5.9.4 Contributor+.Arbitrary.Posts'.Custom.Field.Disclosure LOW" "meta-box 5.9.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "meta-box 4.16.3 Unauthorised.File.Deletion MEDIUM" "meta-box 4.16.2 Mishandled.Uploaded.Files HIGH" "mailster 4.0.10 Reflected.Cross-Site.Scripting MEDIUM" "mailster 4.0.7 Unauthenticated.Local.File.Inclusion CRITICAL" "mailster 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "mailster 2.4.9 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "momo-venmo 4.2 Reflected.Cross-Site.Scripting MEDIUM" "makecommerce 3.5.2 Reflected.Cross-Site.Scripting MEDIUM" "mimetic-books No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "maintenance 4.03 Authenticated.Stored.XSS MEDIUM" "mj-update-history No.known.fix Missing.Authorization MEDIUM" "mj-update-history No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mainwp-broken-links-checker-extension No.known.fix Unauthenticated.SQLi CRITICAL" "membership-for-woocommerce 2.1.7 Unauthenticated.Arbitrary.File.Upload CRITICAL" "multi-column-tag-map 17.0.27 Cross-Site.Request.Forgery MEDIUM" "multi-column-tag-map 17.0.25 Contributor+.Stored.XSS MEDIUM" "meks-video-importer 1.0.13 Missing.Authorization.to.Authenticated.(Subscriber+).API.Keys.Modification MEDIUM" "meks-video-importer No.known.fix Missing.Authorization MEDIUM" "mjm-clinic 1.1.23 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "mjm-clinic 1.1.23 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "mangboard 1.8.1 Reflected.Cross-Site.Scripting MEDIUM" "mangboard 1.7.8 Admin+.Stored.XSS LOW" "mangboard 1.8.2 Settings.Update.via.CSRF MEDIUM" "mangboard 1.6.9 SQL.Injection HIGH" "mh-board No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "mp-restaurant-menu 2.4.2 Admin+.Stored.Cross.Site.Scripting LOW" "membermouse 2.2.9 Blind.SQL.Injection CRITICAL" "mhr-post-ticker 1.2 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "most-popular-posts-widget-lite 0.9 Admin+.SQL.injection MEDIUM" "monetize No.known.fix Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "mapifylite-master 4.0.0 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "microsoft-advertising-universal-event-tracking-uet 1.0.4 Admin+.Stored.Cross-Site.Scripting LOW" "metorik-helper 1.7.2 Cross-Site.Request.Forgery MEDIUM" "mobilook 1.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "magic-login-api No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "muslim-prayer-time-bd No.known.fix Settings.Reset.via.CSRF MEDIUM" "members-list 4.3.7 Reflected.Cross-Site.Scripting MEDIUM" "map-multi-marker No.known.fix Reflected.Cross-Site.Scripting HIGH" "mass-delete-unused-tags 3.0.0 Tags.Deletion.via.CSRF MEDIUM" "media-list 1.4.0 Contributor+.Stored.XSS MEDIUM" "media-list 1.4.1 Contributor+.Stored.XSS MEDIUM" "mimo-woocommerce-order-tracking No.known.fix Missing.Authorization.to.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "meteor-slides 1.5.7 Contributor+.Stored.XSS MEDIUM" "min-and-max-quantity-for-woocommerce 1.1.1 Reflected.Cross-Site.Scripting MEDIUM" "metasync 1.8.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "mail-integration-365 1.9.1 Reflected.XSS HIGH" "mollie-forms 2.6.14 Cross-Site.Request.Forgery.to.Arbitrary.Post.Duplication MEDIUM" "mollie-forms 2.6.4 Missing.Authorization MEDIUM" "mollie-forms 2.6.4 Missing.Authorization.to.Arbitrary.Post.Duplication MEDIUM" "mystickymenu 2.7.3 Admin+.Stored.XSS LOW" "mystickymenu 2.7.2 Admin+.Stored.XSS LOW" "mystickymenu 2.6.8 Admin+.Stored.XSS LOW" "mystickymenu 2.6.7 CSV.Export.via.CSRF.to.Sensitive.Information.Disclosure LOW" "mystickymenu 2.6.5 Subscriber+.Arbitrary.Form.Leads.Deletion MEDIUM" "mystickymenu 2.5.2 Authenticated.Stored.XSS MEDIUM" "maintenance-coming-soon-redirect-animation No.known.fix IP.Spoofing.to.Bypass MEDIUM" "menu-image 3.11 Admin+.Stored.XSS LOW" "menu-image 3.10 Reflected.Cross-Site.Scripting MEDIUM" "menu-image 3.0.8 Subscriber+.Stored.Cross-Site.Scripting HIGH" "menu-image 3.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mojito-shipping 1.3.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "music-store 1.1.14 WordPress.eCommerce.<.1.1.14.-.Authenticated.(Admin+).SQL.Injection CRITICAL" "music-store 1.0.43 Cross-Site.Scripting.(XSS) MEDIUM" "media-tags No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "miniorange-wp-as-saml-idp 1.13.4 Admin+.Stored.Cross-Site.Scripting LOW" "miniorange-discord-integration 2.1.6 Subscriber+.App.Disabling MEDIUM" "mdc-youtube-downloader 2.1.1 Local.File.Inclusion HIGH" "maxi-blocks 1.9.3 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "mapplic 6.2.1 SSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "moreads-se 1.4.7 XSS MEDIUM" "meow-gallery 5.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "meow-gallery 4.1.9 Contributor+.SQL.Injection HIGH" "meow-gallery 4.2.0 Unauthorised.Arbitrary.Options.Update.via.REST.API HIGH" "masterslider No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "masterslider No.known.fix Authenticated.(Editor+).SQL.Injection HIGH" "masterslider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "make-paths-relative No.known.fix Settings.Update.via.CSRF MEDIUM" "memphis-documents-library 3.1.6 Arbitrary.File.Download CRITICAL" "meks-smart-social-widget No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "meks-smart-social-widget 1.6.4 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "mediabay-lite No.known.fix Missing.Authorization.via.AJAC.actions MEDIUM" "mediabay-lite No.known.fix Editor+.Stored.XSS MEDIUM" "mobile-banner 1.6 CSRF MEDIUM" "mailmunch 3.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mailmunch 3.1.3 Settings.Update.via.CSRF MEDIUM" "moveto No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "moveto No.known.fix Unauthenticated.SQL.Injection CRITICAL" "moveto No.known.fix Missing.Authorization.to.Unauthenticated.Options.Update CRITICAL" "moveto No.known.fix Unauthenticated.Directory.Traversal.to.Arbitrary.File.Deletion CRITICAL" "media-hygiene 3.0.2 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Attachment.Deletion MEDIUM" "mailtree-log-mail 1.0.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "molongui-authorship 4.7.8 Authenticated.(Author+).Insecure.Direct.Object.Reference MEDIUM" "molongui-authorship 4.7.8 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "molongui-authorship 4.7.5 Information.Exposure.via.ma_debug MEDIUM" "molongui-authorship 4.7.4 Missing.Authorization MEDIUM" "molongui-authorship 4.6.20 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "molongui-authorship 4.6.20 Reflected.XSS HIGH" "mini-loops No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "microblog-poster 1.6.2 Authenticated.Blind.SQL.Injection HIGH" "mwp-countdown No.known.fix Admin+.SQLi MEDIUM" "mainwp-child 4.4.1.2 Sensitive.File.Disclosure MEDIUM" "mainwp-child 4.1.8 Admin+.SQL.Injection MEDIUM" "mobile-call-now-map-buttons No.known.fix Admin+.Stored.XSS LOW" "mm-breaking-news No.known.fix Reflected.XSS MEDIUM" "mm-breaking-news No.known.fix Stored.XSS.via.CSRF HIGH" "mass-email-to-users 1.1.5 Reflected.XSS HIGH" "manual-image-crop 1.11 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "mmt-eventon-exim-lite 1.1.2 Reflected.Cross-Site.Scripting MEDIUM" "mobile-app-editor 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "mobile-app-editor 1.1.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "my-custom-css No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "more-better-reviews-for-woocommerce No.known.fix Missing.Authorization MEDIUM" "more-better-reviews-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "more-better-reviews-for-woocommerce 3.0.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "manager-for-icomoon 2.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "manager-for-icomoon 2.2 Contributor+.Stored.XSS MEDIUM" "media-slider 1.4.0 Missing.Authorization MEDIUM" "min-and-max-purchase-for-woocommerce No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "monarch 1.2.7 Privilege.Escalation HIGH" "mycryptocheckout 2.126 CSRF MEDIUM" "mycryptocheckout 2.124 Reflected.XSS HIGH" "meeting-scheduler-by-vcita No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "meeting-scheduler-by-vcita 4.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "meeting-scheduler-by-vcita 4.4.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "meeting-scheduler-by-vcita 4.4.3 Reflected.Cross-Site.Scripting MEDIUM" "meeting-scheduler-by-vcita 4.4.3 Missing.Authorization.to.Unauthenticated.Stored.Cross-Site.Scripting HIGH" "meeting-scheduler-by-vcita 4.4.3 Reflected.Cross-Site.Scripting MEDIUM" "meeting-scheduler-by-vcita 4.3.3 Reflected.XSS HIGH" "meeting-scheduler-by-vcita No.known.fix Missing.authentication CRITICAL" "meeting-scheduler-by-vcita No.known.fix Denial.of.Service.via.CSRF MEDIUM" "meeting-scheduler-by-vcita 4.3.1 Unauthenticated.Stored.Cross-Site.Scripting CRITICAL" "meeting-scheduler-by-vcita 4.3.0 Subscriber+.Denial.of.Service.by.account.logout MEDIUM" "meeting-scheduler-by-vcita No.known.fix Missing.Capability.Checks MEDIUM" "meks-flexible-shortcodes 1.3.5 Contributor+.Stored.XSS MEDIUM" "multipurpose-block 1.7.6 Reflected.Cross-Site.Scripting MEDIUM" "multipurpose-block 1.7.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "multi-page-toolkit No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "multisite-robotstxt-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "multisite-robotstxt-manager No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mainwp-code-snippets-extension 4.0.3 Subscriber+.Stored.XSS HIGH" "mainwp-code-snippets-extension 4.0.3 Subscriber+.Settings.Update MEDIUM" "mainwp-code-snippets-extension 4.0.3 Subscriber+.PHP.Objection.Injection HIGH" "meks-easy-ads-widget 2.0.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "media-file-manager No.known.fix Authenticated.Multiple.Vulnerabilities MEDIUM" "movies No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "mshop-mysite 1.1.8 Subscriber+.Settings.Update MEDIUM" "material-design-icons-for-elementor 1.4.3 Contributor+.Stored.XSS MEDIUM" "material-design-icons-for-elementor 1.4.3 Settings.Update.via.CSRF MEDIUM" "month-name-translation-benaceur 2.3.8 Admin+.Stored.XSS LOW" "mf-gig-calendar No.known.fix Cross-Site.Request.Forgery MEDIUM" "mf-gig-calendar No.known.fix Arbitrary.Event.Deletion.via.CSRF MEDIUM" "mf-gig-calendar No.known.fix Editor+.Stored.XSS LOW" "mf-gig-calendar No.known.fix Authenticated(Contributor+).SQL.Injection HIGH" "mf-gig-calendar 1.2.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "mf-gig-calendar 1.2 Reflected.Cross-Site.Scripting.(XSS) HIGH" "minimum-purchase-for-woocommerce No.known.fix Contributor+.Stored.XSS MEDIUM" "motopress-slider-lite No.known.fix Reflected.Cross-Site.Scripting HIGH" "motopress-slider-lite No.known.fix Subscriber+.Stored.Cross-Site.Scripting CRITICAL" "metform 3.3.0 Unauthenticated.Double-Extension.Arbitrary.File.Upload HIGH" "metform 3.8.9 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "metform 3.8.4 Missing.Authorization.to.Notice.Dismissal MEDIUM" "metform 3.8.6 Contributor+.Stored.XSS MEDIUM" "metform 3.8.4 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "metform 3.8.2 Cross-Site.Request.Forgery MEDIUM" "metform 3.3.2 Authenticated.(Subscriber+).Information.Disclosure.via.'mf_first_name'.shortcode MEDIUM" "metform 3.3.3 Cross-Site.Request.Forgery MEDIUM" "metform 3.3.1 Unauthenticated.CSV.Injection HIGH" "metform 3.3.2 Multiple.Subscriber+.Sensitive.Information.Disclosure.Issues MEDIUM" "metform 3.3.1 Multiple.Contributor+.Stored.XSS.via.Shortcode MEDIUM" "metform 3.3.2 Unauthenticated.Permalink.Structure.Update MEDIUM" "metform 3.2.2 reCaptcha.Bypass MEDIUM" "metform 3.2.0 Unauthenticated.Stored.XSS HIGH" "metform 2.1.4 Unauthenticated.API.keys.and.Secrets.Disclosure HIGH" "menu-icons 0.13.14 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.Upload MEDIUM" "multiple-post-passwords 1.1.2 Admin+.Stored.XSS LOW" "mapping-multiple-urls-redirect-same-page No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "new-year-firework No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "newspack-content-converter 1.0.0 Missing.Authorization MEDIUM" "navz-photo-gallery 2.7 Missing.Authorization MEDIUM" "navz-photo-gallery 2.0 Subscriber+.UserMeta.Update MEDIUM" "navz-photo-gallery 1.7.5 Reflected.Cross-Site.Scripting MEDIUM" "nmedia-user-file-uploader 22.8 Sensitive.Information.Exposure.via.user.uploads MEDIUM" "nmedia-user-file-uploader 22.7 Editor+.Arbitrary.File.Download HIGH" "nmedia-user-file-uploader 21.4 File.Upload.via.CSRF MEDIUM" "nmedia-user-file-uploader 21.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "nmedia-user-file-uploader 21.3 Subscriber+.Arbitrary.File.Upload CRITICAL" "nmedia-user-file-uploader 21.3 Unauthenticated.File.Renaming CRITICAL" "nmedia-user-file-uploader 18.3 Unauthenticated.Post.Meta.Change.to.Arbitrary.File.Download HIGH" "nmedia-user-file-uploader 18.3 Unauthenticated.Content.Injection.and.Stored.XSS HIGH" "nmedia-user-file-uploader 18.3 Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "nmedia-user-file-uploader 18.3 Unauthenticated.HTML.Injection MEDIUM" "nmedia-user-file-uploader 18.3 Privilege.Escalation MEDIUM" "nmedia-user-file-uploader 18.3 Authenticated.Arbitrary.Settings.Change.to.Arbitrary.File.Upload CRITICAL" "ninja-forms 3.8.16 Reflected.Self-Based.Cross-Site.Scripting.via.Referer MEDIUM" "ninja-forms 3.8.12 Administrator+.Stored.Cross-Site.Scripting MEDIUM" "ninja-forms 3.8.11 Reflected.XSS HIGH" "ninja-forms 3.8.7 Cross-Site.Request.Forgery MEDIUM" "ninja-forms 3.8.5 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "ninja-forms 3.8.1 Admin+.Stored.Cross-Site.Scripting MEDIUM" "ninja-forms 3.8.1 Publicly.Accessible.Form.Submission.Export.via.CSRF MEDIUM" "ninja-forms 3.8.1 Author+.Stored.XSS LOW" "ninja-forms 3.7.2 Unauthenticated.Second.Order.SQL.Injection MEDIUM" "ninja-forms 3.6.34 Admin+.Stored.XSS NONE" "ninja-forms 3.6.26 Admin+.Stored.HTML.Injection NONE" "ninja-forms 3.6.26 Subscriber+.Form.Entries.Export MEDIUM" "ninja-forms 3.6.26 Reflected.Cross-Site.Scripting HIGH" "ninja-forms 3.6.26 Contributor+.Form.Entries.Export MEDIUM" "ninja-forms 3.6.25 Admin+.Arbitrary.File.Deletion LOW" "ninja-forms 3.6.22 Reflected.XSS HIGH" "ninja-forms 3.6.13 Admin+.PHP.Objection.Injection MEDIUM" "ninja-forms 3.6.11 Unauthenticated.PHP.Object.Injection CRITICAL" "ninja-forms 3.6.10 Admin+.Stored.Cross-Site.Scripting LOW" "ninja-forms 3.6.10 Admin+.Stored.Cross-Site.Scripting.via.Import LOW" "ninja-forms 3.6.8-wp Unauthenticated.Email.Address.Disclosure MEDIUM" "ninja-forms 3.6.4 Admin+.SQL.Injection MEDIUM" "ninja-forms 3.5.8.2 Admin+.Stored.Cross-Site.Scripting LOW" "ninja-forms 3.5.8 Unprotected.REST-API.to.Email.Injection MEDIUM" "ninja-forms 3.5.8 Unprotected.REST-API.to.Sensitive.Information.Disclosure MEDIUM" "ninja-forms 3.5.5 Reflected.Cross-Site.Scripting MEDIUM" "ninja-forms 3.4.34.1 Authenticated.OAuth.Connection.Key.Disclosure HIGH" "ninja-forms 3.4.34 CSRF.to.OAuth.Service.Disconnection MEDIUM" "ninja-forms 3.4.34 Authenticated.SendWP.Plugin.Installation.and.Client.Secret.Key.Disclosure CRITICAL" "ninja-forms 3.4.34 Administrator.Open.Redirect MEDIUM" "ninja-forms 3.4.27.1 Validation.Bypass.via.Email.Field MEDIUM" "ninja-forms 3.4.27.1 CSRF.leading.to.Arbitrary.Plugin.Installation HIGH" "ninja-forms 3.4.28 Stored.Cross-Site.Scripting MEDIUM" "ninja-forms 3.4.24.2 CSRF.to.Stored.XSS HIGH" "ninja-forms 3.4.23 CSRF.to.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "ninja-forms 3.3.21.3 XSS.and.SQLi CRITICAL" "ninja-forms 3.3.21.2 SQL.Injection MEDIUM" "ninja-forms 3.3.19.1 Authenticated.Open.Redirect MEDIUM" "ninja-forms 3.3.18 Unauthenticated.Cross-Site.Scripting.(XSS) HIGH" "ninja-forms 3.3.14 Cross-Site.Scripting.(XSS).in.Import.Function CRITICAL" "ninja-forms 3.3.14 CSV.Injection HIGH" "ninja-forms 3.3.9 Insufficient.Restrictions.during.Export.Personal.Data.requests MEDIUM" "ninja-forms 3.2.15 Parameter.Tampering MEDIUM" "ninja-forms 3.2.14 Cross-Site.Scripting.(XSS) CRITICAL" "nowpayments-for-woocommerce 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "nd-elements 2.2 Authenticated.(Contributor+).Local.File.Inclusion.via.Multiple.Widget.Attributes HIGH" "navigation-menu-as-dropdown-widget 1.3.5 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "no-external-links No.known.fix Admin+.Stored.XSS LOW" "nitek-carousel-cool-transitions No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "nitek-carousel-cool-transitions No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "nitek-carousel-cool-transitions No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "notificationx 2.8.3 Unauthenticated.SQL.Injection CRITICAL" "notificationx 2.3.12 Unauthenticated.SQLi HIGH" "notificationx 2.3.9 Unauthenticated.Blind.SQL.Injection HIGH" "notificationx 1.8.3 Cross-Site.Request.Forgery MEDIUM" "notificationx 1.8.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "narnoo-distributor No.known.fix Unauthenticated.LFI.to.Arbitrary.File.Read./.RCE HIGH" "nlinks No.known.fix Authenticated.SQL.Injection HIGH" "number-chat No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "number-chat No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "nexter-extension 2.0.4 Reflected.XSS HIGH" "nexter-extension 2.0.4 Authenticated(Editor+).Remote.Code.Execution.via.metabox HIGH" "nice-paypal-button-lite No.known.fix CSRF MEDIUM" "neshan-maps No.known.fix Admin+.SQLi MEDIUM" "nimble-portfolio No.known.fix Unauthenticated.Server-Side.Request.Forgery CRITICAL" "ninjafirewall 4.3.4 Authenticated.(admin+).PHAR.Deserialization LOW" "nextgen-gallery-geo 2.0.3 Unauthenticated.PHP.Object.Injection MEDIUM" "nextcellent-gallery-nextgen-legacy No.known.fix Admin+.Stored.XSS LOW" "nextgen-gallery-pro 3.1.11 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "nktagcloud No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "new-album-gallery 1.5.8 Missing.Authorization MEDIUM" "new-album-gallery 1.5.0 Cross-Site.Request.Forgery MEDIUM" "news-element 1.0.6 Unauthenticated.LFI HIGH" "nex-forms-express-wp-form-builder 8.7.4 Reflected.Cross-Site.Scripting MEDIUM" "nex-forms-express-wp-form-builder 8.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nex-forms-express-wp-form-builder 8.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "nex-forms-express-wp-form-builder 8.5.7 Missing.Authorization.via.set_read() MEDIUM" "nex-forms-express-wp-form-builder 8.5.7 Missing.Authorization.via.set_starred() MEDIUM" "nex-forms-express-wp-form-builder 8.5.7 Missing.Authorization.via.restore_records() MEDIUM" "nex-forms-express-wp-form-builder 8.5.5 Cross-Site.Request.Forgery MEDIUM" "nex-forms-express-wp-form-builder 8.5.6 Authenticated.(Admin+).SQL.Injection MEDIUM" "nex-forms-express-wp-form-builder 8.4.4 Authenticated.Stored.XSS LOW" "nex-forms-express-wp-form-builder 8.4 Admin+.SQL.Injection MEDIUM" "nex-forms-express-wp-form-builder 8.3.3 Contributor+.Stored.XSS MEDIUM" "nex-forms-express-wp-form-builder 7.9.7 Authenticated.SQLi MEDIUM" "nex-forms-express-wp-form-builder 8.4.3 Stored.Cross-Site.Scripting.via.CSRF HIGH" "nex-forms-express-wp-form-builder 7.8 Subscriber+.Unauthorised.AJAX.Calls MEDIUM" "nex-forms-express-wp-form-builder 4.6.1 Unauthenticated.Blind.SQL.Injection CRITICAL" "ns-facebook-pixel-for-wp No.known.fix Admin+.Stored.XSS LOW" "nitropack 1.16.8 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "nitropack 1.10.3 Multiple.CSRF MEDIUM" "nitropack 1.10.0 Missing.Authorization.via.multiple.AJAX.functions MEDIUM" "novelist 1.2.3 Cross-Site.Request.Forgery MEDIUM" "novelist 1.2.1 Admin+.Stored.XSS MEDIUM" "new-video-gallery 1.5.4 Missing.Authorization MEDIUM" "newsletter2go No.known.fix Authenticated(Subscriber+).Stored.Cross-Site.Scripting.via.style MEDIUM" "nd-travel No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "nd-travel 1.7 Unauthenticated.Options.Change MEDIUM" "nps-computy 2.7.6 Results.Deletion.via.CSRF MEDIUM" "nps-computy 2.7.6 Admin+.Stored.XSS LOW" "new-user-email-set-up No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "nextend-twitter-connect 1.5.2 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "night-mode 1.4.0 Admin+.Stored.Cross-Site.Scripting LOW" "newsletter-image-generator No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "nafeza-prayer-time No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "notices No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ntzantispam No.known.fix Settings.Update.via.CSRF HIGH" "nova-blocks 2.1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.align.Attribute MEDIUM" "notifier 2.6.1 Admin+.Stored.XSS LOW" "nichetable 2.8.0 Reflected.Cross-Site.Scripting MEDIUM" "nichetable 2.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ns-coupon-to-become-customer No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "nd-projects No.known.fix Contributor+.Stored.XSS MEDIUM" "nd-projects No.known.fix Contributor+.Stored.XSS MEDIUM" "nd-projects No.known.fix Authenticated.Local.File.Inclusion MEDIUM" "nd-projects 1.6 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "new-order-notification-for-woocommerce No.known.fix Missing.Authorization MEDIUM" "n-media-woocommerce-checkout-fields 18.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "netreviews 2.3.15 Admin+.Stored.XSS LOW" "ninja-forms-uploads 3.3.18 Unauthenticated.Stored.Cross-Site.Scripting.via.File.Upload HIGH" "ninja-forms-uploads 3.3.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "ninja-forms-uploads 3.3.13 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "ninja-forms-uploads 3.0.23 Unauthenticated.Arbitrary.File.Upload HIGH" "nirweb-support 2.8.2 Unauthenticated.SQLi HIGH" "news-announcement-scroll 9.1.0 .Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "news-announcement-scroll 9.0.0 Admin+.Stored.XSS LOW" "newsletter-api 2.4.6 API.v1.and.v2.addon.for.Newsletter.<.2.4.6.-.Missing.Authorization.to.Email.Subscribers.Management MEDIUM" "next-page No.known.fix Admin+.Stored.XSS LOW" "new-order-popup No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ninja-job-board 1.3.3 Resume.Disclosure.via.Directory.Listing MEDIUM" "nova-poshta-ttn 1.7.49 Reflected.Cross-Site.Scripting MEDIUM" "new-royalslider 3.4.3 Reflected.Cross-Site.Scripting MEDIUM" "nuajik-cdn No.known.fix Admin+.Stored.XSS LOW" "nugget-by-ingot No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "nugget-by-ingot No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "nd-shortcodes 7.6 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "nd-shortcodes 7.0 Contributor+.Stored.XSS.via.Shortcodes MEDIUM" "nd-shortcodes 7.0 Subscriber+.LFI HIGH" "nd-shortcodes 6.0 Unauthenticated.WP.Options.Update MEDIUM" "nicejob 3.6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nicejob 3.6.5 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "newspack-newsletters 2.13.3 Missing.Authorization MEDIUM" "newspack-newsletters 2.13.3 Cross-Site.Request.Forgery MEDIUM" "notifyvisitors-lead-form No.known.fix Admin+.Stored.XSS LOW" "nooz 1.7.0 Admin+.Stored.XSS LOW" "ni-purchase-orderpo-for-woocommerce 1.2.2 Admin+.File.Upload.to.Remote.Code.Execution MEDIUM" "nofollow-jquery-links 1.5.2 Reflected.Cross-Site.Scripting MEDIUM" "nofollow-jquery-links 1.4.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "nelio-content 3.2.1 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "ni-woocommerce-custom-order-status 1.9.7 Subscriber+.SQL.Injection HIGH" "newsletter-optin-box 3.4.3 Missing.Authorization.to.Unauthenticated.Form.Submission MEDIUM" "newsletter-optin-box 1.6.5 Open.Redirect MEDIUM" "newsletters-lite 4.9.9.2 Reflected.Cross-Site.Scripting MEDIUM" "newsletters-lite 4.9.9.3 Authenticated.Privilege.Escalation HIGH" "newsletters-lite 4.9.9 Reflected.Cross-Site.Scripting MEDIUM" "newsletters-lite 4.9.9.1 Unauthenticated.Full.Path.Disclosure MEDIUM" "newsletters-lite 4.9.8 Cross-Site.Request.Forgery MEDIUM" "newsletters-lite 4.9.6 Reflected.Cross-Site.Scripting MEDIUM" "newsletters-lite 4.9.6 Information.Exposure.via.Log.files MEDIUM" "newsletters-lite 4.9.6 Authenticated.(Admin+).Arbitrary.File.Upload CRITICAL" "newsletters-lite 4.9.3 Admin+.Command.Injection MEDIUM" "newsletters-lite 4.6.19 Multiple.Issues HIGH" "newsletters-lite 4.6.8.6 PHP.Object.Injection CRITICAL" "new-adman No.known.fix Settings.Update.via.CSRF MEDIUM" "new-adman No.known.fix Admin+.Stored.XSS LOW" "nd-restaurant-reservations No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nd-restaurant-reservations 2.0 Directory.Traversal.to.Authenticated.(Contributor+).Local.File.Inclusion HIGH" "nd-restaurant-reservations 1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nd-restaurant-reservations 1.5 Unauthenticated.Options.Change CRITICAL" "nd-booking No.known.fix Contributor+.Stored.XSS MEDIUM" "nd-booking 2.5 Unauthenticated.Options.Change MEDIUM" "notification-plus No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "network-summary No.known.fix Unauthenticated.SQL.Injection CRITICAL" "new-grid-gallery 1.4.4 Contributor+.PHP.Object.Injection.via.shortcode MEDIUM" "new-grid-gallery 1.2.5 Authenticated.Stored.Cross.Site.Scripting.(XSS) LOW" "nextend-smart-slider3-pro 3.5.0.9 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "newstatpress 1.3.6 Reflected.Cross-Site.Scripting MEDIUM" "newstatpress 1.2.5 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "newstatpress 1.0.6 SQL.Injection CRITICAL" "newstatpress 1.0.6 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "newstatpress 1.0.4 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "newstatpress 1.0.1 SQL.Injection CRITICAL" "ninjalibs-ses No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "naver-map No.known.fix Contributor+.Stored.XSS MEDIUM" "notice-board No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "nextend-facebook-connect 3.1.13 Reflected.Self-Based.Cross-Site.Scripting.via.error_description MEDIUM" "ninja-tables 5.0.13 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "ninja-tables 5.0.10 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "ninja-tables 5.0.7 Contributor+.Table.Data.Access LOW" "ninja-tables 4.3.5 Admin+.Stored.XSS LOW" "ninja-tables 4.1.8 Admin+.Stored.Cross-Site.Cross-Site.Scripting LOW" "no-api-amazon-affiliate 4.4.0 Admin+.Stored.XSS LOW" "no-bot-registration 2.0 Cross-Site.Request.Forgery MEDIUM" "nextgen-gallery 3.59.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "nextgen-gallery 3.59.3 Admin+.Stored.XSS LOW" "nextgen-gallery 3.59.1 Admin+.Stored.XSS LOW" "nextgen-gallery 3.59.1 Missing.Authorization.to.Unauthenticated.Information.Disclosure MEDIUM" "nextgen-gallery 3.39 Admin+.PHAR.Deserialization HIGH" "nextgen-gallery 3.39 Admin+.Local.File.Inclusion MEDIUM" "nextgen-gallery 3.39 Admin+.Arbitrary.File.Read.and.Delete MEDIUM" "nextgen-gallery 3.3.10 Reflected.Cross-Site.Scripting MEDIUM" "nextgen-gallery 3.29 Thumbnail.Deletion.via.CSRF MEDIUM" "nextgen-gallery 3.5.0 CSRF.allows.File.Upload HIGH" "nextgen-gallery 3.5.0 CSRF.allows.File.Upload,.Stored.XSS,.and.RCE CRITICAL" "nextgen-gallery 3.2.11 SQL.Injection CRITICAL" "nextgen-gallery 3.1.7 Subscriber+.Arbitrary.Option.Update CRITICAL" "nextgen-gallery 3.1.6 Authenticated.PHP.Object.Injection HIGH" "nextgen-gallery 2.2.50 Galley.Paths.Not.Secured HIGH" "nextgen-gallery 2.2.45 Cross-Site.Scripting.(XSS) MEDIUM" "nextgen-gallery 2.1.79 Unauthenticated.SQL.Injection HIGH" "nextgen-gallery 2.1.57 Authenticated.Local.File.Inclusion.(LFI).&.SQLi CRITICAL" "nextgen-gallery 2.1.15 Unrestricted.File.Upload HIGH" "nextgen-gallery 2.1.10 Multiple.XSS MEDIUM" "nextgen-gallery 2.1.9 Authenticated.Path.Traversal MEDIUM" "nextgen-gallery 2.1.15 Path.Traversal MEDIUM" "nextgen-gallery 2.0.77.3 CSRF.&.Arbitrary.File.Upload HIGH" "nextgen-gallery 2.0.0 gallerypath.Parameter.Stored.XSS HIGH" "nextgen-gallery 2.0.0 Full.Path.Disclosure CRITICAL" "noo-timetable No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "noo-timetable No.known.fix Cross-Site.Request.Forgery MEDIUM" "novo-map No.known.fix CSRF MEDIUM" "ninja-gdpr-compliance 2.7.1 Missing.Authorization.to.Settings.Update.and.Stored.Cross-Site.Scripting MEDIUM" "ninja-gdpr-compliance 2.4 Unauthenticated.PHP.Object.Injection HIGH" "nimble-builder 3.2.2 Reflected.Cross-Site.Scripting MEDIUM" "nd-donations No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "nd-donations No.known.fix Unauthenticated.SQLi HIGH" "nd-donations 1.4 Unauthenticated.Options.Change MEDIUM" "nofollow-links 1.0.11 Cross-Site.Scripting.(XSS) MEDIUM" "newspack-ads 1.47.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "netforum-directory-with-importer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "netforum-directory-with-importer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "no-update-nag No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "note-press No.known.fix Admin+.SQLi.via.Update MEDIUM" "note-press No.known.fix Admin+.SQLi.via.id MEDIUM" "note-press No.known.fix Admin+.SQLi.via.Bulk.Actions MEDIUM" "note-press 0.1.2 SQL.Injection CRITICAL" "new-user-approve 2.5.2 Cross-Site.Request.Forgery.via.admin_notices MEDIUM" "new-user-approve 2.5.1 Reflected.Cross-Site.Scripting MEDIUM" "new-user-approve 2.4 Arbitrary.Settings.Update.&.Invitation.Code.Creation.via.CSRF MEDIUM" "new-user-approve 2.4.1 Reflected.Cross-Site.Scripting MEDIUM" "new-user-approve 2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "nd-learning 5.0 Admin+.Stored.Cross-Site.Scripting LOW" "nd-learning 4.8 Unauthenticated.Options.Change MEDIUM" "nex-forms 7.8.8 Authentication.Bypass.for.Excel.Reports MEDIUM" "nex-forms 7.8.8 Authentication.Bypass.for.PDF.Reports MEDIUM" "newsletter-popup No.known.fix Subscriber.Deletion.via.CSRF MEDIUM" "newsletter-popup No.known.fix List.Deletion.via.CSRF MEDIUM" "newsletter-popup No.known.fix Unauthenticated.Stored.XSS HIGH" "newsletter-popup No.known.fix Admin+.Stored.XSS LOW" "newsletter-popup No.known.fix Record.Deletion.via.CSRF MEDIUM" "newsletter-popup No.known.fix Unauthenticated.Stored.XSS HIGH" "new-image-gallery 1.4.6 Missing.Authorization MEDIUM" "news-wall No.known.fix Cross-Site.Request.Forgery.to.Plugin.Settings.Update MEDIUM" "nm-visitors No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.via.HTTP.Header HIGH" "new-photo-gallery 1.4.3 Contributor+.PHP.Object.Injection.via.Shortcode MEDIUM" "notification 6.1.0 Reflected.Cross-Site.Scripting MEDIUM" "notification 8.0.0 Admin+.Stored.Cross-Site.Scripting LOW" "nextgen-gallery-sell-photo No.known.fix Authenticated.Stored.Cross-Site.Scripting LOW" "neon-text 1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ns-woocommerce-watermark No.known.fix Abuse.of.Functionality MEDIUM" "newsletter-by-supsystic No.known.fix Authenticated.SQL.Injection CRITICAL" "newsletter-by-supsystic 1.1.8 Authenticated.Stored.XSS.&.CSRF HIGH" "no-future-posts No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "noted-pro No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "noted-pro No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "nifty-coming-soon-and-under-construction-page 1.58 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "name-directory 1.29.1 Reflected.Cross-Site.Scripting MEDIUM" "name-directory 1.27.2 Settings.Update.via.CSRF MEDIUM" "name-directory 1.25.5 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "name-directory 1.25.4 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "name-directory 1.25.3 Reflected.Cross-Site.Scripting MEDIUM" "name-directory 1.25.4 Arbitrary.Directory/Name.Deletion.via.CSRF MEDIUM" "name-directory 1.18 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "nelio-ab-testing 4.6.4 CSRF HIGH" "nelio-ab-testing 4.5.11 SSRF CRITICAL" "nelio-ab-testing 4.5.9 Server.Side.Request.Forgery.(SSRF) CRITICAL" "nelio-ab-testing 4.5.0 Path.Traversal MEDIUM" "newsletter 8.3.5 Unauthenticated.Stored.Cross-Site.Scripting.via.np1 MEDIUM" "newsletter 8.2.1 IP.Spoofing MEDIUM" "newsletter 7.9.0 Contributor+.Stored.XSS MEDIUM" "newsletter 7.6.9 Reflected.XSS HIGH" "newsletter 7.4.6 Admin+.Stored.Cross-Site.Scripting LOW" "newsletter 7.4.5 Reflected.Cross-Site.Scripting LOW" "newsletter 6.8.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "newsletter 6.8.2 Authenticated.PHP.Object.Injection MEDIUM" "newsletter 6.7.7 Authenticated.Stored.Cross-Site.Scripting LOW" "newsletter 6.5.4 CSV.Injection LOW" "newsletter 3.8.3 Open.Redirect LOW" "newsletter 3.2.7 Cross-Site.Scripting.(XSS) MEDIUM" "newsletter 3.0.9 SQL.Injection MEDIUM" "nofollow No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "neuvoo-jobroll No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "new-contact-form-widget 1.4.0 Sensitive.Information.Exposure MEDIUM" "ninja-beaver-lite-addons-for-beaver-builder No.known.fix .Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Widgets MEDIUM" "nexus No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "nexus No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "nexus No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "notice-bar 3.1.1 Contributor+.Stored.XSS MEDIUM" "namaste-lms 2.6.1.2 Reflected.Cross-Site.Scripting MEDIUM" "namaste-lms 2.6 Admin+.Stored.XSS LOW" "namaste-lms 2.5.9.4 Admin+.Stored.XSS LOW" "namaste-lms 2.5.9.2 Admin+.Stored.XSS LOW" "netgsm No.known.fix Missing.Authorization MEDIUM" "netgsm 2.9.1 Reflected.Cross-Site.Scripting MEDIUM" "n5-uploadform No.known.fix Unauthenticated.Arbitrary.File.Upload.to.RCE CRITICAL" "ni-woocommerce-sales-report 3.7.4 Subscriber+.Sale.&.Order.Reports.Access MEDIUM" "newspack-popups 2.31.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "newsplugin 1.1.0 CSRF.to.Stored.Cross-Site.Scripting HIGH" "newspack-blocks 3.0.9 Authenticated.(Contributor+).Arbitrary.File.Upload CRITICAL" "newspack-blocks 3.0.9 Missing.Authorization MEDIUM" "newspack-blocks 3.0.9 Authenticated.(Contributor+).Arbitrary.Directory.Deletion MEDIUM" "newspack-blocks 3.0.9 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "newsletter-manager No.known.fix Unauthenticated.Insecure.Deserialisation HIGH" "newsletter-manager 1.5 Unauthenticated.Open.Redirect MEDIUM" "newsletter-manager 1.0.2 Authenticated.Reflected.Cross.Site.Scripting HIGH" "newsletter-manager 1.0.2 Cross-Site.Request.Forgery MEDIUM" "nudgify 1.3.4 Cross-Site.Request.Forgery.via.sync_orders_manually() MEDIUM" "newsletter-bulk-email No.known.fix Contributor+.Stored.XSS MEDIUM" "next-order-coupon-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "next-order-coupon-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "next-order-coupon-woocommerce No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "optimole-wp 3.13.0 Author+.Stored.Cross-Site.Scripting.via.SVG.Upload MEDIUM" "optimole-wp 3.3.2 Admin+.Stored.Cross-Site.Scripting LOW" "official-facebook-pixel 3.0.0 PHP.Object.Injection.with.POP.Chain CRITICAL" "official-facebook-pixel 3.0.4 CSRF.to.Stored.XSS.and.Settings.Deletion HIGH" "ooohboi-steroids-for-elementor 2.1.5 Arbitrary.File.Upload MEDIUM" "ooohboi-steroids-for-elementor 2.1.5 Subscriber+.Attachment.Deletion MEDIUM" "ovic-product-bundle No.known.fix Missing.Authorization MEDIUM" "out-of-the-box 1.20.3 Reflected.Cross-Site.Scripting MEDIUM" "orbisius-child-theme-creator 1.5.5 Reflected.Cross-Site.Scripting MEDIUM" "orbisius-child-theme-creator 1.5.2 CSRF.to.Arbitrary.File.Modification/Creation HIGH" "orbisius-child-theme-creator 1.2.8 Arbitrary.File.Write MEDIUM" "olimometer 2.57 Unauthenticated.SQL.Injection CRITICAL" "option-tree 2.7.3 Object.Injection.Bypass CRITICAL" "option-tree 2.7.0 PHP.Object.Injection CRITICAL" "option-tree 2.6.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "option-tree 2.5.4 XSS MEDIUM" "onwebchat 3.2.0 Live.support.<.3.2.0.-.Cross-Site.Request.Forgery MEDIUM" "ocean-extra 2.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ocean-extra 2.2.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Flickr.Widget MEDIUM" "ocean-extra 2.2.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "ocean-extra 2.2.5 Contributor+.Stored.XSS MEDIUM" "ocean-extra 2.2.3 Cross-Site.Request.Forgery.to.Arbitrary.Plugin.Activation MEDIUM" "ocean-extra 2.1.8 Reflected.Cross-Site.Scripting MEDIUM" "ocean-extra 2.1.3 Contributor+.Stored.XSS MEDIUM" "ocean-extra 2.1.3 Subscriber+.Arbitrary.Post.Content.Disclosure MEDIUM" "ocean-extra 2.1.2 Contributor+.Stored.XSS MEDIUM" "ocean-extra 2.0.5 Admin+.PHP.Objection.Injection MEDIUM" "ocean-extra 1.9.5 Reflected.Cross-Site.Scripting MEDIUM" "ocean-extra 1.9.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ocean-extra 1.6.6 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "ocean-extra 1.5.9 Unauthenticated.Settings.change.and.CSS.injection HIGH" "one-user-avatar 2.3.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "one-user-avatar 2.3.7 Avatar.Update.via.CSRF LOW" "ops-robots-txt 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "oauth2-provider 4.4.0 Open.Redirect MEDIUM" "oauth2-provider 4.3.0 Subscriber+.Arbitrary.Client.Deletion MEDIUM" "oauth2-provider 4.2.5 Arbitrary.Post.Deletion.via.CSRF MEDIUM" "oauth2-provider 3.4.2 Client.Secret.Regeneration.via.CSRF MEDIUM" "oauth2-provider 4.2.2 Admin+.Stored.XSS LOW" "oauth2-provider 3.1.5 Insecure.Pseudor&om.Number.Generation CRITICAL" "opal-estate No.known.fix Cross-Site.Request.Forgery MEDIUM" "opal-estate No.known.fix CSRF.Bypass MEDIUM" "opal-estate No.known.fix Missing.Authorization MEDIUM" "oxygenbuilder 4.9 Missing.Authorization.to.Authenticated.(Subscriber+).Stylesheet.Update MEDIUM" "oxygenbuilder 4.8.3 Authenticated.(Contributor+).Remote.Code.Execution HIGH" "oxygenbuilder 4.8.1 Contributor+.Stored.XSS MEDIUM" "oxyextras 1.4.5 Unauthenticated.Cross-Site.Scripting MEDIUM" "ovic-vc-addon No.known.fix Missing.Authorization MEDIUM" "ovic-vc-addon 1.2.9 Subscriber+.Option.Update HIGH" "open-graph-metabox No.known.fix CSRF MEDIUM" "open-social No.known.fix Admin+.Stored.XSS LOW" "olympus-google-fonts 3.7.8 Missing.Authorization MEDIUM" "olympus-google-fonts 3.7.8 Cross-Site.Request.Forgery MEDIUM" "olympus-google-fonts 3.0.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "oss-aliyun 1.4.11 Authenticated.(Administrator+).SQL.Injection CRITICAL" "otp-easy-login-with-mocean No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "open-external-links-in-a-new-window 1.43 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "open-external-links-in-a-new-window 1.43 Tabnabbing LOW" "owl-carousel No.known.fix Contributor+.Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "order-your-posts-manually No.known.fix Admin+.SQLi MEDIUM" "order-your-posts-manually No.known.fix Reflected.XSS HIGH" "opening-hours 1.47 Admin+.Stored.XSS LOW" "opening-hours 1.46 Cross-Site.Request.Forgery MEDIUM" "opening-hours 1.45 Missing.Authorization MEDIUM" "opening-hours 1.42 Admin+.Stored.Cross-Site.Scripting LOW" "opening-hours 1.38 Admin+.Stored.XSS LOW" "oauth-client-for-user-authentication 3.0.4 Unauthenticated.Settings.Update.to.Authentication.Bypass CRITICAL" "oauth-twitter-feed-for-developers No.known.fix Admin+.Stored.XSS LOW" "olive-one-click-demo-import No.known.fix Unauthenticated.Information.Exposure MEDIUM" "olive-one-click-demo-import 1.1.2 Missing.Authorization MEDIUM" "olive-one-click-demo-import No.known.fix Admin+.Arbitrary.File.Upload MEDIUM" "one-page-express-companion 1.6.38 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.one_page_express_contact_form.Shortcode MEDIUM" "one-click-close-comments No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "orange-form No.known.fix Unauthenticated.Arbitrary.Post.Deletion CRITICAL" "orange-form No.known.fix SQL.Injection.via.CSRF HIGH" "ota-sync-booking-engine-widget No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ovic-import-demo No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Download MEDIUM" "osm 6.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.osm_map.and.osm_map_v3.Shortcodes MEDIUM" "osm 6.0.4 Authenticated.(Contributor+).SQL.Injection CRITICAL" "osm 6.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "osm 6.0.6 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "osm 6.0.3 CSRF MEDIUM" "oauth-client 1.11.4 Authenticated.Bypass CRITICAL" "oik 4.12.1 Cross-Site.Request.Forgery MEDIUM" "oik 4.12.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.bw_button.Shortcode MEDIUM" "oik 4.10.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "optinly 1.0.19 Missing.Authorization MEDIUM" "optinly 1.0.16 CSRF MEDIUM" "otter-pro 2.6.12 Authenticated.(Subscriber+).Information.Exposure MEDIUM" "otter-pro 2.6.4 Unauthenticated.Stored.Cross-Site.Scripting.via.SVG.Upload MEDIUM" "otter-pro 2.6.4 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.File.Field.CSS MEDIUM" "order-export-and-more-for-woocommerce 3.24 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "open-user-map 1.3.27 Admin+.Stored.XSS LOW" "open-user-map 1.3.15 Reflected.Cross-Site.Scripting MEDIUM" "open-user-map 1.2.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "order-delivery-date-for-woocommerce 3.21.1 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "order-delivery-date-for-woocommerce 3.20.1 Reflected.XSS HIGH" "order-import-export-for-woocommerce 2.5.0 Authenticated.(Administrator+).PHP.Object.Injection HIGH" "order-import-export-for-woocommerce 2.4.4 Shop.Manager+.Arbitrary.File.Upload HIGH" "optin-forms 1.3.7 Admin+.Stored.Cross-Site.Scripting LOW" "optin-forms 1.3.3 Admin+.Stored.XSS LOW" "outbound-link-manager No.known.fix Settings.Update.via.CSRF MEDIUM" "optima-express 7.3.1 Admin+.Stored.XSS LOW" "options-for-twenty-seventeen 2.5.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "order-delivery-date No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "order-delivery-date No.known.fix Admin+.Stored.XSS LOW" "order-delivery-date No.known.fix Settings.Update.via.CSRF MEDIUM" "opti-marketing No.known.fix Unauthenticated.SQLi HIGH" "order-picking-for-woocommerce 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "official-statcounter-plugin-for-wordpress 2.0.7 Admin+.Stored.Cross-Site.Scripting LOW" "one-click-demo-import 3.2.1 Authenticated.(Admin+).PHP.Object.Injection HIGH" "one-click-demo-import 3.1.0 Admin+.Arbitrary.File.Upload MEDIUM" "order-auto-complete-for-woocommerce 1.2.1 Admin+.Stored.XSS LOW" "oxygen 4.4 CSRF MEDIUM" "opal-hotel-room-booking No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "order-on-chat-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "order-on-chat-for-woocommerce 1.6.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "opengraph 1.11.3 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "octrace-support 1.2.5 Reflected.Cross-Site.Scripting MEDIUM" "octrace-support 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "organization-chart 1.5.1 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.title_input.and.node_description.Parameters MEDIUM" "organization-chart 1.4.5 Multiple.CSRF MEDIUM" "organization-chart 1.4.5 Admin+.Stored.XSS LOW" "onelogin-saml-sso 2.4.3 Signature.Wrapping HIGH" "osmapper No.known.fix Unauthenticated.Arbitrary.Post.Deletion HIGH" "opal-estate-pro No.known.fix Contributor+.Stored.XSS MEDIUM" "original-texts-yandex-webmaster No.known.fix Cross-Site.Request.Forgery MEDIUM" "order-tip-woo 1.4.0 Missing.Authorization.to.Unauthenticated.Data.Export MEDIUM" "order-redirects-for-woocommerce 0.8.1 Reflected.Cross-Site.Scripting MEDIUM" "oauth2-server No.known.fix Authentication.Bypass MEDIUM" "openpgp-form-encryption 1.5.1 Contributor+.Stored.XSS MEDIUM" "oopspam-anti-spam 1.1.45 Cross-Site.Request.Forgery MEDIUM" "oopspam-anti-spam 1.1.36 Admin+.Stored.XSS LOW" "opal-widgets-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "obfuscate-email No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "opensea No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "opensea 1.0.3 Admin+.Stored.XSS MEDIUM" "opensea 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ovic-addon-toolkit No.known.fix Missing.Authorization MEDIUM" "osm-map-elementor 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "oneelements-ultimate-addons-for-elementor No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "one-click-plugin-updater No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "olivewp-companion No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ocim-mp3 No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "out-of-stock-display-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "official-mailerlite-sign-up-forms 1.7.7 1.7.6.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "official-mailerlite-sign-up-forms 1.7.7 Missing.Authorization MEDIUM" "official-mailerlite-sign-up-forms 1.5.8 Signup.forms.(official).<.1.5.8.-.API.Key.Update.via.CSRF MEDIUM" "official-mailerlite-sign-up-forms 1.5.4 Reflected.Cross-Site.Scripting MEDIUM" "official-mailerlite-sign-up-forms 1.4.5 Multiple.CSRF.Issues HIGH" "official-mailerlite-sign-up-forms 1.4.4 Unauthenticated.SQL.Injection CRITICAL" "order-hours-scheduler-for-woocommerce 4.3.22 Reflected.Cross-Site.Scripting MEDIUM" "opt-in-hound No.known.fix Reflected.Cross-Site.Scripting.via.add_query_arg.Parameter MEDIUM" "olevmedia-shortcodes No.known.fix Contributor+.Stored.XSS MEDIUM" "olevmedia-shortcodes 1.1.9 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "only-tweet-like-share-and-google-1 No.known.fix Admin+.Stored.XSS LOW" "one-page-blocks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "one-page-blocks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "one-page-blocks No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "official-sendle-shipping-method 5.18 Reflected.XSS HIGH" "openbook-book-data No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "one-click-ssl 1.4.7 Multiple.Issues HIGH" "open-graphite 1.6.1 Reflected.Cross-Site.Scripting HIGH" "online-accessibility No.known.fix Subscriber+.SQLi HIGH" "online-accessibility No.known.fix Subscriber+.SQLi MEDIUM" "osd-subscribe No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "opcache No.known.fix Reflected.XSS HIGH" "og-tags 2.0.2 Plugin's.Settings.Update.via.CSRF MEDIUM" "oi-yamaps No.known.fix Contributor+.Stored.XSS MEDIUM" "oneclick-whatsapp-order 1.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "oneclick-whatsapp-order 1.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "oneclick-whatsapp-order 1.0.5 Admin+.Stored.XSS LOW" "oneclick-whatsapp-order 1.0.4.2 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "onclick-show-popup 6.6 Admin+.Stored.XSS LOW" "order-and-inventory-manager-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "order-and-inventory-manager-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "optinmonster 2.16.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "optinmonster 2.16.0 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "optinmonster 2.12.2 Subscriber+.Arbitrary.Post.Content.Disclosure MEDIUM" "optinmonster 2.6.5 Unprotected.REST-API.Endpoints HIGH" "optinmonster 2.6.1 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "optinmonster 1.1.4.6 Execution.of.Arbitrary.Shortcodes MEDIUM" "overlay-image-divi-module 1.5 Reflected.Cross-Site.Scripting MEDIUM" "overlay-image-divi-module 1.3.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "omnisend-connect 1.14.4 Cross-Site.Request.Forgery MEDIUM" "omnisend-connect 1.13.9 Sensitive.Information.Exposure MEDIUM" "order-tracking 3.3.13 Missing.Authorization.via.send_test_email() MEDIUM" "order-tracking 3.3.7 Admin+.Stored.Cross-Site.Scripting LOW" "order-tracking 3.3.7 Reflected.Cross-Site.Scripting HIGH" "oembed-gist No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "opal-membership No.known.fix Authenticated.(Subscriber+).Information.Disclosure MEDIUM" "opal-membership No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "owm-weather 5.6.12 Post.Duplication.via.CSRF MEDIUM" "owm-weather 5.6.9 Contributor+.SQLi HIGH" "onesignal-free-web-push-notifications 1.17.8 Stored.XSS MEDIUM" "open-rdw-kenteken-voertuiginformatie 2.1.0 Reflected.XSS HIGH" "online-lesson-booking-system 0.8.7 CSRF.&.XSS HIGH" "one-click-login No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "off-canvas-sidebars 0.5.8.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "openid No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "one-click-order-reorder 1.1.10 Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "otter-blocks 2.6.10 Contributor+.Stored.XSS.via.titleTag MEDIUM" "otter-blocks 2.6.9 Contributor+.Stored.Cross-Site.Scripting.via.Block.Attributes MEDIUM" "otter-blocks 2.6.9 Author+.Stored.XSS.via.SVG.Upload MEDIUM" "otter-blocks 2.6.6 Contributor+.Stored.XSS MEDIUM" "otter-blocks 2.6.6 Contributor+.Stored.XSS MEDIUM" "otter-blocks 2.6.5 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "otter-blocks 2.2.6 Gutenberg.Blocks.<.2.2.6.-.Author+.PHAR.Deserialization MEDIUM" "oliver-pos 2.4.1.9 Cross-Site.Request.Forgery MEDIUM" "oliver-pos 2.4.2.1 Subscriber+.Unauthorized.AJAX.Calls MEDIUM" "offload-videos-bunny-netaws-s3 1.0.1 Offload.Videos.–.Bunny,net,.AWS.S3.<=.1,0,1.Subscriber+.CSRF MEDIUM" "penci-data-migrator 1.3.1 Unauthenticated.Local.File.Inclusion CRITICAL" "post-title-counter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-wholesale-pricing 1.1.10 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-wholesale-pricing 1.1.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "premmerce-woocommerce-wholesale-pricing 1.1.4 Subscriber+.Arbitrary.Option.Update CRITICAL" "photographer-directory 1.0.9 Subscriber+.Privilege.Escalation CRITICAL" "polldaddy No.known.fix Cross-Site.Request.Forgery MEDIUM" "polldaddy 3.1.0 Rating.Update.via.CSRF MEDIUM" "polldaddy 3.1.0 Reflected.Cross-Site.Scripting HIGH" "polldaddy 3.0.10 Contributor+.Rating.Settings.Update MEDIUM" "polldaddy 3.0.8 Reflected.Cross-Site.Scripting MEDIUM" "premium-addons-pro 2.9.14 Contributor+.Stored.XSS MEDIUM" "premium-addons-pro 2.9.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Custom.Mouse.Cursor.Module MEDIUM" "premium-addons-pro 2.9.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Premium.Magic.Scroll.Module MEDIUM" "premium-addons-pro 2.9.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Messenger.Chat.Widget MEDIUM" "premium-addons-pro 2.9.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multi.Scroll.Widget MEDIUM" "premium-addons-pro 2.9.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Global.Badge.Module MEDIUM" "premium-addons-pro 2.9.13 .Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.widget.link MEDIUM" "premium-addons-pro 2.8.25 Reflected.XSS HIGH" "performance-kit No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "product-gtin-ean-upc-isbn-for-woocommerce No.known.fix Contributor+.Stored.XSS MEDIUM" "pets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pets 1.4.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "poeditor 0.9.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "poeditor 0.9.5 CSRF MEDIUM" "poeditor 0.9.8 Settings.Reset.via.CSRF MEDIUM" "page-studio-lite No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "page-studio-lite No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "phonetrack-meu-site-manager No.known.fix Authenticated.Stored.XSS MEDIUM" "post-grid 2.2.90 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-grid 2.2.91 2.2.90.-.Subscriber+.Privilege.Escalation HIGH" "post-grid 2.2.88 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Accordion.Block MEDIUM" "post-grid 2.2.87 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-grid 2.2.86 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.redirectURL.Parameter.of.Date.Countdown.Widget MEDIUM" "post-grid 2.2.81 Combo.Blocks.<.2.2.81.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Block.Attribute MEDIUM" "post-grid 2.2.81 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-grid 2.2.81 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-grid 2.2.79 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "post-grid 2.2.76 Reflected.Cross-Site.Scripting MEDIUM" "post-grid 2.2.76 Unauthenticated.Password.Protected.Posts.Access MEDIUM" "post-grid 2.2.69 Information.Exposure.via.get_posts.API.Endpoint HIGH" "post-grid 2.2.65 Authenticated.(Contributor+).Cross-Site.Scripting MEDIUM" "post-grid 2.1.16 Reflected.Cross-Site.Scripting.via.keyword MEDIUM" "post-grid 2.1.16 Reflected.Cross-Site.Scripting.via.post_types MEDIUM" "post-grid 2.1.13 Contributor+.SQL.Injection MEDIUM" "post-grid 2.1.8 Reflected.Cross-Site.Scripting.(XSS) HIGH" "post-grid 2.0.73 Authenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "post-grid 2.0.73 PHP.Object.Injection HIGH" "printus-cloud-printing-for-woocommerce 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "pdfjs-viewer-shortcode 2.2 Arbitrary.JavaScript.Execution MEDIUM" "pdfjs-viewer-shortcode 2.1.8 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "pdfjs-viewer-shortcode 2.0.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "protect-uploads-with-login-page No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "protect-uploads-with-login-page No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "persian-woocommerce-sms 3.3.4 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "pz-linkcard 2.5.3 Contributor+.SSRF LOW" "pz-linkcard 2.5.3 Reflected.XSS HIGH" "pz-linkcard 2.5.3 Admin+.Stored.XSS LOW" "pz-linkcard 2.5.3 Caching.Management.via.CSRF MEDIUM" "pz-linkcard 2.4.5.3 Reflected.Cross-Site.Scripting MEDIUM" "popup-with-fancybox 3.6 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "payments-stripe-gateway No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "payments-stripe-gateway 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pz-frontend-manager 1.0.6 CSRF.change.user.profile.picture MEDIUM" "private-files No.known.fix Protection.Disabling.via.CSRF MEDIUM" "pdf-poster 2.1.22 Arbitrary.JavaScript.Execution MEDIUM" "pdf-poster 2.1.18 PDF.Embedder.Plugin.for.WordPress.<.2.1.18.-.Reflected.Cross-Site.Scripting MEDIUM" "pagebar 2.70 Arbitrary.Settings.Update.via.CSRF.to.Stored.XSS MEDIUM" "paypal-donations 1.9.9 Admin+.Stored.XSS LOW" "persian-fonts No.known.fix Admin+.Stored.XSS LOW" "photo-feed No.known.fix Reflected.XSS HIGH" "page-generator 1.7.2 Authenticated(Administrator+).SQL.Injection MEDIUM" "page-generator 1.6.5 Admin+.Stored.Cross-Site.Scripting LOW" "page-generator 1.6.6 Arbitrary.Keywords.Deletion/Duplication.via.CSRF MEDIUM" "page-generator 1.5.9 Reflected.Cross-Site.Scripting HIGH" "promotion-slider No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "private-content 8.4.4 Brute.Force.Protection.Bypass MEDIUM" "parcel-tracker-ecourier 1.0.2 Plugin's.Settings.Update.via.CSRF MEDIUM" "pj-news-ticker No.known.fix Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "promobar 1.1.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "payment-gateway-for-telcell 2.0.4 Unauthenticated.Open.Redirect MEDIUM" "premmerce 1.3.18 Reflected.Cross-Site.Scripting MEDIUM" "premmerce 1.3.17 Cross-Site.Request.Forgery MEDIUM" "premmerce 1.3.16 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "padma-advanced 0.0.17 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "postie 1.9.41 Post.Submission.Spoofing.&.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "post-slider-and-carousel 3.2.1 Reflected.Cross-Site.Scripting MEDIUM" "post-slider-and-carousel 2.1.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "portugal-ctt-tracking-woocommerce 2.2 Reflected.Cross-Site.Scripting MEDIUM" "post-block 5.3.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "partdo-core No.known.fix Reflected.Cross-Site.Scripting HIGH" "product-filter-widget-for-elementor 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "payu-india No.known.fix Reflected.Cross-Site.Scripting.via.type MEDIUM" "product-catalog-feed 2.2.0 Cross-Site.Request.Forgery MEDIUM" "product-catalog-feed 2.1.1 Reflected.XSS HIGH" "product-catalog-feed 2.1.1 Reflected.XSS HIGH" "permalink-manager-pro 2.2.15 Reflected.Cross-Site.Scripting MEDIUM" "pagemanager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pdf-viewer-by-themencode 3.2.0 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "pdf-viewer-by-themencode 2.9.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "profile-extra-fields 1.2.8 Unauthenticated.Sensitive.Data.Disclosure MEDIUM" "profile-extra-fields 1.2.4 Reflected.Cross-Site.Scripting HIGH" "profile-extra-fields 1.0.7 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "pdq-csv 2.0.0 Admin+.Stored.Cross-Site.Scripting LOW" "pretty-simple-popup-builder No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "pretty-simple-popup-builder 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "podpress 8.8.10.17 players/1pixelout/1pixelout_player.swf.playerID.Parameter.XSS MEDIUM" "pro-links-maintainer-dev No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pro-links-maintainer-dev No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pardakht-delkhah No.known.fix Form.Fields.Reset.via.CSRF MEDIUM" "pardakht-delkhah 2.9.3 Unauthenticated.Stored.XSS HIGH" "pdf-image-generator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pre-orders-for-woocommerce 1.2.14 Contributor+.Stored.XSS MEDIUM" "popup-maker-wp 1.3.7 Subscriber+.Stored.XSS HIGH" "peepso-core 6.4.6.1 Unauthenticated.Full.Path.Disclosure MEDIUM" "peepso-core 6.4.6.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.content.Parameter MEDIUM" "peepso-core 6.4.6.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "peepso-core 6.2.7.1 Unauthenticated.Sensitive.Information.Disclosure.via.Log.file MEDIUM" "peepso-core 6.3.1.2 Reflected.XSS HIGH" "peepso-core 6.3.1.2 User.Post.Creation.via.CSRF MEDIUM" "peepso-core 6.2.7.0 Reflected.Cross-Site.Scripting HIGH" "peepso-core 6.2.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "peepso-core 6.2.0.0 Cross-Site.Request.Forgery.via.delete MEDIUM" "peepso-core 6.0.3.0 Multiple.CSRF MEDIUM" "peepso-core 1.6.1 Authenticated.Privilege.Escalation HIGH" "post-list-designer 3.3.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "post-list-designer 3.3.1 Reflected.Cross-Site.Scripting MEDIUM" "post-list-designer 3.2 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "post-list-designer 2.1.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "posttabs No.known.fix Arbitrary.Settings.Update.via.CSRF.to.Stored.XSS MEDIUM" "perfmatters 2.1.7 Reflected.Cross-Site.Scripting MEDIUM" "perfmatters 2.1.7 Cross-Site.Request.Forgery MEDIUM" "perfmatters 2.2.0 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "perfmatters 2.1.7 Missing.Authorization MEDIUM" "product-delivery-date 1.1.5 Reflected.Cross-Site.Scripting MEDIUM" "posts-reminder No.known.fix Settings.Update.via.CSRF MEDIUM" "preloader-for-website 1.3 Missing.Authorization.via.plwao_register_settings() MEDIUM" "post-plugin-library No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "paytm-donation 2.2.1 Reflected.XSS HIGH" "payflex-payment-gateway No.known.fix Open.Redirect MEDIUM" "payflex-payment-gateway 2.6.0 Missing.Authorization.to.Order.Status.Update MEDIUM" "promolayer-popup-builder 1.1.1 Missing.Authorization MEDIUM" "payhere-payment-gateway 2.2.12 Unauthenticated.Log.Data.Disclosure MEDIUM" "pagemash No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pdf-viewer 1.0.0 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "platinum-seo-pack No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "pretty-grid 1.0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "product-filter-for-woocommerce-product No.known.fix Unauthenticated.SQLi HIGH" "patron-button-and-widgets-by-codebard No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "patron-button-and-widgets-by-codebard 2.2.0 Cross-Site.Request.Forgery MEDIUM" "patron-button-and-widgets-by-codebard 2.2.0 Reflected.XSS MEDIUM" "patron-button-and-widgets-by-codebard 2.1.9 Reflected.XSS HIGH" "photo-video-gallery-master No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "post-connector 1.0.10 Admin+.Stored.Cross-Site.Scripting MEDIUM" "post-connector 1.0.4 XSS MEDIUM" "php-execution-plugin No.known.fix Settings.Update.via.CSRF HIGH" "popup-contact-form No.known.fix Admin+.Stored.XSS LOW" "popup-contact-form No.known.fix Admin+.Stored.XSS LOW" "premmerce-woocommerce-toolkit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-toolkit No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pmpro-payfast 1.4.2 Unauthenticated.Information.Exposure MEDIUM" "popups 1.8 Reflected.Cross-Site.Scripting MEDIUM" "popups No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "project-panorama-lite 1.5.1 WordPress.Project.Management.<.1.5.1.-.Admin+.Stored.XSS LOW" "prime-affiliate-links No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "prismatic 2.8 Contributor+.Stored.XSS MEDIUM" "prismatic 2.8 Reflected.Cross-Site.Scripting.(XSS) HIGH" "pixelyoursite 9.7.2 Unauthenticated.Information.Exposure.and.Log.Deletion MEDIUM" "pixelyoursite 9.6.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "pixelyoursite 9.3.7 Admin+.Stored.Cross-Site.Scripting LOW" "pixelyoursite 5.3.0 XSS MEDIUM" "portfolio-elementor 3.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "portfolio-elementor 2.3.1 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "portfolio-elementor 2.1.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pretty-google-calendar 2.0.0 Contributor+.Stored.XSS MEDIUM" "pretty-google-calendar 1.6.0 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.pretty_google_calendar.shortcode MEDIUM" "pie-register 3.8.3.5 Basic.<=.3.8.3.4.-.Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Plugin.Installation.and.Activation/Deactivation HIGH" "pie-register No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "pie-register 3.8.2.3 Open.Redirect MEDIUM" "pie-register 3.8.1.3 Unauthenticated.Arbitrary.User.Deletion HIGH" "pie-register 3.7.2.4 Open.Redirect MEDIUM" "pie-register 3.1.7.6 Unauthenticated.Arbitrary.Login CRITICAL" "pie-register 3.7.1.6 Unauthenticated.SQL.Injection HIGH" "pie-register 3.7.0.1 Reflected.Cross-Site.Scripting.(XSS) HIGH" "pie-register 3.1.2 SQL.Injection CRITICAL" "pie-register 3.0.18 Unauthenticated.Cross-Site.Scripting.(XSS) CRITICAL" "payment-forms-for-paystack No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "plugin-logic 1.0.8 Admin+.SQLi MEDIUM" "pepro-cf7-database 1.9.0 Cross-Site.Request.Forgery MEDIUM" "pepro-cf7-database 1.8.0 Unauthenticated.Stored.XSS HIGH" "photoshow 1.0.19 Update/Delete.Google.API.Key.via.CSRF MEDIUM" "pretty-link 3.6.3 Reflected.Cross-Site.Scripting.via.post_status HIGH" "pretty-link 3.6.4 Plugin.Settings.Update.via.CSRF MEDIUM" "pretty-link 3.4.1 Link.Visit.Stats.Clear.via.CSRF MEDIUM" "pretty-link 2.1.10 Stored.XSS.and.CSV.Injection HIGH" "pretty-link 1.6.8 Authenticated.SQL.Injection MEDIUM" "page-loading-effects 3.0.0 Admin+.Stored.XSS LOW" "phppoet-checkout-fields 3.5.13 Unauthenticated.Arbitrary.File.Upload CRITICAL" "postcode-redirect 5.0.0 Reflected.Cross-Site.Scripting MEDIUM" "postcode-redirect 4.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "process-steps-template-designer 1.3 CSRF.to.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "pods 3.2.1.1 Contributor+.Stored.Cross-Site.Scripting.via.Pod.Form.Redirect.URL MEDIUM" "pods 3.1 Contributor+.Pods/Users.Creation MEDIUM" "pods 3.1 Contributor+.SQLi MEDIUM" "pods 3.1 Contributor+.Remote.Code.Execution HIGH" "pods 2.8.0 Reflected.Cross-Site.Scripting MEDIUM" "pods 2.9.11 Pods.Deletion.via.CSRF MEDIUM" "pods 2.7.29 Multiple.Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "pods 2.7.27 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "pods 2.7.27 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "phpinfo-wp 6.0 Unauthenticated.Information.Exposure MEDIUM" "plainview-activity-monitor 20180826 Remote.Command.Execution.(RCE) HIGH" "popup-manager No.known.fix Unauthenticated.Stored.XSS HIGH" "popup-manager No.known.fix Unauthenticated.Arbitrary.Popup.Deletion MEDIUM" "post-highlights 2.6.1 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "premmerce-woocommerce-multi-currency 2.3.5 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-multi-currency 2.3.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "packlink-pro-shipping 3.4.7 Missing.Authorization MEDIUM" "product-code-for-woocommerce 1.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pdf-light-viewer 1.4.12 Authenticated.Command.Injection LOW" "premium-blocks-for-gutenberg 2.1.34 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "premium-blocks-for-gutenberg 2.1.28 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "porto-functionality 3.1.1 Functionality.<.3.1.1.-.Authenticated.(Contributor+).Local.File.Inclusion.via.Shortcode HIGH" "porto-functionality 3.1.0 Functionality.<.3.1.0.-.Authenticated.(Contributor+).Local.File.Inclusion.via.Post.Meta HIGH" "porto-functionality No.known.fix Functionality.<.2.12.1.-.Unauthenticated.SQL.Injection CRITICAL" "porto-functionality No.known.fix Functionality.<.2.12.1.-.Missing.Authorization MEDIUM" "prettyphoto No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.url.Parameter MEDIUM" "paid-memberships-pro 3.0.6 Authenticated.(Administrator+).SQL.Injection CRITICAL" "paid-memberships-pro 3.0.5 Unauthenticated.Insecure.Direct.Object.Reference.to.Order.Status.Update MEDIUM" "paid-memberships-pro 3.0 Cross-Site.Request.Forgery.to.Membership.Modification MEDIUM" "paid-memberships-pro 3.0.2 Cross-Site.Request.Forgery MEDIUM" "paid-memberships-pro 3.0 Cross-Site.Request.Forgery MEDIUM" "paid-memberships-pro 2.12.9 Contributor+.Arbitrary.User.Custom.Field.Disclosure MEDIUM" "paid-memberships-pro 2.12.8 Cross-Site.Request.Forgery MEDIUM" "paid-memberships-pro 2.12.7 Information.Exposure.in.Debug.Logs MEDIUM" "paid-memberships-pro 2.12.6 Missing.Authorization.via.API MEDIUM" "paid-memberships-pro 2.12.4 Subscriber+.Arbitrary.File.Upload HIGH" "paid-memberships-pro 2.9.12 Subscriber+.SQL.Injection HIGH" "paid-memberships-pro 2.9.9 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "paid-memberships-pro 2.9.8 Unauthenticated.SQLi HIGH" "paid-memberships-pro 2.6.7 Unauthenticated.Blind.SQL.Injection CRITICAL" "paid-memberships-pro 2.6.6 Reflected.Cross-Site.Scripting HIGH" "paid-memberships-pro 2.5.10 Cross-Site.Scripting.(XSS) MEDIUM" "paid-memberships-pro 2.5.6 Authenticated.SQL.Injection MEDIUM" "paid-memberships-pro 2.5.3 Unauthorised.Order.Information.Disclosure MEDIUM" "paid-memberships-pro 2.5.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "paid-memberships-pro 2.4.3 Arbitrary.Settings.Update.via.CSRF MEDIUM" "paid-memberships-pro 2.4.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "paid-memberships-pro 2.3.3 Authenticated.SQL.Injection MEDIUM" "paid-memberships-pro 2.0.6 Authenticated.Open.Redirect MEDIUM" "php-to-page No.known.fix Authenticated.(Subscriber+).Local.File.Inclusion.to.Remote.Code.Execution.via.Shortcode CRITICAL" "php-compatibility-checker 1.6.0 Cross-Site.Request.Forgery MEDIUM" "producer-retailer No.known.fix Subscriber+.Privilege.Escalation CRITICAL" "product-page-shipping-calculator-for-woocommerce 1.3.26 Admin+.Stored.XSS LOW" "product-page-shipping-calculator-for-woocommerce 1.3.21 Admin+.Stored.XSS LOW" "pagepost-content-shortcode No.known.fix Contributor+.Arbitrary.Posts/Pages.Access MEDIUM" "page-list 5.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "page-list 5.3 Contributor+.Stored.XSS MEDIUM" "peters-login-redirect 3.0.0.5 Reflected.Cross-Site.Scripting HIGH" "peters-login-redirect 2.9.2 Multiple.CSRF HIGH" "peters-login-redirect 2.9.1 Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "post-type-archive-mapping No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-type-archive-mapping 5.3.0 Missing.Authorization.via.REST.Routes MEDIUM" "popupally 2.1.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "popupally No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "popupally 2.1.1 Cross-Site.Request.Forgery.via.optin_submit_callback MEDIUM" "publish-confirm-message 2.0 Settings.Update.via.CSRF MEDIUM" "petfinder-listings 1.1 Admin+.Stored.Cross-Site.Scripting LOW" "popup4phone No.known.fix Editor+.Stored.XSS LOW" "popup4phone No.known.fix Unauthenticated.Stored.XSS HIGH" "portable-phpmyadmin No.known.fix /pma/phpinfo.php.Direct.Request.System.Information.Disclosure CRITICAL" "portable-phpmyadmin No.known.fix Multiple.Script.Direct.Request.Authentication.Bypass CRITICAL" "profile-builder 3.11.9 Unauthenticated.Privilege.Escalation CRITICAL" "profile-builder 3.12.2 Admin+.Stored.Cross.Site.Scripting LOW" "profile-builder 3.11.8 Unauthenticated.Media.Upload MEDIUM" "profile-builder 3.11.3 Restricted.Email.Bypass MEDIUM" "profile-builder 3.10.9 Missing.Authorization.to.Plugin.Settings.Change.via.wppb_two_factor_authentication_settings_update HIGH" "profile-builder 3.10.8 Contributor+.User.Metadata.Disclosure MEDIUM" "profile-builder 3.10.4 Plugins.Activation/Deactivation.CSRF MEDIUM" "profile-builder 3.9.8 Unauthenticated.Plugin's.Pages.Creation MEDIUM" "profile-builder 3.9.1 Unauthorised.Password.Reset HIGH" "profile-builder 3.9.1 Subscriber+.Arbitrary.User.Meta.Disclosure MEDIUM" "profile-builder 3.6.1 Settings.Import.via.CSRF LOW" "profile-builder 3.6.8 Admin+.Stored.Cross-Site.Scripting LOW" "profile-builder 3.6.2 Reflected.Cross-Site.Scripting MEDIUM" "profile-builder 3.5.1 Reflected.Cross-Site.Scripting MEDIUM" "profile-builder 3.4.9 Admin.Access.via.Password.Reset CRITICAL" "profile-builder 3.4.8 Authenticated.Stored.XSS MEDIUM" "profile-builder 3.3.3 Authenticated.Blind.SQL.Injection MEDIUM" "profile-builder 3.1.1 User.Registration.With.Administrator.Role CRITICAL" "profile-builder 2.5.8 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "profile-builder 2.4.2 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "profile-builder 2.4.1 Privilege.Escalation HIGH" "profile-builder 2.2.5 XSS MEDIUM" "profile-builder 2.1.4 Missing.Access.Controls HIGH" "profile-builder 2.0.3 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "profile-builder 1.1.60 Password.Recovery.Bypass MEDIUM" "profile-builder 1.1.66 Multiple.XSS MEDIUM" "post-to-google-my-business 3.1.14 Reflected.Cross-Site.Scripting MEDIUM" "post-to-google-my-business 3.0.10 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "photoswipe-masonry 1.2.15 Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "parcelpanel 4.3.3 Reflected.Cross-Site.Scripting MEDIUM" "parcelpanel 3.9.0 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "portfolio-wp 2.1.0 Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "post-type-modifier-simple 1.04 Reflected.Cross-Site.Scripting MEDIUM" "performance-lab 2.3.0 CSRF MEDIUM" "parallax-slider-block 1.2.6 Author+.Stored.XSS MEDIUM" "private-only No.known.fix CSRF.&.XSS HIGH" "page-builder-sandwich No.known.fix Missing.Authorization MEDIUM" "page-builder-sandwich No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "page-builder-sandwich No.known.fix Missing.Authorization.to.Authenticated(Subscriber+).Arbitrary.Post.Editing MEDIUM" "page-builder-sandwich No.known.fix Sensitive.Information.Exposure MEDIUM" "page-builder-sandwich No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "page-builder-sandwich 4.5.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "polo-video-gallery No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "plugin-notes-plus 1.2.8 Authenticated.(Subscriber+).Arbitrary.Note.Deletion MEDIUM" "plugin-notes-plus 1.2.7 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "pwa-for-wp 1.7.73 Missing.Authorization MEDIUM" "pwa-for-wp 1.7.72 PWA.For.WP.&.AMP.<.1,7,72.Administrator+.Stored.XSS LOW" "pwa-for-wp 1.7.33 Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "pwa-for-wp 1.7.33 Authenticated.(Subscriber+).Settings.Change MEDIUM" "pie-register-social-site 1.7.8 Social.Sites.Login.(Add.on).<.1.7.8.-.Unauthenticated.Privilege.Escalation CRITICAL" "phoenix-media-rename 3.4.4 Author.Arbitrary.Media.File.Renaming MEDIUM" "product-slider-for-woocommerce-lite No.known.fix Contributor+.Stored.XSS MEDIUM" "product-slider-for-woocommerce-lite 1.1.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "posts-table-filterable 1.0.1 Reflected.Cross-Site.Scripting MEDIUM" "popup-zyrex 1.1 Admin+.Arbitrary.File.Upload MEDIUM" "premium-seo-pack No.known.fix Unauthenticated.Information.Exposure MEDIUM" "post-layouts No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-and-page-builder 1.26.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.File.Upload MEDIUM" "post-and-page-builder 1.26.5 Authenticated.(Contributer+).Stored.Cross-Site.Scripting MEDIUM" "post-and-page-builder 1.26.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-and-page-builder 1.24.2 Editor.Settings.Update.via.CSRF MEDIUM" "pixfields 0.7.1 Arbitrary.Settings.Update.via.CSRF MEDIUM" "pixfields No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "product-specifications 0.7.0 Reflected.Cross-Site.Scripting HIGH" "pi-woocommerce-order-date-time-and-type 3.0.20 Admin+.Stored.XSS LOW" "prevent-file-access 2.5.2 Admin+.Arbitrary.File.Upload MEDIUM" "post-carousel-divi 1.2 Reflected.Cross-Site.Scripting MEDIUM" "post-carousel-divi 1.1.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pagination 1.2.3 Admin+.Stored.XSS LOW" "pagination 1.0.7 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "pdf-viewer-block 1.0.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "parsi-font 4.3 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "pb-oembed-html5-audio-with-cache-support No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "product-loops 1.7.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "page-visit-counter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "page-visit-counter No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "product-delivery-date-for-woocommerce-lite 2.7.4 Reflected.Cross-Site.Scripting MEDIUM" "product-delivery-date-for-woocommerce-lite 2.7.3 Missing.Authorization MEDIUM" "product-delivery-date-for-woocommerce-lite 2.7.1 Missing.Authorization MEDIUM" "private-google-calendars 20240106 Contributor+.Stored.XSS MEDIUM" "proofreading 1.1 Reflected.XSS HIGH" "popup-more 2.3.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "popup-more 2.2.5 Admin+.Directory.Traversal.to.Limited.Local.File.Inclusion MEDIUM" "pardot 2.1.1 Missing.Authorization MEDIUM" "pc-robotstxt 1.10 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "prime-mover 1.9.3 Directory.Listing.to.Sensitive.Data.Exposure HIGH" "prime-mover 1.8.8 Reflected.Cross-Site.Scripting MEDIUM" "prime-mover 1.5.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "post-expirator 2.6.0 Contributor+.Arbitrary.Post.Schedule.Deletion HIGH" "powerpack-elements 2.10.15 Contributor+.Privilege.Escalation HIGH" "powerpack-elements 2.10.18 Authenticated.(Contributor+).Privilege.Escalation HIGH" "powerpack-elements 2.10.8 Missing.Authorization.to.Settings.Reset HIGH" "powerpack-elements 2.10.8 Cross-Site.Request.Forgery.to.Plugin.Settings.Modification.and.Cross-Site.Scripting MEDIUM" "powerpack-elements 2.9.24 Reflected.Cross-Site.Scripting MEDIUM" "pagelayer 1.9.0 Admin+.Stored.XSS LOW" "pagelayer 1.8.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "pagelayer 1.8.8 Admin+.Stored.XSS LOW" "pagelayer 1.8.2 Missing.Authorization MEDIUM" "pagelayer 1.8.5 Contributor+.Stored.XSS MEDIUM" "pagelayer 1.8.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Custom.Attributes MEDIUM" "pagelayer 1.8.3 Contributor+.Stored.XSS MEDIUM" "pagelayer 1.8.0 Author+.Stored.XSS LOW" "pagelayer 1.7.9 Contributor+.Stored.XSS MEDIUM" "pagelayer 1.8.1 Admin+.Stored.XSS LOW" "pagelayer 1.7.8 Author+.Stored.XSS MEDIUM" "pagelayer 1.7.7 Unauthenticated.Stored.XSS HIGH" "pagelayer 1.7.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pagelayer 1.3.5 Multiple.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "pagelayer 1.1.2 Drag.and.Drop.website.builder.<.1.1.2.-.Unprotected.AJAX's.leading.to.XSS HIGH" "pagelayer 1.1.2 Drag.and.Drop.website.builder.<.1.1.2.-.CSRF.leading.to.XSS HIGH" "paytr-taksit-tablosu-woocommerce No.known.fix CSRF MEDIUM" "paytr-taksit-tablosu-woocommerce 1.3.2 Unauthenticated.Settings.Update MEDIUM" "piotnet-addons-for-elementor-pro No.known.fix Cross-Site.Request.Forgery MEDIUM" "piotnet-addons-for-elementor-pro No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "piotnet-addons-for-elementor-pro No.known.fix Missing.Authorization.to.Arbitrary.Post/Page.Deletion MEDIUM" "piotnet-addons-for-elementor-pro No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "piotnet-addons-for-elementor-pro No.known.fix Unauthenticated.Server-Side.Request.Forgery HIGH" "player No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "player No.known.fix Reflected.XSS HIGH" "pricing-table No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "portfolio-gallery 2.1.11 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "pearl-header-builder 1.3.8 Missing.Authorization.to.Unauthenticated.Arbitrary.Site.Options.Deletion MEDIUM" "pearl-header-builder 1.3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "pearl-header-builder 1.3.5 CSRF MEDIUM" "payplus-payment-gateway 7.0.8 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "payplus-payment-gateway 6.6.9 Reflected.Cross-Site.Scripting MEDIUM" "payplus-payment-gateway 6.6.9 Unauthenticated.SQLi HIGH" "pandavideo 1.4.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "pandavideo 1.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "print-o-matic No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "print-o-matic No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "print-o-matic 2.1.8 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "print-o-matic 2.0.3 Admin+.Stored.Cross-Site.Scripting LOW" "pirate-forms 2.5.2 HTML.Injection.&.CSRF MEDIUM" "package-quantity-xforwc 1.2.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "piotnet-addons-for-elementor 2.4.31 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "piotnet-addons-for-elementor 2.4.30 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "piotnet-addons-for-elementor 2.4.29 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widget.Attributes HIGH" "piotnet-addons-for-elementor 2.4.28 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "piotnet-addons-for-elementor 2.4.27 Contributor+.Stored.XSS MEDIUM" "piotnet-addons-for-elementor 2.4.26 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "peters-custom-anti-spam-image 3.2.3 Reflected.XSS HIGH" "posts-in-page 1.3.0 Directory.Traversal HIGH" "preferred-languages 2.3.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-variation-swatches 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-variation-swatches 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "premmerce-woocommerce-variation-swatches 1.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "perfect-woocommerce-brands 2.0.5 Subscriber+.Arbitrary.Brand.Creation MEDIUM" "perfect-woocommerce-brands 2.0.5 Subscriber+.Sensitive.Information.Disclosure MEDIUM" "product-table No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "product-table No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "product-lister-walmart No.known.fix Unauthenticated.RCE.via.Outdated.PHPUnit CRITICAL" "permalink-manager 2.4.4.1 Missing.Authorization.to.Unauthenticated.Sensitive.Information.Exposure MEDIUM" "permalink-manager 2.4.3.4 Reflected.Cross-Site.Scripting MEDIUM" "permalink-manager 2.4.3.2 Reflected.Cross-Site.Scripting MEDIUM" "permalink-manager 2.4.3.2 Missing.Authorization.via.get_uri_editor MEDIUM" "permalink-manager 2.4.3.2 Missing.Authorization.to.Authenticated(Author+).arbitrary.post.slug.modification MEDIUM" "permalink-manager 2.4.3.1 Reflected.Cross-Site.Scripting MEDIUM" "permalink-manager 2.3.0 Authenticated.Stored.XSS MEDIUM" "permalink-manager 2.2.20.2 Settings.Update.via.CSRF MEDIUM" "permalink-manager 2.2.20.1 Unauthenticated.URI.Deletion MEDIUM" "permalink-manager 2.2.15 Reflected.Cross-Site.Scripting MEDIUM" "permalink-manager 2.2.13.1 Admin+.SQL.Injection MEDIUM" "participants-database 2.5.9.3 Unauthenticated.PHP.Object.Injection HIGH" "participants-database 2.5.6 Missing.Authorization MEDIUM" "participants-database 1.9.5.6 Authenticated.Time.Based.SQL.Injection HIGH" "participants-database 1.7.5.10 Cross-Site.Scripting MEDIUM" "participants-database 1.5.4.9 Unauthenticated.SQL.Injection CRITICAL" "powerpress 11.9.19 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.skipto.Shortcode MEDIUM" "powerpress 11.9.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.media_url.Parameter MEDIUM" "powerpress 11.9.6 Injected.Backdoor CRITICAL" "powerpress 11.0.12 Contributor+.Stored.XSS HIGH" "powerpress 11.0.7 Contributor+.SSRF MEDIUM" "powerpress 10.0.2 Contributor+.Stored.XSS MEDIUM" "powerpress 10.0.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "powerpress 8.3.8 Authenticated.Arbitrary.File.Upload.leading.to.RCE CRITICAL" "powerpress 6.0.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "powerpress 6.0.1 Cross-Site.Scripting.(XSS) CRITICAL" "password-protected-woo-store 2.3 Unauthenticated.Arbitrary.Post.Tile.&.Content.Access MEDIUM" "push-notifications-for-wp 6.0.1 Settings.Update.via.CSRF MEDIUM" "prenotazioni No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "png-to-jpg 4.1 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "pay-addons-for-elementor 1.2.1 Reflected.Cross-Site.Scripting MEDIUM" "product-carousel-slider-for-woocommerce No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "post-index No.known.fix CSRF.to.Stored.XSS HIGH" "pet-manager No.known.fix Reflected.XSS HIGH" "pet-manager No.known.fix Contributor+.Stored.XSS MEDIUM" "postaffiliatepro 1.26.10 Admin+.Stored.XSS LOW" "print-page 1.0.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "popup-modal-for-youtube No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "pdf-builder-for-wpforms 1.2.117 Unauthenticated.Full.Path.Disclosure MEDIUM" "pdf-builder-for-wpforms 1.2.89 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "photoxhibit No.known.fix Reflected.XSS.Issues MEDIUM" "password-protect-page 1.9.0 .Protection.Mechanism.Bypass MEDIUM" "password-protect-page 1.8.6 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "popup-box 2.2.7 Popup.Deletion.via.CSRF MEDIUM" "popup-box 2.2.2 Reflected.XSS MEDIUM" "popup-box 2.2 Admin+.LFI MEDIUM" "premium-addons-for-elementor 4.10.53 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Media.Grid.Widget MEDIUM" "premium-addons-for-elementor 4.10.39 Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.Content.Deletion.and.Arbitrary.Title.Update MEDIUM" "premium-addons-for-elementor 4.10.37 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.Animated.Text.Widget MEDIUM" "premium-addons-for-elementor 4.10.35 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.10.36 Regular.Expressions.Denial.of.Service LOW" "premium-addons-for-elementor 4.10.36 Contributor+.Stored.Cross-Site.Scripting.via.Countdown.Widget MEDIUM" "premium-addons-for-elementor 4.10.34 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.10.32 Missing.Authorization.to.Information.Disclosure MEDIUM" "premium-addons-for-elementor 4.10.32 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Fancy.Text.Widget MEDIUM" "premium-addons-for-elementor 4.10.32 Missing.Authorization.to.Information.Disclosure MEDIUM" "premium-addons-for-elementor 4.10.32 Contributor+.DOM-Based.Stored.Cross-Site.Scripting.via.Global.Tooltip MEDIUM" "premium-addons-for-elementor 4.10.32 Contributor+.Stored.XSS MEDIUM" "premium-addons-for-elementor 4.10.31 Contributor+.Stored.XSS MEDIUM" "premium-addons-for-elementor 4.10.29 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.10.29 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.10.26 Contributor+.Stored.XSS MEDIUM" "premium-addons-for-elementor 4.10.25 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.10.17 Contributor+.Stored.Cross-Site.Scripting.via.Wrapper.Link.Widget MEDIUM" "premium-addons-for-elementor 4.10.28 Contributor+.Stored.Cross-Site.Scripting.via.Button MEDIUM" "premium-addons-for-elementor 4.10.25 Contributor+.DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.10.23 Authenticated.(Contributor+).Sensitive.Information.Exposure MEDIUM" "premium-addons-for-elementor 4.10.24 Contributor+.Stored.XSS MEDIUM" "premium-addons-for-elementor 4.10.22 Contributor+.Stored.XSS MEDIUM" "premium-addons-for-elementor 4.10.19 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.10.19 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.10.17 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.5.2 Subscriber+.Arbitrary.Blog.Option.Update HIGH" "premium-addons-for-elementor 4.2.8 Contributor+.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "print-my-blog 3.27.1 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "print-my-blog 3.26.3 Missing.Authorization MEDIUM" "print-my-blog 3.25.2 Reflected.Cross-Site.Scripting MEDIUM" "print-my-blog 3.11.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "print-my-blog 3.4.2 Plugin.Deactivation.via.CSRF MEDIUM" "print-my-blog 1.6.6 Unauthenticated.Server.Side.Request.Forgery.(SSRF) CRITICAL" "post-grid-carousel-ultimate 1.6.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-grid-carousel-ultimate 1.6.8 Authenticated.(Contributor+).PHP.Object.Injection.in.outpost_shortcode_metabox_markup HIGH" "post-grid-carousel-ultimate 1.5.0 Admin+.Stored.XSS LOW" "popup-maker 1.20.0 Missing.Authorization MEDIUM" "popup-maker 1.19.1 Admin+.Stored.XSS LOW" "popup-maker 1.19.1 Contributor+.Stored.XSS MEDIUM" "popup-maker 1.18.3 Contributor+.Stored.XSS MEDIUM" "popup-maker 1.16.11 Contributor+.Stored.Cross.Site.Scripting MEDIUM" "popup-maker 1.16.9 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "popup-maker 1.16.9 Contributor+.Stored.XSS.via.Subscription.Form MEDIUM" "popup-maker 1.16.5 Admin+.Stored.Cross-Site.Scripting LOW" "popup-maker 1.8.13 Multiple.Vulnerabilities CRITICAL" "popup-maker 1.8.3 Subscriber+.Arbitrary.Option.Update CRITICAL" "popup-maker 1.6.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "pb-seo-friendly-images No.known.fix Admin+.Stored.XSS LOW" "page-scroll-to-id 1.7.9 Contributor+.Stored.XSS MEDIUM" "page-scroll-to-id 1.7.6 Contributor+.Stored.XSS MEDIUM" "pdf24-post-to-pdf No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "protected-posts-logout-button 1.4.6 Admin+.Stored.XSS LOW" "protected-posts-logout-button 1.4.5 Settings.Update.via.CSRF MEDIUM" "protected-posts-logout-button 1.4.6 Missing.Authorization MEDIUM" "post-pay-counter 2.790 Reflected.XSS HIGH" "post-pay-counter 2.731 PHP.Obj.Injection.&.Access.Control.Issues CRITICAL" "payment-gateway-groups-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "payment-gateway-groups-for-woocommerce 1.1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "post-grid-elementor-addon 2.0.17 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.title_tag MEDIUM" "phraseanet-client No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "progress-bar 2.2.2 Contributor+.Stored.XSS MEDIUM" "page-layout-builder No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "product-shipping-countdown-free-version No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "product-shipping-countdown-free-version No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "plugins-on-steroids 4.1.3 Missing.Authorization.via.update_options MEDIUM" "product-image-watermark-for-woo 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pixelyoursite-pro 10.4.3 Unauthenticated.Information.Exposure.and.Log.Deletion MEDIUM" "pixelyoursite-pro 9.6.2 Admin+.Stored.Cross-Site.Scripting LOW" "pagerank-tools No.known.fix Reflected.XSS HIGH" "photo-gallery 1.8.28 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "photo-gallery 1.8.28 Admin+.Stored.XSS LOW" "photo-gallery 1.8.29 Admin+.Stored.XSS LOW" "photo-gallery 1.8.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Zipped.SVG MEDIUM" "photo-gallery 1.8.24 Authenticated.(Contributor+).Path.Traversal.via.esc_dir.Function MEDIUM" "photo-gallery 1.8.26 Subscriber+.Notice.Dismiss MEDIUM" "photo-gallery 1.8.21 Missing.Authorization MEDIUM" "photo-gallery 1.8.22 Admin+.Stored.XSS.via.SVG LOW" "photo-gallery 1.8.22 Multiple.Reflected.XSS HIGH" "photo-gallery 1.8.20 Mobile-Friendly.Image.Gallery.<.1.8.20.-.Directory.Traversal.to.Arbitrary.File.Rename CRITICAL" "photo-gallery 1.8.19 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Widget MEDIUM" "photo-gallery 1.8.15 Admin+.Path.Traversal MEDIUM" "photo-gallery 1.8.3 Stored.XSS.via.CSRF MEDIUM" "photo-gallery 1.7.1 Reflected.Cross-Site.Scripting MEDIUM" "photo-gallery 1.6.4 Admin+.Stored.Cross-Site.Scripting LOW" "photo-gallery 1.6.3 Reflected.Cross-Site.Scripting MEDIUM" "photo-gallery 1.6.3 Unauthenticated.SQL.Injection HIGH" "photo-gallery 1.6.0 Unauthenticated.SQL.Injection HIGH" "photo-gallery 1.5.79 Stored.XSS.via.Uploaded.SVG.in.Zip MEDIUM" "photo-gallery 1.5.75 File.Upload.Path.Traversal LOW" "photo-gallery 1.5.75 Stored.Cross-Site.Scripting.via.Uploaded.SVG MEDIUM" "photo-gallery 1.5.67 Authenticated.Stored.Cross-Site.Scripting.via.Gallery.Title MEDIUM" "photo-gallery 1.5.69 Multiple.Reflected.Cross-Site.Scripting.(XSS) HIGH" "photo-gallery 1.5.69 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "photo-gallery 1.5.68 Reflected.Cross-Site.Scripting.(XSS) HIGH" "photo-gallery 1.5.55 Unauthenticated.SQL.Injection CRITICAL" "photo-gallery 1.5.46 Multiple.Cross-Site.Scripting.(XSS).Issues MEDIUM" "photo-gallery 1.5.35 SQL.Injection.&.XSS CRITICAL" "photo-gallery 1.5.31 SQL.Injection CRITICAL" "photo-gallery 1.5.25 Authenticated.LFI MEDIUM" "photo-gallery 1.5.23 Authenticated.XSS MEDIUM" "photo-gallery 1.3.67 Cross-Site.Scripting.(XSS) HIGH" "photo-gallery 1.3.51 Authenticated.SQL.Injection MEDIUM" "photo-gallery 1.3.43 Authenticated.Path.Traversal HIGH" "photo-gallery 1.3.36 Authenticated.SQL.Injection MEDIUM" "photo-gallery 1.2.13 Cross-Site.Scripting.(XSS) HIGH" "parallax-image 1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "picture-gallery 1.5.12 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "picture-gallery 1.4.4 Authenticated.Stored.XSS LOW" "project-app No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "projecthuddle-child-site 1.0.35 Missing.Authorization.via.ph_child_ajax_notice_handler MEDIUM" "parsian-bank-gateway-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting HIGH" "popcashnet-code-integration-tool 1.1 Cross-Site.Scripting.(XSS) MEDIUM" "podcast-channels 0.28 Unauthenticated.Reflected.XSS MEDIUM" "premmerce-woocommerce-product-bundles No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-product-bundles No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "prevent-landscape-rotation 2.1 Settings.Update.via.CSRF MEDIUM" "product-blocks 3.1.5 PHP.Object.Injection.via.wopb_wishlist.and.wopb_compare CRITICAL" "product-blocks 3.0.0 Missing.Authorization.via.option_data_save MEDIUM" "patreon-connect 1.9.1 Protection.Mechanism.Bypass MEDIUM" "patreon-connect 1.8.8 Cross-Site.Request.Forgery MEDIUM" "patreon-connect 1.8.2 Admin+.Stored.Cross-Site.Scripting LOW" "patreon-connect 1.7.0 CSRF.to.Overwrite/Create.User.Meta MEDIUM" "patreon-connect 1.7.2 Reflected.XSS.on.Login.Form HIGH" "patreon-connect 1.7.0 Unauthenticated.Local.File.Disclosure HIGH" "patreon-connect 1.7.0 CSRF.to.Disconnect.Sites.From.Patreon MEDIUM" "patreon-connect 1.7.2 Reflected.XSS.on.patreon_save_attachment_patreon_level.AJAX.action HIGH" "patreon-connect 1.2.2 PHP.Object.Injection CRITICAL" "profilegrid-user-profiles-groups-and-communities 5.9.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.0 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.0 Authenticated.(Subscriber+).Authorization.Bypass.to.Privilege.Escalation HIGH" "profilegrid-user-profiles-groups-and-communities 5.8.8 Missing.Authorization MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.8.7 Missing.Authorization MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.7.2 Authenticated.(Contributor+).SQL.Injection MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.8.0 Insecure.Direct.Object.Reference MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.8.3 Bypass.Group.Members.Limit MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.8.0 Insecure.Direct.Object.Reference MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.8.4 Missing.Authorization MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.7.9 Cross-Site.Request.Forgery MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.7.7 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.7.3 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.7.9 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "profilegrid-user-profiles-groups-and-communities 5.7.9 Unauthenticated.SQL.Injection CRITICAL" "profilegrid-user-profiles-groups-and-communities 5.6.7 Missing.Authorization MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.7.2 Cross-Site.Request.Forgery MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.5.2 Subscriber+.Unauthorized.Data.Modification MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.5.2 Subscriber+.Arbitrary.Option.Update HIGH" "profilegrid-user-profiles-groups-and-communities 5.5.3 Group.Owner+.Unauthorized.Data.Modification HIGH" "profilegrid-user-profiles-groups-and-communities 5.3.1 Subscriber+.Arbitrary.Password.Reset HIGH" "profilegrid-user-profiles-groups-and-communities 5.1.8 Subscriber+.CSV.Injection MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.0.4 Subscriber+.Private.Message.Read/Edition MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.1.1 Reflected.Cross-Site.Scripting MEDIUM" "profilegrid-user-profiles-groups-and-communities 4.7.5 Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "profilegrid-user-profiles-groups-and-communities 2.8.6 Authenticated.Code.Execution HIGH" "photoblocks-grid-gallery 1.3.0 Reflected.Cross-Site.Scripting MEDIUM" "photoblocks-grid-gallery 1.2.7 Contributor+.Stored.XSS MEDIUM" "photoblocks-grid-gallery 1.2.9 Cross-Site.Request.Forgery MEDIUM" "photoblocks-grid-gallery 1.2.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "photoblocks-grid-gallery 1.2.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "photoblocks-grid-gallery 1.1.43 Authenticated.Reflected.XSS HIGH" "photoblocks-grid-gallery 1.1.41 Unauthenticated.Reflected.XSS MEDIUM" "progressive-license No.known.fix CSRF.to.Stored.XSS MEDIUM" "plausible-analytics 1.3.4 Reflected.XSS HIGH" "plausible-analytics 1.2.4 Subscriber+.Arbitrary.Settings.Update MEDIUM" "plausible-analytics 1.2.3 Admin+.Stored.Cross-Site.Scripting MEDIUM" "ps-phpcaptcha 1.2.0 PS.PHPCaptcha.<.1,2,0.-Denial.of.Service CRITICAL" "plerdy-heatmap 1.3.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "product-input-fields-for-woocommerce 1.8.0 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "product-input-fields-for-woocommerce 1.2.7 Unauthenticated.File.Download HIGH" "portfolio-responsive-gallery 1.1.8 Authenticated.Blind.SQL.Injections HIGH" "portfolio-responsive-gallery 1.1.8 Reflected.Cross-Site.Scripting.(XSS) HIGH" "podcast-subscribe-buttons 1.4.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "podcast-subscribe-buttons 1.4.2 Contributor+.Stored.XSS MEDIUM" "publish-post-email-notification 1.0.2.3 Admin+.Stored.XSS LOW" "pop-up No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "premmerce-search 2.2.4 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-search 2.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "powerpack-lite-for-elementor 2.7.21 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Link.Effects.Widget MEDIUM" "powerpack-lite-for-elementor 2.7.20 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "powerpack-lite-for-elementor 2.7.18 Contributor+.Stored.XSS MEDIUM" "powerpack-lite-for-elementor 2.7.19 Contributor+.Stored.XSS MEDIUM" "powerpack-lite-for-elementor 2.7.16 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "powerpack-lite-for-elementor 2.7.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "powerpack-lite-for-elementor 2.7.14 Settings.Reset/Update.via.CSRF MEDIUM" "powerpack-lite-for-elementor 2.6.2 Reflected.Cross-Site.Scripting HIGH" "powerpack-lite-for-elementor 2.3.2 Contributor+.Stored.XSS MEDIUM" "php-everywhere 3.0.0 Subscriber+.RCE.via.Shortcode CRITICAL" "php-everywhere 3.0.0 Contributor+.RCE.via.Gutenberg.Block CRITICAL" "php-everywhere 3.0.0 Contributor+.RCE.via.Metabox CRITICAL" "php-everywhere 2.0.3 Arbitrary.Settings.Update.via.CSRF MEDIUM" "progressive-wp No.known.fix Missing.Authorization MEDIUM" "poll-maker 5.1.9 Missing.Authorization.to.Unauthenticated.Stored.Cross-Site.Scripting HIGH" "poll-maker 5.1.9 .Missing.Authorization.to.Unauthenticated.Email.Enumeration MEDIUM" "poll-maker 4.8.1 Missing.Authorization MEDIUM" "poll-maker 4.7.2 Missing.Authorization MEDIUM" "poll-maker 4.7.1 Reflected.XSS HIGH" "poll-maker 4.0.2 Admin+.Stored.Cross-Site.Scripting LOW" "poll-maker 3.4.2 Unauthenticated.Time.Based.SQL.Injection CRITICAL" "poll-maker 3.2.9 Reflected.Cross-Site.Scripting HIGH" "poll-maker 3.2.1 Authenticated.Blind.SQL.Injections HIGH" "press-elements No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "press-elements No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "press-elements No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "pocket-widget No.known.fix Admin+.Stored.XSS LOW" "post-grid-for-elementor 1.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "protected-page No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "protected-page No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "powerpack-addon-for-beaver-builder 1.3.0.5 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "powerpack-addon-for-beaver-builder 1.3.0.4 Authenticated.(Editor+).Local.File.Inclusion HIGH" "powerpack-addon-for-beaver-builder 1.3.0.1 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.element.link MEDIUM" "powerpack-addon-for-beaver-builder 1.2.9.1 Reflected.Cross-Site.Scripting MEDIUM" "powerpack-addon-for-beaver-builder 1.2.9.3 Reflected.Cross-Site.Scripting MEDIUM" "postman-smtp No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "pricing-deals-for-woocommerce No.known.fix Missing.Authorization.via.vtprd_ajax_clone_rule MEDIUM" "pricing-deals-for-woocommerce 2.0.3 Unauthenticated.SQLi HIGH" "product-configurator-for-woocommerce 1.2.32 Unauthenticated.Arbitrary.File.Deletion HIGH" "pressforward 5.2.4 Reflected.Cross-Site.Scripting.(XSS) HIGH" "poptin 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "podcast-box No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "podcast-box 1.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "puredevs-customer-history-for-woocommerce 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "puredevs-customer-history-for-woocommerce 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "posts-to-page No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-views-counter 1.4.5 Cross-Site.Request.Forgery.via.save_bulk_post_views() MEDIUM" "post-views-counter 1.3.5 Authenticated.Stored.XSS LOW" "profile-builder-pro 3.10.1 Authenticated.(Subscriber+).Time-Based.One-Time.Password.Sensitive.Information.Exposure MEDIUM" "profile-builder-pro 3.10.1 Reflected.Cross-Site.Scripting MEDIUM" "profile-builder-pro 3.10.1 Cross-Site.Request.Forgery HIGH" "profile-builder-pro 3.6.2 Reflected.Cross-Site.Scripting MEDIUM" "profile-builder-pro 3.3.3 Authenticated.Blind.SQL.Injection MEDIUM" "profile-builder-pro 3.1.1 User.Registration.With.Administrator.Role CRITICAL" "push-notification-for-post-and-buddypress 1.9.4 Multiple.Unauthenticated.SQLi HIGH" "product-import-export-for-woo 2.4.2 Authenticated(Shop.Manager+).Arbitrary.File.Upload HIGH" "product-import-export-for-woo 2.3.8 Shop.Manager+.Arbitrary.File.Upload.via.upload_import_file HIGH" "photospace No.known.fix Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "photospace No.known.fix Subscriber+.Arbitrary.Settings.Update MEDIUM" "page-or-post-clone 6.1 Insecure.Direct.Object.Reference.to.Authenticated.(Author+).Sensitive.Information.Exposure MEDIUM" "portfolio 2.40 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "primary-addon-for-elementor 1.5.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "primary-addon-for-elementor 1.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Pricing.Table.Widget MEDIUM" "primary-addon-for-elementor 1.5.3 Reflected.Cross-Site.Scripting MEDIUM" "primary-addon-for-elementor 1.5.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "paritypress No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "podcast-importer-secondline 1.3.8 Admin+.SQLi MEDIUM" "podcast-importer-secondline 1.1.5 Server-Side.Request.Forgery.(SSRF) MEDIUM" "post-thumbnail-editor No.known.fix Sensitive.Information.Exposure MEDIUM" "popup-by-supsystic 1.10.28 Missing.Authorization MEDIUM" "popup-by-supsystic 1.10.20 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "popup-by-supsystic 1.10.19 Prototype.Pollution MEDIUM" "popup-by-supsystic 1.10.9 Unauthenticated.Subscriber.Email.Addresses.Disclosure HIGH" "popup-by-supsystic 1.10.5 Reflected.Cross-Site.scripting.(XSS) HIGH" "popup-by-supsystic 1.7.9 Cross-Site.Request.Forgery.(CSRF) HIGH" "persian-woocommerce 9.0.0 Missing.Authorization MEDIUM" "persian-woocommerce 5.9.8 Reflected.Cross-Site.Scripting MEDIUM" "premium-blog-addons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pixtypes No.known.fix Reflected.XSS HIGH" "pixtypes 1.4.15 Cross-Site.Request.Forgery MEDIUM" "pie-forms-for-wp 1.4.9.4 Admin+.Stored.Cross-Site.Scripting LOW" "perfect-survey 1.5.2 Unauthenticated.SQL.Injection HIGH" "perfect-survey No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "perfect-survey 1.5.2 Unauthorised.AJAX.Call.to.Stored.XSS./.Survey.Settings.Update HIGH" "perfect-survey 1.5.2 Reflected.Cross-Site.Scripting HIGH" "phastpress 1.111 Open.Redirect MEDIUM" "product-expiry-for-woocommerce 2.6 Subscriber+.Settings.Update MEDIUM" "post-duplicator 2.32 Missing.Authorization.via.mtphr_duplicate_post MEDIUM" "post-duplicator 2.27 Admin+.Stored.Cross-Site.Scripting LOW" "print-invoices-packing-slip-labels-for-woocommerce 4.4.3 Missing.Authorization.to.Unauthenticated.Settings.Reset MEDIUM" "print-invoices-packing-slip-labels-for-woocommerce 4.4.1 Reflected.Cross-Site.Scripting MEDIUM" "print-invoices-packing-slip-labels-for-woocommerce 4.4.2 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "print-invoices-packing-slip-labels-for-woocommerce 4.3.1 Subscriber+.Arbitrary.Order.Export MEDIUM" "print-invoices-packing-slip-labels-for-woocommerce 4.3.0 Shop.Manager+.Arbitrary.Options.Update HIGH" "personal-dictionary 1.3.4 Unauthenticated.SQLi HIGH" "plugnedit 6.2.0 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "pepro-ultimate-invoice 2.0.2 Missing.Authorisation MEDIUM" "pepro-ultimate-invoice 1.9.8 Unauthenticated.Arbitrary.Invoice.Access HIGH" "preloader-plus No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "preloader-plus 2.1 Reflected.Cross-Site.Scripting MEDIUM" "popup-builder No.known.fix Sensitive.Information.Exposure.via.Imported.Subscribers.CSV.File MEDIUM" "popup-builder 4.3.2 Missing.Authorization.in.Multiple.AJAX.Actions HIGH" "popup-builder 4.3.2 Missing.Authorization.and.Nonce.Exposure HIGH" "popup-builder 4.3.0 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Custom.JS MEDIUM" "popup-builder 4.2.7 Contributor.Stored.XSS MEDIUM" "popup-builder 4.2.6 Admin+.SSRF.&.File.Read MEDIUM" "popup-builder 4.2.3 Unauthenticated.Stored.XSS HIGH" "popup-builder 4.2.0 Admin+.Stored.Cross-Site.Scripting LOW" "popup-builder 4.1.12 Settings.Update.via.CSRF MEDIUM" "popup-builder 4.1.11 Admin+.Stored.Cross-Site.Scripting LOW" "popup-builder 4.1.1 Popup.Status.Change.via.CSRF MEDIUM" "popup-builder 4.1.1 SQL.Injection.to.Reflected.Cross-Site.Scripting MEDIUM" "popup-builder 4.0.7 LFI.to.RCE CRITICAL" "popup-builder 4.0.7 Admin+.SQL.Injection MEDIUM" "popup-builder 3.74 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "popup-builder 3.64.1 Multiple.Issues MEDIUM" "popup-builder 3.0 SQL.injection.via.PHP.Deserialization CRITICAL" "popup-builder 3.45 SQL.Injection CRITICAL" "plugmatter-pricing-table No.known.fix Reflected.Cross-Site.Scripting HIGH" "private-messages-for-wordpress No.known.fix Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "private-messages-for-wordpress No.known.fix Arbitrary.Message.Sent.via.CSRF MEDIUM" "push-notification-for-wp-by-pushassist No.known.fix Reflected.Cross-Site.Scripting HIGH" "post-content-xmlrpc No.known.fix Admin+.SQL.Injections HIGH" "paytium 4.4.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "paytium 4.3.7 Admin+.Stored.XSS LOW" "paytium 3.1.2 Stored.Cross-Site.Scripting.(XSS) CRITICAL" "past-events-extension No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "past-events-extension No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "past-events-extension No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "podlove-subscribe-button 1.3.11 Authenticated.(Contributor+).SQL.Injection HIGH" "podlove-subscribe-button 1.3.9 Multiple.CSRF MEDIUM" "podlove-subscribe-button 1.3.9 Admin+.Stored.XSS LOW" "post-status-notifier-lite 1.11.1 Reflected.Cross-Site.Scripting MEDIUM" "post-status-notifier-lite 1.10.1 Reflected.XSS HIGH" "passwordless-login 1.1.3 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "pdf24-posts-to-pdf No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "paytm-payments 2.7.7 Editor+.SQLi MEDIUM" "push-notification-by-feedify 2.1.9 Reflected.Cross-Site.Scripting MEDIUM" "preprocess-dezrez No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "preprocess-dezrez No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "profilepro No.known.fix Subscriber+.Stored.Cross.Site.Scripting HIGH" "polls-widget No.known.fix Admin+.Stored.XSS LOW" "polls-widget 1.5.3 Unauthenticated.Blind.SQL.Injection CRITICAL" "product-designer 1.0.34 Unauthenticated.Arbitrary.Attachment.Deletion MEDIUM" "product-designer 1.0.33 Unauthenticated.PHP.Object.Injection CRITICAL" "propovoice No.known.fix Unauthenticated.Insecure.Direct.Object.Reference MEDIUM" "propovoice No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "popularis-extra 1.2.7 Reflected.Cross-Site.Scripting MEDIUM" "peoplepond No.known.fix CSRF.to.Stored.XSS HIGH" "product-visibility-by-country-for-woocommerce No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "price-commander-xforwc 1.3.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "post-indexer 3.0.6.2 PHP.Object.Injection.via.MitM HIGH" "post-indexer 3.0.6.2 Authenticated.SQL.Injection HIGH" "presto-player 3.0.3 Missing.Authorization MEDIUM" "presto-player 2.2.3 Contributor+.Stored.XSS MEDIUM" "panda-pods-repeater-field 1.5.4 Reflected.XSS HIGH" "premmerce-woocommerce-wishlist 1.1.10 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-wishlist 1.1.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "premmerce-woocommerce-wishlist 1.1.2 Subscriber+.Arbitrary.Option.Update CRITICAL" "pressference-exporter No.known.fix Authenticated.(Administrator+).SQL.Injection HIGH" "pdf-viewer-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.render MEDIUM" "pdf-viewer-for-elementor No.known.fix Arbitrary.JavaScript.Execution MEDIUM" "pdf-viewer-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-pinterest No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-pinterest No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "preview-link-generator 1.0.4 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "perelink No.known.fix Settings.Update.via.CSRF MEDIUM" "page-views-count 2.6.1 Contributor+.Stored.XSS MEDIUM" "page-views-count 2.5.6 Settings.Reset.via.CSRF MEDIUM" "page-views-count 2.4.15 Unauthenticated.SQL.Injection HIGH" "page-views-count 2.4.9 Contributor+.Stored.XSS MEDIUM" "pickup-and-delivery-from-customer-locations-for-woocommerce 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "pickup-and-delivery-from-customer-locations-for-woocommerce 1.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "permalinks-customizer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "post-to-csv 1.4.1 Author+.CSV.Injection MEDIUM" "post-to-csv 1.3.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "print-google-cloud-print-gcp-woocommerce 4.5.4 Missing.Authorization.via.showTemplatePreview() MEDIUM" "print-google-cloud-print-gcp-woocommerce 4.5.6 Cross-Site.Request.Forgery.to.Cross-Site.Scripting.via.process.php MEDIUM" "print-google-cloud-print-gcp-woocommerce 4.5.4 Unauthenticated.WC.Order.Data.Access MEDIUM" "print-google-cloud-print-gcp-woocommerce 4.5.4 Printer.Settings.Update.via.CSRF MEDIUM" "play-ht No.known.fix Missing.Authorization MEDIUM" "play-ht No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "play-ht No.known.fix Missing.Authorization MEDIUM" "play-ht No.known.fix Cross-Site.Request.Forgery MEDIUM" "plugins-list 2.5.1 Admin+.Stored.XSS LOW" "post-carousel 3.0.1 Editor+.Stored.XSS LOW" "post-carousel 2.4.28 Editor+.Stored.XSS LOW" "post-carousel 2.4.19 Contributor+.Stored.XSS MEDIUM" "post-carousel 2.3.5 CSRF.Bypass./.Unauthorised.AJAX.Calls MEDIUM" "ptypeconverter No.known.fix Authenticated.(Editor+).SQL.Injection HIGH" "plugin-groups 2.0.7 Missing.Authorization.to.Unauthenticated.Denial.of.Service MEDIUM" "post-snippets 4.0.4 Reflected.Cross-Site.Scripting MEDIUM" "post-snippets 4.0.3 Admin+.Stored.XSS LOW" "post-snippets 3.1.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "post-snippets 3.1.4 CSRF.to.Stored.Cross-Site.Scripting HIGH" "post-snippets 3.0.4 Subscriber+.Arbitrary.Option.Update CRITICAL" "pocket-news-generator No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "pocket-news-generator No.known.fix .Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "post-shortcode No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "premmerce-user-roles 1.0.13 Missing.Authorization.via.role.management.functions HIGH" "premmerce-user-roles 1.0.12 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-user-roles 1.0.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pricetable No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "post-category-image-with-grid-and-slider 1.4.8 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "publish-to-schedule 4.5.5 Admin+.Stored.XSS LOW" "projectopia-core 5.1.5 Reflected.Cross-Site.Scripting MEDIUM" "projectopia-core 5.0.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "paypal-payment-button-by-vcita 3.10.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "paypal-payment-button-by-vcita No.known.fix CSRF.to.Stored.XSS.in.settings.page MEDIUM" "postmagthemes-demo-import 1.0.8 Admin+.Arbitrary.File.Upload MEDIUM" "pre-publish-checklist 1.1.2 Insecure.Direct.Object.Reference.to.Arbitrary.Post.'_ppc_meta_key'.Update MEDIUM" "pmpro-membership-maps 0.7 Membership.Maps.Add.On.<.0.7.-.Contributor+.Sensitive.Information.Disclosure MEDIUM" "pvn-auth-popup No.known.fix Contributor+.XSS.via.Shortcode MEDIUM" "pvn-auth-popup No.known.fix Admin+.Stored.XSS LOW" "pinblocks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pinblocks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "prevent-content-copy-image-save No.known.fix CSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "post-views-stats No.known.fix Reflected.Cross-Site.Scripting.via.from.and.to MEDIUM" "powies-whois 0.9.33 Authenticated.Stored.Cross-Site.Scripting LOW" "product-layouts 1.1.4 Reflected.Cross-Site.Scripting MEDIUM" "pdf-print 2.0.3 Unauthenticated.Cross-Site-Scripting.(XSS) MEDIUM" "pdf-print 1.9.4 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "pdf-thumbnail-generator 1.4 Reflected.Cross-Site.Scripting MEDIUM" "pagerestrict No.known.fix Unauthenticated.Protected.Post.Access MEDIUM" "pagerestrict No.known.fix Cross-Site.Request.Forgery.via.pr_admin_page MEDIUM" "premmerce-woocommerce-product-filter 3.7.3 Missing.Authorization MEDIUM" "premmerce-woocommerce-product-filter 3.7.2 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-product-filter 3.6.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "premmerce-woocommerce-product-filter 3.2 Subscriber+.Arbitrary.Option.Update CRITICAL" "post-meta-data-manager 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-meta-data-manager 1.2.2 Cross-Site.Request.Forgery.to.Post,.Term,.and.User.Meta.Deletion MEDIUM" "post-meta-data-manager 1.2.1 Unauthenticated.Data.Deletion HIGH" "post-meta-data-manager 1.2.1 Subscriber+.Privilege.Escalation HIGH" "post-meta-data-manager 1.2.1 Missing.Authorization.to.Post,.Term,.and.User.Meta.Deletion MEDIUM" "per-page-add-to No.known.fix Authenticated.Stored.XSS LOW" "per-page-add-to 1.4.4 CSRF.to.Stored.XSS HIGH" "pdf-block No.known.fix Contributor+.Stored.XSS MEDIUM" "piotnetforms 1.0.30 Missing.Authorization.via.multiple.AJAX.actions MEDIUM" "piotnetforms 1.0.29 Unauthenticated.Arbitrary.File.Upload CRITICAL" "piotnetforms No.known.fix Unauthenticated.Arbitrary.File.Upload HIGH" "podlove-web-player 5.7.4 Missing.Authorization.to.Unauthenticated.Information.Exposure MEDIUM" "podlove-web-player 5.7.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting HIGH" "pinterest-pin-it-button-on-image-hover-and-post 3.4 Subscriber+.Arbitrary.Settings.Update MEDIUM" "pdf-invoices-and-packing-slips-for-woocommerce 1.3.8 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "panorama 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "panorama 1.0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "paid-member-subscriptions 2.12.9 Reflected.Cross-Site.Scripting MEDIUM" "paid-member-subscriptions 2.11.1 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "paid-member-subscriptions 2.11.2 Missing.Authorization.via.creating_pricing_table_page MEDIUM" "paid-member-subscriptions 2.11.2 Missing.Authorization.via.pms_stripe_connect_handle_authorization_return MEDIUM" "paid-member-subscriptions 2.10.5 Cross-Site.Request.Forgery.via.ajax_add_log_entry MEDIUM" "paid-member-subscriptions 2.4.2 Authenticated.SQL.Injection MEDIUM" "paid-member-subscriptions 2.4.2 Reflected.Cross-Site.Scripting.(XSS) HIGH" "pray-for-me No.known.fix Unauthenticated.Stored.XSS HIGH" "pray-for-me No.known.fix Settings.Update.via.CSRF MEDIUM" "project-source-code-download No.known.fix Unauthenticated.Backup.Download HIGH" "product-category-tree No.known.fix Reflected.XSS HIGH" "product-category-tree No.known.fix CSRF MEDIUM" "pdf-invoices-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pilotpress 2.0.31 Subscriber+.Report.Access.&.DB.Transients.Purging MEDIUM" "payment-gateway-payfabric 1.0.13 Reflected.Cross-Site.Scripting MEDIUM" "payment-gateway-payfabric 1.0.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "propovoice-pro No.known.fix Unauthenticated.SQL.Injection CRITICAL" "product-size-chart-for-woo 1.1.6 Settings.Update.via.CSRF MEDIUM" "pre-party-browser-hints 1.8.20 Admin+.SQLi MEDIUM" "pdf-generator-for-wp 1.1.2 Reflected.XSS HIGH" "post-timeline 2.2.6 Reflected.XSS HIGH" "product-recommendation-quiz-for-ecommerce 2.1.2 Missing.Authorization.in.prq_set_token MEDIUM" "personalize-woocommerce-cart-page 2.5 Cross-Site.Request.Forgery.(CSRF) HIGH" "pretty-url No.known.fix Admin+.Stored.XSS.in.plugin.settings LOW" "post-type-x 1.7.7 Sensitive.Information.Exposure.via.Product.CSV MEDIUM" "post-type-x 1.7.6 Cross-Site.Request.Forgery.via.ic_system_status MEDIUM" "post-type-x 1.7.0 Reflected.XSS HIGH" "post-type-x 1.5.13 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "post-type-x 1.5.13 Cross-Site.Request.Forgery MEDIUM" "photo-contest No.known.fix CSRF.Bypass MEDIUM" "photo-contest No.known.fix Cross-Site.Request.Forgery MEDIUM" "powerkit 2.9.2 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "powerkit 2.5.9 Post.Views.Settings.Update/Reset.via.CSRF MEDIUM" "planso-forms No.known.fix Authenticated.Stored.Cross-Site.Scripting LOW" "pb-mailcrypt-antispam-email-encryption No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.1.14 Cross-Site.Request.Forgery.to.Remote.Code.Execution HIGH" "podlove-podcasting-plugin-for-wordpress 4.1.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.0.15 Cross-Site.Request.Forgery MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.0.12 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.1.1 Missing.Authorization MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.0.14 Authenticated.(Contributor+).SQL.Injection CRITICAL" "podlove-podcasting-plugin-for-wordpress 4.0.10 Reflected.Cross-Site.Scripting MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.0.12 Missing.Authorization.to.Settings.Import MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.0.12 Missing.Authorization.to.Unauthenticated.Data.Export MEDIUM" "podlove-podcasting-plugin-for-wordpress 3.8.4 Cross-Site.Request.Forgery MEDIUM" "podlove-podcasting-plugin-for-wordpress 3.8.3 Admin+.Stored.XSS LOW" "podlove-podcasting-plugin-for-wordpress 3.5.6 Unauthenticated.SQL.Injection MEDIUM" "podlove-podcasting-plugin-for-wordpress 2.6.0 Authenticated.SQL.Injection HIGH" "podlove-podcasting-plugin-for-wordpress 2.3.16 Multiple.SQLi.&.XSS CRITICAL" "plugmatter-optin-feature-box-lite 2.0.14 Unauthenticated.Blind.SQL.Injection CRITICAL" "portfolio-filter-gallery 1.6.5 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "portfolio-filter-gallery 1.5.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "pubydoc-data-tables-and-charts No.known.fix Admin+.Stored.XSS MEDIUM" "pop-over-xyz No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pop-over-xyz No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "propertyhive 2.0.20 Cross-Site.Request.Forgery.via.save_account_details HIGH" "propertyhive 2.0.10 Missing.Authorization MEDIUM" "propertyhive 2.0.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "propertyhive 2.0.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "propertyhive 2.0.13 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Deletion MEDIUM" "propertyhive 2.0.9 Reflected.Cross-Site.Scripting MEDIUM" "propertyhive 2.0.10 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "propertyhive 2.0.7 Missing.Authorization.via.activate_pro_feature MEDIUM" "propertyhive 2.0.6 Unauthenticated.PHP.Object.Injection.via.propertyhive_currency HIGH" "propertyhive 1.5.49 Reflected.XSS HIGH" "propertyhive 1.5.47 Reflected.XSS HIGH" "propertyhive 1.4.26 Unvalidated.Input.to.do_action() MEDIUM" "pondol-formmail No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "pixel-for-web-stories 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "page-builder-add 1.5.2.1 Authenticated.(Editor+).Local.File.Inlcusion HIGH" "page-builder-add 1.5.1.9 Reflected.Cross-Site.Scripting.via.pageType MEDIUM" "page-builder-add 1.5.1.8 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "page-builder-add 1.5.1.6 Open.Redirect MEDIUM" "page-builder-add 1.5.1.3 Admin+.Stored.XSS LOW" "page-builder-add 1.4.9.9 Contributor+.Cross-Site.Scripting.via.Shortcode MEDIUM" "page-builder-add 1.4.9.6 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "ptoffice-sign-ups No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "password-protected 2.6.7 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "password-protected 2.6.7 Admin+.Stored.XSS LOW" "password-protected 2.6.3.2 Reflected.Cross-Site.Scripting MEDIUM" "password-protected 2.6.3 Admin+.Stored.XSS LOW" "power-ups-for-elementor 1.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "progress-planner 0.9.3 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "progress-planner 0.9.2 Missing.Authorization MEDIUM" "pmpro-mailchimp 2.3.5 Unauthenticated.Information.Disclosure MEDIUM" "pondol-carousel No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "phone-orders-for-woocommerce 3.7.2 Subscriber+.Sensitive.Data.Exposure MEDIUM" "peepso-photos 6.3.1.0 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-brands 1.2.13 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-brands 1.2.12 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pricing-tables-for-wpbakery-page-builder 3.0 Subscriber+.LFI HIGH" "pricing-tables-for-wpbakery-page-builder 3.0 Contributor+.Stored.XSS MEDIUM" "plainview-protect-passwords No.known.fix Cross-Site.Request.Forgery MEDIUM" "plainview-protect-passwords No.known.fix Reflected.XSS HIGH" "playlist-for-youtube No.known.fix Editor+.Stored.XSS LOW" "post-smtp 2.9.4 Administrator+.SQL.Injection MEDIUM" "post-smtp 2.8.8 Authorization.Bypass.via.type.connect-app.API CRITICAL" "post-smtp 2.8.8 Unauthenticated.Stored.Cross-Site.Scripting.via.device HIGH" "post-smtp 2.8.7 Admin+.SQL.Injection MEDIUM" "post-smtp 2.8.7 Reflected.Cross-Site.Scripting HIGH" "post-smtp 2.7.1 Unauthenticated.Cross-site.Scripting HIGH" "post-smtp 2.6.1 Authenticated.(Administrator+).SQL.Injection HIGH" "post-smtp 2.5.8 Reflected.Cross-Site.Scripting MEDIUM" "post-smtp 2.5.8 Unauthenticated.Stored.Cross-Site.Scripting.via.Email.Contents HIGH" "post-smtp 2.5.7 Account.Takeover.via.CSRF MEDIUM" "post-smtp 2.5.7 Arbitrary.Log.Deletion.via.CSRF MEDIUM" "post-smtp 2.1.7 Admin+.Blind.SSRF LOW" "post-smtp 2.1.4 Admin+.Stored.Cross-Site.Scripting LOW" "post-smtp 2.0.21 CSRF.Nonce.Bypass MEDIUM" "price-bands-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "price-bands-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "price-bands-for-woocommerce No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "pdf-embedder 4.8.0 Arbitrary.JavaScript.Execution MEDIUM" "pdf-embedder 4.7.1 Contributor+.Stored.XSS MEDIUM" "postmatic No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "postmatic 2.2.10 Subscriber+.PHP.Object.Injection MEDIUM" "postmatic 2.2.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "postmatic 1.4.6 Cross-Site.Scripting.(XSS) MEDIUM" "podiant No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "pramadillo-activecampaign-email-preference-center 2.0.12 Reflected.Cross-Site.Scripting MEDIUM" "pramadillo-activecampaign-email-preference-center 2.0.10 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "publishpress 1.9.5 Reflected.Cross-Site.Scripting MEDIUM" "publishpress 3.5.1 Reflected.Cross-Site.Scripting HIGH" "pootle-button 1.2.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "purple-xmls-google-product-feed-for-woocommerce No.known.fix Authenticated.(Administrator+).SQL.Injection CRITICAL" "purple-xmls-google-product-feed-for-woocommerce 3.2.3.4 Reflected.Cross-Site.Scripting MEDIUM" "purple-xmls-google-product-feed-for-woocommerce 3.3.1.0 Authenticated.SQL.Injection MEDIUM" "pmpro-member-directory 1.2.6 Member.Directory.Add.On.<.1.2.6.-.Contributor+.Sensitive.Information.Disclosure.and.SQLi MEDIUM" "pubsubhubbub 3.2.0 Admin+.Stored.XSS MEDIUM" "paypal-pay-buy-donation-and-cart-buttons-shortcode No.known.fix Admin+.Stored.XSS LOW" "paypal-pay-buy-donation-and-cart-buttons-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "paypal-pay-buy-donation-and-cart-buttons-shortcode No.known.fix .Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "prdctfltr 8.2.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "poll-wp No.known.fix Authenticated.(Administrator+).SQL.Injection.via.orderby.Parameter HIGH" "poll-wp 2.4.0 Admin+.SQL.Injection MEDIUM" "poll-wp 1.5.9 Reflected.Cross-Site.Scripting HIGH" "poll-wp 1.3.4 Broken.Authentication.and.Missing.Capability.Checks.on.AJAX.calls CRITICAL" "profit-products-tables-for-woocommerce 1.0.6.4 Reflected.Cross-Site.Scripting MEDIUM" "profit-products-tables-for-woocommerce 1.0.6.3 Missing.Authorization MEDIUM" "profit-products-tables-for-woocommerce 1.0.6.2 Cross-Site.Request.Forgery MEDIUM" "profit-products-tables-for-woocommerce 1.0.6.2 Missing.Authorization MEDIUM" "profit-products-tables-for-woocommerce 1.0.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "profit-products-tables-for-woocommerce 1.0.6.1 Unauthenticated.PHP.Object.Injection CRITICAL" "profit-products-tables-for-woocommerce 1.0.5 Reflected.Cross-Site-Scripting MEDIUM" "profit-products-tables-for-woocommerce 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "photospace-responsive 2.1.2 Admin+.Stored.XSS MEDIUM" "page-builder-by-azexo No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "page-builder-by-azexo No.known.fix Cross-Site.Request.Forgery.(CSRF).to.Stored.XSS MEDIUM" "page-builder-by-azexo No.known.fix Contributor+.Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "page-builder-by-azexo No.known.fix Subscriber+.Post.Creation MEDIUM" "plezi 1.0.3 Unauthenticated.Stored.XSS HIGH" "premmerce-redirect-manager 1.0.12 Admin+.Stored.XSS MEDIUM" "premmerce-redirect-manager 1.0.10 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-redirect-manager 1.0.12 Admin+.Stored.XSS LOW" "premmerce-redirect-manager 1.0.11 Cross-Site.Request.Forgery MEDIUM" "premmerce-redirect-manager 1.0.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pretty-opt-in-lite 1.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pmpro-register-helper 1.8.1 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "protect-admin-account 2.0.2 Reflected.Cross-Site.Scripting MEDIUM" "portfolio-slideshow No.known.fix Contributor+.XSS MEDIUM" "postmash No.known.fix Reflected.Cross-Site.Scripting.via.m MEDIUM" "postmash No.known.fix Unauthenticated.SQL.Injection CRITICAL" "product-price-history 2.1.5 Reflected.Cross-Site.Scripting MEDIUM" "printfriendly 5.5.2 Admin+.Stored.XSS LOW" "printfriendly 5.2.3 Admin+.Stored.Cross-Site.Scripting LOW" "page-and-post-restriction 1.3.5 Unauthenticated.Protected.Post.Access MEDIUM" "page-and-post-restriction 1.2.7 Admin+.Stored.Cross-Site.Scripting LOW" "pixcodes 2.3.7 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "prepost-seo No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "paid-membership 1.9.6 Arbitrary.Settings.Update.via.CSRF MEDIUM" "peters-collaboration-e-mails No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "powr-pack 2.2.0 Contributor+.Stored.XSS MEDIUM" "payment-page 1.2.9 Reflected.Cross-Site.Scripting MEDIUM" "payment-page 1.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "payment-gateway-stripe-and-woocommerce-integration 3.8.0 Unauthenticated.SQL.Injection CRITICAL" "payment-gateway-stripe-and-woocommerce-integration 3.8.0 Unauthenticated.WC.Order.Status.Update MEDIUM" "payment-gateway-stripe-and-woocommerce-integration 3.7.8 Authentication.Bypass HIGH" "payment-gateway-stripe-and-woocommerce-integration 3.6.0 Reflected.Cross-Site.Scripting.(XSS) HIGH" "pricing-table-by-supsystic 1.9.13 Admin+.Content.Injection LOW" "pricing-table-by-supsystic 1.9.5 Reflected.Cross-Site.Scripting MEDIUM" "pricing-table-by-supsystic 1.9.0 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "pricing-table-by-supsystic 1.8.9 Authenticated.SQL.Injections CRITICAL" "pricing-table-by-supsystic 1.8.2 Unauthenticated.Stored.XSS HIGH" "pricing-table-by-supsystic 1.8.2 Insecure.Permissions.on.AJAX.Actions HIGH" "pricing-table-by-supsystic 1.8.1 Cross-Site.Request.Forgery.to.XSS.and.Setting.Changes HIGH" "perfect-pullquotes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "phpsword-favicon-manager No.known.fix Authenticated.(Admin+).Arbitrary.File.Upload CRITICAL" "project-status No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "pop-up-pop-up 1.2.0 Subscriber+.Plugin.Installation MEDIUM" "pop-up-pop-up 1.2.0 Plugin.Installation.via.CSRF MEDIUM" "pop-up-pop-up 1.1.6 Arbitrary.Settings.Update.via.CSRF MEDIUM" "preloader-for-divi No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "preloader-for-divi No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "perelandra-sermons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "perelandra-sermons No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "perelandra-sermons No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "post-list-with-featured-image No.known.fix Reflected.XSS HIGH" "photography-portfolio 1.4.9 Reflected.Cross-Site.Scripting MEDIUM" "post-slider-carousel 1.0.21 Admin+.Stored.XSS LOW" "pinterest-rss-widget No.known.fix Contributor+.Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "pure-chat 2.23 Cross-Site.Request.Forgery MEDIUM" "pure-chat No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "payment-form-for-paypal-pro 1.1.65 Unauthenticated.SQL.Injection CRITICAL" "payment-form-for-paypal-pro 1.0.2 Multiple.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "pootle-page-builder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pootle-page-builder No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pootle-page-builder 5.7.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "popup-anything-on-click 2.8.1 Missing.Authorization MEDIUM" "popup-anything-on-click 2.2.2 Popup.Settings.Reset.via.CSRF MEDIUM" "popup-anything-on-click 2.1.7 Reflected.Cross-Site.Scripting MEDIUM" "popup-anything-on-click 2.0.4 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "quickiebar No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "quick-restaurant-reservations 1.5.5 CSRF MEDIUM" "quick-restaurant-reservations 1.4.2 Reflected.Cross-Site.Scripting MEDIUM" "qt-kentharadio 2.0.2 Unauthenticated.RFI.and.SSRF MEDIUM" "qtranslate-slug No.known.fix Cross-Site.Request.Forgery MEDIUM" "qtranslate-slug No.known.fix CSRF.Bypass.in.Multiple.Plugins MEDIUM" "quizlord No.known.fix Admin+.Stored.XSS LOW" "quiz-expert No.known.fix Cross-Site.Request.Forgery MEDIUM" "quote-requests-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "quote-requests-for-woocommerce 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "quadmenu 2.0.7 Unauthenticated.RCE.via.compiler_save CRITICAL" "quick-affiliate-store No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "quick-pagepost-redirect-plugin 5.2.4 Admin+.Stored.XSS LOW" "quick-pagepost-redirect-plugin 5.2.0 Authenticated.Settings.Update CRITICAL" "quick-edit-template-link No.known.fix Cross-Site.Request.Forgery MEDIUM" "quick-event-manager 9.8.5.3 Reflected.Cross-Site.Scripting MEDIUM" "quick-event-manager 9.6.5 Admin+.Stored.XSS LOW" "quick-event-manager 9.7.5 Unauthenticated.Stored.XSS HIGH" "quick-event-manager 9.7.5 Registration.Deletion/Update.via.CSRF MEDIUM" "quick-event-manager 9.7.5 Reflected.Cross-Site HIGH" "quick-event-manager 9.2.17 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "quote-o-matic No.known.fix Admin+.SQLi MEDIUM" "qyrr-code 1.4.4 Reflected.Cross-Site.Scripting MEDIUM" "qyrr-code 0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "qyrr-code 0.7 Authenticated.(contributor+).Stored.XSS MEDIUM" "qr-twitter-widget No.known.fix Contributor+.Stored.XSS MEDIUM" "quotes-collection No.known.fix Admin+.SQL.Injection MEDIUM" "quotes-collection 2.0.6 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "quick-interest-slider 2.9.5 Cross-Site.Request.Forgery MEDIUM" "quick-interest-slider 2.9.4 Admin+.Stored.XSS LOW" "quickswish 1.1.0 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "quasar-form No.known.fix Subscriber+.SQLi HIGH" "quick-contact-form 8.0.6.8 Reflected.Cross-Site.Scripting MEDIUM" "quick-contact-form 8.0.4 Admin+.Stored.XSS LOW" "quick-contact-form 8.0.4 Contributor+.Stored.XSS MEDIUM" "quick-contact-form 8.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "quicksand-jquery-post-filter No.known.fix Cross-Site.Request.Forgery.via.renderAdmin MEDIUM" "quicksand-jquery-post-filter No.known.fix Missing.Authorization.via.quicksand_admin_ajax CRITICAL" "qqworld-auto-save-images No.known.fix Missing.Authorization.to.Arbitrary.Post.Content.Retrieval MEDIUM" "qtranslate-x No.known.fix Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "qtranslate-x 3.4.4 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "quotes-llama 1.0.0 Admin+.Stored.Cross-Site.Scripting LOW" "quick-code No.known.fix Stored.XSS.via.CSRF HIGH" "qi-blocks 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "qi-blocks 1.3.0 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "qr-code-composer 2.0.4 Subscriber+.Stored.XSS HIGH" "qode-essential-addons 1.5.3 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Plugin.Installation/Activation MEDIUM" "quote-press No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "quote-press No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "quiz-cat 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "qode-instagram-widget 2.0.2 Open.Redirect HIGH" "quotes-for-woocommerce 2.0.2 Missing.Authorization MEDIUM" "quotes-for-woocommerce 2.0.2 Quote.Status.Update./.Quote.Sending.via.CSRF MEDIUM" "quick-paypal-payments 5.7.28 Reflected.Cross-Site.Scripting MEDIUM" "quick-paypal-payments 5.7.26.4 Admin+.Stored.XSS LOW" "quick-paypal-payments 5.7.26 Contributor+.Stored.XSS MEDIUM" "quick-paypal-payments 5.7.26 Unauthenticated.Stored.XSS HIGH" "quick-paypal-payments 5.7.26 Unauthenticated.Payment.Message.Deletion/Update MEDIUM" "quick-paypal-payments 5.7.26 Admin+.Stored.XSS LOW" "quick-paypal-payments 5.7.22 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "qards No.known.fix Stored.Cross-Site.Scripting.(XSS) MEDIUM" "qi-addons-for-elementor 1.7.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "qi-addons-for-elementor 1.7.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Widget MEDIUM" "qi-addons-for-elementor 1.7.1 Contributor+.Stored.XSS MEDIUM" "qi-addons-for-elementor 1.6.8 Contributor+.Stored.XSS MEDIUM" "qi-addons-for-elementor 1.6.4 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "qi-addons-for-elementor 1.6.5 Contributor+.Stored.XSS MEDIUM" "qubely 1.8.6 Unauthenticated.Arbitrary.E-mail.Sending MEDIUM" "qubely 1.8.5 Contributor+.Stored.XSS MEDIUM" "qubely 1.8.1 Authenticated.Arbitrary.Settings.Update MEDIUM" "qubely 1.7.8 Subscriber+.Arbitrary.Post.Deletion MEDIUM" "quillforms 3.8.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "quillforms 3.4.0 Cross-Site.Request.Forgery MEDIUM" "qubotchat 1.1.6 Unauthenticated.Stored.XSS HIGH" "qubotchat 1.1.6 Qubotchat.<.1,1,6.–.Admin+.Stored.XSS LOW" "quick-subscribe No.known.fix Arbitrary.Settings.Update.via.CSRF.to.Stored.XSS MEDIUM" "qe-seo-handyman No.known.fix Admin+.SQLi MEDIUM" "qe-seo-handyman No.known.fix Admin+.SQLi MEDIUM" "quick-audio-player No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "quick-audio-player No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "qwiz-online-quizzes-and-flashcards 3.62 Admin+.Stored.Cross.Site.Scripting LOW" "qs-dark-mode 3.0 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "quiz-master-next 9.1.3 Author+.Stored.XSS MEDIUM" "quiz-master-next 9.1.1 Contributor+.Stored.XSS MEDIUM" "quiz-master-next 9.1.0 Contributor+.Stored.XSS MEDIUM" "quiz-master-next 9.0.5 Contributor+.Stored.XSS MEDIUM" "quiz-master-next 9.0.2 Contributor+.SQLi MEDIUM" "quiz-master-next 9.0.2 Contributor+.Stored.XSS MEDIUM" "quiz-master-next 9.0.2 Authenticated.(Contributor+).SQL.Injection CRITICAL" "quiz-master-next 8.2.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "quiz-master-next 8.1.19 Quiz.Results.Deletion.via.CSRF MEDIUM" "quiz-master-next 8.1.17 Unauthenticated.Unauthorised.Action MEDIUM" "quiz-master-next 8.1.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "quiz-master-next 8.1.19 Multiple.Cross-Site.Request.Forgery MEDIUM" "quiz-master-next 8.1.16 Cross-Site.Request.Forgery.via.'display_results' MEDIUM" "quiz-master-next 8.1.11 Contributor+.Stored.XSS MEDIUM" "quiz-master-next 8.0.8 Text.Message.Setting.Update.via.CSRF MEDIUM" "quiz-master-next 8.0.9 Unauthenticated.Arbitrary.Media.File.Delete MEDIUM" "quiz-master-next 8.0.5 Improper.Input.Validation MEDIUM" "quiz-master-next 8.0.5 Unauthenticated.iFrame.Injection HIGH" "quiz-master-next 7.3.11 Subscriber+.XSS MEDIUM" "quiz-master-next 7.3.5 Admin+.SQL.Injection MEDIUM" "quiz-master-next 7.3.5 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "quiz-master-next 7.3.5 Contributor+.Stored.XSS MEDIUM" "quiz-master-next 7.3.11 Bypass MEDIUM" "quiz-master-next 7.3.5 Reflected.Cross-Site.Scripting MEDIUM" "quiz-master-next 7.3.7 Multiple.Author+.IDOR LOW" "quiz-master-next 7.3.11 Sensitive.Information.Disclosure MEDIUM" "quiz-master-next 7.3.5 Quiz.Update.via.IDOR LOW" "quiz-master-next 7.3.7 Low.Privilege.Stored.Cross-Site.Scripting MEDIUM" "quiz-master-next 7.3.7 Reflected.Cross-Site.Scripting MEDIUM" "quiz-master-next 7.3.7 CSRF MEDIUM" "quiz-master-next 7.3.2 Admin+.Stored.Cross-Site.Scripting LOW" "quiz-master-next 7.1.14 Reflected.Cross-Site.Scripting HIGH" "quiz-master-next 7.1.18 Reflected.Cross-Site.Scripting.(XSS) HIGH" "quiz-master-next 7.1.19 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "quiz-master-next 7.1.14 Authenticated.SQL.injection.via.Rest.API HIGH" "quiz-master-next 7.1.12 Authenticated.SQL.injection.via.shortcode HIGH" "quiz-master-next 7.0.2 Unauthenticated.Arbitrary.File.Upload HIGH" "quiz-master-next 7.0.1 Arbitrary.File.Upload CRITICAL" "quiz-master-next 7.0.1 Unauthenticated..Arbitrary.File.Deletion CRITICAL" "quiz-master-next 7.0.0 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "quiz-master-next 6.3.5 Authenticated.Reflected.XSS HIGH" "quiz-master-next 6.2.2 Authenticated.Cross-Site.Scripting.(XSS) HIGH" "quiz-master-next 4.7.9 Stored.Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "quiz-master-next 4.4.4 Authenticated.Blind.SQL.Injection MEDIUM" "quick-chat No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "quick-chat No.known.fix Authenticated.Stored.Cross-Site.Scripting HIGH" "quick-chat 4.00 SQL.Injection CRITICAL" "qr-redirector 1.6 Subscriber+.Arbitrary.QR.Redirect.Response.Status.Update MEDIUM" "qr-redirector 1.6.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "quick-orders-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "quick-orders-for-woocommerce No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "qr-code-tag No.known.fix Contributor+.Stored.XSS MEDIUM" "q2w3-post-order No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "qode-twitter-feed 2.0.1 Open.Redirect HIGH" "quiz-tool-lite No.known.fix Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "quick-view-and-buy-now-for-woocommerce 1.5.9 Authenticated.(Shop.manager+).Stored.Cross-Site.Scripting.via.Custom.CSS.Code MEDIUM" "qodeblock No.known.fix Missing.Authorization.to.Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "qodeblock No.known.fix Missing.Authorization MEDIUM" "quiz-maker 6.5.9.9 Admin+.Stored.XSS LOW" "quiz-maker 6.5.8.4 Unauthenticated.SQL.Injection.via.'ays_questions'.Parameter CRITICAL" "quiz-maker 6.5.2.5 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Quiz.Creation.&.Modification MEDIUM" "quiz-maker 6.5.2.5 Missing.Authorization.to.Unauthenticated.Quiz.Data.Retrieval MEDIUM" "quiz-maker 6.5.0.6 Denial.of.Service MEDIUM" "quiz-maker 6.5.1.2 Missing.Authorization MEDIUM" "quiz-maker 6.4.9.5 Unauthenticated.Email.Address.Disclosure MEDIUM" "quiz-maker 6.4.9.5 Reflected.Cross-Site.Scripting HIGH" "quiz-maker 6.4.2.7 Reflected.XSS MEDIUM" "quiz-maker 6.2.0.9 Multiple.Authenticated.Blind.SQL.Injections HIGH" "quick-restaurant-menu 2.1.0 Subscriber+.Arbitrary.Post.Deletion/Updating MEDIUM" "quick-restaurant-menu 2.1.0 .Menu.Items.Update.via.CSRF MEDIUM" "quick-restaurant-menu 2.1.0 Admin+.Stored.XSS LOW" "quick-adsense-reloaded 2.0.85 Missing.Authorization MEDIUM" "quick-featured-images 13.7.1 Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.Thumbnail.Deletion/Setting MEDIUM" "query-wrangler 1.5.52 Reflected.XSS HIGH" "quick-call-button No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "q2w3-inc-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "quttera-web-malware-scanner 3.4.2.1 Directory.Listing.to.Sensitive.Data.Exposure MEDIUM" "quttera-web-malware-scanner 3.4.2.1 Admin+.Path.Traversal MEDIUM" "quick-adsense 2.8.2 Subscriber+.Post.Stats.Reset MEDIUM" "querywall No.known.fix Admin+.SQLi MEDIUM" "quotes-and-tips 1.45 Admin+.Arbitrary.File.Upload MEDIUM" "quotes-and-tips 1.32 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "quotes-and-tips 1.20 Cross-Site.Scripting.(XSS) MEDIUM" "radio-player 2.0.79 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.align.Attribute MEDIUM" "radio-player 2.0.74 Missing.Authorization.to.Player.Deletion MEDIUM" "radio-player 2.0.74 Missing.Authorization.to.Settings.Update MEDIUM" "radio-player 2.0.74 Missing.Authorization.to.Player.Update MEDIUM" "radio-player 2.0.74 Missing.Authorization MEDIUM" "radio-player 2.0.74 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "radio-player 2.0.74 Unauthenticated.Server-Side.Request.Forgery HIGH" "radio-player 2.0.74 Missing.Authorization.to.Authenticated.(Subscriber+).Information.Disclosure MEDIUM" "radio-player 2.0.74 Missing.Authorization.via.get_players MEDIUM" "radio-player 2.0.5 Reflected.Cross-Site.Scripting MEDIUM" "radio-player 1.0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "responsive-lightbox2 1.0.4 Contributor+.Stored.XSS MEDIUM" "responsive-lightbox2 1.0.3 Authenticated.Stored.Cross-Site.Scripting LOW" "require-taxonomy-image-category-tag 1.27 Reflected.Cross-Site.Scripting MEDIUM" "real-wysiwyg No.known.fix Reflected.Cross-Site.Scripting HIGH" "rss-feed-widget 2.9.8 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "rss-feed-widget 2.8.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "review-widgets-for-hotels-com 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "restaurant-pickup-delivery-dine-in No.known.fix Admin+.Stored.XSS LOW" "rocket-font No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "recipes-writer No.known.fix XSS MEDIUM" "rate-my-post 3.4.5 Insecure.Direct.Object.Reference MEDIUM" "rate-my-post 3.4.3 IP.Spoofing MEDIUM" "rate-my-post 3.3.9 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "rate-my-post 3.3.5 Cross-Site.Request.Forgery MEDIUM" "rate-my-post 3.3.5 Subscriber+.Votes.Tampering.via.Race.Condition MEDIUM" "restrict-for-elementor 1.0.8 Protection.Mechanism.Bypass MEDIUM" "restrict-for-elementor 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rich-reviews No.known.fix Arbitrary.Reviews.Deletion.via.CSRF MEDIUM" "rich-reviews 1.9.6 Admin+.SQL.Injection MEDIUM" "rewp 1.0.2 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "realty 1.1.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "rich-table-of-content 1.3.9 Contributor+.Stored.XSS MEDIUM" "reader-mode No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "rays-grid 1.2.3 CSRF.Bypass MEDIUM" "robin-image-optimizer 1.7.0 Missing.Authorization MEDIUM" "reciply 1.1.8 Unauthenticated.File.Upload MEDIUM" "responsivevoice-text-to-speech 1.7.7 Contributor+.Stored.XSS MEDIUM" "real-cookie-banner 3.4.10 Contributor+.Stored.XSS MEDIUM" "real-cookie-banner 2.18.2 Reflected.Cross-Site.Scripting MEDIUM" "real-cookie-banner 2.14.2 Settings.Reset.via.CSRF MEDIUM" "reservation-studio-widget 1.0.12 Admin+.Stored.XSS LOW" "reservation-studio-widget 1.0.12 Cross-Site.Request.Forgery MEDIUM" "rename-wp-login No.known.fix Secret.URL.Update.via.CSRF MEDIUM" "relicwp-helper No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "redirection 3.6.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "redirection 2.8 Authenticated.Local.File.Inclusion MEDIUM" "responsive-cookie-consent 1.8 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "rate-limiting-for-contact-form-7 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rss-control 3.0.8 Reflected.Cross-Site.Scripting MEDIUM" "rss-control 2.0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "recall-products No.known.fix Authenticated.SQL.Injection MEDIUM" "recall-products No.known.fix Authenticated.Cross-Site.Scripting MEDIUM" "responsive-video-embed 0.5.1 Contributor+.Stored.XSS MEDIUM" "raise-prices-with-sales-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "raise-prices-with-sales-for-woocommerce 1.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rss-feed-post-generator-echo 5.4.7 Unauthenticated.Privilege.Escalation CRITICAL" "restrict-content 3.2.9 Missing.Authorization MEDIUM" "restrict-content 3.2.8 Information.Exposure.via.legacy.log.file MEDIUM" "restrict-content 3.2.5 Reflected.Cross-Site.Scripting MEDIUM" "restrict-content 3.2.3 Restrict.Content.<.3.2.3.-.Reflected.XSS HIGH" "rt-easy-builder-advanced-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-site.Scripting MEDIUM" "rt-easy-builder-advanced-addons-for-elementor 2.1 Missing.Authorization MEDIUM" "rt-easy-builder-advanced-addons-for-elementor 1.9 Reflected.Cross-Site.Scripting MEDIUM" "rt-easy-builder-advanced-addons-for-elementor 1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "responsive-block-editor-addons 1.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "real-estate-manager No.known.fix Subscriber+.Privilege.Escalation HIGH" "real-estate-manager 7.0 Subscriber+.Settings.Update MEDIUM" "rss-for-yandex-turbo 1.31 Admin+.Stored.Cross-Site.Scripting LOW" "rss-for-yandex-turbo 1.30 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "relevant 1.2.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "relevant 1.0.8 Cross-Site.Scripting.(XSS) MEDIUM" "remove-old-slugspermalinks 2.7.0 Cross-Site.Request.Forgery MEDIUM" "royal-slider 3.2.7 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "review-widgets-for-arukereso 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "rometheme-for-elementor 1.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rometheme-for-elementor 1.4.2 Missing.Authorization MEDIUM" "rometheme-for-elementor 1.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rm-mailchimp-manager No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rm-mailchimp-manager No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "rearrange-woocommerce-products 3.0.8 Subscriber+.SQL.Injection HIGH" "redi-restaurant-reservation 24.0712 Missing.Authorization MEDIUM" "redi-restaurant-reservation 24.0303 Cross-Site.Request.Forgery.via.redi_restaurant_admin_options_page() MEDIUM" "redi-restaurant-reservation 24.0303 Cross-Site.Request.Forgery.via.redi_restaurant_admin_options_page() MEDIUM" "redi-restaurant-reservation 24.0303 Reflected.Cross-Site.Scripting MEDIUM" "redi-restaurant-reservation 21.0426 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "real-time-find-and-replace 4.0.2 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting HIGH" "random-sorting-order-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "random-sorting-order-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "random-sorting-order-for-woocommerce No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "rezgo 4.1.8 Reflected.Cross-Site-Scripting MEDIUM" "rezgo 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "reflex-gallery 3.1.5 jQuery.prettyPhoto.DOM.Cross-Site.Scripting.(XSS) MEDIUM" "remove-wp-update-nags 1.5.0 Reflected.Cross-Site.Scripting MEDIUM" "remove-wp-update-nags 1.4.0 Subscriber+.Arbitrary.Option.Update CRITICAL" "resermy No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "resermy No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "resermy No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "recurwp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "recurwp No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ravpage 2.25 Reflected.Cross-Site.Scripting MEDIUM" "rename-media-files No.known.fix Authenticated.(Contributor+).Remote.Code.Execution HIGH" "rockhoist-badges No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "rsvpmaker 10.6.7 Improper.Neutralization.of.Special.Elements.used.in.an.SQL.Command.('SQL.Injection') LOW" "rsvpmaker 9.9.4 Improper.Neutralization.of.Special.Elements.used.in.an.SQL.Command.('SQL.Injection') CRITICAL" "rsvpmaker 10.6.7 Admin+.Stored.XSS HIGH" "rsvpmaker 10.6.7 Unauthenticated.PHP.Object.Injection HIGH" "rsvpmaker 10.6.7 Unauthenticated.Stored.XSS HIGH" "rsvpmaker 10.5.5 Admin+.SQL.Injection.(SQLi) HIGH" "rsvpmaker 9.2.7 Unauthenticated.SQLi MEDIUM" "rsvpmaker 9.2.6 Unauthenticated.SQLi CRITICAL" "rsvpmaker 8.7.3 Authenticated.(admin+).SSRF HIGH" "rsvpmaker 7.8.2 Unauthenticated.SQL.Injection HIGH" "rsvpmaker 6.2 SQL.Injection CRITICAL" "rich-counter 1.2.0 Cross-Site.Scripting.(XSS) MEDIUM" "review-widgets-for-airbnb 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "refer-a-friend-widget-for-wp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "rencontre 3.11 Unauthenticated.Arbitrary.File.Upload CRITICAL" "rencontre 3.11.2 Subscriber+.PHP.Object.Injection HIGH" "rencontre 3.11 Privilege.Escalation CRITICAL" "rencontre 3.2.3 Multiple.CSRF CRITICAL" "resmushit-image-optimizer 0.4.4 Subscriber+.AJAX.Calls MEDIUM" "resmushit-image-optimizer 0.4.7 Multiple.CSRF MEDIUM" "resmushit-image-optimizer 0.4.6 Admin+.Cross-Site.Scripting LOW" "rock-convert 3.0.0 Admin+.Stored.XSS LOW" "rock-convert 2.11.0 Admin+.Stored.Cross-Site.Scripting LOW" "rock-convert 2.6.0 Reflected.Cross-Site.Scripting MEDIUM" "responsive-filterable-portfolio 1.0.20 Reflected.XSS HIGH" "restrict-user-access 2.6 Reflected.Cross-Site.Scripting MEDIUM" "restrict-user-access 2.6 Information.Exposure MEDIUM" "restrict-user-access 2.4.3 Reflected.Cross-Site.Scripting MEDIUM" "restrict-user-access 2.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "reviewx 1.6.29 Insufficient.Rating.Validation MEDIUM" "reviewx 1.6.28 Missing.Authorization MEDIUM" "reviewx 1.6.22 Missing.Authorization MEDIUM" "reviewx 1.6.23 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "reviewx 1.6.14 Subscriber+.Privilege.Escalation HIGH" "reviewx 1.6.4 Subscriber+.SQLi HIGH" "reviewx 1.2.9 Unauthorised.AJAX.call.via.CSRF MEDIUM" "review-widgets-for-amazon 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "rsvp 2.7.8 Unauthenticated.Entries.Export HIGH" "rsvp 2.7.5 Reflected.Cross-Site.Scripting MEDIUM" "rsvp 2.3.8 XSS MEDIUM" "real-kit 5.1.1 Contributor+.Stored.XSS MEDIUM" "retain No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "rotating-posts No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "rotatingtweets No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "removehide-author-date-category-like-entry-meta No.known.fix Settings.Update.via.CSRF MEDIUM" "rss-chimp 1.2.5 Reflected.Cross-Site.Scripting MEDIUM" "rss-chimp 1.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "remove-cpt-base 5.9 CPT.Deletion.via.CSRF MEDIUM" "review-stream 1.6.6 Admin+.Stored.XSS LOW" "ruven-toolkit No.known.fix tinymce/popup.php.popup.Parameter.Reflected.XSS MEDIUM" "resume-builder No.known.fix Subscriber+.Stored.XSS HIGH" "responsive-lightbox 2.4.8 Missing.Authorization MEDIUM" "responsive-lightbox 2.4.8 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.File.Upload MEDIUM" "responsive-lightbox 2.4.7 Information.Disclosure MEDIUM" "responsive-lightbox 2.4.6 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.name MEDIUM" "responsive-lightbox 1.7.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "responsive-header-image-slider No.known.fix Contributor+.Stored.XSS MEDIUM" "restrict-categories No.known.fix Reflected.XSS HIGH" "related-post 2.0.54 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rimons-twitter-widget 1.3 XSS MEDIUM" "reset-course-progress-for-learndash No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "reset-course-progress-for-learndash No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "review-buddypress-groups 2.8.4 Subscriber+.Arbitrary.Settings.Update.&.Review.Modification MEDIUM" "review-buddypress-groups 2.8.1 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "restrict-usernames-emails-characters 3.1.4 Admin+.Stored.XSS LOW" "rabbit-loader 2.21.1 Reflected.Cross-Site.Scripting MEDIUM" "rabbit-loader 2.19.14 Missing.Authorization.via.multiple.AJAX.actions MEDIUM" "really-simple-ssl 8.0.0 Admin+.Server-Side.Request.Forgery MEDIUM" "redirect-404-to-parent 1.3.1 Reflected.Cross-Site.Scripting.(XSS) HIGH" "remember-me-controls 2.1 Unauthenticated.Full.Path.Disclosure MEDIUM" "remove-add-to-cart-button-for-woocommerce 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "remove-add-to-cart-button-for-woocommerce 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "reusable-text-blocks No.known.fix Author+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "required-taxonomies 1.1.8 Reflected.Cross-Site.Scripting MEDIUM" "required-taxonomies 1.1.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "request-a-quote 2.4.1 Admin+.Stored.XSS LOW" "request-a-quote 2.3.9 Admin+.Stored.Cross-Site.Scripting LOW" "request-a-quote 2.3.9 Admin+.Stored.Cross-Site.Scripting LOW" "request-a-quote 2.3.4 Authenticated.Stored.XSS MEDIUM" "romethemeform 1.1.6 Missing.Authorization.via.export_entries,.rtformnewform,.and.rtformupdate MEDIUM" "romethemeform 1.1.3 Missing.Authorization MEDIUM" "related-posts-for-wp 2.2.2 Cross-Site.Request.Forgery MEDIUM" "related-posts-for-wp 2.0.5 Authenticated.Stored.XSS.&.XFS MEDIUM" "related-posts-for-wp 2.0.4 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "related-posts-for-wp 1.8.2 Cross-Site.Scripting.(XSS) CRITICAL" "revolut-gateway-for-woocommerce 4.17.4 Missing.Authorization.to.Unauthenticated.Order.Status.Update MEDIUM" "revolut-gateway-for-woocommerce 4.9.8 Missing.Authorization MEDIUM" "redirect-after-login No.known.fix Admin+.Stored.XSS LOW" "racar-clear-cart-for-woocommerce 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "review-widgets-for-capterra 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "responsive-menu-pro 4.0.4 CSRF.to.Arbitrary.File.Upload HIGH" "responsive-menu-pro 4.0.4 CSRF.to.Settings.Update MEDIUM" "responsive-menu-pro 4.0.4 4.0.3.-.Authenticated.Arbitrary.File.Upload CRITICAL" "restaurant-solutions-checklist No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "responsive-coming-soon-page No.known.fix Unauthenticated.Information.Exposure MEDIUM" "responsive-coming-soon-page 1.6.0 Improper.Neutralization.of.Special.Elements.used.in.an.SQL.Command.('SQL.Injection') HIGH" "remove-add-to-cart-woocommerce 1.4.5 Settings.Update.via.CSRF MEDIUM" "remove-add-to-cart-woocommerce 1.4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rentpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "redirect-by-cookie 1.07 Reflected.Cross-Site.Scripting MEDIUM" "responsive-accordion-tabs No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "relevanssi 4.23.1 Contributor+.Stored.XSS MEDIUM" "relevanssi 4.23.0 Unauthenticated.Information.Exposure MEDIUM" "relevanssi 4.22.2 Missing.Authorization.to.Unauthenticated.Count.Option.Update MEDIUM" "relevanssi 4.22.1 Unauthenticated.Query.Log.Export MEDIUM" "relevanssi 4.22.0 Unauthenticated.Private/Draft.Post.Disclosure MEDIUM" "relevanssi 4.14.6 Subscriber+.Unauthorised.AJAX.Calls MEDIUM" "relevanssi 4.14.3 A.Better.Search.<.4.14.3.-.Unauthenticated.Stored.Cross-Site.Scripting HIGH" "relevanssi 4.0.5 Cross-Site.Scripting.(XSS) MEDIUM" "relevanssi 3.6.1 Authenticated.Admin.SQL.Injection MEDIUM" "rolo-slider No.known.fix Missing.Authorization.to.Authenticated(Subscriber+).Settings.Change MEDIUM" "radio-buttons-for-taxonomies 2.0.6 Cross-Site.Request.Forgery MEDIUM" "radio-buttons-for-taxonomies 2.0.6 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "reviewpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "reviewpress No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "reviewpress No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "rk-responsive-contact-form No.known.fix Authenticated.Blind.SQL.Injection CRITICAL" "review-schema 2.2.0 Missing.Authorization.to.Arbitrary.Review.Update MEDIUM" "responsive-vector-maps 6.4.2 Responsive.Vector.Maps.<.6.4.2.-.Subscriber+.Arbitrary.File.Read HIGH" "rough-chart No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "radio-forge No.known.fix Reflected.Cross-Site.Scripting HIGH" "rocket-addons No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "role-scoper 1.3.67 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "rehub-framework 19.6.2 Authenticated.(Subscriber+).SQL.Injection HIGH" "robokassa 1.6.2 Reflected.Cross-Site.Scripting MEDIUM" "read-more-excerpt-link 1.6.1 Settings.Update.via.CSRF MEDIUM" "read-more-excerpt-link 1.6.1 Settings.Update.via.CSRF MEDIUM" "realteo 1.2.4 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "realteo 1.2.4 Arbitrary.Property.Deletion.via.IDOR HIGH" "revolution-for-elementor No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "revolution-for-elementor No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "rduplicator No.known.fix Contributor+.SQLi HIGH" "r-animated-icon No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "reviews-feed 1.2.0 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Settings.Update MEDIUM" "reviews-feed 1.2.0 Cross-Site.Request.Forgery MEDIUM" "recaptcha-jetpack No.known.fix Settings.Update.via.CSRF MEDIUM" "recaptcha-jetpack No.known.fix Stored.XSS.via.CSRF HIGH" "rock-form-builder 2.5 Privilege.Escalation HIGH" "realia No.known.fix User.Email.Change.via.Cross-Site.Request.Forgery HIGH" "realia No.known.fix Unauthenticated.IDOR.leading.to.Arbitrary.Post.Deletion HIGH" "react-webcam No.known.fix Contributor+.Stored.XSS MEDIUM" "revision-manager-tmc 2.8.20 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Email.Sending MEDIUM" "revision-manager-tmc 2.8.0 Folders.Disclosure.via.Outdated.jQueryFileTree.Library MEDIUM" "rsvpmaker-excel No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "replace-word No.known.fix Cross-Site.Request.Forgery MEDIUM" "relevanssi-live-ajax-search 2.5 Unauthenticated.WP_Query.Argument.Injection MEDIUM" "reveal-template No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "reach-us-contact-form No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "reach-us-contact-form No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "reach-us-contact-form No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "remove-schema 1.6 Cross-Site.Request.Forgery MEDIUM" "remove-schema 1.6 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "responsive-tabs-for-wpbakery No.known.fix Contributor+.Stored.XSS MEDIUM" "relevanssi-premium 2.25.2 Missing.Authorization.to.Unauthenticated.Count.Option.Update MEDIUM" "relevanssi-premium 2.25 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "relevanssi-premium 2.25.0 Unauthenticated.Private/Draft.Post.Disclosure MEDIUM" "relevanssi-premium 2.16.5 Subscriber+.Unauthorised.AJAX.Calls MEDIUM" "relevanssi-premium 1.14.6.1 SQL.Injection.&.PHP.Object.Injection HIGH" "real-time-auto-find-and-replace 1.6.2 Unauthenticated.PHP.Object.Injection HIGH" "real-time-auto-find-and-replace 1.3.6 Admin+.SQLi MEDIUM" "real-time-auto-find-and-replace 1.2.9 Reflected.Cross-Site.Scripting HIGH" "radio-station 2.5.8 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "radio-station 2.5.0 Reflected.XSS HIGH" "radio-station 2.5.5 Reflected.Cross-Site.Scripting MEDIUM" "radio-station 2.4.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rss-import No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "reviewscouk-for-woocommerce 1.2.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive-css-editor No.known.fix Admin+.SQLi MEDIUM" "responsive-owl-carousel-elementor 1.2.1 Local.File.Inclusion HIGH" "restricted-content 2.2.5 Reflected.XSS HIGH" "restricted-content 2.1.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rb-internal-links No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "read-and-understood 2.2 Authenticated.Stored.XSS.&.CSRF HIGH" "reviews-widgets-for-yelp 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "realty-workstation 1.0.15 Agent.SQLi HIGH" "review-widgets-for-szallas-hu 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "review-widgets-for-tripadvisor 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "responsive-facebook-and-twitter-widget No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rara-one-click-demo-import 1.3.0 Arbitrary.File.Upload.via.CSRF HIGH" "redux-framework 4.4.18 .4.4.17.-.Unauthenticated.JSON.File.Upload.to.Stored.Cross-Site.Scripting HIGH" "redux-framework 4.2.13 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "redux-framework 4.2.13 Contributor+.Arbitrary.Plugin.Installation.and.Post.Deletion HIGH" "redux-framework 4.1.24 4.1.23.-.CSRF.Nonce.Validation.Bypass MEDIUM" "redux-framework 4.1.21 CSRF.Nonce.Validation.Bypass MEDIUM" "ratings-shorttags No.known.fix Stored.XSS.via.CSRF HIGH" "recently 3.0.5 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "recently 3.0.5 Authenticated.Code.Injection HIGH" "resads 1.0.2 .Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "remove-duplicate-posts 1.3 Reflected.Cross-Site.Scripting MEDIUM" "re-attacher 1.0.9 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "rich-event-timeline No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "restropress 3.1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "restropress 3.1.2.1 Cross-Site.Request.Forgery.via.rpress_orders_list_table_process_bulk_actions MEDIUM" "restropress 2.8.3 Cart.Manipulation.via.CSRF MEDIUM" "restropress 2.8.3.1 Unauthorised.AJAX.Calls HIGH" "resize-at-upload-plus No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "rvg-optimize-database 5.1 Missing.Authorization.via.'odb_csv_download' MEDIUM" "rvg-optimize-database 5.1.1 Database.Optimization.via.CSRF MEDIUM" "rapidexpcart No.known.fix Stored.XSS.via.CSRF CRITICAL" "review-engine No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "review-engine No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "review-engine No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "really-simple-google-tag-manager 1.0.7 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "role-based-bulk-quantity-pricing 1.1.7 Reflected.Cross-Site.Scripting MEDIUM" "rucy No.known.fix Cross-Site.Request.Forgery MEDIUM" "rucy No.known.fix CSRF.Bypass MEDIUM" "run-time-image-resizing No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "run-time-image-resizing No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "registrations-for-the-events-calendar 2.12.2 Missing.Authorization MEDIUM" "registrations-for-the-events-calendar 2.12.3 Authenticated.(Contributor+).SQL.Injection CRITICAL" "registrations-for-the-events-calendar 2.7.10 Reflected.Cross-Site.Scripting HIGH" "registrations-for-the-events-calendar 2.7.6 Unauthenticated.SQL.Injection HIGH" "registrations-for-the-events-calendar 2.7.5 Reflected.Cross-Site.Scripting HIGH" "responsive-video No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "restricted-site-access 7.3.2 Access.Bypass.via.IP.Spoofing MEDIUM" "remove-slug-from-custom-post-type No.known.fix Settings.Update.via.CSRF MEDIUM" "rest-routes 5.5.4 Reflected.Cross-Site.Scripting MEDIUM" "rest-routes 4.24.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rescue-shortcodes 2.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "rescue-shortcodes 2.6 Contributor+.Stored.XSS MEDIUM" "really-simple-featured-video 0.7.2 Reflected.Cross-Site.Scripting MEDIUM" "really-simple-featured-video 0.5.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "real3d-flipbook-lite 3.72 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "real3d-flipbook-lite 3.63 Reflected.Cross-Site.Scripting MEDIUM" "recipe-card-blocks-by-wpzoom 3.3.2 Missing.Authorization MEDIUM" "recipe-card-blocks-by-wpzoom 2.8.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "recipe-card-blocks-by-wpzoom 2.8.1 Reflected.Cross-Site.Scripting HIGH" "role-and-customer-based-pricing-for-woocommerce 1.4.1 Reflected.Cross-Site.Scripting MEDIUM" "role-and-customer-based-pricing-for-woocommerce 1.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rustolat No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "raygun4wp 1.8.3 XSS MEDIUM" "raygun4wp 1.8.1 Unauthenticated.Reflected.XSS MEDIUM" "rafflepress 1.12.16 Editor+.Stored.XSS LOW" "rafflepress 1.12.14 Editor+.Stored.XSS LOW" "rafflepress 1.12.5 Missing.Authorization MEDIUM" "rafflepress 1.12.11 IP.Spoofing MEDIUM" "rafflepress 1.12.7 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "rafflepress 1.12.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "rafflepress 1.11.3 Contributor+.Stored.XSS MEDIUM" "realbig-media 1.0.7 Settings.Update.via.CSRF MEDIUM" "rating-bws 1.6 Rating.Denial.of.Service MEDIUM" "rating-bws 0.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "relogo No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "rate-star-review 1.5.2 Reflected.Cross-Site.Scripting MEDIUM" "rw-divi-unite-gallery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "rw-divi-unite-gallery No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rw-divi-unite-gallery No.known.fix Security.Bypass.via.Outdated.Freemius CRITICAL" "recent-backups No.known.fix Remote.File.Download HIGH" "random-banner No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "random-banner 4.1.6 Admin+.Stored.Cross-Site.Scripting LOW" "random-banner 2.0 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "review-widgets-for-booking-com 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "republish-old-posts 1.27 Cross-Site.Request.Forgery.via.rop_options_page MEDIUM" "recently-viewed-and-most-viewed-products No.known.fix Authenticated.(Shop.Manager+).Stored.Cross-Site.Scripting MEDIUM" "replace-image 1.1.11 Insecure.Direct.Object.Reference MEDIUM" "read-offline No.known.fix Folders.Disclosure.via.Outdated.jQueryFileTree.Library MEDIUM" "read-offline No.known.fix Reflected.Cross-Site.Scripting.via.PHPRelativePath.Library HIGH" "review-widgets-for-opentable 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "related-youtube-videos 1.9.9 CSRF.&.XSS HIGH" "recurring-bookings-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "recurring-bookings-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "responsive-menu 4.1.8 Subscriber+.Arbitrary.File.Upload./.Theme.Deletion./.Plugin.Settings.Update HIGH" "responsive-menu 4.0.4 CSRF.to.Arbitrary.File.Upload HIGH" "responsive-menu 4.0.4 CSRF.to.Settings.Update MEDIUM" "responsive-menu 4.0.4 4.0.3.-.Authenticated.Arbitrary.File.Upload CRITICAL" "responsive-menu 3.1.4 XSS.and.CSRF HIGH" "redirect-404-error-page-to-homepage-or-custom-page 1.8.8 Authenticated.(Administrator+).SQL.Injection HIGH" "redirect-404-error-page-to-homepage-or-custom-page 1.8.0 Reflected.Cross-Site.Scripting MEDIUM" "redirect-404-error-page-to-homepage-or-custom-page 1.7.9 Log.Deletion.via.CSRF MEDIUM" "redirect-redirection 1.2.0 Subscriber+.Unauthorised.Action.Calls MEDIUM" "redirect-redirection 1.1.4 Plugin.Installation.via.CSRF MEDIUM" "redirect-redirection 1.1.4 Subscriber+.Plugin.Installation MEDIUM" "redirect-redirection 1.1.5 Plugin.Reset.via.CSRF MEDIUM" "redirect-redirection 1.1.4 Redirect.Creation.via.CSRF MEDIUM" "royal-elementor-addons 1.3.987 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Team.Member.Widget MEDIUM" "royal-elementor-addons 1.3.985 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "royal-elementor-addons 1.3.981 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.Magazine.Grid/Slider.Widget MEDIUM" "royal-elementor-addons 1.3.977 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.Uploads MEDIUM" "royal-elementor-addons 1.3.977 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "royal-elementor-addons 1.3.976 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Back.to.Top.Widget MEDIUM" "royal-elementor-addons 1.3.976 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "royal-elementor-addons 1.3.975 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Form.Builder.Widget MEDIUM" "royal-elementor-addons 1.3.95 Unauthenticated.IP.Spoofing MEDIUM" "royal-elementor-addons 1.3.972 Contributor+.DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "royal-elementor-addons 1.3.972 Contributor+.Stored.Cross-Site.Scripting.via.Flip.Carousel,.Flip.Box,.Post.Grid,.and.Taxonomy.List.Widget.Attributes MEDIUM" "royal-elementor-addons 1.3.972 Contributor+.Stored.Cross-Site.Scripting.via.Advanced.Accordion.Title.Tags MEDIUM" "royal-elementor-addons 1.3.972 Contributor+.Stored.Cross-Site.Scripting.via.HTML.Tags MEDIUM" "royal-elementor-addons 1.3.95 Unauthenticated.Limited.File.Upload HIGH" "royal-elementor-addons 1.3.95 Contributor+.Stored.Cross-Site.Scriting MEDIUM" "royal-elementor-addons 1.3.92 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Logo.Widget MEDIUM" "royal-elementor-addons 1.3.88 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "royal-elementor-addons 1.3.88 Multiple.Cross-Site.Request.Forgery MEDIUM" "royal-elementor-addons 1.3.88 Missing.Authorization.via.wpr_update_form_action_meta MEDIUM" "royal-elementor-addons 1.3.81 Unauthenticated.Arbitrary.Post.Read MEDIUM" "royal-elementor-addons No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "royal-elementor-addons 1.3.79 Unauthenticated.Arbitrary.File.Upload CRITICAL" "royal-elementor-addons 1.3.71 Reflected.Cross-Site.Scripting MEDIUM" "royal-elementor-addons 1.3.71 Unauthenticated.API.Key.Disclosure MEDIUM" "royal-elementor-addons 1.3.60 Menu.Template.Creation.via.CSRF MEDIUM" "royal-elementor-addons 1.3.60 Subscriber+.Arbitrary.Template.Import MEDIUM" "royal-elementor-addons 1.3.60 Subscriber+.Mega.Menu.Settings.Update MEDIUM" "royal-elementor-addons 1.3.60 Subscriber+.Arbitrary.Import.Deletion MEDIUM" "royal-elementor-addons 1.3.60 Subscriber+.Arbitrary.Plugin.Deactivation MEDIUM" "royal-elementor-addons 1.3.60 Reflected.XSS HIGH" "royal-elementor-addons 1.3.60 Subscriber+.Template.Kit.Import MEDIUM" "royal-elementor-addons 1.3.60 Subscriber+.Template.Condition.Update MEDIUM" "royal-elementor-addons 1.3.60 Subscriber+.Arbitrary.Template.Activation MEDIUM" "royal-elementor-addons 1.3.60 Subscriber+.Arbitrary.Plugin.Activation MEDIUM" "royal-elementor-addons 1.3.60 Subscriber+.Arbitrary.Theme.Activation MEDIUM" "royal-elementor-addons 1.3.56 Subscriber+.Arbitrary.Post.Creation MEDIUM" "royal-elementor-addons 1.3.56 Subscriber+.Arbitrary.Post.Deletion HIGH" "royal-elementor-addons 1.3.33 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rife-elementor-extensions 1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Writing.Effect.Headline.Widget MEDIUM" "rife-elementor-extensions 1.1.6 Contributor+.Stored.XSS MEDIUM" "robotcpa No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "reviews-plus 1.3.5 Missing.Authorization.to.Notice.Dismissal MEDIUM" "reviews-plus 1.2.14 Subscriber+.Reviews.DoS LOW" "responsive-horizontal-vertical-and-accordion-tabs 1.1.18 Authenticated.(Contributor+).SQL.Injection CRITICAL" "responsive-horizontal-vertical-and-accordion-tabs 1.1.18 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive-horizontal-vertical-and-accordion-tabs 1.1.16 Reflected.XSS HIGH" "responsive-horizontal-vertical-and-accordion-tabs 1.1.16 Reflected.Cross-Site.Scripting MEDIUM" "rumbletalk-chat-a-chat-with-themes 6.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rumbletalk-chat-a-chat-with-themes 6.2.0 Missing.Authorization.via.handleRequest HIGH" "restaurant-reservations 2.6.17 Missing.Authorization MEDIUM" "restaurant-reservations 2.6.8 Reflected.Cross-Site.Scripting HIGH" "restaurant-reservations 2.4.12 Unauthenticated.Arbitrary.Payment.Status.Update.to.Stored.XSS HIGH" "restaurant-reservations 2.4.8 Subscriber+.Stored.Cross-Site.Scripting HIGH" "review-widgets-for-foursquare 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "responsive-tabs 4.0.11 Contributor+.Stored.XSS MEDIUM" "responsive-tabs 4.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive-tabs 4.0.7 Contributor+.Stored.XSS MEDIUM" "responsive-tabs 2.2.7 Editor+.Stored.Cross-Site.Scripting MEDIUM" "responsive-tabs 4.0.6 Authenticated.(Contributor+).Content.Injection MEDIUM" "responsive-tabs 4.0.6 Author+.Stored.Cross-Site.Scripting MEDIUM" "responsive-coming-soon 2.2.2 Maintenance.Mode.Bypass MEDIUM" "responsive-coming-soon 1.8.2 Arbitrary.Settings.Reset MEDIUM" "real-media-library-lite 4.11.12 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "real-media-library-lite 4.22.8 Contributor+.Stored.XSS MEDIUM" "real-media-library-lite 4.18.29 Author+.Stored.XSS MEDIUM" "real-media-library-lite 4.14.2 Author.Stored.Cross-Site.Scripting MEDIUM" "role-based-pricing-for-woocommerce 1.6.3 Subscriber+.PHAR.Deserialization HIGH" "role-based-pricing-for-woocommerce 1.6.2 Subscriber+.Arbitrary.File.Upload HIGH" "related-posts 1.8.2 XSS MEDIUM" "regpack No.known.fix Admin+.Stored.XSS LOW" "randomtext No.known.fix Subscriber+.SQLi HIGH" "reglevel No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "rsfirewall 1.1.25 IP.Block.Bypass MEDIUM" "rest-api-to-miniprogram No.known.fix Unauthenticated.Arbitrary.User.Email.Update.and.Privilege.Escalation.via.Account.Takeover CRITICAL" "rest-api-to-miniprogram No.known.fix Unauthenticated.SQL.Injection HIGH" "rest-api-to-miniprogram No.known.fix Subscriber+.Attachment.Deletion MEDIUM" "read-more No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Read.More.Button.Deletion MEDIUM" "read-more No.known.fix Cross-Site.Request.Forgery MEDIUM" "recent-posts-slider No.known.fix Cross-Site.Request.Forgery MEDIUM" "recent-posts-slider No.known.fix Unauthenticated.Stored.XSS HIGH" "rocket-maintenance-mode 4.4 Admin+.Stored.XSS LOW" "rocket-maintenance-mode 4.4 Reflected.Cross-Site.Scripting MEDIUM" "rocket-maintenance-mode 4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "responsive-add-ons 3.0.6 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "responsive-add-ons 2.2.6 Unprotected.AJAX.Endpoints CRITICAL" "ruby-help-desk 1.3.4 Subscriber+.Ticket.Update.via.IDOR MEDIUM" "real-estate-listing-realtyna-wpl No.known.fix Authenticated.(Admin+).Arbitrary.File.Upload CRITICAL" "real-estate-listing-realtyna-wpl 4.14.8 Reflected.XSS HIGH" "real-estate-listing-realtyna-wpl 4.14.8 Unauthenticated.SQLi HIGH" "responsive-gallery-grid 2.3.11 Admin+.Stored.XSS LOW" "responsive-gallery-grid 2.3.14 Settings.Update.via.CSRF MEDIUM" "responsive-gallery-grid 2.3.9 Contributor+.Stored.XSS MEDIUM" "responsive-client-logo-carousel-slider 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "remove-footer-credit 1.0.14 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "remove-footer-credit 1.0.11 Admin+.Stored.Cross-Site.Scripting LOW" "remove-footer-credit 1.0.6 CSRF.to.Stored.Cross-Site.Scripting HIGH" "recurring-donation 1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "resume-upload-form No.known.fix Captcha.Bypass MEDIUM" "revslider 6.7.19 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "revslider 6.7.14 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "revslider 6.7.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Elementor.wrapperid.and.zindex MEDIUM" "revslider 6.7.11 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Add.Layer.class,.id,.and.title.Attributes MEDIUM" "revslider 6.7.11 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "revslider 6.7.0 Missing.Authorization MEDIUM" "revslider 6.7.8 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.htmltag.Parameter MEDIUM" "revslider 6.7.0 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "revslider 6.6.19 Author+.Insecure.Deserialization.leading.to.RCE HIGH" "revslider 6.6.16 Authenticated.(Author+).Arbitrary.File.Upload HIGH" "revslider 6.6.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "revslider 6.6.13 Author+.Remote.Code.Execution MEDIUM" "revslider 4.1.5 Local.File.Disclosure HIGH" "revslider 3.0.96 WordPress.Slider.Revolution.Shell.Upload CRITICAL" "responsive-column-widgets No.known.fix Reflected.XSS HIGH" "responsive-column-widgets No.known.fix Open.Redirect.via.responsive_column_widgets_link MEDIUM" "randomize No.known.fix Authenticated.(Contributor+).SQL.Injection HIGH" "read-more-without-refresh 3.2 Admin+.Stored.Cross-Site.Scripting LOW" "rating-widget 3.2.0 Reflected.Cross-Site.Scripting MEDIUM" "rating-widget 3.2.1 Contributor+.Stored.XSS MEDIUM" "rating-widget 3.1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "restaurant-cafe-addon-for-elementor 1.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "restaurant-cafe-addon-for-elementor 1.5.4 Missing.Authorization.via.multiple.AJAX.functions LOW" "restaurant-cafe-addon-for-elementor 1.5.3 Cross-Site.Request.Forgery MEDIUM" "restaurant-cafe-addon-for-elementor 1.5.3 Missing.Authorization MEDIUM" "restaurant-cafe-addon-for-elementor 1.4.8 Reflected.Cross-Site.Scripting MEDIUM" "restaurant-cafe-addon-for-elementor 1.4.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "redirects No.known.fix Missing.Authorization.via.save MEDIUM" "redirects No.known.fix Missing.Authorization MEDIUM" "real-estate-pro 1.7.1 Subscriber+.Privilege.Escalation CRITICAL" "rise-blocks 3.2 Cross-Site.Request.Forgery MEDIUM" "remote-content-shortcode No.known.fix Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "remote-content-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "remote-content-shortcode No.known.fix Authenticated(Contributor+).Local.File.Inclusion.via.shortcode MEDIUM" "rich-snippets-vevents No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.Options.Update HIGH" "recencio-book-reviews No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "robo-gallery 3.2.22 Missing.Authorization.to.Authenticated.(Subscriber+).Private.Gallery.Title.Disclosure MEDIUM" "robo-gallery 3.2.20 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Gallery.Title MEDIUM" "robo-gallery 3.2.20 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Image.Title MEDIUM" "robo-gallery 3.2.20 Cross-Site.Request.Forgery.to.Post.Creation.and.Limited.Data.Loss HIGH" "robo-gallery 3.2.19 Unauthenticated.Information.Exposure MEDIUM" "robo-gallery 3.2.18 Author+.Stored.XSS MEDIUM" "robo-gallery 3.2.16 Admin+.Stored.XSS LOW" "robo-gallery 3.2.13 Contributor+.Stored.XSS MEDIUM" "robo-gallery 3.2.11 Plugin.Activation/Deactivation.via.CSRF MEDIUM" "robo-gallery 3.2.12 Cross-Site.Request.Forgery MEDIUM" "reviews-widgets 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "regenerate-post-permalinks No.known.fix Cross-Site.Request.Forgery MEDIUM" "rankbear No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "rankbear No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "securimage-wp No.known.fix Cross-Site.Request.Forgery MEDIUM" "simple-history 3.4.0 Improper.Neutralization.of.Formula.Elements.in.a.CSV.File MEDIUM" "simple-ldap-login 1.6.1 Reflected.Cross-Site.Scripting MEDIUM" "siteimprove 2.0.7 Cross-Site.Request.Forgery MEDIUM" "slider-by-supsystic 1.8.11 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "slider-by-supsystic 1.8.11 Authenticated.(Admin+).SQL.Injection CRITICAL" "slider-by-supsystic 1.8.7 Missing.Authorization MEDIUM" "slider-by-supsystic 1.8.7 CSRF MEDIUM" "simple-events-calendar No.known.fix Authenticated.(admin+).SQL.Injection MEDIUM" "shortcodes-ui No.known.fix Contributor+.Stored.XSS MEDIUM" "shortcodes-ui No.known.fix CSRF MEDIUM" "simple-page-access-restriction 1.0.23 Improper.Access.Control.to.Sensitive.Information.Exposure.via.REST.API MEDIUM" "social-rocket 1.3.4 Reflected.Cross-Site.Scripting MEDIUM" "social-rocket 1.3.3 Admin+.Stored.Cross-Site.Scripting LOW" "social-rocket 1.2.10 Cross-Site.Request.Forgery.in.Settings MEDIUM" "sangar-slider-lite No.known.fix Cross-Site.Request.Forgery MEDIUM" "ship-to-ecourier 1.0.2 Plugin's.Settings.Update.via.CSRF MEDIUM" "send-users-email 1.5.2 Unauthenticated.Information.Exposure MEDIUM" "send-users-email 1.4.4 Sensitive.Information.Exposure.via.Error.Logs MEDIUM" "send-users-email 1.4.1 Reflected.Cross-Site.Scripting MEDIUM" "simple-sponsorships No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-sponsorships 1.8.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "spider-faq No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "spicebox 2.2 Reflected.Cross-Site.Scripting MEDIUM" "simply-schedule-appointments 1.6.7.43 Admin+.Template.Injection.to.RCE MEDIUM" "simply-schedule-appointments 1.6.7.18 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simply-schedule-appointments 1.6.6.24 Reflected.Cross-Site.Scripting MEDIUM" "simply-schedule-appointments 1.6.7.9 Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "simply-schedule-appointments 1.6.7.9 Authenticated.(Subscriber+).SQL.Injection HIGH" "simply-schedule-appointments 1.6.6.24 Cross-Site.Request.Forgery.to.Plugin.Data.Reset MEDIUM" "simply-schedule-appointments 1.6.6.1 Authenticated(Administrator+).SQL.Injection MEDIUM" "simply-schedule-appointments 1.5.7.7 Admin+.Stored.Cross-Site.Scripting LOW" "simply-schedule-appointments 1.5.7.7 Unauthenticated.Email.Address.Disclosure MEDIUM" "s3-video No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "stockholm-core 2.4.2 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "stockholm-core 2.4.2 Reflected.Cross-Site.Scripting MEDIUM" "swatchly 1.2.1 Cross-Site.Request.Forgery MEDIUM" "share-this-image 2.02 Reflected.Cross-Site.Scripting MEDIUM" "share-this-image 2.04 Open.Redirect.via.link.Parameter HIGH" "share-this-image 2.03 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.STI.Buttons.Shortcode MEDIUM" "share-this-image 2.02 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.alignment.Parameter MEDIUM" "share-this-image 1.99 Open.Redirect MEDIUM" "share-this-image 1.81 Reflected.Cross-Site.Scripting MEDIUM" "share-this-image 1.67 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "share-this-image 1.20 Stored.XSS MEDIUM" "slivery-extender No.known.fix Authenticated(Contributor+).Remote.Code.Execution.via.shortcode HIGH" "smart-cookie-kit 2.3.2 Contributor+.Stored.XSS MEDIUM" "seo-by-rank-math-pro 3.0.36 Unauthenticated.Reflected.XSS MEDIUM" "super-progressive-web-apps 2.2.22 Missing.Authorization MEDIUM" "super-progressive-web-apps 2.1.12 Authenticated.(Low.Privileged).Arbitrary.File.Upload.to.RCE HIGH" "super-progressive-web-apps 2.1.13 Authenticated.(High.Privileged).Arbitrary.File.Upload.to.RCE HIGH" "sitekit 1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "sitekit 1.5 Contributor+.Stored.XSS MEDIUM" "sitekit 1.4 Contributor+.Stored.XSS MEDIUM" "surveys No.known.fix Authenticated.SQL.Injection CRITICAL" "sendgrid-email-delivery-simplified No.known.fix Authenticated.Authorization.Bypass MEDIUM" "setka-editor No.known.fix Cross-Site.Request.Forgery.via.handleRequest MEDIUM" "setka-editor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "setka-editor 2.1.17 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "stax No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "stax 1.3.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sensei-lms 4.24.2 Unauthenticated.Email.Template.Leak MEDIUM" "sensei-lms 4.24.0 Unauthenticated.Rewrite.Rules.Flushing MEDIUM" "sensei-lms 4.18.0 Contributor+.Stored.XSS MEDIUM" "sensei-lms 4.20.0 Teacher+.Users.Email.Address.Disclosure MEDIUM" "sensei-lms 4.5.2 Arbitrary.Private.Message.Sending.via.IDOR LOW" "sensei-lms 4.5.0 Unauthenticated.Private.Messages.Disclosure.via.Rest.API MEDIUM" "seur 1.7.2 Admin+.Arbitrary.File.Download MEDIUM" "seur 1.7.0 Admin+.Stored.Cross-Site.Scripting MEDIUM" "site-reviews 7.0.0 IP.Spoofing MEDIUM" "site-reviews 6.11.7 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "site-reviews 6.11.7 Authenticated(Subscriber+).Stored.Cross-Site.Scripting.via.display.name MEDIUM" "site-reviews 6.10.3 Missing.Authorization MEDIUM" "site-reviews 6.7.1 Admin+.Stored.XSS LOW" "site-reviews 6.6.0 Contributor+.Stored.XSS MEDIUM" "site-reviews 6.6.0 Contributor+.Stored.XSS MEDIUM" "site-reviews 6.4.0 Unauthenticated.CSV.Injection MEDIUM" "site-reviews 5.17.3 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "site-reviews 5.13.1 Admin+.Stored.XSS LOW" "site-reviews 2.15.3 Cross-Site.Scripting.(XSS) MEDIUM" "starbox 3.5.3 Contributor+.Stored.XSS MEDIUM" "starbox 3.5.2 Admin+.Stored.XSS LOW" "starbox 3.5.0 Contributor+.Stored.XSS MEDIUM" "starbox 3.5.0 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.Job.Settings MEDIUM" "starbox 3.5.0 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.Profile.Display.Name.and.Social.Settings MEDIUM" "starbox 3.4.8 Subscriber+.Plugin.Preferences./.User.Settings.Access.via.IDOR MEDIUM" "svg-support 2.5.8 Author+.Cross-Site.Scripting.via.SVG MEDIUM" "svg-support 2.5.2 Author+.Stored.XSS MEDIUM" "svg-support 2.5 Author+.Stored.Cross-Site.Scripting MEDIUM" "svg-support 2.3.20 Admin+.Stored.Cross-Site.Scripting LOW" "sitemap-by-click5 1.0.36 Unauthenticated.Arbitrary.Options.Update CRITICAL" "simple-sitemap 3.5.14 Cross-Site.Request.Forgery.via.admin_notices MEDIUM" "simple-sitemap 3.5.10 Reflected.Cross-Site.Scripting MEDIUM" "simple-sitemap 3.5.8 Contributor+.Stored.XSS MEDIUM" "simple-sitemap 3.5.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-add-pages-or-posts 1.7 CSRF MEDIUM" "sv-gravity-forms-enhancer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sv-gravity-forms-enhancer 1.8.00 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "smart-forms 2.6.92 Missing.Authorization.to.Notice.Dismissal MEDIUM" "smart-forms 2.6.96 Admin+.Stored.XSS LOW" "smart-forms 2.6.94 Edit.Entries.via.CSRF MEDIUM" "smart-forms 2.6.94 Subscriber+.Edit.Entries.via.Broken.Access.Control MEDIUM" "smart-forms 2.6.87 Subscriber+.Arbitrary.Entry.Deletion MEDIUM" "smart-forms 2.6.85 Subscriber+.Arbitrary.Options.Update HIGH" "smart-forms 2.6.71 Subscriber+.Form.Data.Download MEDIUM" "smart-forms 2.6.16 Cross-Site.Request.Forgery.(CSRF) HIGH" "sharebar No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "sharebar 1.2.2 SQL.Injection.&.Cross.Site.Scripting CRITICAL" "subscribe-to-comments 2.3 Authenticated.Local.File.Inclusion MEDIUM" "slp-extenders No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "slp-extenders 5.9.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "super-socializer 7.13.64 Editor+.Stored.XSS MEDIUM" "super-socializer 7.13.55 Missing.Authorization MEDIUM" "super-socializer 1.13.53 Contributor+.Stored.XSS MEDIUM" "super-socializer 7.13.52 Reflected.XSS HIGH" "super-socializer 7.13.44 Contributor+.Stored.XSS MEDIUM" "super-socializer 7.13.30 Reflected.Cross-Site.Scripting MEDIUM" "super-socializer 7.11 Authentication.Bypass CRITICAL" "send-pdf-for-contact-form-7 1.0.2.4 Missing.Authorization MEDIUM" "send-pdf-for-contact-form-7 0.9.9.2 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "startklar-elmentor-forms-extwidgets No.known.fix Unauthenticated.Path.Traversal.to.Arbitrary.Directory.Deletion CRITICAL" "startklar-elmentor-forms-extwidgets 1.7.14 Unauthenticated.Arbitrary.File.Upload CRITICAL" "startklar-elmentor-forms-extwidgets 1.7.14 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "social-sharing-toolkit No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "sitemap 4.4 Contributor+.Stored.XSS MEDIUM" "simply-show-hooks No.known.fix Injected.Backdoor CRITICAL" "supreme-modules-for-divi 2.5.52 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "supreme-modules-for-divi 2.5.4 Contrib+.DOM-Based.Cross-Site.Scripting MEDIUM" "snazzyadmin-wp-admin-theme No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "snazzyadmin-wp-admin-theme No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "snazzyadmin-wp-admin-theme No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "spider-event-calendar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "spider-event-calendar 1.5.52 Admin+.SQL.injection MEDIUM" "spider-event-calendar 1.5.52 Authenticated.Blind.SQL.Injection CRITICAL" "spider-event-calendar 1.4.14 Unauthenticated.SQL.Injection HIGH" "sumome 1.35 Cross-Site.Request.Forgery MEDIUM" "shortcode-factory 2.8 Local.File.Inclusion CRITICAL" "shortcode-factory 1.1.1 XSS MEDIUM" "social-proof-testimonials-slider 2.2.4 Admin+.Stored.XSS LOW" "svg-complete No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "slidedeck2 2.1.20130313 XSS.in.ZeroClipboard CRITICAL" "software-license-manager 4.5.1 Arbitrary.Domain.Deletion.via.CSRF HIGH" "software-license-manager 4.5.0 Admin+.Stored.Cross-Site.Scripting LOW" "software-license-manager 4.4.8 Reflected.Cross-Site.Scripting HIGH" "software-license-manager 4.4.6 CSRF.to.Stored.XSS HIGH" "simple-table-manager No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "shortcut-macros No.known.fix Subscriber+.Arbitrary.Settings.Update MEDIUM" "search-everything 8.1.7 SQL.Injection CRITICAL" "search-everything 8.1.6 SQL.Injection CRITICAL" "shipping-manager-for-woocommerce 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "shipping-manager-for-woocommerce 1.3.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-schools-staff-directory No.known.fix Admin+.Arbitrary.File.Upload CRITICAL" "subscriber 1.3.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "social-web-suite 4.1.12 Directory.Traversal.to.Arbitrary.File.Download HIGH" "supra-csv-parser No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "smart-logo-showcase-lite No.known.fix Contributor+.Stored.XSS MEDIUM" "smart-logo-showcase-lite 1.1.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "supportflow 0.7 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "sully 4.3.1 Admin+.Stored.XSS LOW" "sully 4.3.1 Admin+.Stored.XSS.via.CSRF HIGH" "sully 4.3.1 Reflected.XSS HIGH" "sully 4.3.1 Plugin.Reset.via.CSRF MEDIUM" "simple-testimonials-showcase No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-testimonials-showcase No.known.fix Cross-Site.Request.Forgery MEDIUM" "secupress-pro 2.0 Unauthenticated.Arbitrary.IP.Ban MEDIUM" "serial-codes-generator-and-validator 2.4.15 Admin+.Stored.XSS LOW" "stars-testimonials-with-slider-and-masonry-grid 3.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.stars_testimonials.Shortcode MEDIUM" "simple-photo-gallery No.known.fix Admin+.SQLi MEDIUM" "smarty-for-wordpress No.known.fix Admin+.Stored.XSS LOW" "smarty-for-wordpress No.known.fix Settings.Update.via.CSRF MEDIUM" "social-media-widget 4.0.9 Admin+.Stored.XSS LOW" "sina-extension-for-elementor 3.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.read_more_text.Parameter MEDIUM" "sina-extension-for-elementor 3.5.5 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "sina-extension-for-elementor 3.5.4 Authenticated.(Contributor+).Stored.Cross-site.Scriping.via.'Sina.Particle.Layer' MEDIUM" "sina-extension-for-elementor 3.5.4 Authenticated.(Contributor+).DOM-Based.Cross-Site.Scripting MEDIUM" "sina-extension-for-elementor 3.5.2 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "sina-extension-for-elementor 3.5.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Sina.Fancy.Text.Widget MEDIUM" "sina-extension-for-elementor 3.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sina-extension-for-elementor 3.3.12 Contributor+.Stored.XSS MEDIUM" "sina-extension-for-elementor 2.2.1 LFI HIGH" "stars-rating 3.5.1 Comments.Denial.of.Service MEDIUM" "social-lite 1.3.0 Reflected.Cross-Site.Scripting MEDIUM" "stagtools 2.3.8 Reflected.XSS HIGH" "stagtools 2.3.7 Contributor+.Stored.XSS MEDIUM" "site-notes No.known.fix Admin.Note.Deletion.via.CSRF MEDIUM" "subway No.known.fix Improper.Access.Control.to.Sensitive.Information.Exposure.via.REST.API MEDIUM" "super-forms 6.0.4 Reflected.Cross-Site.Scripting MEDIUM" "super-forms 4.9.703 Unauthenticated.PHP.File.Upload.to.RCE CRITICAL" "search-filter 1.2.16 Contributor+.Stored.XSS MEDIUM" "sv-media-library 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "sv-media-library 1.8.01 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "stock-locations-for-woocommerce 2.6.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "simple-event-planner 1.5.5 Contributor+.Stored.XSS LOW" "simple-event-planner 1.5.5 Author+.Stored.Cross-Site.Scripting MEDIUM" "story-chief 1.0.31 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "story-chief 1.0.31 Reflected.Cross-Site.Scripting.(XSS) HIGH" "simple-banner 2.12.0 Admin+.Stored.Cross.Site.Scripting LOW" "simple-banner 2.12.0 Admin+.Stored.Cross-Site.Scripting LOW" "simple-banner 2.10.4 Admin+.Stored.XSS MEDIUM" "seo-301-meta No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "shortcode-imdb No.known.fix Cross-Site.Request.Forgery MEDIUM" "shortcode-imdb No.known.fix Admin+.SQLi MEDIUM" "social-stickers No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "skt-builder 4.2 Missing.Authorization.to.Authenticated(Subscriber+).Content.Injection MEDIUM" "simplemodal-contact-form-smcf No.known.fix Admin+.Stored.XSS LOW" "smart-manager-for-wp-e-commerce 8.28.0 Admin+.SQL.Injection MEDIUM" "share-one-drive 1.15.3 Reflected.Cross-Site.Scripting MEDIUM" "spice-blocks 1.3 Reflected.Cross-Site.Scripting MEDIUM" "simplified-content 1.0.1 XSS MEDIUM" "seed-social 2.0.4 Admin+.Stored.XSS LOW" "soisy-pagamento-rateale No.known.fix Missing.Authorization.to.Sensitive.Information.Exposure HIGH" "shortcode-for-current-date 2.1.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "seo-alert No.known.fix Admin+.Stored.XSS LOW" "super-testimonial 3.0.9 Reflected.Cross-Site.Scripting MEDIUM" "super-testimonial 3.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "super-testimonial 3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "super-testimonial 2.7 Admin+.Stored.Cross-Site.Scripting LOW" "super-testimonial 2.7 Admin+.Stored.Cross-Site.Scripting LOW" "simple-blueprint-installer 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "slider-comparison-image-before-and-after No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sticky-ad-bar No.known.fix Admin+.Stored.XSS LOW" "simple-membership-after-login-redirection 1.7 Open.Redirect MEDIUM" "site-audit No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "stars-menu No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "supportbubble No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "supportbubble No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "symbiostock No.known.fix Authenticated.(Shop.Manager+).Arbitrary.File.Upload HIGH" "strong-testimonials 3.1.17 Missing.Authorization MEDIUM" "strong-testimonials 3.1.13 Authenticated(Contributor+).Improper.Authorization.to.Views.Modification MEDIUM" "strong-testimonials 3.1.12 Contributor+.Stored.XSS MEDIUM" "strong-testimonials 3.1.11 Settings.Update.via.CSRF MEDIUM" "strong-testimonials 3.0.3 Contributor+.Stored.XSS MEDIUM" "strong-testimonials 3.0.3 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "strong-testimonials 2.51.3 Unauthorised.AJAX.Call MEDIUM" "strong-testimonials 2.40.1 Stored.Cross.Site.Scripting.(XSS) MEDIUM" "snapshot-backup No.known.fix Stored.XSS.via.CSRF HIGH" "store-locator-le No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "store-locator-le 5.9 Unauthenticated.Stored.XSS HIGH" "store-locator-le 5.9 Authenticated.Privilege.Escalation CRITICAL" "seed-fonts 2.4.0 Admin+.Stored.XSS LOW" "social-buttons-pack 1.1.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "simple-real-estate-pack-4 No.known.fix Admin+.Stored.Cross.Site.Scripting LOW" "simple-video-embedder No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "so-pinyin-slugs 2.3.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "smartsoftbutton-widget-de-botones-de-chat No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF HIGH" "shortpixel-adaptive-images 3.8.4 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "shortpixel-adaptive-images 3.8.4 Cross-Site.Request.Forgery MEDIUM" "shortpixel-adaptive-images 3.8.3 Missing.Authorization.in.activate_ai_handler.and.deactivate_ai_handler MEDIUM" "shortpixel-adaptive-images 3.7.2 Settings.Update.via.CSRF MEDIUM" "shortpixel-adaptive-images 3.6.3 Reflected.XSS HIGH" "shortpixel-adaptive-images 3.4.0 Subscriber+.Arbitrary.Settings.Update MEDIUM" "stockdio-historical-chart 2.8.1 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "shorten-url No.known.fix Cross-Site.Request.Forgery.via.configuration_page MEDIUM" "shorten-url No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "shorten-url No.known.fix Missing.Authorization.via.multiple.AJAX.functions MEDIUM" "shorten-url No.known.fix CSRF MEDIUM" "shorten-url 1.6.5 Admin+.Cross.Site.Scripting LOW" "shorten-url 1.6.5 Subscriber+.SQLi HIGH" "shorten-url 1.6.5 Admin+.Stored.Cross-Site.Scripting MEDIUM" "sticky-banner 1.3.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "system-dashboard 2.8.10 XSS.via.Header.Injection LOW" "system-dashboard 2.8.8 Missing.Authorization.to.Information.Disclosure.(sd_php_info) MEDIUM" "system-dashboard 2.8.8 Missing.Authorization.to.Information.Disclosure.(sd_global_value) MEDIUM" "system-dashboard 2.8.8 Missing.Authorization.to.Information.Disclosure.(sd_constants) MEDIUM" "system-dashboard 2.8.8 Missing.Authorization.to.Information.Disclosure.(sd_db_specs) MEDIUM" "system-dashboard 2.8.8 Missing.Authorization.to.Information.Disclosure.(sd_option_value) MEDIUM" "seo-by-10web No.known.fix Reflected.XSS HIGH" "seo-by-10web 1.2.7 Admin+.Stored.XSS LOW" "sendpress No.known.fix Admin+.Stored.XSS.via.Settings LOW" "sendpress No.known.fix Admin+.Stored.XSS.via.Form.Settings LOW" "sendpress No.known.fix Reflected.XSS HIGH" "sendpress 1.23.11.6 Contributor+.Stored.XSS MEDIUM" "sendpress No.known.fix Admin+.Stored.XSS LOW" "sendpress No.known.fix CSRF MEDIUM" "sendpress 1.20.7.13 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "sendpress 1.2 Authenticated.SQL.Injection MEDIUM" "string-locator 2.6.6 Reflected.Cross-Site.Scripting MEDIUM" "string-locator 2.6.0 Authenticated.PHAR.Deserialization MEDIUM" "string-locator 2.5.0 Admin+.Arbitrary.File.Read LOW" "seo-local-rank 2.2.4 Unauthenticated.Arbitrary.File.Access.via.Path.Traversal HIGH" "splash-header 1.20.8 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "slideshow-se 2.5.18 Authenticated.(Author+).Limited.Local.File.Inclusion HIGH" "slideshow-se No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "slideshow-se 2.5.6 Subscriber+.Stored.XSS HIGH" "slideshow-se 2.5.6 Author+.Stored.XSS MEDIUM" "sf-booking 3.2 Unauthenticated.Local.File.Disclosure HIGH" "shopconstruct No.known.fix Admin+.Stored.XSS LOW" "stepbyteservice-openstreetmap No.known.fix Use.of.Polyfill.io MEDIUM" "stepbyteservice-openstreetmap 1.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-posts-ticker 1.1.6 Contributor+.Stored.XSS MEDIUM" "simple-posts-ticker 1.1.6 Admin+.Stored.XSS LOW" "site-is-offline-plugin No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "share-on-diaspora 0.7.2 XSS MEDIUM" "spacer 3.0.7 Admin+.Stored.XSS LOW" "sendit No.known.fix Authenticated.(admin+).SQL.Injection MEDIUM" "share-woocommerce-email No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "smart-recent-posts-widget No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "station-pro 2.3.4 Reflected.Cross-Site.Scripting MEDIUM" "station-pro 2.2.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "station-pro 2.2.2 Reflected.Cross-Site.Scripting.(XSS) HIGH" "send-email-only-on-reply-to-my-comment No.known.fix Stored.XSS.via.CSRF HIGH" "send-email-only-on-reply-to-my-comment No.known.fix Reflected.XSS HIGH" "spider-contacts No.known.fix Reflected.XSS HIGH" "sociable No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "social-share-buttons-by-supsystic 2.2.4 Subscriber+.SQLi HIGH" "social-share-buttons-by-supsystic 2.2.4 Subscriber+.Unauthorised.Actions MEDIUM" "social-share-buttons-by-supsystic 2.2.4 Multiple.CSRF MEDIUM" "sticky-header-oceanwp No.known.fix CSRF MEDIUM" "simple-tags 3.20.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "simple-tags 3.6.5 Editor+.Stored.XSS LOW" "simple-tags 3.4.5 Reflected.Cross-Site.Scripting MEDIUM" "simple-tags 3.0.7.2 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "super-testimonial-pro 1.0.8 Admin+.Stored.Cross-Site.Scripting LOW" "simple-download-monitor 3.9.11 Contributor+.Stored.Cross-Site.Scripting.via.Shortcodes MEDIUM" "simple-download-monitor 3.9.9 Multiple.CSRF MEDIUM" "simple-download-monitor 3.9.6 Unauthorised.Log.Reset MEDIUM" "simple-download-monitor 3.9.6 Unauthenticated.Log.Access MEDIUM" "simple-download-monitor 3.9.5 Contributor+.Stored.Cross-Site.Scripting.via.File.Thumbnail MEDIUM" "simple-download-monitor 3.9.6 Arbitrary.Thumbnails.Removal MEDIUM" "simple-download-monitor 3.9.5 Reflected.Cross-Site.Scripting HIGH" "simple-download-monitor 3.9.5 Contributor+.Arbitrary.File.Download.via.Path.Traversal MEDIUM" "simple-download-monitor 3.8.9 Unauthenticated.Cross-Site.Scripting MEDIUM" "simple-download-monitor 3.8.9 SQL.Injection MEDIUM" "simple-download-monitor 3.5.4 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "smpl-shortcodes No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "sv-columns-manager 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "sv-columns-manager 1.8.02 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "spin360 No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-tweet No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "simple-tweet No.known.fix Admin+.Stored.XSS LOW" "smart-tools-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "smart-tools-for-woocommerce 1.0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sendpulse-web-push 1.3.2 CSRF MEDIUM" "social-share-boost No.known.fix Plugin.Settings.Update.via.CSRF MEDIUM" "social-share-boost 4.5 Admin+.Stored.XSS LOW" "social-share-boost 4.5 Contributor+.Stored.XSS MEDIUM" "secure-file-manager No.known.fix Admin+.RCE MEDIUM" "secure-file-manager No.known.fix Admin+.Arbitrary.File.Upload MEDIUM" "secure-file-manager No.known.fix Admin+.RCE MEDIUM" "secure-file-manager 2.8.2 Authenticated.Remote.Code.Execution CRITICAL" "sonawp-simple-payment-block 1.0.1 Reflected.Cross-Site.Scripting MEDIUM" "shop-as-a-customer-for-woocommerce 1.2.4 Shop.Manager+.Privilege.Escalation CRITICAL" "shop-as-a-customer-for-woocommerce 1.1.8 Subscriber+.Privilege.Escalation CRITICAL" "sticky-social-link No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "security-malware-firewall 2.121 IP.Spoofing MEDIUM" "security-malware-firewall 2.51 Security.Nonce.Leak.leading.to.Unauthorised.AJAX.call HIGH" "speed-booster-pack 4.3.3.1 Admin+.SQL.Injection MEDIUM" "speed-booster-pack 4.2.0 Authenticated.(admin+).RCE CRITICAL" "shopello No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "siteorigin-panels 2.29.16 Contributor+.Stored.XSS.via.siteorigin_widget.Shortcode MEDIUM" "siteorigin-panels 2.29.7 Contributor+.Stored.XSS MEDIUM" "siteorigin-panels 2.10.16 CSRF.to.Reflected.Cross-Site.Scripting.(XSS) HIGH" "slideshow-ck 1.4.10 Admin+.Stored.Cross-Site.Scripting LOW" "squeeze 1.4.1 Authenticated.(Admin+).Arbitrary.File.Upload CRITICAL" "superfly-menu 5.0.30 Cross-Site.Request.Forgery.to.Arbitrary.File.Deletion HIGH" "superfly-menu No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "s3bubble-amazon-s3-html-5-video-with-adverts No.known.fix Directory.Traversal.leading.to.Arbitrary.File.Access HIGH" "social-pixel No.known.fix Admin+.Stored.XSS LOW" "shared-counts 1.5.0 Missing.Authorization.to.Arbitrary.Email.Sending MEDIUM" "sponsors-carousel No.known.fix Admin+.Stored.XSS LOW" "shareaholic 9.7.12 Missing.Authorization.via.accept_terms_of_service MEDIUM" "shareaholic 9.7.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "shareaholic 9.7.6 Information.Disclosure MEDIUM" "smart-grid-gallery 1.1.5 Vimeo.and.YouTube.Gallery.<.1.1.5.-.Admin+.Stored.Cross-Site.Scripting LOW" "simple-facebook-plugin 1.5.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "simple-facebook-plugin 1.5.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "simple-post-notes 1.7.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "simple-post-notes 1.7.7 Cross-Site.Request.Forgery MEDIUM" "simple-post-notes 1.7.6 Admin+.Stored.Cross-Site.Scripting LOW" "seo-landing-page-generator 1.62.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "saan-world-clock No.known.fix Contributor+.Stored.XSS MEDIUM" "seo-automatic-links No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "social-media-builder No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "simple-e-commerce-shopping-cart No.known.fix Arbitrary.File.Upload CRITICAL" "sell-media 2.5.7.3 CSRF.Bypass MEDIUM" "sell-media 2.4.2 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "simple-cart-solution No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-cart-solution 1.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "spamreferrerblock No.known.fix Cross-Site.Request.Forgery MEDIUM" "spamreferrerblock No.known.fix Admin+.Stored.XSS LOW" "sparrow No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sparrow No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "safe-svg 1.9.10 SVG.Sanitisation.Bypass MEDIUM" "safe-svg 1.9.6 XSS.Protection.Bypass HIGH" "social-photo-gallery No.known.fix Remote.Code.Execution.(RCE) HIGH" "seraphinite-post-docx-source 2.16.10 Missing.Authorization MEDIUM" "seraphinite-post-docx-source 2.16.10 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "seraphinite-post-docx-source 2.16.7 Settings.Update/Reset/Import.via.CSRF MEDIUM" "soundcloud-is-gold 2.3.2 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "searchiq 4.6 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "searchiq 4.5 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "searchiq 3.9 Unauthenticated.Stored.XSS HIGH" "simple-301-redirects 2.0.8 Missing.Authorization.via.clicked MEDIUM" "simple-301-redirects 2.0.8 Cross-Site.Request.Forgery.via.'clicked' MEDIUM" "simple-301-redirects 2.0.4 2.0.0.–.2.0.3.-.Unauthenticated.Redirect.Import CRITICAL" "simple-301-redirects 2.0.4 2.0.0.–.2.0.3.-.Update.and.Retrieve.Wildcard.Value MEDIUM" "simple-301-redirects 2.0.4 2.0.0.–.2.0.3.-.Unauthenticated.Redirect.Export CRITICAL" "simple-301-redirects 2.0.4 2.0.0.–.2.0.3.-.Arbitrary.Plugin.Installation HIGH" "simple-301-redirects 2.0.4 2.0.0.–.2.0.3.-.Arbitrary.Plugin.Activation HIGH" "slider-factory 1.3.6 Subscriber+.Arbitrary.Post.Access MEDIUM" "slider-factory 1.3.2 Slider.Clone/Save/Delete.via.CSRF MEDIUM" "show-all-comments-in-one-page 7.0.1 Reflected.XSS HIGH" "select-all-categories-and-taxonomies-change-checkbox-to-radio-buttons 1.3.2 Reflected.Cross-Site.Scripting.(XSS) HIGH" "smart-wishlist-for-more-convert 1.7.3 Missing.Authorization MEDIUM" "smart-wishlist-for-more-convert 1.7.9 Missing.Authorization MEDIUM" "spectra-pro 1.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Block.IDs MEDIUM" "spectra-pro 1.1.6 Authenticated.(Author+).Privilege.Escalation HIGH" "sparkle-demo-importer 1.4.8 Missing.Authorization.to.Authorized(Subscriber+).Post/Pages/Attachements.Deletion.and.Demo.Data.Import MEDIUM" "social-locker No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "social-locker 4.2.5 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "special-feed-items No.known.fix Stored.XSS.via.CSRF HIGH" "side-cart-woocommerce 2.3 Admin+.Stored.XSS LOW" "side-cart-woocommerce 2.2 Settings.Reset.via.CSRF MEDIUM" "side-cart-woocommerce 2.1 Various.Versions.CSRF.to.Arbitrary.Options.Update HIGH" "social-connect No.known.fix Authentication.Bypass CRITICAL" "simple-cod-fee-for-woocommerce No.known.fix Missing.Authorization MEDIUM" "sitewide-notice-wp 2.3 Admin+.Stored.XSS LOW" "spoontalk-social-media-icons-widget No.known.fix Cross-Site.Request.Forgery MEDIUM" "sv-forms 2.0.2 Reflected.Cross-Site.Scripting MEDIUM" "sv-forms 1.8.10 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sky-login-redirect 3.7.3 Reflected.Cross-Site.Scripting MEDIUM" "sky-login-redirect 3.6.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "stylish-cost-calculator 7.0.4 Subscriber+.Unauthorised.AJAX.Calls.to.Stored.XSS HIGH" "smartsearchwp 2.4.6 Unauthenticated.OpenAI.Key.Disclosure MEDIUM" "smartsearchwp 2.4.5 Unauthenticated.Log.Purge MEDIUM" "smartsearchwp 2.4.5 Unauthenticated.SQLi HIGH" "smartsearchwp 2.4.5 Unauthenticated.Stored.XSS HIGH" "stop-spam-comments No.known.fix Access.Token.Bypass LOW" "st-daily-tip No.known.fix CSRF.to.Stored.Cross-Site.Scripting HIGH" "svg-uploads-support No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "social-testimonials-and-reviews-widget 5.00 Missing.Authorization MEDIUM" "social-testimonials-and-reviews-widget 5.02 CSRF MEDIUM" "side-menu-lite 4.2.1 Menu.Deletion.via.CSRF MEDIUM" "side-menu-lite 4.0.2 Reflected.XSS MEDIUM" "side-menu-lite 2.2.6 Authenticated.SQL.Injection HIGH" "side-menu-lite 2.2.1 Authenticated.SQL.Injection LOW" "seo-backlink-monitor 1.6.0 Reflected.Cross-Site.Scripting MEDIUM" "schema-and-structured-data-for-wp 1.34.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.url.Attribute MEDIUM" "schema-and-structured-data-for-wp 1.30 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.How.To.and.FAQ.Blocks MEDIUM" "schema-and-structured-data-for-wp 1.27 Authenticated.Stored.XSS MEDIUM" "schema-and-structured-data-for-wp 1.27 Contributor+.reCaptcha.Key.Update MEDIUM" "schema-and-structured-data-for-wp 1.26 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "schema-and-structured-data-for-wp 1.24 Contributor+.Stored.XSS MEDIUM" "simple-link-directory 7.7.2 Unauthenticated.SQL.injection HIGH" "simple-link-directory 7.3.5 Cross-Site.Scripting.(XSS) MEDIUM" "slide-anything 2.4.9 Author+.Stored.XSS MEDIUM" "slide-anything 2.3.47 Author+.Cross.Site.Scripting.in.slide.title MEDIUM" "slide-anything 2.3.44 Editor+.Stored.Cross-Site.Scripting LOW" "slide-anything 2.3.41 Contributor+.SQLi HIGH" "show-hidecollapse-expand 1.3.0 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "show-hidecollapse-expand No.known.fix Subscriber+.Settings.Update MEDIUM" "stafflist 3.1.7 Reflected.Cross-Site.Scripting MEDIUM" "stafflist 3.1.6 Reflected.Cross-Site.Scripting MEDIUM" "stafflist 3.1.6 Arbitrary.Staff.Deletion.via.CSRF MEDIUM" "stafflist 3.1.5 Admin+.SQLi MEDIUM" "slicknav-mobile-menu 1.9.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "sayfa-sayac No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "sayfa-sayac No.known.fix Unauthenticated.SQL.Injection CRITICAL" "streamweasels-twitch-integration 1.8.0 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "streamweasels-twitch-integration 1.7.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "streamweasels-twitch-integration 1.3.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-post-gallery No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "secure-copy-content-protection 4.2.4 Reflected.Cross-Site.Scripting MEDIUM" "secure-copy-content-protection 4.1.7 Admin+.Stored.XSS LOW" "secure-copy-content-protection 4.1.7 Admin+.Stored.XSS LOW" "secure-copy-content-protection 4.0.9 Admin+.Stored.XSS LOW" "secure-copy-content-protection 3.9.1 Missing.Authorization MEDIUM" "secure-copy-content-protection 3.7.2 Missing.Authorization MEDIUM" "secure-copy-content-protection 2.8.2 Unauthenticated.SQL.Injection HIGH" "secure-copy-content-protection 2.6.7 Authenticated.Blind.SQL.Injections HIGH" "social-media-buttons-toolbar No.known.fix Admin+.Stored.XSS MEDIUM" "slider-slideshow No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "slider-slideshow No.known.fix Contributor+.Stored.XSS MEDIUM" "slider-slideshow No.known.fix Cross-Site.Request.Forgery HIGH" "salt-shaker 1.4.2 Reflected.Cross-Site.Scripting MEDIUM" "send-emails-with-mandrill 1.4.2 Missing.Authorization MEDIUM" "supportboard 3.4.2 Multiple.Authenticated.SQLi HIGH" "supportboard 3.3.6 Arbitrary.File.Deletion.via.CSRF HIGH" "supportboard 3.3.5 Agent+.Stored.Cross-Site.Scripting MEDIUM" "supportboard 3.3.4 Multiple.Unauthenticated.SQL.Injections CRITICAL" "supportboard 1.2.9 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "supportboard 1.2.4 Stored.Cross-Site.Scripting MEDIUM" "sliderpro 4.8.7 Missing.Authorization.via.AJAX.actions MEDIUM" "spice-starter-sites No.known.fix Missing.Authorization.to.Unauthenticated.Demo.Content.Import MEDIUM" "spice-starter-sites No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "spice-starter-sites 1.1 Reflected.Cross-Site.Scripting MEDIUM" "smooth-gallery-replacement No.known.fix CSRF.to.Stored.XSS HIGH" "shortcodes-finder 1.5.5 Reflected.Cross-Site.Scripting MEDIUM" "shortcodes-finder 1.5.4 Reflected.XSS HIGH" "subscriptions-memberships-for-paypal 1.1.3 Reflected.Cross-Site.Scripting.via.page.Parameter HIGH" "shortcoder 6.3.1 Subscriber+.Unauthorised.AJAX.Call MEDIUM" "swift-framework No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Content.Update MEDIUM" "swift-framework No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcodes MEDIUM" "sexy-contact-form 1.0.0 Shell.Upload CRITICAL" "seo-simple-pack 3.3.0 Information.Exposure MEDIUM" "simpel-reserveren No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "show-posts 1.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "svs-pricing-tables No.known.fix Cross-Site.Request.Forgery.to.Pricing.Table.Edit/Creation MEDIUM" "svs-pricing-tables No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "svs-pricing-tables No.known.fix Cross-Site.Request.Forgery.to.Pricing.Table.Deletion MEDIUM" "simple-long-form No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "sidebar-adder No.known.fix Reflected.Cross-Site.Scripting HIGH" "shortcodes-ultimate-pro 7.2.1 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate-pro 7.1.5 Contributor+.Stored.Cross-Site.Scripting.XSS MEDIUM" "semalt No.known.fix Admin+.Stored.XSS LOW" "single-post-exporter No.known.fix Plugin's.Settings.Update.via.CSRF MEDIUM" "sort-searchresult-by-title 11.0 CSRF MEDIUM" "superior-faq No.known.fix CSRF MEDIUM" "simple-nav-archives No.known.fix Settings.Update.via.CSRF MEDIUM" "sunshine-photo-cart 3.2.9 Missing.Authorization MEDIUM" "sunshine-photo-cart 3.2.10 Missing.Authorization MEDIUM" "sunshine-photo-cart 3.2.6 Reflected.Cross-Site.Scripting MEDIUM" "sunshine-photo-cart 3.2.2 Missing.Authorization MEDIUM" "sunshine-photo-cart 3.1.2 Unauthenticated.PHP.Object.Injection CRITICAL" "sunshine-photo-cart 3.1.2 Reflected.Cross-Site.Scripting MEDIUM" "sunshine-photo-cart 3.1 Unauthenticated.Sensitive.Information.Exposure.via.Invoice MEDIUM" "sunshine-photo-cart 3.0 Insecure.Direct.Object.Reference.to.Order.Manipulation MEDIUM" "sunshine-photo-cart 2.9.15 Reflected.XSS HIGH" "sunshine-photo-cart 2.9.14 Image.Location.Update.via.CSRF MEDIUM" "sunshine-photo-cart 2.8.29 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "simple-buttons-creator No.known.fix Unauthenticated.Stored.XSS HIGH" "simple-buttons-creator No.known.fix Aribtrary.Button.Deletion.via.CSRF MEDIUM" "smooth-slider 2.8.7 Authenticated.SQL.Injection HIGH" "smooth-slider 2.7 Authenticated.SQL.Injection HIGH" "sellkit 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "sellkit 1.8.3 Authenticated.(Subscriber+).Arbitrary.File.Download MEDIUM" "simple-form 2.12.2 Admin+.Stored.XSS LOW" "staggs 1.4.2 Reflected.Cross-Site.Scripting MEDIUM" "seo-dashboard-by-gutewebsites-de No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "sabai-discuss 1.4.14 Reflected.Cross.Site.Scripting MEDIUM" "soundy-audio-playlist No.known.fix XSS MEDIUM" "stock-exporter-for-woocommerce 1.2.0 Reflected.XSS HIGH" "sitemap-index No.known.fix Admin+.XSS LOW" "secure-ip-logins No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "secure-ip-logins No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "slideonline No.known.fix Contributor+.Stored.XSS MEDIUM" "stetic 1.0.9 CSRF.to.Stored.Cross-Site.Scripting HIGH" "s3bubble-amazon-s3-audio-streaming No.known.fix Arbitrary.File.Download HIGH" "scheduled-notification-bar No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "social-networks-auto-poster-facebook-twitter-g No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "social-networks-auto-poster-facebook-twitter-g 4.4.4 Cross-Site.Request.Forgery.to.Arbitrary.Post.Deletion MEDIUM" "social-networks-auto-poster-facebook-twitter-g 4.4.4 Unauthenticated.Stored.Cross-Site.Scripting.via.User.Agent MEDIUM" "social-networks-auto-poster-facebook-twitter-g 4.4.4 Subscriber+.Sensitive.Information.Exposure MEDIUM" "social-networks-auto-poster-facebook-twitter-g 4.4.3 Reflected.Cross-Site.Scripting.via.code MEDIUM" "social-networks-auto-poster-facebook-twitter-g 4.3.26 Reflected.Cross-Site.Scripting MEDIUM" "social-networks-auto-poster-facebook-twitter-g 4.3.25 Arbitrary.Post.Deletion.via.CSRF MEDIUM" "social-networks-auto-poster-facebook-twitter-g 4.3.24 Unauthenticated.Stored.XSS HIGH" "social-networks-auto-poster-facebook-twitter-g 4.3.21 Reflected.Cross-Site.Scripting HIGH" "social-networks-auto-poster-facebook-twitter-g 4.3.18 Insufficient.Privilege.Validation HIGH" "social-networks-auto-poster-facebook-twitter-g 4.2.8 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "social-networks-auto-poster-facebook-twitter-g 3.4.18 CSRF.to.Stored.XSS MEDIUM" "simple-headline-rotator No.known.fix Stored.XSS.via.CSRF HIGH" "sight 1.1.3 Missing.Authorization.to.Sensitive.Information.Exposure.in.handler_post_title MEDIUM" "scroll-top 1.4.1 Admin+.Stored.Cross-Site.Scripting LOW" "sprout-invoices 20.5.4 Sensitive.Information.Exposure MEDIUM" "sprout-invoices 19.0.1 Reflected.Cross-Site.Scripting MEDIUM" "sprout-invoices 19.9.7 Admin+.Stored.Cross-Site.Scripting LOW" "sv-posts 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "sv-posts 1.8.03 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "side-menu 3.1.5 Authenticated.(admin+).SQL.Injection HIGH" "smart-protect No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "smart-protect No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "skt-blocks 1.7 Contributor+.Stored.XSS MEDIUM" "social-metrics No.known.fix Admin+.Stored.XSS LOW" "smtp-mail 1.3.21 Cross.Site.Request.Forgery MEDIUM" "smtp-mail No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "smtp-mail 1.2 Reflected.Cross-Site.Scripting.(XSS) HIGH" "smtp-mail 1.2.2 Authenticated.SQL.Injections MEDIUM" "shopping-pages No.known.fix Stored.XSS.via.CSRF HIGH" "sprout-clients No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sprout-clients 3.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sprout-clients 3.2 Subscriber+.Arbitrary.Option.Update CRITICAL" "sv100-companion 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "sv100-companion 1.8.12 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "stylist No.known.fix Cross-Site.Request.Forgery MEDIUM" "soundcloud-shortcode 4.0.2 Contributor+.Stored.XSS MEDIUM" "soundcloud-shortcode 4.0.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "simple-social-share No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "smart-youtube No.known.fix Cross-Site.Request.Forgery MEDIUM" "superb-slideshow-gallery 13.2 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "similarity No.known.fix Plugin.Reset.via.CSRF MEDIUM" "similarity No.known.fix Stored.XSS.via.CSRF HIGH" "sahu-tiktok-pixel No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "simple-photoswipe No.known.fix Subscriber+.Arbitrary.Settings.Update MEDIUM" "simple-photoswipe No.known.fix Admin+.Stored.XSS LOW" "scrollbar-customizer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "so-widgets-bundle 1.62.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.in.Image.Grid.widget MEDIUM" "so-widgets-bundle 1.62.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.SiteOrigin.Blog.Widget MEDIUM" "so-widgets-bundle 1.61.0 Contributor+.Stored.XSS.via.siteorigin_widget.Shortcode MEDIUM" "so-widgets-bundle 1.58.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "so-widgets-bundle 1.58.4 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "so-widgets-bundle 1.58.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "so-widgets-bundle 1.58.2 Contributor+.Stored.XSS MEDIUM" "so-widgets-bundle 1.51.0 Admin+.Local.File.Inclusion MEDIUM" "salient-core 2.0.8 Authenticated.(Contributor+).Local.File.Inclusion.via.Shortcode HIGH" "salient-core 2.0.3 Reflected.Cross-Site.Scripting MEDIUM" "salient-core 2.0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-popup-newsletter No.known.fix Reflected.Cross-Site.Scripting HIGH" "salesking 1.6.30 Missing.Authorization.to.Settings.Change MEDIUM" "salesking 1.6.30 Unauthenticated.Sensitive.Information.Exposure HIGH" "salesking 1.6.30 Unauthenticated.Privilege.Escalation CRITICAL" "spotim-comments 4.0.4 Multiple.Vulnerabilities MEDIUM" "socialsnap 1.3.6 Missing.Authorization MEDIUM" "svg-vector-icon-plugin No.known.fix Admin+.Remote.Code.Execution.(RCE) MEDIUM" "svg-vector-icon-plugin 3.2.3 Cross-Site.Request.Forgery.(CSRF).leading.to.RCE HIGH" "smart-variations-images 5.2.8 Reflected.Cross-Site.Scripting MEDIUM" "smart-variations-images 5.1.10 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "seo-checklist No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "seo-checklist No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "shortcode-to-display-post-and-user-data 1.3.0 Insecure.Direct.Object.Reference.to.Authenticated.(Contributor+).Post.Meta.Disclosure MEDIUM" "shortcode-to-display-post-and-user-data 1.3.0 Authenticated.(Contributor+).Code.Injection HIGH" "shortcode-to-display-post-and-user-data 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.vg_display_data MEDIUM" "sucuri-scanner 1.8.34 Event.log.Entry.Creation.via.CSRF MEDIUM" "simple-icons 2.7.8 Simple.Icons.<.2.7.8.-.Contributor+.Stored.XSS MEDIUM" "syndication-links 1.0.2.1 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "snow-monkey-forms 5.0.7 Unauthenticated.Path.Traversal MEDIUM" "steam-group-viewer No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "simple-basic-contact-form 20240511 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "simple-basic-contact-form 20240502 Reflected.Cross-Site.Scripting MEDIUM" "simple-basic-contact-form 20221201 Admin+.Stored.XSS LOW" "spotify-play-button No.known.fix Contributor+.Stored.XSS MEDIUM" "shortpixel-critical-css 1.0.3 Missing.Authorization MEDIUM" "sermone-online-sermons-management No.known.fix Reflected.XSS HIGH" "sermone-online-sermons-management No.known.fix Contributor+.Stored.XSS MEDIUM" "simple-portfolio-gallery No.known.fix Admin+.Stored.XSS MEDIUM" "shapepress-dsgvo 3.1.33 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "shapepress-dsgvo 3.1.24 Unauthenticated.Arbitrary.Post.Deletion HIGH" "shapepress-dsgvo 3.1.24 Unauthenticated.Plugin's.Settings.Update.to.Stored.Cross-Site.Scripting HIGH" "shapepress-dsgvo 2.2.19 Authenticated.Reflected.XSS MEDIUM" "simple-spoiler 1.4 1.3.-.Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "simple-spoiler 1.3 Admin+.Stored.XSS LOW" "sportspress 2.7.22 Admin+.Stored.XSS LOW" "sportspress 2.7.21 Missing.Authorization.to.Notice.Dismissal LOW" "sportspress 2.7.18 Missing.Authorization.to.Unauthenticated.Event.Permalink.Update MEDIUM" "sportspress 2.7.9 Reflected.Cross-Site.Scripting HIGH" "sportspress 2.7.2 Authenticated.Stored.Cross-Site.Scripting HIGH" "shortcode-variables 4.1.5 Cross-Site.Request.Forgery MEDIUM" "simple-local-avatars 2.7.11 Cross-Site.Request.Forgery.via.save_default_avatar_file_id() MEDIUM" "snazzy-maps 1.1.5 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "set-admin-colour-on-staging-and-dev No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "set-admin-colour-on-staging-and-dev No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "searchpro 2.1.2 Reflected.Cross-Site.Scripting MEDIUM" "searchpro 1.7.7 Unauthenticated.Arbitrary.File.Uplaod CRITICAL" "searchpro 1.7.6 Unauthenticated.Server-Side.Request.Forgery HIGH" "soliloquy-lite 2.7.7 Missing.Authorization.to.Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "soliloquy-lite 2.7.3 Subscriber+.Slider.Data.Access MEDIUM" "safety-exit 1.7.1 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "search-exclude 1.2.7 Author+.Stored.Cross-Site.Scripting MEDIUM" "search-exclude 1.2.4 Arbitrary.Settings.Change HIGH" "search-logger No.known.fix Admin+.SQLi MEDIUM" "srbtranslatin 2.4.1 Cross-Site.Scripting.From.Third-party.Library HIGH" "srbtranslatin 1.47 Stored.XSS.&.CSRF HIGH" "spreadshirt-rss-3d-cube-flash-gallery No.known.fix Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "scoutnet-kalender No.known.fix Stored.Cross-Site.Scripting.(XSS) MEDIUM" "soccer-engine-lite 1.13 Cross-Site.Request.Forgery MEDIUM" "seo-for-local 9.2.1 Reflected.Cross-Site.Scripting MEDIUM" "seo-for-local 9.1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "splashscreen No.known.fix Settings.Update.via.CSRF MEDIUM" "smsa-shipping-for-woocommerce 1.0.5 Subscriber+.Arbitrary.File.Download HIGH" "shariff 4.6.14 Unauthenticated.Local.File.Inclusion CRITICAL" "shariff 4.6.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "shariff 4.6.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shariff 4.6.10 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "shariff 4.6.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shariff 4.6.10 Admin+.Stored.XSS LOW" "shantz-wordpress-qotd No.known.fix Arbitrary.Setting.Update.via.CSRF MEDIUM" "seo-for-woocommerce 1.6.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "simple-tour-guide 1.0.6 Reflected.Cross-Site.Scripting MEDIUM" "selection-lite 1.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-login-log 1.1.2 Authenticated.SQL.Injection CRITICAL" "seo-booster 3.8.10 Cross-Site.Request.Forgery MEDIUM" "seo-booster 3.8.9 Reflected.Cross-Site.Scripting MEDIUM" "seo-booster 3.8.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "seo-booster 3.8 Admin+.SQL.Injection MEDIUM" "shopkeeper-extender No.known.fix Contributor+.Stored.XSS MEDIUM" "subscribers-text-counter 1.7.1 Settings.Update.via.CSRF.to.Stored.XSS HIGH" "sticky-buttons 3.2.4 Button.Deletion.via.CSRF MEDIUM" "sticky-buttons 3.2.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "sticky-buttons 3.1.1 Reflected.XSS MEDIUM" "stylish-price-list 7.1.8 Contributor+.Stored.XSS MEDIUM" "stylish-price-list 7.0.18 Missing.Authorization MEDIUM" "stylish-price-list 6.9.1 Subscriber+.Arbitrary.Image.Upload MEDIUM" "stylish-price-list 6.9.0 Unauthenticated.Arbitrary.Image.Upload MEDIUM" "search-analytics 1.4.11 Reflected.Cross-Site.Scripting MEDIUM" "search-analytics 1.4.10 Missing.Authorization MEDIUM" "search-analytics 1.4.8 Reflected.XSS HIGH" "search-analytics 1.4.6 Admin+.Stored.XSS LOW" "sms-ovh No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "swiss-toolkit-for-wp 1.0.8 Contributor+.Authentication.Bypass HIGH" "securimage-wp-fixed No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "smart-scroll-posts 2.0.9 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "simple-ads-manager No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "simple-ads-manager 2.9.5.118 SQL.Injection MEDIUM" "stream 4.0.2 Cross-Site.Request.Forgery.to.Arbitrary.Options.Update HIGH" "stream 3.9.3 Missing.Authorization.via.load_alerts_settings MEDIUM" "stream 3.9.3 CSRF MEDIUM" "stream 3.9.2 Subscriber+.Alert.Creation MEDIUM" "stream 3.8.2 Admin+.SQL.Injection MEDIUM" "simple-alert-boxes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Alert.Shortcode MEDIUM" "smartsupp-live-chat 3.7 Cross-Site.Request.Forgery MEDIUM" "sell-photo 1.0.6 Authenticated.Stored.Cross-Site.Scripting LOW" "simple-site-verify 1.0.8 Admin+.Stored.XSS LOW" "skype-online-status No.known.fix Contributor+.Stored.XSS MEDIUM" "security-ninja 5.159 Reflected.Cross-Site.Scripting MEDIUM" "security-ninja 5.135 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "seosamba-webmasters 1.0.6 Access.Key.Update.via.CSRF MEDIUM" "smart-admin-menu-filter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "smart-admin-menu-filter No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "secupress 2.2.5.2 Cross-Site.Request.Forgery.to.Banned.IP.Address MEDIUM" "secupress 2.0 Unauthenticated.Arbitrary.IP.Ban MEDIUM" "shortcode-gallery-for-matterport-showcase 2.2.0 Cross-Site.Request.Forgery MEDIUM" "shortcode-gallery-for-matterport-showcase 2.1.7 Reflected.XSS HIGH" "shortcode-gallery-for-matterport-showcase 2.1.8 Contributor+.Stored.XSS.via.shortcode MEDIUM" "shortcode-gallery-for-matterport-showcase 2.1.5 Contributor+.Stored.XSS MEDIUM" "security-antivirus-firewall No.known.fix IP.Address.Spoofing.to.Protection.Mechanism.Bypass MEDIUM" "simple-responsive-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-share-buttons-adder 8.5.1 Admin+.Stored.XSS LOW" "simple-share-buttons-adder 8.4.12 Authenticated(Administrator+).Stored.Cross-Site.Scripting.via.CSS.Settings MEDIUM" "simple-share-buttons-adder 8.5.1 CSRF MEDIUM" "simple-share-buttons-adder 6.0.1 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "simplesamlphp-authentication No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "svg-flags-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "svg-flags-lite 0.9.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "scrollrevealjs-effects No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "seatgeek-affiliate-tickets No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "sumo-divi-modules No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sumo-divi-modules 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sheetpress No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sheetpress No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "stratum 1.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Widget MEDIUM" "stratum 1.3.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "smart-seo-tool 3.0.6 Reflected.Cross-Site.Scripting MEDIUM" "simple-blog-card 1.32 Subscriber+.Arbitrary.Post.Access MEDIUM" "simple-blog-card 1.31 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "salert 1.2.2 Reflected.XSS HIGH" "salert 1.2.2 Subscriber+.Missing.Authorization MEDIUM" "scalable-vector-graphics-svg No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "shipping-labels-for-woo 2.3.9 Authenticated.(Shop.Manager+).Stored.Cross-Site.Scripting LOW" "simple-behace-portfolio No.known.fix Reflected.Cross-Site.Scripting HIGH" "simple-behace-portfolio No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "simple-yearly-archive 2.1.9 Admin+.Stored.XSS LOW" "sender-net-automated-emails 2.6.16 Reflected.Cross-Site.Scripting MEDIUM" "sender-net-automated-emails 2.6.19 Cross-Site.Request.Forgery MEDIUM" "solidres No.known.fix Admin+.Stored.XSS LOW" "solidres No.known.fix Multiple.Reflected.XSS HIGH" "salon-booking-system 10.9.1 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "salon-booking-system 10.9 Unauthenticated.Open.Redirect MEDIUM" "salon-booking-system 10.8 Authenticated.(Administrator+).SQL.Injection CRITICAL" "salon-booking-system 10.3 Unauthenticated.Arbitrary.File.Upload CRITICAL" "salon-booking-system 10.0 Missing.Authorization MEDIUM" "salon-booking-system 10.0 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "salon-booking-system 9.6.6 Editor+.Stored.XSS LOW" "salon-booking-system 9.6.6 Editor+.Stored.XSS.via.Email.Settings LOW" "salon-booking-system 9.6.6 Settings.Update.via.CSRF MEDIUM" "salon-booking-system 9.5.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "salon-booking-system 9.6.3 Unauthenticated.Stored.XSS HIGH" "salon-booking-system 9.6.3 Unauthenticated.Stored.XSS HIGH" "salon-booking-system 8.7 Authenticated.(Editor+).Privilege.Escalation HIGH" "salon-booking-system 8.4.9 Reflected.Cross-Site.Scripting MEDIUM" "salon-booking-system 8.4.8 User.Role.change.via.CSRF MEDIUM" "salon-booking-system 7.9.4 Reflected.Cross-Site.Scripting MEDIUM" "salon-booking-system 7.6.3 Unauthenticated.Sensitive.Data.Disclosure MEDIUM" "salon-booking-system 7.6.3 Customer+.Bookings/Customers.Data.Disclosure HIGH" "salon-booking-system 7.6.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "salon-booking-system 6.3.1 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "stm-megamenu 2.3.13 Unauthenticated.Local.File.Inclusion CRITICAL" "star-cloudprnt-for-woocommerce 2.0.4 Reflected.XSS HIGH" "star-cloudprnt-for-woocommerce No.known.fix Reflected.XSS HIGH" "sp-client-document-manager No.known.fix Authenticated.(Subscriber+).Directory.Traversal MEDIUM" "sp-client-document-manager No.known.fix Authenticated.(Subscriber+).Arbitrary.Folder.Name.Update MEDIUM" "sp-client-document-manager No.known.fix Missing.Authorization MEDIUM" "sp-client-document-manager No.known.fix Subscriber+.File.Download.via.IDOR MEDIUM" "sp-client-document-manager No.known.fix Data.Update.via.IDOR MEDIUM" "sp-client-document-manager No.known.fix Authenticated.(Author+).SQL.Injeciton CRITICAL" "sp-client-document-manager No.known.fix Missing.Authorization.Stored.Cross-Site.Scripting MEDIUM" "sp-client-document-manager 4.70 Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "sp-client-document-manager 4.68 Subscriber+.SQLi HIGH" "sp-client-document-manager 4.68 Admin+.Stored.XSS LOW" "sp-client-document-manager 4.68 Subscriber+.Insecure.Direct.Object.References HIGH" "sp-client-document-manager 4.62 Reflected.Cross-Site.Scripting MEDIUM" "sp-client-document-manager 4.58 Sensitive.File.Disclosure MEDIUM" "sp-client-document-manager 4.26 Reflected.Cross-Site.Scripting HIGH" "sp-client-document-manager 4.24 Subscriber+.Shell.Upload HIGH" "sp-client-document-manager 4.22 Authenticated.Shell.Upload MEDIUM" "salesmanago 3.2.5 Log.Injection.via.Weak.Authentication.Token MEDIUM" "streak-crm-for-gmail-integration-for-contact-form-7 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "streak-crm-for-gmail-integration-for-contact-form-7 No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "standout-color-boxes-and-buttons No.known.fix Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "simple-fields No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "simple-fields 1.4.11 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "social-link-pages No.known.fix Missing.Authorization.to.Arbitrary.Page.Creation.and.Cross-Site.Scripting HIGH" "simple-slider-ssp No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "simplemap No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "super-video-player 1.6.13 Reflected.Cross-Site.Scripting MEDIUM" "super-video-player 1.6.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "scribble-maps No.known.fix Reflected.Cross-Site.Scripting HIGH" "seo-wordpress No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "simple-social-buttons 5.1.1 Unauthenticated.Password.Protected.Post.Access MEDIUM" "simple-social-buttons 3.2.4 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "simple-social-buttons 3.2.3 Contributor+.Stored.XSS MEDIUM" "simple-social-buttons 3.2.0 Reflected.Cross-Site.Scripting CRITICAL" "simple-social-buttons 3.2.1 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "simple-social-buttons 2.0.22 Authenticated.Option.Injection HIGH" "simple-download-button-shortcode No.known.fix Sensitive.Data.Disclosure MEDIUM" "sp-news-and-widget 4.0.1 Reflected.Cross-Site.Scripting MEDIUM" "scroll-post-excerpt No.known.fix Admin+.Stored.XSS LOW" "slp-gravity-forms-locations No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "slp-gravity-forms-locations 5.9.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sp-announcement 2.0.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "shockingly-simple-favicon No.known.fix Settings.Update.via.CSRF MEDIUM" "simple-membership 4.4.6 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "simple-membership 4.4.4 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "simple-membership 4.4.3 Unauthenticated.Stored.Self-Based.Cross-Site.Scripting MEDIUM" "simple-membership 4.4.2 Open.Redirect MEDIUM" "simple-membership 4.3.9 Reflected.Cross-Site.Scripting.Vulnerability.via.environment_mode MEDIUM" "simple-membership 4.3.5 Privilege.escalation.via.Registration HIGH" "simple-membership 4.3.5 Account.Takeover.via.Password.Reset HIGH" "simple-membership 4.3.6 Reflected.XSS HIGH" "simple-membership 4.2.2 Contributor+.Stored.XSS MEDIUM" "simple-membership 4.1.3 Membership.Privilege.Escalation MEDIUM" "simple-membership 4.1.3 Unauthenticated.Membership.Privilege.Escalation MEDIUM" "simple-membership 4.1.1 Reflected.Cross-Site.Scripting MEDIUM" "simple-membership 4.1.0 Arbitrary.Transaction.Deletion.via.CSRF MEDIUM" "simple-membership 4.0.9 Arbitrary.Member.Deletion.via.CSRF MEDIUM" "simple-membership 4.0.4 Authenticated.SQL.Injections CRITICAL" "simple-membership 3.8.5 Cross-Site.Request.Forgery.(CSRF) HIGH" "simple-membership 3.5.7 XSS MEDIUM" "simple-membership 3.3.3 Multiple.CSRF HIGH" "socialdriver-framework 2024.04.30 Contributor+.Stored.XSS MEDIUM" "socialdriver-framework 2024.04.30 Reflected.XSS HIGH" "socialdriver-framework 2024.04.30 Admin+.Stored.XSS.via.Settings LOW" "socialdriver-framework 2024.0.0 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "square-thumbnails No.known.fix Missing.Authorization MEDIUM" "swift-performance-lite 2.3.6.21 Cross-Site.Request.Forgery MEDIUM" "swift-performance-lite 2.3.6.19 Subscriber+.Settings.Update MEDIUM" "swift-performance-lite 2.3.6.15 Unauthenticated.Configuration.Export MEDIUM" "swifty-bar 1.2.11 Admin+.Stored.XSS LOW" "simple-mobile-url-redirect No.known.fix Cross-Site.Request.Forgery MEDIUM" "sync-ecommerce-neo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sync-ecommerce-neo No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "stellissimo-text-box No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "social-warfare 4.4.7.3 Injected.Backdoor CRITICAL" "social-warfare 4.4.6 Cross-Site.Request.Forgery MEDIUM" "social-warfare 4.4.6.2 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "social-warfare 4.4.4 Social.Warfare.<.4.4.4.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "social-warfare 4.3.1 Subscriber+.Post.Meta.Deletion MEDIUM" "social-warfare 4.4.0 Post.Meta.Deletion.via.CSRF MEDIUM" "social-warfare 3.5.3 Unauthenticated.Remote.Code.Execution.(RCE) MEDIUM" "solid-affiliate No.known.fix Sensitive.Information.Exposure MEDIUM" "secure-downloads 1.2.3 Admin+.Arbitrary.File.Download MEDIUM" "send-prebuilt-emails No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "send-prebuilt-emails No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "searchterms-tagging-2 No.known.fix XSS.&.Authenticated.SQL.Injection HIGH" "search-console 2.1.2 Reflected.Cross-Site.Scripting MEDIUM" "spotlight-social-photo-feeds 1.6.11 Cross-Site.Request.Forgery MEDIUM" "spotlight-social-photo-feeds 1.6.1 Reflected.Cross-Site.Scripting MEDIUM" "spotlight-social-photo-feeds 1.4.3 Contributor+.Stored.XSS MEDIUM" "spotlight-social-photo-feeds 0.10.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "super-notes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "super-notes No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "social-kit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "social-kit No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sidebar-manager 1.1.5 Cross-Site.Request.Forgery MEDIUM" "sidebar-manager 1.1.4 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "simple-student-result 1.8.0 Unauthorised.REST.Calls MEDIUM" "simple-student-result 1.7.5 Stored.Cross.Site.Scripting.via.CSRF MEDIUM" "simple-student-result 1.6.4 Auth.Bypass CRITICAL" "sync-post-with-other-site 1.7 Missing.Authorization.to.Authenticated.(Subscriber+).Post.Creation.and.Update MEDIUM" "sync-post-with-other-site 1.5.2 Cross-Site.Request.Forgery MEDIUM" "stops-core-theme-and-plugin-updates 8.0.5 Insufficient.Restrictions.on.Option.Changes MEDIUM" "simple-download-counter 1.6.1 Contributor+.Stored.XSS MEDIUM" "spice-post-slider 2.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "spice-post-slider 2.0.1 Reflected.Cross-Site.Scripting MEDIUM" "spideranalyse No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-bitcoin-faucets No.known.fix Unauthorised.AJAX.Call.to.Stored.XSS MEDIUM" "smart-custom-fields 5.0.0 Missing.Authorization.to.Authenticated.(Subscriber+).Post.Content.Disclosure MEDIUM" "sharethis-share-buttons 2.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sharethis-inline-buttons.Shortcode MEDIUM" "slider-range-htapps 1.1.6 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "simple-image-manipulator No.known.fix Remote.File.Download HIGH" "simple-youtube-responsive 3.0 Contributor+.Stored.XSS MEDIUM" "shiftnav-responsive-mobile-menu 1.7.2 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "shortcode-addons No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "shortcode-addons No.known.fix Authenticated.(Admin+).Arbitrary.File.Upload CRITICAL" "shortcode-addons 3.2.0 Authenticated.Arbitrary.Options.Update MEDIUM" "shortcode-addons 3.1.0 Unauthenticated.Arbitrary.Option.Update CRITICAL" "sb-child-list No.known.fix Settings.Update.via.CSRF MEDIUM" "slingblocks 1.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-iframe 1.2.0 Contributor+.Stored.XSS MEDIUM" "sp-rental-manager No.known.fix Unauthenticated.SQL.Injection HIGH" "smartarget-message-bar No.known.fix Admin+.Stored.XSS LOW" "salon-booking-plugin-pro 7.6.3 Unauthenticated.Sensitive.Data.Disclosure MEDIUM" "salon-booking-plugin-pro 7.6.3 Customer+.Bookings/Customers.Data.Disclosure HIGH" "super-transactional-emails-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "super-transactional-emails-for-woocommerce 1.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "slider-responsive-slideshow 1.4.2 Missing.Authorization MEDIUM" "slider-responsive-slideshow 1.4.0 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "sales-page-addon 1.4.1 Reflected.Cross-Site.Scripting MEDIUM" "sales-page-addon 1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sideblog No.known.fix Arbitrary.Settings.Update.via.CSRF.to.Stored.XSS MEDIUM" "smart-slider-3 3.5.1.23 Contributor+.Stored.XSS.via.SVG.Upload MEDIUM" "smart-slider-3 3.5.1.14 Contributor+.Stored.XSS MEDIUM" "smart-slider-3 3.5.1.11 Contributor+.Stored.XSS MEDIUM" "smart-slider-3 3.5.1.11 PHP.Object.Injection MEDIUM" "smart-slider-3 3.5.0.9 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "shortcodes-ultimate 7.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.su_lightbox.Shortcode MEDIUM" "shortcodes-ultimate 7.1.6 Contributor+.Stored.XSS.via.su_members.Shortcode MEDIUM" "shortcodes-ultimate 7.1.3 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 7.1.2 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 7.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.su_lightbox MEDIUM" "shortcodes-ultimate 7.1.0 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 7.0.5 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 7.0.5 Contributor+.Stored.Cross-Site.Scripting.via.'note_color'.Shortcode MEDIUM" "shortcodes-ultimate 7.0.4 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 7.0.3 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 7.0.2 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "shortcodes-ultimate 7.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shortcodes-ultimate 7.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shortcodes-ultimate 7.0.0 Insecure.Direct.Object.Reference.to.Information.Disclosure MEDIUM" "shortcodes-ultimate 5.13.1 Reflected.Cross-Site.Scripting MEDIUM" "shortcodes-ultimate 5.12.8 Subscriber+.User.Meta.Disclosure MEDIUM" "shortcodes-ultimate 5.12.8 Subscriber+.Arbitrary.Post.Access MEDIUM" "shortcodes-ultimate 5.12.7 Subscriber+.SSRF MEDIUM" "shortcodes-ultimate 5.12.7 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 5.12.7 Subscriber+.Arbitrary.File.Access MEDIUM" "shortcodes-ultimate 5.12.1 Stored.XSS.via.CSRF MEDIUM" "shortcodes-ultimate 5.12.1 Settings.Preset.Update.via.CSRF MEDIUM" "shortcodes-ultimate 5.10.2 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 5.0.1 Authenticated.Contributor.Code.Execution CRITICAL" "shortcodes-ultimate 4.10.0 Authenticated.Directory.Traversal MEDIUM" "squirrly-seo-pack No.known.fix Advanced.Pack.<=.2.3.8.-.Authenticated(Administrator+).SQL.Injection MEDIUM" "simple-woocommerce-csv-loader No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-pdf-viewer No.known.fix Contributor+.XSS MEDIUM" "slp-extended-data-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "slp-extended-data-manager 5.9.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "save-as-pdf-by-pdfcrowd 4.0.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "save-as-pdf-by-pdfcrowd 3.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "save-as-pdf-by-pdfcrowd 3.2.1 Missing.Authorization MEDIUM" "save-as-pdf-by-pdfcrowd 3.2.0 Admin+.Stored.XSS LOW" "save-as-pdf-by-pdfcrowd 3.2.2 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "save-as-pdf-by-pdfcrowd 2.16.1 Admin+.Stored.XSS LOW" "subscribe2 10.41 Sending.Emails.via.CSRF MEDIUM" "subscribe2 10.41 Missing.Access.Controls MEDIUM" "subscribe2 10.38 User.Deletion.via.CSRF HIGH" "subscribe2 10.16 XSS MEDIUM" "simple-cloudflare-turnstile 1.23.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "slideshow-jquery-image-gallery No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "slideshow-jquery-image-gallery No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "slideshow-jquery-image-gallery 2.2.22 Option.Value.Disclosure HIGH" "sola-newsletters No.known.fix CSRF.to.Stored.XSS HIGH" "sitepress-multilingual-cms 4.6.13 Contributor+.RCE.via.Twig.Server-Side.Template.Injection CRITICAL" "sitepress-multilingual-cms 4.6.1 Reflected.Cross-Site.Scripting HIGH" "sitepress-multilingual-cms 4.5.11 Subscriber+.Settings.Update MEDIUM" "sitepress-multilingual-cms 4.5.14 CSRF MEDIUM" "sitepress-multilingual-cms 4.5.11 Subscriber+.Translation.Job.Status.Update MEDIUM" "sitepress-multilingual-cms 4.3.7 Authenticated.Cross.Site.Request.Forgery.leading.to.Remote.Code.Execution HIGH" "sitepress-multilingual-cms 4.0 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "sitepress-multilingual-cms 3.2.7 Cross-Site.Scripting.(XSS).in.Accept-Language.Header MEDIUM" "seriously-simple-stats 1.7.0 Reflected.Cross-Site.Scripting MEDIUM" "seriously-simple-stats 1.5.2 Reflected.XSS HIGH" "seriously-simple-stats 1.5.1 Podcast.Manager+.SQLi HIGH" "stripe-payments 2.0.87 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.accept_stripe_payment_ng.Shortcode MEDIUM" "stripe-payments 2.0.80 Insecure.Direct.Object.Reference MEDIUM" "stripe-payments 2.0.64 Admin+.Stored.Cross-Site.Scripting LOW" "stripe-payments 2.0.40 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "stock-in No.known.fix Authenticated.SQL.Injection MEDIUM" "stock-in No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "subscribe-to-comments-reloaded 240119 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "subscribe-to-comments-reloaded 220502 Multiple.CSRF MEDIUM" "subscribe-to-comments-reloaded 150820 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "sema-api 4.02 Unauthenticated.SQLi HIGH" "simple-custom-author-profiles No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "simple-file-downloader No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "simply-exclude No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "smart-email-alerts No.known.fix Reflected.Cross-Site.Scripting HIGH" "starfish-reviews 3.1.0 Reflected.Cross-Site.Scripting MEDIUM" "starfish-reviews 3.0.26 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "starfish-reviews 2.0.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "studiocart 2.5.20 Reflected.Cross-Site.Scripting MEDIUM" "studiocart 2.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-facebook-twitter-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-facebook-twitter-widget No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-org-chart No.known.fix Unauthenticated.Tree.Settings.Update MEDIUM" "simple-org-chart No.known.fix Settings.Update.via.CSRF MEDIUM" "sv-provenexpert 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "sv-provenexpert 1.8.01 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "slideshow-gallery 1.8.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "slideshow-gallery 1.8.2 Authenticated.(Contributor+).SQL.Injection HIGH" "slideshow-gallery 1.7.9 Contributor+.SQLi MEDIUM" "slideshow-gallery 1.7.9 Settings.Reset.via.CSRF MEDIUM" "slideshow-gallery 1.8.1 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "slideshow-gallery 1.7.4 Admin+.Stored.Cross-Site.Scripting LOW" "slideshow-gallery 1.6.9 XSS.and.SQLi CRITICAL" "slideshow-gallery 1.6.6 Multiple.Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "sender 1.2.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "scrollto-top No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "single-sign-on-client No.known.fix Authentication.Bypass HIGH" "sliced-invoices 3.9.3 Missing.Authorization MEDIUM" "sliced-invoices 3.8.4 Multiple.Vulnerabilities HIGH" "social-login-lite-for-woocommerce No.known.fix Authentication.Bypass CRITICAL" "smooth-scrolling-links-ssl No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "scriptless-social-sharing 3.2.2 Contributor+.Stored.XSS MEDIUM" "slick-contact-forms No.known.fix Contributor+.Stored.XSS MEDIUM" "sheets-to-wp-table-live-sync 3.7.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "si-contact-form 4.0.38 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "shortpixel-image-optimiser 5.4.2 Authenticated(Editor+).PHP.Object.Injection MEDIUM" "shortpixel-image-optimiser 4.22.10 Reflected.Cross-Site.Scripting MEDIUM" "shopengine 4.1.2 CSRF MEDIUM" "social-login-wp No.known.fix CSRF MEDIUM" "skt-templates 6.15 Reflected.Cross-Site.Scripting MEDIUM" "skt-templates 4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "slash-admin 3.8.2 Cross-Site.Request.Forgery MEDIUM" "siteguard 1.7.7 Login.Page.Disclosure MEDIUM" "sv-tracking-manager 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "sv-tracking-manager 1.8.02 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-301-redirects-addon-bulk-uploader 1.2.5 Multiple.Issues MEDIUM" "save-as-image-by-pdfcrowd 3.2.2 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "save-as-image-by-pdfcrowd 3.2.2 Admin+.Stored.XSS LOW" "save-as-image-by-pdfcrowd 2.16.1 Admin+.Stored.XSS LOW" "sloth-logo-customizer No.known.fix Stored.XSS.via.CSRF HIGH" "schedule-posts-calendar 5.3 CSRF MEDIUM" "schedule-posts-calendar 5.3 Admin+.Stored.XSS LOW" "shiftcontroller 4.9.67 Reflected.Cross-Site.Scripting MEDIUM" "shiftcontroller 4.9.65 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "shiftcontroller 4.9.58 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "shiftcontroller 4.9.24 CSRF MEDIUM" "shiftcontroller 4.9.26 Reflected.Cross-Site.Scripting MEDIUM" "slider-image 2.8.7 Authenticated.Blind.SQL.Injection HIGH" "seo-automatic-wp-core-tweaks No.known.fix Arbitrary.Admin.Account.Creation./.Admin.Email.Update.via.CSRF HIGH" "stock-sync-for-woocommerce 2.4.1 Reflected.XSS HIGH" "ssl-atlas-free-ssl-certificate-https-redirect 1.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sola-support-tickets 3.13 XSS.&.Configuration.Change MEDIUM" "subscribe-sidebar No.known.fix Authenticated.Reflected.Cross-Site.Scripting CRITICAL" "seo-title-tag No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simpleshop-cz 2.10.1 Cross-Site.Request.Forgery MEDIUM" "simpleshop-cz 2.10.3 Missing.Authorization MEDIUM" "sitesupercharger 5.2.0 Unauthenticated.SQLi HIGH" "support-genix-lite 1.2.4 Missing.Authorization MEDIUM" "searchwp-live-ajax-search 1.6.3 Unauthenticated.Local.File.Inclusion MEDIUM" "searchwp-live-ajax-search 1.6.2 Unauthenticated.Arbitrary.Post.Title.Disclosure MEDIUM" "simplepress 6.8.1 Subscriber+.Arbitrary.File.Deletion HIGH" "simplepress 6.8.1 Subscriber+.Stored.XSS.via.Profile.Signatures MEDIUM" "simplepress 6.8.1 Unauthenticated.Stored.XSS.via.Forum.Replies HIGH" "simplepress 6.8.1 Admin+.Arbitrary.File.Update LOW" "simplepress 6.6.1 Broken.Access.Control.leading.to.RCE CRITICAL" "social-auto-poster 5.3.16 Reflected.Cross-Site.Scripting MEDIUM" "social-auto-poster 5.3.15 Missing.Authorization.via.Multiple.Functions HIGH" "social-auto-poster 5.3.15 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "social-auto-poster 5.3.15 Cross-Site.Request.Forgery.via.Multiple.Functions MEDIUM" "social-auto-poster 5.3.15 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "social-auto-poster 5.3.15 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "social-auto-poster 5.3.15 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Meta.Update.via.wpw_auto_poster_update_tweet_template MEDIUM" "social-auto-poster 5.3.15 Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "smart-google-code-inserter 3.5 Unauthenticated.SQL.Injection CRITICAL" "smart-google-code-inserter 3.5 Unauthenticated.Cross-Site.Scripting.(XSS) CRITICAL" "simple-author-box 2.52 Contributor+.Arbitrary.User.Information.Disclosure.via.IDOR LOW" "simple-author-box 2.4 Reflected.Cross-Site.Scripting MEDIUM" "simply-excerpts No.known.fix Admin+.Stored.XSS LOW" "super-forms-bundle 4.9.703 Unauthenticated.PHP.File.Upload.to.RCE CRITICAL" "smooth-page-scroll-updown-buttons No.known.fix Authenticated.Stored.XSS.via.psb_positioning MEDIUM" "smooth-page-scroll-updown-buttons 1.4 Authenticated.Stored.XSS MEDIUM" "stout-google-calendar No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "schema-app-structured-data-for-schemaorg 2.2.1 Cross-Site.Request.Forgery MEDIUM" "schema-app-structured-data-for-schemaorg 2.2.1 Missing.Authorization MEDIUM" "schema-app-structured-data-for-schemaorg 1.22.4 Missing.Authorization.via.page_init MEDIUM" "swifty-page-manager No.known.fix Page.Creation/Deletion.via.CSRF MEDIUM" "swifty-page-manager No.known.fix Admin+.Stored.XSS LOW" "save-grab No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "save-grab No.known.fix Cross-Site.Request.Forgery MEDIUM" "simple-youtube-gdpr No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-youtube-gdpr No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "skt-addons-for-elementor 3.2 Contributor+.Stored.XSS MEDIUM" "skt-addons-for-elementor 2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Age.Gate.and.Creative.Slider.Widgets HIGH" "skt-addons-for-elementor 1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Block MEDIUM" "skt-addons-for-elementor 1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Widget.Page.Title MEDIUM" "syncee-global-dropshipping 1.0.10 Global.Dropshipping.<.1.0.10.-.Authentication.Token.Disclosure HIGH" "s2member 240325 Limited.Privilege.Escalation MEDIUM" "s2member 240315 Information.Exposure MEDIUM" "secondary-title 2.1.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "social-autho-bio No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "simple-embed-code 2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-embed-code 2.3.7 Authenticated(Contributor+).Denial.of.Service MEDIUM" "salat-times 3.2.2 Admin+.Stored.Cross-Site.Scripting LOW" "scheduled-announcements-widget 1.0 Contributor+.Stored.XSS MEDIUM" "smart-scroll-to-top-lite 1.0.4 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "seo-optimized-images 2.1.4 Injected.Backdoor CRITICAL" "seo-optimized-images 2.1 Reflected.Cross-Site.Scripting MEDIUM" "skaut-bazar 1.3.3 Reflected.Cross-Site.Scripting HIGH" "ssl-zen 4.6.0 Unauthenticated.Private.Keys.Access MEDIUM" "ssl-zen 4.5.2 Reflected.Cross-Site.Scripting MEDIUM" "ssl-zen 4.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "seo-by-rank-math 1.0.229 Admin+.PHP.Object.Injection MEDIUM" "seo-by-rank-math 1.0.229 Unauthenticated.User.and.Term.Metadata.Insert/Update/Deletion MEDIUM" "seo-by-rank-math 1.0.219 Authenticated.Stored.XSS LOW" "seo-by-rank-math 1.0.219-beta Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "seo-by-rank-math 1.0.218 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "seo-by-rank-math 1.0.217 Contributor+.Stored.Cross-Site.Scripting.via.'titleWrapper' MEDIUM" "seo-by-rank-math 1.0.215 Contributor+.Stored.XSS MEDIUM" "seo-by-rank-math 1.0.119.1 Contributor+.Stored.XSS MEDIUM" "seo-by-rank-math 1.0.107.3 Contributor+.LFI MEDIUM" "seo-by-rank-math 1.0.95.1 Unauthenticated.SSRF MEDIUM" "seo-by-rank-math 1.0.42.2 Authenticated.Missing.Access.Controls.to.Disable.Competitor.Plugins MEDIUM" "seo-by-rank-math 1.0.41 Rank.Math.<.1.0.41.-.Redirect.Creation.via.Unprotected.REST.API.Endpoint MEDIUM" "seo-by-rank-math 1.0.41 Rank.Math.<.1.0.41.-.Privilege.Escalation.via.Unprotected.REST.API.Endpoint CRITICAL" "seo-by-rank-math 1.0.27.1 Authenticated.Settings.Reset MEDIUM" "sitetweet-tweets-user-behaviors-on-your-site-on-twitter No.known.fix Stored.XSS.via.CSRF HIGH" "simple-quotation No.known.fix Quote.Creation/Edition.via.CSRF.to.Stored.Cross-Site.Scripting MEDIUM" "simple-quotation No.known.fix Subscriber+.SQL.injection HIGH" "simple-matted-thumbnails No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-popup-manager No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "school-management-pro No.known.fix Authenticated.(School.Admin+).SQL.Injection CRITICAL" "school-management-pro 9.9.7 Unauthenticated.RCE.via.REST.api CRITICAL" "scrollsequence 1.5.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "scrollsequence 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "scrollsequence 1.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "seo-site-auditor-agency 1.2.9 Reflected.Cross-Site.Scripting MEDIUM" "seo-site-auditor-agency 1.2.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "seo-wizard No.known.fix Unauthorised.AJAX.Calls HIGH" "seo-wizard No.known.fix Unauthorised.robots.txt.&..htaccess.Edit.via.CSRF HIGH" "smart-donations No.known.fix Cross-Site.Request.Forgery MEDIUM" "smart-donations No.known.fix Smart.Donations.<=.4.0.12.-.Stored.XSS.via.CSRF HIGH" "smart-donations No.known.fix Smart.Donations.<=.4.0.12.-.Admin+.SQLi MEDIUM" "smart-donations No.known.fix Smart.Donations.<=.4.0.12.-.Reflected.XSS HIGH" "stop-user-enumeration 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "stop-user-enumeration 1.3.20 Subscriber+.Arbitrary.Option.Update CRITICAL" "stop-user-enumeration 1.3.9 REST.API.Bypass MEDIUM" "stop-user-enumeration 1.3.8 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "srs-simple-hits-counter 1.1.1 Settings.Update.via.CSRF MEDIUM" "srs-simple-hits-counter 1.1.0 1.0.4.-.Unauthenticated.Blind.SQL.Injection CRITICAL" "slick-popup 1.7.15 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "slick-popup 1.7.2 Privilege.Escalation HIGH" "sfwd-lms 4.10.2 Sensitive.Information.Exposure.via.API MEDIUM" "sfwd-lms 4.10.3 Sensitive.Information.Exposure.via.API MEDIUM" "sfwd-lms 4.10.2 Sensitive.Information.Exposure.via.assignments MEDIUM" "sfwd-lms 4.5.3.1 SQL.Injection MEDIUM" "sfwd-lms 4.6.0.1 User.Account.Takeover.via.Insecure.Direct.Object.References HIGH" "sfwd-lms 3.1.6 Unauthenticated.SQL.Injection CRITICAL" "sfwd-lms 3.1.2 Reflected.Cross.Site.Scripting.(XSS).issue.on.the.[ld_profile].search.field. MEDIUM" "sfwd-lms 2.5.4 Unauthenticated.Arbitrary.File.Upload CRITICAL" "soundy-background-music No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "spam-control-xforwc 1.5.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "site-favicon 0.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "smart-phone-field-for-gravity-forms 2.1 Reflected.Cross-Site.Scripting MEDIUM" "social-network-tabs No.known.fix Social.Media.API.Key.Leakage CRITICAL" "stock-market-charts-from-finviz 1.0.2 Admin+.Stored.XSS LOW" "stylish-cost-calculator-premium 7.9.0 Unauthenticated.Stored.XSS HIGH" "simplemortgage No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "server-status-by-hostnameip No.known.fix Authenticated.SQL.Injection HIGH" "simple-staff-list 2.2.5 Missing.Authorization.via.ajax_flush_rewrite_rules.and.staff_member_export MEDIUM" "simple-staff-list 2.2.4 Editor+.Stored.XSS MEDIUM" "simple-staff-list 2.2.3 Contributor+.Stored.XSS MEDIUM" "smoothscroller No.known.fix Admin+.Stored.XSS LOW" "slickr-flickr No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "sg-security 1.5.1 Missing.Authorization.via.hide_notice() MEDIUM" "sg-security 1.3.1 Admin+.SQLi MEDIUM" "sg-security 1.2.6 Authentication.Bypass.via.2-FA.Authentication.Setup CRITICAL" "sg-security 1.2.6 Authorization.Weakness.to.Authentication.Bypass.via.2-FA.Back-up.Codes HIGH" "smart-id 4.7 Reflected.Cross-Site.Scripting MEDIUM" "simple-jwt-login 3.2.1 Arbitrary.Settings.Update.to.Site.Takeover.via.CSRF HIGH" "simple-jwt-login 3.3.0 Insecure.Password.Creation LOW" "search-filter-pro 2.5.18 Admin+.Stored.XSS LOW" "subscribers-com 1.5.4 Free.Web.Push.Notifications.<.1.5.4.-.Admin+.Stored.XSS LOW" "simply-gallery-block 3.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.galleryID.and.className.Parameters MEDIUM" "simply-gallery-block 3.1.5 Reflected.Cross-Site.Scripting MEDIUM" "simply-gallery-block 3.0.8 Subscriber+.Arbitrary.Options.Update HIGH" "simply-gallery-block 2.3.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simply-gallery-block 2.2.1 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "simple-support-ticket-system 1.2.1 Unauthenticated.SQL.Injection CRITICAL" "sms-alert 3.7.0 Cross-Site.Request.Forgery MEDIUM" "sms-alert 3.4.7 SMS.Alert.Order.Notifications.–.WooCommerce.<.3,4,7.Authenticated.Cross.Site.Scripting LOW" "sql-reporting-services No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sql-reporting-services No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-media-directory 1.4.4 Contributor+.Stored.XSS MEDIUM" "simple-media-directory 1.4.3 Unauthenticated.SQLi HIGH" "structured-content 1.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "structured-content 1.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Classic.Editor.Shortcode MEDIUM" "structured-content 1.6 Contributor+.PHP.Object.Injection HIGH" "structured-content 1.6 Contributor+.Stored.XSS MEDIUM" "structured-content 1.5.1 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "simple-admin-language-change 2.0.2 Arbitrary.User.Locale.Change MEDIUM" "simple-restrict 1.2.7 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "surferseo 1.3.3.379 Missing.Authorization MEDIUM" "supportcandy 3.2.4 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "supportcandy 3.1.7 Subscriber+.SQLi HIGH" "supportcandy 3.1.7 Admin+.SQLi MEDIUM" "supportcandy 3.1.5 Unauthenticated.SQLi HIGH" "supportcandy 2.2.7 CSRF.to.Cross-Site.Scripting MEDIUM" "supportcandy 2.2.7 Arbitrary.Ticket.Deletion.via.CSRF HIGH" "supportcandy 2.2.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "supportcandy 2.2.7 Reflected.Cross-Site.Scripting MEDIUM" "supportcandy 2.2.5 Unauthenticated.Arbitrary.Ticket.Deletion HIGH" "supportcandy 2.0.1 Arbitrary.File.Upload CRITICAL" "seriously-simple-podcasting 3.3.0 Admin+.Stored.XSS LOW" "seriously-simple-podcasting 3.1.0 Reflected.Cross-Site.Scripting MEDIUM" "seriously-simple-podcasting 3.0.0 Unauthenticated.Administrator.Email.Disclosure MEDIUM" "seriously-simple-podcasting 2.19.1 Contributor+.Stored.XSS MEDIUM" "seriously-simple-podcasting 2.16.1 Arbitrary.Settings.Update.via.CSRF MEDIUM" "seraphinite-old-slugs-mgr 1.4 Cross-Site.Request.Forgery MEDIUM" "split-test-for-elementor 1.7.0 Cross-Site.Request.Forgery MEDIUM" "snap-pixel No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "snap-pixel No.known.fix Admin+.Stored.XSS LOW" "smtp-mailing-queue 1.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "smtp-mailing-queue 2.0.1 Admin+.Stored.XSS LOW" "sky-elementor-addons 2.5.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sky-elementor-addons 2.5.8 Contributor+.Stored.XSS MEDIUM" "sky-elementor-addons 2.5.0 Authenticated(Contributor+).Stored.Cross-site.scripting.via.Wrapper.Link.URL MEDIUM" "slider-wd 1.2.59 Admin+.Stored.XSS LOW" "slider-wd 1.2.58 Authenticated.(Contributor+).SQL.Injection.via.id.Parameter HIGH" "slider-wd 1.2.57 Editor+.Stored.XSS LOW" "slider-wd 1.2.56 Editor+.Stored.XSS LOW" "slider-wd 1.2.55 Reflected.Cross-Site.Scripting MEDIUM" "slider-wd 1.2.53 Admin+.Stored.XSS LOW" "slider-wd 1.2.52 Admin+.Stored.Cross-Site.Scripting LOW" "slider-wd 1.2.36 Multiple.Authenticated.SQL.Injection HIGH" "seo-slider 1.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "speakout 2.14.15.1 Unauthenticated.SQLi HIGH" "speakout 2.13.3 Reflected.Cross-Site.Scripting HIGH" "shortcode-ninja No.known.fix Unauthenticated.Reflected.XSS MEDIUM" "seraphinite-accelerator-ext 2.21.13.1 Cross-Site.Request.Forgery.to.Arbitrary.File.Deletion MEDIUM" "superlogoshowcase-wp 2.3 Unauthenticated.Arbitrary.File.Upload CRITICAL" "scrollto-bottom No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "special-box-for-content No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "simple-file-list 6.1.10 Admin+.Stored.XSS LOW" "simple-file-list 6.1.10 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "simple-file-list 6.0.10 Admin+.Stored.XSS LOW" "simple-file-list 4.4.12 Admin+.Stored.Cross-Site.Scripting LOW" "simple-file-list 4.4.13 Page.Creation.via.CSRF MEDIUM" "simple-file-list 4.4.12 Reflected.Cross-Site.Scripting MEDIUM" "simple-file-list 4.2.8 Authenticated.Arbitrary.File.Deletion HIGH" "simple-file-list 4.2.3 Unauthenticated.Arbitrary.File.Upload.RCE CRITICAL" "simple-file-list 3.2.8 Unauthenticated.Arbitrary.File.Download HIGH" "sticky-menu-or-anything-on-scroll 2.21 CSRF.&.XSS LOW" "script-planner No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "script-planner No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "socialmark 2.0.7 Reflected.Cross-Site.Scripting MEDIUM" "socialmark 2.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "secure-admin-ip No.known.fix Missing.Authorization.via.'saveSettings' MEDIUM" "superstorefinder-wp 6.9.8 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "superstorefinder-wp 6.9.8 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "superstorefinder-wp 6.9.8 Unauthenticated.SQL.Injection CRITICAL" "superstorefinder-wp 6.9.4 Unauthenticated.Email.Creation/Sending MEDIUM" "superstorefinder-wp 6.5 Unauthenticated.SQL.Injections CRITICAL" "superstorefinder-wp 6.2 Unauthenticated.Arbitrary.File.Upload CRITICAL" "schedulicity-online-appointment-booking No.known.fix Easy.Online.Scheduling.<=.2.21.-.Contributor+.Stored.XSS MEDIUM" "stop-wp-emails-going-to-spam 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "soumettre-fr 2.1.4 Missing.Authorization MEDIUM" "shopbuilder 2.1.13 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "shopbuilder 2.1.9 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "simply-featured-video No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "slicewp 1.1.19 Reflected.Cross-Site.Scripting MEDIUM" "slicewp 1.1.21 Reflected.Cross-Site.Scripting MEDIUM" "slicewp 1.1.11 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "slicewp 1.0.46 Reflected.Cross-Site.Scripting.(XSS) HIGH" "sydney-toolbox 1.32 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.aThemes:.Portfolio.Widget MEDIUM" "sydney-toolbox 1.31 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sydney-toolbox 1.29 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Filterable.Gallery MEDIUM" "sydney-toolbox 1.27 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via._id MEDIUM" "sydney-toolbox 1.26 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shortcode-menu No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "sirv 7.3.0 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "sirv 7.2.8 Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "sirv 7.2.8 Authenticated(Subscriber+).Missing.Authorization.to.Plugin.Settings.Update MEDIUM" "sirv 7.2.7 Authenticated.(Contributor+).Arbitrary.File.Upload CRITICAL" "sirv 7.2.3 Missing.Authorization.to.Arbitrary.Options.Update CRITICAL" "sirv 7.2.1 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "sirv 7.2.1 Missing.Authorization MEDIUM" "sirv 7.1.3 Missing.Authorization.via.sirv_disconnect MEDIUM" "sirv 6.8.1 Admin+.Stored.XSS LOW" "sirv 1.3.2 Authenticated.SQL.Injection HIGH" "social-login-bws 0.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "sermon-browser No.known.fix Arbitrary.File.Upload.via.CSRF MEDIUM" "sermon-browser 0.45.16 Multiple.XSS MEDIUM" "sketchfab-oembed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "stopbadbots 10.24 Missing.Authorization.to.Information.Expsoure MEDIUM" "stopbadbots 7.32 Admin+.Stored.XSS LOW" "stopbadbots 7.24 Subscriber+.Arbitrary.Plugin.Installation HIGH" "stopbadbots 6.930 Unauthenticated.SQLi HIGH" "stopbadbots 6.88 Unauthenticated.SQLi HIGH" "stopbadbots 6.67 Unauthenticated.SQL.Injection CRITICAL" "stopbadbots 6.62 Reflected.Cross-Site.Scripting HIGH" "stopbadbots 6.60 Authenticated.SQL.Injections MEDIUM" "shibboleth 1.8 Cross-Site.Scripting.(XSS) MEDIUM" "sexy-author-bio No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sexy-author-bio No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "superfast-mailgun-newsletter 1.1.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "spotify-play-button-for-wordpress 2.11 Settings.Update.via.CSRF MEDIUM" "spotify-play-button-for-wordpress 2.08 Admin+.Stored.XSS LOW" "spotify-play-button-for-wordpress 2.06 Contributor+.Stored.XSS MEDIUM" "surbma-gdpr-proof-google-analytics 17.8.2 Reflected.Cross-Site.Scripting MEDIUM" "surbma-gdpr-proof-google-analytics 17.6.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "surbma-gdpr-proof-google-analytics 17.5.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "salient-shortcodes 1.5.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "salient-shortcodes 1.5.4 Authenticated.(Contributor+).Local.File.Inclusion.via.Shortcode HIGH" "squirrly-seo 12.3.20 Contributor+.SQL.Injection.via.url.Parameter MEDIUM" "squirrly-seo 12.3.17 Reflected.Cross-Site.Scripting HIGH" "squirrly-seo 12.3.16 Admin+.Stored.XSS LOW" "squirrly-seo 12.1.21 Missing.Authorization MEDIUM" "squirrly-seo 12.1.21 Reflected.Cross-Site.Scripting HIGH" "squirrly-seo 12.1.11 Contributor+.Arbitrary.File.Upload CRITICAL" "squirrly-seo 11.1.12 Reflected.Cross-Site.Scripting MEDIUM" "show-website-content-in-wordpress-page-or-post 2024.04.09 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "sola-testimonials No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.alignment.Parameter MEDIUM" "sola-testimonials No.known.fix Cross-Site.Request.Forgery MEDIUM" "social-icons-widget-by-wpzoom 4.2.18 Admin+.Stored.XSS LOW" "social-icons-widget-by-wpzoom 4.2.16 Missing.Authorization MEDIUM" "smart-app-banner 1.1.4 Admin+.Stored.XSS LOW" "smart-app-banner 1.1.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "specific-content-for-mobile 0.1.9.6 Reflected.Cross-Site.Scripting MEDIUM" "sis-handball No.known.fix Settings.Update.via.CSRF MEDIUM" "server-info No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "server-info 0.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "slider-blocks 2.7.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shopp No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "slickquiz No.known.fix Authenticated.SQL.Injection HIGH" "slickquiz No.known.fix Unauthenticated.Stored.XSS MEDIUM" "simple-responsive-image-gallery No.known.fix Reflected.Cross-Site.Scripting HIGH" "social-pug 1.33.2 PHP.Object.Injection HIGH" "social-pug 1.33.1 Unauthenticated.Password.Protected.Posts.Access MEDIUM" "social-pug 1.32.0 Admin+.Stored.XSS LOW" "social-pug 1.30.1 Missing.Authorization.via.multiple.admin_init.actions MEDIUM" "social-pug 1.19.0 Reflected.Cross-Site.Scripting MEDIUM" "social-pug 1.2.6 Social.Pug.<=.1.2.5.-.Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "share-print-pdf-woocommerce 2.8.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "social-gallery-lite No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "social-gallery-lite No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "storefront-footer-text No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "slick-social-share-buttons No.known.fix Authenticated.(Subscriber+).Arbitrary.Option.Update HIGH" "simple-user-listing 1.9.3 Reflected.XSS HIGH" "schreikasten No.known.fix Author+.SQL.Injections HIGH" "sticky-popup No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "searchwp 4.2.6 Subscriber+.Settings.Update MEDIUM" "sticky-chat-widget 1.1.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "spiffy-calendar 4.9.14 Reflected.Cross-Site.Scripting MEDIUM" "spiffy-calendar 4.9.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "spiffy-calendar 4.9.13 Authenticated.(Admin+).SQL.Injection MEDIUM" "spiffy-calendar 4.9.12 Authenticated.(Administrator+).SQL.Injection CRITICAL" "spiffy-calendar 4.9.11 Missing.Authorization MEDIUM" "spiffy-calendar 4.9.10 Reflected.Cross-Site.Scripting MEDIUM" "spiffy-calendar 4.9.9 Broken.Access.Control LOW" "spiffy-calendar 4.9.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "spiffy-calendar 4.9.4 Reflected.XSS MEDIUM" "spiffy-calendar 4.9.2 SQL.Injection HIGH" "spiffy-calendar 4.9.1 Arbitrary.Event.Deletion.via.CSRF MEDIUM" "spiffy-calendar 4.9.1 Subscriber+.Arbitrary.Event.Edition/Deletion.via.IDOR MEDIUM" "spiffy-calendar 3.3.0 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "starterblocks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "starterblocks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "shared-files 1.7.29 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "shared-files 1.7.20 Missing.Authorization MEDIUM" "shared-files 1.7.17 Missing.Authorization.to.Notice.Dismissal MEDIUM" "shared-files 1.7.6 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "shared-files 1.7.1 Reflected.Cross-Site.Scripting MEDIUM" "shared-files 1.6.72 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "shared-files 1.6.61 Admin+.Stored.Cross-Site.Scripting LOW" "shared-files 1.6.57 Admin+.Stored.Cross-Site.Scripting LOW" "simple-tooltips No.known.fix Admin+.Stored.XSS LOW" "simple-tooltips 2.1.4 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "surecart 2.29.4 Reflected.Cross-Site.Scripting MEDIUM" "surecart 2.5.1 Admin+.Stored.XSS LOW" "subaccounts-for-woocommerce 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "simple-mail-address-encoder 1.7 Reflected.Authenticated.XSS MEDIUM" "social-media-feather 2.1.4 Subscriber+.Unauthorised.Action MEDIUM" "social-media-feather 2.0.5 Admin+.Stored.Cross-Site.Scripting LOW" "svgator No.known.fix Stored.XSS.via.SVG.Upload MEDIUM" "svgator 1.2.5 API.Token.Update/Deletion.&.Import.Projects.via.CSRF MEDIUM" "sitepact-klaviyo-contact-form-7 No.known.fix Unauthenticated.SQL.Injection CRITICAL" "simple-urls 121 Arbitrary.Actions.via.CSRF MEDIUM" "simple-urls 118 Reflected.XSS HIGH" "simple-urls 115 Multiple.Reflected.XSS HIGH" "simple-urls 115 Subscriber+.SQLi HIGH" "search-meter 2.13.3 CSV.Injection MEDIUM" "slider-hero 8.7.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "slider-hero 8.4.4 Admin+.Stored.Cross-Site.Scripting LOW" "slider-hero 8.2.7 Contributor+.SQL.Injection CRITICAL" "slider-hero 8.2.1 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "seers-cookie-consent-banner-privacy-policy 8.1.1 Cross-Site.Request.Forgery MEDIUM" "seers-cookie-consent-banner-privacy-policy 8.1.2 Unauthenticated.Cookie.Policy.Update MEDIUM" "sticky-related-posts No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "stop-referrer-spam 1.3.1 CSRF MEDIUM" "south-pole-the-offset-movement No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "south-pole-the-offset-movement 1.0.2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "shiny-buttons No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "simple-slug-translate 2.7.3 Admin+.Stored.XSS LOW" "streamcast 2.2.4 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "streamcast 2.1.9 Reflected.Cross-Site.Scripting MEDIUM" "streamcast 2.1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "streamcast 2.1.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "search-field-for-gravity-forms 0.6 Reflected.Cross-Site.Scripting MEDIUM" "scroll-baner No.known.fix CSRF.to.RCE CRITICAL" "surbma-magyar-woocommerce 2022.0.3 Reflected.Cross-Site.Scripting MEDIUM" "surbma-magyar-woocommerce 30.3.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-feature-requests 2.2.5 Reflected.Cross-Site.Scripting MEDIUM" "simple-feature-requests 2.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "shortcodehub 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "svgmagic No.known.fix Stored.XSS.via.SVG.Upload MEDIUM" "starcat-review No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "starcat-review 0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sagepay-server-gateway-for-woocommerce 1.0.9 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "sailthru-triggermail No.known.fix Admin+.Stored.XSS LOW" "sailthru-triggermail No.known.fix Reflected.XSS HIGH" "sell-downloads 1.0.8 Insufficient.Restrictions.when.Brute-Force.Purchase.IDs HIGH" "sheet-to-wp-table-for-google-sheet 1.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.STWT_Sheet_Table.Shortcode MEDIUM" "seo-content-randomizer 3.28.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sitebuilder-dynamic-components No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "sliding-widgets No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "skt-skill-bar 2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "speedycache 1.1.9 Cross-Site.Request.Forgery MEDIUM" "speedycache 1.1.4 Missing.Authorization.to.Plugin.Options.Update MEDIUM" "speedycache 1.1.3 .Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "sync-qcloud-cos 2.0.1 Admin+.Stored.Cross-Site.Scripting LOW" "super-interactive-maps 2.2 Unauthenticated.SQL.Injections CRITICAL" "super-interactive-maps 2.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "stax-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "school-management-system 4.2 Admin+.SQLi MEDIUM" "simple-job-board 2.12.4 Authenticated.(Editor+).PHP.Object.Injection HIGH" "simple-job-board 2.12.2 Admin+.Stored.XSS LOW" "simple-job-board 2.12.6 Unauthenticated.Resumes.Download LOW" "simple-job-board 2.11.1 Unauthenticated.PHP.Object.Injection.via.Job.Application.Fields CRITICAL" "simple-job-board 2.11.0 Missing.Authorization.to.Unauthenticated.Information.Disclosure MEDIUM" "simple-job-board 2.10.7 Cross-Site.Request.Forgery MEDIUM" "simple-job-board 2.10.6 Missing.Authorization MEDIUM" "simple-job-board 2.10.4 Settings.Update.via.CSRF MEDIUM" "simple-job-board 2.10.0 Resume.Disclosure.via.Directory.Listing MEDIUM" "simple-job-board 2.9.5 Admin+.Stored.Cross-Site.Scripting LOW" "simple-job-board 2.9.4 Authenticated.Path.Traversal.Leading.to.Arbitrary.File.Download HIGH" "simple-job-board 2.4.4 Reflected.XSS MEDIUM" "site-offline 1.5.7 Admin+.Stored.XSS LOW" "site-offline 1.5.3 Access.Bypass MEDIUM" "site-offline 1.4.4 Multiple.Cross-Site.Request.Forgery MEDIUM" "scripts-n-styles 3.5.8 Admin+.Stored.XSS LOW" "simple-popup-plugin 4.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-popup-plugin 4.5 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "section-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "section-slider No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "section-slider No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "startend-subscription-add-on-for-gravityforms 4.0.6 Reflected.Cross-Site.Scripting MEDIUM" "stock-quotes-list 2.9.12 Contributor+.Stored.XSS MEDIUM" "survey-maker 4.9.6 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "survey-maker 4.2.9 Admin+.Stored.XSS.via.Plugin.Settings LOW" "survey-maker 3.6.4 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "survey-maker 4.1.0 IP.Address.Spoofing MEDIUM" "survey-maker 4.0.7 Reflected.Cross-Site.Scripting MEDIUM" "survey-maker 4.0.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "survey-maker 3.4.7 Reflected.XSS HIGH" "survey-maker 3.1.2 Subscriber+.SQLi HIGH" "survey-maker 3.1.4 Unauthenticated.Stored.XSS HIGH" "survey-maker 2.0.7 Unauthenticated.Store.Cross-Site.Scripting MEDIUM" "survey-maker 1.5.6 Authenticated.Blind.SQL.Injections HIGH" "survey-maker 1.5.6 Reflected.Cross-Site.Scripting.(XSS) HIGH" "strategery-migrations No.known.fix Unauthenticated.Arbitrary.File.Deletion HIGH" "smartcrawl-seo 3.10.9 Unauthenticated.Full.Path.Disclosure MEDIUM" "smartcrawl-seo 3.10.3 Missing.Authorization MEDIUM" "smartcrawl-seo 3.8.3 Unauthenticated.Password.Protected.Post.Disclosure MEDIUM" "simple-sortsearch No.known.fix Ccontributor+.Stored.XSS MEDIUM" "simple-page-transition No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "smart-marketing-for-wp 2.0.0 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "simple-image-popup No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "simple-image-popup 2.0.0 Admin+.Stored.XSS LOW" "stackable-ultimate-gutenberg-blocks 3.13.7 Unauthenticated.CSS.Injection MEDIUM" "stackable-ultimate-gutenberg-blocks 3.13.2 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "stackable-ultimate-gutenberg-blocks 3.12.12 Contributor+.Stored.XSS.via.Posts.Block MEDIUM" "stackable-ultimate-gutenberg-blocks 3.9.1 Reflected.Cross-Site.Scripting MEDIUM" "stackable-ultimate-gutenberg-blocks 3.1.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-al-slider No.known.fix Reflected.XSS HIGH" "subscribe-to-category No.known.fix Unauthenticated.SQLi HIGH" "slider-video 1.4.8 Slider.Carousel.<.1.4.8.-.Admin+.Stored.Cross-Site.Scripting LOW" "store-locator 3.98.8 Settings.Update.via.CSRF MEDIUM" "store-locator 3.34 SQL.Injection CRITICAL" "saphali-woocommerce-lite 1.9.0 Settings.Update/Reset.via.CSRF MEDIUM" "safe-editor 1.2 Unauthenticated.CSS/JS-injection MEDIUM" "seo-backlinks No.known.fix CSRF.to.Stored.XSS HIGH" "security-safe 2.5.2 Reflected.Cross-Site.Scripting MEDIUM" "security-safe 2.4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "site-editor No.known.fix Local.File.Inclusion.(LFI) HIGH" "seo-redirection 9.1 Multiple.CSRF MEDIUM" "seo-redirection 9.1 404.Error.&.History.Deletion.via.CSRF MEDIUM" "seo-redirection 8.2 Subscriber+.SQL.Injection HIGH" "seo-redirection 7.9 Arbitrary.Redirect.Deletion.via.CSRF MEDIUM" "seo-redirection 7.4 Reflected.Cross-Site.Scripting HIGH" "seo-redirection 7.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "seo-redirection 6.4 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "seo-redirection 4.3 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "seo-redirection 2.9 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "seo-redirection 2.3 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "simple-custom-website-data No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sticky-add-to-cart-for-woo No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "seraphinite-accelerator 2.21 Authenticated.(Subscriber+).Server-Side.Request.Forgery.in.OnAdminApi_HtmlCheck MEDIUM" "seraphinite-accelerator 2.20.48 Unauthenticated.Sensitive.Information.Exposure.via.Log.File MEDIUM" "seraphinite-accelerator 2.20.29 Reflected.Cross-Site.Scripting.via.rt MEDIUM" "seraphinite-accelerator 2.20.32 Unauthorised.Settings.Reset/Import MEDIUM" "seraphinite-accelerator 2.2.29 Authenticated.Arbitrary.Redirect MEDIUM" "seraphinite-accelerator 2.2.29 Reflected.XSS HIGH" "simple-membership-wp-user-import 1.8 Admin+.SQLi MEDIUM" "sign-up-sheets 2.2.13 Reflected.XSS HIGH" "sign-up-sheets 2.2.13 Missing.Authorization MEDIUM" "sign-up-sheets 2.2.12 Cross-Site.Request.Forgery MEDIUM" "sign-up-sheets 2.2.9 Settings.Update/Reset.via.CSRF MEDIUM" "sign-up-sheets 1.0.14 Authenticated.CSV.Injection MEDIUM" "sign-up-sheets 1.0.14 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "search-and-replace 3.2.3 Unauthenticated.PHP.Object.Injection MEDIUM" "search-and-replace 3.2.2 Admin+.SQL.injection MEDIUM" "search-and-replace 3.2.2 Administrator+.SQL.injection LOW" "simple-lightbox-gallery No.known.fix Authenticated.(Contributor+).PHP.Object.Injection MEDIUM" "spam-byebye 2.2.2 Cross-Site.Scripting.(XSS) MEDIUM" "shop-page-wp 1.2.8 Admin+.Stored.Cross-Site.Scripting MEDIUM" "showbizpro No.known.fix Shell.Upload CRITICAL" "seamless-donations 5.1.9 Arbitrary.Settings.Update.via.CSRF MEDIUM" "simple-theme-options 1.7 Admin+.Stored.Cross-Site.Scripting LOW" "super-social-content-locker-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "supersaas-appointment-scheduling 2.1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "scripts-organizer 3.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "simplelender-by-umatidocs-com No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "stop-spammer-registrations-plugin 2024.5 Cross-Site.Request.Forgery.(CSRF).via.sfs_process MEDIUM" "stop-spammer-registrations-plugin 2023 Reflected.XSS HIGH" "stop-spammer-registrations-plugin 2023 Admin+.Stored.XSS LOW" "stop-spammer-registrations-plugin 2022.6 Unauthenticated.PHP.Object.Injection MEDIUM" "stop-spammer-registrations-plugin 2021.18 Authenticated.Stored.XSS LOW" "stop-spammer-registrations-plugin 2021.9 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "swipehq-payment-gateway-wp-e-commerce No.known.fix Multiple.XSS.Issues MEDIUM" "simply-static 3.1.4 Unauthenticated.Information.Exposure MEDIUM" "simply-static 3.1.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "static-html-output-plugin 6.0 Reflected.Cross-Site.Scripting MEDIUM" "social-tape No.known.fix CSRF.to.Stored.XSS HIGH" "swipehq-payment-gateway-woocommerce No.known.fix Unauthenticated.Reflected.XSS MEDIUM" "simple-post No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "sb-elementor-contact-form-db 1.8.0 Reflected.Cross-Site.Scripting MEDIUM" "sb-elementor-contact-form-db 1.6 Plugin.Settings.Cross-Site.Request.Forgery MEDIUM" "sb-elementor-contact-form-db 1.6 Unauthenticated.&.Unauthorised.Form.Submissions.Export HIGH" "sparkpost 2.3.6 Admin+.Stored.XSS LOW" "stock-ticker 3.24.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.stock_ticker.Shortcode MEDIUM" "stock-ticker 3.23.5 Authenticated.(Contributor+).Stored.Cross-Site.Scritping MEDIUM" "stock-ticker 3.23.4 Reflected.XSS HIGH" "stock-ticker 3.23.3 Reflected.XSS HIGH" "stock-ticker 3.23.1 Missing.Authorization.in.AJAX.Actions MEDIUM" "seos-contact-form No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "spider-facebook No.known.fix Cross-Site.Request.Forgery MEDIUM" "spider-facebook No.known.fix Reflected.XSS HIGH" "stockists-manager No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "simple-ajax-chat 20240412 Admin+.Stored.XSS LOW" "simple-ajax-chat 20240223 .Unauthenticated.Stored.Cross-Site.Scripting HIGH" "simple-ajax-chat 20240216 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "simple-ajax-chat 20240223 Unauthenticated.Stored.XSS HIGH" "simple-ajax-chat 20220216 Log.Clearing.&.Arbitrary.Chat.Message.Deletion.via.CSRF MEDIUM" "simple-ajax-chat 20220216 Sensitive.Information.Disclosure MEDIUM" "simple-ajax-chat 20220216 Unauthenticated.Stored.XSS MEDIUM" "simplr-registration-form No.known.fix Subscriber+.Arbitrary.User.Password.Change.via.IDOR HIGH" "simple-image-popup-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "service-area-postcode-checker No.known.fix Admin+.Stored.XSS LOW" "similar-posts No.known.fix Admin+.Stored.XSS LOW" "similar-posts 3.1.6 Admin+.Arbitrary.PHP.Code.Execution HIGH" "scroll-triggered-animations 3.0.11 Missing.Authorization.to.Plugin.Settings.Update MEDIUM" "simple-popup No.known.fix Admin+.Stored.XSS LOW" "svg-block 1.1.20 Author+.Stored.XSS.via.SVG.File.Upload MEDIUM" "support-svg 1.1.0 Stored.XSS.via.SVG.Upload MEDIUM" "suretriggers 1.0.48 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Trigger.Link.Shortcode MEDIUM" "suretriggers 1.0.24 Cross-Site.Request.Forgery MEDIUM" "seo-automated-link-building 2.1.1 Multiple.Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "synved-shortcodes No.known.fix Contributor+.Stored.XSS MEDIUM" "shortcode-for-font-awesome 1.4.1 Contributor+.Stored.XSS MEDIUM" "sassy-social-share 3.3.63 Sassy.social.share.<.3,3,63.Admin+.Stored.Cross-Site.scripting LOW" "sassy-social-share 3.3.61 Contributor+.Stored.XSS MEDIUM" "sassy-social-share 3.3.59 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "sassy-social-share 3.3.57 Contributor+.Stored.XSS MEDIUM" "sassy-social-share 3.3.45 Contributor+.Stored.XSS MEDIUM" "sassy-social-share 3.3.40 Reflected.Cross-Site.Scripting MEDIUM" "sassy-social-share 3.3.24 Missing.Access.Controls.to.PHP.Object.Injection MEDIUM" "squelch-tabs-and-accordions-shortcodes 0.4.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.tab.Shortcode MEDIUM" "squelch-tabs-and-accordions-shortcodes 0.4.8 Cross-Site.Request.Forgery MEDIUM" "squelch-tabs-and-accordions-shortcodes 0.4.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.accordions.Shortcode MEDIUM" "simple-revisions-delete 1.5.4 Cross-Site.Request.Forgery MEDIUM" "smart-maintenance-mode No.known.fix Cross-Site.Request.Forgery MEDIUM" "staff-directory-pro 4.0 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "staff-directory-pro 4.0 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "smtp2go 1.5.0 Admin+.Stored.XSS LOW" "tx-onepager No.known.fix Admin+.SQLi MEDIUM" "theme-demo-import 1.1.1 Admin+.Arbitrary.File.Upload MEDIUM" "trustmate-io-integration-for-woocommerce 1.7.1 Subscriber+.Arbitrary.Blog.Option.Update HIGH" "trustmate-io-integration-for-woocommerce 1.8.12 Subscriber+.Arbitrary.Plugin's.Settings.Update HIGH" "total-team-lite 1.1.2 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "track-geolocation-of-users-using-contact-form-7 2.1 Admin+.Stored.XSS LOW" "tori-ajax No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tenweb-speed-optimizer 2.24.18 Unauthenticated.Arbitrary.Option.Deletion HIGH" "timeline-and-history-slider 2.4 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "treepress 3.0.1 Reflected.Cross-Site.Scripting MEDIUM" "treepress 3.0.0 Admin+.Stored.Cross-Site.Scripting LOW" "treepress 2.0.21 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "templates-patterns-collection 1.2.3 Sensitive.Information.Exposure.via.Log.File MEDIUM" "timeline-calendar No.known.fix Authenticated.(admin+).SQL.Injection HIGH" "tcs3 No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "td-subscription 1.5 Authenticated.(Admin+).SQL.Injection HIGH" "td-subscription 1.5 Authenticated.(Admin+).SQL.Injection HIGH" "toggle-the-title No.known.fix XSS MEDIUM" "travelers-map 2.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tr-easy-google-analytics No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "tweeple No.known.fix Reflected.XSS HIGH" "taxonomy-filter 2.2.10 Settings.Update.via.CSRF MEDIUM" "team-members 5.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "team-members 5.3.2 Author+.Stored.XSS MEDIUM" "team-members 5.2.1 Editor+.Stored.XSS LOW" "team-members 5.1.1 Admin+.Stored.Cross-Site.Scripting LOW" "team-members 5.0.4 Authenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "themify-icons 2.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tooltip-ck No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "tk-google-fonts 2.2.12 Missing.Authorization.to.Font.Deletion MEDIUM" "tk-google-fonts 2.2.11 Reflected.Cross-Site.Scripting MEDIUM" "tk-google-fonts 2.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "tm-woocommerce-compare-wishlist No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "telsender 1.14.12 Subscriber+.Settings.Update MEDIUM" "total-donations No.known.fix Update.Arbitrary.WordPress.Option.Values CRITICAL" "testimonial-rotator No.known.fix Authenticated.Stored.Cross-Site.Scripting HIGH" "testimonial-rotator 3.0.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "toolbar-to-share No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "themesflat-addons-for-elementor No.known.fix Authenticated.(Contributor+).Information.Exposure MEDIUM" "themesflat-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themesflat-addons-for-elementor 2.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Widget.Tags MEDIUM" "themesflat-addons-for-elementor 2.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.URLs MEDIUM" "themesflat-addons-for-elementor 2.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.in.Multiple.Widgets MEDIUM" "themesflat-addons-for-elementor 2.1.3 Contributor+.Stored.XSS.via.Widget.Titles MEDIUM" "theme-per-user No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "tagregator No.known.fix Stored.XSS MEDIUM" "testimonials-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "testimonials-widget No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.testimonials.Shortcode MEDIUM" "testimonials-widget 4.0.0 Multiple.Authenticated.Stored.XSS MEDIUM" "table-of-contents-plus 2309 Settings.Update.via.CSRF MEDIUM" "table-of-contents-plus 2309 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "table-of-contents-plus 2212 Contributor+.Stored.XSS MEDIUM" "teachpress 9.0.6 Cross-Site.Request.Forgery.via.delete_database() MEDIUM" "teachpress 9.0.5 Cross-Site.Request.Forgery MEDIUM" "teachpress 9.0.3 Reflected.Cross-Site.Scripting HIGH" "teachpress 8.1.9 Reflected.Cross-Site.Scripting HIGH" "traffic-manager No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "traffic-manager No.known.fix Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "tin-canny-learndash-reporting 4.3.0.8 Reflected.Cross-Site.Scripting MEDIUM" "translatepress-multilingual 2.3.3 Admin+.SQLi MEDIUM" "translatepress-multilingual 2.0.9 Authenticated.Stored.Cross-Site.Scripting LOW" "terraclassifieds No.known.fix Cross-Site.Request.Forgery HIGH" "terraclassifieds No.known.fix TerraClassifieds.<=.2,0,3.Unauthenticated.Arbitrary.File.Upload CRITICAL" "tinymce-and-tinymce-advanced-professsional-formats-and-styles No.known.fix Cross-Site.Request.Forgery.via.bb_taps_backend_page MEDIUM" "th23-social No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "tidio-gallery No.known.fix .Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "tag-groups 2.0.4 Missing.Authorization.to.Information.Exposure MEDIUM" "tag-groups 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "tag-groups 1.43.10.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "twitter-plugin 2.55 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "tumult-hype-animations 1.9.12 Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "tumult-hype-animations 1.9.13 Authenticated.(Author+).Arbitrary.File.Upload HIGH" "telefication No.known.fix Open.Relay.&.Server-Side.Request.Forgery MEDIUM" "timeline-widget-addon-for-elementor 1.5.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "torro-forms No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "total-cost-input-for-woocommerce 1.0.1 Reflected.Cross-Site.Scripting MEDIUM" "tracking-code-manager 2.3.0 Admin+.Stored.Cross-Site.Scripting LOW" "tracking-code-manager 2.1.0 Tracking.Code.Manager.<.2,1,0.-Admin+.Stored.Cross-Site.Scripting MEDIUM" "telephone-number-linker No.known.fix Contributor+.Stored.XSS MEDIUM" "testimonial 2.3.8 Admin+.Stored.Cross-Site.Scripting LOW" "template-kit-export 1.0.22 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "terms-descriptions No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "terms-descriptions 3.4.5 Reflected.XSS HIGH" "theme-switcha 3.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "tax-rate-upload No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tax-rate-upload No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "themehunk-megamenu-plus 1.1.1 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "themehunk-megamenu-plus 1.1.0 .Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Updates MEDIUM" "tec-subscriber-addons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tec-subscriber-addons 2.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "theme-editor 2.9 Authenticated.(Admin+).PHAR.Deserialization HIGH" "theme-editor 2.8 Admin+.Arbitrary.File.Upload HIGH" "theme-editor 2.6 Authenticated.Arbitrary.File.Download MEDIUM" "theme-editor 2.2 Multiple.Vulnerabilities CRITICAL" "taggbox-widget No.known.fix Cross-Site.Request.Forgery MEDIUM" "taggbox-widget 3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "taggbox-widget 3.2 Unauthenticated.PHP.Object.Injection CRITICAL" "taggbox-widget No.known.fix Missing.Authorization MEDIUM" "taggbox-widget No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "taggbox-widget No.known.fix Cross-Site.Request.Forgery MEDIUM" "the-events-calendar 6.6.4.1 Unauthenticated.SQL.Injection MEDIUM" "the-events-calendar 6.6.4 Admin+.Stored.XSS LOW" "the-events-calendar 6.5.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "the-events-calendar 6.5.1.5 Cross-Site.Request.Forgery.via.action_restore_events MEDIUM" "the-events-calendar 6.4.0.1 Contributor+.Missing.Authorization.to.Authenticated.Arbitrary.Events.Access MEDIUM" "the-events-calendar 6.4.0.1 Contributor+.Arbitrary.Events.Access LOW" "the-events-calendar 6.4.0.1 Reflected.XSS HIGH" "the-events-calendar 6.2.9 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "the-events-calendar 6.2.8.1 Unauthenticated.Arbitrary.Password.Protected.Post.Read MEDIUM" "the-events-calendar 6.1.0 Reflected.Cross-Site.Scripting MEDIUM" "the-events-calendar 5.14.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "the-events-calendar 5.14.0 Reflected.Cross-Site.Scripting MEDIUM" "the-events-calendar 4.8.2 XSS MEDIUM" "testimonials No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "testimonial-slider-shortcode 1.1.9 Contributor+.Stored.XSS MEDIUM" "task-manager-pro 3.6.34 Multiple.Cross-Site.Scripting MEDIUM" "task-manager-pro 3.6.34 Follower+.SQLi HIGH" "thrive-headline-optimizer 1.3.7.3 Unauthenticated.Option.Update MEDIUM" "thrive-dashboard 2.3.9.3 Unauthenticated.Option.Update MEDIUM" "tiny-contact-form No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "taskbuilder 1.0.8 Subscriber+.Stored.XSS.via.SVG.file.upload MEDIUM" "td-cloud-library 2.7 Unauthenticated.Arbitrary.User.Metadata.Update.to.Privilege.Escalation CRITICAL" "typebot No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "typebot 1.4.3 Admin+.Stored.Cross.Site.Scripting LOW" "templatespare 2.4.3 Missing.Authorization.to.Authenticated.(Subscriber+).Theme.Update MEDIUM" "team-showcase-supreme 4.5 Editor+.Stored.Cross-Site.Scripting LOW" "the-plus-addons-for-elementor-page-builder 5.6.12 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.content_template MEDIUM" "the-plus-addons-for-elementor-page-builder 5.6.3 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "the-plus-addons-for-elementor-page-builder 5.6.3 Missing.Authorization MEDIUM" "the-plus-addons-for-elementor-page-builder 5.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Testimonials.Widget.Settings MEDIUM" "the-plus-addons-for-elementor-page-builder 5.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Video.Widget MEDIUM" "the-plus-addons-for-elementor-page-builder 5.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.TP.Page.Scroll.Widget MEDIUM" "the-plus-addons-for-elementor-page-builder 5.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Widget MEDIUM" "the-plus-addons-for-elementor-page-builder 5.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-plus-addons-for-elementor-page-builder 5.5.3 Contributor+.Stored.XSS MEDIUM" "the-plus-addons-for-elementor-page-builder 5.5.5 Contributor+.Stored.XSS.via.Hover.Card.Widget MEDIUM" "the-plus-addons-for-elementor-page-builder 5.5.3 Contributor+.Stored.XSS MEDIUM" "the-plus-addons-for-elementor-page-builder 5.5.5 Contributor+.Stored.XSS.in.Widgets MEDIUM" "the-plus-addons-for-elementor-page-builder 5.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Age.Gate MEDIUM" "the-plus-addons-for-elementor-page-builder 5.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-plus-addons-for-elementor-page-builder 5.5.0 Contributor+.Stored.Cross-Site.Scripting.via.Countdown.Widget MEDIUM" "the-plus-addons-for-elementor-page-builder 5.4.2 Contributor+.LFI MEDIUM" "the-plus-addons-for-elementor-page-builder 5.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.Header.Meta.Content.Widget MEDIUM" "the-plus-addons-for-elementor-page-builder 5.3.4 Contributor+.Stored.XSS MEDIUM" "the-plus-addons-for-elementor-page-builder 2.0.7 Contributor+.Privilege.Escalation HIGH" "the-plus-addons-for-elementor-page-builder 2.0.7 Contributor+.Arbitrary.File.Access MEDIUM" "the-plus-addons-for-elementor-page-builder 2.0.6 Contributor+.Stored.XSS MEDIUM" "to-top 2.3 Unauthorised.Plugin's.Setting.Change MEDIUM" "this-day-in-history No.known.fix Unauthenticated.Reflected.XSS HIGH" "truebooker-appointment-booking No.known.fix Settings.Update.via.CSRF MEDIUM" "truebooker-appointment-booking No.known.fix Multiple.Unauthenticated.SQLi HIGH" "thecartpress No.known.fix Unauthenticated.Arbitrary.Admin.Account.Creation CRITICAL" "thecartpress 1.3.9.3 Multiple.Vulnerabilities HIGH" "twb-woocommerce-reviews 1.7.6 Admin+.Stored.XSS LOW" "template-events-calendar 2.3.2 Authenticated.(Contributor+).SQL.Injection.via.shortcode HIGH" "template-events-calendar 2.0 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "template-events-calendar 1.7.2 Reflected.Cross-Site.Scripting.(XSS) HIGH" "thank-me-later No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "tracked-tweets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tracked-tweets No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "text-hover 4.2 Admin+.Stored.Cross-Site.Scripting. LOW" "tiger-form 2.1.0 Reflected.XSS HIGH" "targetfirst-wordpress-plugin 1.0 Unauthenticated.Stored.XSS.via.Licence.Key HIGH" "testimonial-widgets 1.4.4 Authenticated.(Contributor+).SQL.Injection HIGH" "testimonial-widgets 1.4.3 Widget.Deletion.via.CSRF MEDIUM" "team 1.22.26 Reflected.Cross-Site.Scripting HIGH" "team 1.22.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "team 1.22.16 Authenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "team 1.22.16 PHP.Object.Injection HIGH" "tt-custom-post-type-creator No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "theme-junkie-shortcodes No.known.fix Contributor+.Stored.XSS.via.Shortcodes MEDIUM" "typing-text 1.2.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tablepress 2.3.2 Authenticated.(Author+).Server-Side.Request.Forgery.via.DNS.Rebind MEDIUM" "tablepress 2.2.5 Authenticated(Author+).Server.Side.Request.Forgery(SSRF).via._get_import_files MEDIUM" "tablepress 2.1.5 Reflected.Cross-Site.Scripting MEDIUM" "tablepress 1.8.1 Authenticated.XML.External.Entity.(XXE) MEDIUM" "taboola 2.0.2 CSRF MEDIUM" "the-events-calendar-pro 6.4.0.1 Contributor+.Missing.Authorization.to.Authenticated.Arbitrary.Events.Access MEDIUM" "thumbs-rating No.known.fix Unauthenticated.Insecure.Direct.Object.Reference MEDIUM" "tabbed 1.3.2 Accordion,.FAQ.<.1.3.2.-.Unauthenticated.AJAX.Calls CRITICAL" "twitter-friends-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tabs-for-visual-composer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tinymce-annotate No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "tinymce-annotate No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "thrive-quiz-builder 2.3.9.4 Unauthenticated.Option.Update MEDIUM" "thrive-ab-page-testing 1.4.13.3 Unauthenticated.Option.Update MEDIUM" "tp-education 4.5 Contributor+.Stored.XSS MEDIUM" "ttv-easy-embed-player 2.1.1 Admin+.Stored.XSS LOW" "toolbar-extras No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themify-ptb 2.1.1 Reflected.Cross-Site.Scripting HIGH" "themify-ptb 2.1.4 Subscriber+.Arbitrary.Post/Page.Creation MEDIUM" "theme-blvd-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "travel-light No.known.fix CSRF.Bypass MEDIUM" "tatsu 3.3.12 Unauthenticated.RCE CRITICAL" "turbo-widgets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "turbo-widgets No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "turbo-widgets No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "tournamatch 4.6.1 Subscriber+.Stored.XSS HIGH" "tournamatch 4.6.1 Admin+.Stored.XSS.via.Ladders LOW" "tiempocom No.known.fix Shortcode.Deletion.via.CSRF MEDIUM" "tiempocom No.known.fix Stored.XSS.via.CSRF HIGH" "tiempocom No.known.fix Reflected.XSS HIGH" "testimonial-free 2.6.0 Contributor+.Stored.XSS MEDIUM" "testimonial-free 2.1.7 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "tcd-google-maps No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "track-the-click 0.3.12 Author+.Time-Based.Blind.SQL.Injection HIGH" "titan-labs-security-audit No.known.fix Admin+.Stored.Cross.Site.Scripting LOW" "trustmary No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "total-gdpr-compliance-lite 1.0.5 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "totop-link No.known.fix Unauthenticated.PHP.Object.Injection MEDIUM" "tradedoubler-affiliate-tracker 2.0.22 Unauthenticated.LFI HIGH" "testimonials-carousel-elementor 10.2.3 Contributor+.Stored.XSS MEDIUM" "testimonials-carousel-elementor 10.2.1 Missing.Authorization.to.Limited.Setting.Update MEDIUM" "testimonials-carousel-elementor 10.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "temp-mail 1.0.1 Reflected.Cross-Site.Scripting MEDIUM" "transition-slider-lite No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "top-10 3.2.5 Admin+.Stored.XSS LOW" "top-10 3.2.3 Contributor+.Stored.XSS MEDIUM" "top-10 2.9.5 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "totalpoll-lite 4.10.0 Missing.Authorization MEDIUM" "testimonial-add 3.5.8.5 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "timetics 1.0.24 Authorization.Bypass MEDIUM" "timetics 1.0.22 AI-powered.Appointment.Booking.with.Visual.Seat.Plan.and.ultimate.Calendar.Scheduling.Plugin.<.1.0.22.-.Missing.Authorization.to.Limited.Privilege.Escalation HIGH" "teaser-maker-standard No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "theatre 0.18.4 Admin+.Stored.XSS LOW" "tweetscroll-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "thrive-apprentice 2.3.9.4 Unauthenticated.Option.Update MEDIUM" "thrive-clever-widgets 1.57.1 Unauthenticated.Option.Update MEDIUM" "transcoder 1.3.6 Cross-Site.Request.Forgery MEDIUM" "tecslider 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "tecslider 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "tweet-wheel 1.0.3.3 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "tagembed-widget 5.9 Missing.Authorization MEDIUM" "tagembed-widget 4.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "thirstyaffiliates 3.10.5 Subscriber+.unauthorized.image.upload.+.CSRF LOW" "thirstyaffiliates 3.10.5 Subscriber+.Arbitrary.Affiliate.Links.Creation LOW" "thirstyaffiliates 3.9.3 Authenticated.Stored.XSS MEDIUM" "timber-library 1.23.1 Authenticated.(Admin+).PHP.Object.Injection HIGH" "tour-booking-manager 1.7.8 Missing.Authorization MEDIUM" "tour-booking-manager 1.7.2 Missing.Authorization.via.ttbm_new_place_save MEDIUM" "tour-booking-manager 1.6.1 Cross-Site.Request.Forgery MEDIUM" "the-holiday-calendar 1.11.3 Cross-Site.Scripting.(XSS) MEDIUM" "tlp-team 4.4.2 Editor+.Stored.XSS LOW" "tlp-team 4.1.2 Subscriber+.Arbitrary.File.Read.and.Deletion CRITICAL" "ts-webfonts-for-conoha 2.0.4 Admin+.Stored.XSS LOW" "tourfic 2.11.21 Cross-Site.Request.Forgery.in.Multiple.Functions MEDIUM" "tourfic 2.11.19 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "tourfic 2.11.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tourfic 2.11.8 Reflected.Cross-Site.Scripting MEDIUM" "tourfic 2.11.16 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "tajer No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "tainacan 0.21.11 Reflected.Cross-Site.Scripting MEDIUM" "tainacan 0.21.8 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Read MEDIUM" "tainacan 0.21.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tainacan 0.21.4 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "tainacan 0.20.8 Missing.Authorization MEDIUM" "tainacan 0.20.7 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "tainacan 0.20.5 Reflected.Cross-Site.Scripting MEDIUM" "throws-spam-away 3.3.1 Comment.Deletion.via.CSRF MEDIUM" "twitter-cards-meta 2.5.0 CSRF.and.XSS HIGH" "ti-woocommerce-wishlist-premium 1.40.1 Unauthenticated.Blind.SQL.Injection HIGH" "ti-woocommerce-wishlist-premium 1.21.5 Authenticated.WP.Options.Change HIGH" "thrive-automator 1.17.1 Cross-Site.Request.Forgery MEDIUM" "two-factor-authentication 1.3.13 Disable.Two.Factor.Authentication.CSRF HIGH" "two-factor-authentication 1.1.10 XSS MEDIUM" "thrive-leads 2.3.9.4 Unauthenticated.Option.Update MEDIUM" "trust-form 2.0.1 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "timely-booking-button No.known.fix Admin+.Stored.XSS LOW" "ticket-tailor 1.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "top-bar 3.0.4 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "top-bar 3.0.5 Admin+.Stored.XSS LOW" "top-bar 3.0.4 Admin+.Stored.Cross-Site.Scripting LOW" "theme-my-login 7.1.8 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "theme-my-login 7.1.7 Missing.Authorization.to.Notice.Dismissal MEDIUM" "templately 3.1.3 Missing.Authorization MEDIUM" "templately 2.2.6 Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "twittee-text-tweet No.known.fix Reflected.XSS HIGH" "table-maker No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "telegram-bot No.known.fix Cross-Site.Request.Forgery MEDIUM" "telegram-bot 3.6.3 Admin+.Stored.XSS LOW" "tripetto 7.0.1 Reflected.Cross-Site.Scripting MEDIUM" "tripetto 5.2.0 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "tripetto 5.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "tinymce-custom-styles 1.1.4 Admin+.Stored.Cross-Site.Scripting LOW" "tinymce-custom-styles 1.1.3 Admin+.Stored.XSS LOW" "top-25-social-icons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "total-security 3.4.1 XSS.&.Settings.Change MEDIUM" "tiny-bar 2.1 Reflected.Cross-Site.Scripting MEDIUM" "title-field-validation No.known.fix Unauthorised.AJAX.Calls HIGH" "team-showcase 2.2 Contributor+.Stored.XSS MEDIUM" "translation-exchange No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "timeline-for-beaver-builder 1.1.4 Editor+.Stored.XSS LOW" "tc-custom-javascript 1.2.2 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "tk-smugmug-slideshow-shortcode No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tk-smugmug-slideshow-shortcode No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "thrive-comments 1.4.15.3 Unauthenticated.Option.Update MEDIUM" "ti-woocommerce-wishlist No.known.fix Unauthenticated.SQL.Injection.via.lang.parameters HIGH" "ti-woocommerce-wishlist No.known.fix Unauthenticated.SQL.Injection HIGH" "ti-woocommerce-wishlist 1.7.0 Reflected.Cross-Site.Scripting MEDIUM" "ti-woocommerce-wishlist 1.40.1 Unauthenticated.Blind.SQL.Injection HIGH" "ti-woocommerce-wishlist 1.21.12 Authenticated.WP.Options.Change HIGH" "timesheet 0.1.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "template-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "template-manager No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "thrive-ultimatum 2.3.9.4 Unauthenticated.Option.Update MEDIUM" "themify-event-post 1.2.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "tutor-lms-elementor-addons 2.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Course.Carousel.Widget MEDIUM" "tutor-lms-elementor-addons 2.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tidio-form No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "term-and-category-based-posts-widget 4.9.13 Admin+.Stored.XSS LOW" "tabs-pro 1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "themify-shortcodes 2.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themify-shortcodes 2.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.themify_button.Shortcode MEDIUM" "themify-shortcodes 2.0.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themify-shortcodes 2.0.8 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "themify-ptb-search 1.4.0 Post.Type.Builder.Search.Addon.<.1.4.0.-.Reflected.Cross-Site.Scripting MEDIUM" "typofr No.known.fix Reflected.Cross-Site.Scripting HIGH" "tripay-payment-gateway 3.2.8 Admin+.Stored.XSS LOW" "total-sales-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "twenty20 No.known.fix Contributor+.Stored.XSS MEDIUM" "transposh-translation-filter-for-wordpress No.known.fix Settings.Update.via.Authorization.Bypass MEDIUM" "transposh-translation-filter-for-wordpress No.known.fix Subscriber+.Unauthorised.Calls MEDIUM" "transposh-translation-filter-for-wordpress No.known.fix Admin+.SQL.Injection MEDIUM" "transposh-translation-filter-for-wordpress No.known.fix Usernames.Disclosure MEDIUM" "transposh-translation-filter-for-wordpress No.known.fix Unauthenticated.Settings.Change MEDIUM" "transposh-translation-filter-for-wordpress 1.0.8 Admin+.RCE MEDIUM" "transposh-translation-filter-for-wordpress 1.0.8 CSRF.to.Stored.XSS HIGH" "transposh-translation-filter-for-wordpress 1.0.8 Reflected.Cross-Site.Scripting MEDIUM" "transposh-translation-filter-for-wordpress 1.0.8 Stored.Cross-Site.Scripting MEDIUM" "timed-content 2.73 Contributor+.Stored.XSS MEDIUM" "tedwp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tedwp 0.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "tlp-portfolio 2.8.11 WordPress.Portfolio.<.2.8.11.-.Contributor+.Stored.XSS MEDIUM" "temporary-login-without-password 1.7.1 Subscriber+.Plugin's.Settings.Update MEDIUM" "the-buffer-button No.known.fix Authenticated.Stored.Cross.Site.Scripting.(XSS) MEDIUM" "tickera-event-ticketing-system 3.5.2.9 Missing.Authorization.to.Authenticated.(Susbcriber+).Ticket.Deletion MEDIUM" "tickera-event-ticketing-system 3.5.2.7 Missing.Authorization MEDIUM" "tickera-event-ticketing-system 3.5.2.5 Ticket.leakage.through.IDOR MEDIUM" "tickera-event-ticketing-system 3.5.1.0 Plugin.Data.Deletion.via.CSRF LOW" "tickera-event-ticketing-system 3.4.9.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "tickera-event-ticketing-system 3.4.8.3 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "tickera-event-ticketing-system 3.4.6.9 Unauthenticated.Sensitive.Data.Exposure HIGH" "timeline-event-history 3.2 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "testimonial-slider 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "testimonial-slider 1.3.2 Stored.XSS.via.CSRF MEDIUM" "testimonial-slider 1.2.5 Authenticated.SQL.Injection HIGH" "testimonial-slider 1.3.2 Authenticated.Stored.Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "tapfiliate 3.0.13 Admin+.Stored.XSS LOW" "the-moneytizer 10.0.1 Missing.Authorization.via.multiple.AJAX.actions HIGH" "the-moneytizer 10.0.1 Cross-Site.Request.Forgery.via.multiple.AJAX.actions HIGH" "the-moneytizer 9.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tabs-responsive 2.2.8 Editor+.Stored.Cross-Site.Scripting LOW" "tweet-old-custom-post No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "tawkto-live-chat 0.6.0 Subscriber+.Visitor.Monitoring.&.Chat.Removal HIGH" "thrive-ovation 2.4.5 Unauthenticated.Option.Update MEDIUM" "testimonial-builder 1.6.2 Editor+.Stored.Cross-Site.Scripting LOW" "testimonial-builder 1.6.0 Admin+.Stored.Cross-Site.Scripting LOW" "textme-sms-integration 1.9.1 Subscriber+.Settings.Update MEDIUM" "textme-sms-integration 1.8.9 Authenticated.Stored.XSS LOW" "the-plus-addons-for-block-editor 3.2.6 Missing.Authorization MEDIUM" "the-plus-addons-for-block-editor 3.2.6 Reflected.Cross-Site.Scripting MEDIUM" "templatesnext-toolkit 3.2.9 Contributor+.Stored.XSS MEDIUM" "templatesnext-toolkit 3.2.8 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "templatesnext-toolkit 3.2.8 Contributor+.Stored.XSS MEDIUM" "thesis-openhook 4.3.1 Subscriber+.Remote.Code.Execution CRITICAL" "the-sorter No.known.fix Authenticated.SQL.Injection MEDIUM" "time-sheets 1.29.3 Admin+.Stored.XSS LOW" "time-sheets 1.5.2 Multiple.XSS MEDIUM" "tutor 2.7.5 Cross-Site.Request.Forgery.via.'addon_enable_disable' MEDIUM" "tutor 2.7.3 Authenticated.(Administrator+).SQL.Injection HIGH" "tutor 2.7.4 Authenticated.(Instructor+).Stored.Cross-Site.Scripting MEDIUM" "tutor 2.7.4 Missing.Authorization MEDIUM" "tutor 2.7.3 Cross-Site.Request.Forgery MEDIUM" "tutor 2.7.3 Authenticated.(Tutor.Instructor+).Stored.Cross-Site.Scripting MEDIUM" "tutor 2.7.2 Authenticated.(Admin+).Path.Traversal LOW" "tutor 2.7.2 Tutor.LMS.–.eLearning.and.online.course.solution.<.2,7,2.-Authenticated.(Administrator+).SQL.Injection HIGH" "tutor 2.7.2 Authenticated.(Instructor+).Insecure.Direct.Object.Reference.to.Arbitrary.Quiz.Attempt.Deletion MEDIUM" "tutor 2.7.1 Authenticated.(Instructor+).Insecure.Direct.Object.Reference.to.Arbitrary.Course.Deletion MEDIUM" "tutor 2.7.1 Missing.Authorization CRITICAL" "tutor 2.7.1 Authenticated.(Instructor+).SQL.Injection HIGH" "tutor 2.7.0 Missing.Authorization.to.Unauthenticated.Limited.Options.Update MEDIUM" "tutor 2.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'tutor_instructor_list'.Shortcode MEDIUM" "tutor 2.6.2 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Deletion MEDIUM" "tutor 2.6.2 Cross-Site.Request.Forgery.to.Plugin.Deactivation.and.Data.Erase MEDIUM" "tutor 2.6.2 Authenticated.(Subscriber+).SQL.Injection HIGH" "tutor 2.6.1 Missing.Authorization MEDIUM" "tutor 2.6.1 Student+.HTML.Injection.via.Q&A MEDIUM" "tutor 2.3.0 Admin+.Stored.XSS LOW" "tutor 2.3.0 Subscriber+.Stored.Cross-Site.Scripting HIGH" "tutor 2.2.1 Unauthenticated.Access.to.Tutor.LMS.Lesson.Resources.via.REST.API MEDIUM" "tutor 2.2.1 Student+.SQL.Injection HIGH" "tutor 2.2.0 Instructor+.SQL.Injection MEDIUM" "tutor 2.2.0 Unauthenticate.SQL.Injection HIGH" "tutor 2.0.10 Reflected.Cross-Site.Scripting HIGH" "tutor 2.0.10 Admin+.Stored.Cross-Site.Scripting LOW" "tutor 2.0.9 Reflected.Cross-Site.Scripting MEDIUM" "tutor 1.9.13 Reflected.Cross-Site.Scripting MEDIUM" "tutor 1.9.12 Reflected.Cross-Site.Scripting HIGH" "tutor 1.9.12 Subscriber+.Stored.Cross-Site.Scripting HIGH" "tutor 1.9.11 Reflected.Cross-Site.Scripting MEDIUM" "tutor 1.9.9 Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "tutor 1.9.6 Reflected.Cross-Site.Scripting HIGH" "tutor 1.9.2 Authenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "tutor 1.8.8 Authenticated.Local.File.Inclusion MEDIUM" "tutor 1.7.7 Unprotected.AJAX.including.Privilege.Escalation HIGH" "tutor 1.8.3 SQL.Injection.via.tutor_answering_quiz_question/get_answer_by_id MEDIUM" "tutor 1.7.7 SQL.Injection.via.tutor_mark_answer_as_correct MEDIUM" "tutor 1.8.3 SQL.Injection.via.tutor_quiz_builder_get_question_form MEDIUM" "tutor 1.7.7 SQL.Injection.via.tutor_place_rating MEDIUM" "tutor 1.8.3 SQL.Injection.via.tutor_quiz_builder_get_answers_by_question MEDIUM" "tutor 1.5.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "themedy-toolbox 1.0.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Shortcodes MEDIUM" "tiny-carousel-horizontal-slider No.known.fix Admin+.Stored.XSS LOW" "testimonial-slider-and-showcase 2.3.8 Admin+.Stored.XSS LOW" "testimonial-slider-and-showcase 2.3.7 Author+.Settings.Update LOW" "themify-wc-product-filter 1.5.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "themify-wc-product-filter 1.5.0 WooCommerce.Product.Filter.<.1.5.0.-.Unauthenticated.SQL.Injection.via.conditions.Parameter CRITICAL" "themify-wc-product-filter 1.4.4 Reflected.XSS HIGH" "themify-wc-product-filter 1.4.4 Filter.Deletion.via.CSRF MEDIUM" "themify-wc-product-filter 1.4.4 Admin+.Stored.XSS LOW" "themify-wc-product-filter 1.3.8 WooCommerce.Product.Filter.<.1.3.8.-.Reflected.Cross-Site.Scripting MEDIUM" "themify-portfolio-post 1.2.5 Editor+.Stored.XSS LOW" "themify-portfolio-post 1.2.2 Contributor+.Stored.XSS MEDIUM" "themify-portfolio-post 1.2.1 Contributor+.Stored.XSS MEDIUM" "themify-portfolio-post 1.1.7 Reflected.Cross-Site.Scripting MEDIUM" "themify-portfolio-post 1.1.6 Authenticated.Stored.Cross-Site.Scripting HIGH" "ts-webfonts-for-sakura 3.1.1 Admin+.Stored.Cross-Site.Scripting LOW" "ts-webfonts-for-sakura 3.1.3 Font.Settings.Change.via.CSRF MEDIUM" "ts-webfonts-for-sakura 3.1.3 Font.Type.Settings.Change.via.CSRF MEDIUM" "tera-charts No.known.fix Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "travelpayouts 1.1.17 Open.Redirect MEDIUM" "travelpayouts 1.1.13 Settings.Update.via.CSRF MEDIUM" "travelpayouts 1.1.14 Reflected.XSS HIGH" "travelpayouts 1.0.17 CSRF.Bypass.due.to.Outdated.Redux.Framework MEDIUM" "tochat-be 1.3.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "themeisle-companion 2.10.37 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "themeisle-companion 2.10.35 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Services.and.Post.Type.Grid.Widgets MEDIUM" "themeisle-companion 2.10.33 Authenticated.(Contributor+).Stored.Cross-Site.Scripiting.via.Registration.Form.Widget MEDIUM" "themeisle-companion 2.10.32 Contributor+.Stored.XSS.via.Post.Type.Grid.Widget MEDIUM" "themeisle-companion 2.10.31 Contributor+.Stored.XSS.via.Pricing.Table.Widget MEDIUM" "themeisle-companion 2.10.31 Contributor+.Stored.XSS.via.Form.Widget MEDIUM" "themeisle-companion 2.10.30 Connected.API.Keys.Update.via.CSRF MEDIUM" "themeisle-companion 2.10.29 Unauthenticated.Connected.API.Keys.Update MEDIUM" "themeisle-companion 2.10.28 Contributor+.Stored.XSS MEDIUM" "themeisle-companion 2.10.27 Contributor+.Stored.XSS MEDIUM" "themeisle-companion 2.10.24 Author+.Server-Side.Request.Forgery MEDIUM" "themeisle-companion 2.10.3 Authenticated.Stored.Cross.Site.Scripting MEDIUM" "themeisle-companion 2.10.3 Authenticated.Privilege.Escalation CRITICAL" "tabs-with-posts No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tabs-with-posts No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "tiny-carousel-horizontal-slider-plus No.known.fix Admin+.Stored.XSS MEDIUM" "tml-2fa 1.2 .Lack.of.Rate.Limiting MEDIUM" "theme-tweaker-lite No.known.fix Cross-Site.Request.Forgery MEDIUM" "tippy No.known.fix Contributor+.Stored.XSS MEDIUM" "telugu-bible-verse-daily No.known.fix CSRF.to.Stored.XSS HIGH" "the-post-grid 7.5.0 Editor+.Stored.XSS.via.Grid.Creation LOW" "the-post-grid 7.7.12 Authenticated.(Contributor+).Information.Disclosure MEDIUM" "the-post-grid 7.7.5 Missing.Authorization.via.AJAX MEDIUM" "the-post-grid 7.7.5 Missing.Authorization.via.save_block_css MEDIUM" "the-post-grid 7.7.5 Missing.Authorization.via.REST.API MEDIUM" "the-post-grid 7.7.2 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.section.title.tag MEDIUM" "the-post-grid 7.7.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-post-grid 7.7.0 Missing.Authorization MEDIUM" "the-post-grid 7.2.8 Block.CSS.Update.via.CSRF MEDIUM" "the-post-grid 5.0.5 Settings.Update.via.CSRF MEDIUM" "templatesnext-onepager No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "titan-framework No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "titan-framework 1.6 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "tf-numbers-number-counter-animaton 2.0.1 Subscriber+.Arbitrary.Option.Update HIGH" "trackship-for-woocommerce 1.7.6 Missing.Authorization MEDIUM" "timthumb-vulnerability-scanner No.known.fix Scan.Initialisation.via.CSRF MEDIUM" "tiny-compress-images 3.4.4 Cross-Site.Request.Forgery MEDIUM" "td-composer 5.1 Reflected.Cross-Site.Scripting.via.envato_code[] MEDIUM" "td-composer 5.1 Reflected.Cross-Site.Scripting.via.envato_code[] MEDIUM" "td-composer 4.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.button.Shortcode MEDIUM" "td-composer 4.9 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Attachment.Meta MEDIUM" "td-composer 4.9 Authenticated.(Contributor+).Local.File.Inclusion.via.Shortcode HIGH" "td-composer 4.2 Admin+.Stored.XSS LOW" "td-composer 4.2 Unauthenticated.Stored.XSS HIGH" "td-composer 4.0 Reflected.Cross-site.Scripting HIGH" "td-composer 3.5 Unauthenticated.Account.Takeover CRITICAL" "tradetracker-store 4.6.60 Admin+.SQL.Injection MEDIUM" "tranzly No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tranzly 1.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "tags-cloud-manager No.known.fix Reflected.XSS HIGH" "typea-ftc-disclosure No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "typea-ftc-disclosure No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "truepush-free-web-push-notifications No.known.fix Missing.Authorization MEDIUM" "tangible-loops-and-logic 4.1.5 Reflected.Cross-Site.Scripting MEDIUM" "tuxedo-big-file-uploads 2.1.3 Authenticated.(Author+).Full.Path.Disclosure MEDIUM" "tuxedo-big-file-uploads 2.1.2 Cross-Site.Request.Forgery.via.actions MEDIUM" "task-scheduler 1.6.1 Folders.Disclosure.via.Outdated.jQueryFileTree.Library MEDIUM" "tk-event-weather No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tk-event-weather No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "thrive-visual-editor 2.6.7.4 Unauthenticated.Option.Update MEDIUM" "thinktwit 1.7.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "triberr-wordpress-plugin 4.1.2 Admin+.Stored.XSS LOW" "the-pack-addon 2.0.9 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "the-pack-addon 2.0.8.7 Authenticated.(contributor+).Local.File.Inclusion HIGH" "the-pack-addon 2.0.8.4 Reflected.Cross-Site.Scripting MEDIUM" "the-pack-addon 2.0.8.3 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "twchat 3.1.5 Admin+.Local.File.Inclusion LOW" "twchat 3.1.5 Multiple.CSRF MEDIUM" "twentyfourth-wp-scraper No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "twentyfourth-wp-scraper No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "themify-builder 7.6.3 Reflected.Cross-Site.Scripting MEDIUM" "themify-builder 7.6.2 Missing.Authorization.to.Authenticated.(Contributor+).Post.Duplication MEDIUM" "themify-builder 7.5.8 Open.Redirect MEDIUM" "themify-builder 7.0.6 Cross-Site.Request.Forgery MEDIUM" "themify-builder 5.3.2 Reflected.Cross-Site.Scripting HIGH" "thinkific-uploader No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "tubepress 1.6.5 XSS MEDIUM" "thesography No.known.fix Admin+.Stored.XSS LOW" "the-very-simple-vimeo-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "thim-elementor-kit 1.1.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "thim-elementor-kit 1.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "theme-blvd-responsive-google-maps No.known.fix Contributor+.XSS MEDIUM" "tutor-pro 2.7.3 Missing.Authorization.to.Authenticated.(Subscriber+).Insecure.Direct.Object.Reference HIGH" "tutor-pro 2.7.1 Missing.Authorization HIGH" "tutor-pro 2.7.1 Missing.Authorization.to.Privilege.Escalation HIGH" "tutor-pro 2.7.1 Missing.Authorization.to.SQL.Injection HIGH" "template-kit-import 1.0.15 Author+.Stored.XSS MEDIUM" "tutor-lms-migration-tool No.known.fix Missing.Authorization.in.tutor_lp_export_xml MEDIUM" "tutor-lms-migration-tool No.known.fix Missing.Authorization.in.tutor_import_from_xml MEDIUM" "tabs-shortcode-and-widget No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "tree-website-map 2.9 Arbitrary.Plugin.Installation/Activation.via.Low.Privilege.User CRITICAL" "tree-website-map 3.1 Arbitrary.Plugin.Installation/Activation.via.CSRF CRITICAL" "tune-library 1.5.5 SQL.Injection HIGH" "tweet-old-post 9.0.11 PHP.Object.Injection LOW" "table-genie No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "table-genie No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "themereps-helper No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tilda-publishing 0.3.24 Subscriber+.Unauthorised.Action MEDIUM" "teamleader-form-integration 2.1.0 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "transbank-webpay-plus-rest 1.6.7 Admin+.SQLi MEDIUM" "table-addons-for-elementor 2.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via._id.Parameter MEDIUM" "timeline-awesome No.known.fix Author+.Stored.Cross-Site.Scripting LOW" "tipsacarrier 1.5.0.5 Unauthenticated.SQLi HIGH" "tipsacarrier 1.5.0.5 Unauthenticated.Orders.Disclosure MEDIUM" "tarteaucitronjs 1.6.1 Cookies.legislation.&.GDPR.<.1.6.1.-.Admin.+.Stored.Cross-Site.Scripting LOW" "tarteaucitronjs 1.6 Cookies.legislation.&.GDPR.<.1.6.-.CSRF.to.Stored.Cross-Site.Scripting MEDIUM" "tier-pricing-table 3.5.1 Reflected.Cross-Site.Scripting MEDIUM" "tier-pricing-table 2.6.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "turn-off-comments-for-all-posts No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "terms-and-conditions-per-product 1.2.6 Reflected.Cross-Site.Scripting MEDIUM" "toast-stick-anything No.known.fix Missing.Authorization HIGH" "toast-stick-anything No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "tablesome 1.0.34 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "tablesome 1.0.26 Cross-Site.Request.Forgery MEDIUM" "tablesome 1.0.28 Reflected.Cross-Site.Scripting MEDIUM" "tablesome 1.0.15 Reflected.Cross-Site.Scripting MEDIUM" "tablesome 1.0.9 Reflected.XSS MEDIUM" "tablesome 0.6.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "under-construction-page 3.97 Multiple.CSRF MEDIUM" "under-construction-page 3.86 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "ultra-elementor-addons No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "utubevideo-gallery 2.0.8 Contributor+.Stored.XSS MEDIUM" "use-any-font 6.3.09 Cross-Site.Request.Forgery MEDIUM" "use-any-font 6.2.1 API.Key.Deactivation.via.CSRF MEDIUM" "use-any-font 6.2.1 Unauthenticated.Arbitrary.CSS.Appending HIGH" "user-avatar 1.4.12 Reflected.XSS HIGH" "uniconsent-cmp 1.4.4 Admin+.Stored.XSS LOW" "ucontext No.known.fix Stored.Cross-Site.Scripting.via.CSRF HIGH" "user-export-with-their-meta-data No.known.fix Subscriber+.CSV.Injection LOW" "user-export-with-their-meta-data 0.6.5 Admin+.SQLi MEDIUM" "update-urls 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "user-activity-log 2.0 Admin+.SQL.Injection MEDIUM" "user-activity-log 1.6.7 IP.Spoofing MEDIUM" "user-activity-log 1.6.6 Subscriber+.Log.Export MEDIUM" "user-activity-log 1.6.5 Unauthenticated.SQLi HIGH" "user-activity-log 1.6.3 Admin+.SQLi MEDIUM" "user-activity-log 1.6.3 Admin+.SQL.Injection MEDIUM" "user-activity-log 1.4.7 Reflected.Cross-Site.Scripting HIGH" "user-activity-log 1.4.7 Reflected.Cross.Site.Scripting.via.Query.String MEDIUM" "useful-banner-manager No.known.fix Modify.banners.via.CSRF MEDIUM" "url-shortify 1.7.9.1 Admin+.Stored.XSS LOW" "url-shortify 1.7.6 Unauthenticated.Stored.XSS.via.referer.header CRITICAL" "url-shortify 1.7.3 Reflected.Cross-Site.Scripting MEDIUM" "url-shortify 1.7.0 Admin+.Cross.Site.Scripting LOW" "url-shortify 1.5.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "url-shortify 1.5.1 Arbitrary.Link/Group.Deletion.via.CSRF MEDIUM" "user-meta-shortcodes No.known.fix Contributor+.Unauthorized.Arbitrary.User.Metadata.Access HIGH" "uncanny-toolkit-pro 4.1.4.1 Missing.Authorization.to.Arbitrary.Page/Post.Duplication MEDIUM" "uncanny-toolkit-pro 4.1.4.1 Reflected.Cross-Site.Scripting MEDIUM" "uncanny-toolkit-pro 4.1.4.1 Cross-Site.Request.Forgery MEDIUM" "ultimate-blocks 3.2.2 Contributor+.Stored.XSS MEDIUM" "ultimate-blocks 3.2.0 Contributor+.Stored.XSS MEDIUM" "ultimate-blocks 3.2.0 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Blocks MEDIUM" "ultimate-blocks 3.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.title.tag.attribute MEDIUM" "ultimate-blocks 3.1.9 Contributor+.Stored.XSS MEDIUM" "ultimate-blocks 3.1.1 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.metabox MEDIUM" "ultimate-blocks 3.1.7 Contributor+.Stored.XSS MEDIUM" "ultimate-blocks 3.0.1 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-blocks 2.4.13 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "user-activity No.known.fix IP.Spoofing MEDIUM" "ultimate-elementor 1.36.32 Authenticated.(Contributor+).Privilege.Escalation HIGH" "ultimate-elementor 1.30.0 Contributor+.Stored.XSS MEDIUM" "ultimate-elementor 1.24.2 Registration.Bypass HIGH" "ultimate-elementor 1.20.1 Authentication.Bypass CRITICAL" "userswp 1.2.16 Missing.Authorization MEDIUM" "userswp 1.2.12 Users.Information.Disclosure MEDIUM" "userswp 1.2.11 Unauthenticated.SQL.Injection.via.'uwp_sort_by' CRITICAL" "userswp 1.2.6 Cross-Site.Request.Forgery MEDIUM" "userswp 1.2.7 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "userswp 1.2.3.23 Profile.Picture.Deletion.via.CSRF MEDIUM" "userswp 1.2.3.1 Subscriber+.User.Avatar.Override MEDIUM" "userswp 1.2.2.29 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-responsive-image-slider 3.5.12 Ultimate.Responsive.Image.Slider.<.3.5.12.-.Subscriber+.Arbitrary.Post.Access MEDIUM" "uncanny-learndash-groups 6.1.1 Missing.Authorization.to.Authenticated.(Group.Leader+).User.Group.Add LOW" "uncanny-learndash-groups 6.1.1 Authenticated.(Group.Leader+).Privilege.Escalation HIGH" "ultimate-maps-by-supsystic 1.2.17 Cross-Site.Request.Forgery MEDIUM" "ultimate-maps-by-supsystic 1.2.16 .Admin+.Stored.XSS LOW" "ultimate-maps-by-supsystic 1.2.5 Reflected.Cross-Site.scripting.(XSS) HIGH" "ultimate-maps-by-supsystic 1.1.17 Authenticated.SQL.Injections CRITICAL" "utilitify 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "utilitify 1.0.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "unlimited-theme-addons 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-tables No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "user-ip-and-location 2.2.1 Contributor+.Stored.XSS MEDIUM" "ultimate-addons-for-contact-form-7 3.2.1 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-addons-for-contact-form-7 3.2.11 Missing.Authorization MEDIUM" "ultimate-addons-for-contact-form-7 3.2.1 Reflected.XSS HIGH" "ultimate-addons-for-contact-form-7 3.1.29 Reflected.XSS HIGH" "ultimate-addons-for-contact-form-7 3.1.29 Admin+.Stored.XSS LOW" "ultimate-addons-for-contact-form-7 3.1.24 Subscriber+.SQL.Injection HIGH" "ultimate-addons-for-contact-form-7 3.1.24 Subscriber+.SQLi HIGH" "ultimate-addons-for-contact-form-7 3.1.24 Unauthenticated.SQLi HIGH" "ultimate-under-construction 1.9.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "userfeedback-lite 1.0.16 Unauthenticated.Stored.Cross-Site.Scripting.via.Name.Parameter HIGH" "userfeedback-lite 1.0.14 Unauthenticated.Stored.XSS MEDIUM" "userfeedback-lite 1.0.10 Unauthenticated.Stored.XSS HIGH" "userfeedback-lite 1.0.8 Unauthenticated.Stored.XSS HIGH" "ultimate-410 1.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-noindex-nofollow-tool No.known.fix Settings.Update.via.CSRF MEDIUM" "uleak-security-dashboard No.known.fix Subscriber+.Stored.Cross-Site.Scripting HIGH" "ultimate-member 2.8.7 Cross-Site.Request.Forgery.to.Membership.Status.Change MEDIUM" "ultimate-member 2.8.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-member 2.8.4 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "ultimate-member 2.8.3 2.8.2.-.Unauthenticated.SQL.Injection MEDIUM" "ultimate-member 2.6.7 Unauthenticated.Privilege.Escalation CRITICAL" "ultimate-member 2.6.1 Form.Duplication.via.CSRF MEDIUM" "ultimate-member 2.5.1 Subscriber+.RCE HIGH" "ultimate-member 2.5.1 Admin+.LFI.via.Traversal LOW" "ultimate-member 2.5.1 Contributor+.LFI.via.Traversal MEDIUM" "ultimate-member 2.5.1 Admin+.RCE MEDIUM" "ultimate-member 2.4.0 Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "ultimate-member 2.3.2 Open.Redirect MEDIUM" "ultimate-member 2.1.20 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-member 2.1.12 Authenticated.Privilege.Escalation.via.Profile.Update CRITICAL" "ultimate-member 2.1.12 Unauthenticated.Privilege.Escalation.via.User.Roles CRITICAL" "ultimate-member 2.1.12 Unauthenticated.Privilege.Escalation.via.User.Meta CRITICAL" "ultimate-member 2.1.7 Unauthenticated.Open.Redirect MEDIUM" "ultimate-member 2.1.3 Insecure.Direct.Object.Reference.(IDOR) MEDIUM" "ultimate-member 2.0.54 Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-member 2.0.52 CSRF.and.Stored.XSS.issues MEDIUM" "ultimate-member 2.0.46 Multiple.Vulnerabilities HIGH" "ultimate-member 2.0.40 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "ultimate-member 2.0.33 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "ultimate-member 2.0.28 Multiple.XSS MEDIUM" "ultimate-member 2.0.22 Authenticated.Cross-Site.Scripting.(XSS) HIGH" "ultimate-member 2.0.22 Unauthenticated.Arbitrary.File.Upload HIGH" "ultimate-member 2.0.18 Authenticated.Cross-Site.Scripting.(XSS) HIGH" "ultimate-member 2.0.4 Multiple.Issues HIGH" "ultimate-member 2.0.7 Multiple.Cross-Site.Request.Forgery.Issues HIGH" "ultimate-member 2.0.4 Multiple.XSS MEDIUM" "ultimate-member 1.3.76 Unauthenticated.Change.Passwords HIGH" "ultimate-member 1.3.65 Local.File.Inclusion MEDIUM" "ultimate-member 1.3.40 Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-member 1.3.29 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-member 1.3.18 Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-member 1.2.995 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-member 1.0.84 Multiple.Vulnerabilities HIGH" "userplus No.known.fix Missing.Authorization.via.Multiple.Functions MEDIUM" "userplus No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "userplus No.known.fix Editor+.Registration.Form.Update.to.Privilege.Escalation HIGH" "userplus No.known.fix Stored.XSS.via.CSRF HIGH" "usersnap 4.17 Admin+.Stored.XSS LOW" "ultimate-infinite-scroll 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-carousel-for-visual-composer No.known.fix Contributor+.Stored.XSS MEDIUM" "ultimate-wp-query-search-filter No.known.fix Contributor+.XSS MEDIUM" "ultimate-custom-scrollbar 1.2 Reflected.Cross-Site.Scripting MEDIUM" "user-shortcodes-plus No.known.fix Insecure.Direct.Object.Reference.to.Authenticated.(Contributor+).Sensitive.Information.Disclosure.via.user_meta.Shortcode MEDIUM" "updraftplus 1.23.11 Google.Drive.Storage.Update.via.CSRF MEDIUM" "updraftplus 1.23.4 CSRF MEDIUM" "updraftplus 1.22.9 Reflected.Cross-Site.Scripting MEDIUM" "updraftplus 1.22.3 Subscriber+.Backup.Download HIGH" "updraftplus 1.16.69 Reflected.Cross-Site.Scripting HIGH" "updraftplus 1.16.66 Reflected.Cross-Site.Scripting HIGH" "updraftplus 1.16.59 Admin+.Local.File.Inclusion MEDIUM" "updraftplus 1.6.59 Admin+.Stored.Cross-Site.Scripting LOW" "updraftplus 1.13.5 XSS MEDIUM" "updraftplus 1.9.64 XSS MEDIUM" "ultimate-product-catalogue 5.2.16 Cross-Site.Request.Forgery.via.reset_settings() MEDIUM" "ultimate-product-catalogue 5.2.6 Admin+.Stored.XSS LOW" "ultimate-product-catalogue 5.0.26 Subscriber+.Arbitrary.Product.Creation.&.Settings.Update MEDIUM" "ultimate-bulk-seo-noindex-nofollow No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ubermenu 3.8.4 Cross-Site.Request.Forgery.to.Settings.Reset HIGH" "ubermenu 3.8.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Shortcodes MEDIUM" "ultraaddons-elementor-lite 1.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "ultraaddons-elementor-lite 1.1.0 Reflected.Cross-Site.Scripting MEDIUM" "unlimited-elements-for-elementor 1.5.122 Reflected.Cross-Site.Scripting MEDIUM" "unlimited-elements-for-elementor 1.5.113 IP.Address.Spoofing.to.Antispam.Bypass MEDIUM" "unlimited-elements-for-elementor 1.5.113 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'email' MEDIUM" "unlimited-elements-for-elementor 1.5.113 Authenticated.(Contributor+).Time-Based.SQL.Injection HIGH" "unlimited-elements-for-elementor 1.5.113 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'username' MEDIUM" "unlimited-elements-for-elementor 1.5.110 Authenticated.(Contributor+).Blind.SQL.Injection.via.data[addonID].Parameter HIGH" "unlimited-elements-for-elementor 1.5.110 Authenticated.(Contributor+).Information.Exposure MEDIUM" "unlimited-elements-for-elementor 1.5.108 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Text.Field MEDIUM" "unlimited-elements-for-elementor 1.5.91 Contributor+.Remote.Code.Execution.via.template.import HIGH" "unlimited-elements-for-elementor 1.5.108 Contributor+.SQLi MEDIUM" "unlimited-elements-for-elementor 1.5.105 Contributor+.SQL.Injection HIGH" "unlimited-elements-for-elementor 1.5.103 Admin+.Command.Injection MEDIUM" "unlimited-elements-for-elementor 1.5.103 Reflected.Cross-Site.Scripting MEDIUM" "unlimited-elements-for-elementor 1.5.97 Contributor+.Stored.XSS MEDIUM" "unlimited-elements-for-elementor 1.5.94 Reflected.Cross-Site.Scripting HIGH" "unlimited-elements-for-elementor 1.5.75 Reflected.Cross-Site.Scripting MEDIUM" "unlimited-elements-for-elementor 1.5.67 Contributor+.Arbitrary.File.Upload HIGH" "unlimited-elements-for-elementor 1.5.49 Admin+.Stored.XSS LOW" "unlimited-elements-for-elementor 1.5.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "uji-popup No.known.fix Contributor+.Stored.XSS MEDIUM" "ultimate-reviews 3.2.9 Unauthenticated.stored.Cross-Site.Scripting.via.reviews MEDIUM" "ultimate-reviews 3.0.16 Admin+.Stored.Cross-Site.Scripting LOW" "ultimate-reviews 2.1.33 Unauthenticated.PHP.Object.Injection MEDIUM" "user-activity-log-pro No.known.fix Missing.Authorization MEDIUM" "user-activity-log-pro No.known.fix Authenticated.(Subscriber+).SQL.Injection CRITICAL" "user-activity-log-pro 2.3.4 Unauthenticated.Stored.Cross-Site.Scripting.via.User.Agent HIGH" "user-activity-log-pro 2.3.4 IP.Spoofing MEDIUM" "unlimited-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "user-meta-manager No.known.fix Reflected.XSS HIGH" "user-meta-manager No.known.fix CSRF MEDIUM" "unlimited-popups No.known.fix Author+.SQL.Injection HIGH" "user-menus 1.3.2 Reflected.Cross-Site.Scripting MEDIUM" "user-menus 1.2.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "update-theme-and-plugins-from-zip-file No.known.fix CSRF MEDIUM" "useragent-spy No.known.fix Admin+.Stored.XSS LOW" "user-verification 1.0.94 Authentication.Bypass CRITICAL" "universal-analytics 1.3.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-noindex-nofollow-tool-ii 1.3.6 Admin+.Stored.XSS LOW" "ultimate-noindex-nofollow-tool-ii 1.3.4 Settings.Update.via.CSRF MEDIUM" "unusedcss 2.2.12 Unauthenticated.Server-Side.Request.Forgery HIGH" "unusedcss 1.7.2 Multiple.Subscriber+.Unauthorised.AJAX.Calls MEDIUM" "unusedcss 1.7.2 Unauthorised.AJAX.Calls MEDIUM" "unusedcss 1.6.36 Subscriber+.SQLi HIGH" "user-submitted-posts 20240516 Admin+.Stored.XSS LOW" "user-submitted-posts 20230914 Unauthenticated.Arbitrary.File.Upload CRITICAL" "user-submitted-posts 20230902 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "user-submitted-posts 20230901 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "user-submitted-posts 20230811 Unauthenticated.Stored.XSS HIGH" "user-submitted-posts 20190501 Arbitrary.File.Upload MEDIUM" "uncode-core 2.8.9 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "uncode-core 2.8.7 Reflected.Cross-Site.Scripting MEDIUM" "uncode-core 2.8.9 Privilege.Escalation HIGH" "uninstall No.known.fix WordPress.Deletion.via.CSRF HIGH" "user-activation-email No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ultimate-bootstrap-elements-for-elementor 1.4.5 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "ultimate-bootstrap-elements-for-elementor 1.4.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "ultimate-bootstrap-elements-for-elementor 1.3.7 Contributor+.Stored.XSS MEDIUM" "upfiv-complete-all-in-one-seo-wizard No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "upfiv-complete-all-in-one-seo-wizard No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "updraft No.known.fix Reflected.XSS HIGH" "upload-file-type-settings-plugin No.known.fix Admin+.Stored.XSS LOW" "uipress-lite 3.4.07 Authenticated.(Administrator+).SQL.Injection CRITICAL" "updater 1.35 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "ultra-companion 1.2.0 Contributor+.Stored.XSS MEDIUM" "upunzipper No.known.fix Authenticated.(Admin+).Arbitrary.File.Deletion MEDIUM" "user-rights-access-manager No.known.fix Missing.Authorization MEDIUM" "user-rights-access-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "user-rights-access-manager 1.0.8 Access.Restriction.Bypass MEDIUM" "user-rights-access-manager 1.0.4 Improper.Access.Controls MEDIUM" "ultimate-faqs 2.1.2 Subscriber+.Arbitrary.FAQ.Creation MEDIUM" "ultimate-faqs 1.8.30 Unauthenticated.Reflected.XSS MEDIUM" "ultimate-faqs 1.8.25 Unauthenticated.Options.Import/Export HIGH" "ultimate-faqs 1.8.22 Cross-Site.Scripting.(XSS) MEDIUM" "uncanny-learndash-toolkit 3.6.4.2 Cross-Site.Request.Forgery.(CSRF) HIGH" "uploading-svgwebp-and-ico-files No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "uploading-svgwebp-and-ico-files No.known.fix Admin+.Arbitrary.File.Upload MEDIUM" "uploading-svgwebp-and-ico-files No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "usc-e-shop 2.11.2 Authenticated.(Admin+).SQL.Injection MEDIUM" "usc-e-shop 2.10.0 Missing.Authorization MEDIUM" "usc-e-shop 2.9.4 Authenticated(Editor+).SQL.Injection HIGH" "usc-e-shop 2.9.7 Authenticated.(Administrator+).Directory.Traversal MEDIUM" "usc-e-shop 2.9.6 Admin+.PHP.Object.Injection HIGH" "usc-e-shop 2.9.5 Cross-Site.Request.Forgery HIGH" "usc-e-shop 2.9.5 Subscriber+.Arbitrary.File.Upload HIGH" "usc-e-shop 2.9.5 Reflected.XSS HIGH" "usc-e-shop 2.9.5 Unauthenticated.PHP.Object.Injection HIGH" "usc-e-shop 2.8.22 Author+.Path.Traversal MEDIUM" "usc-e-shop 2.8.22 Editor+.SQL.Injection MEDIUM" "usc-e-shop 2.8.22 Multiple.XSS MEDIUM" "usc-e-shop 2.8.22 Editor+.Arbitrary.File.Upload LOW" "usc-e-shop 2.8.22 Author+.SQL.Injection MEDIUM" "usc-e-shop 2.8.11 Reflected.XSS HIGH" "usc-e-shop 2.8.9 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "usc-e-shop 2.8.5 Unauthenticated.Arbitrary.File.Access HIGH" "usc-e-shop 2.8.6 Subscriber+.PHAR.Deserialisation HIGH" "usc-e-shop 2.8.5 Subscriber+.Arbitrary.File.Access HIGH" "usc-e-shop 2.8.4 Multiple.Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "usc-e-shop 2.8.4 Subscriber+.Arbitrary.Shipping.Method.Creation/Update/Deletion MEDIUM" "usc-e-shop 2.7.8 Unauthenticated.Arbitrary.File.Access HIGH" "usc-e-shop 2.2.8 Authenticated.System.Information.Disclosure MEDIUM" "usc-e-shop 2.2.8 Unauthenticated.Information.Disclosure HIGH" "usc-e-shop 2.2.4 Cross-Site.Scripting.(XSS) MEDIUM" "usc-e-shop 2.1.1 Authenticated.SQL.Injection MEDIUM" "usc-e-shop 1.9.36 Authenticated.PHP.Object.Injection HIGH" "usc-e-shop 1.8.3 PHP.Object.Injection MEDIUM" "usc-e-shop 1.8.3 Session.Management MEDIUM" "usc-e-shop 1.8.3 Cross-Site.Scripting.(XSS) MEDIUM" "usc-e-shop 1.5.3 SQL.Injection MEDIUM" "usc-e-shop 1.4.18 Multiple.Vulnerabilities LOW" "usc-e-shop 1.5 purchase_limit.Parameter.DOM-based.XSS MEDIUM" "usc-e-shop 1.5 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "usc-e-shop 1.5 SQL.Injection CRITICAL" "upcasted-s3-offload 3.0.3 Reflected.Cross-Site.Scripting MEDIUM" "upcasted-s3-offload 3.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ultimate-weather-plugin No.known.fix Unauthenticated.Reflected.XSS MEDIUM" "ultimate-gutenberg No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ultimate-gutenberg No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "user-domain-whitelist 1.5 .user-domain-whitelist.php.Domain.Whitelisting.Manipulation.CSRF HIGH" "under-construction-maintenance-mode 1.1.2 Server.Side.Request.Forgery.(SSRF) MEDIUM" "under-construction-maintenance-mode 1.1.2 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-carousel-for-divi 4.5.1 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-carousel-for-divi 4.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "user-private-files 2.1.1 Insecure.Direct.Object.Reference.to.Authenticated.(Subscriber+).Private.File.Access MEDIUM" "user-private-files 2.0.5 Subscriber+.Sensitive.Data.and.Files.Exposure.via.IDOR MEDIUM" "user-private-files 2.0.4 Admin+.Stored.XSS MEDIUM" "user-private-files 1.1.3 Subscriber+.Arbitrary.File.Upload CRITICAL" "up-down-image-slideshow-gallery 12.1 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "ultimate-auction 4.2.8 Missing.Authorization.to.Unauthenticated.Email.Creation MEDIUM" "ultimate-auction 4.2.6 Cross-Site.Request.Forgery MEDIUM" "ultimate-taxonomy-manager No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "ultimate-taxonomy-manager No.known.fix Reflected.XSS HIGH" "use-memcached No.known.fix Settings.Update.via.CSRF MEDIUM" "upload-media-by-url 1.0.8 Stored.XSS.via.CSRF MEDIUM" "ubigeo-peru 3.6.4 Unauthenticated.SQLi HIGH" "user-meta 3.1 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "user-meta 2.4.4 Subscriber+.Local.File.Enumeration.via.Path.Traversal LOW" "user-meta 2.4.3 Admin+.Stored.Cross-Site.Scripting LOW" "udraw 3.3.3 Unauthenticated.Arbitrary.File.Access HIGH" "ultimate-downloadable-products-for-woocommerce 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "ungallery No.known.fix Stored.XSS.via.CSRF HIGH" "userpro 5.1.9 Unauthenticated.Account.Takeover.to.Privilege.Escalation CRITICAL" "userpro 5.1.7 Disabled.Membership.Registration.Bypass MEDIUM" "userpro 5.1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "userpro 5.1.5 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "userpro 5.1.2 Sensitive.Information.Disclosure.via.Shortcode MEDIUM" "userpro 5.1.1 Cross-Site.Request.Forgery.to.PHP.Object.Injection HIGH" "userpro 5.1.2 Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "userpro 5.1.1 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting.via.userpro_save_userdata MEDIUM" "userpro 5.1.2 Insecure.Password.Reset.Mechanism CRITICAL" "userpro 5.1.2 Cross-Site.Request.Forgery.to.Sensitive.Information.Exposure MEDIUM" "userpro 5.1.2 Cross-Site.Request.Forgery.via.multiple.functions MEDIUM" "userpro 5.1.2 Missing.Authorization.via.multiple.functions HIGH" "userpro 5.1.5 Missing.Authorization.to.Arbitrary.Shortcode.Execution.via.userpro_shortcode_template MEDIUM" "userpro 5.1.2 Authentication.Bypass.to.Administrator CRITICAL" "userpro 4.9.35.1 Unauthenticated.Reflected.XSS MEDIUM" "userpro 4.9.28 User.Registration.With.Administrator.Role MEDIUM" "userpro 4.9.24 Unauthenticated.Cross-Site.Scripting.(XSS) CRITICAL" "user-login-history 1.6 Cross-Site.Scripting.(XSS) MEDIUM" "user-registration 3.2.1 Missing.Authorization.to.Privilege.Escalation HIGH" "user-registration 3.2.0 Missing.Authorization.to.Authenticated.(Subscriber+).Privilege.Escalation HIGH" "user-registration 3.2.0 Missing.Authorization.to.Unauthenticated.Media.Deletion MEDIUM" "user-registration 3.1.5 Unauthenticated.Stored.Self-Based.Cross-Site.Scripting MEDIUM" "user-registration 3.0.4.2 Admin+.Stored.XSS LOW" "user-registration 3.0.2.1 Subscriber+.Arbitrary.File.Upload.Leading.to.RCE CRITICAL" "user-registration 3.0.2.1 Subscriber+.Arbitrary.File.Upload CRITICAL" "user-registration 3.0.2 Subscriber+.PHP.Object.Injection HIGH" "user-registration 2.3.3 Subscriber+.PHP.Object.Injection HIGH" "user-registration 2.3.1 Admin+.Stored.XSS LOW" "user-registration 2.2.4.1 Subscriber+.Arbitrary.File.Upload CRITICAL" "user-registration 2.0.2 Low.Privilege.Stored.Cross-Site.Scripting MEDIUM" "ultimate-addons-for-beaver-builder-lite 1.5.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-addons-for-beaver-builder-lite 1.5.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Advanced.Icons.Widget MEDIUM" "ultimate-addons-for-beaver-builder-lite 1.5.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Separator.Widget MEDIUM" "ultimate-addons-for-beaver-builder-lite 1.5.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Info.Table.Widget MEDIUM" "ultimate-addons-for-beaver-builder-lite 1.5.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Heading.Widget MEDIUM" "ultimate-addons-for-beaver-builder-lite 1.5.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Widget MEDIUM" "universal-star-rating No.known.fix CSRF MEDIUM" "ultimate-appointment-scheduling 1.1.10 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "ukuupeople-the-simple-crm No.known.fix Unauthorised.Favourite.Addition/Deletion MEDIUM" "update-alt-attribute No.known.fix Reflected.XSS HIGH" "update-alt-attribute No.known.fix Cross-Site.Request.Forgery MEDIUM" "ultimate-form-builder-lite 1.5.1 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "ultimate-form-builder-lite 1.3.8 Multiple.Vulnerabilities CRITICAL" "ultimate-post 4.1.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-post 4.1.3 Missing.Authorization.to.Arbitrary.Options.Update HIGH" "ultimate-post 4.1.0 Contributor+.Stored.XSS MEDIUM" "ultimate-post 4.1.0 Authenticated.(Contributor+).Stored.Cross=Site.Scripting MEDIUM" "ultimate-post 4.0.2 Contributor+.Stored.XSS MEDIUM" "ultimate-post 4.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-post 3.2.4 Incorrect.Authorization MEDIUM" "ultimate-post 3.0.6 Gutenberg.Post.Grid.Blocks.<.3.0.6.-.Reflected.Cross-Site.Scripting HIGH" "ultimate-post 2.9.10 Gutenberg.Blocks.for.Post.Grid.<.2.9.10.-.Reflected.Cross-Site.Scripting HIGH" "ultimate-post 2.4.10 Private.Content.Disclosure MEDIUM" "ultimate-post 2.4.10 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "ultimate-post 2.4.10 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "ultimate-post 2.4.10 Missing.Access.Controls MEDIUM" "user-location-and-ip No.known.fix Contributor+.Stored.XSS MEDIUM" "user-profile 2.0.21 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "uncanny-automator-pro 5.3.0.1 Reflected.Cross-Site.Scripting MEDIUM" "uncanny-automator-pro 5.3.0.1 Missing.Authorization.to.Unauthenticated.License.Setting.Reset MEDIUM" "uncanny-automator-pro 5.3.0.1 Cross-Site.Request.Forgery.to.License.Setting.Reset MEDIUM" "ultimate-category-excluder 1.2 Cross-Site.Request.Forgery MEDIUM" "unite-gallery-lite No.known.fix Authenticated.(Contributor+).SQL.Injection CRITICAL" "unite-gallery-lite 1.7.62 Admin+.Stored.XSS LOW" "unite-gallery-lite 1.7.60 Admin+.Local.File.Inclusion MEDIUM" "unite-gallery-lite 1.5 CSRF.&.Authenticated.SQL.Injection HIGH" "userback 1.0.14 Arbitrary.Settings.Update.via.CSRF MEDIUM" "user-spam-remover 1.1 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "ultimate-widgets-light No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ultimate-widgets-light No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ultimate-widgets-light No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "uji-countdown 2.3.1 Admin+.Stored.XSS LOW" "uji-countdown 2.0.7 Cross-Site.Scripting.(XSS) MEDIUM" "users-ultra No.known.fix Unauthenticated.SQL.Injection HIGH" "users-ultra 1.5.63 Authenticated.Stored.Cross-Site.Scripting.(XSS).&.CSRF HIGH" "users-ultra 1.5.64 Authenticated.Blind.SQL.Injection HIGH" "users-ultra 1.5.59 Unrestricted.File.Upload HIGH" "ultimate-classified-listings 1.4 Reflected.XSS HIGH" "ultimate-classified-listings 1.3 Reflected.XSS HIGH" "ultimate-classified-listings 1.3 Unauthenticated.LFI HIGH" "universal-email-preference-center No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ultimate-dashboard 3.7.12 Admin+.Stored.XSS LOW" "ultimate-dashboard 3.7.11 Login.Page.Disclosure.on.Multi-site MEDIUM" "ultimate-dashboard 3.7.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.plugin.settings MEDIUM" "ultimate-dashboard 3.7.6 Admin+.Stored.XSS LOW" "ultimatewoo No.known.fix PHP.Object.Injection MEDIUM" "ultimate-social-media-icons 2.9.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-social-media-icons 2.8.9 Admin+.Stored.XSS.via.settings LOW" "ultimate-social-media-icons 2.8.6 Arbitrary.Settings.Update.via.CSRF MEDIUM" "ultimate-social-media-icons 2.8.6 Subscriber+.Sensitive.Information.Exposure MEDIUM" "ultimate-social-media-icons 2.8.4 Reflected.XSS HIGH" "ultimate-social-media-icons 2.8.2 Plugin.Installation.via.CSRF MEDIUM" "ultimate-social-media-icons 2.8.2 Subscriber+.Plugin.Installation MEDIUM" "ultimate-social-media-icons 2.8.2 Admin+.Stored.XSS LOW" "ultimate-carousel-for-elementor No.known.fix Contributor+.Stored.XSS MEDIUM" "user-access-manager 2.2.18 IP.Spoofing LOW" "user-access-manager 2.0.9 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "ultimeter 2.8.3 Reflected.Cross-Site.Scripting MEDIUM" "ultimeter 2.7.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ultimeter 1.9.3 Subscriber+.Arbitrary.Option.Update CRITICAL" "utm-tracker No.known.fix Admin+.Stored.XSS LOW" "ultimate-addons-for-gutenberg 2.15.1 Authenticated.(Contributor+).Stored.Cross-site.Scripting MEDIUM" "ultimate-addons-for-gutenberg 2.13.8 Missing.Authorization.via.generate_ai_content MEDIUM" "ultimate-addons-for-gutenberg 2.13.1 Author+.Stored.XSS MEDIUM" "ultimate-addons-for-gutenberg 2.12.9 Contributor+.Stored.XSS.via.Testimonial.Block MEDIUM" "ultimate-addons-for-gutenberg 2.12.9 Contributor+.Stored.XSS.via.Image.Gallery.Block MEDIUM" "ultimate-addons-for-gutenberg 2.12.7 Contributor+.Path.Traversal MEDIUM" "ultimate-addons-for-gutenberg 2.10.4 Authenticated(Contributor+).Cross-Site.Scripting.via.Custom.CSS MEDIUM" "ultimate-addons-for-gutenberg 2.7.10 Contributor+.Stored.XSS MEDIUM" "ultimate-addons-for-gutenberg 1.15.0 Contributor+.Stored.Cross-Side.Scripting MEDIUM" "ultimate-addons-for-gutenberg 1.25.6 Reflected.Cross-Site.Scripting MEDIUM" "uni-woo-custom-product-options 4.9.27 Reflected.Cross-Site.Scripting MEDIUM" "uni-woo-custom-product-options 4.9.14 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ucontext-for-amazon No.known.fix Stored.Cross-Site.Scripting.via.CSRF HIGH" "upload-fields-for-wpforms No.known.fix Missing.Authorization MEDIUM" "userlike 2.3 Admin+.Stored.Cross-Site.Scripting LOW" "url-params 2.5 Contributor+.Stored.XSS MEDIUM" "uk-cookie-consent 3.2.1 Missing.Authorization.via.handle_consent_toggle() MEDIUM" "uk-cookie-consent 2.3.10 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-posts-widget 2.3.1 Admin+.Stored.XSS LOW" "ultimate-posts-widget 2.2.5 Plugin.Installation.via.CSRF MEDIUM" "ultimate-posts-widget 2.2.5 Subscriber+.Plugin.Installation MEDIUM" "urvanov-syntax-highlighter 2.8.34 Highlighting.Blocks.Mgt.via.CSRF MEDIUM" "ua-marketplace No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ua-marketplace 1.4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "user-role 1.6.7 Privilege.Escalation.via.CSRF HIGH" "user-role 1.5.6 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-sms-notifications 1.9.9.6 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-sms-notifications 1.8.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ultimate-sms-notifications 1.4.2 CSV.Injection MEDIUM" "ultimate-social-media-plus 3.6.3 Missing.Authorization.to.Notice.Dismissal MEDIUM" "ultimate-social-media-plus 3.5.8 Plugin.Installation.via.CSRF MEDIUM" "ultimate-social-media-plus 3.5.8 Subscriber+.Plugin.Installation MEDIUM" "ultimate-social-media-plus 3.2.8 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-social-media-plus 3.0.4 Subscriber+.Arbitrary.Option.Update CRITICAL" "user-avatar-reloaded 1.2.2 Reloaded.<.1.2.2.-.Contributor+.Stored.XSS MEDIUM" "use-your-drive 1.18.3 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-instagram-feed No.known.fix Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "underconstruction 1.22 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "underconstruction 1.21 Admin+.Stored.Cross-Site.Scripting LOW" "underconstruction 1.20 Construction.Mode.Deactivation.via.CSRF MEDIUM" "underconstruction 1.19 Reflected.Cross-Site.Scripting HIGH" "ultimate-store-kit 2.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-store-kit 2.0.4 Unauthenticated.PHP.Object.Injection CRITICAL" "ultimate-store-kit 2.0.0 Unauthenticated.PHP.Object.Injection CRITICAL" "ultimate-store-kit 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-store-kit 2.0.4 Unauthenticated.PHP.Object.Injection MEDIUM" "ultimate-store-kit 1.6.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "user-activity-tracking-and-log 4.1.4 IP.Spoofing MEDIUM" "user-activity-tracking-and-log 4.0.9 License.Update/Deactivation.via.CSRF MEDIUM" "ut-shortcodes 5.0.5 Reflected.Cross-Site.Scripting MEDIUM" "unlimited-addons-for-wpbakery-page-builder No.known.fix Authenticated.(Editor+).Arbitrary.File.Upload HIGH" "ultimate-author-box-lite 1.1.3 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "unyson 2.7.31 Cross-Site.Request.Forgery MEDIUM" "unyson No.known.fix Missing.Authorization MEDIUM" "unyson 2.7.27 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-post-kit 3.11.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Social.Count.(Static).Widget MEDIUM" "ultimate-post-kit 3.6.4 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-post-kit 2.9.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "uncanny-automator 5.1.0.3 Sensitive.Information.Exposure.via.Log.File MEDIUM" "ultimate-facebook-comments No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "user-magic No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "users-control No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "upqode-google-maps No.known.fix Contributor+.Stored.XSS MEDIUM" "ulisting 2.1.6 Unauthenticated.Information.Exposure MEDIUM" "ulisting 2.0.9 Arbitrary.Blog.Option.Update.via.CSRF HIGH" "ulisting 2.0.6 Settings.Update.via.CSRF MEDIUM" "ulisting 2.0.6 Reflected.Cross-Site.Scripting MEDIUM" "ulisting 2.0.6 Modify.User.Roles.via.CSRF MEDIUM" "ulisting 2.0.6 Unauthenticated.Privilege.Escalation MEDIUM" "ulisting 2.0.6 Authenticated.IDOR MEDIUM" "ulisting 2.0.6 Multiple.CSRF MEDIUM" "ulisting 2.0.4 Unauthenticated.SQL.Injection HIGH" "ulisting 1.7 Unauthenticated.SQL.Injections CRITICAL" "ulisting 1.7 Unauthenticated.Arbitrary.Account.Creation CRITICAL" "ulisting 1.7 Unauthenticated.WordPress.Options.Change CRITICAL" "ulisting 1.7 Unauthenticated.Arbitrary.Roles.and.Capabilities.Creation/Deletion MEDIUM" "ulisting 1.7 Unauthenticated.Arbitrary.Post/Page.Deletion HIGH" "ulisting 1.7 Missing.Access.Controls CRITICAL" "ulisting 1.7 Unauthenticated.Arbitrary.Account.Change HIGH" "ulisting 1.7 Unauthenticated.Information.Disclosure HIGH" "uploadcare 3.1.0 Cross-Site.Request.Forgery MEDIUM" "userheat 1.1.11 Settings.Update.via.CSRF MEDIUM" "ux-flat 4.5 Contributor+.Stored.XSS MEDIUM" "users-customers-import-export-for-wp-woocommerce 2.5.4 Authenticated.(Admin+).PHP.Object.Injection HIGH" "users-customers-import-export-for-wp-woocommerce 2.5.3 Authenticated.(Shop.Manager+).Path.Traversal LOW" "users-customers-import-export-for-wp-woocommerce 2.4.9 Shop.Manager+.Arbitrary.File.Upload HIGH" "users-customers-import-export-for-wp-woocommerce 2.4.2 Shop.Manager+.Privilege.Escalation HIGH" "users-customers-import-export-for-wp-woocommerce 1.3.9 Authenticated.Arbitrary.User.Creation HIGH" "users-customers-import-export-for-wp-woocommerce 1.3.2 CSV.Injection HIGH" "ultimate-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-addons-for-elementor 1.9 Missing.Authorization MEDIUM" "username-updater 1.0.5 Arbitrary.Username.Update.via.CSRF MEDIUM" "visual-sound No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "visual-sound No.known.fix Settings.Update.via.CSRF MEDIUM" "visitors-traffic-real-time-statistics 7.3 Missing.Authorization.via.multiple.AJAX.actions MEDIUM" "visitors-traffic-real-time-statistics 3.9 Subscriber+.SQL.Injection HIGH" "visitors-traffic-real-time-statistics 2.12 Arbitrary.Plugin.Installation/Activation.via.Low.Privilege.User CRITICAL" "visitors-traffic-real-time-statistics 2.13 Arbitrary.Plugin.Installation/Activation.via.CSRF CRITICAL" "visitors-traffic-real-time-statistics 1.13 CSRF.to.Stored.XSS/SQLi HIGH" "video-contest No.known.fix Admin+.Stored.XSS LOW" "video-contest No.known.fix Cross-Site.Request.Forgery MEDIUM" "vk-all-in-one-expansion-unit 9.99.2.0 Contributor+.Stored.XSS MEDIUM" "vk-all-in-one-expansion-unit 9.96.0.0 Unauthenticated.Password.Protected.Content.Access MEDIUM" "vk-all-in-one-expansion-unit 9.97.0.0 Contributor+.Stored.XSS MEDIUM" "vk-all-in-one-expansion-unit 9.88.2 Multiple.Stored.XSS MEDIUM" "vk-all-in-one-expansion-unit 9.87.1.0 Reflected.XSS MEDIUM" "vk-all-in-one-expansion-unit 9.86.0.0 Contributor+.Stored.XSS MEDIUM" "vikbooking 1.6.8 Insecure.Direct.Object.References LOW" "vikbooking 1.6.8 Broken.Access.Control MEDIUM" "vikbooking 1.6.8 Reflected.Cross-Site.Scripting MEDIUM" "vikbooking 1.6.0 Multiple.CSRF MEDIUM" "vikbooking 1.5.12 Admin+.Stored.XSS LOW" "vikbooking 1.5.9 Reflected.Cross-Site.Scripting MEDIUM" "vikbooking 1.5.8 Admin+.Stored.Cross-Site.Scripting LOW" "vikbooking 1.5.7 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "vikbooking 1.5.8 Admin+.PHP.File.Upload MEDIUM" "vikbooking 1.5.4 Booking.Data.Disclosure MEDIUM" "vikbooking 1.5.4 Unauthenticated.Arbitrary.File.Upload CRITICAL" "vrview No.known.fix Outdated.VRView.Library.Used,.Leading.to.Reflected.XSS HIGH" "void-elementor-whmcs-elements 2.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "vimeography 2.4.2 Cross-Site.Request.Forgery MEDIUM" "vimeography 2.3.3 Contributor+.PHP.Object.Injection HIGH" "vk-blocks 1.64.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Block MEDIUM" "vk-blocks 1.57.1.0 Contributor+.Settings.Update.via.REST.API MEDIUM" "vk-blocks 1.58.0.0 Contributor+.Settings.Update.via.REST.API MEDIUM" "vk-blocks 1.54.0 Multiple.Stored.XSS MEDIUM" "vikrentcar 1.4.1 Unauthenticated.SQL.Injection CRITICAL" "vikrentcar 1.3.2 Cross.Site.Request.Forgery MEDIUM" "vikrentcar 1.3.3 Information.Exposure MEDIUM" "vikrentcar 1.3.1 Admin+.Stored.XSS MEDIUM" "vikrentcar 1.1.10 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "vikrentcar 1.1.7 CSRF.to.Stored.XSS HIGH" "vidseo 1.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "vdz-call-back 1.1.4.6 Authenticated.Stored.XSS MEDIUM" "video-synchro-pdf No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "video-synchro-pdf No.known.fix Unauthenticated.LFI MEDIUM" "vospari-forms 1.4 Cross-Site.Scripting.(XSS) MEDIUM" "video-embed-thumbnail-generator 4.8.11 Reflected.Cross-Site.Scripting MEDIUM" "video-embed-thumbnail-generator 4.7.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "vc-tabs No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "vc-tabs 3.7.2 Admin+.Stored.Cross-Site.Scripting LOW" "vc-tabs 3.6.0 Unauthenticated.Arbitrary.Option.Update CRITICAL" "vc-tabs 3.7.0 Authenticated.Arbitrary.Options.Update MEDIUM" "visual-portfolio 3.3.3 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.title_tag.Parameter MEDIUM" "visual-portfolio 2.18.0 Unauthenticated.CSS.Injection MEDIUM" "visual-portfolio 2.19.0 Contributor+.CSS.Injection MEDIUM" "vision-pro 1.5.2 Reflected.Cross-Site.Scripting HIGH" "videowhisper-live-streaming-integration 4.27.4 Cross-Site.Scripting.(XSS) MEDIUM" "videowhisper-live-streaming-integration 4.29.5 Multiple.Vulnerabilities CRITICAL" "videowhisper-live-streaming-integration 4.29.10 videowhisper_streaming.php.Multiple.Parameter.XSS HIGH" "videowhisper-live-streaming-integration 4.67.17 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "variable-inspector 2.4.0 Reflected.Cross-Site.Scripting MEDIUM" "video-embed-box No.known.fix Authenticated.(subscriber+).SQL.Injection CRITICAL" "video-widget No.known.fix Admin+.Stored.XSS.via.Widget LOW" "vrm360 No.known.fix Contributor+.Arbitrary.File.Upload.Leading.to.RCE HIGH" "vrm360 No.known.fix Full.Path.Disclosure MEDIUM" "video-playlist-for-youtube 6.2 CSRF MEDIUM" "video-comments-webcam-recorder 1.92 Unauthenticated.Reflected.XSS MEDIUM" "viral-signup No.known.fix Unauthenticated.SQLi HIGH" "viral-signup No.known.fix Admin+.Stored.XSS LOW" "video-grid 1.22 Reflected.XSS HIGH" "vigilantor 1.3.11 Admin+.Stored.XSS LOW" "verge3d 4.5.3 Subscriber+.Arbitrary.File.Upload HIGH" "vdocipher No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "vit-website-reviews No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "vod-infomaniak 1.5.7 Reflected.Cross-Site.Scripting HIGH" "venture-event-manager 3.2.5 Reflected.Cross-Site.Scripting.(XSS) HIGH" "vertical-scroll-recent-post No.known.fix Cross-Site.Request.Forgery.via.vsrp_admin_options MEDIUM" "vertical-scroll-recent-post No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "vertical-scroll-recent-post 14.0 Reflected.Cross-Site.Scripting MEDIUM" "video-conferencing-with-zoom-api 4.4.5 Open.Redirect MEDIUM" "video-conferencing-with-zoom-api 4.4.6 Sensitive.Information.Exposure MEDIUM" "video-conferencing-with-zoom-api 4.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "video-conferencing-with-zoom-api 4.3.0 Sensitive.Data.Disclosure LOW" "video-conferencing-with-zoom-api 4.0.10 Contributor+.Stored.XSS MEDIUM" "video-conferencing-with-zoom-api 3.9.3 Reflected.Cross-Site.Scripting MEDIUM" "video-conferencing-with-zoom-api 3.8.17 E-mail.Address.Disclosure MEDIUM" "video-conferencing-with-zoom-api 3.8.16 Reflected.Cross-Site.Scripting HIGH" "video-analytics-for-cloudflare-stream 1.2 Reflected.Cross-Site.Scripting MEDIUM" "vr-calendar-sync No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "vr-calendar-sync 2.3.4 Calendar.Deletion/Update.&.Settings.Update.via.CSRF MEDIUM" "vr-calendar-sync 2.3.1 Reflected.Cross-Site.Scripting MEDIUM" "vr-calendar-sync No.known.fix Admin+.LFI MEDIUM" "vr-calendar-sync 2.3.2 Unauthenticated.Arbitrary.Function.Call HIGH" "visual-sound-widget-for-soundcloud-and-artistplugme-visualdreams No.known.fix Settings.Update.via.CSRF MEDIUM" "very-simple-breadcrumb No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "variation-swatches-and-gallery 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "visual-form-builder 3.0.8 Entries.Deletion/Restoration.via.CSRF MEDIUM" "visual-form-builder 3.0.7 Admin+.Stored.Cross-Site.Scripting LOW" "visual-form-builder 3.0.6 Unauthenticated.Information.Disclosure MEDIUM" "visual-form-builder 3.0.6 CSV.Injection LOW" "visual-form-builder 3.0.4 Admin+.Stored.Cross-Site.Scripting LOW" "vk-filter-search 2.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "vc-addons-by-bit14 No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "vc-addons-by-bit14 1.4.6 Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Settings.Modification MEDIUM" "v-form 2.1.6 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "variation-swatches-for-woocommerce 2.1.2 Subscriber+.Stored.Cross-Site.Scripting HIGH" "variable-product-swatches No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "variable-product-swatches 1.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "vision 1.7.2 Missing.Authorization MEDIUM" "vision 1.5.4 Contributor+.Stored.XSS MEDIUM" "vision 1.5.2 Reflected.Cross-Site.Scripting HIGH" "visibility-logic-elementor 2.3.5 Cross-Site.Request.Forgery MEDIUM" "vk-poster-group No.known.fix Reflected.Cross-Site.Scripting.via.vkp_repost MEDIUM" "video-slider-with-thumbnails 1.0.11 Reflected.XSS HIGH" "viet-nam-affiliate No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "vk-block-patterns 1.31.1.1 Missing.Authorization MEDIUM" "vk-block-patterns 1.31.2.0 Cross-Site.Request.Forgery MEDIUM" "video-posts-webcam-recorder 3.2.4 Authenticated.Reflected.XSS MEDIUM" "video-posts-webcam-recorder 1.55.5 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "vm-backups No.known.fix CSRF.to.Database.Backup.Download MEDIUM" "vm-backups No.known.fix CSRF.to.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "void-elementor-post-grid-addon-for-elementor-page-builder 2.4 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "vikinghammer-tweet No.known.fix Stored.XSS.via.CSRF HIGH" "vertical-news-scroller 1.17 Authenticated.Reflected.Cross-Site.Scripting.(XSS) CRITICAL" "virim No.known.fix Unauthenticated.Object.Injection CRITICAL" "vendor 1.1.1 Unauthenticated.Information.Disclosure MEDIUM" "vmax-project-manager No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "very-simple-contact-form 14.8 CAPTCHA.Bypass MEDIUM" "very-simple-contact-form 14.0 Missing.Authorization MEDIUM" "very-simple-contact-form 11.6 Captcha.bypass MEDIUM" "vdz-google-analytics 1.4.9 Authenticated.Stored.XSS LOW" "vdz-google-analytics 1.6.0 Authenticated.Stored.XSS LOW" "voting-record No.known.fix Subscriber+.Stored.XSS HIGH" "voting-record No.known.fix Settings.Update.to.Stored.XSS.via.CSRF HIGH" "videojs-html5-video-player-for-wordpress No.known.fix HTML5.Video.Player.for.WordPress.<=.4.5.0.-.Contributor+.Stored.XSS.via.Shortcode MEDIUM" "very-simple-google-maps 2.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "very-simple-google-maps 2.9 Contributor+.Stored.XSS MEDIUM" "video-list-manager No.known.fix Admin+.SQL.Injection MEDIUM" "vslider No.known.fix Cross-Site.Request.Forgery MEDIUM" "vslider No.known.fix Contributor+.Stored.XSS MEDIUM" "video-playlist-and-gallery-plugin 1.160 Settings.Update.via.CSRF MEDIUM" "very-simple-quiz No.known.fix Multiple.Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "video-sidebar-widgets No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "verse-o-matic No.known.fix CSRF.to.Stored.XSS HIGH" "visualcomposer 45.9.0 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "visualcomposer 45.7.0 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "visualcomposer 45.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "visualcomposer 45.0.1 Authenticated.Stored.XSS.via.Title MEDIUM" "visualcomposer 45.0.1 Authenticated.Stored.XSS.via.Text.Block MEDIUM" "visualcomposer 27.0 Multiple.Authenticated.Cross-Site.Scripting.Issues HIGH" "visual-link-preview 2.2.3 Unauthorised.AJAX.Calls MEDIUM" "visitor-analytics-io 1.3.0 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "viet-affiliate-link No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "video-popup 1.1.4 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "videowhisper-video-conference-integration No.known.fix Remote.File.Upload CRITICAL" "video-reviews 1.3.5 Reflected.Cross-Site.Scripting MEDIUM" "video-reviews 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "vimeo-video-autoplay-automute No.known.fix Contributor+.Stored.XSS MEDIUM" "videojs-html5-player 1.1.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.videojs_video.Shortcode MEDIUM" "videojs-html5-player 1.1.9 Contributor+.Stored.XSS MEDIUM" "video-background 2.7.5 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "visitors-online 1.0.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "visitors-online 0.4 SQL.Injection CRITICAL" "visitor-info No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "visitor-info No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "views-for-wpforms-lite 3.2.3 Missing.Authorization.via.get_form_fields MEDIUM" "views-for-wpforms-lite 3.2.3 Missing.Authorization.via.save_view MEDIUM" "views-for-wpforms-lite 3.2.3 Cross-Site.Request.Forgery.via.save_view MEDIUM" "views-for-wpforms-lite 3.2.3 Cross-Site.Request.Forgery.via.create_view MEDIUM" "views-for-wpforms-lite 3.2.3 Missing.Authorization.via.create_view MEDIUM" "vdz-verification 1.4 Authenticated.Stored.XSS MEDIUM" "video-central No.known.fix Contributor+.Stored.XSS MEDIUM" "video-thumbnails No.known.fix Admin+.Stored.XSS LOW" "vitepos-lite 3.0.2 Missing.Authorization MEDIUM" "vanguard No.known.fix Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "visitors-app No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "vo-locator-the-wp-store-locator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "vo-locator-the-wp-store-locator No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "visualizer 3.11.2 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "visualizer 3.11.0 Missing.Authorization.to.Arbitrary.SQL.Execution HIGH" "visualizer 3.10.6 Reflected.Cross-Site.Scripting MEDIUM" "visualizer 3.9.5 Contributor+.Stored.XSS MEDIUM" "visualizer 3.9.2 Contributor+.Stored.XSS MEDIUM" "visualizer 3.7.10 Contributor+.PHAR.Deserialization HIGH" "visualizer 3.7.7 Reflected.Cross-Site.Scripting MEDIUM" "visualizer 3.3.1 Blind.Server-Side.Request.Forgery.(SSRF) CRITICAL" "visualizer 3.3.1 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "visual-footer-credit-remover 1.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "vk-blocks-pro 1.54.0 Multiple.Stored.XSS MEDIUM" "vertical-marquee-plugin 7.2 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "vertical-marquee-plugin No.known.fix Admin+.Stored.XSS LOW" "videowhisper-video-presentation No.known.fix Remote.File.Upload CRITICAL" "wp-disable-sitemap 1.1.6.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-disable-sitemap 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-event-partners No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-event-partners No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-responsive-testimonials-slider-and-widget No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-ds-blog-map No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "wc-serial-numbers No.known.fix Missing.Authorization MEDIUM" "wc-serial-numbers 1.6.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "wp-blog-manager-lite 1.1.2 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wp-fusion-lite 3.43.0 Information.Exposure MEDIUM" "wp-fusion-lite 3.42.10 Authenticated.(Contributor+).Remote.Code.Execution HIGH" "wp-fusion-lite 3.37.31 Reflected.Cross-Site.Scripting.(XSS) HIGH" "wp-fusion-lite 3.37.30 Reflected.Cross-Site.Scripting.(XSS) HIGH" "wp-fusion-lite 3.37.30 CSRF.to.Data.Deletion MEDIUM" "wp-knowledgebase No.known.fix CSRF MEDIUM" "wp-relevant-ads No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-relevant-ads No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-relevant-ads No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-transactions 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-cleanup-and-basic-functions No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "wp-custom-widget-area No.known.fix Subscriber+.Menus.Creation/Deletion/Update MEDIUM" "wp-custom-widget-area No.known.fix Missing.Authorization MEDIUM" "wp-jobs 1.7 XSS MEDIUM" "wp-jobs 1.5 Authenticated.SQL.Injection HIGH" "wemail 1.14.6 Reflected.Cross-Site.Scripting MEDIUM" "wemail 1.14.3 Missing.Authorization.to.Notice.Dismissal MEDIUM" "wp-mapa-politico-spain 3.7.0 Authenticated.Stored.Cross-Site.Scripting LOW" "woo-aliexpress-dropshipping 2.1.2 Unauthenticated.Arbitrary.Content.Deletion MEDIUM" "woo-aliexpress-dropshipping No.known.fix Missing.Authorization MEDIUM" "wp-sendgrid-mailer No.known.fix Unauthenticated.SQL.Injection CRITICAL" "wemanage-app-worker 1.2.3 Subscriber+.Arbitrary.File.Upload HIGH" "woo-wholesale-pricing 1.6.5 Reflected.Cross-Site.Scripting MEDIUM" "woo-wholesale-pricing 1.6.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wc-remove-tabs-and-fields 1.68 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce 9.2 Contributor+.Stored.XSS MEDIUM" "woocommerce 9.1.4 Stored.XSS LOW" "woocommerce 9.0.0 Shop.Manager+.Content.Injection LOW" "woocommerce 8.9.3 8.9.2.-.Reflected.XSS HIGH" "woocommerce 8.6.0 Cross-Site.Request.Forgery MEDIUM" "woocommerce 8.6 Contributor+.Private/Draft.Products.Access LOW" "woocommerce 8.4.0 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce 8.3.0 Cross-Site.Request.Forgery MEDIUM" "woocommerce 8.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Featured.Image.alt.Attribute MEDIUM" "woocommerce 7.9 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "woocommerce 7.9.0 Sensitive.Information.Exposure MEDIUM" "woocommerce 7.0.1 Authenticated(Shop.Manager+).Sensitive.Information.Exposure MEDIUM" "woocommerce 8.1.1 Shop.Manager+.User.Metadata.Disclosure MEDIUM" "woocommerce 6.6.0 Admin+.Stored.HTML.Injection LOW" "woocommerce 6.3.1 Orders.Marked.as.Paid.(via.PayPal.Standard.Gateway) LOW" "woocommerce 6.2.1 Path.Traversal.via.Importers MEDIUM" "woocommerce 6.2.1 Subscriber+.Arbitrary.Comment.Deletion MEDIUM" "woocommerce 5.7.0 Analytics.Report.Leaks MEDIUM" "woocommerce 5.5.1 Authenticated.Blind.SQL.Injection HIGH" "woocommerce 5.2.0 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "woocommerce 4.7.0 Arbitrary.Order.Status.Disclosure.via.IDOR MEDIUM" "woocommerce 4.6.2 Guest.Account.Creation MEDIUM" "woocommerce 4.2.1 Potential.Cross-Site.Scripting.(XSS).via.SelectWoo MEDIUM" "woocommerce 4.1.0 Unescaped.Metadata.when.Duplicating.Products LOW" "woocommerce 3.6.5 Cross-Site.Request.Forgery.(CSRF).&.File.Type.Check MEDIUM" "woocommerce 3.5.5 Stored.Cross-Site.Scripting.(XSS) HIGH" "woocommerce 3.5.1 Authenticated.Stored.XSS HIGH" "woocommerce 3.4.6 Authenticated.Phar.Deserialization MEDIUM" "woocommerce 3.4.6 Authenticated.Stored.XSS MEDIUM" "wp-plugin-lister No.known.fix Settings.Update.to.Stored.XSS.via.CSRF HIGH" "wp-magazine-modules-lite 1.1.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "woo-salesforce-plugin-crm-perks 1.5.9 Reflected.Cross-Site.Scripting HIGH" "wadi-addons-for-elementor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wc-product-author 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "wc-product-author 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-quicklatex 3.8.8 Admin+.Stored.XSS LOW" "wp-quicklatex 3.8.7 Admin+.Stored.XSS.in.Background.Color.field LOW" "wp-font-awesome No.known.fix Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-font-awesome 1.7.9 Contributor+.Stored.XSS MEDIUM" "wp-stripe-checkout 1.2.2.42 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-stripe-checkout 1.2.2.38 Sensitive.Information.Exposure.via.Debug.Log HIGH" "wp-stripe-checkout 1.2.2.21 Contributor+.Stored.XSS MEDIUM" "wp-prayer No.known.fix Arbitrary.Prayer.Deletion.via.CSRF MEDIUM" "wp-prayer No.known.fix Email.Settings.Update.via.CSRF MEDIUM" "wp-prayer No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-prayer 1.9.7 Admin+.Stored.XSS LOW" "wp-prayer 1.5.5 Unauthorised.AJAX.call.via.CSRF MEDIUM" "wp-prayer 1.6.7 Arbitrary.Plugin.Settings.Update.via.CSRF MEDIUM" "wp-prayer 1.6.6 Cross-Site.Request.Forgery MEDIUM" "wp-prayer 1.6.2 Authenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "web-disrupt-funnelmentals No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "web-disrupt-funnelmentals No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "web-disrupt-funnelmentals No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-social-buttons No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "wp-mail-smtp-pro 3.8.1 Unauthenticated.Email.Address.Disclosure MEDIUM" "website-monetization-by-magenet 1.0.29.2 Cross-Site.Request.Forgery MEDIUM" "wcc-seo-keyword-research No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wcc-seo-keyword-research No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-scraper 5.8.1 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "wp-scraper 5.8 Missing.Authorization.to.Arbitrary.Page/Post.Creation MEDIUM" "wp-htaccess-control No.known.fix Admin+.Stored.XSS LOW" "wp2android-turn-wp-site-into-android-app No.known.fix Unauthenticated.File.Upload CRITICAL" "wpfront-scroll-top 2.0.6.07225 Admin+.Stored.XSS MEDIUM" "woo-advanced-product-size-chart 2.4.3.1 Reflected.Cross-Site.Scripting MEDIUM" "woo-advanced-product-size-chart 2.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-travel-engine 5.9.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-travel-engine 5.8.1 Unauthenticated.Price.Manipulation MEDIUM" "wp-travel-engine 5.8.0 Authenticated.(Administrator+).SQL.Injection CRITICAL" "wp-travel-engine 5.8.0 Unauthenticated.SQL.Injection CRITICAL" "wp-travel-engine 5.7.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-travel-engine 5.3.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-travel-engine 5.3.1 Editor+.Stored.Cross-Site.Scripting LOW" "woo-total-sales No.known.fix Missing.Authorization.to.Unauthenticated.Sales.Report.Retrieval MEDIUM" "wp-todo No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting.via.Task.Comments MEDIUM" "wp-todo No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-todo No.known.fix Cross-Site.Request.Forgery.via.wptodo_addcomment MEDIUM" "wp-todo No.known.fix Cross-Site.Request.Forgery.via.wptodo_manage() MEDIUM" "wp-todo No.known.fix Cross-Site.Request.Forgery.via.wptodo_settings MEDIUM" "wp-todo No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting.via.Settings MEDIUM" "wp-todo 1.2.9 Contributor+.Stored.XSS MEDIUM" "wp-simple-booking-calendar 2.0.11 Reflected.Cross-Site.Scripting MEDIUM" "wp-simple-booking-calendar 2.0.8.5 Cross-Site.Request.Forgery MEDIUM" "wp-simple-booking-calendar 2.0.6 Authenticated.SQL.Injection MEDIUM" "wp-inimat No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-admin-notification-center 2.3.3 Settings.Update.via.CSRF MEDIUM" "woosquare 4.3 Reflected.Cross-Site.Scripting MEDIUM" "woosquare 4.2.9 Reflected.Cross-Site.Scripting MEDIUM" "woosquare 4.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpadverts 2.1.3 Cross-Site.Request.Forgery MEDIUM" "wp-smart-import 1.1.0 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "wp-smart-import 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-smart-import 1.0.3 Reflected.Cross-Ste.Scripting MEDIUM" "wp-smart-import 1.0.1 Auhenticated.Server-side.Request.Forgery MEDIUM" "wp-woocommerce-quickbooks 1.1.9 Reflected.Cross-Site.Scripting HIGH" "woo-authorize-net-gateway-aim 6.0.4 Reflected.Cross-Site.Scripting MEDIUM" "woo-authorize-net-gateway-aim 5.1.27 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-meta-seo 4.5.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-meta-seo 4.5.14 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-meta-seo 4.5.13 Unauthenticated.Stored.Cross-Site.Scripting.via.Referer.header HIGH" "wp-meta-seo 4.5.13 Unauthenticated.Password.Protected.Content.Access MEDIUM" "wp-meta-seo 4.5.5 Author+.PHAR.Deserialization HIGH" "wp-meta-seo 4.5.3 Subscriber+.SQLi HIGH" "wp-meta-seo 4.5.3 Subscriber+.Improper.Authorization.causing.Arbitrary.Redirect MEDIUM" "wp-meta-seo 4.5.4 Subscriber+.Google.Analytics.Settings.Update MEDIUM" "wp-meta-seo 4.5.4 Subscriber+.SiteMap.Settings.Update MEDIUM" "wp-meta-seo 4.4.9 Social.Settings.Update.via.CSRF MEDIUM" "wp-meta-seo 4.4.7 Admin+.Stored.Cross-Site.Scripting.via.breadcrumbs LOW" "wpc-badge-management 2.4.1 Missing.Authorization MEDIUM" "woo-qiwi-payment-gateway No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "woo-advanced-extra-fees-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-video-lightbox 1.9.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.width.Parameter MEDIUM" "wp-video-lightbox 1.9.7 Contributor+.Stored.XSS MEDIUM" "wp-video-lightbox 1.9.6 Admin+.Stored.Cross-Site.Scripting LOW" "wp-video-lightbox 1.9.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-video-lightbox 1.9.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wp-comment-fields 5.1 Cross-Site.Request.Forgery MEDIUM" "wp-comment-fields 5.1 Missing.Authorization MEDIUM" "wp-comment-fields 4.1 Admin+.Stored.Cross-Site.Scripting LOW" "wp-club-manager 2.2.12 Missing.Authorization MEDIUM" "wp-club-manager 2.2.12 Authenticated.(Player+).Stored.Cross-Site.Scripting MEDIUM" "wp-club-manager 2.2.11 Missing.Authorization.to.Unauthenticated.Event.Permalink.Update MEDIUM" "wp-original-media-path 2.4.1 Admin+.Stored.XSS LOW" "wc-multivendor-membership 2.11.0 Unauthenticated.Arbitrary.Password.Update.via.IDOR CRITICAL" "wc-multivendor-membership 2.10.1 Unauthenticated.AJAX.Calls HIGH" "wc-multivendor-membership 2.10.1 Unauthenticated.Privilege.Escalation CRITICAL" "wc-multivendor-membership 2.10.0 Multiple.CSRF MEDIUM" "watchtowerhq 3.6.16 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "watchtowerhq 3.6.16 Unauthenticated.Arbitrary.File.Access HIGH" "woofunnels-aero-checkout 3.11.0 Subscriber+.Settings.Update MEDIUM" "woofunnels-aero-checkout 3.11.0 Subscriber+.Arbitrary.Plugin.Activation MEDIUM" "woofunnels-aero-checkout 3.11.0 Unauthenticated.Arbitrary.Content.Deletion MEDIUM" "woocommerce-payplug No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-payplug No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-favorite-posts No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-favorite-posts 1.6.6 Cross-Site.Scripting.(XSS) MEDIUM" "wc-product-customer-list 3.1.5 Reflected.Cross-Site.Scripting MEDIUM" "wc-product-customer-list 3.0.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wwm-social-share-on-image-hover No.known.fix Admin+.Stored.XSS LOW" "wp-broken-images No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-polls 2.76.0 IP.Validation.Bypass MEDIUM" "wp-polls 2.77.0 Subscriber+.Race.Condition MEDIUM" "wp-polls 2.73.1 Authenticated.Reflected.Cross-Site.Scripting.(XSS) CRITICAL" "wp-polls 2.72 SQL.Injection CRITICAL" "woopra 1.4.3.2 Unauthenticated.Arbitrary.File.Upload CRITICAL" "world-travel-information No.known.fix Reflected.Cross-Site.Scripting HIGH" "woocommerce-chained-products 2.12.0 Unauthenticated.Arbitrary.Options.Update.to.'no' MEDIUM" "wp-limits No.known.fix Plugin's.Settings.Update.via.CSRF MEDIUM" "wp-social-sharing No.known.fix Admin+.Stored.XSS LOW" "wp-link-bio No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-link-bio No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-404-auto-redirect-to-similar-post 1.0.5 Reflected.Cross-Site.Scripting.via.Debug.Mode.URI MEDIUM" "wp-404-auto-redirect-to-similar-post 1.0.4 Reflected.Cross-Site.Scripting.via.request MEDIUM" "wp-404-auto-redirect-to-similar-post 1.0.4 Admin+.Stored.XSS LOW" "wordpress-feed-statistics No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "wordpress-feed-statistics 4.0 Open.Redirect MEDIUM" "wholesale-market-for-woocommerce 2.0.0 Admin+.Arbitrary.Log.Download MEDIUM" "wholesale-market-for-woocommerce 1.0.7 Unauthenticated.Arbitrary.File.Download HIGH" "wholesale-market-for-woocommerce 1.0.8 Admin+.Arbitrary.File.Download MEDIUM" "wp-smart-crm-invoices-free No.known.fix Authenticated.Stored.Cross-Site.Scripting MEDIUM" "whats-new-genarator No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-to-hootsuite 1.3.9 Reflected.Cross-Site.Scripting HIGH" "wp-system-log No.known.fix Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "woocommerce-product-addon 32.0.21 Unauthenticated.Content.Injection.Vulnerability MEDIUM" "woocommerce-product-addon 32.0.19 Unauthenticated.Arbitrary.File.Upload.via.ppom_upload_file CRITICAL" "woocommerce-product-addon 32.0.7 Reflected.Cross-Site.Scripting HIGH" "woocommerce-product-addon 32.0.6 Admin+.Stored.Cross-Site.Scripting LOW" "woocommerce-product-addon 24.0 Subscriber+.Settings.Update.to.Stored.XSS MEDIUM" "woocommerce-product-addon 18.4 Authenticated.Stored.XSS MEDIUM" "woo-payment-gateway-for-piraeus-bank 1.7.0 Unauthenticated.SQL.Injection CRITICAL" "wp-editor 1.2.9.1 Authenticated.(Admin+).PHAR.Deserialization HIGH" "wp-editor 1.2.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-editor 1.2.8 Sensitive.Information.Exposure.via.log.file MEDIUM" "wp-editor 1.2.7 Authenticated.SQL.injection CRITICAL" "wp-editor 1.2.6.3 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "wp-editor 1.2.6 CSRF.&.Incorrect.Permissions CRITICAL" "ws-contact-form 1.3.8 Admin+.Stored.XSS LOW" "wadi-survey No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wadi-survey No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-ecommerce-paypal 1.9.1 Unauthenticated.Open.Redirect HIGH" "wp-ecommerce-paypal 1.9 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "wp-ecommerce-paypal 1.8.2 Cross-Site.Request.Forgery MEDIUM" "wp-ecommerce-paypal 1.7.4 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "wp-ecommerce-paypal 1.7.3 CSRF.to.Stored.Cross-Site.Scripting HIGH" "wcp-openweather No.known.fix Cross-Site.Request.Forgery MEDIUM" "wcp-openweather No.known.fix Reflected.XSS HIGH" "woo-category-slider-grid 1.4.16 Missing.Authorization.via.notice.dismissal.functionality MEDIUM" "wp-contacts-manager No.known.fix Unauthenticated.SQLi CRITICAL" "wp-donottrack No.known.fix Authenticated.(admin+).Stored.XSS MEDIUM" "wp-stripe-donation 3.2.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-stripe-donation 3.1.6 AidWP.<.3.1.6.-.CSRF MEDIUM" "wp-stripe-donation 2.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-bing-search 2.6.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-bing-search 2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wiser-notify 2.6 Missing.Authorization MEDIUM" "wpbricks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpbricks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpcal 0.9.5.9 Cross-Site.Request.Forgery MEDIUM" "woocommerce-checkout-field-editor 1.7.5 Checkout.Fields.Update.via.CSRF MEDIUM" "woocommerce-checkout-field-editor 1.7.5 Cross-Site.Request.Forgery.to.Checkout.Fields.Update MEDIUM" "woocommerce-checkout-field-editor 1.7.5 Cross-Site.Request.Forgery MEDIUM" "wp-dashboard-notes 1.0.12 Subscriber+.Stored.XSS HIGH" "wp-dashboard-notes 1.0.11 Contributor+.Arbitrary.Private.Notes.Update.via.IDOR LOW" "wp-dashboard-notes 1.0.11 Unauthorised.Deletion.of.Private.Notes LOW" "wp-stripe-global-payments 3.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-stripe-global-payments 3.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-rocket 2.10.4 Local.File.Inclusion.(LFI) HIGH" "widget-twitter No.known.fix Contributor+.SQLi MEDIUM" "wp-food-manager 1.0.4 Admin+.Stored.XSS LOW" "wp-opening-hours No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "woo-advance-search No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-advance-search No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-advance-search 1.1 Multiple.XSS MEDIUM" "woocommerce-pdf-invoices-packing-slips 3.8.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "woocommerce-pdf-invoices-packing-slips 3.8.1 Unauthenticated.Server-Side.Request.Forgery MEDIUM" "woocommerce-pdf-invoices-packing-slips 3.7.6 Shop.Manager+.SQL.Injection HIGH" "woocommerce-pdf-invoices-packing-slips 3.0.1 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-pdf-invoices-packing-slips 2.16.0 Reflected.Cross-Site.Scripting LOW" "woocommerce-pdf-invoices-packing-slips 2.15.0 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-pdf-invoices-packing-slips 2.10.5 Reflected.Cross-Site.Scripting HIGH" "woocommerce-pdf-invoices-packing-slips 2.0.13 XSS MEDIUM" "wp-admin-ui-customize 1.5.13 Admin+.Stored.XSS LOW" "wp-paytm-pay No.known.fix Donation.Plugin.<=.1.3.2.-.Authenticated.(admin+).SQL.Injection MEDIUM" "wp-gotowebinar 15.8 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-gotowebinar 15.7 Missing.Authorization MEDIUM" "wp-gotowebinar 15.8 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wp-gotowebinar 15.1 Missing.Authorization MEDIUM" "wp-gotowebinar 14.46 Admin+.Stored.XSS LOW" "wp-wc-affiliate-program 8.5.0 Authentication.Bypass.to.Account.Takeover.and.Privilege.Escalation CRITICAL" "wp-phone-message No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-phone-message No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "widgets-for-aliexpress-reviews 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "web3-authentication 3.0.0 Authentication.Bypass HIGH" "web3-authentication 2.7.0 Authentication.Bypass CRITICAL" "woocommerce-pos 1.4.12 Insufficient.Verification.of.Data.Authenticity.to.Authenticated.(Customer+).Information.Disclosure MEDIUM" "wp-bannerize-pro 1.9.1 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "wp-bannerize-pro 1.7.0 Reflected.XSS HIGH" "wp-gravity-forms-spreadsheets 1.1.1 Reflected.Cross-Site.Scripting HIGH" "wc-zelle 3.1.1 Reflected.Cross-Site.Scripting MEDIUM" "wc-zelle 2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-front-end-profile 1.3.2 Unauthenticated.Privilege.Escalation CRITICAL" "wp-front-end-profile 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-front-end-profile 1.2.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-front-end-profile 1.2.2 CSRF.Check.Incorrectly.Implemented LOW" "wp-front-end-profile 0.2.2 Privilege.Escalation.&.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "woo-viet 1.5.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wc-peach-payments-gateway 3.2.0 Missing.Authorization.via.peach_core_version_rollback() MEDIUM" "woo-discount-rules 2.4.2 Reflected.Cross-Site.Scripting MEDIUM" "woo-discount-rules 2.2.1 Multiple.Authorization.Bypass HIGH" "woo-discount-rules 2.1.0 Multiple.Vulnerabilities CRITICAL" "wp-reset 2.03 Missing.Authorization.to.License.Key.Modification MEDIUM" "wp-reset 2.0 Sensitive.Information.Exposure.due.to.Insufficient.Randomness MEDIUM" "wp-reset 5.99 Subscriber+.Database.Reset CRITICAL" "wp-reset 5.99 Database.Reset.via.CSRF CRITICAL" "wp-reset 1.90 Authenticated.Stored.XSS MEDIUM" "woocommerce-conversion-tracking 2.0.12 Subscriber+.Addon.Installation MEDIUM" "woocommerce-conversion-tracking 2.0.12 Subscriber+.happy-elementor-addons.Installation.&.Activation MEDIUM" "wp-private-content-plus No.known.fix Unauthenticated.Protected.Post.Access MEDIUM" "wp-private-content-plus 3.2 Cross-Site.Request.Forgery HIGH" "wp-private-content-plus 3.2 CSRF.Nonce.Bypass HIGH" "wp-private-content-plus 2.0 Unauthenticated.Options.Change HIGH" "wp-analytify 5.4.0 Cross-Site.Request.Forgery.to.Opt-out MEDIUM" "wp-analytify 5.2.4 Cross-Site.Request.Forgery MEDIUM" "wp-analytify 5.2.4 Missing.Authorization MEDIUM" "wp-analytify 5.2.4 Missing.Authorization.to.Unauthenticated.Google.Analytics.Tracking.ID.Modification MEDIUM" "wp-analytify 5.2.0 Cross-Site.Request.Forgery MEDIUM" "wp-analytify 5.1.1 Missing.Authorization.to.Opt-In MEDIUM" "wp-analytify 4.2.3 Cache.Deletion.via.CSRF MEDIUM" "wp-analytify 4.2.1 Reflected.Cross-Site.Scripting MEDIUM" "woo-product-slider-and-carousel-with-category 2.8 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "widget4call No.known.fix Reflected.XSS HIGH" "wp-asset-clean-up 1.3.9.4 Missing.Authorization MEDIUM" "wp-asset-clean-up 1.3.5.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-asset-clean-up 1.3.8.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-asset-clean-up 1.3.8.5 Reflected.Cross-Site.Scripting.via.AJAX.Action HIGH" "wp-asset-clean-up 1.3.8.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-asset-clean-up 1.3.6.7 CSRF.&.XSS LOW" "wp-multitasking 0.1.18 WP.Utilities.<.0.1.18.-.Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-multitasking No.known.fix Reflected.XSS.via.Shortcode MEDIUM" "wp-multitasking No.known.fix SMTP.Settings.Update.via.CSRF MEDIUM" "wp-multitasking No.known.fix Exit.Popup.Update.via.CSRF MEDIUM" "wp-multitasking No.known.fix Welcome.Popup.Update.via.CSRF MEDIUM" "wp-multitasking No.known.fix Settings.Update.via.CSRF MEDIUM" "woocommerce-collections 1.7.0 Unauthenticated.SQL.Injection CRITICAL" "woocommerce-collections 1.7.0 Missing.Authorization.to.Unauthenticated.Arbitrary.Post/Page.Deletion MEDIUM" "wp-gpx-map 1.1.23 Arbitrary.File.Upload CRITICAL" "wc-multi-currency 1.5.6 Missing.Authorization MEDIUM" "wc-multi-currency 1.5.6 Cross-Site.Request.Forgery MEDIUM" "wp-coupons-and-deals 3.1.19 Reflected.Cross-Site.Scripting MEDIUM" "wp-coupons-and-deals 3.1.12 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-product-category-selection-widget No.known.fix Reflected.XSS HIGH" "wp-mail-logging 1.11.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-mail-logging 1.10.0 Outdated.Redux.Framework MEDIUM" "whatshelp-chat-button 1.8.10 Admin+.Stored.XSS LOW" "wp-media-category-management 2.3.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-media-category-management 2.1.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-import-export 3.9.16 Unauthenticated.Sensitive.Data.Disclosure HIGH" "wp-all-export 1.4.1 Remote.Code.Execution.via.CSRF CRITICAL" "wp-all-export 1.4.1 Author+.PHAR.Deserialization.via.CSRF HIGH" "wp-all-export 1.4.0 Admin+.RCE MEDIUM" "wp-all-export 1.3.6 Reflected.Cross-Site.Scripting MEDIUM" "wp-all-export 1.3.5 Admin+.SQL.Injection MEDIUM" "wp-all-export 1.3.1 Admin+.Stored.Cross-Site.Scripting LOW" "woo-permalink-manager 2.3.11 Unauthenticated.Local.File.Inclusion CRITICAL" "woo-permalink-manager 2.3.9 Reflected.Cross-Site.Scripting MEDIUM" "woo-permalink-manager 2.3.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wordpress-popup No.known.fix Admin+.Stored.XSS LOW" "wordpress-popup 6.0.8.1 Unauthenticated.CSV.Injection HIGH" "widgets-on-pages 1.8.0 Reflected.Cross-Site.Scripting MEDIUM" "widgets-on-pages 1.8.0 Contributor+.Stored.XSS MEDIUM" "widgets-on-pages 1.6.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-carousel-free 2.6.4 Authenticated.(Admin+).PHP.Object.Injection HIGH" "wp-carousel-free 2.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'sp_wp_carousel_shortcode' MEDIUM" "wp-carousel-free 2.5.3 Contributor+.Stored.XSS MEDIUM" "wp-easy-gallery No.known.fix Authenticated.(Contributor+).SQL.Injection.via.key.Parameter HIGH" "wp-easy-gallery No.known.fix Authenticated.(Subscriber+).SQL.Injection CRITICAL" "wp-easy-gallery No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Gallery.Manipulation MEDIUM" "wp-charts No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-secure-maintainance 1.7 Admin+.Stored.XSS LOW" "wonderplugin-pdf-embed 1.7 Contributor+.Stored.XSS MEDIUM" "wufoo-shortcode 1.52 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-smushit 3.16.5 Subscriber+.Resmush.List.Deletion MEDIUM" "wp-smushit 3.9.9 Admin+.Reflected.Cross-Site.Scripting LOW" "wp-smushit 3.0.0 Authenticated.Phar.Deserialization MEDIUM" "wp-smushit 2.7.6 File.Transversal HIGH" "widget-google-reviews 3.2 Contributor+.Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "widget-google-reviews 2.2.4 Subscriber+.SQLi HIGH" "widget-google-reviews 2.2.3 Subscriber+.Widget.Creation MEDIUM" "woocommerce-product-addons 6.2.0 Shop.Manager+.PHP.Object.Injection HIGH" "woocommerce-product-addons 6.2.0 Cross-Site.Request.Forgery MEDIUM" "woo-customers-spreadsheet-bulk-edit 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "woo-customers-spreadsheet-bulk-edit 1.0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "weebotlite No.known.fix Admin+.Stored.XSS LOW" "wp-githuber-md 1.16.3 Authenticated.(Author+).Arbitrary.File.Upload HIGH" "wp-translitera No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-event-solution 4.0.9 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-event-solution 4.0.6 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "wp-event-solution 4.0.5 Missing.Authorization.to.Authenticated.(Contributor+).Event.Data.Import MEDIUM" "wp-event-solution 4.0.0 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "wp-event-solution 3.3.51 Missing.Authorization.to.Unauthenticated.Events.Export MEDIUM" "woocommerce-product-recommendations 2.3.0 CSRF MEDIUM" "wp-timelines 3.6.8 Unauthenticated.Local.File.Inclusion CRITICAL" "wp-timelines 3.6.8 Reflected.Cross-Site.Scripting MEDIUM" "wp-timelines 3.6.8 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "webpushr-web-push-notifications 4.36.0 Reflected.Cross-Site.Scripting MEDIUM" "webpushr-web-push-notifications 4.35.0 Unauthenticated.Stored.XSS HIGH" "webpushr-web-push-notifications 4.35.0 LFI.via.CSRF MEDIUM" "woo-conditional-payment-gateways 1.16.0 Reflected.Cross-Site.Scripting MEDIUM" "woo-conditional-payment-gateways 1.13.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-masquerade No.known.fix Subscriber+.Account.Takeover HIGH" "wordpress-country-selector 1.6.6 Reflected.Cross-Site.Scripting MEDIUM" "woo-address-book 1.6.0 CSRF HIGH" "wp-limit-login-attempts No.known.fix IP.Spoofing MEDIUM" "woocommerce-country-based-payments 1.4.4 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-country-based-payments 1.4.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-vr-view No.known.fix Outdated.VRView.Library.Used,.Leading.to.Reflected.XSS HIGH" "wp-simple-html-sitemap 3.2 Authenticated.(Admin+).SQL.Injection CRITICAL" "wp-simple-html-sitemap 2.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-simple-html-sitemap 2.8 Missing.Authorization MEDIUM" "wp-simple-html-sitemap 2.3 Reflected.XSS HIGH" "wp-simple-html-sitemap 2.6 Contributor+.Stored.XSS MEDIUM" "wp-mailster 1.5.5 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "wp-hide-security-enhancer 1.8 Reflected.Cross-Site.Scripting MEDIUM" "woo-bookings-calendar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wc-captcha No.known.fix Admin+.Stored.XSS LOW" "wp-subtitle 3.4.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "where-did-they-go-from-here 2.1.0 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-composite-products 8.7.6 Reflected.XSS MEDIUM" "whatsapp No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-graphql-woocommerce 0.12.4 Unauthenticated.Coupon.Codes.Disclosure MEDIUM" "woo-fiscalita-italiana No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-fiscalita-italiana 1.3.23 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-shoutbox-live-chat No.known.fix Unauthenticated.SQLi HIGH" "wp-shoutbox-live-chat No.known.fix Unauthenticated.Stored.XSS HIGH" "wp-ecommerce-shop-styling No.known.fix Unauthenticated.Dompdf.Local.File.Inclusion.(LFI) HIGH" "wp-facebook-review-showcase-lite 1.0.9 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wonderplugin-slider-lite 14.0 Reflected.Cross-Site.Scripting.via.'page' MEDIUM" "wp-scrippets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-top-news 2.3.7 Reflected.Cross-Site.Scripting MEDIUM" "wp-top-news 2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-armour-extended 1.32 Reflected.Cross-Site.Scripting MEDIUM" "wp-armour-extended 1.32 Cross-Site.Request.Forgery MEDIUM" "wp-zillow-review-slider 2.4 Admin+.Stored.Cross-Site.Scripting LOW" "wp-edit-username 1.0.6 Admin+.Stored.XSS LOW" "wp-edit-username 1.0.6 Admin+.Stored.XSS LOW" "woo-product-gallery-slider 2.2.9 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wp-responsive-thumbnail-slider 1.0.1 Cross-Site.Request.Forgery.to.Mass.Slider.Deletion MEDIUM" "wp-responsive-thumbnail-slider 1.1.10 Reflected.XSS HIGH" "wp-responsive-thumbnail-slider 1.0.1 Authenticated.Shell.Upload.&.CSRF HIGH" "wp-responsive-thumbnail-slider 1.0.1 Stored.Cross-Site.Scripting.(XSS).&.CSRF HIGH" "wip-custom-login 1.3.0 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wp-open-street-map 1.30 Arbitrary.Settings.Update.via.CSRF MEDIUM" "w3s-cf7-zoho No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "w3s-cf7-zoho 2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "w3s-cf7-zoho 2.1.0 Reflected.Cross-Site.Scripting.(XSS) HIGH" "wp-tradingview No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woo-gutenberg-products-block 11.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Featured.Image.alt.Attribute MEDIUM" "woo-gutenberg-products-block 5.5.1 Unauthenticated.SQL.Injection CRITICAL" "woo-gutenberg-products-block 3.7.1 Guest.Account.Creation MEDIUM" "wens-responsive-column-layout-shortcodes No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-symposium No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "woocommerce-aweber-newsletter-subscription 4.0.3 Missing.Authorization.to.Access.Token.Modification MEDIUM" "wp-meta-and-date-remover 2.3.1 Cross-Site.Request.Forgery.via.updateSettings MEDIUM" "wp-meta-and-date-remover 2.2.0 Subscriber+.Stored.XSS HIGH" "wp-meta-and-date-remover 1.9.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woosms-sms-module-for-woocommerce 3.0.3 Missing.Authorization.via.Multiple.AJAX.Actions MEDIUM" "wp-change-email-sender 2.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-payu-paisa No.known.fix Price.Tampering MEDIUM" "wp-glossary No.known.fix Missing.Authorization MEDIUM" "wp-glossary No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-category-meta No.known.fix CSRF MEDIUM" "widget-for-contact-form-7 No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-flipclock 1.8 Contributor+.Stored.XSS MEDIUM" "wti-like-post No.known.fix IP.Spoofing MEDIUM" "wti-like-post 1.4.6 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "wti-like-post 1.4.3 Unauthenticated.Blind.SQL.Injection CRITICAL" "wp-splashing-images 2.1.1 Cross-Site.Scripting.(XSS) MEDIUM" "wp-splashing-images 2.1.1 Authenticated.PHP.Object.Injection HIGH" "wordpress-gdpr 1.9.27 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "wordpress-gdpr 1.9.26 Authenticated.Reflected.Cross-Site.Scripting MEDIUM" "wp-sponsors No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-sponsors No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "woocommerce-product-sort-and-display 2.4.2 Missing.Authorization MEDIUM" "wp-vertical-image-slider 1.2.17 .Reflected.XSS HIGH" "wp-vertical-image-slider 1.2.17 Reflected.Cross-Site.Scripting MEDIUM" "wp-vertical-image-slider 1.2 Cross-Site.Scripting.&.CSRF CRITICAL" "wp-athletics No.known.fix Subscriber+.Stored.Cross-Site.Scripting HIGH" "wp-athletics No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpslacksync 1.8.6 Slack.Access.Token.Disclosure HIGH" "wp-crontrol 1.16.2 Remote.Code.Execution MEDIUM" "wp-songbook No.known.fix Reflected.Cross-Site.Scripting HIGH" "wp-cookie-law-info No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-linkedin-auto-publish 8.12 Missing.Authorization MEDIUM" "webappick-product-feed-for-woocommerce 6.5.7 Shop.Manager+.Arbitrary.Options.Update HIGH" "webappick-product-feed-for-woocommerce 3.1.15 Authenticated.Reflected.XSS MEDIUM" "wpsimpletools-upload-limit No.known.fix Reflected.XSS HIGH" "woo-thank-you-page-customizer 1.1.3 Missing.Authorization.to.Authenticated.(Subscriber+).Data.Export MEDIUM" "woo-thank-you-page-customizer 1.1.3 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "woo-thank-you-page-customizer 1.0.14 CSRF MEDIUM" "wp-lead-stream No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-lead-stream No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wordpress-flash-uploader 3.1.3 Arbitrary.Comm&.Execution CRITICAL" "wp-ultimate-exporter 2.4.2 Unauthenticated.Information.Disclosure MEDIUM" "wp-ultimate-exporter 1.4.2 CSRF HIGH" "wp-ultimate-exporter 1.2 Unauthenticated.SQL.Injection CRITICAL" "wptools-masonry-gallery-posts-for-divi 3.5.1 Reflected.Cross-Site.Scripting MEDIUM" "wptools-masonry-gallery-posts-for-divi 3.1.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "widgets-for-ebay-reviews 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "woc-order-alert 3.2.2 Unauthenticated.SQLi HIGH" "wp-responsive-video-gallery-with-lightbox 1.0.7 Authenticated.(Admin+).SQL.Injection CRITICAL" "wp-responsive-video-gallery-with-lightbox 1.0.1 Cross-Site.Request.Forgery MEDIUM" "wp-responsive-video-gallery-with-lightbox 1.0.23 Reflected.XSS HIGH" "white-label 2.9.1 Cross-Site.Request.Forgery.via.white_label_reset_wl_admins MEDIUM" "wp-testimonial-widget No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-testimonial-widget No.known.fix Authenticated.(Admin+).SQL.Injection CRITICAL" "wp-testimonial-widget No.known.fix Missing.Authorization MEDIUM" "w4-post-list 2.4.6 Reflected.XSS HIGH" "w4-post-list 2.4.6 Contributor+.Stored.XSS MEDIUM" "w4-post-list 2.4.6 Subscriber+.Password.Protected.Post.Content.Disclosure MEDIUM" "w4-post-list 2.4.5 Contributor+.Stored.XSS MEDIUM" "wp-file-get-contents 2.7.1 Contributor+.SSRF MEDIUM" "wp-image-carousel No.known.fix Contributor+.Stored.XSS MEDIUM" "wpsite-follow-us-badges 3.1.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpsite_follow_us_badges.Shortcode MEDIUM" "woocommerce-exporter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-exporter 2.7.2.1 Store.Exporter.<.2.7.2.1.-.Reflected.XSS HIGH" "woocommerce-exporter 2.7.1 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "woocommerce-exporter 2.4 Store.Exporter.<.2.4.-.CSV.Injection CRITICAL" "wp-last-modified-info 1.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.lmt-post-modified-info.Shortcode MEDIUM" "wp-login-security-and-history No.known.fix CSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "woocommerce-products-slider 1.13.51 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-products-slider 1.13.42 Contributor+.Stored.XSS MEDIUM" "woocommerce-products-slider 1.13.22 Reflected.Cross-Site.Scripting.(XSS) HIGH" "wpbits-addons-for-elementor 1.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "wpbits-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpbits-addons-for-elementor 1.3.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-default-feature-image No.known.fix Admin+.Stored.XSS LOW" "wp-bitly No.known.fix Missing.Authorization MEDIUM" "wp-bitly No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-post-columns No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-blog-post-layouts 1.1.4 Authenticated.(Contributor+).Local.File.Inlcusion HIGH" "wpsolr-search-engine 8.7 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-automatic 3.95.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.autoplay.Parameter MEDIUM" "wp-automatic 3.93.0 WordPress.Automatic.Plugin.<.3,93,0.Cross-Site.Request.Forgery MEDIUM" "wp-automatic 3.92.1 Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "wp-automatic 3.92.1 Unauthenticated.SQL.Injection CRITICAL" "wp-automatic 3.92.1 Unauthenticated.Arbitrary.File.Download.and.Server-Side.Request.Forgery CRITICAL" "wp-automatic 3.53.3 Unauthenticated.Arbitrary.Options.Update CRITICAL" "wp-next-post-navi No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-admin-logo-changer No.known.fix Plugin's.Settings.Update.via.CSRF MEDIUM" "woocommerce-bulk-stock-management 2.2.34 Reflected.XSS HIGH" "woo-zoho 1.2.4 Reflected.Cross-Site.Scripting HIGH" "woo-min-max-quantity-step-control-single 4.6 Reflected.XSS HIGH" "woocommerce-discounts-plus 3.4.5 Reflected.Cross-Site.Scripting HIGH" "wpcodefactory-helper 1.7.1 .Reflected.Cross-Site.Scripting MEDIUM" "wpcodefactory-helper 1.5.3 Reflected.Cross-Site.Scripting HIGH" "wp-appbox 4.4.0 Admin+.Stored.Cross-Site.Scripting LOW" "wp-appbox 4.3.18 Authenticated.Local.File.Inclusion LOW" "wpshopgermany-protectedshops 2.1 Admin+.Stored.XSS LOW" "woocommerce-gateway-certification-de-facture-et-gestion-de-pdf-kiwiz No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "wats 1.0.64 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "wpdatatables 6.3.2 Tables.&.Table.Charts.(Premium).<.6.3.2.-.Unauthenticated.SQL.Injection CRITICAL" "wpdatatables 6.4 Tables.&.Table.Charts.(Premium).<.6.4.-.Missing.Authorization.to.DataTable.Access.&.Modification HIGH" "wpdatatables 3.4.2.14 Unauthenticated.Stored.Cross-Site.Scripting.via.CSV.Import MEDIUM" "wpdatatables 3.4.2.5 Reflected.Cross-Site.Scripting. MEDIUM" "wpdatatables 2.1.66 Admin+.PHP.Object.Injection MEDIUM" "wpdatatables 2.1.50 Contributor+.Stored.XSS MEDIUM" "wpdatatables 2.1.28 Admin+.Stored.Cross-Site.Scripting LOW" "wpdatatables 2.1.28 Admin+.Stored.Cross-Site.Scripting LOW" "wpdatatables 3.4.2 Improper.Access.Control.leading.to.Table.Permission.Takeover HIGH" "wpdatatables 3.4.2 Blind.SQL.Injection.via.start.Parameter CRITICAL" "wpdatatables 3.4.2 Improper.Access.Control.leading.to.Table.Data.Deletion MEDIUM" "wpdatatables 3.4.2 Blind.SQL.Injection.via.length.Parameter CRITICAL" "wpdatatables 3.4.1 Unauthenticated.SQL.Injection CRITICAL" "wpdatatables 2.0.12 Cross-Site.Scripting.(XSS).&.SQL.Injection HIGH" "wpdatatables 1.5.4 Unauthenticated.SQL.Injection CRITICAL" "wpdatatables 1.5.4 Unauthenticated.Shell.Upload CRITICAL" "wechat-broadcast No.known.fix Local/Remote.File.Inclusion CRITICAL" "woocommerce-add-to-cart-custom-redirect 1.2.14 Authenticated(Contributor+).Missing.Authorization.to.Limited.Arbitrary.Options.Update HIGH" "wp-table-pixie 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "wholesale-pricing-woocommerce 3.8.1 Reflected.Cross-Site.Scripting MEDIUM" "woo-related-products-refresh-on-reload 3.3.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "woocommerce-pre-orders 2.0.3 Arbitrary.Pre-Order.Canceling.via.CSRF MEDIUM" "woocommerce-pre-orders 2.0.3 Unauthorised.Actions.via.CSRF MEDIUM" "woocommerce-pre-orders 2.0.2 Reflected.XSS HIGH" "woocommerce-pre-orders 2.0.1 Contributor+.Stored.XSS MEDIUM" "woocommerce-pre-orders 2.0.0 Reflected.XSS HIGH" "wp-backgrounds-lite No.known.fix CSRF.Bypass MEDIUM" "wp-auto-republish 1.5.6.1 Subscriber+.Settings.Update/Access MEDIUM" "wp-auto-republish 1.5.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-auto-republish 1.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-not-login-hide-wpnlh No.known.fix Admin+.Stored.XSS LOW" "wp-hr-gdpr No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-hr-gdpr 0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-data-access 5.5.9 Cross-Site.Request.Forgery MEDIUM" "wp-data-access 5.3.11 Reflected.Cross-Site.Scripting MEDIUM" "wp-data-access 5.3.8 Subscriber+.Privilege.Escalation HIGH" "wp-data-access 5.1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-data-access 5.0.0 Admin+.SQL.Injection HIGH" "wordpress-easy-paypal-payment-or-donation-accept-plugin 5.0 Missing.Authorization MEDIUM" "wordpress-easy-paypal-payment-or-donation-accept-plugin 4.9.10 Contributor+.Stored.XSS MEDIUM" "wp-simple-maintenance-mode 1.5.1 Reflected.Cross-Site.Scripting MEDIUM" "weather-atlas 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-post-disclaimer 1.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-shamsi No.known.fix Subscriber+.Attachment.Deletion MEDIUM" "wp-shamsi 4.1.1 Unauthenticated.Arbitrary.Plugin.Deactivation MEDIUM" "wp-shamsi 4.2.0 Subscriber+.Settings.Update MEDIUM" "wp-free-ssl No.known.fix Missing.Authorization MEDIUM" "wp-free-ssl 1.2.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wordlive-livecall-addon-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wcsm-search-merchandising No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wcsm-search-merchandising No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-shortcode 1.4.17 CSRF MEDIUM" "woo-customers-manager 1.1.14 Reflected.Cross-Site.Scripting MEDIUM" "woo-customers-manager 1.1.13 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpc-composite-products 7.2.8 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-checkout-cielo No.known.fix Insufficient.Verification.of.Data.Authenticity.to.Order.Payment.Status.Update MEDIUM" "wooswipe 3.0.0 Subscriber+.Settings.Update MEDIUM" "wp-coming-soon-booster 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "wp-line-notify 1.4.5 Reflected.XSS HIGH" "woo-currency 1.6.6 Admin+.Stored.XSS LOW" "woo-bought-together 7.2.0 Missing.Authorization MEDIUM" "woo-bought-together 7.0.4 Missing.Authorization MEDIUM" "wordpress-backup-to-dropbox 4.1 Reflected.XSS MEDIUM" "webinar-ignition 3.06.0 Cross-Site.Request.Forgery MEDIUM" "webinar-ignition 3.05.1 Unauthenticated.SQL.Injection CRITICAL" "webinar-ignition 3.05.1 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "webinar-ignition 3.05.1 Missing.Authorization.to.Unauthenticated.Privilege.Escalation CRITICAL" "webinar-ignition 3.1.2 Reflected.Cross-Site.Scripting MEDIUM" "webinar-ignition 2.14.3 Admin+.Stored.XSS LOW" "webinar-ignition 2.8.12 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-gratify No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "watermark-reloaded No.known.fix Cross-Site.Request.Forgery.via.optionsPage HIGH" "wp-file-upload 4.24.12 Unauthenticated.Path.Traversal.to.Arbitrary.File.Read.and.Deletion.in.wfu_file_downloader.php CRITICAL" "wp-file-upload 4.24.9 Unauthenticated.Stored.Cross-Site.Scripting.via.SVG.File.Upload HIGH" "wp-file-upload 4.24.8 Missing.Authorization MEDIUM" "wp-file-upload 4.24.8 Unauthenticated.Stored.XSS HIGH" "wp-file-upload 4.24.8 Reflected.XSS HIGH" "wp-file-upload 4.24.8 Authenticated.(Contributor+).Directory.Traversal MEDIUM" "wp-file-upload 4.24.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-file-upload 4.24.1 Cross-Site.Request.Forgery MEDIUM" "wp-file-upload 4.23.3 Author+.Stored.Cross-Site.Scripting LOW" "wp-file-upload 4.19.2 Admin+.Stored.Cross-Site.Scripting MEDIUM" "wp-file-upload 4.19.2 Admin+.Path.Traversal MEDIUM" "wp-file-upload 4.16.3 Contributor+.Path.Traversal.to.RCE CRITICAL" "wp-file-upload 4.16.3 Contributor+.Stored.Cross-Site.Scripting.via.Malicious.SVG MEDIUM" "wp-file-upload 4.16.3 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-file-upload 4.13.0 Directory.Traversal.to.RCE CRITICAL" "wp-file-upload 4.3.4 Cross-Site.Scripting.(XSS) MEDIUM" "wp-file-upload 4.3.3 Security.Issue.in.Shortcodes MEDIUM" "wp-file-upload 3.9.0 Insufficient.File.Extension.Blacklisting HIGH" "wp-file-upload 3.4.1 Unauthenticated.Malicious.File.Upload HIGH" "wp-file-upload 3.0.0 Multiple.Vulnerabilities HIGH" "wp-file-upload 2.7.1 JS.File.Upload HIGH" "wp-simple-galleries No.known.fix Contributor+.PHP.Object.Injection HIGH" "wp-scrive 1.2.4 Reflected.Cross-Site.Scripting MEDIUM" "wp-scrive 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-remote-users-sync 1.2.12 Subscriber+.Log.Access MEDIUM" "wp-remote-users-sync 1.2.13 Subscriber+.SSRF HIGH" "wp-showhide 1.05 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "winterlock 1.0.23 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "winterlock 1.0.21 Unauthenticated.Stored.Cross-Site.Scripting CRITICAL" "woo-conditional-product-fees-for-checkout 3.9.3.2 Reflected.Cross-Site.Scripting MEDIUM" "woo-conditional-product-fees-for-checkout 3.8.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wd-facebook-feed 1.2.9 Reflected.XSS MEDIUM" "wd-facebook-feed 1.1.27 Authenticated.SQL.Injection MEDIUM" "wp-rss-aggregator 4.23.12 Missing.Authorization.to.Authenticated.(Subscriber+).Feed.State.Update MEDIUM" "wp-rss-aggregator 4.23.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-rss-aggregator 4.23.6 Authenticated.(Admin+).Server-Side.Request.Forgery.via.RSS.Feed.Source LOW" "wp-rss-aggregator 4.23.5 Admin+.Stored.XSS MEDIUM" "wp-rss-aggregator 4.20 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-rss-aggregator 4.19.3 Subscriber+.Stored.Cross-Site.Scripting HIGH" "wp-rss-aggregator 4.19.2 Admin+.Stored.Cross-Site.Scripting LOW" "wordpress-countdown-widget 3.1.9.3 Admin+.Stored.XSS LOW" "wc-vendors 2.4.7.1 Authenticated.(Shop.manager+).SQL.Injection.via.search.dates HIGH" "wc-vendors 2.4.5 Contributor+.Stored.XSS MEDIUM" "wp-private-message 1.0.6 Private.Message.Disclosure.via.IDOR MEDIUM" "wp-born-babies No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wp-fastest-cache 1.2.7 Admin+.Arbitrary.File.Deletion MEDIUM" "wp-fastest-cache 1.2.2 Unauthenticated.SQL.Injection HIGH" "wp-fastest-cache 1.1.5 Blind.SSRF.via.CSRF LOW" "wp-fastest-cache 1.1.3 Multiple.CSRF LOW" "wp-fastest-cache 0.9.5 Subscriber+.SQL.Injection HIGH" "wp-fastest-cache 0.9.5 CSRF.to.Stored.Cross-Site.Scripting HIGH" "wp-fastest-cache 0.9.1.7 Authenticated.Arbitrary.File.Deletion.via.Path.Traversal LOW" "wp-fastest-cache 0.9.0.3 Cross-Site.Request.Forgery.(CSRF).Arbitrary.File.Deletion CRITICAL" "wp-fastest-cache 0.8.9.6 Directory.Traversal MEDIUM" "wp-fastest-cache 0.8.9.1 Unauthenticated.Arbitrary.File.Deletion HIGH" "wp-fastest-cache 0.8.8.6 CSRF.and.multiple.XSS CRITICAL" "wp-fastest-cache 0.8.7.5 Blind.SQL.Injection HIGH" "woo-ecommerce-tracking-for-google-and-facebook 3.7.2 CSRF MEDIUM" "woo-ecommerce-tracking-for-google-and-facebook 3.7.1 Reflected.Cross-Site.Scripting MEDIUM" "woo-ecommerce-tracking-for-google-and-facebook 3.6.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "watu 3.4.1.2 Author+.Stored.XSS MEDIUM" "watu 3.4.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "watu 3.4.1.1 Sensitive.Information.Disclosure MEDIUM" "watu 3.3.9.3 Reflected.XSS HIGH" "watu 3.3.9.1 Reflected.XSS HIGH" "watu 3.3.8.1 Admin+.Stored.XSS LOW" "watu 3.3.8.3 Admin+.Stored.XSS LOW" "watu 3.3.8.2 Reflected.XSS HIGH" "watu 3.1.2.6 Reflected.XSS.via.question-form.html.php HIGH" "wpfrom-email 1.8.9 Admin+.Stored.XSS LOW" "wpagecontact No.known.fix Authenticated.(editor+).SQL.Injection HIGH" "wp-rest-filter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-rest-filter No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-mail-catcher 2.1.10 Reflected.Cross-Site.Scripting MEDIUM" "wp-mail-catcher 2.1.7 Cross-Site.Request.Forgery MEDIUM" "wp-mail-catcher 2.1.4 WP.Mail.Catcher.<.2.1.4.-.Admin+.SQLi MEDIUM" "wp-mail-catcher 2.1.3 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "woo-billingo-plus 4.4.5.4 Multiple.CSRF MEDIUM" "wp-rollback 1.2.3 Cross-Site.Scripting.(XSS).&.CSRF HIGH" "wp-google-street-view 1.0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "whizzy No.known.fix Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "whizzy No.known.fix Missing.Authorization MEDIUM" "wp-olivecart No.known.fix Admin+.Stored.XSS LOW" "wp-gallery-exporter No.known.fix Authenticated.(Administrator+).Arbitrary.File.Download LOW" "wp-report-post No.known.fix Reflected.XSS HIGH" "woo-tipdonation No.known.fix Shop.Manager+.Stored.XSS MEDIUM" "wordpress-notification-bar No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "weixin-robot-advanced No.known.fix Reflected.XSS HIGH" "wc-dynamic-pricing-and-discounts 2.4.2 Unauthenticated.Settings.Export MEDIUM" "wc-dynamic-pricing-and-discounts 2.4.2 Unauthenticated.Settings.Import.to.Stored.XSS HIGH" "woo-thank-you-page-nextmove-lite 2.18.2 Cross-Site.Request.Forgery MEDIUM" "woo-thank-you-page-nextmove-lite 2.18.1 Missing.Authorization.to.Unauthenticated.System.Information.Disclosure MEDIUM" "woo-thank-you-page-nextmove-lite 2.18.0 Subscriber+.Arbitrary.Plugin.Installation/Activation HIGH" "woo-product-table 3.1.2 Unauthenticated.Arbitrary.Function.Call CRITICAL" "wp-smart-preloader 1.15.1 Admin+.Stored.XSS LOW" "wp-lister-for-ebay 3.6.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-lister-for-ebay 3.6.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-lister-for-ebay 3.6.0 Authenticated.(Shop.Manager+).Arbitrary.File.Upload HIGH" "wp-lister-for-ebay 3.6.0 Authenticated.(Shop.Manager+).Stored.Cross-Site.Scripting MEDIUM" "wp-lister-for-ebay 3.5.8 Reflected.Cross-Site.Scripting.via.'s' MEDIUM" "wp-security-questions No.known.fix CSRF.Bypass MEDIUM" "wp-security-questions No.known.fix Cross-Site.Request.Forgery HIGH" "wp-webinarsystem 1.33.21 Cross-Site.Request.Forgery MEDIUM" "wp-webinarsystem 1.33.21 Cross-Site.Request.Forgery MEDIUM" "wp-webinarsystem 1.33.10 Reflected.Cross-Site.Scripting MEDIUM" "widget-post-slider 1.3.6 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-categories-widget 2.3 Reflected.XSS HIGH" "wp-downgrade 1.2.3 Admin+.Stored.Cross-Site.Scripting LOW" "wp-shop-original No.known.fix Unauthenticated.Settings.Update MEDIUM" "wgauge No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wgauge No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "wbcom-designs-buddypress-search No.known.fix Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "webcam-2way-videochat 5.2.8 Reflected.Cross-Site.Scripting HIGH" "webcam-2way-videochat 4.41.2 Cross-Site.Scripting.(XSS) MEDIUM" "wordpress-file-upload-pro 4.16.3 Contributor+.Path.Traversal.to.RCE CRITICAL" "wordpress-file-upload-pro 4.16.3 Contributor+.Stored.Cross-Site.Scripting.via.Malicious.SVG MEDIUM" "wordpress-file-upload-pro 4.16.3 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wolfnet-idx-for-wordpress No.known.fix Admin+.Stored.XSS LOW" "woo-add-to-cart-text-change 2.1 Add.to.cart.Text.Update.via.CSRF MEDIUM" "webapp-builder No.known.fix Unauthenticated.File.Upload CRITICAL" "woo-checkout-for-digital-goods 3.7.1 Reflected.Cross-Site.Scripting MEDIUM" "woo-checkout-for-digital-goods 3.6.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-checkout-for-digital-goods 2.2 CSRF.to.Settings.Change MEDIUM" "wp-editormd 10.0.4 Cross-Site.Scripting.(XSS) MEDIUM" "woo-product-bundle 7.3.2 Cross-Site.Request.Forgery MEDIUM" "w3-total-cache 2.7.6 Sensitive.Credentials.Stored.in.Plaintext LOW" "w3-total-cache 2.1.5 Reflected.XSS.in.Extensions.Page.(JS.Context) HIGH" "w3-total-cache 2.1.4 Reflected.XSS.in.Extensions.Page.(Attribute.Context) CRITICAL" "w3-total-cache 2.1.3 Authenticated.Stored.XSS MEDIUM" "w3-total-cache 0.9.7.4 Blind.SSRF.and.RCE.via.phar HIGH" "w3-total-cache 0.9.7.4 Cross-Site.Scripting.(XSS) HIGH" "w3-total-cache 0.9.7.4 Cryptographic.Signature.Bypass HIGH" "w3-total-cache 0.9.5 Weak.Validation.of.Amazon.SNS.Push.Messages CRITICAL" "wpoptin 2.0.2 Unauthenticated.Local.File.Inclusion HIGH" "wpoptin 1.2.7 Reflected.Cross-Site.Scripting MEDIUM" "wpoptin 1.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-simple-frontend-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-simple-frontend-manager 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ws-form 1.9.244 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "ws-form 1.9.218 Unauthenticated.CSV.Injection MEDIUM" "ws-form 1.9.171 Authenticated(Administrator+).SQL.Injection MEDIUM" "ws-form 1.8.176 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "ws-form 1.8.176 Admin+.Stored.Cross-Site.Scripting LOW" "wp-invoice No.known.fix Arbitrary.Settings.Update.via.CSRF HIGH" "wp-invoice No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "wp-invoice 4.1.1 Multiple.Vulnerabilities MEDIUM" "wp-publications No.known.fix Local.File.Inclusion HIGH" "wp-mapit 3.0.0 Contributor+.Stored.XSS MEDIUM" "wrc-pricing-tables 2.3.8 Missing.Authorization MEDIUM" "wrc-pricing-tables 2.3.9 Admin+.Stored.XSS LOW" "woosaleskit-bar No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "wptouch 4.3.45 Admin+.PHP.Object.Injection MEDIUM" "wptouch 4.3.45 Admin+.Arbitrary.File.Upload MEDIUM" "wptouch 4.3.44 Reflected.Cross-Site.Scripting MEDIUM" "wp-easy-booking 2.4.5 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "woo-mailerlite 2.0.9 Missing.Authorization.via.Multiple.Functions MEDIUM" "woo-mailerlite 2.0.9 Cross-Site.Request.Forgery.via.Multiple.AJAX.Functions MEDIUM" "wp-cfm 1.7.9 Cross-Site.Request.Forgery.via.multiple.AJAX.functions MEDIUM" "wp-backup-manager No.known.fix Reflected.XSS HIGH" "word-balloon 4.22.0 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "word-balloon 4.20.3 Avatar.Removal.via.CSRF MEDIUM" "word-balloon 4.19.3 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-extended-search 2.1.2 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-security-audit-log 4.6.2 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "wp-security-audit-log 4.4.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-security-audit-log 4.5.2 Subscriber+.Information.Leak MEDIUM" "wp-security-audit-log 4.4.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-security-audit-log 4.1.5 SQL.Injection.in.External.Database.Module HIGH" "wp-security-audit-log 4.0.2 Broken.Access.Control.in.First-Time.Install.Wizard CRITICAL" "wp-security-audit-log 3.3.1.2 Subscriber+.Arbitrary.Option.Update MEDIUM" "widget-options 4.0.2 Extended.<=.5.1.0.&..Widget.Options.<=.4.0.1.-.Authenticated.(Subscriber+).Information.Disclosure MEDIUM" "wp-cufon No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-roadmap 1.0.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wpfunnels 3.0.7 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wpfunnels 2.7.17 Reflected.Cross-Site.Scripting HIGH" "wpfunnels 2.6.9 Contributor+.Stored.XSS MEDIUM" "wp-openagenda 1.9.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-super-popup No.known.fix Admin+.Stored.XSS LOW" "woo-quick-cart-for-multiple-variations No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-quick-cart-for-multiple-variations No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-custom-cursors No.known.fix Admin+.Stored.XSS LOW" "wp-custom-cursors 3.2 Admin+.SQLi MEDIUM" "wp-custom-cursors 3.2 Admin+.SQLi MEDIUM" "wp-custom-cursors 3.0.1 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "wp-custom-cursors 3.0.1 Arbitrary.Cursor.Deletion.via.CSRF MEDIUM" "woo-variation-swatches 1.0.62 Reflected.XSS MEDIUM" "wiseagentleadform 3.0 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-simple-registration No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "w3speedster-wp 7.20 Settings.Update.via.CSRF MEDIUM" "wp-smart-contracts 1.3.12 Author+.SQLi MEDIUM" "woo-razorpay 4.5.7 Transfers.Manipulation.via.CSRF MEDIUM" "woo-razorpay 4.5.7 Subscriber+.Transfers.Manipulation MEDIUM" "wp-optin-wheel 1.4.3 Sensitive.Information.Exposure.via.Log.File MEDIUM" "wp-twitter-mega-fan-box No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-translate No.known.fix Missing.Authorization MEDIUM" "wpdtol-database-table-overview-logs 1.1.0 Reflected.Cross-Site.Scripting MEDIUM" "woo-custom-and-sequential-order-number No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-cleanfix 5.7.0 Subscriber+.Post/Comment/Post.Meta.Content.Replacement MEDIUM" "wp-cleanfix 3.0.2 Remote.Comm&.Execution,.CSRF.&.XSS HIGH" "wp-upload-restriction 2.2.5 Missing.Access.Control.in.deleteCustomType MEDIUM" "wp-upload-restriction No.known.fix Authenticated.Stored.XSS MEDIUM" "wp-upload-restriction 2.2.5 Missing.Access.Control.in.getSelectedMimeTypesByRole MEDIUM" "wp-courses 3.2.4 Cross-Site.Request.Forgery MEDIUM" "wp-courses 3.2.4 Missing.Authorization MEDIUM" "wp-courses 3.2.4 Subscriber+.Arbitrary.Options.Update HIGH" "wp-courses 2.0.44 Reflected.Cross-Site.Scripting HIGH" "wp-courses 2.0.44 Authenticated.Stored.XSS.via.Video.Embed.Code LOW" "wp-courses 2.0.29 Broken.Access.Controls.leading.to.Courses.Content.Disclosure HIGH" "wc-fields-factory 4.1.7 ShopManager+.SQLi MEDIUM" "wpvivid-backuprestore 0.9.106 Unauthenticated.Sensitive.Data.Exposure HIGH" "wpvivid-backuprestore 0.9.100 Admin+.PHAR.Deserialization HIGH" "wpvivid-backuprestore 0.9.69 Unauthenticated.SQLi.&.DoS HIGH" "wpvivid-backuprestore 0.9.95 Missing.Authorization MEDIUM" "wpvivid-backuprestore 0.9.92 WPvivid.<.0.9.92.-.Unauthenticated.Sensitive.Information.Exposure HIGH" "wpvivid-backuprestore 0.9.90 Admin+.Stored.XSS MEDIUM" "wpvivid-backuprestore 0.9.90 Admin+.Stored.XSS MEDIUM" "wpvivid-backuprestore 0.9.90 Admin+.Arbitrary.Directory.Deletion.via.Path.Traversal HIGH" "wpvivid-backuprestore 0.9.91 Missing.Authorization.via.'start_staging'.and.'get_staging_progress' HIGH" "wpvivid-backuprestore 0.9.77 Admin+.Arbitrary.File.Deletion MEDIUM" "wpvivid-backuprestore 0.9.76 Admin+.Arbitrary.File.Read MEDIUM" "wpvivid-backuprestore 0.9.75 Admin+.PHAR.Deserialization MEDIUM" "wpvivid-backuprestore 0.9.71 Admin+.Arbitrary.File.Download LOW" "wpvivid-backuprestore 0.9.70 Reflected.Cross-Site.Scripting MEDIUM" "wpvivid-backuprestore 0.9.69 Unauthenticated.Stored.Cross-Site.Scripting CRITICAL" "wpvivid-backuprestore 0.9.56 Reflected.Cross-Site.Scripting HIGH" "wp-rest-api-authentication 2.4.1 Settings.Update.via.CSRF MEDIUM" "wp-events-manager 2.2.0 Authenticated.(Subscriber+).Time-Based.SQL.Injection HIGH" "wp-attest No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-attest No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "weight-based-shipping-for-woocommerce 5.5.0 Settings.Update.via.CSRF MEDIUM" "wp-better-emails No.known.fix Admin+.Stored.XSS LOW" "wpeform-lite 1.6.5 Reflected.Cross-Site.Scripting MEDIUM" "wpeform-lite 1.6.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpb-show-core 2.7 Reflected.XSS HIGH" "wpb-show-core 2.6 Reflected.XSS HIGH" "wpb-show-core 2.7 Reflected.XSS HIGH" "wpb-show-core No.known.fix Unauthenticated.Server.Side.Request.Forgery MEDIUM" "wpb-show-core No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "wpb-show-core No.known.fix Reflected.Cross-Site.Scripting HIGH" "woo-variation-gallery 1.1.29 Authenticated.Stored.XSS MEDIUM" "wpgenious-job-listing No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "wp-mailto-links 3.1.4 Contributor+.Stored.XSS MEDIUM" "websimon-tables No.known.fix Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-curriculo-vitae No.known.fix Unauthenticated.Arbitrary.File.Upload.to.RCE CRITICAL" "wptools 3.43 Subscriber+.Arbitrary.Plugin.Installation HIGH" "wp-pro-quiz No.known.fix Arbitrary.Quiz.Deletion.via.CSRF MEDIUM" "wp-retina-2x 6.4.6 Sensitive.Information.Exposure MEDIUM" "wp-retina-2x 5.2.3 Cross-Site.Scripting.(XSS) MEDIUM" "wp-subscribe 1.2.13 Admin+.Stored.Cross-Site.Scripting LOW" "website-file-changes-monitor 1.8.3 Admin+.SQLi MEDIUM" "wp-responsive-menu 3.1.7.1 Subscriber+.Settings.Update.to.Stored.XSS HIGH" "wp-affiliate-disclosure 1.2.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.$id MEDIUM" "wp-affiliate-disclosure 1.2.7 Cross-Site.Request.Forgery.via.check_capability MEDIUM" "wp-affiliate-disclosure 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-affiliate-disclosure 1.1.4 Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-my-admin-bar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-my-admin-bar No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-esto 2.23.2 Settings.Update.via.CSRF MEDIUM" "wpview No.known.fix Admin+.Stored.XSS LOW" "wp-time-slots-booking-form 1.2.12 Missing.Authorization MEDIUM" "wp-time-slots-booking-form 1.2.11 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-time-slots-booking-form 1.2.07 Unauthenticated.Price.Manipulation MEDIUM" "wp-time-slots-booking-form 1.1.82 Admin+.Stored.XSS LOW" "wp-time-slots-booking-form 1.1.63 Admin+.Stored.Cross-Site.Scripting LOW" "wp-backpack No.known.fix Admin+.Stored.XSS LOW" "wpgsi 3.8.1 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "wpgsi 3.7.9 Reflected.Cross-Site.Scripting MEDIUM" "wpgsi 3.6.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpgsi 3.6.0 Reflected.Cross-Site.Scripting HIGH" "wpgsi 3.6.0 CSRF.Bypass MEDIUM" "wp-live-tv No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-live-tv No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpheka-request-for-quote 1.3 CSRF.Bypass MEDIUM" "wp-sort-order 1.3.2 Missing.Authorization MEDIUM" "wp-sitemap-page 1.7.0 Admin+.Stored.Cross.Site.Scripting LOW" "wp-topbar No.known.fix CSRF MEDIUM" "wp-topbar No.known.fix Admin+.SQLi MEDIUM" "woocommerce-ajax-filters 1.5.4.7 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "wphobby-demo-import No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woomotiv 3.5.0 Review.Count.Reset.via.CSRF MEDIUM" "woomotiv 3.4.0 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-bulk-order-form 3.6.0 Shop.Manager+.Stored.XSS MEDIUM" "wck-custom-fields-and-custom-post-types-creator 2.3.3 Admin+.Stored.XSS LOW" "wpcomplete 2.9.5 Reflected.Cross-Site.Scripting HIGH" "woolementor 4.5 Unauthenticated.PHP.Object.Injection CRITICAL" "woolementor 4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "wd-instagram-feed 1.4.29 Reflected.Cross-Site.Scripting.(XSS) HIGH" "wd-instagram-feed 1.3.1 XSS MEDIUM" "wp-image-zoooom 1.47 Local.File.Inclusion MEDIUM" "wphrm 1.1 Authenticated.SQL.Injection HIGH" "wp-hide-pages No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-bulk-delete 1.3.2 Reflected.Cross-Site.Scripting MEDIUM" "writersblok-ai 1.3.20 Reflected.Cross-Site.Scripting MEDIUM" "woo-order-export-lite 3.4.5 Shop.Manager+.Remote.Code.Execution CRITICAL" "woo-order-export-lite 3.3.3 Export.Files.via.CSRF MEDIUM" "woo-order-export-lite 3.3.2 Reflected.Cross-Site.Scripting MEDIUM" "woo-order-export-lite 3.1.8 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "woo-order-export-lite 3.1.4 Authenticated.Cross-Site.Scripting.(XSS) LOW" "woo-order-export-lite 1.5.5 CSV.Injection HIGH" "wpforms 1.8.5.4 Unauthenticated.Stored.Cross-Site.Scripting.via.Form.Submission HIGH" "wpforms 1.7.7 CSV.Injection MEDIUM" "wp-simple-firewall 20.0.6 Reflected.XSS HIGH" "wp-simple-firewall 19.1.11 Cross-Site.Request.Forgery MEDIUM" "wp-simple-firewall 18.5.10 Unauthenticated.Local.File.Inclusion CRITICAL" "wp-simple-firewall 18.5.8 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-simple-firewall 17.0.18 Unauthenticated.Stored.XSS HIGH" "wp-simple-firewall 17.0.18 Subscriber+.Arbitrary.Log.Entry.Creation MEDIUM" "wp-simple-firewall 13.0.6 Admin+.Stored.Cross-Site.Scripting LOW" "wordfence 7.6.1 Admin+.Stored.Cross-Site.Scripting LOW" "wordfence 7.1.14 Username.Enumeration.Prevention.Bypass MEDIUM" "wordfence 5.1.5 Cross-Site.Scripting.(XSS) MEDIUM" "wp-db-backup 2.5.2 Arbitrary.Schedule.Settings.Update.via.CSRF MEDIUM" "wp-db-backup 2.5.1 Admin+.SQL.Injection MEDIUM" "wp-db-backup 2.4 Authenticated.Persistent.Cross-Site.Scripting.(XSS) MEDIUM" "wp-db-backup 2.3.0 Backup.Filename.Brute.Forcing HIGH" "wp-rest-user No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-rest-user No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wassup No.known.fix Unauthenticated.Stored.XSS HIGH" "wassup 1.9.1 Cross.Site.Scripting MEDIUM" "wordpress-database-reset 3.23 Cross-Site.Request.Forgery.to.WP.Reset.Plugin.Installation MEDIUM" "wordpress-database-reset 3.15 Privilege.Escalation HIGH" "wordpress-database-reset 3.15 Unauthenticated.Database.Reset CRITICAL" "wpcs-wp-custom-search No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-links-page 4.9.6 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Image.Update MEDIUM" "wp-links-page 4.9.5 Cross-Site.Request.Forgery.via.wplf_ajax_update_screenshots MEDIUM" "wp-links-page 4.9.4 Contributor+.Stored.XSS MEDIUM" "wp-fountain No.known.fix Reflected.Cross-Site.Scripting HIGH" "wp-social 3.0.1 Missing.Authorization.to.Unauthenticated.Social.Login/Share.Status.Update MEDIUM" "wp-prayers-request No.known.fix Email.Settings.Update.via.CSRF MEDIUM" "wp-prayers-request No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-display-users No.known.fix Authenticated.SQL.Injection MEDIUM" "wp-users-disable No.known.fix Unauthenticated.Settings.Update MEDIUM" "woo-swatches-manager No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpdbspringclean No.known.fix Reflected.XSS HIGH" "wp-ses 1.4.5 Stored.Cross-Site.Scripting.(XSS) HIGH" "wp-dark-mode 5.0.5 Missing.Authorization MEDIUM" "wp-dark-mode 4.0.8 Subscriber+.Local.File.Inclusion MEDIUM" "wp-dark-mode 4.0.0 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "woocommerce-delivery-notes 4.9.0 Missing.Authorization.to.Notice.Dismissal MEDIUM" "woocommerce-delivery-notes 4.7.2 Reflected.XSS HIGH" "wpc-grouped-product 4.4.3 Missing.Authorization MEDIUM" "wp-code-highlightjs No.known.fix Undisclosed.Cross-Site.Scripting.(XSS) MEDIUM" "wp-code-highlightjs 0.6.3 CSRF.to.Stored.XSS MEDIUM" "woocommerce-order-status-change-notifier No.known.fix Subscriber+.Arbitrary.Order.Status.Update MEDIUM" "wp-post-modal No.known.fix Admin+.Stored.XSS LOW" "wpzoom-addons-for-beaver-builder 1.3.6 Authenticated.(Editor+).Local.File.Inclusion HIGH" "wpzoom-addons-for-beaver-builder 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Testimonials.Widget MEDIUM" "wpzoom-addons-for-beaver-builder 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Widget MEDIUM" "wpzoom-addons-for-beaver-builder 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Heading.Widget MEDIUM" "wpzoom-addons-for-beaver-builder 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Box.Widget MEDIUM" "wpzoom-addons-for-beaver-builder 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Team.Members.Widget MEDIUM" "wp-customer-reviews 3.7.1 Malicious.Redirect.via.HTTP-EQUIV.Injection LOW" "wp-customer-reviews 3.6.7 Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "wp-customer-reviews 3.6.7 Admin+.Stored.XSS MEDIUM" "wp-customer-reviews 3.5.6 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-customer-reviews 3.4.3 Multiple.Unauthenticated.and.Low.Priv.Authenticated.Stored.XSS CRITICAL" "wp-customer-reviews 3.0.9 CSRF.&.XSS HIGH" "wp-user-avatar 4.15.9 Contributor+.Stored.XSS MEDIUM" "wp-user-avatar 4.15.5 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wp-user-avatar 4.15.6 Contributor+.Stored.Cross-Site.Scripting.via.'reg-single-checkbox' MEDIUM" "wp-user-avatar 4.15.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wp-user-avatar 4.15.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.profilepress-edit-profile.Shortcode MEDIUM" "wp-user-avatar 4.15.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.[reg-select-role].Shortcode MEDIUM" "wp-user-avatar 4.15.0 Unauthenticated.Stored.XSS MEDIUM" "wp-user-avatar 4.15.0 Contributor+.Stored.XSS MEDIUM" "wp-user-avatar 4.15.0 Contributor+.Stored.XSS MEDIUM" "wp-user-avatar 4.14.4 Contributor+.Stored.XSS MEDIUM" "wp-user-avatar 4.13.3 Information.Disclosure.via.Debug.Log MEDIUM" "wp-user-avatar 4.13.2 ProfilePress.<.4,13,2.Cross-Site.Request.Forgery.via.'admin_notice' MEDIUM" "wp-user-avatar 4.13.2 Limited.Privilege.Escalation.via.'acceptable_defined_roles' HIGH" "wp-user-avatar 4.5.5 Reflected.XSS HIGH" "wp-user-avatar 4.5.5 Reflected.XSS HIGH" "wp-user-avatar 4.5.5 Contributor+.Stored.XSS MEDIUM" "wp-user-avatar 4.5.4 Admin+.Stored.XSS LOW" "wp-user-avatar 4.5.1 Admin+.Stored.Cross-Site.Scripting LOW" "wp-user-avatar 4.5.1 Admin+.Stored.Cross-Site.Scripting.via.Form.Settings LOW" "wp-user-avatar 3.2.3 Reflected.Cross-Site.Scripting HIGH" "wp-user-avatar 3.2.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-user-avatar 3.1.11 Unauthenticated.Cross-Site.Scripting.(XSS).in.tabbed.login/register.widget MEDIUM" "wp-user-avatar 3.1.11 Multiple.Vulnerabilities CRITICAL" "wp-user-avatar 3.1.4 3.1.3.-.Unauthenticated.Privilege.Escalation CRITICAL" "wp-user-avatar 3.1.4 3.1.3.-.Arbitrary.File.Upload.in.Image.Uploader.Component MEDIUM" "wp-user-avatar 3.1.8 Authenticated.Stored.XSS CRITICAL" "wp-user-avatar 3.1.4 3.1.3.-.Authenticated.Privilege.Escalation CRITICAL" "wp-mobile-detector 3.6 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-academic-people No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-social-media-share-buttons No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "woocommerce-menu-extension No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-cron-status-checker 1.2.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-cron-status-checker 1.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-datepicker 2.1.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-datepicker 2.1.1 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "where-i-was-where-i-will-be No.known.fix Unauthenticated.Remote.File.Inclusion CRITICAL" "woo-auto-coupons 3.0.15 Reflected.Cross-Site.Scripting MEDIUM" "wc-cashapp 5.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-staging 3.5.0 Admin+.Arbitrary.File.Upload MEDIUM" "wp-staging 3.5.0 Admin+.SSRF MEDIUM" "wp-staging 3.5.0 Sensitive.Information.Exposure.via.Log.File MEDIUM" "wp-staging 3.4.0 Admin+.Stored.XSS LOW" "wp-staging 3.2.0 Unauthorized.Sensitive.Data.Exposure HIGH" "wp-staging 3.1.3 Unauthenticated.Backup.Download HIGH" "wp-staging 2.9.18 Admin+.Stored.Cross-Site.Scripting LOW" "wc-customer-source 1.3.2 Authenticated.(Shop.Manager+).Stored.Cross-Site.Scripting MEDIUM" "wp-jquery-lightbox 1.5.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.title.Attribute MEDIUM" "wp-support-plus-responsive-ticket-system 9.1.2 Stored.XSS MEDIUM" "wp-support-plus-responsive-ticket-system 9.0.3 Multiple.Authenticated.SQL.Injection CRITICAL" "wp-support-plus-responsive-ticket-system 8.0.8 Remote.Code.Execution CRITICAL" "wp-support-plus-responsive-ticket-system 8.0.8 Remote.Code.Execution.(RCE) CRITICAL" "wp-support-plus-responsive-ticket-system 8.0.0 Privilege.Escalation CRITICAL" "wp-support-plus-responsive-ticket-system 8.0.0 WP.Support.Plus.Responsive.Ticket.System.<.8,0,0.–.Authenticated.SQL.Injection MEDIUM" "woocommerce-cvr-payment-gateway 6.1.0 Missing.Authorization.to.Authenticated.(Contributor+).CVR.Update MEDIUM" "woo-product-attachment 2.2.0 Checkout.Attachements.Update.via.CSRF MEDIUM" "woo-product-attachment 2.1.8 Reflected.Cross-Site.Scripting MEDIUM" "woo-product-attachment 2.1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-shipping-canada-post 2.8.4 Unauthenticated.Unauthorised.Action MEDIUM" "woocommerce-shipping-canada-post 2.8.4 Cross-Site.Request.Forgery MEDIUM" "wp-google-fonts 3.1.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-intercom-slack No.known.fix Slack.Access.Token.Disclosure HIGH" "wp-maintenance 6.1.9.3 IP.Spoofing.to.Maintenance.Mode.Bypass MEDIUM" "wp-maintenance 6.1.7 Information.Exposure MEDIUM" "wp-maintenance 6.1.4 IP.Restriction.Bypass MEDIUM" "wp-maintenance 6.0.8 Admin+.Stored.Cross-Site.Scripting LOW" "wp-maintenance 6.0.6 Admin+.Stored.Cross-Site.Scripting LOW" "wp-maintenance 5.0.7 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting HIGH" "wp-share-buttons-analytics-by-getsocial 4.4 Admin+.Stored.XSS LOW" "wp-phpmyadmin-extension 5.2.0.4 Reflected.Cross-Site.Scripting MEDIUM" "wp-phpmyadmin-extension 5.2.0.4 Admin+.Stored.Cross-Site.Scripting LOW" "wp-file-manager-pro 8.3.8 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wp-file-manager-pro 8.3.5 Directory.Traversal CRITICAL" "wp-file-manager-pro 8.3.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-file-manager-pro 8.3.5 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wp-helper-lite No.known.fix Missing.Authorization.in.whp_smtp_send_mail_test MEDIUM" "wp-helper-lite 4.6.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-helper-lite 4.5.2 Cross-Site.Request.Forgery.via.whp_fields MEDIUM" "wp-helper-lite 4.3 Reflected.Cross-Site.Scripting HIGH" "woocommerce-multiple-customer-addresses 21.7 Arbitrary.Address.Creation/Deletion/Access/Update.via.IDOR HIGH" "wp-taxonomy-import No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-germanized 3.9.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-comment-designer-lite 2.0.4 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wp-stats 2.52 CSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "wpadcenter 2.5.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.ad_alignment.Attribute MEDIUM" "wp-stripe-express 1.12.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-stripe-express 1.7.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-1-slider 1.3.0 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wp-crm-system 3.2.9.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-structuring-markup No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-copyprotect No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-login-and-logout-redirect 2.0 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-abstracts-manuscripts-manager 2.7.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-abstracts-manuscripts-manager 2.6.4 Admin+.Stored.XSS LOW" "wp-abstracts-manuscripts-manager 2.6.3 Cross-Site.Request.Forgery MEDIUM" "wp-abstracts-manuscripts-manager 2.6.4 Reflected.XSS HIGH" "wp-blogs-planetarium No.known.fix Settings.Update.via.CSRF MEDIUM" "webful-simple-grocery-shop No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wordpress-form-manager 1.7.3 Authenticated.Remote.Command.Execution.(RCE) CRITICAL" "widgets-for-zillow-reviews 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "woo-add-to-quote 1.5.0 Reflected.Cross-Site.Scripting MEDIUM" "woo-add-to-quote 1.4.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-education 1.2.7 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "webinar-and-video-conference-with-jitsi-meet 2.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-fade-in-text-news 12.1 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "wp-crm No.known.fix CSV.Injection LOW" "wesecur-security No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "woo-confirmation-email No.known.fix Reflected.XSS HIGH" "woo-confirmation-email No.known.fix Authentication.bypass.via.weak.token.generation HIGH" "woo-confirmation-email 3.4.0 CSRF.leading.to.Option.Update CRITICAL" "wp-security-pro 4.2.1 Admin+.Stored.Cross-Site.Scripting LOW" "wp-notification-bell 1.3.13 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-cerber 9.5 IP.Protection.Bypass MEDIUM" "wp-cerber 9.2 Unauthenticated.Stored.XSS HIGH" "wp-cerber 9.3.3 User.Enumeration.Bypass.via.Rest.API LOW" "wp-cerber 9.1 Username.Enumeration.Bypass MEDIUM" "wp-cerber 8.9.6 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-cerber 8.9.3 Rest-API.Protection.Bypass MEDIUM" "wp-cerber 8.9.3 2FA.Authentication.Bypass MEDIUM" "wp-cerber 2.7 Unauthenticated.Stored.XSS MEDIUM" "woocommerce-shipping-per-product 2.5.5 Missing.Authorization MEDIUM" "wp-security-hardening 1.2.7 Unauthenticated.Security.Feature.Bypass.to.Username.Enumeration MEDIUM" "wp-security-hardening 1.2.2 Reflected.XSS.via.historyvalue HIGH" "wp-security-hardening 1.2.2 Reflected.XSS.via.URI MEDIUM" "woc-open-close 4.9.2 Missing.Authorization MEDIUM" "wordpress-gallery No.known.fix "load".Remote.File.Inclusion CRITICAL" "wp-mail-bank 3.0.13 Reflected.Cross-Site.Scripting MEDIUM" "wp-multi-store-locator No.known.fix Contributor+.Stored.XSS MEDIUM" "wpseo-local 15.0 Contributor+.Stored.XSS MEDIUM" "wpseo-local 15.0 Contributor+.Stored.XSS MEDIUM" "wpseo-local 14.9 Reflected.XSS HIGH" "wpseo-local 14.9 CSRF MEDIUM" "woo-products-widgets-for-elementor No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "woo-products-widgets-for-elementor 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "woo-products-widgets-for-elementor 1.0.8 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "woo-products-widgets-for-elementor 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-ultimate-recipe 3.12.7 Authenticated.Stored.XSS MEDIUM" "wp-manutencao 1.0.7 IP.Spoofing.to.Maintenance.Mode.Bypass MEDIUM" "wp-fullcalendar 1.5 Unauthenticated.Arbitrary.Post.Access HIGH" "wp-fundraising-donation 1.7.1 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "wp-fundraising-donation 1.7.0 Missing.Authorization MEDIUM" "wp-fundraising-donation 1.5.0 Unauthenticated.SQLi HIGH" "woocommerce-menu-bar-cart 2.12.0 Reflected.Cross-Site.Scripting MEDIUM" "wccp-pro 15.3 Admin+.Stored.XSS LOW" "wccp-pro 15.3 Open.Redirect MEDIUM" "woo-availability-date No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "wp-smart-editor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wcp-contact-form No.known.fix Reflected.XSS HIGH" "wp-membership 1.5.7 Subscriber+.Privilege.Escalation CRITICAL" "wp-membership No.known.fix Multiple.Vulnerabilities MEDIUM" "wp-baidu-submit No.known.fix Admin+.Stored.XSS LOW" "www-xml-sitemap-generator-org 2.0.4 Reflected.Cross-Site.Scripting MEDIUM" "woorewards 5.3.1 Missing.Authorization MEDIUM" "wp-persistent-login 2.0.15 Reflected.Cross-Site.Scripting MEDIUM" "wp-persistent-login 2.0.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-woocart-popup-lite No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-live-chat-support-pro 8.0.32 File.Upload.Bypass CRITICAL" "wp-live-chat-support-pro 8.0.0.7 Unauthenticated.RCE CRITICAL" "webmaster-tools No.known.fix Admin+.Stored.XSS LOW" "webmaster-tools No.known.fix Settings.Update.to.Stored.XSS.via.CSRF HIGH" "wp-cafe 2.2.29 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-cafe 2.2.28 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-cafe 2.2.26 Authenticated.(Contributor+).File.inclusion.via.Shortcode HIGH" "wp-cafe 2.2.26 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Reservation.Form.Shortcode MEDIUM" "wp-cafe 2.2.24 Unauthenticated.Blind.Server-Side.Request.Forgery MEDIUM" "wp-cafe 2.2.23 Missing.Authorization MEDIUM" "ws-facebook-likebox No.known.fix Contributor+.Stored.XSS MEDIUM" "webriti-smtp-mail No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-product-finder 1.4.2 Reflected.Cross-Site.Scripting MEDIUM" "wpdirectorykit 1.3.6 Reflected.Cross-Site.Scripting MEDIUM" "wpdirectorykit 1.3.1 Authenticated.(Subscriber+).SQL.Injection HIGH" "wpdirectorykit 1.3.0 Reflected.Cross-Site.Scripting MEDIUM" "wpdirectorykit 1.2.7 Missing.Authorization MEDIUM" "wpdirectorykit 1.2.4 Missing.Authorization.for.Plugin.Settings.Update MEDIUM" "wpdirectorykit 1.2.4 Reflected.Cross-Site.Scripting.via.search.parameter MEDIUM" "wpdirectorykit 1.2.0 Unauthenticated.Local.File.Inclusion HIGH" "wpdirectorykit 1.2.3 Unauthenticated.Arbitrary.Settings.Update MEDIUM" "wpdirectorykit 1.2.2 Cross-Site.Request.Forgery.to.Plugin.Settings.Update MEDIUM" "wpdirectorykit 1.2.0 Cross-Site.Request.Forgery MEDIUM" "wpdirectorykit 1.2.0 Open.Redirect MEDIUM" "wpdeepl 2.4.1.2 Log.Pruning.via.CSRF MEDIUM" "wpdeepl 1.7.5 API.Key.Disclosure MEDIUM" "wpappninja 11.51 Reflected.Cross-Site.Scripting MEDIUM" "wpappninja 11.49 Reflected.Cross-Site.Scripting MEDIUM" "wpappninja 11.42 Reflected.Cross-Site.Scripting MEDIUM" "wpappninja 11.21 Admin+.Stored.XSS LOW" "wpappninja 11.19 Admin+.Stored.XSS LOW" "wpappninja 11.14 Contributor+.Stored.XSS MEDIUM" "wp-like-button No.known.fix Missing.Authorization.via.crublabFBLBAjax LOW" "wp-like-button No.known.fix Button.Settings.Update.via.CSRF MEDIUM" "wp-like-button 1.6.4 Auth.Bypass MEDIUM" "wp-client-reports 1.0.23 Cross-Site.Request.Forgery MEDIUM" "wp-search-filter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-search-filter No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpexperts-square-for-give No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "wp-popup-banners No.known.fix Subscriber+.SQLi HIGH" "wp-popup-banners No.known.fix Subscriber+.SQLi HIGH" "wp-popup-banners 1.2.4 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wp-paginate 2.1.9 Admin+.Stored.Cross-Site.Scripting LOW" "wp-paginate 2.1.4 Admin+.Stored.Cross-Site.Scripting LOW" "wpaudio-mp3-player No.known.fix Contributor+.Stored.XSS MEDIUM" "widgets-for-alibaba-reviews 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "woo-preview-emails 2.2.2 Reflected.Cross-Site.Scripting MEDIUM" "woo-preview-emails 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-commentnavi 1.12.2 Admin+.Stored.XSS LOW" "wp-advance-comment No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-advance-comment No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-advance-comment No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-reviews-plugin-for-google 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "wp-reviews-plugin-for-google 10.9.1 Arbitrary.Settings.Update.via.CSRF MEDIUM" "wp-reviews-plugin-for-google 9.8 Contributor+.Stored.XSS MEDIUM" "wp-easy-pay 4.2.4 Missing.Authorization.to.Unauthenticated.Service.Disconnection MEDIUM" "wp-easy-pay 4.2b1 Reflected.Cross-Site.Scripting MEDIUM" "wp-easy-pay 4.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-easy-pay 4.1 CSRF MEDIUM" "wp-easy-pay 4.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-easy-pay 3.2.1 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "wp-easy-pay 3.2.3 Cross-Site.Request.Forgery MEDIUM" "woocommerce-abandoned-cart-pro 5.2.0 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "wp-media-library-categories 2.0.1 Admin+.Stored.XSS LOW" "wp-media-library-categories 2.0.0 Admin+.Stored.XSS LOW" "wp-business-intelligence-lite 1.6.3 SQL.Injection CRITICAL" "webp-converter-for-media 4.0.3 Unauthenticated.Open.redirect MEDIUM" "webp-converter-for-media 1.0.3 Cross-Site.Request.Forgery.(CSRF) HIGH" "wp-content-copy-protector 3.5.6 Admin+.Stored.XSS LOW" "wp-content-copy-protector 3.4.5 Settings.Update.via.CSRF MEDIUM" "wp-content-copy-protector 3.1.5 Arbitrary.Plugin.Installation/Activation.via.Low.Privilege.User CRITICAL" "wp-content-copy-protector 3.4 Arbitrary.Plugin.Installation/Activation.via.CSRF CRITICAL" "wc-multishipping 2.3.8 Subscriber+.Arbitrary.Account.Credentials.Test MEDIUM" "wc-multishipping 2.3.6 Missing.Authorization.to.Log.Export MEDIUM" "wp-seo-keyword-optimizer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-seo-keyword-optimizer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-seo-keyword-optimizer 2.1.9.8 Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-whois-domain No.known.fix Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "wp-sticky-social 1.0.2 Stored.XSS.via.CSRF HIGH" "wpglobus 1.9.7 Stored.XSS.&.CSRF HIGH" "woo-ukrposhta 1.17.0 Reflected.Cross-Site.Scripting MEDIUM" "woo-ukrposhta 1.6.18 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wsecure No.known.fix Admin+.Stored.XSS LOW" "wsecure 2.4 Remote.Code.Execution.(RCE) HIGH" "woo-checkout-regsiter-field-editor 2.1.9 Cross-Site.Request.Forgery MEDIUM" "wp-pocket-urls 1.0.3 Reflected.Cross-Site.Scripting HIGH" "wordpress-simple-paypal-shopping-cart 4.7.2 Authenticated(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wordpress-simple-paypal-shopping-cart 4.6.4 Unauthenticated.PII.Disclosure MEDIUM" "wordpress-simple-paypal-shopping-cart 4.6.2 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-instance-rename No.known.fix Arbitrary.File.Download MEDIUM" "wp-media-folder 5.7.3 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wp-media-folder 5.7.3 Missing.Authorization.to.Authenticated(Subscriber+).Plugin.settings.change MEDIUM" "wp-media-folder 5.7.3 Missing.Authorization.to.Authenticated(Subscriber+).Title.Modification MEDIUM" "woo-vipps 1.14.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wd-google-maps No.known.fix Authenticated.(Administrator+).SQL.Injection CRITICAL" "wd-google-maps 1.0.74 Missing.Authorization.to.Notice.Dismissal MEDIUM" "wd-google-maps 1.0.74 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "wd-google-maps 1.0.73 Unauthenticated.SQLi HIGH" "wd-google-maps 1.0.72 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wd-google-maps 1.0.70 Authenticated.Stored.XSS MEDIUM" "wp-expert-agent-xml-feed No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woowgallery 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "woowgallery 1.1.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-product-tables 2.0.2 Unauthenticated.Remote.Code.Execution CRITICAL" "woo-product-tables 1.8.7 Cross-Site.Request.Forgery.via.saveGroup MEDIUM" "woo-extra-flat-rate 4.2.0 Reflected.Cross-Site.Scripting MEDIUM" "woo-extra-flat-rate 4.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpglobus-translate-options 2.2.0 Reflected.XSS HIGH" "ws-form-pro 1.9.218 Unauthenticated.CSV.Injection MEDIUM" "ws-form-pro 1.8.176 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "ws-form-pro 1.8.176 Admin+.Stored.Cross-Site.Scripting LOW" "wc-thanks-redirect 3.1 Reflected.Cross-Site.Scripting MEDIUM" "wc-thanks-redirect 3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "windsor-strava-athlete No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "windsor-strava-athlete No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-bulk-edit-products 1.8.3 Reflected.Cross-Site.Scripting MEDIUM" "woo-bulk-edit-products 1.7.13 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpdiscuz 7.6.22 Unauthenticated.HTML.Injection MEDIUM" "wpdiscuz 7.6.19 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpdiscuz 7.6.16 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Uploaded.Image.Alternative.Text MEDIUM" "wpdiscuz 7.6.13 Admin+.Stored.XSS LOW" "wpdiscuz 7.6.12 Cross-Site.Request.Forgery MEDIUM" "wpdiscuz 7.6.12 Unauthenticated.Stored.XSS HIGH" "wpdiscuz 7.6.11 Unauthenticated.Content.Injection MEDIUM" "wpdiscuz 7.6.4 Author+.IDOR LOW" "wpdiscuz 7.6.11 Insufficient.Authorization.to.Comment.Submission.on.Deleted.Posts MEDIUM" "wpdiscuz 7.6.12 Missing.Authorization.in.AJAX.Actions MEDIUM" "wpdiscuz 7.6.6 Unauthenticated.SQL.Injection HIGH" "wpdiscuz 7.6.6 Unauthenticated.SQL.Injection HIGH" "wpdiscuz 7.6.4 Post.Rating.Increase/Decrease.iva.IDOR MEDIUM" "wpdiscuz 7.6.4 Unauthenticated.Data.Modification.via.IDOR MEDIUM" "wpdiscuz 7.5 wpDiscuz.7.4.2.-.Subscriber+.IDOR MEDIUM" "wpdiscuz 7.3.12 Sensitive.Information.Disclosure LOW" "wpdiscuz 7.3.4 Arbitrary.Comment.Addition/Edition/Deletion.via.CSRF MEDIUM" "wpdiscuz 7.3.2 wpDiscuz.<.7.3.2.-.Admin+.Stored.Cross-Site.Scripting LOW" "wpdiscuz 7.0.5 wpDiscuz.7.0.0.-.7.0.4.-.Unauthenticated.Arbitrary.File.Upload CRITICAL" "wpdiscuz 5.3.6 Unauthenticated.SQL.Injection CRITICAL" "wapppress-builds-android-app-for-website 6.0.5 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wapppress-builds-android-app-for-website 6.0.5 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "wapppress-builds-android-app-for-website 6.0.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wechat-social-login No.known.fix Authentication.Bypass CRITICAL" "wechat-social-login No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "wpfavicon No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting LOW" "wp-etracker No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-post-styling 1.3.1 Multiple.CSRF MEDIUM" "woocommerce-google-dynamic-retargeting-tag 1.7.17 Reflected.Cross-Site.Scripting MEDIUM" "widget-logic 5.10.3 CSRF.and.Lack.of.Authorisation HIGH" "widget-logic 5.10.2 CSRF.to.RCE HIGH" "wpgetapi 2.2.2 2.2.1.-.Authenticated.(Subscriber+).Arbitrary.Options.Update MEDIUM" "wp-remote-site-search 1.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woo-document-preview 1.4.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "wp-js No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "widgetkit-for-elementor 2.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "widgetkit-for-elementor 2.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "widgetkit-for-elementor No.known.fix Missing.Authorization.to.Notice.Dismissal MEDIUM" "widgetkit-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Pricing.Widgets MEDIUM" "widgetkit-for-elementor 2.4.4 WidgetKit.<.2.4.4.-.Admin+.Stored.XSS LOW" "widgetkit-for-elementor 2.3.10 WidgetKit.<.2.3.10.-.Contributor+.Stored.XSS MEDIUM" "wp-all-import-pro 4.1.2 Multiple.Vulnerabilities CRITICAL" "wp-all-import-pro 4.1.1 RCE HIGH" "wpgenealogy 0.1.5 Reflected.Cross-Site.Scripting MEDIUM" "wpgenealogy 0.1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "whmpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "whmpress No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "wpforo 2.3.5 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "wpforo 2.3.5 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "wpforo 2.3.4 Authenticated.(Contributor+).SQL.Injection CRITICAL" "wpforo 2.2.6 Subscriber+.Content.Injection MEDIUM" "wpforo 2.2.4 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wpforo 2.1.9 Reflected.Cross-Site.Scripting HIGH" "wpforo 2.1.8 Subscriber+.Arbitrary.File.Read,.Author+.PHAR.Deserialization,.and.Subscriber+.Server-Side.Request.Forgery.via.file_get_contents HIGH" "wpforo 2.0.6 Subscriber+.Forum.Post.Set.as.Private/Public.via.IDOR MEDIUM" "wpforo 2.1.0 Arbitrary.User.Deletion.via.CSRF HIGH" "wpforo 2.1.0 Subscriber+.Arbitrary.File.Upload CRITICAL" "wpforo 2.0.6 Subscriber+.Forum.Post.Set.as.Solved/Unsolved.via.IDOR MEDIUM" "wpforo 2.0.6 Topic.Deletion.via.CSRF MEDIUM" "wpforo 2.0.6 Cross-Site.Request.Forgery MEDIUM" "wpforo 1.9.7 Open.Redirect MEDIUM" "wpforo 1.7.0 New.Users.Set.as.Admin.via.CSRF HIGH" "wpforo 1.7.0 Reflected.Cross-Site.Scripting.(XSS).via.langid.Parameter HIGH" "wpforo 1.7.0 Reflected.Cross-Site.Scripting.(XSS).via.s.Parameter HIGH" "wpforo 1.7.0 Reflected.Cross-Site.Scripting.(XSS).via.User.Agent MEDIUM" "wpforo 1.5.2 Privilege.Escalation CRITICAL" "wpforo 1.4.12 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wpforo 1.4.11 Unauthenticated.SQL.Injection CRITICAL" "wp-responsive-slider-with-lightbox 1.0.1 Arbitrary.File.Upload.via.CSRF HIGH" "wp-responsive-slider-with-lightbox No.known.fix Admin+.Stored.XSS MEDIUM" "wp-responsive-slider-with-lightbox 1.0.1 Image.Lightboxes.via.CSRF MEDIUM" "wordlift 3.37.2 Admin+.Stored.Cross-Site.Scripting LOW" "wp-posturl No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "wp-total-hacks No.known.fix Subscriber+.Arbitrary.Options.Update.to.Stored.XSS HIGH" "woocommerce-brands 1.6.50 Cross-Site.Request.Forgery MEDIUM" "woocommerce-brands 1.6.46 Contributor+.Stored.XSS MEDIUM" "wp-better-permalinks 3.0.5 CSRF.allowing.Option.Update HIGH" "wp-content-pilot 1.3.4 Authenticated.(Contributor+).Content.Injection MEDIUM" "wpzoom-elementor-addons 1.1.39 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Team.Members.Widget MEDIUM" "wpzoom-elementor-addons 1.1.38 Unauthenticated.Local.File.Inclusion CRITICAL" "wpzoom-elementor-addons 1.1.37 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Box.Widget MEDIUM" "wpzoom-elementor-addons 1.1.36 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woostify-sites-library 1.4.8 Subscriber+.Arbitrary.Options.Update.to.DoS HIGH" "wordpress-tabs-slides No.known.fix CSRF MEDIUM" "wp-embed-facebook 3.1.2 Contributor+.Stored.XSS.via.shortcode MEDIUM" "wordpress-social-login No.known.fix Contributor+.Stored.XSS MEDIUM" "wordpress-social-login No.known.fix Reflected.XSS HIGH" "wordpress-social-login No.known.fix Admin+.Stored.XSS LOW" "woocommerce-ean-payment-gateway 6.1.0 Missing.Authorization.to.Authenticated.(Contributor+).EAN.Update MEDIUM" "wp-dialog No.known.fix Authenticated.Stored.Cross-Site.Scripting LOW" "wpstream 4.5.5 Local.Event.Settings.Update.via.CSRF MEDIUM" "wpstream 4.4.10.6 Settings.Update.via.CSRF MEDIUM" "wc-place-order-without-payment 2.5 Reflected.Cross-Site.Scripting MEDIUM" "wc-place-order-without-payment 2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-dev-powers-acf-color-coded-field-types No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-save-abandoned-carts 8.2.1 Cross-Site.Request.Forgery MEDIUM" "woo-shipping-display-mode 3.7.7 Reflected.Cross-Site.Scripting MEDIUM" "woo-shipping-display-mode 3.7.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpforms-user-registration 2.1.2 Missing.Authorization.to.Authenticated.(Contributor+).Privilege.Escalation HIGH" "wp-reply-notify No.known.fix Settings.Update.via.CSRF MEDIUM" "woo-order-status-per-product No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-order-status-per-product No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "web-application-firewall 2.1.3 IP.Address.Spoofing.to.Protection.Mechanism.Bypass MEDIUM" "web-application-firewall 2.1.2 Unauthenticated.Privilege.Escalation CRITICAL" "wordpress-access-control No.known.fix Improper.Access.Control.to.Sensitive.Information.Exposure.via.REST.API MEDIUM" "wordprezi 0.9 Contributor+.Strored.XSS MEDIUM" "wc-basic-slider 2.1.0 CSRF.Bypass MEDIUM" "wp-booking-system 2.0.19.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-booking-system 2.0.19.3 Missing.Authorization MEDIUM" "wp-booking-system 2.0.18.1 Admin+.Stored.XSS LOW" "wp-booking-system 2.0.15 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-booking-system 1.5.2 CSRF.to.Authenticated.SQL.Injection HIGH" "wp-booking-system 1.4 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wpml-string-translation 3.2.6 Admin+.SQLi MEDIUM" "wp-socializer 7.3 Admin+.Stored.Cross-Site.Scripting LOW" "wppizza 3.18.14 Reflected.Cross-Site.Scripting MEDIUM" "wppizza 3.18.11 Missing.Authorization MEDIUM" "wppizza 3.18.3 Reflected.XSS HIGH" "wppizza 3.17.2 Reflected.XSS HIGH" "wp-easy-contact 3.8 Admin+.Stored.Cross-Site.Scripting LOW" "wp-disable 1.5.17 Reflected.Cross-Site.Scripting MEDIUM" "wp-sheet-editor-edd-downloads 1.0.61 Reflected.Cross-Site.Scripting MEDIUM" "wp-sheet-editor-edd-downloads 1.0.49 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-custom-field-for-gutenberg-editor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-custom-field-for-gutenberg-editor No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-ultimate-post-grid 4.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpupg-grid-with-filters.Shortcode MEDIUM" "wp-ultimate-post-grid 3.9.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpupg-text.Shortcode MEDIUM" "woo-product-enquiry No.known.fix Unauthenticated.Stored.XSS HIGH" "woocommerce-pay-per-post 3.1.11 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-pay-per-post 3.0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-rss-by-publishers No.known.fix Admin+.SQLi MEDIUM" "wp-rss-by-publishers No.known.fix Admin+.SQLi MEDIUM" "wp-rss-by-publishers No.known.fix Admin+.SQLi MEDIUM" "wp-conditional-post-restrictions 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "wp-conditional-post-restrictions 1.2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-migrate-db-pro 2.6.11 Unauthenticated.PHP.Object.Injection CRITICAL" "wp-popup-lite No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wp-munich-blocks 0.10.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-munich-blocks 0.11.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-munich-blocks 0.7.3 Subscriber+.Arbitrary.Option.Update CRITICAL" "wa-sticky-button 1.4.1 Unauthenticated.Arbitrary.Settings.Update.to.Stored.XSS HIGH" "wpfront-user-role-editor 4.1.0 Limited.Information.Exposure MEDIUM" "wpfront-user-role-editor 3.2.1.11184 Reflected.Cross-Site.Scripting MEDIUM" "wp-google-analytics-events 2.8.1 Reflected.Cross-Site.Scripting MEDIUM" "woo-product-variation-swatches 2.3.8 Reflected.Cross-Site.Scripting HIGH" "wc-rest-payment No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wc-rest-payment No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-board No.known.fix Unauthenticated.SQL.Injection CRITICAL" "wp-bugbot No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-bugbot No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-enviopack No.known.fix Reflected.Cross-Site.Scripting HIGH" "wr-age-verification 2.0.0 Reflected.Cross-Site.Scripting.(XSS) HIGH" "wp-migration-duplicator 1.4.9 Missing.Authorization.to.Directory.Traversal MEDIUM" "wp-migration-duplicator 1.4.8 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "wp-migration-duplicator 1.4.5 Subscriber+.Stored.XSS HIGH" "wp-migration-duplicator 1.4.4 Subscriber+.Plugin.Settings.Update MEDIUM" "wp-migration-duplicator 1.4.2 Missing.Authorization.to.Settings.and.Schedule.Modification MEDIUM" "woocommerce-currency-switcher 1.4.2.2 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "woocommerce-currency-switcher 1.4.2.1 Missing.Authorization MEDIUM" "woocommerce-currency-switcher 1.4.1.9 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "woocommerce-currency-switcher 1.4.1.8 Cross-Site.Request.Forgery MEDIUM" "woocommerce-currency-switcher 1.4.1.7 Subscriber+.Stored.XSS MEDIUM" "woocommerce-currency-switcher 1.4.1.5 Cross-Site.Request.Forgery.via.delete_profiles_data MEDIUM" "woocommerce-currency-switcher 1.3.9.3 Contributor+.Stored.XSS MEDIUM" "woocommerce-currency-switcher 1.3.9.4 Contributor+.Stored.XSS MEDIUM" "woocommerce-currency-switcher 1.3.7.5 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-currency-switcher 1.3.7.3 Reflected.Cross-Site.Scripting HIGH" "woocommerce-currency-switcher 1.3.7.1 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-currency-switcher 1.3.7 Authenticated.(Low.Privilege).Local.File.Inclusion CRITICAL" "wp-html-author-bio-by-ahmad-awais No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "wp-attachments No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "wp-attachments 5.0.6 Admin+.Stored.XSS LOW" "wp-attachments 5.0.5 Admin+.Stored.Cross-Site.Scripting LOW" "wp-payeezy-pay 2.98 Local.File.Inclusion CRITICAL" "white-page-publication No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "wordapp-mobile-app No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wordapp-mobile-app No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "weglot 4.2.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Block.Attributes MEDIUM" "weglot 1.9.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-dummy-content-generator 3.3.0 Unauthenticated.Code.Injection CRITICAL" "wp-dummy-content-generator 3.1.3 Missing.Authorization MEDIUM" "wp-dummy-content-generator 3.0.0 Cross-Site.Request.Forgery MEDIUM" "woocommerce-payments 6.7.0 Unauthenticated.Order.Deletion.via.IDOR LOW" "woocommerce-payments 5.9.1 Shop.Manager+.SQLi MEDIUM" "woocommerce-payments 6.5.0 Contributor+.Cross-Site.Scripting MEDIUM" "woocommerce-payments 4.9.0 Subscription.Suspension/Activation.via.CSRF MEDIUM" "woocommerce-payments 4.5.1 Intent.Parameter.Tampering HIGH" "woocommerce-payments 5.6.2 Unauthenticated.Privilege.Escalation CRITICAL" "web-invoice No.known.fix Authenticated.SQLi HIGH" "web-invoice No.known.fix Authenticated.SQLi HIGH" "webba-booking-lite 5.0.50 Missing.Authorization.to.Authenticated.(Subscriber+).CSS.Settings.Update MEDIUM" "webba-booking-lite 5.0 Cross-Site.Request.Forgery MEDIUM" "webba-booking-lite 4.5.31 Reflected.Cross-Site.Scripting MEDIUM" "webba-booking-lite 4.2.22 Admin+.Stored.Cross-Site.Scripting LOW" "webba-booking-lite 4.2.18 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-google-my-business-auto-publish 3.8 Multiple.CSRF MEDIUM" "wp-google-my-business-auto-publish 3.4 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-t-wap No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wishsuite 1.3.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wishsuite 1.3.5 Admin+.Stored.XSS LOW" "wishsuite 1.3.4 Cross-Site.Request.Forgery MEDIUM" "wp-user-manager 2.9.11 Cross-Site.Request.Forgery MEDIUM" "wp-user-manager 2.6.3 Arbitrary.User.Password.Reset.to.Account.Compromise HIGH" "wp-awesome-faq No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-awesome-faq 4.1.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-beta-tester 2.2.4 Admin+.SQLi MEDIUM" "web3-token-gate 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "woo-inquiry No.known.fix Unauthenticated.SQL.Injection CRITICAL" "wp-school-calendar-lite 3.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-opt-in No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "wp-seo-tdk No.known.fix Unauthenticated.Setting.Update.to.Stored.XSS HIGH" "wp-flybox No.known.fix CSRF MEDIUM" "woo-remove-cart-and-query-button No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-remove-cart-and-query-button No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wc-gsheetconnector 1.3.12 Missing.Authorization MEDIUM" "wc-gsheetconnector 1.3.5 Reflected.Cross-Site.Scripting MEDIUM" "wc-gsheetconnector 1.3.6 Access.Code.Update.via.CSRF MEDIUM" "wc-gsheetconnector 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-google-adwords-conversion-tracking-tag 1.43.4 Use.of.Polyfill.io MEDIUM" "woocommerce-google-adwords-conversion-tracking-tag 1.32.3 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-google-adwords-conversion-tracking-tag 1.14.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wc-gallery No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-design-maps-places No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-alidropship 1.1.1 Unauthenticated.Sensitive.Data.Exposure HIGH" "wpvivid-backup-mainwp 0.9.34 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wpvivid-backup-mainwp 0.9.33 Reflected.Cross-Site.Scripting MEDIUM" "wp-emoji-one No.known.fix Settings.Update.via.CSRF MEDIUM" "woo-advanced-shipment-tracking 3.5.3 CSRF MEDIUM" "woo-advanced-shipment-tracking 3.2.7 Authenticated.Options.Change CRITICAL" "wp-blocks-hub No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "wp-affiliate-platform 6.5.2 Affiliate.Deletion.via.CSRF MEDIUM" "wp-affiliate-platform 6.5.1 Reflected.XSS.via.Lead.Editing HIGH" "wp-affiliate-platform 6.5.1 Profile.Update.via.CSRF MEDIUM" "wp-affiliate-platform 6.5.1 Reflected.XSS.via.Banner.Editing HIGH" "wp-affiliate-platform 6.5.1 Reflected.XSS.via.Registration.Form HIGH" "wp-affiliate-platform 6.5.1 Stored.XSS.via.CSRF HIGH" "wp-affiliate-platform 6.5.1 POST.Reflected.XSS MEDIUM" "wp-affiliate-platform 6.5.1 Reflected.XSS.via.Affiliate.Editing HIGH" "wp-affiliate-platform 6.4.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-affiliate-platform 6.4.0 Affiliate.Record.Deletion.via.CSRF MEDIUM" "wp-affiliate-platform 6.4.0 Admin+.Stored.XSS LOW" "woo-refund-and-exchange-lite 4.0.9 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wha-crossword No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wha-crossword No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-users-media No.known.fix Cross-Site.Request.Forgery.in.wpusme_save_settings MEDIUM" "wp-users-media No.known.fix Missing.Authorization.via.wpusme_save_settings MEDIUM" "wp-ban 1.69.1 Admin+.Stored.XSS LOW" "wp-backitup No.known.fix Missing.Authorization MEDIUM" "wp-backitup No.known.fix Missing.Authorization MEDIUM" "wp-backitup No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-backitup 1.50 Unauthenticated.Sensitive.Data.Exposure HIGH" "wp-turnstile-cloudflare-captcha No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wcfm-marketplace-rest-api 1.6.0 Subscriber+.Arbitrary.Orders.Item.And.Notes.Update MEDIUM" "wp-replicate-post 4.1 Contributor+.SQL.Injection MEDIUM" "wpcalc No.known.fix Authenticated.SQL.Injection MEDIUM" "wp-quick-front-end-editor No.known.fix Authenticated.Content.Injection MEDIUM" "wp-quick-front-end-editor No.known.fix Authenticated.Settings.Change.leading.to.Stored.XSS CRITICAL" "wp-vipergb 1.6.2 Cross-Site.Request.Forgery MEDIUM" "wp-vipergb 1.13.16 XSS MEDIUM" "wedevs-project-manager 2.6.9 Subscriber+.Stored.XSS HIGH" "wedevs-project-manager 2.6.8 Missing.Authorization MEDIUM" "wedevs-project-manager 2.6.1 Subscriber+.SQLi HIGH" "wedevs-project-manager 2.6.5 Subscriber+.Privilege.Escalation HIGH" "wedevs-project-manager 2.4.14 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "wedevs-project-manager 2.4.10 CSRF.Nonce.Bypasses MEDIUM" "wedevs-project-manager 2.4.1 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wedevs-project-manager 2.4.1 Cross-Site.Request.Forgery MEDIUM" "woocommerce-warranties-and-returns 5.3.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "wp-statistics 14.5.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-statistics 14.0 Authenticated.SQLi HIGH" "wp-statistics 13.2.11 Subscriber+.SQLi HIGH" "wp-statistics 13.2.9 Authenticated.SQLi HIGH" "wp-statistics 13.2.2 Admin+.Stored.Cross-Site.Scripting LOW" "wp-statistics 13.2.2 Reflected.Cross-Site.Scripting LOW" "wp-statistics 13.1.6 Multiple.Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-statistics 13.1.6 Unauthenticated.Blind.SQL.Injection.via.current_page_id CRITICAL" "wp-statistics 13.1.6 Unauthenticated.Blind.SQL.Injection.via.IP CRITICAL" "wp-statistics 13.1.6 Unauthenticated.Blind.SQL.Injection.via.current_page_type CRITICAL" "wp-statistics 13.1.6 Reflected.Cross-Site.Scripting MEDIUM" "wp-statistics 13.1.5 Unauthenticated.Blind.SQL.Injection CRITICAL" "wp-statistics 13.1.2 Arbitrary.Plugin.Activation/Deactivation.via.CSRF MEDIUM" "wp-statistics 13.1 Reflected.Cross-Site.Scripting.(XSS) HIGH" "wp-statistics 13.0.8 Unauthenticated.SQL.Injection HIGH" "wp-statistics 12.6.7 Unauthenticated.Stored.XSS.Under.Certain.Configurations CRITICAL" "wp-statistics 12.6.7 Unauthenticated.Blind.SQL.Injection MEDIUM" "wp-statistics 12.6.6.1 Authenticated.Stored.XSS MEDIUM" "wp-statistics 12.6.4 Referer.Cross-Site.Scripting.(XSS) MEDIUM" "wp-statistics 12.0.10 Authenticated.Cross-Site.Scripting.(XSS) CRITICAL" "wp-statistics 12.0.9 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-hr-manager 3.0.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-hr-manager 3.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-downloadmanager 1.68.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-downloadmanager 1.68.7 Admin+.Stored.Cross-Site.Scripting LOW" "wp-downloadmanager 1.68.7 Reflected.Cross-Site.Scripting MEDIUM" "wp-downloadmanager 1.68.5 Server-Side.Request.Forgery.(SSRF) MEDIUM" "wp-insert 2.5.1 Admin+.Stored.XSS MEDIUM" "wp-piwik 1.0.29 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-piwik 1.0.28 Admin+.Stored.XSS LOW" "wp-piwik 1.0.27 Plugin.Settings.Reset.via.CSRF MEDIUM" "wp-piwik 1.0.10 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-gmappity-easy-google-maps No.known.fix Subscriber+.SQL.Injection HIGH" "waiting No.known.fix Subscriber+.Stored.XSS HIGH" "waiting No.known.fix Subscriber+.SQLi HIGH" "waiting No.known.fix Missing.Authorization MEDIUM" "waiting No.known.fix Admin+.Cross-Site.Scripting LOW" "waiting No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-repost No.known.fix Admin+.Stored.XSS LOW" "woocommerce-superfaktura 1.40.4 Authenticated.(Subscriber+).Blind.Server-Side.Request.Forgery MEDIUM" "wpcf7-redirect 3.0.0 Missing.Authorization MEDIUM" "wpcf7-redirect 2.9.0 Reflected.Cross-Site.Scripting MEDIUM" "wpcf7-redirect 2.6.0 Unauthenticated.Options.Update.to.Stored.XSS HIGH" "wpcf7-redirect 2.5.0 Reflected.Cross-Site.Scripting MEDIUM" "wpcf7-redirect 2.5.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpcf7-redirect 2.3.4 Unauthenticated.Arbitrary.Nonce.Generation MEDIUM" "wpcf7-redirect 2.3.4 Authenticated.PHP.Object.Injection HIGH" "wpcf7-redirect 2.3.4 Unprotected.AJAX.Actions MEDIUM" "wpcf7-redirect 2.3.4 Authenticated.Arbitrary.Plugin.Installation MEDIUM" "wpcf7-redirect 2.3.4 Authenticated.Arbitrary.Post.Deletion MEDIUM" "webico-slider-flatsome-addons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wbc_image.Shortcode MEDIUM" "wp-cart-for-digital-products 8.5.6 Reflected.XSS.in.Product.Editing HIGH" "wp-cart-for-digital-products 8.5.6 Reflected.XSS.in.Customer.Search HIGH" "wp-cart-for-digital-products 8.5.6 Settings.Reset.via.CSRF MEDIUM" "wp-cart-for-digital-products 8.5.5 Reflected.XSS.in.Discount.Editing HIGH" "wp-cart-for-digital-products 8.5.5 Coupon.Deletion.via.CSRF MEDIUM" "wp-cart-for-digital-products 8.5.5 Reflected.XSS.via.$_SERVER['REQUEST_URI'] MEDIUM" "wp-cart-for-digital-products 8.5.5 Reflected.XSS.in.Customer.Editing HIGH" "wp-cart-for-digital-products 8.5.5 Reflected.XSS.in.Category.Editing HIGH" "wp-smart-export No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-smart-export No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-customers-manager 30.1 User.Deletion.via.CSRF LOW" "woocommerce-customers-manager 30.2 Subscriber+.Stored.XSS HIGH" "woocommerce-customers-manager 30.1 Bulk.Action.via.CSRF MEDIUM" "woocommerce-customers-manager 29.8 Reflected.XSS HIGH" "woocommerce-customers-manager 29.8 Subscriber+.Email.Disclosure MEDIUM" "woocommerce-customers-manager 29.7 Subscriber+.SQL.Injection HIGH" "woocommerce-customers-manager 26.6 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "woocommerce-customers-manager 26.6 Arbitrary.Account.Creation/Update.via.CSRF HIGH" "woocommerce-customers-manager 26.5 Arbitrary.Account.Creation/Update.by.Low.Privilege.Users HIGH" "wp-event-aggregator 1.8.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-event-aggregator 1.7.7 Cross-Site.Request.Forgery.via.wpea_deauthorize_user() MEDIUM" "wp-with-spritz No.known.fix Unauthenticated.File.Inclusion CRITICAL" "wp-social-feed No.known.fix Reflected.XSS HIGH" "widgets-for-sourceforge-reviews 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "wpworx-faq No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpworx-faq No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "woo-merchantx No.known.fix CSRF.Bypass MEDIUM" "wp-table-manager 3.5.3 Contributor+.Stored.XSS MEDIUM" "wp-job-manager 2.3.0 Unauthenticated.Information.Exposure MEDIUM" "wp-job-manager 2.1.0 Unauthenticated.Job.Status.Update MEDIUM" "wp-job-manager 2.1.0 Cross-Site.Request.Forgery MEDIUM" "wp-job-manager 1.31.3 Phar.Deserialization MEDIUM" "wp-job-manager 1.29.3 Unauthenticated.Object.Injection CRITICAL" "wp-job-manager 1.26.2 Unauthenticated.Arbitrary.File.Upload HIGH" "wp2speed No.known.fix Unauthenticated.Information.Exposure MEDIUM" "wp2speed No.known.fix Improper.Authorization.due.to.use.of.Hardcoded.Credentials MEDIUM" "wp-listings No.known.fix Missing.Authorization MEDIUM" "wp-listings No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-listings 2.0.2 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wpgform No.known.fix Admin+.Stored.XSS LOW" "wpgform 0.94 Eval.Injection HIGH" "woo-coupon-usage 5.12.8 Reflected.Cross-Site.Scripting MEDIUM" "woo-coupon-usage 5.5.1.3 Reflected.Cross-Site.Scripting MEDIUM" "woo-coupon-usage 5.4.4 Unauthenticated.Reflected.XSS HIGH" "woo-coupon-usage 5.4.6 Reflected.XSS HIGH" "woo-coupon-usage 4.16.4.5 Unauthenticated.Stored.XSS HIGH" "woo-coupon-usage 4.16.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-coupon-usage 4.11.3.4 Arbitrary.Referral.Visits.Deletion.via.CSRF MEDIUM" "woo-coupon-usage 4.11.0.2 Reflected.Cross-Site.Scripting HIGH" "wpdevart-vertical-menu 1.5.9 Theme.Deletion.via.CSRF MEDIUM" "wpdevart-vertical-menu 1.5.9 Admin+.Stored.XSS LOW" "woocommerce-frontend-shop-manager 4.7.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "wowrestro 1.1 CSRF.Bypass MEDIUM" "woo-seo-content-randomizer-addon 1.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-video-gallery-free No.known.fix Unauthenticated.SQLi HIGH" "wpzoom-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.box.Shortcode MEDIUM" "wpzoom-shortcodes 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "wp-pipes 1.4.1 CSRF MEDIUM" "wp-pipes 1.4.0 Admin+.SQLi MEDIUM" "wp-structured-data-schema 4.0.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-structured-data-schema 4.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-maintenance-mode-site-under-construction 1.8.2 Arbitrary.Plugin.Installation/Activation.via.Low.Privilege.User CRITICAL" "wp-maintenance-mode-site-under-construction 1.9 Arbitrary.Plugin.Installation/Activation.via.CSRF CRITICAL" "wp-upg No.known.fix Unauthenticated.RCE CRITICAL" "wp-email-users No.known.fix Subscriber+.SQL.Injection HIGH" "wp-fail2ban 5.1.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-fail2ban 4.4.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-fail2ban 4.0.5 Subscriber+.Arbitrary.Option.Update CRITICAL" "wysija-newsletters 2.8.2 Spam.Vulnerability MEDIUM" "wicked-folders 2.18.17 Subscriber+.Folder.Structure.Update MEDIUM" "wicked-folders 2.18.17 Folder.Structure.Update.via.CSRF MEDIUM" "wicked-folders 2.8.10 Subscriber+.SQL.Injection HIGH" "woo-gift-cards-lite 2.6.7 Missing.Authorization.to.Unauthenticated.Information.Exposure MEDIUM" "woo-gift-cards-lite 2.1.2 Cross-Site.Request.Forgery MEDIUM" "woo-gift-cards-lite 2.1.2 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "wp-table-reloaded No.known.fix Contributor+.Stored.XSS MEDIUM" "woocommerce-eu-vat-assistant 2.1.2.230718 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-eu-vat-assistant 2.0.28.220224 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-custom-fields-search No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpcfs-preset.Shortcode MEDIUM" "wp-custom-fields-search 1.2.35 Admin+.Stored.XSS LOW" "wp-custom-fields-search 1.0 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-word-count No.known.fix Missing.Authorization.via.calculate_statistics MEDIUM" "wp-word-count 3.2.4 Admin+.Stored.Cross-Site.Scripting LOW" "wonderm00ns-simple-facebook-open-graph-tags 2.2.4.2 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "wp-media-manager-lite 1.1.3 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wp-stats-dashboard No.known.fix Authenticated.Blind.SQL.Injection HIGH" "wp-show-posts 1.1.6 Improper.Authorization.to.Information.Exposure MEDIUM" "wp-show-posts 1.1.5 Information.Exposure MEDIUM" "wp-show-posts 1.1.4 Contributor+.Stored.XSS MEDIUM" "wpjam-basic 6.2.1.1 Contributor+.Stored.XSS MEDIUM" "wordpress-tooltips 9.5.3 Cross-Site.Request.Forgery MEDIUM" "wordpress-tooltips 9.4.5 Authenticated.(Contributor+).SQL.Injection CRITICAL" "wpmarketplace No.known.fix Arbitrary.File.Upload HIGH" "wordpress-gallery-transformation No.known.fix Blind.SQL.Injection CRITICAL" "wp-jitsi-shortcodes No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-jitsi-shortcodes No.known.fix Admin+.Stored.XSS LOW" "wp-native-articles 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-championship 9.3 Multiple.CSRF MEDIUM" "wpide 3.4.7 Reflected.Cross-Site.Scripting MEDIUM" "wpide 3.0 Admin+.Arbitrary.File.Read MEDIUM" "wpide 3.0 Admin+.Arbitrary.File.Edit.&.Upload MEDIUM" "wpide 3.0 Admin+.Local.File.Inclusion LOW" "wp-visited-countries-reloaded 3.1.1 Reflected.Cross-Site.Scripting HIGH" "wp-film-studio 1.3.5 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "wp-anything-slider 9.2 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "wpdm-premium-packages 5.9.2 Cross-Site.Request.Forgery MEDIUM" "wpdm-premium-packages 5.8.3 Reflected.Cross-Site.Scripting MEDIUM" "wpdm-premium-packages 5.7.5 Sell.Digital.Products.Securely.<.5.7.5.-.Subscriber+.Privilege.Escalation HIGH" "woocommerce-gateway-stripe 7.6.2 Unauthenticated.Order.Deletion.via.IDOR LOW" "woocommerce-gateway-stripe 7.6.1 Cross-Site.Request.Forgery MEDIUM" "woocommerce-gateway-stripe 7.4.1 Subscriber+.Order.Intent.Update MEDIUM" "woocommerce-gateway-stripe 7.4.1 Unauthenticated.PII.Disclosure.via.IDOR HIGH" "wp-cloud-server 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-hide No.known.fix Unauthenticated.Settings.Update MEDIUM" "wpstickybar-sticky-bar-sticky-header No.known.fix Unauthenticated.SQLi HIGH" "wpstickybar-sticky-bar-sticky-header No.known.fix Reflected.XSS HIGH" "wp-survey-plus No.known.fix Subscriber+.AJAX.Calls HIGH" "woo-product-slider 2.6.4 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "woo-product-slider 2.5.7 Subscriber+.Arbitrary.Options.Deletion HIGH" "wallet-system-for-woocommerce 2.5.14 Information.Exposure.via.Log.Files MEDIUM" "wallet-system-for-woocommerce 2.5.10 Cross-Site.Request.Forgery MEDIUM" "wp-back-button No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-attachment-export 0.2.4 Unauthenticated.Posts.Download HIGH" "wp-cookie-user-info 1.0.9 Admin+.SQL.Injection MEDIUM" "wp-cookie-user-info 1.0.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wp-floating-menu 1.4.5 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wp-floating-menu 1.4.1 Authenticated.Reflected.Cross-Site.Scripting CRITICAL" "wholesalex 1.3.3 Unauthenticated.Privilege.Escalation MEDIUM" "wholesalex 1.3.2 Authenticated(Subscriber+).Missing.Authorization.via.multiple.AJAX.actions MEDIUM" "wholesalex 1.3.2 Sensitive.Information.Exposure.via.export_users MEDIUM" "wholesalex 1.3.3 Unauthenticated.PHP.Object.Injection CRITICAL" "wp-books-gallery 4.5.4 Reflected.Cross-Site.Scripting MEDIUM" "wp-books-gallery 4.4.9 CSRF MEDIUM" "wp-books-gallery 3.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-warranty 2.3.0 Missing.Authorization MEDIUM" "woocommerce-warranty 2.3.0 Missing.Authorization MEDIUM" "woocommerce-warranty 2.1.7 Reflected.XSS HIGH" "wp-hide-backed-notices 1.3.1 Missing.Authorization.to.Authenticated(Contributor+).Plugin.Settings.Modification MEDIUM" "wp-hide-backed-notices 1.3 Cross-Site.Request.Forgery MEDIUM" "woo-moneybird No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-ultimate-csv-importer 7.9.9 Author+.Privilege.Escalation MEDIUM" "wp-ultimate-csv-importer 7.9.9 Author+.RCE MEDIUM" "wp-ultimate-csv-importer 7.9.9 Imported.Files.Disclosure MEDIUM" "wp-ultimate-csv-importer 6.5.8 Missing.Authorisation LOW" "wp-ultimate-csv-importer 6.5.8 Admin+.SQLi MEDIUM" "wp-ultimate-csv-importer 6.5.3 Admin+.Blind.SSRF MEDIUM" "wp-ultimate-csv-importer 6.4.3 Admin+.Stored.Cross-Site.Scripting LOW" "wp-ultimate-csv-importer 6.4.2 Subscriber+.Arbitrary.Option.Deletion HIGH" "wp-ultimate-csv-importer 6.4.1 Subscriber+.Arbitrary.File.Upload CRITICAL" "wp-ultimate-csv-importer 5.6.1 CSRF HIGH" "wp-ultimate-csv-importer 3.8.8 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-ultimate-csv-importer 3.8.1 XSS MEDIUM" "wp-optimize 3.2.13 Cross-Site.Scripting.From.Third-party.Library HIGH" "wp-d3 No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-d3 2.4.1 Cross-Site.Request.Forgery.(CSRF) HIGH" "wp-spid-italia 2.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-spid-italia 2.3.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-dropshipping No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Email.Send MEDIUM" "woocommerce-dropshipping 4.4 Unauthenticated.SQLi HIGH" "wedocs 2.1.5 Missing.Authorization MEDIUM" "wishlist-member-x No.known.fix Unauthenticated.Denial.of.Service MEDIUM" "wishlist-member-x No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "wishlist-member-x No.known.fix Missing.Authorization.to.Stored.Cross-Site.Scripting HIGH" "wishlist-member-x No.known.fix Missing.Authorization.to.Information.Disclosure MEDIUM" "wishlist-member-x No.known.fix Unauthenticated.Arbitrary.SQL.Execution CRITICAL" "wishlist-member-x No.known.fix Unauthenticated.Information.Exposure MEDIUM" "wishlist-member-x No.known.fix Authenticated.(Subscriber+).Remote.Code.Execution CRITICAL" "wishlist-member-x No.known.fix Subscriber+.Privilege.Escalation HIGH" "wp-hubspot-woocommerce 1.0.5 Reflected.Cross-Site.Scripting HIGH" "wp-photo-text-slider-50 8.1 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "wpcs-content-scheduler No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpcs-content-scheduler 1.2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wc-support-system 1.2.2 Admin+.SQLi MEDIUM" "wc-support-system No.known.fix Unauthenticated.Ticket.Deletion/Update,.Settings.Update.etc MEDIUM" "wp-database-admin No.known.fix Unauthenticated.SQL.Injection HIGH" "wordpress-popular-posts 6.3.3 Contributor+.Stored.XSS MEDIUM" "wordpress-popular-posts 6.1.0 Unauthenticated.Views.Manipulation MEDIUM" "wordpress-popular-posts 6.0.0 Reflected.Cross-Site.Scripting MEDIUM" "wordpress-popular-posts 5.3.4 Admin+.Stored.Cross-Site.Scripting LOW" "wordpress-popular-posts 5.3.3 Authenticated.Code.Injection HIGH" "wordpress-popular-posts 5.3.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-testing No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wpupper-share-buttons 3.50 Missing.Authorization MEDIUM" "wpupper-share-buttons 3.43 Admin+.Stored.XSS LOW" "woocommerce-cloak-affiliate-links 1.0.34 Missing.Authorization.to.Unauthenticated.Permalink.Modification HIGH" "wp-noexternallinks 4.3 Backdoored MEDIUM" "wp-coder 3.5.1 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "wp-coder 2.5.6 Reflected.XSS MEDIUM" "wp-coder 2.5.4 Admin+.SQLi MEDIUM" "wp-coder 2.5.3 Code.Deletion.via.CSRF MEDIUM" "wp-coder 2.5.2 RFI.leading.to.RCE.via.CSRF HIGH" "wheel-of-life 1.1.9 Missing.Authorization MEDIUM" "wheel-of-life 1.1.8 Missing.Authorization.on.Several.AJAX.Endpoints MEDIUM" "wp-event-manager 3.1.44 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'events'.Shortcode MEDIUM" "wp-event-manager 3.1.42 Reflected.Cross-Site.Scripting.via.plugin MEDIUM" "wp-event-manager 3.1.42 Editor+.Stored.XSS LOW" "wp-event-manager 3.1.43 Reflected.XSS HIGH" "wp-event-manager 3.1.38 Admin+.Stored.XSS MEDIUM" "wp-event-manager 3.1.28 Reflected.Cross-Site.Scripting MEDIUM" "wp-event-manager 3.1.23 Admin+.Stored.Cross-Site.Scripting LOW" "wp-mail-log 1.1.3 Contributor+.Arbitrary.File.Upload HIGH" "wp-mail-log 1.1.3 WP.Mail.Log.<.1,1,3.–.Incorrect.Authorization.in.REST.API.Endpoints LOW" "wp-mail-log 1.1.3 WP.Mail.Log.<.1,1,3.–.Contributor+.SQL.Injection.in.wml_logs/send_mail.endpoint MEDIUM" "wp-mail-log 1.1.3 WP.Mail.Log.<.1,1,3.–.Contributor+.Arbitrary.File.Upload.to.RCE CRITICAL" "wp-mail-log 1.1.3 WP.Mail.Log.<.1,1,3.–.Contributor+.SQL.Injection.in.wml_logs.endpoint MEDIUM" "wp-mail-log 1.1.3 WP.Mail.Log.<.1,1,3.–.Contributor+.LFI.in.wml_logs/send_mail.endpoint MEDIUM" "wp-mail-log 1.1.3 Editor+.SQL.Injection.via.id HIGH" "wp-mail-log 1.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-mail-log 1.1.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-voting-contest 3.0 Reflected.Cross-Site.Scripting MEDIUM" "wordpress-twitterbot No.known.fix Settings.Update.to.Stored.XSS.via.CSRF HIGH" "woozone No.known.fix Missing.Authorization MEDIUM" "woozone No.known.fix Wordpress.Plugin.<=.14.0.10.-.Reflected.Cross-Site.Scripting MEDIUM" "woozone No.known.fix Wordpress.Plugin.<=.14.0.10.-.Authenticated.(Subscriber+).SQL.Injection CRITICAL" "woozone No.known.fix Wordpress.Plugin.<=.14.0.10.-.Authenticated.(Subscriber+).Privilege.Escalation HIGH" "woozone No.known.fix Wordpress.Plugin.<=.14.0.10.-.Missing.Authorization MEDIUM" "woozone No.known.fix Wordpress.Plugin.<=.14.0.10.-.Unauthenticated.SQL.Injection CRITICAL" "web-stories 1.32 Author+.Auth.Bypass LOW" "web-stories 1.25.0 Subscriber+.Server.Side.Request.Forgery MEDIUM" "wphelpkit 1.1 Reflected.Cross-Site.Scripting MEDIUM" "wphelpkit 1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wsm-downloader No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "wsm-downloader No.known.fix Domain.Name.Restriction.Bypass LOW" "walker-core 1.3.6 Reflected.Cross-Site.Scripting MEDIUM" "walker-core 1.1.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-popup-builder 1.2.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-popup-builder 1.3.0 Subscriber+.Arbitrary.Popup.Deletion MEDIUM" "woo-wallet 1.5.5 Authenticated.(Subscriber+).SQL.Injection.via.'search[value]' HIGH" "woo-wallet 1.5.1 Authenticated.(Shop.Manager+).Stored.Cross-Site.Scripting MEDIUM" "woo-wallet 1.4.11 Missing.Authorization.to.Authenticated.(Subscriber+).User.Email.Export MEDIUM" "woo-wallet 1.4.4 For.WooCommerce.<.1.4.4.-.Subscriber+.Arbitrary.Wallet.Lock/Unlock.via.IDOR MEDIUM" "woo-wallet 1.4.0 Settings.Update.via.CSRF MEDIUM" "wha-wordsearch No.known.fix Contributor+.Stored.XSS MEDIUM" "wha-wordsearch No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "wholesale-market 2.2.1 Unauthenticated.Arbitrary.File.Download HIGH" "ws-bootstrap-vc No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-youtube-lyte 1.7.16 Authenticated.Stored.XSS MEDIUM" "wep-demo-import 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "wp-custom-admin-interface 7.32 Missing.Authorization.via.wpcai_pro_notice_disable MEDIUM" "wp-custom-admin-interface 7.33 Missing.Authorization.to.Transients.Deletion MEDIUM" "wp-custom-admin-interface 7.29 Admin+.PHP.Object.Injection MEDIUM" "wp-pdf-generator 1.2.3 Cross-Site.Request.Forgery MEDIUM" "wp-all-import 3.7.3 Admin+.Arbitrary.File.Upload.to.RCE MEDIUM" "wp-all-import 3.6.9 Admin+.Directory.traversal.via.file.upload MEDIUM" "wp-all-import 3.6.9 Admin+.Arbitrary.File.Upload.to.RCE MEDIUM" "wp-all-import 3.6.8 Admin+.Arbitrary.File.Upload MEDIUM" "wp-all-import 3.6.8 Admin+.Arbitrary.Code.Execution MEDIUM" "wp-all-import 3.6.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-all-import 3.6.3 Admin+.Stored.Cross-Site.Scripting LOW" "wp-all-import 3.4.7 Cross-Site.Scripting.(XSS) MEDIUM" "wp-all-import 3.4.6 Cross-Site.Scripting.(XSS) MEDIUM" "wp-all-import 3.4.6 Cross-Site.Scripting.(XSS) MEDIUM" "wp-all-import 3.2.5 Multiple.Vulnerabilities CRITICAL" "wp-all-import 3.2.4 RCE HIGH" "wp-whatsapp 3.6.5 Admin+.Stored.XSS LOW" "wp-whatsapp 3.6.4 Admin+.Stored.XSS LOW" "wp-whatsapp 3.6.3 Contributor+.Stored.XSS MEDIUM" "wp-whatsapp 3.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Block.Attributes MEDIUM" "wp-whatsapp 3.4.5 Admin+.Stored.XSS LOW" "woo-country-restrictions-advanced 1.14.3 Reflected.Cross-Site.Scripting MEDIUM" "woo-country-restrictions-advanced 1.13.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-photo-album-plus 8.8.02.003 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wp-photo-album-plus 8.8.00.003 Reflected.Cross-Site.Scripting MEDIUM" "wp-photo-album-plus 8.7.00.004 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "wp-photo-album-plus 8.7.01.002 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-photo-album-plus 8.6.03.005 Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "wp-photo-album-plus 8.6.01.005 IP.Spoofing MEDIUM" "wp-photo-album-plus 8.6.01.003 Insecure.Direct.Object.Reference MEDIUM" "wp-photo-album-plus 8.6.01.005 .Cross-Site.Scripting MEDIUM" "wp-photo-album-plus 8.0.10 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-worthy 1.7.0-0cde1c2 Cross-Site.Request.Forgery MEDIUM" "wp24-domain-check 1.6.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-from-email No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-users-exporter No.known.fix CSV.Injection MEDIUM" "woocommerce-gateway-gocardless 2.5.7 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "wbcom-designs-buddypress-ads 1.3.1 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "wp-full-stripe-free 7.0.18 Settings.Update.via.CSRF MEDIUM" "wp-full-stripe-free 7.0.6 Admin+.Stored.XSS LOW" "wp-full-stripe-free 7.0.6 Admin+.Stored.Cross-Site.Scripting MEDIUM" "wp-ada-compliance-check-basic 3.1.4 Cross-Site.Request.Forgery MEDIUM" "wp-inventory-manager 2.1.0.14 Inventory.Items.Deletion.via.CSRF MEDIUM" "wp-inventory-manager 2.1.0.13 Reflected.Cross-Site.Scripting HIGH" "wp-inventory-manager 2.1.0.12 Reflected.XSS HIGH" "wp-2fa 2.6.4 Unauthenticated.Information.Exposure.via.Log.File MEDIUM" "wp-2fa 2.6.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-2fa 2.6.0 Arbitrary.Email.Sending.via.CSRF MEDIUM" "wp-2fa 2.6.0 Subscriber+.Arbitrary.Email.Sending MEDIUM" "wp-2fa 2.3.0 Time-Based.Side-Channel.Attack MEDIUM" "wp-2fa 2.2.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-2fa 2.2.0 Arbitrary.2FA.Disabling.via.IDOR MEDIUM" "woo-login-redirect No.known.fix Cross-Site.Request.Forgery MEDIUM" "woo-login-redirect No.known.fix CSRF MEDIUM" "welcome-email-editor 5.0.7 Cross-Site.Request.Forgery MEDIUM" "welcome-email-editor 5.0.7 Subscriber+.Email.Sending MEDIUM" "wp-file-download-light No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "woo-conditional-discount-rules-for-checkout 2.4.1 CSRF MEDIUM" "woo-conditional-discount-rules-for-checkout 2.3.3.1 Reflected.Cross-Site.Scripting MEDIUM" "woo-conditional-discount-rules-for-checkout 2.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-jump-menu No.known.fix Admin+.Stored.XSS LOW" "wf-cookie-consent 1.1.4 Authenticated.Persistent.Cross-Site.Scripting.(XSS) MEDIUM" "wp-admin-style No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "wn-flipbox-pro 2.1 Reflected.Cross-Site.Scripting MEDIUM" "whmcs-bridge 6.4b Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "whmcs-bridge 6.3 Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "webp-svg-support No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "wp-duplicate-page 1.3 Admin+.Stored.Cross.Site.Scripting LOW" "woocommerce-product-payments 3.2.8 Reflected.XSS HIGH" "woocommerce-product-payments 3.2.7 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-product-payments 3.1.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wechat-reward No.known.fix CSRF.to.Stored.Cross-Site.Scripting HIGH" "wp-header-images 2.0.1 Reflected.Cross-Site.Scripting HIGH" "woo-tools 1.2.10 Missing.Authorization.to.Authenticated.(Subscriber+)..Plugin.Module.Deactivation MEDIUM" "wp-smtp 1.2.7 1.2.6.-.Authenticated.(Admin+).SQL.Injection HIGH" "webmaster-tools-verification No.known.fix Unauthenticated.Arbitrary.Plugin.Deactivation HIGH" "wp-setup-wizard 1.0.8.2 Authenticated.(Subscriber+).Full.Database.Download MEDIUM" "wpremote 4.65 Reflected.Cross-Site.Scripting MEDIUM" "wp-radio No.known.fix Authenticated(Subscriber+).Stored.Cross-Site.Scripting.via.Settings MEDIUM" "wp-radio No.known.fix Missing.Authorization.via.multiple.AJAX.actions MEDIUM" "wp-radio No.known.fix CSRF MEDIUM" "wp-radio No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-radio 3.1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "weblibrarian No.known.fix Reflected.XSS HIGH" "weblibrarian 3.5.5 SQL.Injection MEDIUM" "weblibrarian 3.4.8.7 XSS MEDIUM" "weblibrarian 3.4.8.6 XSS MEDIUM" "weforms 1.6.24 Use.of.Polyfill.io MEDIUM" "weforms 1.6.21 Missing.Authorization MEDIUM" "weforms 1.6.22 Unauthenticated.Stored.Cross-Site.Scripting.via.Referer HIGH" "weforms 1.6.19 Missing.Authorization.via.export_form_entries MEDIUM" "weforms 1.6.18 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "weforms 1.6.14 Admin+.Stored.Cross-Site.Scripting LOW" "weforms 1.6.4 CSV.Injection MEDIUM" "woocommerce-multi-currency 2.1.18 Authenticated.Product.Price.Change MEDIUM" "wp-pro-counter No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-pro-counter No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "wisdm-reports-for-learndash 1.8.2.2 Reports.Free.<.1.8.2.2.-.Missing.Authorization.to.Plugin.Settings.Update MEDIUM" "wp-child-theme-generator 1.1.2 Missing.Authorization.to.Unauthenticated.Child.Theme.Creation/Activation MEDIUM" "wp-child-theme-generator 1.1.3 Admin+.Arbitrary.File.Upload MEDIUM" "wp-dynamic-keywords-injector 2.3.22 Reflected.Cross-Site.Scripting MEDIUM" "wp-dynamic-keywords-injector 2.3.16 Settings.Update.via.CSRF MEDIUM" "woo-smart-quick-view 4.0.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-signals 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-yelp-review-slider 7.1 Subscriber+.SQLi HIGH" "wp-politic 2.3.8 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "wpkoi-templates-for-elementor 2.5.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Parameters MEDIUM" "wpkoi-templates-for-elementor 2.5.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Advanced.Heading.Widget MEDIUM" "wp-logs-book No.known.fix Log.Clearing.via.CSRF MEDIUM" "wp-logs-book No.known.fix Disable.Logging.via.CSRF MEDIUM" "wp-logs-book No.known.fix Unauthenticated.Stored.XSS HIGH" "wp-tiles No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-tiles No.known.fix Subscriber+.Draft/Private.Post.Title.Disclosure MEDIUM" "wp-tiles No.known.fix Contributor+.Stored.XSS HIGH" "wp-login-box No.known.fix Admin+.Stored.XSS LOW" "wp-social-widget 2.2.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "wp-social-widget 2.2.4 Contributor+.Stored.XSS MEDIUM" "woocommerce-gateway-nab-dp 2.1.2 NAB.Transact.<.2.1.2.-.Payment.Bypass HIGH" "woo-stripe-payment 3.3.10 3.3.9.-.Missing.Authorization.Controls.to.Financial.Account.Hijacking MEDIUM" "web-stat 1.4.1 API.Key.Disclosure HIGH" "woocommerce-gateway-amazon-payments-advanced 2.0.1 Reflected.Cross-Site.Scripting MEDIUM" "widgets-for-thumbtack-reviews 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "wp-whatsapp-chat 6.0.5 Admin+.Stored.Cross-Site.Scripting LOW" "wpsynchro 1.11.3 Cross-Site.Request.Forgery MEDIUM" "wpsynchro 1.10.0 Settings.Update.via.CSRF MEDIUM" "woocommerce-box-office 1.2.3 Missing.Authorization MEDIUM" "woocommerce-box-office 1.1.51 Contributor+.Stored.XSS MEDIUM" "woocommerce-box-office 1.1.52 Unauthenticated.Ticket.Barcode.Update MEDIUM" "woocommerce-anti-fraud 3.9 Unauthenticated.Order.Status.Manipulation MEDIUM" "wp-ultimate-review 2.3.0 Unauthenticated.Review.Restriction.Bypass MEDIUM" "wp-ultimate-review 2.3.0 Missing.Authorization MEDIUM" "wp-ultimate-review 2.3.0 Unauthenticated.Insecure.Direct.Object.Reference MEDIUM" "wp-ultimate-review No.known.fix IP.Spoofing MEDIUM" "wp-ultimate-review 2.3.1 Settings.Update.via.CSRF MEDIUM" "wp-ultimate-review 2.1.0 Admin+.Stored.XSS LOW" "wp-ultimate-review 2.1.0 Settings.Update.via.CSRF MEDIUM" "wp-multisite-content-copier 2.0.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-hotel-booking 2.1.3 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wp-hotel-booking 2.1.1 Unauthenticated.SQL.Injection CRITICAL" "wp-hotel-booking 2.0.9.3 Missing.Authorization MEDIUM" "wp-hotel-booking 2.0.9.3 Improper.Authorization.on.Multiple.REST.API.Routes MEDIUM" "wp-hotel-booking 2.0.8 Unauthenticated.SQLi HIGH" "wp-hotel-booking 2.0.9 Contributor+.Arbitrary.Post.Deletion MEDIUM" "wp-hotel-booking 2.0.8 Subscriber+.Arbitrary.Post.Deletion MEDIUM" "wp-hotel-booking 2.0.1 Unauthenticated.Arbitrary.Settings.Update HIGH" "wp-hotel-booking 1.10.6 CSRF MEDIUM" "wp-hotel-booking 1.10.4 Unauthenticated.PHP.Object.Injection HIGH" "wp-hotel-booking 1.10.2 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "windsor-strava-club No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-pdf-invoice-builder 1.2.102 Cross-Site.Request.Forgery MEDIUM" "woo-pdf-invoice-builder 1.2.104 Reflected.XSS HIGH" "woo-pdf-invoice-builder 1.2.91 Admin+.Stored.XSS LOW" "woo-pdf-invoice-builder 1.2.92 Subscriber+.Arbitrary.Invoice.Access MEDIUM" "woo-pdf-invoice-builder 1.2.91 Invoice.Fields.Creation.via.CSRF MEDIUM" "woo-pdf-invoice-builder 1.2.90 Subscriber+.SQLi HIGH" "woo-pdf-invoice-builder 1.2.91 Invoice.Update.via.CSRF MEDIUM" "woo-tranzila-gateway No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "wptables No.known.fix Reflected.XSS HIGH" "wplegalpages 2.9.3 Contributor+.Stored.XSS MEDIUM" "wplegalpages 2.7.1 Subscriber+.Arbitrary.Settings.Update.to.Stored.XSS MEDIUM" "wplegalpages 1.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "woocommerce-for-japan 2.6.5 Missing.Authorization MEDIUM" "woocommerce-for-japan 2.5.8 Reflected.XSS MEDIUM" "woocommerce-for-japan 2.5.5 Reflected.XSS HIGH" "wp-extra 6.5 Cross-Site.Request.Forgery.ToolImport MEDIUM" "wp-extra 6.3 Missing.Authorization.to.Arbitrary.Email.Sending MEDIUM" "wp-extra 6.3 Subscriber+..htaccess.File.Modification HIGH" "wp-extra 6.3 Missing.Authorization.to.Export.Settings MEDIUM" "woocommerce-upcoming-product No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-upcoming-product No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpshopgermany-it-recht-kanzlei 1.8 Admin+.Stored.XSS LOW" "wp-latest-posts 5.0.8 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "wp-latest-posts 3.7.5 XSS MEDIUM" "wp-custom-post-template No.known.fix Settings.Update.via.CSRF MEDIUM" "which-template-file 5.1.0 Reflected.XSS HIGH" "which-template-file 4.9 Arbitrary.Settings.Update.via.CSRF MEDIUM" "wp-central No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-central 1.5.1 Improper.Access.Control.to.Privilege.Escalation HIGH" "widget-settings-importexport No.known.fix Authenticated.Stored.XSS HIGH" "wp-ulike 4.7.4 Admin+.Stored.XSS LOW" "wp-ulike 4.7.2.1 Subscriber+.Stored-XSS HIGH" "wp-ulike 4.7.1 Admin+.Stored.XSS LOW" "wp-ulike 2.7.0 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wp-ulike 4.7.0 Authenticated.(Contributor+).SQL.Injection.via.Shortcodes HIGH" "wp-ulike 4.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-ulike 4.6.9 Contributor+.Stored.Cross.Site.Scripting.via.Shortcode MEDIUM" "wp-ulike 4.6.5 Unauthenticated.Rating.Tampering.via.Race.Condition LOW" "wp-calendar No.known.fix Contributor+.Stored.XSS MEDIUM" "wxsync No.known.fix Contributor+.Stored.XSS MEDIUM" "woocommerce-products-designer No.known.fix CSRF MEDIUM" "wp-postratings 1.91.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-postratings 1.90 Ratings.Tempering.via.Race.Condition MEDIUM" "wp-postratings 1.86.1 Admin+.Stored.Cross-Site.Scripting LOW" "wp-postratings 1.62 Authenticated.SQL.Injection CRITICAL" "woo-social-login 2.7.6 Social.Login.<.2.7.6.-.Authentication.Bypass.to.Account.Takeover CRITICAL" "woo-social-login 2.7.4 Social.Login.<.2.7.4.-.Missing.Authorization.to.Unauthenticated.Privilege.Escalation CRITICAL" "woo-social-login 2.7.4 Social.Login.<.2.7.4.-.Unauthenticated.Privilege.Escalation.via.One-Time.Password HIGH" "woo-social-login 2.7.4 Social.Login.<.2.7.4.-.Unauthenticated.Authentication.Bypass HIGH" "woo-social-login 2.7.0 Unauthenticated.PHP.Object.Injection CRITICAL" "woo-social-login 2.6.3 Social.Login.<.2.6.3.-.Email.Verification.due.to.Insufficient.Randomness MEDIUM" "woo-social-login 2.6.3 Social.Login.<.2.6.3.-.Unauthenticated.PHP.Object.Injection CRITICAL" "wplr-sync 6.4.1 Missing.Authorization MEDIUM" "wplr-sync 6.3.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "wp-icommerce No.known.fix Authenticated.(contributor+).SQL.Injection HIGH" "woo-shipping-dpd-baltic 1.2.57 DPD.baltic.<.1.2.57.-.Subscriber+.Arbitrary.Options.Deletion HIGH" "woo-shipping-dpd-baltic 1.2.11 DPD.baltic.<.1.2.11.-.Admin+.Stored.XSS MEDIUM" "weather-effect 1.3.6 Admin+.Stored.Cross-Site.Scripting LOW" "weather-effect 1.3.4 CSRF.to.Stored.Cross-Site.Scripting HIGH" "wp-aparat 2.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-facebook-messenger No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-post-block No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-plotly 1.0.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "woo-smart-wishlist 4.7.2 Add/Remove.Wishlist.Items.via.CSRF MEDIUM" "woo-smart-wishlist 2.9.9 Reflected.Cross-Site.Scripting MEDIUM" "woo-smart-wishlist 2.9.4 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-product-importer No.known.fix Product.Importer.<=.1.5.2.-.Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-2checkout-payment No.known.fix Missing.Authorization.via.sniff_ins MEDIUM" "wp-soononline-page No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-user-control No.known.fix Unauthenticated.password.reset MEDIUM" "wp-debugging 2.11.7 Subscriber+.Arbitrary.Plugin.Activation MEDIUM" "wp-debugging 2.11.7 Arbitrary.Plugin.Installation.from.Dependency.via.CSRF LOW" "wp-debugging 2.11.0 Unauthenticated.Plugin's.Settings.Update MEDIUM" "wp-contact-form No.known.fix Cross-Site.Request.Forgery.via.wpcf_adminpage MEDIUM" "woocommerce-checkout-field-editor-pro 3.6.3 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "woo-bulk-price-update 2.2.2 Reflected.XSS HIGH" "wp-table-builder 1.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-table-builder No.known.fix Admin+.Stored.XSS LOW" "wp-table-builder 1.4.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-table-builder 1.4.10 Reflected.Cross-Site.Scripting MEDIUM" "wp-table-builder 1.4.7 Admin+.Stored.XSS MEDIUM" "wp-table-builder 1.3.16 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-table-builder 1.3.10 Reflected.Cross-Site.Scripting HIGH" "wp-lister-ebay 2.0.21 jQueryFileTree.-.Unauthenticated.Path.Traversal MEDIUM" "woo-multi-currency 2.1.18 Reflected.Cross-Site.Scripting MEDIUM" "webp-express 0.14.8 Authenticated.Stored.XSS MEDIUM" "webp-express 0.14.11 Multiple.Issues HIGH" "woo-product-feed-pro 13.3.2 Sensitive.Information.Exposure.via.Log.Files MEDIUM" "woo-product-feed-pro 13.2.6 Reflected.Cross-Site.Scripting MEDIUM" "woo-product-feed-pro 12.4.5 Multiple.CSRF MEDIUM" "woo-product-feed-pro 11.2.3 Reflected.Cross-Site.Scripting MEDIUM" "woo-product-feed-pro 11.0.7 Subscriber+.Settings.Update.to.Stored.XSS HIGH" "wp-letsencrypt-ssl 7.1.0 Sensitive.Information.Exposure.via.insufficiently.protected.files HIGH" "wp-letsencrypt-ssl 6.3.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-letsencrypt-ssl 5.7.10 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-seo-redirect-301 2.3.2 Redirect.Deletion.via.CSRF MEDIUM" "woo-product-variation-gallery 2.3.4 Reflected.Cross-Site.Scripting HIGH" "wp-sendfox 1.3.1 Missing.Authorization MEDIUM" "wp-facebook-reviews 12.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-facebook-reviews 13.0 Admin+.Stored.XSS LOW" "wp-facebook-reviews 3.6 Reflected.Cross-Site.Scripting MEDIUM" "wp-facebook-reviews 12.2 Subscriber+.SQLi HIGH" "wp-facebook-reviews 11.0 Admin+.SQL.Injection MEDIUM" "wp-testimonials No.known.fix Authenticated.SQL.Injection HIGH" "wordsurvey No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.sounding_title.Parameter MEDIUM" "wc-builder 1.0.19 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-guppy 1.3 Sensitive.Information.Disclosure HIGH" "wp-google-tag-manager No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wpzoom-portfolio 1.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.align.Attribute MEDIUM" "wpzoom-portfolio 1.2.2 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "woo-product-filter 2.5.1 Subscriber+.Table.Data.Access MEDIUM" "white-label-cms 2.7.5 Reflected.Cross-Site.Scripting MEDIUM" "white-label-cms 2.7.4 Missing.Authorization.to.Plugin.Settings.Reset MEDIUM" "white-label-cms 2.5 Admin+.PHP.Object.Injection LOW" "white-label-cms 2.2.9 Reflected.Cross-Site.Scripting MEDIUM" "woo-edit-templates 1.1.2 Reflected.XSS HIGH" "wps-hide-login 1.9.16.4 Hidden.Login.Page.Disclosure LOW" "wps-hide-login 1.9.16 Login.Page.Disclosure MEDIUM" "wps-hide-login 1.9.12 Hidden.Login.Page.Location.Disclosure LOW" "wps-hide-login 1.9.1 Protection.Bypass.with.Referer-Header MEDIUM" "wps-hide-login 1.5.5 Secret.Login.Page.Disclosure CRITICAL" "wps-hide-login 1.5.3 Multiples.Issues HIGH" "wp-fancybox 1.0.2 Authenticated.Stored.Cross-Site.Scripting LOW" "wp-google-maps 9.0.39 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-google-maps 9.0.37 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-google-maps 9.0.30 Reflected.Cross-Site.Scripting HIGH" "wp-google-maps 9.0.35 Information.Exposure.to.Potential.Denial.of.Service MEDIUM" "wp-google-maps 9.0.33 Admin+.Stored.Cross-Site.Scripting MEDIUM" "wp-google-maps 9.0.33 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-google-maps 9.0.29 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "wp-google-maps 9.0.28 Unauthenticated.Stored.XSS HIGH" "wp-google-maps 9.0.16 Admin+.Path.Traversal LOW" "wp-google-maps 8.1.13 Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "wp-google-maps 8.1.12 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-google-maps 7.11.35 CSRF.to.Stored.XSS MEDIUM" "wp-google-maps 7.11.28 Admin.Settings.CSRF CRITICAL" "wp-google-maps 7.11.18 Unauthenticated.SQL.Injection MEDIUM" "wp-expand-tabs-free 2.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-expand-tabs-free 2.1.15 Multiple.CSRF MEDIUM" "wp-expand-tabs-free 2.1.17 Contributor+.Stored.XSS MEDIUM" "wp-user-profile-avatar No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-user-profile-avatar 1.0.1 Author+.Avatar.Deletion/Update.via.IDOR LOW" "wp-user-profile-avatar 1.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wordpress-toolbar No.known.fix Open.Redirect MEDIUM" "wp-lister-for-amazon 2.6.17 Reflected.Cross-Site.Scripting MEDIUM" "wp-lister-for-amazon 2.6.12 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-lister-for-amazon 2.6.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-lister-for-amazon 2.4.4 Reflected.XSS HIGH" "wc4bp 3.4.20 Missing.Authorization MEDIUM" "wc4bp 3.4.21 Authenticated.(Subscriber+).PHP.Object.Injection.in.get_simple_request HIGH" "wc4bp 3.4.16 Reflected.Cross-Site.Scripting MEDIUM" "wc4bp 3.4.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wc4bp 3.2.6 Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-db-table-editor No.known.fix Missing.Authorization.to.Authenticated(Contributor+).Database.Access HIGH" "wc-quantity-plus-minus-button 1.2.0 Quantity.Plus.Minus.Button.for.WooCommerce.by.CodeAstrology.<.1,2,0.Settings.Update.via.CSRF MEDIUM" "website-article-monetization-by-magenet 1.0.12 Unauthenticated.Stored.XSS HIGH" "wp-user-merger 1.5.3 Admin+.SQLi.via.wpsu_user_id MEDIUM" "wp-user-merger 1.5.3 Admin+.SQLi.via.ID MEDIUM" "wp-user-merger 1.5.3 Admin+.SQLi.via.user_id MEDIUM" "woo-inpost No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.File.Read.and.Delete CRITICAL" "webriti-companion 1.9.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-custom-author-url 1.0.5 Admin+.Stored.XSS LOW" "wp-shieldon 1.6.4 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "wp-automedic No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-automedic 1.5.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-recipe-maker 9.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'group_tag' MEDIUM" "wp-recipe-maker 9.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wprm-recipe-roundup-item.Shortcode MEDIUM" "wp-recipe-maker 9.3.0 Authenticated.Stored.Cross-Site.Scripting.via.Video.Embed MEDIUM" "wp-recipe-maker 9.2.0 Missing.Authorization.to.Authenticated.(Subscriber+).SQL.Injecton HIGH" "wp-recipe-maker 9.1.1 Contributor+.Stored.Cross-Site.Scripting.via.header_tag MEDIUM" "wp-recipe-maker 9.1.1 Directory.Traversal MEDIUM" "wp-recipe-maker 9.1.1 Contributor+.Stored.Cross-Site.Scripting.via.Recipe.Notes MEDIUM" "wp-recipe-maker 9.1.1 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-recipe-maker 9.1.1 Reflected.Cross-Site.Scripting.via.Referer MEDIUM" "wp-recipe-maker 9.1.1 Contributor+.Stored.Cross-Site.Scripting.via.icon_color MEDIUM" "wp-recipe-maker 9.1.1 Contributor+.Stored.Cross-Site.Scripting.via.'tag' MEDIUM" "wp-recipe-maker 8.6.1 Contributor+.Stored.XSS MEDIUM" "widgets-reset No.known.fix Settings.Update.via.CSRF MEDIUM" "wh-testimonials No.known.fix Unauthenticated.Stored.XSS HIGH" "wp-nested-pages 3.2.9 Editor+.Stored.XSS LOW" "wp-nested-pages 3.2.8 Cross-Site.Request.Forgery.to.Local.File.Inclusion HIGH" "wp-nested-pages 3.2.7 Admin+.Stored.XSS LOW" "wp-nested-pages 3.2.4 Editor+.Plugin.Settings.Reset LOW" "wp-nested-pages 3.1.21 Admin+.Stored.Cross.Site.Scripting LOW" "wp-nested-pages 3.1.16 CSRF.to.Arbitrary.Post.Deletion.and.Modification HIGH" "wp-nested-pages 3.1.16 Open.Redirect MEDIUM" "wp-captcha No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-captcha No.known.fix Captcha.Bypass MEDIUM" "wp-category-posts-list No.known.fix Cross-Site.Request.Forgery.via.gen_set_page MEDIUM" "wp-category-posts-list No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-security-audit-log-premium 4.6.4.1 Authenticated.(Subscriber+).SQL.Injection HIGH" "wp-photo-effects 1.2.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-photo-effects 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-photo-effects 1.2.3 Subscriber+.Arbitrary.Option.Update CRITICAL" "woo-pensopay 6.3.2 Reflected.XSS HIGH" "wp-post-author 3.8.2 Authenticated.(Administrator+).SQL.Injection HIGH" "wp-post-author 3.6.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-post-author 3.7.5 Missing.Authorization MEDIUM" "wp-post-author 3.6.5 Subscriber+.Rating.Manipulation MEDIUM" "wp-simple-post-view 2.0.1 Post.View.Data.Reset.via.CSRF MEDIUM" "wp-s3 1.6 Reflected.XSS HIGH" "wp-google-maps-pro 8.1.12 Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "wp-newsletter-subscription No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "wp-discourse 2.5.2 Missing.Authorization MEDIUM" "woocustomizer 2.3.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wordpress-mobile-pack No.known.fix Cross-Site.Request.Forgery MEDIUM" "wordpress-mobile-pack 2.1.3 Information.Disclosure HIGH" "wp-maintenance-mode 2.6.9 Subscriber+.Page.design.Update MEDIUM" "wp-maintenance-mode 2.4.5 Subscribed.Users.Deletion.via.CSRF MEDIUM" "wp-maintenance-mode 2.0.7 Subscriber.Information.Disclosure MEDIUM" "wp-maintenance-mode 2.0.7 Authenticated.Multisite.Remote.Code.Execution HIGH" "wp-maintenance-mode 2.0.7 Missing.Settings.Authorization MEDIUM" "widgets-controller No.known.fix Unauthenticated.Cross-Site.Scripting MEDIUM" "wp-eMember 10.7.0 Stored.XSS.via.CSRF HIGH" "wp-eMember 10.6.7 Reflected.XSS.via.Member.Edit HIGH" "wp-eMember 10.6.7 Unauthenticated.Stored.XSS.via.Member.Registration HIGH" "wp-eMember 10.6.6 Reflected.XSS HIGH" "wp-eMember 10.6.6 Stored.XSS.in.Blacklist.via.CSRF HIGH" "wp-eMember 10.6.7 Reflected.XSS MEDIUM" "wp-eMember 10.6.6 Admin+.Arbitrary.File.Upload MEDIUM" "wp-eMember 10.6.6 Reflected.XSS HIGH" "wp-eMember 10.6.6 Bulk.Delete.via.CSRF MEDIUM" "wp-eMember 10.3.9 Reflected.XSS HIGH" "wp-eMember 10.3.9 Reflected.Cross-Site.Scripting MEDIUM" "who-hit-the-page-hit-counter No.known.fix Authenticated.(Administrator+).SQL.Injection HIGH" "who-hit-the-page-hit-counter No.known.fix CSRF MEDIUM" "who-hit-the-page-hit-counter No.known.fix Hit.Counter.<=.1.4.14.3.-.Reflected.XSS HIGH" "web-directory-free 1.7.4 Reflected.Cross-Site.Scripting MEDIUM" "web-directory-free 1.7.3 Unauthenticated.LFI HIGH" "web-directory-free 1.7.2 Reflected.XSS HIGH" "web-directory-free 1.7.0 Unauthenticated.SQL.Injection HIGH" "wp-schema-pro 2.7.16 Contributor+.Custom.Field.Access LOW" "wp-rss-images No.known.fix Cross-Site.Request.Forgery MEDIUM" "woocommerce-order-barcodes 1.6.5 Cross-Site.Request.Forgery MEDIUM" "wp-domain-redirect No.known.fix Authenticated.SQL.Injection MEDIUM" "woocommerce-amazon-affiliates-light-version No.known.fix Lite.<=.3.1.-.CSRF MEDIUM" "wc-multivendor-marketplace 3.6.12 Reflected.Cross-Site.Scripting MEDIUM" "wc-multivendor-marketplace 3.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wc-multivendor-marketplace 3.4.12 Subscriber+.Unauthorised.AJAX.Calls HIGH" "wc-multivendor-marketplace 3.5.0 Multiple.CSRF MEDIUM" "wc-multivendor-marketplace 3.4.12 WooCommerce.Multivendor.Marketplace.<.3.4.12.-.Unauthenticated.SQL.Injection HIGH" "wc-venipak-shipping 1.19.6 Reflected.Cross-Site.Scripting.via.'venipak_labels_link' MEDIUM" "wp-product-review 3.7.6 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "website-testimonials 6.1.1 Reflected.Cross-Site.Scripting MEDIUM" "webwinkelkeur 3.25 Cross-Site.Request.Forgery MEDIUM" "wp-ajax-contact-form No.known.fix Reflected.Cross-Site.Scripting HIGH" "wp-ajax-contact-form No.known.fix Arbitrary.Email.Deletion.via.CSRF MEDIUM" "wp-staging-pro 5.6.1 Backup.Duplicator.&.Migration.<.5.6.1.-.Cross-Site.Request.Forgery.to.Limited.Local.File.Inclusion HIGH" "wp-staging-pro 5.5.0 Sensitive.Information.Exposure.via.Log.File MEDIUM" "wp-staging-pro 5.4.0 Admin+.Stored.XSS LOW" "wp-staging-pro 5.1.3 Unauthenticated.Backup.Download HIGH" "wp-mpdf 3.8 Reflected.Cross-Site.Scripting MEDIUM" "wp-mpdf 3.5.2 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "wpcasa-mail-alert 3.3.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-estimation-form 10.1.76 Reflected.Cross-Site.Scripting MEDIUM" "wp-estimation-form 10.1.77 Missing.Authorization MEDIUM" "wp-estimation-form 10.1.76 Authenticated.(Contributor+).SQL.Injection CRITICAL" "woo-events 4.1.3 Unauthenticated.Arbitrary.File.Overwrite CRITICAL" "wp-foft-loader 2.1.29 Reflected.Cross-Site.Scripting MEDIUM" "wp-foft-loader 2.1.21 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-page-duplicator No.known.fix Missing.Authorization.to.Unauthenticated.Post/Page.Duplication MEDIUM" "wp-time-capsule 1.22.21 Authentication.Bypass.to.Account.Takeover CRITICAL" "wp-time-capsule 1.22.7 Reflected.Cross-Site.Scripting HIGH" "wp-time-capsule 1.21.16 Authentication.Bypass CRITICAL" "woocommerce-extra-charges-to-payment-gateways No.known.fix Unauthorised.Arbitrary.Plugin.Settings.Change.to.Stored.XSS CRITICAL" "wp-gdpr-core No.known.fix Multiple.Unauthenticated.Issues HIGH" "woo-floating-cart-lite 2.7.4 Reflected.Cross-Site.Scripting MEDIUM" "woo-floating-cart-lite 2.6.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-codemirror-block 2.0.0 Contributor+.Stored.XSS MEDIUM" "wp-search-keyword-redirect No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-widget-bundle No.known.fix Unauthencated.Reflected.XSS MEDIUM" "wp-widget-bundle No.known.fix Widget.Disable/Enable.via.CSRF MEDIUM" "wp-widget-bundle No.known.fix Admin+.Stored.XSS LOW" "wp-job-manager-resumes 2.2.0 Resume.Manager.<.2.2.0.-.Missing.Authorization MEDIUM" "wp-job-manager-resumes 2.2.0 Resume.Manager.<.2.2.0.-.Cross-Site.Request.Forgery MEDIUM" "weather-in-any-city-widget 1.1.41 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-paypal-payments 2.0.5 Merchant.ID.Details.Update.via.CSRF MEDIUM" "wc-frontend-manager 6.7.13 Insecure.Direct.Object.Reference.to.Account.Takeover/Privilege.Escalation HIGH" "wc-frontend-manager 6.7.9 Authenticated.(Shop.manager+).Stored.Cross-Site.Scripting MEDIUM" "wc-frontend-manager 6.6.1 Subscriber+.Unauthorised.AJAX.Calls MEDIUM" "wc-frontend-manager 6.6.0 Multiple.CSRF MEDIUM" "wc-frontend-manager 6.5.12 Frontend.Manager.for.WooCommerce.<.6.5.12.-.Customer/Subscriber+.SQL.Injection HIGH" "wp-business-intelligence 1.6.3 SQL.Injection CRITICAL" "wow-moodboard-lite No.known.fix Open.Redirect MEDIUM" "wp-edit-menu No.known.fix Arbitrary.Post.Deletion.via.CSRF MEDIUM" "wp-edit-menu 1.5.0 Unauthenticated.Arbitrary.Post.Deletion HIGH" "wpcom-member 1.5.4.1 Reflected.Cross-Site.Scripting MEDIUM" "wpcom-member 1.5.3 Unauthenticated.Privilege.Escalation.via.User.Meta CRITICAL" "wp-ticket 5.10.4 Admin+.Stored.Cross-Site.Scripting LOW" "wp-ticket 5.6.0 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-advanced-search 3.3.9.2 Unauthenticated.SQL.Injection HIGH" "wp-advanced-search 3.3.9 Settings.Update.via.CSRF MEDIUM" "wp-advanced-search 3.3.7 Authenticated.SQL.Injection HIGH" "woo-nmi-three-step No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-nmi-three-step No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-nmi-three-step No.known.fix CSRF.Bypass MEDIUM" "wp-visual-slidebox-builder No.known.fix Subscriber+.SQLi HIGH" "wp-cookiechoise No.known.fix CSRF.to.Stored.Cross-Site.Scripting HIGH" "wp-server-stats 1.7.8 Injected.Backdoor CRITICAL" "wp-server-stats 1.7.4 Cross-Site.Request.Forgery MEDIUM" "wp-server-stats 1.7.0 Admin+.Stored.Cross-Site.Scripting LOW" "wp-insurance 2.1.4 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "wpbrutalai 2.06 Admin+.Stored.XSS LOW" "wpbrutalai 2.0.0 SQL.Injection.via.CSRF HIGH" "wpbrutalai 2.0.1 Admin+.Reflected.XSS HIGH" "wp-import-export-lite 3.9.27 Authenticated.(Administrator+).PHP.Object.Injection HIGH" "wp-import-export-lite 3.9.16 Unauthenticated.Sensitive.Data.Disclosure HIGH" "wp-import-export-lite 3.9.5 Subscriber+.Extensions.Update MEDIUM" "wp-import-export-lite 3.9.5 Subscriber+.Arbitrary.Blog.Options.Update HIGH" "wp-force-ssl 1.67 Missing.Authorization.to.Settings.Update MEDIUM" "wp-travel-blocks 3.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-travel-blocks 3.6.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woo-billing-with-invoicexpress 3.0.3 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-s3-smart-upload 1.5.1 Missing.Authorization MEDIUM" "wp-simple-events No.known.fix Admin+.Cross.Site.Scripting MEDIUM" "workscout-core 1.3.4 Authenticated.Stored.XSS.&.XFS HIGH" "wppdf No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-ultra-simple-paypal-shopping-cart 4.5 Cross-Site.Request.Forgery.(CSRF) HIGH" "wordpress-plugin-for-simple-google-adsense-insertion 2.1 Inject.ads.and.javascript.via.CSRF MEDIUM" "wpmailer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-fevents-book No.known.fix Subscriber+.Stored.XSS HIGH" "wp-fevents-book No.known.fix Subscriber+.Arbitrary.Booking.Manipulation.via.IDOR MEDIUM" "wp-job-portal 2.1.7 Missing.Authorization.to.Unauthenticated.Local.File.Inclusion,.Arbitrary.Settings.Update,.and.User.Creation CRITICAL" "wp-job-portal No.known.fix Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "wp-job-portal 2.1.4 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-job-portal 2.1.4 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-job-portal 2.0.7 Cross-Site.Request.Forgery MEDIUM" "wp-job-portal 2.0.6 Unauthenticated.SQLi HIGH" "wp-job-portal 2.0.2 Unauthenticated.Settings.Update MEDIUM" "wp-job-portal 2.0.6 Subscriber+.Stored.XSS HIGH" "widget-extend-builtin-query 1.06 Reflected.Cross-Site.Scripting MEDIUM" "wappointment 2.6.1 Admin+.SSRF MEDIUM" "wappointment 2.2.5 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-jobsearch 2.6.1 Unauthenticated.PHP.Object.Injection CRITICAL" "wp-jobsearch 2.6.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-jobsearch 2.5.6 Missing.Authorization MEDIUM" "wp-jobsearch 2.5.6 Missing.Authorization MEDIUM" "wp-jobsearch 2.5.4 Cross-Site.Request.Forgery MEDIUM" "wp-jobsearch 2.5.4 Unauthenticated.PHP.Object.Injection CRITICAL" "wp-jobsearch No.known.fix Authentication.Bypass.to.Account.Takeover CRITICAL" "wp-jobsearch 2.3.4 Arbitrary.File.Upload.to.RCE CRITICAL" "wp-jobsearch 2.3.4 Authentication.Bypass CRITICAL" "wp-jobsearch 1.8.2 Subscriber+.Arbitrary.Blog.Options.Update HIGH" "wp-jobsearch 1.8.2 Subscriber+.Add/Update.Schedule.Calls MEDIUM" "wp-jobsearch 1.8.2 Unauthenticated.Plugin's.Settings.Update MEDIUM" "wp-jobsearch 1.7.4 Authenticated.Stored.XSS MEDIUM" "wp-jobsearch 1.5.6 Unauthenticated.Reflected.XSS MEDIUM" "wp-jobsearch 1.5.5 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "wp-jobsearch 1.5.3 Multiple.Cross-Site.Scripting.Issues MEDIUM" "wp-jobsearch 1.5.1 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "wp-cors 0.2.2 Admin+.Stored.XSS LOW" "wp-plugin-manager 1.1.8 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "wp-inject No.known.fix Admin+.Stored.XSS LOW" "wp-inject 1.16 Stored.XSS.&.CSRF HIGH" "wc-sales-notification 1.2.3 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "wpb-elementor-addons 1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpb-elementor-addons 1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.url.Parameter MEDIUM" "wpb-elementor-addons 1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "w3swoozoho 1.3.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpforms-lite 1.8.8.2 Unauthenticated.Price.Manipulation MEDIUM" "wpforms-lite 1.8.1.3 Reflected.XSS MEDIUM" "wpforms-lite 1.7.5.5 Admin+.Arbitrary.File.Access MEDIUM" "wpforms-lite 1.6.0.2 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wpforms-lite 1.5.9 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "wpforms-lite 1.4.8.1 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "wpforms-lite 1.4.8 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-infusionsoft-woocommerce 1.0.9 Reflected.Cross-Site.Scripting HIGH" "wp-to-buffer 3.7.5 Reflected.Cross-Site.Scripting HIGH" "wp-members 3.4.9.4 Unprotected.Storage.of.Potentially.Sensitive.Files MEDIUM" "wp-members 3.4.9.3 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-members 3.4.9.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-members 3.4.9 Contributor+.Sensitive.Information.Exposure MEDIUM" "wp-members 3.4.8 Subscriber+.Unauthorized.Plugin.Settings.Update MEDIUM" "wp-members 3.2.8.1 Cross-Site.Request.Forgery.(CSRF) HIGH" "wp-members 3.1.8 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "woo-pdf-invoices-bulk-download No.known.fix Reflected.Cross-Site.Scripting.via.PHPRelativePath.Library HIGH" "wpmm-memory-meter 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-performance-score-booster 2.1 Settings.Change.via.CSRF MEDIUM" "wp-reroute-email 1.4.8 Improper.Neutralization.of.Special.Elements.used.in.an.SQL.Command.('SQL.Injection') MEDIUM" "wp-reroute-email 1.4.8 Cross-Site.Request.Forgery HIGH" "woo-product-carousel-slider-and-grid-ultimate No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "woo-product-carousel-slider-and-grid-ultimate 1.9.8 Authenticated(Contributor+).PHP.Object.Injection HIGH" "wp-meteor 3.4.4 Unauthenticated.Full.Path.Disclosure MEDIUM" "webtoffee-gdpr-cookie-consent 2.6.1 Bulk.Delete.via.CSRF MEDIUM" "webtoffee-gdpr-cookie-consent 2.6.1 Unauthenticated.Stored.XSS HIGH" "wordpress-multisite-user-sync 2.1.2 Reflected.Cross-Site.Scripting MEDIUM" "w-dalil No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "wc4bp-groups 1.1.1 Reflected.Cross-Site.Scripting MEDIUM" "wow-carousel-for-divi-lite 1.2.12 Reflected.Cross-Site.Scripting MEDIUM" "wp-pinterest-automatic 4.14.4 Unauthenticated.Arbitrary.Options.Update CRITICAL" "wpfront-notification-bar 3.4 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "wpfront-notification-bar 3.4 Admin+.Stored.XSS MEDIUM" "wpfront-notification-bar 2.1.0.08087 Authenticated.Stored.XSS LOW" "wpfront-notification-bar 2.0.0.07176 Authenticated.Stored.XSS MEDIUM" "wp-offers No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-offers 1.1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-easycart 5.7.3 Authenticated.(Contributor+).SQL.Injection.via.model_number.Parameter HIGH" "wp-easycart 5.6.0 Missing.Authorization MEDIUM" "wp-easycart 5.6.5 Sensitive.Information.Exposure MEDIUM" "wp-easycart 5.6.0 Cross-Site.Request.Forgery MEDIUM" "wp-easycart 5.6.4 Contributor+.SQL.Injection MEDIUM" "wp-easycart 5.4.11 Administrator+.Time-based.SQL.Injection HIGH" "wp-easycart 5.4.9 Multiple.CSRFs MEDIUM" "wp-easycart 5.4.9 Product.Deletion.via.CSRF MEDIUM" "wp-easycart 5.4.3 Admin+.LFI MEDIUM" "wp-easycart 5.2.5 Arbitrary.Design.Settings.Update.via.CSRF MEDIUM" "wp-easycart 5.1.1 CSRF.to.Stored.Cross-Site.Scripting HIGH" "wp-easycart 3.0.21 3.0.20.-.Privilege.Escalation HIGH" "wp-donate 1.5 Unauthenticated.SQL.Injection HIGH" "wp-compress-image-optimizer 6.21.01 Reflected.Cross-Site.Scripting MEDIUM" "wp-compress-image-optimizer 6.20.02 Open.Redirect.via.css MEDIUM" "wp-compress-image-optimizer 6.20.02 Missing.Authorization MEDIUM" "wp-compress-image-optimizer 6.11.01 Cross-Site.Request.Forgery MEDIUM" "wp-compress-image-optimizer 6.11.11 Missing.Authorization.to.Unauthenticated.CDN.Modification HIGH" "wp-compress-image-optimizer 6.10.34 Unauthenticated.Arbitrary.File.Read HIGH" "wp-jobhunt 2.4 User.enumeration.&.Reset.password CRITICAL" "wp-seo-tags No.known.fix Reflected.Cross-Site.Scripting HIGH" "wp-experiments-free 9.0.1 Unauthenticated.SQLi HIGH" "wp-private-media No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-private-media No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-private-media No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-sms 6.9.4 Missing.Authorization MEDIUM" "wp-sms 6.5.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-sms 6.6.3 Cross-Site.Request.Forgery MEDIUM" "wp-sms 6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-sms 6.5.3 Reflected.Cross-Site.Scripting.via.'page' MEDIUM" "wp-sms 6.5.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wp-sms 6.5.1 Cross-Site.Request.Forgery.to.Subscriber.Deletion MEDIUM" "wp-sms 6.5.1 Contributor+.SQLi.to.Reflected.XSS HIGH" "wp-sms 6.2.0 User.Unsubscribe.via.CSRF MEDIUM" "wp-sms 6.1.5 Reflected.XSS HIGH" "wp-sms 6.0.4.1 Information.Disclosure.via.REST.API MEDIUM" "wp-sms 5.4.13 Authenticated.Stored.Cross-Site.Scripting LOW" "wp-sms 5.4.9.1 Reflected.Cross-Site.Scripting.(XSS) HIGH" "wp-database-error-manager No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-emember 10.6.6 Authenticated.(Admin+).Arbitrary.File.Upload MEDIUM" "wp-planet No.known.fix Unauthenticated.Reflected.XSS MEDIUM" "wp-dev-powers-display-screen-dimensions-to-admin No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-vietnam-checkout 2.0.8 Authenticated.(Shop.manager+).Stored.Cross-Site.Scripting MEDIUM" "woo-vietnam-checkout 2.0.8 Admin+.Stored.Cross-Site.Scripting MEDIUM" "woo-vietnam-checkout 2.0.6 Unauthenticated.Stored.XSS HIGH" "woo-vietnam-checkout 2.0.5 Reflected.XSS HIGH" "woocommerce-multiple-free-gift No.known.fix Insufficient.Server-Side.Validation.to.Arbitrary.Gift.Adding MEDIUM" "wpspx No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "waitlist-woocommerce 2.7.6 Reflected.Cross-Site.Scripting MEDIUM" "waitlist-woocommerce 2.6.1 Missing.Authorization MEDIUM" "waitlist-woocommerce 2.5.3 Settings.Reset.via.CSRF MEDIUM" "waitlist-woocommerce 2.5.1 Various.Versions.CSRF.to.Arbitrary.Options.Update HIGH" "wp-tools-divi-product-carousel 1.5.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-tools-divi-product-carousel 1.5.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-best-quiz No.known.fix Author+.Stored.XSS MEDIUM" "wc-cross-seller No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wc-cross-seller No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-express-checkout 2.3.8 Unauthenticated.Price.Manipulation MEDIUM" "wp-express-checkout 2.2.9 Admin+.Stored.XSS LOW" "wp-database-backup 5.9 Admin+.Stored.Cross-Site.Scripting LOW" "wp-database-backup 5.2 Unauthenticated.OS.Command.Injection MEDIUM" "wp-database-backup 5.1.2 XSS HIGH" "wp-database-backup 4.3.6 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "woocommerce-openpos 7.0.1 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "woocommerce-openpos 7.0.1 Unauthenticated.SQL.Injection HIGH" "woocommerce-openpos 7.0.2 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "wc-ciudades-y-regiones-de-chile No.known.fix Cross-Site.Request.Forgery.via.multiple.functions MEDIUM" "wp-tools-gravity-forms-divi-module 7.1.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-tools-gravity-forms-divi-module 6.6.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-parsidate 4.0.2 Reflected.Cross-Site.Scripting MEDIUM" "wp-youtube-live 1.8.3 Admin+.Stored.Cross.Site.Scripting LOW" "wp-youtube-live 1.7.22 Authenticated.Reflected.Cross-Site.Scripting MEDIUM" "wp-tweet-walls 1.0.4 Cross-Site.Request.Forgery MEDIUM" "wp-social-bookmark-menu No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-map-block 1.2.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wsb-brands 1.2 Admin+.Stored.XSS LOW" "wp-ticket-ultra No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "wpgateway No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "widget-detector-elementor 1.2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-super-cache 1.9 Unauthenticated.Cache.Poisoning MEDIUM" "wp-super-cache 1.7.3 Authenticated.Remote.Code.Execution HIGH" "wp-super-cache 1.7.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-super-cache 1.7.2 Authenticated.Remote.Code.Execution.(RCE) HIGH" "wp-super-cache 1.4.9 Cross-Site.Scripting.(XSS) MEDIUM" "wp-super-cache 1.4.5 PHP.Object.Injection HIGH" "wp-super-cache 1.4.3 Stored.Cross-Site.Scripting.(XSS) HIGH" "wp-super-cache 1.3.1 trunk/plugins/badbehaviour.php.URI.XSS MEDIUM" "wp-super-cache 1.3.1 trunk/plugins/domain-mapping.php.URI.XSS MEDIUM" "wp-super-cache 1.3.1 trunk/plugins/awaitingmoderation.php.URI.XSS MEDIUM" "wp-super-cache 1.3.1 trunk/wp-cache.php.wp_nonce_url.Function.URI.XSS MEDIUM" "wp-super-cache 1.3.1 trunk/plugins/searchengine.php.URI.XSS MEDIUM" "wp-super-cache 1.3.1 trunk/plugins/wptouch.php.URI.XSS MEDIUM" "wp-super-cache 1.3.2 Remote.Code.Execution HIGH" "woo-product-reviews-shortcode 1.01.6 Missing.Authorization MEDIUM" "woo-product-reviews-shortcode 1.01.4 Cross-Site.Request.Forgery MEDIUM" "woo-product-reviews-shortcode 1.0.21 Reflected.Cross-Site.Scripting MEDIUM" "woo-product-reviews-shortcode 1.0.17 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers 2.1.6 Settings.Update.via.CSRF MEDIUM" "woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers 2.1.4.1 Reflected.Cross-Site.Scripting MEDIUM" "woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers 2.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-tell-a-friend-popup-form No.known.fix Admin+.Stored.XSS LOW" "wp-tell-a-friend-popup-form No.known.fix Settings.Update.via.CSRF MEDIUM" "woocommerce-abandoned-cart 5.16.2 Multiple.CSRF MEDIUM" "woocommerce-abandoned-cart 5.16.2 Missing.Authorization.via.multiple.AJAX.functions MEDIUM" "woocommerce-abandoned-cart 5.16.1 Improper.Authorization.via.wcal_delete_expired_used_coupon_code LOW" "woocommerce-abandoned-cart 5.16.1 Improper.Authorization.via.wcal_preview_emails LOW" "woocommerce-abandoned-cart 5.16.0 Admin+.Stored.XSS LOW" "woocommerce-abandoned-cart 5.15.0 Authentication.Bypass CRITICAL" "woocommerce-abandoned-cart 5.8.6 CSRF.Nonce.Bypasses MEDIUM" "woocommerce-abandoned-cart 5.8.3 Unauthenticated.SQL.Injection CRITICAL" "woocommerce-abandoned-cart 5.2.0 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "woocommerce-abandoned-cart 1.9 Authenticated.Blind.SQL.Injection CRITICAL" "wp-useronline 2.88.3 Unauthenticated.Stored.XSS HIGH" "wp-useronline 2.88.1 Admin+.Stored.Cross-Site.Scripting LOW" "wp-useronline 2.88.0 Admin+.Stored.Cross-Site.Scripting LOW" "woocommerce-jetpack 7.1.9 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "woocommerce-jetpack 7.1.8 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-jetpack 7.1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortocde MEDIUM" "woocommerce-jetpack 7.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-jetpack 7.1.2 Missing.Authorization.to.Authenticated.(Subscriber+).Order.Information.Disclosure MEDIUM" "woocommerce-jetpack 7.1.3 Missing.Authorization.to.Product.Creation/Modification MEDIUM" "woocommerce-jetpack 7.1.3 Contributor+.Stored.XSS MEDIUM" "woocommerce-jetpack 7.1.2 Authenticated.(Subscriber+).Information.Disclosure.via.Shortcode MEDIUM" "woocommerce-jetpack 7.1.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "woocommerce-jetpack 7.1.1 Subscriber+.Sensitive.Information.Disclosure MEDIUM" "woocommerce-jetpack 7.1.0 Shop.Manager+.Missing.Authorization.to.Arbitrary.Options.Update MEDIUM" "woocommerce-jetpack 6.0.1 Multiple.CSRF MEDIUM" "woocommerce-jetpack 5.6.3 Reflected.Cross-Site.Scripting HIGH" "woocommerce-jetpack 5.6.7 Custom.Role.Creation/Deletion.via.CSRF MEDIUM" "woocommerce-jetpack 5.6.7 Checkout.Files.Deletion.via.CSRF LOW" "woocommerce-jetpack 5.6.7 ShopManager+.Arbitrary.File.Download MEDIUM" "woocommerce-jetpack 5.6.7 Settings.Reset.via.CSRF MEDIUM" "woocommerce-jetpack 5.6.3 Subscriber+.Order.Status.Update MEDIUM" "woocommerce-jetpack 5.6.2 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-jetpack 5.4.9 Reflected.Cross-Site.Scripting.in.PDF.Invoicing.Module HIGH" "woocommerce-jetpack 5.4.9 Reflected.Cross-Site.Scripting.in.Product.XML.Feeds.Module HIGH" "woocommerce-jetpack 5.4.9 Reflected.Cross-Site.Scripting.in.General.Module HIGH" "woocommerce-jetpack 5.4.4 Authentication.Bypass CRITICAL" "woocommerce-jetpack 3.8.0 XSS MEDIUM" "woocommerce-delivery-date No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-register-profile-with-shortcode 3.6.0 Cross-Site.Request.Forgery.to.User.Password.Reset HIGH" "wp-register-profile-with-shortcode 3.5.9 Admin+.Stored.XSS LOW" "wp-swimteam 1.45 Local.File.Inclusion MEDIUM" "woo-checkout-field-editor-pro 2.0.4 Reflected.Cross-Site.Scripting.via.render_review_request_notice MEDIUM" "woo-checkout-field-editor-pro 1.8.0 Admin+.PHP.Object.Injection MEDIUM" "weblizar-pinterest-feeds 1.1.2 Authenticated.XSS.&.CSRF HIGH" "wpbulky-wp-bulk-edit-post-types 1.0.10 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wordpress-seo-premium 11.6 Authenticated.Stored.XSS CRITICAL" "wp-gdpr-compliance No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-gdpr-compliance 2.0.23 Subscriber+.Arbitrary.Options.Update HIGH" "wp-gdpr-compliance 2.0.8 Reflected.Cross-Site.Scripting MEDIUM" "wp-gdpr-compliance 1.5.6 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "wp-gdpr-compliance 1.4.3 Unauthenticated.Call.Any.Action.or.Update.Any.Option CRITICAL" "wordpress-ping-optimizer No.known.fix Log.Clearing.via.CSRF MEDIUM" "wordpress-ping-optimizer 2.35.1.3.0 Arbitrary.Settings.Update.via.CSRF MEDIUM" "wp-page-post-widget-clone No.known.fix Missing.Authorization MEDIUM" "wp-live-chat-software-for-wordpress 4.5.16 Cross-Site.Request.Forgery MEDIUM" "wp-email-capture 3.11 Unauthenticated.Email.Capture.Download MEDIUM" "wp-email-capture 3.10 Email.Captures.Update.via.CSRF MEDIUM" "wp-email-capture 3.10 Admin+.Stored.XSS LOW" "woocommerce-wholesale-prices 2.2.0 Missing.Authorization MEDIUM" "woocommerce-wholesale-prices 2.1.5.1 Cross-Site.Request.Forgery MEDIUM" "woocommerce-wholesale-prices 2.1.5.1 Subscriber+.Missing.Authorization.for.Plugin.Settings.Change MEDIUM" "woocommerce-wholesale-prices 2.1.5.1 Subscriber+.Stored.Cross-Site.Scripting HIGH" "woo-custom-emails No.known.fix Reflected.XSS HIGH" "woo-custom-emails No.known.fix Reflected.XSS HIGH" "woo-custom-emails No.known.fix Unauthenticated.Email.Settings.Update MEDIUM" "wpb-advanced-faq No.known.fix Contributor+.Stored.XSS MEDIUM" "woocommerce-mercadopago 7.6.2 7.6.1.-.Authenticated.(Subscriber+).Arbitrary.File.Download MEDIUM" "woocommerce-mercadopago 6.4.0 CSRF MEDIUM" "woo-producttables-pro 1.9.5 Unauthenticated.Arbitrary.SQL.Execution CRITICAL" "wordpress-meta-robots No.known.fix Authenticated.Blind.SQL.Injection HIGH" "wp-store-locator-extenders 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-store-locator-extenders 1.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-parcel-pro 1.6.12 Cross-Site.Request.Forgery MEDIUM" "woo-parcel-pro 1.6.12 Open.Redirect MEDIUM" "wp-site-protector No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-stacker No.known.fix Stored.XSS.via.CSRF HIGH" "wp-megamenu 1.4.1 Subscriber+.Arbitrary.Post.Access MEDIUM" "wp-megamenu 1.4.0 Unauthenticated.Arbitrary.Post.Access HIGH" "wp-megamenu 1.4.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-discord-invite 2.5.2 Admin+.Stored.Cross.Site.Scripting LOW" "wp-discord-invite 2.5.1 Arbitrary.Settings.Update.via.CSRF HIGH" "wp-discord-invite 2.5.1 Reflected.Cross-Site.Scripting.via.webhook MEDIUM" "woocommerce-sendinblue-newsletter-subscription 4.0.18 Authenticated.(Editor+).Arbitrary.File.Download.and.Deletion HIGH" "wp-contact-slider 2.4.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-contact-slider 2.4.8 Admin+.Stored.Cross-Site.Scripting LOW" "wp-contact-slider 2.4.7 Editor+.Stored.Cross-Site.Scripting LOW" "wp-contact-slider 2.4.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-to-twitter 3.3.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-to-twitter 3.3.0 Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-svg-images 4.3 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG MEDIUM" "wp-svg-images 3.4 Authenticated.(author+).Stored.XSS.via.SVG MEDIUM" "wordpress-23-related-posts-plugin No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wordpress-23-related-posts-plugin 2.7.2 Cross-Site.Request.Forgery MEDIUM" "wp-woo-commerce-sync-for-g-sheet No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-cloudy 4.4.9 Admin+.SQL.Injection MEDIUM" "wplite No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-clover-gateway-by-zaytech 1.3.2 Missing.Authorization.via.callback_handler MEDIUM" "wp-terms-popup 2.6.1 Admin+.Stored.XSS LOW" "woocommerce-predictive-search 6.1.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-concours No.known.fix Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "wpdm-gutenberg-blocks 2.1.9 Contributor+.XSS MEDIUM" "wp-sentry No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "wc-product-table-lite 3.8.6 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "wc-product-table-lite 3.8.6 Missing.Authorization.to.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wc-product-table-lite 3.1.0 CSRF MEDIUM" "wc-product-table-lite 2.4.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-catalogue No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "woo-orders-tracking 1.2.11 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "woo-orders-tracking 1.2.6 Admin+.Arbitrary.File.Access/Read MEDIUM" "woo-orders-tracking 1.1.10 Reflected.Cross-Site.Scripting HIGH" "wp-imageflow2 5.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-calameo 2.1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woo-coupons-bulk-editor 1.3.40 Reflected.Cross-Site.Scripting MEDIUM" "woo-coupons-bulk-editor 1.3.28 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-post-page-clone 1.2 Unauthorised.Post.Access MEDIUM" "wp-post-page-clone 1.1 SQL.Injections.due.to.Duplicated.Snippets HIGH" "wp-spell-check 9.18 Cross-Site.Request.Forgery MEDIUM" "wp-spell-check 9.13 Admin+.Stored.Cross-Site.Scripting LOW" "wp-spell-check 9.13 Ignored.Word.Deletion.via.CSRF MEDIUM" "wp-spell-check 9.3 Reflected.Cross-Site.Scripting HIGH" "wp-spell-check 7.1.10 Cross-Site.Request.Forgery.(CSRF) HIGH" "woo-seo-addon 2.1.6 Reflected.Cross-Site.Scripting MEDIUM" "woo-seo-addon 2.1.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-wholesale-pricing 2.3.1 Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "woocommerce-wholesale-pricing 2.3.1 Unauthenticated.Information.Exposure MEDIUM" "wpgt-google-translate No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpgt-google-translate No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wha-puzzle No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-poll No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.via.form_data.Parameter HIGH" "wp-poll 3.3.78 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-poll 3.3.77 Information.Exposure MEDIUM" "wps-team 2.8.0 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-shipping-multiple-addresses 3.8.10 Missing.Authorization MEDIUM" "woocommerce-shipping-multiple-addresses 3.8.6 Cross-Site.Request.Forgery MEDIUM" "woocommerce-shipping-multiple-addresses 3.8.6 Reflected.Cross-Site.Scripting HIGH" "woocommerce-shipping-multiple-addresses 3.8.6 Customer+.Shipping.Address.Update MEDIUM" "woocommerce-shipping-multiple-addresses 3.8.6 Billing.Address.Update.via.CSRF MEDIUM" "woocommerce-shipping-multiple-addresses 3.8.4 Subscriber+.Shipping.Address.Disclosure.via.IDOR MEDIUM" "woocommerce-shipping-multiple-addresses 3.7.2 Address.Creation/Update/Deletion.via.CSRF MEDIUM" "woocommerce-shipping-multiple-addresses 3.7.2 Reflected.Cross-Site.Scripting HIGH" "wordapp No.known.fix Authorization.Bypass.via.Insufficiently.Unique.Cryptographic.Signature CRITICAL" "webhotelier 1.6.1 Reflected.Cross-Site.Scripting.(XSS) HIGH" "wp-mlm No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "wp-mlm No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-csv-exporter 1.3.7 CSV.Injection LOW" "wp-csv-exporter 1.3.7 Admin+.SQLi MEDIUM" "widget-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "wordpress-seo 22.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wordpress-seo 22.6 Reflected.Cross-Site.Scripting MEDIUM" "wordpress-seo 21.1 Authenticated.(Seo.Manager+).Stored.Cross-Site.Scripting MEDIUM" "wordpress-seo 17.3 Unauthenticated.Full.Path.Disclosure NONE" "wordpress-seo 11.6 Authenticated.Stored.XSS CRITICAL" "wordpress-seo 9.2 Authenticated.Race.Condition MEDIUM" "wordpress-seo 5.8 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "wordpress-seo 3.4.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "woorocks-magic-content-for-siteorigins-pagebuilder No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woorocks-magic-content-for-siteorigins-pagebuilder No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "wc-j-upsellator 2.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "weekly-schedule 3.4.3 Authenticated.Stored.XSS MEDIUM" "webo-facto-connector 1.41 Unauthenticated.Privilege.Escalation CRITICAL" "wpo365-login 28.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.pintra.Shortcode MEDIUM" "wpo365-login 15.4 Unauthenticated.Stored.Cross-Site.Scripting CRITICAL" "wpo365-login 11.7 JWT.Signature.Verification.Bypass HIGH" "wookit No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-copysafe-web 4.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-copysafe-web 3.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-copysafe-web 3.14 Unauthenticated.Reflected.XSS HIGH" "wp-copysafe-web 2.6 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wp-category-dropdown No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.align.Parameter MEDIUM" "wpg-videos No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpsimpletools-log-viewer No.known.fix Cross-Site.Request.Forgery.via.wpst_lw_viewer MEDIUM" "wp-scheduled-posts 5.1.4 Unauthenticated.Full.Path.Disclosure MEDIUM" "wp-scheduled-posts 5.0.9 Missing.Authorization MEDIUM" "wp-scheduled-posts 5.0.5 Contributor+.Arbitrary.Post.Update/Deletion LOW" "wp-responsive-photo-gallery 1.0.14 Reflected.XSS HIGH" "wp-responsive-photo-gallery 1.0.14 Reflected.Cross-Site.Scripting MEDIUM" "wp-home-page-menu 3.1 Admin+.Stored.Cross-Site.Scripting LOW" "wp-facebook-feed No.known.fix Reflected.XSS HIGH" "wp-facebook-feed No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-seopress 8.2 Reflected.Cross-Site.Scripting MEDIUM" "wp-seopress 7.9.1 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Social.Image.URL MEDIUM" "wp-seopress 7.9 Unauthenticated.Object.Injection HIGH" "wp-seopress 7.8 Contributor+.Open.Redirect LOW" "wp-seopress 7.8 Contributor+.Stored.XSS MEDIUM" "wp-seopress 7.6 Contributor+.Stored.XSS MEDIUM" "wp-seopress 7.7 Information.Exposure MEDIUM" "wp-seopress 7.6 Author+.Stored.Cross-Site.Scripting MEDIUM" "wp-seopress 7.3 Admin+.Stored.XSS LOW" "wp-seopress 6.5.0.3 Admin+.PHP.Object.Injection MEDIUM" "wp-seopress 5.0.4 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "wp-conference-schedule 1.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-user-frontend 4.0.8 Authenticated.(Administrator+).SQL.Injection CRITICAL" "wp-user-frontend 4.0.8 Use.of.Polyfill.io MEDIUM" "wp-user-frontend 3.6.6 Authenticated.(Author+).Privilege.Escalation HIGH" "wp-user-frontend 3.6.9 Missing.Authorization.via.AJAX.actions MEDIUM" "wp-user-frontend 3.5.29 Obscure.Registration.as.Admin MEDIUM" "wp-user-frontend 3.5.26 SQL.Injection.to.Reflected.Cross-Site.Scripting HIGH" "wp-user-frontend 3.5.25 Admin+.SQL.Injection MEDIUM" "wp-heyloyalty No.known.fix Unauthenticated.RCE.via.PHPUnit CRITICAL" "woocommerce-shipping-gateway-per-product 2.3.3 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-shipping-gateway-per-product 2.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wptf-image-gallery No.known.fix Remote.File.Download HIGH" "wp-product-feed-manager 2.9.0 Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.Feed.Actions MEDIUM" "wp-product-feed-manager 2.6.0 Authenticated.(Admin+).SQL.Injection.to.Reflected.Cross-Site.Scripting HIGH" "wp-product-feed-manager 2.3.0 Authenticated.(Shop.manager+).Stored.Cross-Site.Scripting MEDIUM" "wp-image-slideshow 12.1 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "woocommerce-multilingual 5.3.8 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-multilingual 5.3.7 Missing.Authorization MEDIUM" "woocommerce-multilingual 5.3.4 Shop.Manager+.SQL.Injection MEDIUM" "woocommerce-multilingual 5.3.4 Shop.Manager+.SQL.Injection MEDIUM" "woocommerce-multilingual 5.3.4 Shop.Manager+.SQL.Injection MEDIUM" "woocommerce-multilingual 5.3.4 Shop.Manager+.SQL.Injection MEDIUM" "woocommerce-multilingual 5.3.5 Missing.Authorization MEDIUM" "woo-abandoned-cart-recovery 1.0.4.1 Cross-Site.Request.Forgery MEDIUM" "woo-abandoned-cart-recovery 1.0.4.1 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "woo-extra-cost No.known.fix CSRF.Bypass MEDIUM" "woocommerce-stock-manager 2.11.0 Cross-Site.Request.Forgery MEDIUM" "woocommerce-stock-manager 2.6.0 CSRF.to.Arbitrary.File.Upload HIGH" "woo-easy-duplicate-product 0.3.0.8 Missing.Authorization.via.wedp_duplicate_product_action MEDIUM" "woo-easy-duplicate-product 0.3.0.1 Reflected.XSS HIGH" "wc-sms 2.7 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-subscriptions 5.8.0 Missing.Authorization MEDIUM" "woocommerce-subscriptions 4.6.0 Subscription.Suspension/Activation.via.CSRF MEDIUM" "woocommerce-subscriptions 4.6.0 Cross-Site.Request.Forgery MEDIUM" "woocommerce-subscriptions 2.6.3 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "woocommerce-subscriptions 3.0.3 CSRF.to.Cancel/Re-Activate.Subscription LOW" "wp-colorbox 1.1.5 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "woo-myghpay-payment-gateway No.known.fix Reflected.Cross-Site.Scripting HIGH" "wp-facebook-group No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-facebook-group No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-lightbox-2 3.0.6.7 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "wp-lightbox-2 No.known.fix Admin+.Stored.XSS LOW" "wp-total-branding 1.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.title.Parameter MEDIUM" "woocommerce-admin 2.6.4 Analytics.Report.Leaks MEDIUM" "wpify-woo 4.0.11 Reflected.Cross-Site.Scripting MEDIUM" "wpify-woo 4.0.9 Missing.Authorization MEDIUM" "wpify-woo 3.5.7 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-user No.known.fix Unauthenticated.SQLi HIGH" "wp-user No.known.fix Admin+.Stored.XSS LOW" "wp-user 7.0 Reflected.Cross-Site.Scripting MEDIUM" "web3-coin-gate No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-fb-autoconnect 4.6.2 Cross-Site.Request.Forgery MEDIUM" "wooshark-aliexpress-importer 2.2.5 Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "wooshark-aliexpress-importer 2.2.5 Unauthenticated.Settings.&.Products.Update MEDIUM" "wp-custom-login-page No.known.fix Admin+.Stored.XSS LOW" "wp-marketing-automations 3.2.0 Authenticated.(Administrator+).SQL.Injection MEDIUM" "wp-marketing-automations 2.8.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-marketing-automations 2.7.0 Authenticated(Administrator+).SQL.Injection MEDIUM" "wp-marketing-automations 2.1.2 Subscriber+.Automation.Creation MEDIUM" "word-replacer-ultra No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Content.Update MEDIUM" "word-replacer-ultra No.known.fix Missing.Authorization MEDIUM" "wp-limit-failed-login-attempts 5.4 IP.Address.Spoofing.to.Protection.Mechanism.Bypass MEDIUM" "wp-limit-failed-login-attempts 5.1 Unauthenticated.SQLi HIGH" "wp-limit-failed-login-attempts 2.9 Arbitrary.Plugin.Installation/Activation.via.Low.Privilege.User CRITICAL" "wp-limit-failed-login-attempts 3.1 Arbitrary.Plugin.Installation/Activation.via.CSRF CRITICAL" "wp-e-commerce No.known.fix Unauthenticated.SQL.Injection CRITICAL" "wp-e-commerce No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Creation MEDIUM" "wp-docs 2.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-docs 2.1.4 Reflected.Cross-Site.Scripting MEDIUM" "wp-docs 2.0.0 Reflected.XSS HIGH" "wp2leads 3.2.8 Missing.Authorization MEDIUM" "wordable 3.1.2 Plugin's.Authentication.Bypass HIGH" "webflow-pages No.known.fix Missing.Authorization MEDIUM" "woo-cart-abandonment-recovery 1.2.27 Templates/Abandoned.Orders.Deletion.via.CSRF MEDIUM" "web-instant-messenger No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "wp-email 2.69.1 Admin+.Stored.Cross-Site.Scripting LOW" "wp-email 2.69.0 Log.Deletion.via.CSRF MEDIUM" "wp-email 2.69.0 Anti-Spam.Protection.Bypass.via.IP.Spoofing MEDIUM" "wpematico 2.6.12 Admin+.Stored.Cross-Site.Scripting LOW" "wupo-group-attributes 2.3.3 Reflected.Cross-Site.Scripting MEDIUM" "wupo-group-attributes 2.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-file-manager 7.2.8 Missing.Authorization MEDIUM" "wp-file-manager 7.2.6 Authenticated.(Administrator+).Directory.Traversal MEDIUM" "wp-file-manager 7.2.5 Cross-Site.Request.Forgery.to.Local.JS.File.Inclusion HIGH" "wp-file-manager 7.2.2 Directory.Traversal CRITICAL" "wp-file-manager 7.2.2 Sensitive.Information.Exposure.via.Backup.Filenames HIGH" "wp-file-manager 7.1 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-file-manager 6.9 Unauthenticated.Arbitrary.File.Upload.leading.to.RCE CRITICAL" "wp-file-manager 6.5 Backup.File.Directory.Listing MEDIUM" "wp-file-manager 5.2 Multiple.Vulnerabilities HIGH" "wp-file-manager 3.1 CSRF.to.Stored.Cross-Site.Scripting MEDIUM" "wp-file-manager 3.0 Authenticated.Reflected.Cross-Site.Scripting.(XSS) CRITICAL" "woocommerce-product-vendors 2.2.3 Missing.Authorization MEDIUM" "woocommerce-product-vendors 2.2.2 Missing.Authorization MEDIUM" "woocommerce-product-vendors 2.1.77 Vendor.Admin+.SQLi MEDIUM" "woocommerce-product-vendors 2.1.77 Reflected.XSS HIGH" "woocommerce-product-vendors 2.1.79 ShopManager+.SQLi MEDIUM" "woocommerce-product-vendors 2.1.77 Unauthenticated.Reflected.XSS HIGH" "woocommerce-product-vendors 2.1.69 Vendor.Commission.Percentage.Update.via.IDOR MEDIUM" "woocommerce-product-vendors 2.1.66 Unauthenticated.Blind.SQLi HIGH" "woocommerce-product-vendors 2.1.66 Note.Creation.via.IDOR LOW" "wpschoolpress 2.2.5 Teacher+.SQLi MEDIUM" "wpschoolpress 2.2.5 Cross-Site.Request.Forgery MEDIUM" "wpschoolpress 2.1.10 Reflected.Cross-Site.Scripting HIGH" "wpschoolpress 2.1.17 Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "wpschoolpress 2.1.10 Multiple.Authenticated.SQL.Injections HIGH" "woocommerce-catalog-enquiry 5.0.6 Cross-Site.Request.Forgery.via.REST.API MEDIUM" "woocommerce-catalog-enquiry 5.0.3 Unauthenticated.Stored.XSS.via.Arbitrary.Setting.Update HIGH" "woocommerce-catalog-enquiry 5.0.3 Unauthenticated.Inquiry.Saving.&.Sensitive.Information.Disclosure MEDIUM" "woocommerce-catalog-enquiry 3.1.0 Arbitrary.File.Upload HIGH" "wp-lister-amazon 0.9.6.36 jQueryFileTree.-.Unauthenticated.Path.Traversal MEDIUM" "wp-job-openings 3.4.3 Sensitive.Data.Exposure.via.Directory.Listing MEDIUM" "wp-graphql 1.14.6 Editor+.SSRF MEDIUM" "wp-graphql 1.3.6 Denial.of.Service HIGH" "wp-graphql 0.3.5 Improper.Access.Control MEDIUM" "wp-graphql 0.3.0 Multiple.Vulnerabilities CRITICAL" "wd-google-analytics No.known.fix Missing.Authorization.via.gawd_wd_bp_install_notice_status MEDIUM" "wd-google-analytics 1.2.9 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wp-tools-divi-blog-carousel 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-tools-divi-blog-carousel 1.3.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpjobboard 5.7.0 Unauthenticated.SQL.Injection CRITICAL" "wpjobboard 5.7.0 Unauthenticated.Reflected.XSS.&.XFS MEDIUM" "wpjobboard 5.6.0 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wpjobboard 4.5 Multiple.SQL.Injections HIGH" "wpjobboard 5.0 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "wp-get-personal-lite No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-dev-powers-element-selector-jquery-powers No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-store-toolkit 2.3.9 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-store-toolkit 2.3.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-store-toolkit 2.3.2 Reflected.Cross-Site.Scripting HIGH" "woocommerce-store-toolkit 1.5.8 Privilege.Escalation CRITICAL" "woocommerce-store-toolkit 1.5.7 Store.Toolkit.Plugin.<=.1.5.6.-.Privilege.Escalation CRITICAL" "woo-paylate 1.5 Reflected.Cross-Site.Scripting MEDIUM" "woo-paylate 1.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-csv-to-database No.known.fix CSRF LOW" "weaverx-theme-support 6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.div.Shortcode MEDIUM" "weaverx-theme-support 6.3.1 Admin+.PHP.Object.Injection LOW" "weaverx-theme-support 6.2.7 Contributor+.Stored.XSS MEDIUM" "wps-child-theme-generator 1.2 Path.Traversal CRITICAL" "wp-powerplaygallery No.known.fix Arbitrary.File.Upload.&.SQL.Injection HIGH" "wp-gallery-metabox No.known.fix Settings.Update.via.CSRF MEDIUM" "woocommerce-pdf-vouchers 4.9.5 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "woocommerce-pdf-vouchers 4.9.5 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-pdf-vouchers 4.9.5 Missing.Authorization MEDIUM" "woocommerce-pdf-vouchers 4.9.4 PDF.Vouchers.<.4.9.4.-.Authentication.Bypass.to.Voucher.Vendor HIGH" "wp-fb-messenger-button-lite 2.0.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wp-autosearch No.known.fix Unauthenticated.SQLi HIGH" "wp-html-mail 3.4.2 Test.Email.Sending.via.CSRF MEDIUM" "wp-html-mail 3.1.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-html-mail 3.1 Unprotected.REST-API.Endpoint MEDIUM" "wp-html-mail 3.0.8 CSRF.to.XSS MEDIUM" "wp-humanstxt No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "woo-audio-preview 1.4.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "wp-clone-by-wp-academy 2.4.6 Missing.Authorization MEDIUM" "wp-clone-by-wp-academy 2.4.4 Subscriber+.Unauthorised.Action.Calls MEDIUM" "wp-clone-by-wp-academy 2.4.3 Unauthenticated.Backup.Download HIGH" "wp-clone-by-wp-academy 2.3.8 Subscriber+.Plugin.Installation MEDIUM" "wp-clone-by-wp-academy 2.3.8 Plugin.Installation.via.CSRF MEDIUM" "wp-payment-form 4.2.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-payment-form 4.2.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-pexels-free-stock-photos No.known.fix Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "wp-pexels-free-stock-photos No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp2syslog No.known.fix Admin+.Stored.XSS LOW" "wordpress-users No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-basic-elements 5.3.0 Settings.Update.via.CSRF MEDIUM" "woo-recent-purchases No.known.fix Authenticated.(Admin+).Local.File.Inclusion HIGH" "wp-clean-up No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wp-html-sitemap No.known.fix wp-html-sitemap.html.Sitemap.Deletion.CSRF MEDIUM" "woorousell 1.0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wonderplugin-video-embed 1.8 Contributor+.Stored.XSS MEDIUM" "wp-config-file-editor No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-hijri 1.5.2 Reflected.XSS HIGH" "wishlist-and-compare 1.0.5 Unauthorised.AJAX.call HIGH" "wooemailreport No.known.fix Reflected.XSS HIGH" "wp-action-network 1.4.4 Admin+.SQLi MEDIUM" "wp-action-network 1.4.3 Reflected.Cross-Site.Scripting.via.'search' MEDIUM" "woocommerce-ninjaforms-product-addons 1.7.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-dtree-30 No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-dtree-30 No.known.fix Reflected.XSS HIGH" "wp-dtree-30 No.known.fix Admin+.Stored.XSS LOW" "wp-reactions-lite 1.3.9 CSRF LOW" "wp-slimstat 5.1.4 Subscriber+.Stored.XSS HIGH" "wp-slimstat 5.0.10 Contributor+.SQL.Injection MEDIUM" "wp-slimstat 5.0.9 Admin+.Stored.XSS LOW" "wp-slimstat 5.0.10 Contributor+.Stored.XSS MEDIUM" "wp-slimstat 5.0.5 Reflected.XSS HIGH" "wp-slimstat 5.0.5 Admin+.SQLi MEDIUM" "wp-slimstat 4.9.4 Subscriber+.SQL.Injection HIGH" "wp-slimstat 4.9.3.3 Subscriber+.SQL.Injection HIGH" "wp-slimstat 4.9.3 Unauthenticated.Stored.XSS HIGH" "wp-slimstat 4.8.4 CSRF.to.Stored.XSS.and.Setting.Updates MEDIUM" "wp-slimstat 4.8.1 Unauthenticated.Stored.XSS.from.Visitors MEDIUM" "woocommerce-checkout-manager 7.3.1 Missing.Authorization MEDIUM" "woocommerce-checkout-manager 5.5.7 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-checkout-manager 4.3 Arbitrary.File.Upload HIGH" "wrapper-link-elementor 1.0.5 Injected.Backdoor CRITICAL" "white-label-branding-elementor No.known.fix Admin+.Stored.XSS LOW" "wp-dbmanager 2.80.8 Admin+.Remote.Command.Execution MEDIUM" "wp-dbmanager 2.79.2 Arbitrary.File.Delete HIGH" "wp-airbnb-review-slider 3.3 Subscriber+.SQLi HIGH" "wp-airbnb-review-slider 3.3 CSRF MEDIUM" "woocommerce-es 2.1 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-es 2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpmandrill No.known.fix Missing.Authorization.via.getAjaxStats MEDIUM" "wp-google-map-plugin 4.6.2 Authenticated.(Contributor+).SQL.Injection HIGH" "wp-google-map-plugin 4.4.0 Editor+.Stored.XSS LOW" "wp-google-map-plugin 4.4.3 Category/Location/Map.Deletion.via.CSRF MEDIUM" "wp-google-map-plugin 4.2.4 Marker.Category/Map.Deletion.via.CSRF MEDIUM" "wp-google-map-plugin 4.1.5 Authenticated.SQL.Injection MEDIUM" "wp-google-map-plugin 4.1.0 CSRF.to.Unauthenticated.PHP.Object.Injection HIGH" "wp-google-map-plugin 4.0.4 XSS MEDIUM" "wp-google-map-plugin 3.1.2 XSS MEDIUM" "wp-google-map-plugin 2.3.10 Multiple.CSRF MEDIUM" "wp-google-map-plugin 3.0.0 CSRF.to.Authenticated.Cross-Site.Scripting.(XSS) HIGH" "wp-google-map-plugin 2.3.7 XSS MEDIUM" "wp-stateless 3.4.1 Missing.Authorization.to.Limited.Arbitrary.Options.Update HIGH" "woocommerce-photo-reviews 1.3.14 Authentication.Bypass.to.Account.Takeover.and.Privilege.Escalation CRITICAL" "woocommerce-upload-files 59.4 Unauthenticated.Arbitrary.File.Upload CRITICAL" "woocommerce-order-address-print No.known.fix Reflected.XSS HIGH" "wp-affiliate-links No.known.fix Reflected.XSS HIGH" "wp-news-magazine No.known.fix Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "wp-ical-availability No.known.fix Missing.Authorization MEDIUM" "wp-ical-availability No.known.fix Settings.Update.via.CSRF MEDIUM" "woocommerce-help-scout 2.9.1 Unauthenticated.Arbitrary.File.Upload.leading.to.RCE CRITICAL" "wp-team-manager 2.1.13 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-team-manager 2.0.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "woolentor-addons 2.9.9 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.WL:.FAQ.Widget.Elementor.Template MEDIUM" "woolentor-addons 2.9.8 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "woolentor-addons 2.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.WL.Product.Horizontal.Filter.Widget MEDIUM" "woolentor-addons 2.8.9 Authenticated.Option.Update MEDIUM" "woolentor-addons 2.8.9 Contributor+.Stored.XSS.via.woolentorsearch.Shortcode MEDIUM" "woolentor-addons 2.8.8 Contributor+.Stored.XSS MEDIUM" "woolentor-addons 2.8.8 Missing.Authorization MEDIUM" "woolentor-addons 2.8.8 Contributor+.Stored.XSS MEDIUM" "woolentor-addons 2.8.2 Contributor+.Stored.XSS MEDIUM" "woolentor-addons 2.8.2 Contributor+.Template.Reset LOW" "woolentor-addons 2.8.5 Authenticated.(Contributor+).Stored.Cross-site.Scripting.via.QR.Code.Widget MEDIUM" "woolentor-addons 2.8.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.WL.Universal.Product.Layout MEDIUM" "woolentor-addons 2.8.2 Contributor+.Stored.Cross-Site.Scripting.via.Banner.Link MEDIUM" "woolentor-addons 2.6.3 Settings.Update.via.CSRF MEDIUM" "woolentor-addons 2.5.2 Settings.Update.via.CSRF MEDIUM" "woolentor-addons 2.5.4 Contributor+.Stored.XSS MEDIUM" "woolentor-addons 2.5.4 PHP.Object.Injection MEDIUM" "woolentor-addons 1.8.6 WooCommerce.Elementor.Addons.+.Builder.<.1.8.6.-.Contributor+.Stored.XSS MEDIUM" "watupro 5.5.3.7 SQL.Injection CRITICAL" "watupro 4.9.0.8 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wen-responsive-columns 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-mail-smtp 4.1.0 Admin+.SMTP.Password.Exposure LOW" "wpperformancetester No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-cirrus No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "woocommerce-follow-up-emails 4.9.50 Unauthenticated.Reflected.XSS HIGH" "woocommerce-follow-up-emails 4.9.50 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wp-csv No.known.fix Reflected.XSS.via.CSV.Import MEDIUM" "wise-chat 2.8.4 CSV.Injection HIGH" "wise-chat 2.7 Reverse.Tabnabbing MEDIUM" "wp-multisite-content-copier-pro 2.1.2 Reflected.Cross-Site.Scripting MEDIUM" "wp-multisite-content-copier-pro 2.1.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-sheet-editor-bulk-spreadsheet-editor-for-posts-and-pages 2.25.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-sheet-editor-bulk-spreadsheet-editor-for-posts-and-pages 2.24.13 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-all-export-pro 1.8.6 Author+.PHAR.Deserialization.via.CSRF HIGH" "wp-all-export-pro 1.8.6 Admin+.RCE MEDIUM" "wp-all-export-pro 1.8.6 Remote.Code.Execution.via.CSRF CRITICAL" "wp-all-export-pro 1.7.9 Authenticated.Code.Injection CRITICAL" "wp-all-export-pro 1.7.9 Authenticated.SQLi MEDIUM" "wp-recall 16.26.9 Insecure.Direct.Object.Reference.to.Unauthenticated.Arbitrary.Password.Update CRITICAL" "wp-recall 16.26.7 Unauthenticated.Payment.Deletion.via.delete_payment MEDIUM" "wp-recall 16.26.7 Cross-Site.Request.Forgery MEDIUM" "wp-recall 16.26.6 Unauthenticated.SQL.Injection CRITICAL" "wp-recall 16.26.6 Authenticated.(Contributor+).SQL.Injection CRITICAL" "wp-recall 16.26.6 Insecure.Direct.Object.Reference MEDIUM" "wp-recall 16.24.48 Reflected.Cross-Site.Scripting HIGH" "wooreviews-importer No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "wpcargo No.known.fix Unauthenticated.SQL.Injection HIGH" "wpcargo 6.9.5 Reflected.Cross.Site.Scripting MEDIUM" "wpcargo 6.9.5 Admin+.Stored.Cross.Site.Scripting LOW" "wpcargo 6.9.0 Unauthenticated.RCE CRITICAL" "wp-eggdrop No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-eggdrop No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "wp125 1.5.5 Arbitrary.Ad.Deletion.via.CSRF MEDIUM" "wpformify No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpformify 1.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-user-switch No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "wp-user-switch 1.0.3 Subscriber+.Authentication.Bypass HIGH" "wp-crowdfunding 2.1.11 Missing.Authorization.to.Authenticated.(Subscriber+).to.Enable/Disable.Addons MEDIUM" "wp-crowdfunding 2.1.10 Admin+.Stored.XSS LOW" "wp-crowdfunding 2.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-crowdfunding 2.1.9 Reflected.XSS HIGH" "wp-crowdfunding 2.1.8 Admin+.Stored.XSS LOW" "wp-crowdfunding 2.1.7 Reflected.XSS HIGH" "wp-crowdfunding 2.1.6 Cross-Site.Request.Forgery MEDIUM" "wp-crowdfunding 2.1.5 Missing.Authorization.via.settings_reset MEDIUM" "wp-cloudflare-page-cache 4.7.6 Cross-Site.Request.Forgery MEDIUM" "woo-whatsapp-request-quote No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "wp-power-stats No.known.fix CSRF MEDIUM" "wp-htpasswd No.known.fix Admin+.Stored.XSS LOW" "woo-badge-designer-lite 1.1.1 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wpgsi-professional 3.6.0 Reflected.Cross-Site.Scripting HIGH" "wpgsi-professional 3.6.0 CSRF.Bypass MEDIUM" "wc-order-limit-lite 2.0.1 Missing.Authorization MEDIUM" "wp-super-minify 1.6 Settings.Update.via.CSRF MEDIUM" "wc-return-warrranty No.known.fix Reflected.Cross-Site.Scripting HIGH" "wp-content-filter 3.1.0 Admin+.Stored.Cross.Site.Scripting LOW" "wp-file-checker No.known.fix Authenticated.(Admin+).Arbitrary.File.Deletion MEDIUM" "wp-browser-update 4.6 Admin+.Stored.XSS LOW" "wp-browser-update 4.5 Settings.Update.via.CSRF MEDIUM" "widgets-for-siteorigin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "widgets-for-siteorigin No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "widgets-for-siteorigin 1.4.3 Subscriber+.Arbitrary.Option.Update CRITICAL" "woorocks-magic-content No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woorocks-magic-content No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "woffice-core 5.4.9 Missing.Authorization MEDIUM" "woffice-core 5.4.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-accessibility-helper 0.6.2.9 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Settings.Update MEDIUM" "wp-accessibility-helper 0.6.3 Missing.Authorization MEDIUM" "wp-accessibility-helper 0.6.2.6 Missing.Authorization MEDIUM" "wp-accessibility-helper 0.6.2.5 Missing.Authorization.via.AJAX.action MEDIUM" "wp-accessibility-helper 0.6.0.7 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-product-gallery-lite 1.1.3 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wpbenchmark 1.3.7 Cross-Site.Request.Forgery.via.execute_plugin() MEDIUM" "wp-forms-puzzle-captcha No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "wp-forms-puzzle-captcha No.known.fix Captcha.Bypass MEDIUM" "wp-forms-puzzle-captcha No.known.fix CSRF MEDIUM" "wp-extra-file-types 0.5.1 CSRF.to.Stored.Cross-Site.Scripting HIGH" "woo-altcoin-payment-gateway 1.7.3 Unauthenticated.SQLi HIGH" "woo-altcoin-payment-gateway 1.6.1 Reflected.Cross-Site.Scripting HIGH" "wp-chgfontsize No.known.fix Arbitrary.Settings.Update.via.CSRF.to.Stored.XSS MEDIUM" "word-count-analysis No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-webauthn 1.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-webauthn 1.3.4 Contributor+.Stored.XSS.via.wwa_login_form.Shortcode MEDIUM" "whizz 1.1.1 Cross-Site.Request.Forgery.(CSRF) HIGH" "whizz 1.0.8 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-test-email 1.1.8 Reflected.Cross-Site.Scripting MEDIUM" "weekly-class-schedule No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-blog-and-widgets 2.3.1 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wordpress-nextgen-galleryview No.known.fix Reflected.XSS HIGH" "wordpress-nextgen-galleryview No.known.fix Cross-Site.Request.Forgery MEDIUM" "wpextended 3.0.9 Reflected.Cross-Site.Scripting MEDIUM" "wpextended 3.0.9 Reflected.Cross-Site.Scripting.via.selected_option MEDIUM" "wpextended 3.0.9 Reflected.Cross-Site.Scripting.via.page MEDIUM" "wpextended 3.0.9 Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "wpextended 3.0.9 Missing.Authorization.to.Admin.Username.Change MEDIUM" "wpextended 3.0.9 Directory.Traversal.to.Authenticated.(Subscriber+).Arbitrary.File.Download HIGH" "wpextended 3.0.9 Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "wpextended 3.0.9 Insecure.Direct.Object.Reference MEDIUM" "wpextended 3.0.0 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "widgets-on-pages-and-posts No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "widgets-on-pages-and-posts No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-pagebuilder No.known.fix Admin+.Stored.Cross-Site LOW" "wp-pagebuilder 1.2.7 Author+.Stored.XSS MEDIUM" "wp-pagebuilder 1.2.4 Insecure.default.configuration.Allows.Subscribers.Editing.Access.to.Posts MEDIUM" "wp-pagebuilder 1.2.4 Multiple.Stored.Cross-Site.scripting.(XSS) MEDIUM" "wp-travel 9.4.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-travel 7.8.1 Unauthenticated.AJAX.Calls MEDIUM" "wp-travel 4.2.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-travel 4.4.7 Cross-Site.Request.Forgery MEDIUM" "wp-travel 4.4.7 CSRF.Nonce.Bypasses MEDIUM" "wp-bannerize No.known.fix 4.0.2.-.Authenticated.SQL.Injection HIGH" "wootrello No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wootrello 2.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wptelegram-widget 2.1.28 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woo-custom-checkout-fields No.known.fix Reflected.Cross-Site.Scripting HIGH" "wp-font-awesome-share-icons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-special-textboxes No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "wp-special-textboxes 5.9.110 Admin+.Stored.Cross-Site.Scripting LOW" "wp-stats-manager 6.9.5 Sensitive.Information.Exposure.via.Log.File MEDIUM" "wp-stats-manager 6.9 Unauthenticated.SQLi HIGH" "wp-stats-manager 6.5 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-stats-manager 5.8 Unauthenticated.SQLi HIGH" "wp-stats-manager 5.6 .Subscriber+.SQL.Injection HIGH" "wp-stats-manager 5.5 Arbitrary.IP.Address.Exclusion.to.Stored.XSS HIGH" "wp-stats-manager 4.8 Subscriber+.SQL.Injection HIGH" "wp-client-logo-carousel No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-hide-post No.known.fix Arbitrary.Post.Hiding.via.CSRF MEDIUM" "wp-google-places-review-slider 13.6 Admin+.Stored.XSS LOW" "wp-google-places-review-slider 12.6 Reflected.Cross-Site.Scripting MEDIUM" "wp-google-places-review-slider 11.8 Subscriber+.SQLi HIGH" "wp-google-places-review-slider 11.6 Admin+.Stored.XSS LOW" "wp-elegant-testimonial No.known.fix Multiple.Authenticated.Stored.Cross-Site.Scripting LOW" "wp-chinese-conversion No.known.fix Reflected.XSS HIGH" "wp-tripadvisor-review-slider 12.7 Authenticated.(Administrator+).SQL.Injection CRITICAL" "wp-tripadvisor-review-slider 11.9 Admin+.Stored.XSS LOW" "wp-tripadvisor-review-slider 11.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-tripadvisor-review-slider 10.8 Subscriber+.SQLi HIGH" "wp-foodbakery 2.2 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-vk 1.3.4 Cross-Site.Request.Forgery.via.AJAX.actions MEDIUM" "wc-payment-gateway-per-category No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-mylinks 1.0.7 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "woodiscuz-woocommerce-comments No.known.fix Cross-Site.Request.Forgery MEDIUM" "woodiscuz-woocommerce-comments No.known.fix Admin+.Stored.XSS LOW" "wp-twilio-core 1.5.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-twilio-core 1.3.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-product-category-discount 4.13 Missing.Authorization.via.wpcd_save_discount() MEDIUM" "wp-memory 2.46 Subscriber+.Arbitrary.Plugin.Installation HIGH" "wp-auto-affiliate-links 6.4.4 Authenticated.(Editor+).SQL.Injection CRITICAL" "wp-auto-affiliate-links 6.4.3.1 Missing.Authorization.via.aalAddLink MEDIUM" "wp-auto-affiliate-links 6.4.2.8 Cross-Site.Request.Forgery MEDIUM" "wp-auto-affiliate-links 6.4.2.6 Cross-Site.Request.Forgery MEDIUM" "wp-auto-affiliate-links 6.4.2.5 Settings.Update.to.Stored.XSS.via.CSRF HIGH" "wp-auto-affiliate-links 6.3.0.3 Settings.Update.via.CSRF MEDIUM" "woo-customers-order-history No.known.fix Missing.Authorization MEDIUM" "woo-customers-order-history 5.2.2 Reflected.Cross-Site.Scripting MEDIUM" "woo-customers-order-history 5.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-popups-lite 2.2.0.2 Unauthenticated.Full.Path.Disclosure MEDIUM" "wp-popups-lite 2.1.5.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-popups-lite 2.1.5.1 Contributor+.Stored.XSS MEDIUM" "wp-popups-lite 2.1.4.9 Contributor+.Stored.XSS MEDIUM" "wp-popups-lite 2.1.4.8 Contributor+.Stored.XSS MEDIUM" "wpvr 8.3.15 Unauthenticated.Plugin.Downgrade.leading.to.XSS HIGH" "wpvr 8.3.5 Reflected.XSS HIGH" "wpvr 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "wpvr 8.3.0 Subscriber+.Arbitrary.Tour.Update MEDIUM" "wpvr 8.2.9 Reflected.XSS HIGH" "wpvr 8.2.8 Subscriber+.Settings.Update MEDIUM" "wpvr 8.2.7 Contributor+.Stored.XSS MEDIUM" "wp-forecast 9.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-forecast 7.6 Admin+.Stored.Cross-Site.Scripting LOW" "woocommerce-products-filter 1.3.6.2 Insecure.Direct.Object.Reference.to.Unsubscribe MEDIUM" "woocommerce-products-filter 1.3.6.2 Authenticated.(Shop.Manager+).Arbitrary.Options.Update HIGH" "woocommerce-products-filter 1.3.6.1 Products.Filter.Professional.for.WooCommerce.<.1.3.6.1.-.Unauthenticated.Time-Based.SQL.Injection CRITICAL" "woocommerce-products-filter 1.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "woocommerce-products-filter 1.3.5.3 Subscriber+..Remote.Code.Execution CRITICAL" "woocommerce-products-filter 1.3.5.3 Admin+.Local.File.Inclusion MEDIUM" "woocommerce-products-filter 1.3.5.2 Cross-Site.Request.Forgery MEDIUM" "woocommerce-products-filter 1.3.5.2 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "woocommerce-products-filter 1.3.5.3 Contributor+.SQL.Injection HIGH" "woocommerce-products-filter 1.3.4.4 Multiple.Connections/Stats.CSRF MEDIUM" "woocommerce-products-filter 1.3.4.3 Unauthenticated.SQL.Injection.via.search.terms CRITICAL" "woocommerce-products-filter 1.3.4.3 Missing.Authorization.via.woof_meta_get_keys() MEDIUM" "woocommerce-products-filter 1.3.2 Products.Filter.for.WooCommerce.<.1.3.2.-.Admin+.PHP.Object.Injection LOW" "woocommerce-products-filter 1.2.6.3 Products.Filter.for.WooCommerce.<.1.2.6.3.-.Reflected.Cross-Site.Scripting HIGH" "woocommerce-products-filter 1.2.0 Multiple.Issues CRITICAL" "wp-social-bookmarking-light No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wp-social-bookmarking-light 1.7.10 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-counter-up 2.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpsection 1.3.9 Authenticated.(Contributor+).Local.File.Inlcusion HIGH" "wp-amazon-shop No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wpqa 6.1.1 Contributor+.Stored.XSS MEDIUM" "wpqa 6.1.1 Arbitrary.Category.and.Tag.Follow/Unfollow.via.CSRF MEDIUM" "wpqa 5.9.3 Missing.validation.lead.to.functionality.abuse LOW" "wpqa 5.9 Follow/Unfollow.via.CSRF MEDIUM" "wpqa 5.7 Subscriber+.Private.Message.Disclosure.via.IDOR MEDIUM" "wpqa 5.5 Unauthenticated.Private.Message.Disclosure MEDIUM" "wpqa 5.4 Reflected.Cross-Site.Scripting MEDIUM" "wpqa 5.2 Subscriber+.Private.Message.Disclosure.via.IDOR MEDIUM" "wpqa 5.2 Subscriber+.Stored.Cross-Site.Scripting.via.Profile.fields MEDIUM" "wpqa 5.2 Subscriber+.Arbitrary.Profile.Picture.Deletion.via.IDOR MEDIUM" "woocommerce-bookings 2.0.4 Cross-Site.Request.Forgery MEDIUM" "wp-logo-showcase 1.3.37 Editor.Plugin's.Settings.Update LOW" "wp-recaptcha-integration No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "widget-for-eventbrite-api 5.3.1 Reflected.Cross-Site.Scripting MEDIUM" "widget-for-eventbrite-api 4.4.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-live-chat-support 8.2.0 Authenticated.Stored.Cross-Site.Scripting LOW" "wp-live-chat-support 8.0.33 Missing.Permission.Checks.on.some.REST.API.Calls CRITICAL" "wp-live-chat-support 8.0.27 Unauthenticated.Stored.XSS MEDIUM" "wp-live-chat-support 8.0.18 Cross-Site.Scripting.(XSS) MEDIUM" "wp-live-chat-support 8.0.08 Cross-Site.Scripting.(XSS) MEDIUM" "wp-live-chat-support 8.0.06 Unauthenticated.Stored.XSS MEDIUM" "wp-live-chat-support 7.1.05 Cross-Site.Scripting.(XSS) MEDIUM" "wp-live-chat-support 1.7.03 XSS MEDIUM" "wp-live-chat-support 7.0.07 Cross-Site.Scripting.(XSS) MEDIUM" "wp-live-chat-support 6.2.04 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-live-chat-support 6.2.02 Stored.Cross-Site.Scripting MEDIUM" "woo-admin-product-notes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-admin-product-notes No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-admin-product-notes No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "woothemes-sensei 4.24.0.1.24.0 Authenticated.(Student+).Stored.Cross-Site.Scripting MEDIUM" "woothemes-sensei 4.24.0.1.24.0 Unauthenticated.Rewrite.Rules.Flushing MEDIUM" "wppageflip No.known.fix index.php.pageflipbook_language.Parameter.Traversal.Local.File.Inclusion CRITICAL" "woo-quick-reports No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-quick-reports No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-page-widget 4.0 Settings.Update.via.CSRF MEDIUM" "wp-buddha-free-adwords No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-buddha-free-adwords No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-gpx-maps No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sgpx.Shortcode MEDIUM" "wp-gpx-maps 1.7.06 Missing.Authorization MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.4 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.4 Authenticated.(Contributor+).SQL.Injection CRITICAL" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.3 Unauthenticated.Arbitrary.Shortcode.Execution CRITICAL" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.1 Missing.Authorization MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.2 Cross-Site.Request.Forgery MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.1 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.1 Reflected.XSS HIGH" "wp-meta-data-filter-and-taxonomy-filter 1.2.8 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4.2 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "woo-bulk-editor 1.1.4.4 Missing.Authorization MEDIUM" "woo-bulk-editor 1.1.4.3 Reflected.Cross-Site.Scripting MEDIUM" "woo-bulk-editor 1.1.4.1 Authenticated.(Shop.manager+).Stored.Cross-Site.Scripting.via.Plugin.Options MEDIUM" "woo-bulk-editor 1.1.4.1 Missing.Authorization.via.Several.Functions MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.3.2 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "xt-woo-quick-view-lite 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "xt-woo-quick-view-lite 1.9.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "xserver-migrator 1.6.2.1 Arbitrary.File.Upload.via.CSRF HIGH" "xatkit-chatbot-connector 2.1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "xllentech-english-islamic-calendar 2.6.8 Authenticated.SQL.Injection MEDIUM" "x-forms-express No.known.fix Stored.Cross-Site.Scripting.(XSS) MEDIUM" "xt-woo-ajax-add-to-cart 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "xt-woo-ajax-add-to-cart 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "xt-woo-ajax-add-to-cart 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "xl-tab 1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "xt-woo-variation-swatches 1.8.8 Reflected.Cross-Site.Scripting MEDIUM" "xt-woo-variation-swatches 1.8.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "xml-sitemap-feed 5.4.9 Unauthenticated.Local.File.Inclusion HIGH" "xqueue-maileon 2.16.1 Admin+.Stored.XSS LOW" "xml-sitemaps-for-videos No.known.fix CSRF MEDIUM" "xforwoocommerce No.known.fix Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "xforwoocommerce 1.7.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "xo-liteslider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "xo-liteslider 3.3.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "xo-event-calendar 2.3.7 Reflected.Cross-Site.Scripting HIGH" "xorbin-digital-flash-clock No.known.fix Flash-based.XSS MEDIUM" "xpinner-lite No.known.fix Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "xt-woo-points-rewards 1.6.6 Reflected.Cross-Site.Scripting MEDIUM" "xt-woo-points-rewards 1.4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "xserver-typesquare-webfonts 2.0.8 Missing.Authorization.via.typesquare_admin_init() MEDIUM" "xcloner-backup-and-restore 4.7.4 Unauthenticated.Full.Path.Disclosure MEDIUM" "xcloner-backup-and-restore 4.3.6 Plugin.Settings.Reset MEDIUM" "xcloner-backup-and-restore 4.2.13 4.2.12.-.Unprotected.AJAX.Action CRITICAL" "xcloner-backup-and-restore 4.2.153 Cross-Site.Request.Forgery CRITICAL" "xcloner-backup-and-restore 3.1.5 Backup.and.Restore.<.3.1.5.-.Authenticated.Path.Traversal MEDIUM" "xcloner-backup-and-restore 3.1.3 Backup.and.Restore.3.1.2.-.XSS.&.Command.Execution MEDIUM" "xcloner-backup-and-restore 3.1.2 Backup.and.Restore.<.3.1.2.-.Multiple.Vulnerabilities.(RCE.&.LFI) HIGH" "xcloner-backup-and-restore 3.1.1 Backup.and.Restore.<.3.1.1.-.Multiple.Actions.CSRF HIGH" "xili-tidy-tags 1.12.04 Cross-Site.Request.Forgery MEDIUM" "xo-security 1.5.3 XSS MEDIUM" "xpro-elementor-addons 1.4.4.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.Grid.Widget MEDIUM" "xpro-elementor-addons 1.4.4.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "xpro-elementor-addons 1.4.3.2 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "xpro-elementor-addons 1.4.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "xpro-elementor-addons 1.4.3.1 Authenticated.(Admin+).Cross.Site.Scripting MEDIUM" "xpro-elementor-addons 1.4.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "xml-for-google-merchant-center 3.0.2 Reflected.XSS HIGH" "xtremelocator No.known.fix Xtreme.Locator.Dealer.Locator.Plugin.1,5.–.Authenticated.SQL.Injection HIGH" "xorbin-analog-flash-clock No.known.fix Flash-based.XSS MEDIUM" "yotuwp-easy-youtube-embed 1.3.14 Unauthenticated.Local.File.Inclusion CRITICAL" "yotuwp-easy-youtube-embed 1.3.14 Authenticated.(Contributor+).Arbitrary.File.Inclusion.via.Shortcode MEDIUM" "yotuwp-easy-youtube-embed 1.3.13 Admin+.Stored.XSS LOW" "yesno 1.0.12 Authenticated.(contributor+).Blind.SQL.Injection HIGH" "yookassa 2.3.1 Subscriber+.Arbitrary.Settings.Update MEDIUM" "yookassa 2.3.1 Arbitrary.Settings.Update.via.CSRF MEDIUM" "yith-woocommerce-added-to-cart-popup 1.3.13 Subscriber+.Settings.Update MEDIUM" "youtube-embed-plus 11.8.2 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "yith-woocommerce-points-and-rewards 1.3.6 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-gift-cards 4.13.0 Missing.Authorization.to.Unauthenticated.WooCommerce.Settings.Update MEDIUM" "yith-woocommerce-gift-cards 1.3.8 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-recover-abandoned-cart 1.3.4 Subscriber+.Settings.Update MEDIUM" "yuzo-related-post 5.12.94 Unauthenticated.Call.Any.Action.or.Update.Any.Option MEDIUM" "yourchannel 1.2.6 Admin+.Stored.XSS LOW" "yourchannel 1.2.4 Unauthenticated.Settings.Reset MEDIUM" "yourchannel 1.2.5 Multiple.CSRF MEDIUM" "yourchannel 1.2.2 Subscriber+.Stored.XSS HIGH" "yourchannel 1.2.3 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "yith-woocommerce-request-a-quote 1.6.4 Unauthorised.AJAX.call.via.CSRF MEDIUM" "yith-woocommerce-request-a-quote 1.4.9 Subscriber+.Settings.Update MEDIUM" "yotpo-reviews-for-woocommerce No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "youtube-channel 3.23.0 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "youtube-channel 3.23.0 Admin+.Stored.XSS LOW" "yith-woocommerce-multi-step-checkout 1.7.5 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-frequently-bought-together 1.2.11 Subscriber+.Settings.Update MEDIUM" "yml-for-yandex-market 4.7.3 Reflected.Cross-Site.Scripting MEDIUM" "yml-for-yandex-market 4.2.4 Reflected.Cross-Site.Scripting MEDIUM" "yml-for-yandex-market 3.10.8 Reflected.XSS HIGH" "yatra 2.1.15 Admin+.Stored.XSS LOW" "yikes-inc-easy-mailchimp-extender No.known.fix Missing.Authorization MEDIUM" "yikes-inc-easy-mailchimp-extender No.known.fix Sensitive.Information.Exposure.via.logfile HIGH" "yikes-inc-easy-mailchimp-extender 6.9.0 Admin+.Stored.Cross-Site.Scripting LOW" "yikes-inc-easy-mailchimp-extender 6.8.9 Reflected.XSS MEDIUM" "yikes-inc-easy-mailchimp-extender 6.8.8 Reflected.XSS HIGH" "yikes-inc-easy-mailchimp-extender 6.8.7 Contributor+.Stored.XSS MEDIUM" "yikes-inc-easy-mailchimp-extender 6.8.9 Admin+.Stored.XSS LOW" "yikes-inc-easy-mailchimp-extender 6.8.6 Reflected.Cross-Site.Scripting MEDIUM" "yikes-inc-easy-mailchimp-extender 6.6.3 Authenticated.Cross-Site.Scripting.(XSS) CRITICAL" "yith-woocommerce-subscription 1.3.6 Subscriber+.Settings.Update MEDIUM" "youtube-speedload No.known.fix Cross-Site.Request.Forgery MEDIUM" "yith-woocommerce-product-bundles 1.1.17 Subscriber+.Settings.Update MEDIUM" "youtube-embed 5.2.2 Contributor+.Stored.XSS MEDIUM" "youtube-embed 3.3.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "yawpp No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "yith-woocommerce-pdf-invoice 1.2.13 Subscriber+.Settings.Update MEDIUM" "youtube-video-player 2.6.4 Admin+.Stored.XSS LOW" "youtube-video-player 2.3.9 Contributor+.Stored.XSS MEDIUM" "yith-woocommerce-brands-add-on 1.3.7 Subscriber+.Settings.Update MEDIUM" "yumpu-epaper-publishing 3.0.0 Missing.Authorization.to.PDF.Upload,.Publishing,.and.API.Key.Modification MEDIUM" "yith-woocommerce-ajax-search 2.8.1 Unauthenticated.SQL.Injection HIGH" "yith-woocommerce-ajax-search 2.7.1 Contributor+.Stored.XSS MEDIUM" "yith-woocommerce-ajax-search 2.4.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "yith-woocommerce-ajax-search 1.7.1 Subscriber+.Settings.Update MEDIUM" "yada-wiki 3.4.1 Contributor+.Stored.XSS MEDIUM" "you-shang No.known.fix Authenticated.Stored.Cross-Site.Scripting LOW" "yith-woocommerce-questions-and-answers 1.2.0 Subscriber+.Settings.Update MEDIUM" "youtube-feeder No.known.fix CSRF.to.Stored.XSS HIGH" "yith-woocommerce-advanced-reviews 1.4.0 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-catalog-mode 2.16.1 Cross-Site.Scripting.via.shortcode.ajax MEDIUM" "youzify No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.youzify_media.Shortcode MEDIUM" "youzify No.known.fix Missing.Authorization.to.Arbitrary.(Subscriber+).Attachment.Deletion MEDIUM" "youzify 1.2.8 Missing.Authorization MEDIUM" "youzify 1.2.6 Authenticated.(Contributor+).SQL.Injection CRITICAL" "youzify 1.2.6 Authenticated.(Contributor+).SQL.Injection CRITICAL" "youzify 1.2.3 Insecure.Direct.Object.Reference MEDIUM" "youzify 1.2.2 Contributor+.Stored.XSS MEDIUM" "youzify 1.2.0 Unauthenticated.SQLi HIGH" "youzify 1.0.7 Stored.Cross-Site.Scripting.via.Biography HIGH" "yikes-inc-easy-custom-woocommerce-product-tabs 1.8.0 Admin+.Stored.XSS LOW" "yikes-inc-easy-custom-woocommerce-product-tabs 1.7.8 Unauthenticated.Toggle.Content.Setting.Update MEDIUM" "yaysmtp 2.4.6 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "yaysmtp 2.2.1 Subscriber+.Stored.Cross-Site.Scripting HIGH" "yaysmtp 2.2.2 Admin+.Stored.Cross-Site.Scripting LOW" "yaysmtp 2.2.1 Subscriber+.SMTP.Credentials.Leak MEDIUM" "yaysmtp 2.2.1 Subscriber+.Logs.Disclosure MEDIUM" "yith-product-size-charts-for-woocommerce 1.1.13 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-product-add-ons 4.13.1 Reflected.Cross-Site.Scripting MEDIUM" "yith-woocommerce-product-add-ons 4.9.3 Unauthenticated.Content.Injection MEDIUM" "yith-woocommerce-product-add-ons 4.6.0 Unuathenticated.Cross-Site.Scripting MEDIUM" "yith-woocommerce-product-add-ons 4.3.1 Authenticated(Shop.Manager+).PHP.Object.Injection MEDIUM" "yith-woocommerce-product-add-ons 4.2.1 Missing.Authorization MEDIUM" "yith-woocommerce-product-add-ons 2.1.0 Authenticated.Local.File.Inclusion MEDIUM" "yith-woocommerce-product-add-ons 2.1.0 Reflected.Cross-Site.Scripting HIGH" "yith-woocommerce-product-add-ons 1.5.23 Subscriber+.Settings.Update MEDIUM" "youforms-free-for-copecart No.known.fix Authenticated.Stored.Cross-Site.Scripting LOW" "yith-desktop-notifications-for-woocommerce 1.2.8 Subscriber+.Settings.Update MEDIUM" "yt-player 1.5.3 Reflected.Cross-Site.Scripting MEDIUM" "yt-player 1.5.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "yt-player 1.4 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "yandex-money-button No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "yandex-money-button No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "yandex-money-button 2.4.0 Reflected.Cross-Site.Scripting.(XSS) HIGH" "yummy-recipes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "yith-woocommerce-badges-management 1.3.21 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-social-login 1.3.6 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-stripe 2.0.2 Subscriber+.Settings.Update MEDIUM" "yellow-pencil-visual-theme-customizer 7.6.5 Reflected.Cross-Site.Scripting MEDIUM" "yellow-pencil-visual-theme-customizer 7.6.4 Reflected.Cross-Site.Scripting MEDIUM" "yellow-pencil-visual-theme-customizer 7.5.9 Admin+.Stored.XSS LOW" "yellow-pencil-visual-theme-customizer 7.5.4 Reflected.Cross-Site.Scripting HIGH" "yellow-pencil-visual-theme-customizer 7.2.1 Unauthenticated.Arbitrary.Options.Updates HIGH" "yith-custom-thank-you-page-for-woocommerce 1.1.8 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-bulk-product-editing 1.2.15 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-account-funds-premium 1.34.0 Missing.Authorization MEDIUM" "yith-woocommerce-ajax-navigation 5.2.0 Reflected.Cross-Site.Scripting MEDIUM" "yith-woocommerce-ajax-navigation 3.11.1 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "youtube-playlist-player 4.6.8 Contributor+.Stored.XSS MEDIUM" "youtube-playlist-player 4.6.5 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "yabp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "yet-another-stars-rating 3.4.4 Missing.Authorization.via.init MEDIUM" "yet-another-stars-rating 3.4.2 Reflected.Cross-Site.Scripting MEDIUM" "yet-another-stars-rating 3.1.3 Subscriber+.Stored.XSS HIGH" "yet-another-stars-rating 3.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "yet-another-stars-rating 3.0.0 Reflected.Cross-Site.Scripting MEDIUM" "yet-another-stars-rating 1.8.7 PHP.Object.Injection HIGH" "yith-woocommerce-authorizenet-payment-gateway 1.1.13 Subscriber+.Settings.Update MEDIUM" "youzify-moderation No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "yith-woocommerce-compare 2.38.0 Cross-Site.Request.Forgery MEDIUM" "yith-woocommerce-compare 2.20.1 Cross-Site.Scripting.via.shortcode.ajax MEDIUM" "yith-woocommerce-compare 2.3.15 Subscriber+.Settings.Update MEDIUM" "youtube-widget-responsive 1.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "yith-paypal-express-checkout-for-woocommerce 1.2.6 Subscriber+.Settings.Update MEDIUM" "yamaps No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "yamaps 0.6.26 Contributor+.Stored.XSS MEDIUM" "yith-woocommerce-waiting-list 1.3.11 Subscriber+.Settings.Update MEDIUM" "youtube-video-inserter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "yayextra 1.3.8 Unauthenticated.Arbitrary.File.Upload.via.handle_upload_file.Function CRITICAL" "yoo-slider 2.2.0 Reflected.Cross-Site.Scripting HIGH" "yoo-slider 2.1.0 Arbitrary.Slider.Creation/Edition.via.CSRF MEDIUM" "yoo-slider 2.1.0 Arbitrary.Template.Import.via.CSRF MEDIUM" "yoo-slider 2.1.0 Arbitrary.Slider.Duplication/Deletion.via.CSRF MEDIUM" "yoo-slider 2.1.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "yith-woocommerce-product-vendors 3.8.1 Reflected.Cross-Site.Scripting HIGH" "yith-woocommerce-product-vendors 3.4.1 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-zoom-magnifier 1.3.12 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-gift-cards-premium 3.20.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "yith-woocommerce-gift-cards-premium 3.3.1 RCE.via.Arbitrary.File.Upload CRITICAL" "yith-woocommerce-order-tracking 2.8.0 Cross-Site.Scripting.via.shortcode.ajax MEDIUM" "yith-woocommerce-order-tracking 1.2.11 Subscriber+.Settings.Update MEDIUM" "yatri-tools No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "yatri-tools 1.1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "yds-support-ticket-system No.known.fix Cross-Site.Request.Forgery MEDIUM" "yet-another-related-posts-plugin No.known.fix Missing.Authorization MEDIUM" "yet-another-related-posts-plugin 5.30.10 Authenticated(Administrator+).Cross-Site.Scripting MEDIUM" "yet-another-related-posts-plugin 5.30.10 Admin+.Stored.XSS LOW" "yet-another-related-posts-plugin 5.30.4 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "yet-another-related-posts-plugin 5.30.3 Yet.Another.Related.Posts.Plugin.<.5.30.3.-.Subscriber+.SQLi HIGH" "yet-another-related-posts-plugin 5.30.5 Yet.Another.Related.Posts.Plugin.<.5.30.5.-.Subscriber+.LFI HIGH" "yet-another-related-posts-plugin 5.30.3 Yet.Another.Related.Posts.Plugin.<.5.30.3.-.Contributor+.Stored.XSS MEDIUM" "yith-woocommerce-wishlist 3.33.0 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "yith-woocommerce-wishlist 3.15.0 Cross-Site.Scripting.via.shortcode.ajax MEDIUM" "yith-woocommerce-wishlist 2.2.14 Subscriber+.Settings.Update MEDIUM" "yop-poll 6.5.27 Unauthenticated.Vote.Manipulation.via.Race.Condition MEDIUM" "yop-poll 6.5.29 Reusable.Captcha.via.validateImage MEDIUM" "yop-poll 6.4.3 IP.Spoofing MEDIUM" "yop-poll 6.3.5 Author+.Stored.Cross-Site.Scripting MEDIUM" "yop-poll 6.3.1 Author+.Stored.Cross-Site.Scripting.via.Preview.Module MEDIUM" "yop-poll 6.3.1 Author+.Stored.Cross-Site.Scripting.via.Options.Module MEDIUM" "yop-poll 6.2.8 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "yop-poll 6.1.5 Authenticated.Stored.XSS LOW" "yop-poll 6.1.2 Reflected.Cross-Site.Scripting HIGH" "yop-poll 6.0.3 Cross-Site.Scripting.(XSS) MEDIUM" "yop-poll 5.8.1 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "youram-youtube-embed No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "yith-pre-order-for-woocommerce 1.2.1 Subscriber+.Settings.Update MEDIUM" "ymc-smart-filter 2.9.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "ymc-smart-filter 2.8.34 Cross-Site.Request.Forgery MEDIUM" "ymc-smart-filter 2.8.33 Unauthenticated.LFI CRITICAL" "yith-essential-kit-for-woocommerce-1 2.35.0 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Plugin.Install,.Activation,.and.Deactivation MEDIUM" "yith-essential-kit-for-woocommerce-1 2.14.0 Cross-Site.Scripting.via.shortcode.ajax MEDIUM" "yellow-yard 2.8.12 Contributor+.Stored.XSS MEDIUM" "yellow-yard 2.8.12 Reflected.Cross-Site.Scripting HIGH" "youtube-showcase 3.4.0 Missing.Authorization.to.Arbitrary.Post/Page.Creation MEDIUM" "youtube-showcase 3.3.6 Settings.Update.via.CSRF MEDIUM" "yith-maintenance-mode 1.4.0 Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "yith-maintenance-mode 1.3.8 Admin+.Stored.Cross-Site.Scripting LOW" "yith-maintenance-mode 1.2.0 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "yith-woocommerce-cart-messages 1.4.5 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-best-sellers 1.1.13 Subscriber+.Settings.Update MEDIUM" "yith-infinite-scrolling 1.8.0 Cross-Site.Scripting.via.shortcode.ajax MEDIUM" "yandexnews-feed-by-teplitsa No.known.fix Admin+.Stored.XSS LOW" "yith-custom-login 1.7.4 Reflected.Cross-Site.Scripting MEDIUM" "yith-custom-login 1.7.1 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "yith-woocommerce-quick-view 1.21.1 Cross-Site.Scripting.via.shortcode.ajax MEDIUM" "yith-woocommerce-quick-view 1.3.15 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-affiliates 1.6.3 Subscriber+.Settings.Update MEDIUM" "youtube-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "yith-advanced-refund-system-for-woocommerce 1.0.12 Subscriber+.Settings.Update MEDIUM" "youtube-channel-gallery No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "yith-color-and-label-variations-for-woocommerce 1.8.13 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-mailchimp 2.1.4 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-tab-manager 1.35.1 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "zip-recipes No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "zip-recipes 8.1.1 Authenticated(Contributor+).SQL.Injection HIGH" "zip-recipes 8.0.8 Cross-Site.Request.Forgery MEDIUM" "zip-recipes 8.0.8 Multiple.CSRF MEDIUM" "zip-recipes 8.0.7 Reflected.XSS HIGH" "zoho-marketinghub 1.2.8 Authenticated.(Contributor+).SQL.Injection CRITICAL" "zynith-seo No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Option.Deletion CRITICAL" "zynith-seo No.known.fix Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "zynith-seo No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "zd-youtube-flv-player No.known.fix Server-Side.Request.Forgery HIGH" "ziteboard-online-whiteboard 3.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.ziteboard.Shortcode MEDIUM" "zip-codes-redirect 5.1.2 Reflected.Cross-Site.Scripting MEDIUM" "zip-codes-redirect 4.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "zippy 1.6.10 Authenticated.(Editor+).Arbitrary.File.Upload HIGH" "zx-csv-upload No.known.fix ZX_CSV.Upload.1.–.Authenticated.SQL.Injection HIGH" "zero-spam 5.5.7 Spam.Protection.Bypass MEDIUM" "zero-spam 5.4.5 Admin+.SQL.Injection MEDIUM" "zero-spam 5.2.11 Admin+.SQL.Injection MEDIUM" "zeno-font-resizer 1.8.0 Admin+.Stored.XSS LOW" "zen-mobile-app-native No.known.fix Remote.File.Upload HIGH" "z-downloads 1.11.6 Unauthenticated.Stored.XSS HIGH" "z-downloads 1.11.5 Admin+.Arbitrary.File.Upload MEDIUM" "z-downloads 1.11.7 Admin+.Stored.XSS.via.SVG.Upload LOW" "z-downloads 1.11.4 Authenticated.(Admin+).Arbitrary.File.Upload CRITICAL" "zoho-flow 2.8.1 Authenticated.(Administrator+).SQL.Injection MEDIUM" "zoho-forms 4.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "zoho-forms 3.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "zoho-forms 3.0.1 Contributor+.Stored.XSS MEDIUM" "zephyr-project-manager 3.3.103 Reflected.Cross-Site.Scripting MEDIUM" "zephyr-project-manager 3.3.103 Missing.Authorization.to.Authenticated.(Subscriber+).Status.Updates MEDIUM" "zephyr-project-manager 3.3.101 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "zephyr-project-manager 3.3.102 Authenticated.(Subscriber+).Limited.Privilege.Escalation HIGH" "zephyr-project-manager 3.3.101 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.filename.Parameter MEDIUM" "zephyr-project-manager 3.3.100 Unauthenticated.Information.Exposure MEDIUM" "zephyr-project-manager 3.3.99 Editor+.XSS LOW" "zephyr-project-manager 3.3.99 Authenticated.(Subscriber+).Privilege.Escalation.via.User.Meta.Update HIGH" "zephyr-project-manager 3.3.94 Plugin.Data.Deletion.via.CSRF MEDIUM" "zephyr-project-manager 3.2.55 Unauthorised.AJAX.Calls.To.Stored.XSS HIGH" "zephyr-project-manager 3.2.5 Multiple.Unauthenticated.SQLi CRITICAL" "zephyr-project-manager 3.2.5 Unauthorised.REST.Calls.to.Stored.XSS HIGH" "zephyr-project-manager 3.2.5 Reflected.Cross-Site.Scripting MEDIUM" "zephyr-project-manager 3.2.41 Reflected.Cross-Site.Scripting MEDIUM" "zita-site-library 1.6.2 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "zita-site-library 1.6.3 Missing.Authorization.to.Page.Creation.and.Options.Modification MEDIUM" "zerobounce 1.0.12 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "zm-gallery No.known.fix ZM.Gallery.1,0.–.Authenticated.Blind.SQL.Injection HIGH" "zendesk-help-center 1.0.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "zip-attachments 1.5 Arbitrary.File.Download HIGH" "zionbuilder 3.6.10 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "z-url-preview 2.0.0 Cross-Site.Scripting.(XSS) MEDIUM" "zero-bs-crm 5.5.1 Client+.XSS MEDIUM" "zero-bs-crm 5.5.1 CRM.Admin+.XSS LOW" "zero-bs-crm 5.4.0 PHAR.Deserialisation.via.CSRF HIGH" "zero-bs-crm 5.5.0 Admin+.Stored.XSS LOW" "zero-bs-crm 5.5 Contributor+.Stored.XSS MEDIUM" "zero-bs-crm 5.4.3 Admin+.Cross-Site.Scripting LOW" "zoho-campaigns 2.1.0 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "zoho-campaigns 2.0.8 Cross-Site.Request.Forgery.via.zcwc_optin_save MEDIUM" "zoho-campaigns 2.0.8 Cross-Site.Request.Forgery.via.zcwc_integration_disconnect MEDIUM" "zoho-campaigns 2.0.7 Authenticated.(Contributor+).SQL.Injection CRITICAL" "zoho-crm-forms 1.7.8.9 Reflected.Cross-Site.Scripting MEDIUM" "zoho-crm-forms 1.7.6.2 Subscriber+.Arbitrary.Options.Update HIGH" "zoho-crm-forms 1.7.2.9 Admin+.Stored.Cross-Site.Scripting LOW" "zoho-crm-forms 1.6.9.2 Authenticated.Cross.Site.Scripting.(XSS) MEDIUM" "zlick-paywall 2.2.2 CSRF.Bypasses LOW" "zm-ajax-login-register No.known.fix Unauthenticated.Authentication.Bypass CRITICAL" "zoho-salesiq 1.0.9 XSS.&.CSRF HIGH" "zotpress 7.3.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "zotpress 7.3.10 Authenticated.(Contributor+).Cross-Site.Scripting MEDIUM" "zotpress 7.3.8 Authenticated.(Contributor+).SQL.Injection CRITICAL" "zotpress 7.3.5 Reflected.XSS HIGH" "zotpress 7.3.4 Unauthenticated.Reflected.XSS HIGH" "zotpress 6.1.3 SQL.Injection CRITICAL") pp "Plugin: Version" rplugins=(`grep -oP ".*/wp-content/plugins/\K[a-zA-Z0-9-_.]+" $file | sort -u`) d=true; [[ ! ${rplugins[@]} ]] && d=false || d=true @@ -90,8 +90,8 @@ plugins(){ themes(){ flagz=() - releases_themes=("kata 1.4.7" "the-monday 1.4.1") - vulns_themes=("5star No.known.fix CSRF.File.Upload HIGH" "15zine 3.3.0 Reflected.Cross-Site.Scripting MEDIUM" "awake No.known.fix Local.File.Disclosure HIGH" "awake No.known.fix WordPress.Slider.Revolution.Shell.Upload CRITICAL" "axioma 1.1.2 Information.Disclosure HIGH" "ask-me 6.8.7 Post.Deletion.via.CSRF MEDIUM" "ask-me 6.8.4 CSRF.in.Edit.Profile MEDIUM" "ask-me 6.8.2 Multiple.CSRF.in.AJAX.Actions HIGH" "ask-me 6.8.2 Reflected.Cross-Site.Scripting MEDIUM" "aries No.known.fix Local.File.Disclosure HIGH" "aries No.known.fix WordPress.Slider.Revolution.Shell.Upload CRITICAL" "aidreform No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "auto-car No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "awpbusinesspress 0.2.4 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "attorney No.known.fix Reflected.XSS HIGH" "attorney No.known.fix Unauthenticated.Arbitrary.Page/Post.Deletion MEDIUM" "anand No.known.fix Reflected.XSS HIGH" "atlast-business No.known.fix Reflected.XSS HIGH" "antreas 1.0.7 Unauthenticated.Function.Injection CRITICAL" "attire 2.0.7 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "accesspress-basic 3.2.2 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "accesspress-store 2.5.0 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "anima No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "arya-multipurpose-pro No.known.fix Reflected.XSS HIGH" "arendelle 1.1.13 Reflected.XSS HIGH" "arendelle 1.1.11 Reflected.Cross-Site.Scripting MEDIUM" "arendelle 1.1.13 Reflected.Cross-Site.Scripting MEDIUM" "arendelle 1.1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "almera 1.1.8 Information.Disclosure HIGH" "accesspress-mag 2.6.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "accountra 1.0.4 Multiple.Versions.-.Missing.Authorization.to.Notice.Dismissal MEDIUM" "astore No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "adventure-journal No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "accessbuddy No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "accesspress-ray No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "aquarella-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "aquarella-lite No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "aapna No.known.fix Reflected.XSS HIGH" "akal No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "avada 7.11.7 Authenticated.(Admin+).SQL.Injection.via.entry HIGH" "avada 7.11.7 Unauthenticated.Sensitive.Information.Exposure.via.Form.Uploads.Directory.Listing MEDIUM" "avada 7.11.7 Authenticated.(Contributor+).Server-Side.Request.Forgery.via.form_to_url_action MEDIUM" "avada 7.11.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "avada 7.11.5 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "avada 7.11.2 Subscriber+.Portfolio.Permalinks.Creation MEDIUM" "avada 7.11.2 Author+.Arbitrary.File.Upload.via.Zip.Extraction HIGH" "avada 7.11.2 Contributor+.SSRF HIGH" "avada 7.11.2 Contributor+.Arbitrary.File.Upload MEDIUM" "adifier-system 3.1.4 .Unauthenticated.Local.File.Inclusion CRITICAL" "adifier-system 3.1.4 Unauthenticated.SQL.Injection CRITICAL" "althea-wp 1.0.16 Various.Versions.and.Themes.-.Missing.Authorization MEDIUM" "accesspress-root 2.6.0 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "activello No.known.fix Reflected.XSS HIGH" "activello 1.4.2 Unauthenticated.Function.Injection CRITICAL" "arilewp 2.9.7 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "auberge 1.4.5 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "amela 1.0.12 Reflected.Cross-Site.Scripting MEDIUM" "amela 1.0.14 Reflected.Cross-Site.Scripting MEDIUM" "amela 1.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "appointment 3.2.6 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "adifier 3.1.4 Reflected.Cross-Site.Scripting MEDIUM" "accio 1.1.1 Information.Disclosure HIGH" "astra 4.6.9 Contributor+.Stored.XSS MEDIUM" "astra 4.6.5 Editor+.Stored.XSS.via.Theme.Header/Footer LOW" "affluent 1.1.2 Unauthenticated.Function.Injection CRITICAL" "allegiant No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "allegiant 1.2.6 Unauthenticated.Function.Injection CRITICAL" "ashe 2.234 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "accesspress-lite 2.93 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "accesspress-parallax 4.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "aplite No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "accesspress-staple No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "arya-multipurpose No.known.fix Unauthenticated.Reflected.XSS HIGH" "agency-lite 1.1.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "antioch No.known.fix Arbitrary.File.Download HIGH" "anfaust No.known.fix Reflected.XSS HIGH" "agncy No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "artificial-intelligence 1.2.4 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "bootstrap-coach 1.1.2 Reflected.Cross-Site.Scripting MEDIUM" "businessexpo 0.1.4 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "blain No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "busiprof No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "busiprof 2.3.8 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "brain-power No.known.fix Reflected.XSS HIGH" "bridge 18.2.1 Open.Redirect HIGH" "bridge 11.2 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "bricks 1.10.2 Authenticated.(Bricks.Page.Builder.Access+).Stored.Cross-Site.Scripting MEDIUM" "bricks 1.8.2 Cross-Site.Request.Forgery.via.save_settings MEDIUM" "bricks 1.8.2 Cross-Site.Request.Forgery.via.reset_settings MEDIUM" "bricks 1.9.6.1 Unauthenticated.Remote.Code.Execution CRITICAL" "bricks 1.9.6.1 Unauthenticated.Remote.Code.Execution CRITICAL" "bricks 1.5.4 Subscriber+.Remote.Code.Execution HIGH" "bricks 1.5.4 Subscriber+.Arbitrary.Post/Page.Edition HIGH" "bloglo 1.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bookyourtravel 8.18.19 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "balkon 1.3.3 Reflected.Cross-Site.Scripting HIGH" "benevolent 1.3.5 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "bolster No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "business-directory No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "blockbooster 1.0.11 Missing.Authorization MEDIUM" "brand No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "brand No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "brand No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "bbe 1.53 Direct.Object.Reference MEDIUM" "brilliance No.known.fix Subscriber+.Stored.XSS HIGH" "brilliance 1.3.0 Unauthenticated.Function.Injection CRITICAL" "bacola No.known.fix Cross-Site.Request.Forgery MEDIUM" "buddyboss-platform 2.6.0 Subscriber+.Comment.on.Private.Post.via.IDOR MEDIUM" "broadcast-lite 2.0.7 Reflected.Cross-Site.Scripting MEDIUM" "broadcast-lite 2.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "busicare 1.1.9 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "buddyboss-theme 2.5.01 Cross-Site.Request.Forgery MEDIUM" "buddyboss-theme 2.4.61 Missing.Authorization MEDIUM" "bloghub No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bard 2.211 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "blocksy 2.0.51 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blocksy 2.0.47 Contributor+.Stored.XSS MEDIUM" "blocksy 2.0.43 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blocksy 2.0.40 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "blocksy 2.0.34 Contributor+.Stored.XSS MEDIUM" "blocksy 2.0.27 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blocksy 2.0.20 Authenticated.(Editor+).Stored.Cross-Site.Scripting LOW" "bazaar-lite 1.8.6 Reflected.XSS HIGH" "bravada No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blockst 1.0.8 Reflected.Cross-Site.Scripting MEDIUM" "brasserie No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bingle 1.0.5 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "blessing 1.3.2.1 Information.Disclosure HIGH" "business-pro No.known.fix Reflected.XSS HIGH" "bakes-and-cakes 1.2.7 Missing.Authorization.to.Notice.Dismissal MEDIUM" "book-landing-page 1.2.4 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "bunnypresslite 2.1 Reflected.XSS HIGH" "blossom-shop 1.1.8 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "blossom-spa 1.3.5 Sensitive.Information.Exposure MEDIUM" "beauty-premium No.known.fix Arbitrary.File.Upload MEDIUM" "bizpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bootstrap-photography No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "brite 1.0.15 Various.Versions.and.Themes.-.Missing.Authorization MEDIUM" "bello 1.6.0 Unauthenticated.Reflected.XSS.&.XFS MEDIUM" "bello 1.6.0 Authenticated.Cross-Site.Scripting.(XSS).and.XFS MEDIUM" "bello 1.6.0 Unauthenticated.Blind.SQL.Injection CRITICAL" "blogpoet 1.0.3 Missing.Authorization.via.blogpoet_install_and_activate_plugins() MEDIUM" "bonkers 1.0.6 Unauthenticated.Function.Injection CRITICAL" "businesswp 1.1 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "business-one-page 1.3.0 Missing.Authorization.to.Notice.Dismissal MEDIUM" "bloger 1.2.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "bootstrap-blog 10.2.3 Reflected.Cross-Site.Scripting MEDIUM" "boot-store No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "basil 2.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bretheon No.known.fix Local.File.Disclosure HIGH" "bretheon No.known.fix WordPress.Slider.Revolution.Shell.Upload CRITICAL" "baton No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bootstrap-fitness 1.0.6 Reflected.Cross-Site.Scripting MEDIUM" "betheme 27.5.6 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File MEDIUM" "betheme No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "betheme No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "betheme 27.1.2 Missing.Authorization MEDIUM" "betheme 26.8 Reflected.XSS HIGH" "betheme 26.6.3 Subscriber+.Stored.XSS MEDIUM" "betheme 26.6.3 Missing.Authorization HIGH" "betheme 26.6 Contributor+.PHP.Object.Injection MEDIUM" "betheme 26.6.3 Subscriber+.Unauthorised.Action MEDIUM" "betheme 26.6 Subscriber+.PHP.Object.Injection MEDIUM" "brooklyn No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "brooklyn No.known.fix PHP.Object.Injection HIGH" "bani No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bani No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bani No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "bingopress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "clotya No.known.fix Cross-Site.Request.Forgery MEDIUM" "cas No.known.fix Unauthenticated.SSRF HIGH" "cas No.known.fix Unauthenticated.Arbitrary.File.Access HIGH" "careplus No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "chaostheory 1.3.2 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "counterpoint No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "counterpoint No.known.fix Reflected.XSS HIGH" "carspot 2.2.3 Multiple.Vulnerabilities MEDIUM" "connections-reloaded No.known.fix Reflected.XSS HIGH" "corporate-event No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "chic-lite 1.1.4 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "coachify 1.0.8 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "classima 2.1.11 Reflected.Cross-Site.Scripting MEDIUM" "car-repair-services 4.0 Unauthenticated.Reflected.XSS.&.XFS HIGH" "colibri-wp 1.0.99 Various.Versions.and.Themes.-.Missing.Authorization MEDIUM" "colibri-wp 1.0.101 Cross-Site.Request.Forgery.to.Limited.Plugin.Installation MEDIUM" "colornews 1.2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "construction-landing-page 1.3.6 Missing.Authorization.to.Notice.Dismissal MEDIUM" "cyclone-blog No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "construction-lite 1.2.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "cafe-bistro 1.1.4 Reflected.XSS HIGH" "custom-community 2.0.25 Stored.Cross-Site.Scripting.(XSS) HIGH" "club-theme No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "construct 2.8.3 Local.File.Disclosure HIGH" "construct 2.8.3 WordPress.Slider.Revolution.Shell.Upload CRITICAL" "chained No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cosmetsy No.known.fix Cross-Site.Request.Forgery MEDIUM" "consus 1.0.7 Cross-Site.Request.Forgery MEDIUM" "customizr 4.4.22 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "customizr 4.3.1 Arbitrary.Settings.Update.via.CSRF MEDIUM" "customizr 4.3.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "cloudpress 2.4.9 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "corsa No.known.fix Subscriber+.Arbitrary.Plugin.Installation CRITICAL" "careerfy 6.3.0 Authenticated.Stored.XSS MEDIUM" "careerfy 4.4.0 Unauthenticated.Reflected.XSS MEDIUM" "careerfy 4.3.0 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "careerfy 4.1.0 Multiple.Cross-Site.Scripting.(XSS).Issues MEDIUM" "careerfy 3.9.0 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "clockstone No.known.fix Arbitrary.File.Upload CRITICAL" "colorway No.known.fix Cross-Site.Request.Forgery MEDIUM" "colorway No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "colorway 3.4.2 Cross-Site.Scripting.(XSS) MEDIUM" "cozipress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "couponis-demo 2.2 Unauthenticated.SQL.Injection CRITICAL" "consultstreet 1.6.7 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "chic-lifestyle 10.0.8 Reflected.Cross-Site.Scripting MEDIUM" "cactus No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "careerup 2.3.1 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "consultera No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "consultpress-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "consultpress-lite No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "consultpress-lite No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "cardealer 1.1.9 Information.Disclosure HIGH" "cuisine-palace No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cuisine-palace No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "citybook 2.4.4 Unauthenticated.Reflected.XSS HIGH" "citybook 2.3.4 Multiple.Vulnerabilities HIGH" "college 1.5.1 Reflected.XSS HIGH" "colormag 3.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Display.Name MEDIUM" "colormag 3.1.3 Missing.Authorization.to.Arbitrary.Plugin.Installation MEDIUM" "drop 1.22 Reflected.XSS HIGH" "discy 5.5.3 Missing.validation.lead.to.functionality.abuse LOW" "discy 5.0 Subscriber+.Broken.Access.Control.to.change.settings MEDIUM" "discy 5.2 Restore.Default.Settings.via.CSRF MEDIUM" "discy 5.2 Settings.Update.via.CSRF MEDIUM" "digitally No.known.fix Reflected.XSS HIGH" "dt-the7 11.14.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.url.Attribute MEDIUM" "dt-the7 11.6.1 Reflected.XSS HIGH" "dt-the7 2.1.1 Cross-Site.Scripting.(XSS) MEDIUM" "designexo 3.7 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "dailydeal No.known.fix File.Upload.Remote.Code.Execution HIGH" "doko 1.1.0 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "diplomat 1.0.3 Information.Disclosure HIGH" "directory 3.0.2 Reflected.XSS HIGH" "darcie 1.1.6 Reflected.XSS HIGH" "digital-newspaper 1.1.6 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "digital-store 1.3.3 Unspecified.XSS MEDIUM" "dostart No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "divi 4.25.1 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "divi 4.23.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "divi 4.5.3 4.5.2,.Extra.2.0.-.4.5.2,.Divi.Builder.2.0.-.4.5.2).-.Authenticated.Arbitrary.File.Upload MEDIUM" "divi 4.0.10 Authenticated.Code.Injection MEDIUM" "divi 3.17.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "divi 2.6.4 Privilege.Escalation HIGH" "deadline No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "esotera No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "empowerwp 1.0.22 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "echelon 2.8.3 Local.File.Disclosure HIGH" "echelon 2.8.3 WordPress.Slider.Revolution.Shell.Upload CRITICAL" "enfold 6.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wrapper_class.and.class.Parameters MEDIUM" "enfold 5.6.10 Reflected.Cross-Site.Scripting MEDIUM" "enfold 5.6.5 Reflected.Cross-Site.Scripting MEDIUM" "enfold 4.8.4 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "elasta 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "elasta 1.0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "edge 2.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Author.Display.Name MEDIUM" "esteem 1.5.1 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "elation No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "elation 1.1.01 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easybook 1.2.2 Multiple.Vulnerabilities HIGH" "everest-news-pro No.known.fix Reflected.XSS HIGH" "exquisite-wp No.known.fix DOM.Cross-Site.Scripting.(XSS) MEDIUM" "epic No.known.fix Arbitrary.File.Download HIGH" "education-zone 1.3.5 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "edupress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "excellent 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "event 1.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "eduma 5.4.8 Reflected.Cross-Site.Scripting MEDIUM" "enlighten 1.3.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "elitepress 2.0.3 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "everest-news No.known.fix Reflected.XSS HIGH" "elevate-wp 1.0.17 Various.Versions.and.Themes.-.Missing.Authorization MEDIUM" "eighteen-tags 3.1.1 Reflected.Cross-Site.Scripting MEDIUM" "everse 1.2.4 Reflected.XSS HIGH" "everse 1.8.10 Reflected.Cross-Site.Scripting MEDIUM" "everse 1.8.12 Reflected.Cross-Site.Scripting MEDIUM" "everse 1.8.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "eventpress 5.7 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "elegant-pink 1.3.1 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "envo-business No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "eptonic No.known.fix Valums.Uploader.Shell.Upload.Exploit CRITICAL" "estrutura-basica No.known.fix Local.File.Download. HIGH" "furnob No.known.fix Cross-Site.Request.Forgery MEDIUM" "footysquare No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "fusion 2.8.3 Local.File.Disclosure HIGH" "fusion 2.8.3 WordPress.Slider.Revolution.Shell.Upload CRITICAL" "freely No.known.fix Information.Disclosure HIGH" "fire-blog No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "formula 0.5.2 Reflected.Cross-Site.Scripting.via.quality_customizer_notify_dismiss_action MEDIUM" "formula 0.5.2 Reflected.Cross-Site.Scripting.via.ti_customizer_notify_dismiss_recommended_plugins MEDIUM" "freesia-empire 1.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "foodbakery 2.2 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "foodbakery 2.0 Unauthenticated.Reflected.XSS MEDIUM" "findeo 1.3.1 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "findeo 1.3.1 Arbitrary.Property.Deletion.via.IDOR HIGH" "financio 1.1.4 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "fotography 2.4.1 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "fortune No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "findus 1.1.15 Directory.Listing.<.1.1.15.-.Authenticated.Persistent.XSS MEDIUM" "fullbase 1.2.1 Reflected.XSS HIGH" "fashstore No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "flatsome 3.19.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Shortcodes MEDIUM" "flatsome 3.19.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "flatsome 3.17.6 Unauthenticated.PHP.Object.Injection CRITICAL" "flatsome 3.17.0 Reflected.XSS HIGH" "filmix No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fusion-builder 7.11.6 Authenticated(Contributor+).Sensitive.Information.Exposure.via.Form.Entries MEDIUM" "fusion-builder 3.11.2 Subscriber+.SQL.injection.and.broken.access.control.vulnerability.in.Critical.CSS HIGH" "fashionable-store No.known.fix Reflected.XSS HIGH" "fotawp 1.4.2 Missing.Authorization.via.fotawp_install_and_activate_plugins() MEDIUM" "focusblog 2.0.0 Unauthenticated.Option.Update MEDIUM" "focusblog 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "fluida No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "foxiz 2.3.6 Unauthenticated.Server-Side.Request.Forgery HIGH" "fraction-theme 1.1.2 Privilege.Escalation HIGH" "findgo 1.3.32 Directory.Listing.<.1.3.32.-.Unauthenticated.Reflected.and.Authenticated.Stored.XSS MEDIUM" "fifteen No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "goya 1.0.8.8 Unauthenticated.Reflected.Cross-Site.Scripting.via.Multiple.Parameters MEDIUM" "gaga-lite No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "gaga-corp No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "gema-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "golo 1.3.3 Unauthenticated.Reflected.XSS MEDIUM" "gucherry-blog No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "grey-opaque No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Download-Button.Shortcode MEDIUM" "goto 2.1 Reflected.Cross-Site.Scripting.(XSS) HIGH" "goto 2.1 Unauthenticated.Blind.SQL.Injection CRITICAL" "goto 2.0 Tour.&.Travel.<.2.0.-.Unauthenticated.Reflected.XSS MEDIUM" "goodnex 1.1.3 Information.Disclosure HIGH" "geomagazine No.known.fix Unauthenticated.Reflected.XSS MEDIUM" "gym-express No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gump No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "greenmart 2.5.2 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "greenmart 2.4.3 Reflected.Cross-Site.Scripting.(XSS) CRITICAL" "graphene 2.9.3 Unauthenticated.Password.Protected.Post.Access MEDIUM" "givingpress-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "goodnews5 No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "gutenbook No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "g-blog No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hotel-galaxy No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hueman 3.7.25 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "hueman 3.6.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "hueman 3.6.4 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "houzez 3.2.5 Reflected.Cross-Site.Scripting MEDIUM" "highlight 1.0.30 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "hugo-wp 1.0.10 Various.Versions.and.Themes.-.Missing.Authorization MEDIUM" "himer 2.1.3 Social.Questions.and.Answers.<.2.1.3.-.CSRF.While.Sending.the.Invites MEDIUM" "himer 2.1.1 Social.Questions.and.Answers.<.2.1.1.-.Arbitrary.Group.Joining.via.CSRF MEDIUM" "himer 2.1.1 Social.Questions.and.Answers.<.2.1.1.-.Bypass.Poll.Voting.Restrictions.via.CSRF MEDIUM" "himer 2.1.1 Social.Questions.and.Answers.<.2.1.1.-.Contributor+.Stored.XSS MEDIUM" "himer 2.1.1 Social.Questions.and.Answers.<.2.1.1.-.Subscriber+.Private.Group.Joining.via.IDOR MEDIUM" "himer 2.1.1 Social.Questions.and.Answers.<.2.1.1.-.Multiple.CSRF.on.the.Group.Section MEDIUM" "himer 1.9.3 Missing.validation.lead.to.functionality.abuse LOW" "homevillas-real-estate 2.3 Multiple.Cross-Site.Scripting.Issues MEDIUM" "hasten-lite No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "hotelica No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hello-agency 1.0.6 Missing.Authorization.to.Notice.Dismissal MEDIUM" "hestia 3.1.3 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "honeypress 2.3.6 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "hive-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "himalayas No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "himalayas 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hasium No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hasium 1.6.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "headway 3.8.9 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "idyllic 1.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "intrace 1.1.1 Multiple.Versions.-.Missing.Authorization.to.Notice.Dismissal MEDIUM" "illdy 2.1.7 Unauthenticated.Function.Injection CRITICAL" "intothedark No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "infinite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.project_url.Parameter MEDIUM" "inspiro 7.2.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "ignition 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "ignition 2.0.0 Unauthenticated.Option.Update MEDIUM" "interface 3.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "i-transform No.known.fix Cross-Site.Request.Forgery MEDIUM" "injob 3.4.1 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "ih-business-pro No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "i-amaze No.known.fix Cross-Site.Request.Forgery MEDIUM" "intrepidity No.known.fix File.Upload.and.Option.Update.via.CSRF HIGH" "ilex 1.4.2 Reflected.XSS HIGH" "jobeleon-wpjobboard 1.9.2 Reflected.Cross-Site.Scripting MEDIUM" "jobcareer 3.5 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "jobcareer 2.5.1 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "jobcareer 2.4.1 User.enumeration.&.Reset.password CRITICAL" "jetapo 1.1 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "jewelry-store 2.3.5 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "jannah 5.4.5 Reflected.Cross-Site.Scripting.(XSS) HIGH" "jannah 5.4.4 Reflected.Cross-Site.Scripting.(XSS) HIGH" "js-o3-lite No.known.fix Reflected.XSS HIGH" "jetapo-with-woocommerce 1.1 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "jnews 8.0.6 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "js-paper No.known.fix Reflected.XSS HIGH" "jupiter 6.10.2 Subscriber+.Path.Traversal.and.Local.File.Inclusion HIGH" "jupiter 6.10.2 Subscriber+.Privilege.Escalation.and.Post.Deletion CRITICAL" "jupiter 6.10.2 Subscriber+.Arbitrary.Plugin.Deletion MEDIUM" "jobscout 1.1.5 Cross-Site.Request.Forgery.to.Notice.Dimissal MEDIUM" "julia-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "javo-spot 3.0.0 Unauthenticated.Directory.Traversal HIGH" "jupiterx 2.0.7 Subscriber+.Arbitrary.Plugin.Deactivation.and.Settings.Update MEDIUM" "jupiterx 2.0.7 Subscriber+.Path.Traversal.and.Local.File.Inclusion HIGH" "kata-business No.known.fix Reflected.XSS HIGH" "kormosala 1.0.23 Unauthenticated.Reflected.XSS MEDIUM" "konzept 2.5 Unauthenticated.Reflected.XSS MEDIUM" "kingclub-theme No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "kata-app No.known.fix Reflected.XSS HIGH" "krste No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kahuna No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kata 1.2.9 Reflected.XSS HIGH" "looki-lite 1.3.0 Reflected.XSS HIGH" "listeo 1.6.11 Multiple.XSS.&.XFS.vulnerabilities MEDIUM" "listeo 1.6.11 Multiple.Authenticated.IDOR.Vulnerabilities MEDIUM" "learnmore No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "learnmore No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "listingpro No.known.fix Subscriber+.Local.File.Inclusion HIGH" "listingpro No.known.fix Unauthenticated.SQL.Injection CRITICAL" "listingpro No.known.fix Cross-Site.Request.Forgery.to.Account.Takeover HIGH" "listingpro 2.6.1 Unauthenticated.Sensitive.Data.Disclosure.(Usernames,.Emails.etc) HIGH" "listingpro 2.6.1 Unauthenticated.Arbitrary.Plugin.Installation/Activation/Deactivation CRITICAL" "listingpro 2.5.4 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "listingpro 2.0.14.5 Reflected.&.Persistent.Cross-Site.Scripting MEDIUM" "luxe 2.0.0 Unauthenticated.Option.Update MEDIUM" "luxe 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "lawyer-landing-page 1.2.5 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "lifestyle-magazine 10.2.1 Reflected.Cross-Site.Scripting MEDIUM" "lawyerpress-lite No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "lovetravel 3.8 Unauthenticated.Reflected.XSS.&.XFS MEDIUM" "lovetravel 2.0 Unauthenticated.Reflected.XSS.&.XFS MEDIUM" "liquido No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lattice 1.1.4 Unspecified.XSS MEDIUM" "listingo 3.2.7 Unauthenticated.Arbitrary.File.Upload CRITICAL" "machic No.known.fix Cross-Site.Request.Forgery MEDIUM" "mediumishh No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "motor 3.1.0 Unauthenticated.Local.File.Inclusion HIGH" "mystique No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ms-lms-starter-theme 1.1.9 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "mTheme-Unus No.known.fix Local.File.Inclusion.(LFI) HIGH" "monograph No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "magazine-edge No.known.fix Subscriber+.Arbitrary.Plugin.Activation MEDIUM" "modular 2.8.3 Local.File.Disclosure HIGH" "modular 2.8.3 WordPress.Slider.Revolution.Shell.Upload CRITICAL" "manbiz2 No.known.fix Local.File.Disclosure HIGH" "manbiz2 No.known.fix WordPress.Slider.Revolution.Shell.Upload CRITICAL" "mantra No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "medicate No.known.fix Local.File.Disclosure HIGH" "medicate No.known.fix WordPress.Slider.Revolution.Shell.Upload CRITICAL" "meris No.known.fix Reflected.XSS HIGH" "medicpress-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "meridia 2.2.8 Reflected.Cross-Site.Scripting MEDIUM" "meridia 2.2.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "modern 1.4.2 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "mesmerize 1.6.124 Cross-Site.Request.Forgery.to.Cache.Clearing MEDIUM" "mediciti-lite No.known.fix Reflected.XSS HIGH" "mediciti-lite No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "mocho-blog No.known.fix Reflected.XSS HIGH" "materialis 1.1.30 Missing.Authorization.to.Limited.Arbitrary.Options.Update MEDIUM" "multipurpose No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "medikaid 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "myriad 2.8.3 Local.File.Disclosure HIGH" "myriad 2.8.3 WordPress.Slider.Revolution.Shell.Upload CRITICAL" "monolit 2.0.7 Reflected.XSS HIGH" "medibazar No.known.fix Cross-Site.Request.Forgery MEDIUM" "moseter No.known.fix Reflected.XSS HIGH" "metro-magazine 1.3.8 Missing.Authorization.to.Notice.Dismissal MEDIUM" "minus 2.0.0 Unauthenticated.Option.Update MEDIUM" "minus 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "medzone-lite 1.2.6 Unauthenticated.Function.Injection CRITICAL" "method 2.8.3 Local.File.Disclosure HIGH" "method 2.8.3 WordPress.Slider.Revolution.Shell.Upload CRITICAL" "monalisa 2.1.3 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "mosaic No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "nexter 2.0.4 Authenticated.(Subscriber+).SQL.Injection.via.'to'.and.'from' HIGH" "nexter 2.0.4 Missing.Authorization MEDIUM" "nichebase 1.2.3 Reflected.Cross-Site.Scripting MEDIUM" "nichebase 1.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "newshit 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "newsmash 1.0.35 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "news-flash No.known.fix Authenticated.(Editor+).PHP.Object.Injection HIGH" "newsxpress 1.0.8 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "nictitate No.known.fix Cross-Site.Request.Forgery MEDIUM" "networker 1.1.10 Tech.News.WordPress.Theme.with.Dark.Mode.<.1.1.10.-.Missing.Authorization MEDIUM" "nasio No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "newsmatic 1.3.3 Missing.Authorization MEDIUM" "newsmatic 1.3.5 Unauthenticated.Information.Exposure.via.newsmatic_filter_posts_load_tab_content MEDIUM" "newspaper-x 1.3.2 Unauthenticated.Function.Injection CRITICAL" "noo-jobmonster No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "noo-jobmonster No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "noo-jobmonster 4.6.6.1 Directory.Listing.in.Upload.Folder MEDIUM" "noo-jobmonster 4.5.2.9 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "naturemag-lite No.known.fix Unauthenticated.Function.Injection CRITICAL" "nsc No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ngo-charity-lite No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "nothing-personal No.known.fix Reflected.XSS HIGH" "nexos 1.8 Real.Estate.<.1.8.-.Unauthenticated.Reflected.XSS.&.SQL.Injection CRITICAL" "nexos 1.6.1 Real.Estate.<.1.6.1.-.SQL.Injection.&.Persistent.XSS CRITICAL" "newsmag No.known.fix Subscriber+.Reflected.Cross-Site.Scripting MEDIUM" "newsmag 2.4.2 Unauthenticated.Function.Injection CRITICAL" "nightlife No.known.fix CSRF.File.Upload HIGH" "neosense 1.8 Unrestricted.File.Upload CRITICAL" "nova-lite 1.3.9 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "nirvana No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "newspaper 12.6.6 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Attachment.Meta MEDIUM" "nokke 1.2.4 Reflected.XSS HIGH" "nokke 1.2.3 Reflected.Cross-Site.Scripting MEDIUM" "nokke 1.2.4 Reflected.Cross-Site.Scripting MEDIUM" "nokke 1.0.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "news-unlimited No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "orchid-store 1.5.7 .Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Plugin.Activation MEDIUM" "optimizepress 1.6 Unauthenticated.Arbitrary.File.Upload CRITICAL" "offset-writing No.known.fix Reflected.XSS HIGH" "oceanic No.known.fix Cross-Site.Request.Forgery MEDIUM" "onepress No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "onepress 2.3.7 Cross-Site.Request.Forgery.via.save_settings() MEDIUM" "one-page-conference No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ona 1.18.3 Reflected.Cross-Site.Scripting MEDIUM" "onair2 3.9.9.2 Unauthenticated.RFI.and.SSRF MEDIUM" "onetone No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "outdoor 3.9.7 Reflected.XSS HIGH" "opor-ayam No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "opor-ayam No.known.fix Reflected.XSS HIGH" "oceanwp 3.5.5 Subscriber+.Sensitive.Information.Exposure MEDIUM" "one-paze No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "parallaxsome 1.3.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "phlox-pro 5.16.5 Reflected.Cross-Site.Scripting.via.Search.Parameters MEDIUM" "pinzolo 1.2.10 Reflected.XSS HIGH" "parallelus-traject 2.0 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "patricia-blog No.known.fix Cross-Site.Request.Forgery MEDIUM" "parallax-blog No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "patricia-lite No.known.fix Cross-Site.Request.Forgery MEDIUM" "purus No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "purus No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "purus No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "prolist 1.27 Directory.Listing.<.1.27.-.Unauthenticated.Reflected.XSS MEDIUM" "parallelus-unite 2.0 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "pixgraphy 1.3.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "preschool-and-kindergarten 1.2.2 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "patch-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "performag 2.0.0 Unauthenticated.Option.Update MEDIUM" "performag 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "pinboard No.known.fix includes/theme-options.php.tab.Parameter.XSS MEDIUM" "pressive 2.0.0 Unauthenticated.Option.Update MEDIUM" "pressive 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "phototouch 1.2.2 Arbitrary.File.Upload.via.themify-ajax.php CRITICAL" "point No.known.fix Cross-Site.Request.Forgery MEDIUM" "partdo No.known.fix Cross-Site.Request.Forgery MEDIUM" "punte 1.1.3 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "popularis-verse 1.0.2 Cross-Site.Request.Forgery MEDIUM" "parallelus-salutation 3.0.16 Stored.XSS MEDIUM" "parallelus-salutation 2.0 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "pixigo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pliska 0.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Author.Display.Name MEDIUM" "platform No.known.fix Cross-Site.Request.Forgery.(CSRF) HIGH" "plato 1.1.9 Reflected.XSS HIGH" "pathway 1.0.16 Various.Versions.and.Themes.-.Missing.Authorization MEDIUM" "purity-of-soul No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "purity-of-soul No.known.fix Reflected.XSS HIGH" "pixova-lite 2.0.7 Unauthenticated.Function.Injection CRITICAL" "parabola No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pont No.known.fix Privilige.Escalation HIGH" "pinfinity 2.0 Reflected.Cross-site.Scripting.(XSS) MEDIUM" "polka-dots No.known.fix Reflected.XSS HIGH" "posterity No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "posterity 3.4 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "perfect-portfolio 1.2.1 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "perfect-portfolio 1.1.6 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "parallelus-intersect 2.0 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "purosa 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "purosa 1.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "photology 1.1.4 Multiple.Versions.-.Missing.Authorization.to.Notice.Dismissal MEDIUM" "porto 7.1.1 Unauthenticated.Local.File.Inclusion.via.porto_ajax_posts CRITICAL" "porto 7.1.1 Authenticated.(Contributor+).Local.File.Inclusion.via.Post.Meta HIGH" "quality 2.7.4 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "quota 1.2.5 Unspecified.XSS MEDIUM" "quasar 2.0 Privilege.Escalation HIGH" "responsive-mobile No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "revivenews 1.0.3 Missing.Authorization.via.revivenews_install_and_activate_plugins() MEDIUM" "raise-mag No.known.fix Reflected.XSS HIGH" "rovenstart 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "rise 2.0.0 Unauthenticated.Option.Update MEDIUM" "rise 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "rife-free 2.4.19 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "rife-free 2.4.20 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rehub-theme 19.6.2 Authenticated.(Subscriber+).SQL.Injection HIGH" "rehub-theme 19.6.2 Unauthenticated.Local.File.Inclusion CRITICAL" "rehub-theme 19.6.2 Authenticated.(Editor+).Local.File.Inclusion HIGH" "royal-elementor-kit 1.0.117 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "royal-elementor-kit 1.0.117 Missing.Authorization.to.Arbitrary.Transient.Update MEDIUM" "robolist-lite No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "restaurant-pt 1.1.3 Reflected.XSS HIGH" "ripple 1.2.1 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "revolve No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "restaurant-and-cafe 1.2.2 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "raindrops 1.700 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "realestate-7 3.3.5 Reflected.XSS HIGH" "realestate-7 3.3.5 Multiple.CSRF MEDIUM" "realestate-7 3.3.2 Reflected.XSS HIGH" "realestate-7 3.1.1 Reflected.Cross-Site.Scripting.(XSS) HIGH" "realestate-7 3.0.5 Unauthenticated.Reflected.XSS MEDIUM" "realestate-7 3.0.4 Unauthenticated.Reflected.XSS MEDIUM" "realestate-7 2.9.5 Multiple.Vulnerabilities HIGH" "realestate-7 2.9.1 Stored.XSS.&.IDOR MEDIUM" "radcliffe-2 2.0.18 Missing.Authorization MEDIUM" "responsive 5.0.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive 5.0.3 Missing.Authorization.to.HMTL.Injection HIGH" "roven-blog 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "regina-lite No.known.fix Reflected.XSS HIGH" "regina-lite 2.0.6 Unauthenticated.Function.Injection CRITICAL" "rara-business 1.2.6 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "rara-business 1.2.3 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "restricted-site-access No.known.fix IP.Spoofing.to.Protection.Mechanism.Bypass MEDIUM" "relax-spa 1.1.1 Reflected.Cross-Site.Scripting MEDIUM" "reality 2.5.6 Multiple.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "reality 2.5.3 Unauthenticated.Reflected.XSS MEDIUM" "reality 2.4.0 Multiple.Persistent.XSS MEDIUM" "rambo 2.1.4 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "sahifa 3.0.0 Site.Setting.Reset.CSRF HIGH" "sahifa 3.0.0 Multiple.Full.Path.Disclosure MEDIUM" "swing-lite 1.2.0 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "silesia No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "scylla-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "sociallyviral No.known.fix Cross-Site.Request.Forgery MEDIUM" "storied 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "storied 2.0.0 Unauthenticated.Option.Update MEDIUM" "soulmedic No.known.fix Local.File.Disclosure HIGH" "soulmedic No.known.fix WordPress.Slider.Revolution.Shell.Upload CRITICAL" "scrollme No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "sliding-door No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "specialist No.known.fix CSRF.File.Upload HIGH" "suffice 1.1.6 Reflected.Cross-Site.Scripting MEDIUM" "shoppette 1.0.5 Unspecified.XSS MEDIUM" "spiko 1.1.2 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "sportsmag No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "showbiz 1.7.1 Local.File.Disclosure HIGH" "showbiz No.known.fix WordPress.Slider.Revolution.Shell.Upload CRITICAL" "soundblast No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "saul 1.1.0 Reflected.XSS HIGH" "spikes No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "squared 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "squared 2.0.0 Unauthenticated.Option.Update MEDIUM" "speculor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "speculor No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "speculor No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "sparkling 2.4.9 Unauthenticated.Function.Injection CRITICAL" "startkit No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "startupzy 1.1.2 Multiple.Versions.-.Missing.Authorization.to.Notice.Dismissal MEDIUM" "sarada-lite 1.1.3 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "statfort No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "shuban No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "shuban No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "shuban No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "stockholm 9.7 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "stockholm 9.7 Unauthenticated.Local.File.Inclusion CRITICAL" "striking-r 2.3.5 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "striking-r 2.3.5 Reflected.Cross-Site.Scripting MEDIUM" "style No.known.fix Information.Disclosure HIGH" "smartit No.known.fix Information.Disclosure HIGH" "simpolio No.known.fix Privilige.Escalation HIGH" "spice-software 1.1.5 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "squaretype 3.0.4 Unauthenticated.Private/Schedule.Posts.Disclosure MEDIUM" "saleszone No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "shopbiz-lite 1.7.7 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "simplifii No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "silk-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "short 1.7.2 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "soledad 8.4.6 Missing.Authorization MEDIUM" "soledad 8.4.6 Cross-Site.Request.Forgery MEDIUM" "soledad 8.4.6 Missing.Authorization MEDIUM" "soledad 8.4.2 Authenticated.(Contributor+).SQL.Injection HIGH" "soledad 8.4.2 Unauthenticated.PHP.Object.Injection CRITICAL" "soledad 8.4.2 Reflected.Cross-Site.Scripting MEDIUM" "soledad 8.2.6 Subscriber+.Cross-Site.Scripting MEDIUM" "soledad 8.2.5 Reflected.Cross-site.Scripting MEDIUM" "storevilla 1.4.2 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "shapely 1.2.9 Unauthenticated.Function.Injection CRITICAL" "swape 1.2.1 Authentication.Bypass.and.Stored.XSS CRITICAL" "spikes-black No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "seabird No.known.fix Local.File.Disclosure HIGH" "seabird No.known.fix WordPress.Slider.Revolution.Shell.Upload CRITICAL" "spawp 1.4.1 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "spa-and-salon 1.2.8 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "spasalon 2.2.1 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "smartmag-responsive-retina-wordpress-magazine No.known.fix Unauthenticated.Sensitive.Information.Exposure.via.Log.Files MEDIUM" "superio 1.2.33 Job.Board.<.1.2.33.-.Subscriber+.Stored.Cross-Site.Scripting LOW" "start No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "salzburg-blog No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "socialdriver 2024 Prototype.Pollution.to.XSS HIGH" "sinatra No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sean-lite 1.4.6 Reflected.XSS HIGH" "scoreme No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "topcat-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "teardrop No.known.fix Privilige.Escalation HIGH" "the-authority No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "the-monday No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "tempera No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "theroof 1.0.4 Unauthenticated.Reflected.XSS HIGH" "traveler 2.8.4 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "traveler 2.8.4 Unauthenticated.SQL.Injection HIGH" "traveler 2.8.2 Unauthenticated.Reflected.XSS MEDIUM" "traveler 2.7.8.6 Reflected.&.Persistent.XSS.Issues MEDIUM" "traveler 2.7.8.4 Reflected.&.Stored.XSS MEDIUM" "travel-agency 1.4.2 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "tainacan-interface 2.7.2 Reflected.Cross-Site.Scripting MEDIUM" "thegem 5.9.2 Reflected.Cross-Site.Scripting MEDIUM" "the-conference 1.2.1 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "transcend 1.2.0 Unauthenticated.Function.Injection CRITICAL" "temp-mail-x No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "travel-tour 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "townhub 1.3.0 Unauthenticated.Reflected.XSS HIGH" "townhub 1.0.6 Multiple.Vulnerabilities HIGH" "travel-booking 1.2.3 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "techism No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "totalpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "thrive-theme 3.24.2 Cross-Site.Request.Forgery HIGH" "thrive-theme 3.24.0 Missing.Authorization HIGH" "thrive-theme 3.24.0 Subscriber+.Privilege.Escalation HIGH" "thrive-theme 2.2.4 Unauthenticated.Option.Update MEDIUM" "t1 No.known.fix Open.Redirect MEDIUM" "trendy-news 1.0.15 Cross-Site.Request.Forgery MEDIUM" "travel-monster 1.1.3 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "tuaug4 No.known.fix Reflected.XSS HIGH" "total 2.1.60 Missing.Authorization.to.Authenticated.(Subscriber+).Sections.Update MEDIUM" "tiki-time No.known.fix Reflected.XSS HIGH" "travey 1.0.5 Multiple.Versions.-.Missing.Authorization.to.Notice.Dismissal MEDIUM" "the-next No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "tijaji No.known.fix Reflected.XSS HIGH" "theron-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "tantyyellow No.known.fix Reflected.XSS HIGH" "theme-translation-for-polylang 3.2.17 Unauthenticated.Translation.Settings.Update MEDIUM" "truemag No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "tydskrif No.known.fix Reflected.XSS HIGH" "themify-ultra 7.3.6 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "themify-ultra 7.3.6 Missing.Authorization MEDIUM" "themify-ultra 7.3.6 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "themify-ultra 7.3.6 Missing.Authorization MEDIUM" "themify-ultra 7.3.6 Privilege.Escalation HIGH" "travel-agency-booking No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "the-launcher 1.3.3 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "ultimatum 2.9.1.5 Local.File.Disclosure HIGH" "ultimatum 2.9.1.5 WordPress.Slider.Revolution.Shell.Upload CRITICAL" "upfrontwp No.known.fix Reflected.XSS HIGH" "unicon-lite 1.2.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "unique No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "uncode-lite No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "ultralight No.known.fix Reflected.XSS HIGH" "u-design No.known.fix Reflected.Cross-Site.Scripting HIGH" "u-design 2.7.10 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "unakit 1.2.5.3 Reflected.Cross-Site.Scripting MEDIUM" "unakit 1.2.4.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "viburno 1.3.2 Reflected.XSS HIGH" "venice-lite 1.5.5 Reflected.XSS HIGH" "vertice 1.0.11 Various.Versions.and.Themes.-.Missing.Authorization MEDIUM" "vilva 1.2.3 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "vmagazine-lite 1.3.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "vmag 1.2.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "virtue 3.4.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.Author MEDIUM" "vernissage 1.3 Privilige.Escalation HIGH" "viralike No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "viralike 1.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "visual-composer-starter 3.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "voice 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "voice 2.0.0 Unauthenticated.Option.Update MEDIUM" "viala No.known.fix Reflected.XSS HIGH" "vmagazine-news 1.0.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "videoblog No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "villar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "villar 1.0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "viable-blog No.known.fix Reflected.XSS HIGH" "wedding-bride 1.0.2 Reflected.XSS HIGH" "wp-moose No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-moose 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "whimsy-framework No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wishful-blog No.known.fix Reflected.XSS HIGH" "wlow 1.2.7 Reflected.XSS HIGH" "wyzi-business-finder 2.4.3 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "woohoo No.known.fix Settings.Update.via.CSRF MEDIUM" "workio 1.0.3 Unauthenticated.Reflected.XSS MEDIUM" "wallstreet 2.0.5 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "wp-real-estate No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "wp-magazine No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woostify 1.9.2 CSRF.Bypass MEDIUM" "woodmart 7.2.5 Reflected.XSS HIGH" "woodmart 7.2.2 Subscriber+.Stored.XSS HIGH" "woodmart 7.1.2 License.Update/Deactivation.via.CSRF MEDIUM" "woodmart 7.1.2 Unauthenticated.Arbitrary.Shortcode.Injection HIGH" "westand 2.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-forge No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "winters No.known.fix Reflected.Cross-Site.Scripting.via.Prototype.Pollution MEDIUM" "wellness No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wr-nitro No.known.fix Unauthenticated.Arbitrary.Plugin.Installation CRITICAL" "wplms 4.900 Cross-Site.Request.Forgery HIGH" "wibar 1.2.1 Authenticated.Stored.Cross-Site.Scripting HIGH" "weddingalbum No.known.fix Information.Disclosure HIGH" "wp-sierra No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-sierra No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "weeklynews 2.2.9 Cross-Site.Scripting.(XSS) MEDIUM" "workscout 2.0.33 Authenticated.Stored.XSS.&.XFS HIGH" "wp-portfolio 2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "workup 2.1.6 Unauthenticated.Reflected.XSS MEDIUM" "workreap 2.6.4 Subscriber+.Arbitrary.Posts.Deletion.via.IDOR MEDIUM" "workreap 2.6.3 Freelance.Marketplace.and.Directory.<.2.6.3.-.Subscriber+.Private.Message.Disclosure.via.IDOR MEDIUM" "workreap 2.2.2 Missing.Authorization.Checks.in.Ajax.Actions HIGH" "workreap 2.2.2 Unauthenticated.Upload.Leading.to.Remote.Code.Execution CRITICAL" "workreap 2.2.2 Multiple.CSRF.+.IDOR.Vulnerabilities HIGH" "wpcake No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "weaver-xtreme 6.4 Contributor+.Stored.XSS MEDIUM" "weaver-xtreme 6.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "woffice 5.4.12 Unauthenticated.Privilege.Escalation CRITICAL" "woffice 5.4.9 Reflected.Cross-Site.Scripting MEDIUM" "woffice 4.0.2 Unauthenticated.Disclosure.of.Notification.Titles MEDIUM" "xenon No.known.fix Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "xstore 9.3.9 Reflected.Cross-Site.Scripting HIGH" "xstore 9.3.9 Missing.Authorization MEDIUM" "xstore 9.3.9 Missing.Authorization MEDIUM" "xstore 9.3.9 Unauthenticated.Local.File.Inclusion CRITICAL" "xstore 9.3.9 Subscriber+.Arbitrary.Options.Update HIGH" "xstore 9.3.9 Unauthenticated.SQLi HIGH" "yuki 1.3.15 Cross-Site.Request.Forgery.to.Theme.Setting.Reset MEDIUM" "yuki 1.3.14 Missing.Authorization.to.Authenticated.(Subscriber+).Theme.Setting.Reset MEDIUM" "yuki 1.3.8 Reflected.Cross-Site.Scripting MEDIUM" "yourjourney No.known.fix Reflected.Cross-Site.Scripting.via.Prototype.Pollution MEDIUM" "zigcy-lite 2.1.0 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "zeever 1.1.1 Multiple.Versions.-.Missing.Authorization.to.Notice.Dismissal MEDIUM" "zigcy-cosmetics 1.0.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "zbench No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "zenon-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "zigcy-baby 1.0.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL") + releases_themes=("delicate 3.5.5" "shapely 1.2.15") + vulns_themes=("15zine 3.3.0 Reflected.Cross-Site.Scripting MEDIUM" "5star No.known.fix CSRF.File.Upload HIGH" "anand No.known.fix Reflected.XSS HIGH" "ask-me 6.8.7 Post.Deletion.via.CSRF MEDIUM" "ask-me 6.8.4 CSRF.in.Edit.Profile MEDIUM" "ask-me 6.8.2 Multiple.CSRF.in.AJAX.Actions HIGH" "ask-me 6.8.2 Reflected.Cross-Site.Scripting MEDIUM" "antioch No.known.fix Arbitrary.File.Download HIGH" "arilewp 2.9.7 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "almera 1.1.8 Information.Disclosure HIGH" "accesspress-store 2.5.0 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "aapna No.known.fix Reflected.XSS HIGH" "auto-car No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "accessbuddy No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "auberge 1.4.5 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "amela 1.0.12 Reflected.Cross-Site.Scripting MEDIUM" "amela 1.0.14 Reflected.Cross-Site.Scripting MEDIUM" "amela 1.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "arendelle 1.1.13 Reflected.XSS HIGH" "arendelle 1.1.11 Reflected.Cross-Site.Scripting MEDIUM" "arendelle 1.1.13 Reflected.Cross-Site.Scripting MEDIUM" "arendelle 1.1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "accesspress-mag 2.6.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "awake No.known.fix Local.File.Disclosure HIGH" "awake No.known.fix WordPress.Slider.Revolution.Shell.Upload CRITICAL" "anima 1.4.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "accesspress-parallax 4.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "accountra 1.0.4 Multiple.Versions.-.Missing.Authorization.to.Notice.Dismissal MEDIUM" "astore No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "anfaust No.known.fix Reflected.XSS HIGH" "arya-multipurpose No.known.fix Unauthenticated.Reflected.XSS HIGH" "accesspress-basic 3.2.2 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "axioma 1.1.2 Information.Disclosure HIGH" "akal No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "appointment 3.2.6 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "atlast-business No.known.fix Reflected.XSS HIGH" "allegiant No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "allegiant 1.2.6 Unauthenticated.Function.Injection CRITICAL" "astra 4.6.5 Editor+.Stored.XSS.via.Theme.Header/Footer LOW" "astra 4.6.9 Contributor+.Stored.XSS MEDIUM" "aries No.known.fix Local.File.Disclosure HIGH" "aries No.known.fix WordPress.Slider.Revolution.Shell.Upload CRITICAL" "awpbusinesspress 0.2.4 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "activello No.known.fix Reflected.XSS HIGH" "activello 1.4.2 Unauthenticated.Function.Injection CRITICAL" "affluent 1.1.2 Unauthenticated.Function.Injection CRITICAL" "accesspress-staple No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "artificial-intelligence 1.2.4 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "attire 2.0.7 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "accesspress-ray No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "althea-wp 1.0.16 Various.Versions.and.Themes.-.Missing.Authorization MEDIUM" "adifier-system 3.1.4 Unauthenticated.SQL.Injection CRITICAL" "adifier-system 3.1.4 .Unauthenticated.Local.File.Inclusion CRITICAL" "accesspress-lite 2.93 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "agency-lite 1.1.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "ashe 2.234 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "accio 1.1.1 Information.Disclosure HIGH" "aplite No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "arya-multipurpose-pro No.known.fix Reflected.XSS HIGH" "antreas 1.0.7 Unauthenticated.Function.Injection CRITICAL" "attorney No.known.fix Reflected.XSS HIGH" "attorney No.known.fix Unauthenticated.Arbitrary.Page/Post.Deletion MEDIUM" "avada 7.11.7 Authenticated.(Contributor+).Server-Side.Request.Forgery.via.form_to_url_action MEDIUM" "avada 7.11.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "avada 7.11.7 Authenticated.(Admin+).SQL.Injection.via.entry HIGH" "avada 7.11.7 Unauthenticated.Sensitive.Information.Exposure.via.Form.Uploads.Directory.Listing MEDIUM" "avada 7.11.5 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "avada 7.11.2 Subscriber+.Portfolio.Permalinks.Creation MEDIUM" "avada 7.11.2 Author+.Arbitrary.File.Upload.via.Zip.Extraction HIGH" "avada 7.11.2 Contributor+.SSRF HIGH" "avada 7.11.2 Contributor+.Arbitrary.File.Upload MEDIUM" "agncy No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "adifier 3.1.4 Reflected.Cross-Site.Scripting MEDIUM" "accesspress-root 2.6.0 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "aidreform No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "adventure-journal No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "aquarella-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "aquarella-lite No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "blessing 1.3.2.1 Information.Disclosure HIGH" "brite 1.0.15 Various.Versions.and.Themes.-.Missing.Authorization MEDIUM" "bacola No.known.fix Cross-Site.Request.Forgery MEDIUM" "blain No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "busicare 1.1.9 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "betheme 27.5.6 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File MEDIUM" "betheme No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "betheme No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "betheme 27.1.2 Missing.Authorization MEDIUM" "betheme 26.8 Reflected.XSS HIGH" "betheme 26.6.3 Subscriber+.Stored.XSS MEDIUM" "betheme 26.6 Contributor+.PHP.Object.Injection MEDIUM" "betheme 26.6.3 Subscriber+.Unauthorised.Action MEDIUM" "betheme 26.6.3 Missing.Authorization HIGH" "betheme 26.6 Subscriber+.PHP.Object.Injection MEDIUM" "beauty-premium No.known.fix Arbitrary.File.Upload MEDIUM" "bootstrap-photography No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "basil 2.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "brooklyn No.known.fix PHP.Object.Injection HIGH" "brooklyn No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bani No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bani No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bani No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "bloglo 1.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bazaar-lite 1.8.6 Reflected.XSS HIGH" "buddyboss-platform 2.6.0 Subscriber+.Comment.on.Private.Post.via.IDOR MEDIUM" "blockst 1.0.8 Reflected.Cross-Site.Scripting MEDIUM" "bloger 1.2.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "brasserie No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bard 2.211 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "bridge 18.2.1 Open.Redirect HIGH" "bridge 11.2 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "book-landing-page 1.2.4 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "blossom-shop 1.1.8 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "boot-store No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "bravada 1.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "benevolent 1.3.5 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "bricks 1.10.2 Authenticated.(Bricks.Page.Builder.Access+).Stored.Cross-Site.Scripting MEDIUM" "bricks 1.8.2 Cross-Site.Request.Forgery.via.save_settings MEDIUM" "bricks 1.8.2 Cross-Site.Request.Forgery.via.reset_settings MEDIUM" "bricks 1.9.6.1 Unauthenticated.Remote.Code.Execution CRITICAL" "bricks 1.9.6.1 Unauthenticated.Remote.Code.Execution CRITICAL" "bricks 1.5.4 Subscriber+.Remote.Code.Execution HIGH" "bricks 1.5.4 Subscriber+.Arbitrary.Post/Page.Edition HIGH" "business-pro No.known.fix Reflected.XSS HIGH" "blossom-spa 1.3.5 Sensitive.Information.Exposure MEDIUM" "balkon 1.3.3 Reflected.Cross-Site.Scripting HIGH" "bakes-and-cakes 1.2.7 Missing.Authorization.to.Notice.Dismissal MEDIUM" "bretheon No.known.fix Local.File.Disclosure HIGH" "bretheon No.known.fix WordPress.Slider.Revolution.Shell.Upload CRITICAL" "bbe 1.53 Direct.Object.Reference MEDIUM" "brilliance No.known.fix Subscriber+.Stored.XSS HIGH" "brilliance 1.3.0 Unauthenticated.Function.Injection CRITICAL" "bingle 1.0.5 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "bello 1.6.0 Authenticated.Cross-Site.Scripting.(XSS).and.XFS MEDIUM" "bello 1.6.0 Unauthenticated.Blind.SQL.Injection CRITICAL" "bello 1.6.0 Unauthenticated.Reflected.XSS.&.XFS MEDIUM" "brain-power No.known.fix Reflected.XSS HIGH" "bootstrap-coach 1.1.2 Reflected.Cross-Site.Scripting MEDIUM" "blogpoet 1.0.3 Missing.Authorization.via.blogpoet_install_and_activate_plugins() MEDIUM" "buddyboss-theme 2.5.01 Cross-Site.Request.Forgery MEDIUM" "buddyboss-theme 2.4.61 Missing.Authorization MEDIUM" "bootstrap-blog 10.2.3 Reflected.Cross-Site.Scripting MEDIUM" "bizpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bookyourtravel 8.18.19 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "bloghub No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "business-directory No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "broadcast-lite 2.0.7 Reflected.Cross-Site.Scripting MEDIUM" "broadcast-lite 2.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bunnypresslite 2.1 Reflected.XSS HIGH" "bonkers 1.0.6 Unauthenticated.Function.Injection CRITICAL" "business-one-page 1.3.0 Missing.Authorization.to.Notice.Dismissal MEDIUM" "busiprof No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "busiprof 2.3.8 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "brand No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "brand No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "brand No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "businesswp 1.1 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "blockbooster 1.0.11 Missing.Authorization MEDIUM" "baton No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "beauty No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.tpl_featured_cat_id.Parameter MEDIUM" "bolster No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "bingopress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "businessexpo 0.1.4 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "blocksy 2.0.51 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blocksy 2.0.47 Contributor+.Stored.XSS MEDIUM" "blocksy 2.0.43 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blocksy 2.0.40 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "blocksy 2.0.34 Contributor+.Stored.XSS MEDIUM" "blocksy 2.0.27 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blocksy 2.0.20 Authenticated.(Editor+).Stored.Cross-Site.Scripting LOW" "bootstrap-fitness 1.0.6 Reflected.Cross-Site.Scripting MEDIUM" "custom-community 2.0.25 Stored.Cross-Site.Scripting.(XSS) HIGH" "cafe-bistro 1.1.4 Reflected.XSS HIGH" "carspot 2.2.3 Multiple.Vulnerabilities MEDIUM" "college 1.5.1 Reflected.XSS HIGH" "cuisine-palace No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cuisine-palace No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cas No.known.fix Unauthenticated.Arbitrary.File.Access HIGH" "cas No.known.fix Unauthenticated.SSRF HIGH" "clockstone No.known.fix Arbitrary.File.Upload CRITICAL" "coachify 1.0.8 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "connections-reloaded No.known.fix Reflected.XSS HIGH" "catch-base 3.4.7 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "car-repair-services 4.0 Unauthenticated.Reflected.XSS.&.XFS HIGH" "colormag 3.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Display.Name MEDIUM" "colormag 3.1.3 Missing.Authorization.to.Arbitrary.Plugin.Installation MEDIUM" "consultera No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "careerup 2.3.1 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "classima 2.1.11 Reflected.Cross-Site.Scripting MEDIUM" "cloudpress 2.4.9 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "chaostheory 1.3.2 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "create 2.9.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "consus 1.0.7 Cross-Site.Request.Forgery MEDIUM" "construction-lite 1.2.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "customizr 4.4.22 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "customizr 4.3.1 Arbitrary.Settings.Update.via.CSRF MEDIUM" "customizr 4.3.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "couponis-demo 2.2 Unauthenticated.SQL.Injection CRITICAL" "cozipress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "corsa No.known.fix Subscriber+.Arbitrary.Plugin.Installation CRITICAL" "club-theme No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "colibri-wp 1.0.99 Various.Versions.and.Themes.-.Missing.Authorization MEDIUM" "colibri-wp 1.0.101 Cross-Site.Request.Forgery.to.Limited.Plugin.Installation MEDIUM" "cosmetsy No.known.fix Cross-Site.Request.Forgery MEDIUM" "colornews 1.2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "citybook 2.4.4 Unauthenticated.Reflected.XSS HIGH" "citybook 2.3.4 Multiple.Vulnerabilities HIGH" "chic-lifestyle 10.0.8 Reflected.Cross-Site.Scripting MEDIUM" "chic-lite 1.1.4 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "consultpress-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "consultpress-lite No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "consultpress-lite No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "cardealer 1.1.9 Information.Disclosure HIGH" "cyclone-blog No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "construction-landing-page 1.3.6 Missing.Authorization.to.Notice.Dismissal MEDIUM" "colorway No.known.fix Cross-Site.Request.Forgery MEDIUM" "colorway No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "colorway 3.4.2 Cross-Site.Scripting.(XSS) MEDIUM" "consultstreet 1.6.7 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "chained No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "careplus No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "construct 2.8.3 Local.File.Disclosure HIGH" "construct 2.8.3 WordPress.Slider.Revolution.Shell.Upload CRITICAL" "counterpoint No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "counterpoint No.known.fix Reflected.XSS HIGH" "careerfy 6.3.0 Authenticated.Stored.XSS MEDIUM" "careerfy 4.4.0 Unauthenticated.Reflected.XSS MEDIUM" "careerfy 4.3.0 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "careerfy 4.1.0 Multiple.Cross-Site.Scripting.(XSS).Issues MEDIUM" "careerfy 3.9.0 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "corporate-event No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "clotya No.known.fix Cross-Site.Request.Forgery MEDIUM" "cactus No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "drop 1.22 Reflected.XSS HIGH" "delicate No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "dostart No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "digital-newspaper 1.1.6 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "digitally No.known.fix Reflected.XSS HIGH" "doko 1.1.0 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "discy 5.5.3 Missing.validation.lead.to.functionality.abuse LOW" "discy 5.0 Subscriber+.Broken.Access.Control.to.change.settings MEDIUM" "discy 5.2 Restore.Default.Settings.via.CSRF MEDIUM" "discy 5.2 Settings.Update.via.CSRF MEDIUM" "deadline No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "divi 4.25.1 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "divi 4.23.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "divi 4.5.3 4.5.2,.Extra.2.0.-.4.5.2,.Divi.Builder.2.0.-.4.5.2).-.Authenticated.Arbitrary.File.Upload MEDIUM" "divi 4.0.10 Authenticated.Code.Injection MEDIUM" "divi 3.17.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "divi 2.6.4 Privilege.Escalation HIGH" "designexo 3.7 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "directory 3.0.2 Reflected.XSS HIGH" "dt-the7 11.14.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.url.Attribute MEDIUM" "dt-the7 11.6.1 Reflected.XSS HIGH" "dt-the7 2.1.1 Cross-Site.Scripting.(XSS) MEDIUM" "digital-store 1.3.3 Unspecified.XSS MEDIUM" "diplomat 1.0.3 Information.Disclosure HIGH" "darcie 1.1.6 Reflected.XSS HIGH" "dailydeal No.known.fix File.Upload.Remote.Code.Execution HIGH" "easybook 1.2.2 Multiple.Vulnerabilities HIGH" "exquisite-wp No.known.fix DOM.Cross-Site.Scripting.(XSS) MEDIUM" "everse 1.2.4 Reflected.XSS HIGH" "everse 1.8.10 Reflected.Cross-Site.Scripting MEDIUM" "everse 1.8.12 Reflected.Cross-Site.Scripting MEDIUM" "everse 1.8.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "edge 2.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Author.Display.Name MEDIUM" "epic No.known.fix Arbitrary.File.Download HIGH" "eighteen-tags 3.1.1 Reflected.Cross-Site.Scripting MEDIUM" "event 1.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elegant-pink 1.3.1 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "elasta 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "elasta 1.0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "eduma 5.4.8 Reflected.Cross-Site.Scripting MEDIUM" "education-zone 1.3.5 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "empowerwp 1.0.22 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "eptonic No.known.fix Valums.Uploader.Shell.Upload.Exploit CRITICAL" "enfold 6.0.4 Contributor+.Stored.XSS.via.wrapper_class.and.class.Parameters MEDIUM" "enfold 5.6.10 Reflected.Cross-Site.Scripting MEDIUM" "enfold 5.6.5 Reflected.Cross-Site.Scripting MEDIUM" "enfold 4.8.4 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "enlighten 1.3.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "everest-news No.known.fix Reflected.XSS HIGH" "elevate-wp 1.0.17 Various.Versions.and.Themes.-.Missing.Authorization MEDIUM" "elitepress 2.0.3 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "everest-news-pro No.known.fix Reflected.XSS HIGH" "excellent 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "edupress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "esotera 1.2.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elation No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "elation 1.1.01 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "esteem 1.5.1 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "envo-business No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "estrutura-basica No.known.fix Local.File.Download. HIGH" "eventpress 5.7 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "empowerment No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "echelon 2.8.3 Local.File.Disclosure HIGH" "echelon 2.8.3 WordPress.Slider.Revolution.Shell.Upload CRITICAL" "fotawp 1.4.2 Missing.Authorization.via.fotawp_install_and_activate_plugins() MEDIUM" "full-frame 2.7.3 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "formula 0.5.2 Reflected.Cross-Site.Scripting.via.ti_customizer_notify_dismiss_recommended_plugins MEDIUM" "formula 0.5.2 Reflected.Cross-Site.Scripting.via.quality_customizer_notify_dismiss_action MEDIUM" "freesia-empire 1.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fashstore No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "fotography 2.4.1 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "freely No.known.fix Information.Disclosure HIGH" "filmix No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fusion-builder 7.11.6 Authenticated(Contributor+).Sensitive.Information.Exposure.via.Form.Entries MEDIUM" "fusion-builder 3.11.2 Subscriber+.SQL.injection.and.broken.access.control.vulnerability.in.Critical.CSS HIGH" "flatsome 3.19.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Shortcodes MEDIUM" "flatsome 3.19.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "flatsome 3.17.6 Unauthenticated.PHP.Object.Injection CRITICAL" "flatsome 3.17.0 Reflected.XSS HIGH" "footysquare No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "fusion 2.8.3 Local.File.Disclosure HIGH" "fusion 2.8.3 WordPress.Slider.Revolution.Shell.Upload CRITICAL" "fire-blog No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "findeo 1.3.1 Arbitrary.Property.Deletion.via.IDOR HIGH" "findeo 1.3.1 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "financio 1.1.4 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "fashionable-store No.known.fix Reflected.XSS HIGH" "findgo 1.3.32 Directory.Listing.<.1.3.32.-.Unauthenticated.Reflected.and.Authenticated.Stored.XSS MEDIUM" "focusblog 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "focusblog 2.0.0 Unauthenticated.Option.Update MEDIUM" "findus 1.1.15 Directory.Listing.<.1.1.15.-.Authenticated.Persistent.XSS MEDIUM" "fraction-theme 1.1.2 Privilege.Escalation HIGH" "fullbase 1.2.1 Reflected.XSS HIGH" "fifteen No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "foxiz 2.3.6 Unauthenticated.Server-Side.Request.Forgery HIGH" "fluida 1.8.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fortune No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "furnob No.known.fix Cross-Site.Request.Forgery MEDIUM" "foodbakery 2.2 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "foodbakery 2.0 Unauthenticated.Reflected.XSS MEDIUM" "goya 1.0.8.8 Unauthenticated.Reflected.Cross-Site.Scripting.via.Multiple.Parameters MEDIUM" "gucherry-blog No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "goto 2.1 Reflected.Cross-Site.Scripting.(XSS) HIGH" "goto 2.1 Unauthenticated.Blind.SQL.Injection CRITICAL" "goto 2.0 Tour.&.Travel.<.2.0.-.Unauthenticated.Reflected.XSS MEDIUM" "gump No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "goodnex 1.1.3 Information.Disclosure HIGH" "golo 1.3.3 Unauthenticated.Reflected.XSS MEDIUM" "gaga-corp No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "gutenbook No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "greenmart 2.5.2 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "greenmart 2.4.3 Reflected.Cross-Site.Scripting.(XSS) CRITICAL" "grey-opaque No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Download-Button.Shortcode MEDIUM" "graphene 2.9.3 Unauthenticated.Password.Protected.Post.Access MEDIUM" "givingpress-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "geomagazine No.known.fix Unauthenticated.Reflected.XSS MEDIUM" "goodnews5 No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "gaga-lite No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "g-blog No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gym-express No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gema-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "himer 2.1.3 Social.Questions.and.Answers.<.2.1.3.-.CSRF.While.Sending.the.Invites MEDIUM" "himer 2.1.1 Social.Questions.and.Answers.<.2.1.1.-.Multiple.CSRF.on.the.Group.Section MEDIUM" "himer 2.1.1 Social.Questions.and.Answers.<.2.1.1.-.Arbitrary.Group.Joining.via.CSRF MEDIUM" "himer 2.1.1 Social.Questions.and.Answers.<.2.1.1.-.Bypass.Poll.Voting.Restrictions.via.CSRF MEDIUM" "himer 2.1.1 Social.Questions.and.Answers.<.2.1.1.-.Contributor+.Stored.XSS MEDIUM" "himer 2.1.1 Social.Questions.and.Answers.<.2.1.1.-.Subscriber+.Private.Group.Joining.via.IDOR MEDIUM" "himer 1.9.3 Missing.validation.lead.to.functionality.abuse LOW" "hasten-lite No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "hello-agency 1.0.6 Missing.Authorization.to.Notice.Dismissal MEDIUM" "honeypress 2.3.6 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "headway 3.8.9 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "hasium No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hasium 1.6.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "hive-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "houzez 3.3.0 Subscriber+.Privilege.Escalation HIGH" "houzez 3.2.5 Reflected.Cross-Site.Scripting MEDIUM" "hotelica No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "homevillas-real-estate 2.3 Multiple.Cross-Site.Scripting.Issues MEDIUM" "himalayas No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "himalayas 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hestia 3.1.3 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "hugo-wp 1.0.10 Various.Versions.and.Themes.-.Missing.Authorization MEDIUM" "hueman 3.7.25 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "hueman 3.6.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "hueman 3.6.4 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "hotel-galaxy No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "highlight 1.0.30 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "intrace 1.1.1 Multiple.Versions.-.Missing.Authorization.to.Notice.Dismissal MEDIUM" "injob 3.4.1 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "inspiro 7.2.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "ih-business-pro No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "i-transform No.known.fix Cross-Site.Request.Forgery MEDIUM" "infinite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.project_url.Parameter MEDIUM" "intothedark No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "interface 3.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "i-amaze No.known.fix Cross-Site.Request.Forgery MEDIUM" "illdy 2.1.7 Unauthenticated.Function.Injection CRITICAL" "ignition 2.0.0 Unauthenticated.Option.Update MEDIUM" "ignition 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "intrepidity No.known.fix File.Upload.and.Option.Update.via.CSRF HIGH" "idyllic 1.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ilex 1.4.2 Reflected.XSS HIGH" "jnews 8.0.6 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "jetapo-with-woocommerce 1.1 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "js-o3-lite No.known.fix Reflected.XSS HIGH" "javo-spot 3.0.0 Unauthenticated.Directory.Traversal HIGH" "jobcareer 3.5 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "jobcareer 2.5.1 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "jobcareer 2.4.1 User.enumeration.&.Reset.password CRITICAL" "jetapo 1.1 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "jannah 5.4.5 Reflected.Cross-Site.Scripting.(XSS) HIGH" "jannah 5.4.4 Reflected.Cross-Site.Scripting.(XSS) HIGH" "jupiterx 2.0.7 Subscriber+.Arbitrary.Plugin.Deactivation.and.Settings.Update MEDIUM" "jupiterx 2.0.7 Subscriber+.Path.Traversal.and.Local.File.Inclusion HIGH" "julia-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "jobscout 1.1.5 Cross-Site.Request.Forgery.to.Notice.Dimissal MEDIUM" "js-paper No.known.fix Reflected.XSS HIGH" "jewelry-store 2.3.5 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "jupiter 6.10.2 Subscriber+.Privilege.Escalation.and.Post.Deletion CRITICAL" "jupiter 6.10.2 Subscriber+.Arbitrary.Plugin.Deletion MEDIUM" "jupiter 6.10.2 Subscriber+.Path.Traversal.and.Local.File.Inclusion HIGH" "jobeleon-wpjobboard 1.9.2 Reflected.Cross-Site.Scripting MEDIUM" "krste No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kingclub-theme No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "kata 1.2.9 Reflected.XSS HIGH" "kata-business No.known.fix Reflected.XSS HIGH" "kahuna 1.7.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kormosala 1.0.23 Unauthenticated.Reflected.XSS MEDIUM" "konzept 2.5 Unauthenticated.Reflected.XSS MEDIUM" "kata-app No.known.fix Reflected.XSS HIGH" "lattice 1.1.4 Unspecified.XSS MEDIUM" "listingo 3.2.7 Unauthenticated.Arbitrary.File.Upload CRITICAL" "lawyer-landing-page 1.2.5 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "liquido No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "looki-lite 1.3.0 Reflected.XSS HIGH" "listingpro No.known.fix Cross-Site.Request.Forgery.to.Account.Takeover HIGH" "listingpro No.known.fix Subscriber+.Local.File.Inclusion HIGH" "listingpro No.known.fix Unauthenticated.SQL.Injection CRITICAL" "listingpro 2.6.1 Unauthenticated.Arbitrary.Plugin.Installation/Activation/Deactivation CRITICAL" "listingpro 2.6.1 Unauthenticated.Sensitive.Data.Disclosure.(Usernames,.Emails.etc) HIGH" "listingpro 2.5.4 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "listingpro 2.0.14.5 Reflected.&.Persistent.Cross-Site.Scripting MEDIUM" "luxe 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "luxe 2.0.0 Unauthenticated.Option.Update MEDIUM" "learnmore No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "learnmore No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "lovetravel 2.0 Unauthenticated.Reflected.XSS.&.XFS MEDIUM" "lovetravel 3.8 Unauthenticated.Reflected.XSS.&.XFS MEDIUM" "lifestyle-magazine 10.2.1 Reflected.Cross-Site.Scripting MEDIUM" "lawyerpress-lite No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "listeo 1.6.11 Multiple.XSS.&.XFS.vulnerabilities MEDIUM" "listeo 1.6.11 Multiple.Authenticated.IDOR.Vulnerabilities MEDIUM" "multipurpose No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "medikaid 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "magazine-edge No.known.fix Subscriber+.Arbitrary.Plugin.Activation MEDIUM" "modular 2.8.3 Local.File.Disclosure HIGH" "modular 2.8.3 WordPress.Slider.Revolution.Shell.Upload CRITICAL" "machic No.known.fix Cross-Site.Request.Forgery MEDIUM" "monograph No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mediciti-lite No.known.fix Reflected.XSS HIGH" "mediciti-lite No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "monolit 2.0.7 Reflected.XSS HIGH" "medicate No.known.fix Local.File.Disclosure HIGH" "medicate No.known.fix WordPress.Slider.Revolution.Shell.Upload CRITICAL" "meris No.known.fix Reflected.XSS HIGH" "mystique No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mocho-blog No.known.fix Reflected.XSS HIGH" "medibazar No.known.fix Cross-Site.Request.Forgery MEDIUM" "metro-magazine 1.3.8 Missing.Authorization.to.Notice.Dismissal MEDIUM" "mTheme-Unus 2.3 Directory.Traversal HIGH" "moseter No.known.fix Reflected.XSS HIGH" "modern 1.4.2 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "manbiz2 No.known.fix Local.File.Disclosure HIGH" "manbiz2 No.known.fix WordPress.Slider.Revolution.Shell.Upload CRITICAL" "mesmerize 1.6.124 Cross-Site.Request.Forgery.to.Cache.Clearing MEDIUM" "ms-lms-starter-theme 1.1.9 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "meridia 2.2.8 Reflected.Cross-Site.Scripting MEDIUM" "meridia 2.2.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mediumishh No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "materialis 1.1.30 Missing.Authorization.to.Limited.Arbitrary.Options.Update MEDIUM" "motor 3.1.0 Unauthenticated.Local.File.Inclusion HIGH" "medzone-lite 1.2.6 Unauthenticated.Function.Injection CRITICAL" "mantra No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "medicpress-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mosaic No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "monalisa 2.1.3 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "myriad 2.8.3 Local.File.Disclosure HIGH" "myriad 2.8.3 WordPress.Slider.Revolution.Shell.Upload CRITICAL" "minus 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "minus 2.0.0 Unauthenticated.Option.Update MEDIUM" "method 2.8.3 Local.File.Disclosure HIGH" "method 2.8.3 WordPress.Slider.Revolution.Shell.Upload CRITICAL" "newsxpress 1.0.8 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "nexos 1.8 Real.Estate.<.1.8.-.Unauthenticated.Reflected.XSS.&.SQL.Injection CRITICAL" "nexos 1.6.1 Real.Estate.<.1.6.1.-.SQL.Injection.&.Persistent.XSS CRITICAL" "nasio No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "noo-jobmonster No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "noo-jobmonster No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "noo-jobmonster 4.6.6.1 Directory.Listing.in.Upload.Folder MEDIUM" "noo-jobmonster 4.5.2.9 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "nokke 1.2.4 Reflected.XSS HIGH" "nokke 1.2.3 Reflected.Cross-Site.Scripting MEDIUM" "nokke 1.2.4 Reflected.Cross-Site.Scripting MEDIUM" "nokke 1.0.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "newspaper 12.6.6 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Attachment.Meta MEDIUM" "neighborly No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "nichebase 1.2.3 Reflected.Cross-Site.Scripting MEDIUM" "nichebase 1.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "news-unlimited No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "newspaper-x 1.3.2 Unauthenticated.Function.Injection CRITICAL" "nightlife No.known.fix CSRF.File.Upload HIGH" "networker 1.1.10 Tech.News.WordPress.Theme.with.Dark.Mode.<.1.1.10.-.Missing.Authorization MEDIUM" "neosense 1.8 Unrestricted.File.Upload CRITICAL" "nsc No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "newsmash 1.0.35 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "ngo-charity-lite No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "naturemag-lite No.known.fix Unauthenticated.Function.Injection CRITICAL" "nirvana No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nothing-personal No.known.fix Reflected.XSS HIGH" "newsmatic 1.3.3 Missing.Authorization MEDIUM" "newsmatic 1.3.5 Unauthenticated.Information.Exposure.via.newsmatic_filter_posts_load_tab_content MEDIUM" "nictitate No.known.fix Cross-Site.Request.Forgery MEDIUM" "newsmag No.known.fix Subscriber+.Reflected.Cross-Site.Scripting MEDIUM" "newsmag 2.4.2 Unauthenticated.Function.Injection CRITICAL" "newshit 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "nexter 2.0.4 Missing.Authorization MEDIUM" "nexter 2.0.4 Authenticated.(Subscriber+).SQL.Injection.via.'to'.and.'from' HIGH" "nova-lite 1.3.9 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "news-flash No.known.fix Authenticated.(Editor+).PHP.Object.Injection HIGH" "onair2 3.9.9.2 Unauthenticated.RFI.and.SSRF MEDIUM" "optimizepress 1.6 Unauthenticated.Arbitrary.File.Upload CRITICAL" "one-paze No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "offset-writing No.known.fix Reflected.XSS HIGH" "oceanic No.known.fix Cross-Site.Request.Forgery MEDIUM" "onetone No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "ona 1.18.3 Reflected.Cross-Site.Scripting MEDIUM" "oceanwp 3.5.5 Subscriber+.Sensitive.Information.Exposure MEDIUM" "orchid-store 1.5.7 .Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Plugin.Activation MEDIUM" "outdoor 3.9.7 Reflected.XSS HIGH" "opor-ayam No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "opor-ayam No.known.fix Reflected.XSS HIGH" "onepress No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "onepress 2.3.7 Cross-Site.Request.Forgery.via.save_settings() MEDIUM" "one-page-conference No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pont No.known.fix Privilige.Escalation HIGH" "parallelus-traject 2.0 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "pixova-lite 2.0.7 Unauthenticated.Function.Injection CRITICAL" "pinboard No.known.fix includes/theme-options.php.tab.Parameter.XSS MEDIUM" "phototouch 1.2.2 Arbitrary.File.Upload.via.themify-ajax.php CRITICAL" "patricia-blog No.known.fix Cross-Site.Request.Forgery MEDIUM" "pinfinity 2.0 Reflected.Cross-site.Scripting.(XSS) MEDIUM" "plato 1.1.9 Reflected.XSS HIGH" "purosa 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "purosa 1.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "parallelus-salutation 3.0.16 Stored.XSS MEDIUM" "parallelus-salutation 2.0 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "pinzolo 1.2.10 Reflected.XSS HIGH" "porto 7.1.1 Authenticated.(Contributor+).Local.File.Inclusion.via.Post.Meta HIGH" "porto 7.1.1 Unauthenticated.Local.File.Inclusion.via.porto_ajax_posts CRITICAL" "partdo No.known.fix Cross-Site.Request.Forgery MEDIUM" "patricia-lite No.known.fix Cross-Site.Request.Forgery MEDIUM" "photology 1.1.4 Multiple.Versions.-.Missing.Authorization.to.Notice.Dismissal MEDIUM" "parabola No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "perfect-portfolio 1.2.1 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "perfect-portfolio 1.1.6 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "parallax-blog No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "purity-of-soul No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "purity-of-soul No.known.fix Reflected.XSS HIGH" "punte 1.1.3 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "point No.known.fix Cross-Site.Request.Forgery MEDIUM" "parallelus-unite 2.0 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "prolist 1.27 Directory.Listing.<.1.27.-.Unauthenticated.Reflected.XSS MEDIUM" "purus No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "purus No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "purus No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "pixgraphy 1.3.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pliska 0.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Author.Display.Name MEDIUM" "patch-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "parallaxsome 1.3.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "pressive 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "pressive 2.0.0 Unauthenticated.Option.Update MEDIUM" "pixigo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "posterity No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "posterity 3.4 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "phlox-pro 5.16.5 Reflected.Cross-Site.Scripting.via.Search.Parameters MEDIUM" "popularis-verse 1.0.2 Cross-Site.Request.Forgery MEDIUM" "polka-dots No.known.fix Reflected.XSS HIGH" "platform No.known.fix Cross-Site.Request.Forgery.(CSRF) HIGH" "performag 2.0.0 Unauthenticated.Option.Update MEDIUM" "performag 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "preschool-and-kindergarten 1.2.2 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "pathway 1.0.16 Various.Versions.and.Themes.-.Missing.Authorization MEDIUM" "parallelus-intersect 2.0 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "quota 1.2.5 Unspecified.XSS MEDIUM" "quality 2.7.4 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "quasar 2.0 Privilege.Escalation HIGH" "regina-lite No.known.fix Reflected.XSS HIGH" "regina-lite 2.0.6 Unauthenticated.Function.Injection CRITICAL" "royal-elementor-kit 1.0.117 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "royal-elementor-kit 1.0.117 Missing.Authorization.to.Arbitrary.Transient.Update MEDIUM" "raindrops 1.700 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "roven-blog 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "rara-business 1.2.6 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "rara-business 1.2.3 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "revivenews 1.0.3 Missing.Authorization.via.revivenews_install_and_activate_plugins() MEDIUM" "relax-spa 1.1.1 Reflected.Cross-Site.Scripting MEDIUM" "rehub-theme 19.6.2 Authenticated.(Editor+).Local.File.Inclusion HIGH" "rehub-theme 19.6.2 Authenticated.(Subscriber+).SQL.Injection HIGH" "rehub-theme 19.6.2 Unauthenticated.Local.File.Inclusion CRITICAL" "restaurant-pt 1.1.3 Reflected.XSS HIGH" "reality 2.5.6 Multiple.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "reality 2.5.3 Unauthenticated.Reflected.XSS MEDIUM" "reality 2.4.0 Multiple.Persistent.XSS MEDIUM" "rise 2.0.0 Unauthenticated.Option.Update MEDIUM" "rise 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "rife-free 2.4.19 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "rife-free 2.4.20 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "robolist-lite No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "restaurant-and-cafe 1.2.2 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "responsive-mobile No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rambo 2.1.4 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "revolve No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "restricted-site-access No.known.fix IP.Spoofing.to.Protection.Mechanism.Bypass MEDIUM" "roseta No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "radcliffe-2 2.0.18 Missing.Authorization MEDIUM" "realestate-7 3.3.5 Multiple.CSRF MEDIUM" "realestate-7 3.3.5 Reflected.XSS HIGH" "realestate-7 3.3.2 Reflected.XSS HIGH" "realestate-7 3.1.1 Reflected.Cross-Site.Scripting.(XSS) HIGH" "realestate-7 3.0.5 Unauthenticated.Reflected.XSS MEDIUM" "realestate-7 3.0.4 Unauthenticated.Reflected.XSS MEDIUM" "realestate-7 2.9.5 Multiple.Vulnerabilities HIGH" "realestate-7 2.9.1 Stored.XSS.&.IDOR MEDIUM" "raise-mag No.known.fix Reflected.XSS HIGH" "rovenstart 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "ripple 1.2.1 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "responsive 5.0.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive 5.0.3 Missing.Authorization.to.HMTL.Injection HIGH" "smartmag-responsive-retina-wordpress-magazine No.known.fix Unauthenticated.Sensitive.Information.Exposure.via.Log.Files MEDIUM" "saul 1.1.0 Reflected.XSS HIGH" "spikes No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "soledad 8.4.6 Missing.Authorization MEDIUM" "soledad 8.4.6 Cross-Site.Request.Forgery MEDIUM" "soledad 8.4.6 Missing.Authorization MEDIUM" "soledad 8.4.2 Authenticated.(Contributor+).SQL.Injection HIGH" "soledad 8.4.2 Unauthenticated.PHP.Object.Injection CRITICAL" "soledad 8.4.2 Reflected.Cross-Site.Scripting MEDIUM" "soledad 8.2.6 Subscriber+.Cross-Site.Scripting MEDIUM" "soledad 8.2.5 Reflected.Cross-site.Scripting MEDIUM" "squaretype 3.0.4 Unauthenticated.Private/Schedule.Posts.Disclosure MEDIUM" "spasalon 2.2.1 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "scoreme No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "shuban No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "shuban No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "shuban No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "start No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "stockholm 9.7 Unauthenticated.Local.File.Inclusion CRITICAL" "stockholm 9.7 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "suffice 1.1.6 Reflected.Cross-Site.Scripting MEDIUM" "sarada-lite 1.1.3 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "soulmedic No.known.fix Local.File.Disclosure HIGH" "soulmedic No.known.fix WordPress.Slider.Revolution.Shell.Upload CRITICAL" "striking-r 2.3.5 Reflected.Cross-Site.Scripting MEDIUM" "striking-r 2.3.5 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "shopbiz-lite 1.7.7 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "swing-lite 1.2.0 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "smartit No.known.fix Information.Disclosure HIGH" "speculor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "speculor No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "speculor No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "spiko 1.1.2 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "salzburg-blog No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "silk-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "storied 2.0.0 Unauthenticated.Option.Update MEDIUM" "storied 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "specialist No.known.fix CSRF.File.Upload HIGH" "showbiz 1.7.1 Local.File.Disclosure HIGH" "showbiz No.known.fix WordPress.Slider.Revolution.Shell.Upload CRITICAL" "seabird No.known.fix Local.File.Disclosure HIGH" "seabird No.known.fix WordPress.Slider.Revolution.Shell.Upload CRITICAL" "storevilla 1.4.2 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "sociallyviral No.known.fix Cross-Site.Request.Forgery MEDIUM" "sahifa 3.0.0 Site.Setting.Reset.CSRF HIGH" "sahifa 3.0.0 Multiple.Full.Path.Disclosure MEDIUM" "soundblast No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "short 1.7.2 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "sportsmag No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "statfort No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "scrollme No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "simplifii No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "squared 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "squared 2.0.0 Unauthenticated.Option.Update MEDIUM" "spa-and-salon 1.2.8 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "spawp 1.4.1 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "spice-software 1.1.5 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "spikes-black No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "startupzy 1.1.2 Multiple.Versions.-.Missing.Authorization.to.Notice.Dismissal MEDIUM" "style No.known.fix Information.Disclosure HIGH" "sliding-door No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shapely 1.2.9 Unauthenticated.Function.Injection CRITICAL" "sparkling 2.4.9 Unauthenticated.Function.Injection CRITICAL" "shoppette 1.0.5 Unspecified.XSS MEDIUM" "scylla-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "sean-lite 1.4.6 Reflected.XSS HIGH" "socialdriver 2024 Prototype.Pollution.to.XSS HIGH" "superio 1.2.33 Job.Board.<.1.2.33.-.Subscriber+.Stored.Cross-Site.Scripting LOW" "silesia No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "swape 1.2.1 Authentication.Bypass.and.Stored.XSS CRITICAL" "septera No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "saleszone No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simpolio No.known.fix Privilige.Escalation HIGH" "sinatra No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "startkit No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "travel-agency-booking No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "the-monday No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "total 2.1.60 Missing.Authorization.to.Authenticated.(Subscriber+).Sections.Update MEDIUM" "triton-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "techism No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tainacan-interface 2.7.2 Reflected.Cross-Site.Scripting MEDIUM" "transcend 1.2.0 Unauthenticated.Function.Injection CRITICAL" "travey 1.0.5 Multiple.Versions.-.Missing.Authorization.to.Notice.Dismissal MEDIUM" "travel-tour 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "tempera No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tiki-time No.known.fix Reflected.XSS HIGH" "totalpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "topcat-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "t1 No.known.fix Open.Redirect MEDIUM" "travel-monster 1.1.3 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "theroof 1.0.4 Unauthenticated.Reflected.XSS HIGH" "temp-mail-x No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "travel-agency 1.4.2 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "the-authority No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "truemag No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "the-conference 1.2.1 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "tijaji No.known.fix Reflected.XSS HIGH" "townhub 1.3.0 Unauthenticated.Reflected.XSS HIGH" "townhub 1.0.6 Multiple.Vulnerabilities HIGH" "tweaker5 No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "themify-ultra 7.3.6 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "themify-ultra 7.3.6 Missing.Authorization MEDIUM" "themify-ultra 7.3.6 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "themify-ultra 7.3.6 Missing.Authorization MEDIUM" "themify-ultra 7.3.6 Privilege.Escalation HIGH" "thegem 5.9.2 Reflected.Cross-Site.Scripting MEDIUM" "theme-translation-for-polylang 3.2.17 Unauthenticated.Translation.Settings.Update MEDIUM" "traveler 2.8.4 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "traveler 2.8.4 Unauthenticated.SQL.Injection HIGH" "traveler 2.8.2 Unauthenticated.Reflected.XSS MEDIUM" "traveler 2.7.8.6 Reflected.&.Persistent.XSS.Issues MEDIUM" "traveler 2.7.8.4 Reflected.&.Stored.XSS MEDIUM" "teardrop No.known.fix Privilige.Escalation HIGH" "trendy-news 1.0.15 Cross-Site.Request.Forgery MEDIUM" "the-next No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "thrive-theme 3.24.2 Cross-Site.Request.Forgery HIGH" "thrive-theme 3.24.0 Missing.Authorization HIGH" "thrive-theme 3.24.0 Subscriber+.Privilege.Escalation HIGH" "thrive-theme 2.2.4 Unauthenticated.Option.Update MEDIUM" "the-launcher 1.3.3 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "theron-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "tydskrif No.known.fix Reflected.XSS HIGH" "tantyyellow No.known.fix Reflected.XSS HIGH" "travel-booking 1.2.3 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "tuaug4 No.known.fix Reflected.XSS HIGH" "ultralight No.known.fix Reflected.XSS HIGH" "uncode-lite No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "ultimatum 2.9.1.5 Local.File.Disclosure HIGH" "ultimatum 2.9.1.5 WordPress.Slider.Revolution.Shell.Upload CRITICAL" "ultrapress No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "unseen-blog No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "unakit 1.2.5.3 Reflected.Cross-Site.Scripting MEDIUM" "unakit 1.2.4.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "upfrontwp No.known.fix Reflected.XSS HIGH" "unique No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "unicon-lite 1.2.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "u-design No.known.fix Reflected.Cross-Site.Scripting HIGH" "u-design 2.7.10 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "viralike No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "viralike 1.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "verbosa 1.2.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "viable-blog No.known.fix Reflected.XSS HIGH" "villar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "villar 1.0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "vilva 1.2.3 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "viburno 1.3.2 Reflected.XSS HIGH" "videoblog No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "virtue 3.4.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.Author MEDIUM" "viala No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "viala No.known.fix Reflected.XSS HIGH" "vmagazine-news 1.0.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "vmagazine-lite 1.3.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "visual-composer-starter 3.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "vmag 1.2.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "vernissage 1.3 Privilige.Escalation HIGH" "vertice 1.0.11 Various.Versions.and.Themes.-.Missing.Authorization MEDIUM" "venice-lite 1.5.5 Reflected.XSS HIGH" "voice 2.0.0 Unauthenticated.Option.Update MEDIUM" "voice 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "wp-portfolio 2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "workio 1.0.3 Unauthenticated.Reflected.XSS MEDIUM" "wp-sierra No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-sierra No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woffice 5.4.12 Unauthenticated.Privilege.Escalation CRITICAL" "woffice 5.4.9 Reflected.Cross-Site.Scripting MEDIUM" "woffice 4.0.2 Unauthenticated.Disclosure.of.Notification.Titles MEDIUM" "wp-magazine No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wplms 4.900 Cross-Site.Request.Forgery HIGH" "wlow 1.2.7 Reflected.XSS HIGH" "weeklynews 2.2.9 Cross-Site.Scripting.(XSS) MEDIUM" "woostify 1.9.2 CSRF.Bypass MEDIUM" "woohoo No.known.fix Settings.Update.via.CSRF MEDIUM" "wr-nitro No.known.fix Unauthenticated.Arbitrary.Plugin.Installation CRITICAL" "winters No.known.fix Reflected.Cross-Site.Scripting.via.Prototype.Pollution MEDIUM" "workup 2.1.6 Unauthenticated.Reflected.XSS MEDIUM" "weddingalbum No.known.fix Information.Disclosure HIGH" "woodmart 7.2.5 Reflected.XSS HIGH" "woodmart 7.2.2 Subscriber+.Stored.XSS HIGH" "woodmart 7.1.2 License.Update/Deactivation.via.CSRF MEDIUM" "woodmart 7.1.2 Unauthenticated.Arbitrary.Shortcode.Injection HIGH" "westand 2.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wallstreet 2.0.5 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "wedding-bride 1.0.2 Reflected.XSS HIGH" "wp-real-estate No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "wp-forge No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wishful-blog No.known.fix Reflected.XSS HIGH" "wp-moose No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-moose 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wellness No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "whimsy-framework No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "workscout 2.0.33 Authenticated.Stored.XSS.&.XFS HIGH" "wibar 1.2.1 Authenticated.Stored.Cross-Site.Scripting HIGH" "wpcake No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wyzi-business-finder 2.4.3 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "weaver-xtreme 6.4 Contributor+.Stored.XSS MEDIUM" "weaver-xtreme 6.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "workreap 2.6.4 Subscriber+.Arbitrary.Posts.Deletion.via.IDOR MEDIUM" "workreap 2.6.3 Freelance.Marketplace.and.Directory.<.2.6.3.-.Subscriber+.Private.Message.Disclosure.via.IDOR MEDIUM" "workreap 2.2.2 Missing.Authorization.Checks.in.Ajax.Actions HIGH" "workreap 2.2.2 Unauthenticated.Upload.Leading.to.Remote.Code.Execution CRITICAL" "workreap 2.2.2 Multiple.CSRF.+.IDOR.Vulnerabilities HIGH" "xstore 9.3.9 Subscriber+.Arbitrary.Options.Update HIGH" "xstore 9.3.9 Unauthenticated.SQLi HIGH" "xstore 9.3.9 Reflected.Cross-Site.Scripting HIGH" "xstore 9.3.9 Missing.Authorization MEDIUM" "xstore 9.3.9 Missing.Authorization MEDIUM" "xstore 9.3.9 Unauthenticated.Local.File.Inclusion CRITICAL" "xenon No.known.fix Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "yuki 1.3.15 Cross-Site.Request.Forgery.to.Theme.Setting.Reset MEDIUM" "yuki 1.3.14 Missing.Authorization.to.Authenticated.(Subscriber+).Theme.Setting.Reset MEDIUM" "yuki 1.3.8 Reflected.Cross-Site.Scripting MEDIUM" "yourjourney No.known.fix Reflected.Cross-Site.Scripting.via.Prototype.Pollution MEDIUM" "zigcy-lite 2.1.0 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "zigcy-baby 1.0.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "zeever 1.1.1 Multiple.Versions.-.Missing.Authorization.to.Notice.Dismissal MEDIUM" "zigcy-cosmetics 1.0.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "zenon-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "zbench No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM") pp "Theme: Version" rthemes=(`grep -oP ".*/wp-content/themes/\K[a-zA-Z0-9-_.]+" $file | sort -u`) d=true; [[ ! ${rthemes[@]} ]] && d=false || d=true